Hi Guys,
I am planning to installed & configure the foreman components in HA, but I dont know whether this can be configured whatever I have depicted in the attached diagram
please comment if you have done this kind of configuration.
Thanks
Yes, it can be done.
For Foreman use Redis as Rails cache so sessions keep active when load balanced to the other node.
For Puppet CA I would not recommend making it active-active as it may result in duplicate serials for certificates which will result in both being revoled at once. So do it active-passive if really required or keep it on Server-1 to simplify the setup.
Just out of curiosity the separate repo servers does mean you will use Foreman and your own custom repos instead of Katello?
Indeed. I would consider a setup where you have foreman01.example.com & foreman02.example.com load balanced on foreman.example.com. On these hosts you only run Foreman and no Smart Proxy nor Puppet server.
Then deploy a separate server (or servers) for Puppet with their own Smart Proxy.
1 Like
Thanks Guys for your reply.
but what about other components such as below will foreman support these component in HA ( active /active or active /passive )
- Auto-Discovery Plugin & smart proxy
- TFTP Server
- ISC DHCP
- DNS
- DHCP & DNS Smart Proxy server
would be great direct me some link or document.
Thanks
TFTP is not really a clustered service, simply use a load balancer for connection and keep the files in sync. I am not sure, but I think Foreman will not help here, but there was some discussion about this in the past.
DHCP could be clustered, but is also out of scope for Foreman. The Smart proxy only uses omapi for reservation which the cluster would then sync itself.
DNS similar with one master and multiple slaves, updates from Smart proxy via nsupdate on master gets propagated to slaves.
Smart proxy for DNS and DHCP can be load balanced using haproxy or similar quite simple because the only need the same configuration and only communicate to the services.
Discovery plugin uses only those services and Foreman so nothing special.
Most of blog posts and community discussions are quite old, I think most recent is https://archive.fosdem.org/2018/schedule/event/high_available_foreman/ from Sean O’Keeffe who you can also find here in many older discussions.