How to configure multiple NICs per server: physical and virtual

Hi

Sorry if this has been covered but i am new to foreman.

What is the best practice for configuring NICs on a server. There appear
to be 2 ways - one in the kickstart template and one as a post finish
script/snippet I have a server with 4 eth devices to 4 separate networks
(no bonding)

At the moment, my primary interface is only configured within the main
kickstart template.

network --bootproto <%= "static --ip=#{@host.ip}
–netmask=#{@host.subnet.mask} --gateway=#{@host.subnet.gateway}
–nameserver=#{[@host.subnet.dns_primary,@host.subnet.dns_secondary].reject{|n|
n.blank?}.join(',')}" %> --hostname <%= @host %>

Option1:
I have seen a post where by each additional interface can be configured
with something like the below.

-How does this tie in with what you configure in the GUI when you are
creating a new host? I can set an IP and MAC address but the subnet is
greyed out and cannot be selected? Will Foreman cycle through each NIC i
configure and pair accordingly with the MAC i have specified?
-Does it automatically setup the ifcfg-ethX config file?
-What does managed actually mean?

<% if !@host.interfaces.managed.empty? -%>
<% @host.managed_interfaces.each do |interfaces| -%>
network --bootproto=static --ip=<%= interface.ip %> --netmask=<%=
interface.subnet.mask %> --device=<%= interface.identifier %> --noipv6
<% end -%>
<% end -%>

Option2:
Use the kickstart_networking_setup snippet
https://github.com/theforeman/community-templates/blob/master/snippets/kickstart_networking_setup.erb

cat << EOF > /etc/sysconfig/network-scripts/ifcfg-$real
BOOTPROTO="<%= dhcp ? 'dhcp' : 'none' -%>"
<% unless dhcp -%>
IPADDR="<%= interface.ip -%>"
NETMASK="<%= subnet.mask -%>"
<% if !subnet.gateway.nil? && !subnet.gateway.empty? -%>
GATEWAY="<%= subnet.gateway %>"
<% end -%>
<% end -%>
DEVICE="$real"
<% unless virtual -%>
HWADDR="<%= interface.mac -%>"
<% end -%>
ONBOOT=yes
<% if interface.respond_to?(:primary) && interface.primary -%>
PEERDNS=yes
PEERROUTES=yes
<% else -%>
PEERDNS=no
PEERROUTES=no
<% end -%>
<% if vlan -%>
VLAN=yes
<% elsif alias_type -%>
TYPE=Alias
<% end -%>
EOF

This appears to configure the primary interface as well.

I've yet to test this - what are/how are others doing it?

Cheers

Anyone?

Should i be looping through @host.managed_interfaces or
@host.interfaces_with_identifier(['eth0', 'eth1']) - do these arrays tie in
with what values you enter in the GUI?
How do i reference the variables of IP and subnet from the above?

Why cant i specify a subnet? it is greyed out

if i do this below as mentioned here:
https://groups.google.com/forum/#!searchin/foreman-users/host.interfaces.managed/foreman-users/E7V4npY-6uA/EWQv24TlnkUJ

<% if !@host.interfaces.managed.empty? -%>
<% @host.interfaces.managed.each do |interface| -%>
network --bootproto=static --ip=<%= interface.ip %> --netmask=<%=
interface.subnet.mask %> --device=<%= interface.identifier %> --noipv6
<% end -%>
<% end -%>

I get:

There was an error rendering the DEV_Kickstart_PXE template: undefined method 'interfaces' for Host::Managed::Jail (Host::Managed)

Hello,

what version of Foreman do you use? In 1.8 it's best to just configure
interfaces in UI according to your needs and let the configuration snippet
(which is included in kickstart %post section) create the sysconfig files for
all interfaces (that are managed, more details below). This is basically
Option 2 in your text. See comments in text below.

> Hi
>
> Sorry if this has been covered but i am new to foreman.
>
> What is the best practice for configuring NICs on a server. There appear
> to be 2 ways - one in the kickstart template and one as a post finish
> script/snippet I have a server with 4 eth devices to 4 separate networks
> (no bonding)
>
> At the moment, my primary interface is only configured within the main
> kickstart template.

We need to configure networking so the installer can start. Anaconda supports
specifying multiple interfaces but it didn't bring additional interfaces up
and didn't even create config files after the installation finished so this
was not an option.

> network --bootproto <%= "static --ip=#{@host.ip}
> --netmask=#{@host.subnet.mask} --gateway=#{@host.subnet.gateway}
> --nameserver=#{[@host.subnet.dns_primary,@host.subnet.dns_secondary].reject{
> >n> n.blank?}.join(',')}" %> --hostname <%= @host %>
>
>
> Option1:
> I have seen a post where by each additional interface can be configured
> with something like the below.
>
> -How does this tie in with what you configure in the GUI when you are
> creating a new host? I can set an IP and MAC address but the subnet is
> greyed out and cannot be selected?

You should be able to select any existing Subnet (if you use organizations or
locations, make sure subnets are in host's context). If it's greyed out you
might have selected domain that has no subnet associated (see subnet edit
form, tab domains).

> Will Foreman cycle through each NIC i
> configure and pair accordingly with the MAC i have specified?
> -Does it automatically setup the ifcfg-ethX config file?

This is what id does in kickstart_networking_setup snippet (Option 2).

> -What does managed actually mean?

Managed means basically - "should Foreman try to setup this interface?". If
the interface is managed then Foreman tries to create DHCP reservation for
it's MAC, create DNS A and PTR records (based on associated subnet, domain and
their smart proxy association) and it will create ifcfg-ethX config file for
it. If you keep managed unchecked, the interface won't be configured in any
way and is good e.g. for documentation purposes.

> <% if !@host.interfaces.managed.empty? -%>
> <% @host.managed_interfaces.each do |interfaces| -%>
> network --bootproto=static --ip=<%= interface.ip %> --netmask=<%=
> interface.subnet.mask %> --device=<%= interface.identifier %> --noipv6
> <% end -%>
> <% end -%>

As said above, this never worked for me. Foreman does not try to configure
these interfaces before anaconda starts, but configures interfaces in
kickstart %post.

> Option2:
> Use the kickstart_networking_setup snippet
> https://github.com/theforeman/community-templates/blob/master/snippets/kicks
> tart_networking_setup.erb

It should be present and applied automatically (in 1.8).

> cat << EOF > /etc/sysconfig/network-scripts/ifcfg-$real
> BOOTPROTO="<%= dhcp ? 'dhcp' : 'none' -%>"
> <% unless dhcp -%>
> IPADDR="<%= interface.ip -%>"
> NETMASK="<%= subnet.mask -%>"
> <% if !subnet.gateway.nil? && !subnet.gateway.empty? -%>
> GATEWAY="<%= subnet.gateway %>"
> <% end -%>
> <% end -%>
> DEVICE="$real"
> <% unless virtual -%>
> HWADDR="<%= interface.mac -%>"
> <% end -%>
> ONBOOT=yes
> <% if interface.respond_to?(:primary) && interface.primary -%>
> PEERDNS=yes
> PEERROUTES=yes
> <% else -%>
> PEERDNS=no
> PEERROUTES=no
> <% end -%>
> <% if vlan -%>
> VLAN=yes
> <% elsif alias_type -%>
> TYPE=Alias
> <% end -%>
> EOF
>
> This appears to configure the primary interface as well.
>
> I've yet to test this - what are/how are others doing it?
>
>
>
>
> Cheers

Hope this helps

Hello Marek and thanks for feedback

Unfortunately, we are using foreman 1.6 - and it seems that a lot of the
variables that can be referenced only came out in 1.7 with further
enhancements in 1.8

The option i have through the GUI is to add a 2nd NIC and these values are
taken. When i query the host with hammer, i can see 1 managed interface
added to the host in addition to the primary. Surely, i would be able to
reference those details somehow?

With regards to the interface being managed - i dont want any DNS or DHCP
entries made at all - just plan eth device configured.

Just checked - All subnets are defined under the Infrastructure -->
Subnets.
They are also part of the organisation

i basically only have one DNS namespace and 5 subnets. still greyout when
i add another interface.

I guess it is because the foreman we have is too old!

Hello,

frankly I don't remember how exactly it worked in 1.6 but it's very likely
there were not many methods allowed in templates to access interfaces info. If
you can't upgrade to latest Foreman (1.6 -> 1.7 -> 1.8, don't go directly to
1.8) then you may disable safe_mode setting that allows you to call any method
in template. You would be able to get to all information stored for interface.
But I'm pretty sure that the kickstart_network_configuration snippet won't
work with 1.6.

Regarding the Managed and DHC/DNS creation, in 1.8 if you assign domain and
subnet to an interface and they don't have smart proxy assigned, no record
would be created but the configuration file for the interface would be
created, so that's what you want.

appreciate your time! thanks for your answers - i was going crazy
wondering why it was not working!

Where can i find out what methods are allowed? is there any documentation
that details this? Also, if i allow safe mode - is this actually safe to
do so and what methods does it open up?

Does foreman have the feature of an unmanaged interface? ie one that it
can provision but not assign and DHCP or DNS for?

Hello,

sorry for late answer.

> Where can i find out what methods are allowed? is there any documentation
> that details this? Also, if i allow safe mode - is this actually safe to
> do so and what methods does it open up?

all we have so far is this wiki page [1]. Turning off the safe mode means that
you can call any ruby method, e.g. deleting all data. You should allow
template editing only to users that you trust and who know what they're doing.

> Does foreman have the feature of an unmanaged interface?

(Speaking about Foreman 1.8+)
yes, unmanaged (managed checkbox is unchecked) means no DHCP/DNS/TFTP record
is created for this interface and no config file is created on host for this
interface.

> ie one that it
> can provision but not assign and DHCP or DNS for?

unfortunately it's either both or none but if you keep it managed and just do
not assign DHCP and DNS proxy for its subnet it will work as you want. In
Foreman 1.6 IIRC there's not even a managed flag.

[1] TemplateWriting - Foreman

Hope this helps

Thanks for following up.

We are hoping to upgrade as i hate setting this statically all the time. I
will just need to work out how to address in the PXE template the the
values entered from the GUI

Question:

As i am currently stuck with entering the IP addresses manually, I have
been doing this on a host by host basis and waiting for each host to get to
the stage that it has pulled its kickstart config down before building a
new host. However, if i set a server to build and then go to edit, i see
the "templates" has all the transposed details for the template filled in.
Am i right in thinking that if i set the static values in the PXE template
and then hit build, the host will have its own template and wont be
dependent on the PXE template anymore? ie, i can straight away edit the
PXE template so that i can provision a new host?

I need to build multiple hosts at the same time and think i have
mis-understood

cheers

> Thanks for following up.
>
> We are hoping to upgrade as i hate setting this statically all the time. I
> will just need to work out how to address in the PXE template the the
> values entered from the GUI
>
> Question:
>
> As i am currently stuck with entering the IP addresses manually, I have
> been doing this on a host by host basis and waiting for each host to get to
> the stage that it has pulled its kickstart config down before building a
> new host. However, if i set a server to build and then go to edit, i see
> the "templates" has all the transposed details for the template filled in.
> Am i right in thinking that if i set the static values in the PXE template
> and then hit build, the host will have its own template and wont be
> dependent on the PXE template anymore? ie, i can straight away edit the
> PXE template so that i can provision a new host?
>
> I need to build multiple hosts at the same time and think i have
> mis-understood
>
> cheers

Hello

if I understand you question correctly - simply said, there's just one shared
template for all hosts and it's always rendered on demand. Rendering means
replacing variables with real data fetched from particular host. So a template
like

echo "hello <%= @host.fqdn %>"

when you render it for host a.example.com the output would be

echo "hello a.example.com"

so the template is the same for each host but output is different per host. So
if you hardcode specific IP, all host that would render the template with the
same IP. The rendering occurs when host is in build mode and boot from PXE, it
downloads the output of rendering from Foreman and pass it to anaconda.

So you could manually hardcode the IP for each host, build it, change the
template, build another one etc, but there's no need to do it this way and it
would be a lot of useless work.

Sorry if I didn't understand the question or explaining the obvious.

No, you have understood correctly. My confusion lies in the fact that i am
tied to using the old version of foreman until we upgrades and stuck to
setting these valuves manually in the PXE template for every host i build.
This meant i had to wait until a server had pulled down its config to do so

• which as you say - has been painful! So looking forward to the new
  version!

You have helped me understand that with the new version of
Satellite/Foreman i can:

1. Use one master PXE template for my builds - this hands the 1 ip for the
   build process. This template will have to be pretty generic for my hosts
   and i guess anything that does any customization should be then done by
   puppet. It would nice if you had the option to select 1 or more PXE
   templates per O/S
2. Then I will reference the remaining nics and their network information
   in the post kickstart snippet - using the loop to loop through each nic
   should it exist.

I will look at the template links you sent and the kickstart snippet. i
need to understand how that template works as it seems to have different
code for different options!

thanks for the pointers - i'm getting it!