How to configure HA for foreman Component?

Hi Guys,

I am planning to installed & configure the foreman components in HA, but I dont know whether this can be configured whatever I have depicted in the attached diagram

please comment if you have done this kind of configuration.


Yes, it can be done.

For Foreman use Redis as Rails cache so sessions keep active when load balanced to the other node.

For Puppet CA I would not recommend making it active-active as it may result in duplicate serials for certificates which will result in both being revoled at once. So do it active-passive if really required or keep it on Server-1 to simplify the setup.

Just out of curiosity the separate repo servers does mean you will use Foreman and your own custom repos instead of Katello?

Indeed. I would consider a setup where you have & load balanced on On these hosts you only run Foreman and no Smart Proxy nor Puppet server.

Then deploy a separate server (or servers) for Puppet with their own Smart Proxy.

1 Like

Thanks Guys for your reply.

but what about other components such as below will foreman support these component in HA ( active /active or active /passive )

  • Auto-Discovery Plugin & smart proxy
  • TFTP Server
  • DNS
  • DHCP & DNS Smart Proxy server

would be great direct me some link or document.


TFTP is not really a clustered service, simply use a load balancer for connection and keep the files in sync. I am not sure, but I think Foreman will not help here, but there was some discussion about this in the past.

DHCP could be clustered, but is also out of scope for Foreman. The Smart proxy only uses omapi for reservation which the cluster would then sync itself.

DNS similar with one master and multiple slaves, updates from Smart proxy via nsupdate on master gets propagated to slaves.

Smart proxy for DNS and DHCP can be load balanced using haproxy or similar quite simple because the only need the same configuration and only communicate to the services.

Discovery plugin uses only those services and Foreman so nothing special.

Most of blog posts and community discussions are quite old, I think most recent is from Sean O’Keeffe who you can also find here in many older discussions.