How to deploy katello in a multi host setup with forklift

Thirst I want to thank the whole community for this wonderful product!

I try to deploy katello with forklift and vagrant in a multi server setup (then the playbook will be reuse for prod).
setting up a single node with everything is easy, but once i try to split the issue rise…
The reason I want to do this, is to be able to deploy a test environment that is very close to the prod to easily test upgrade scenario in the future

Expected outcome:

  • one katello server on a dedicated server (content + provisioning)
  • one puppet master on a dedicated server(just for puppet mastering)
  • one puppetCA on a dedicated server

Foreman and Proxy versions:
katello_repositories_version: 3.8
katello_repositories_environment: release
foreman_repositories_environment: release
foreman_repositories_version: 1.19

I’m a bit lost on the flags i need to give to the installer for each server I need, besides i have conflicting information between --help and the documentation: Foreman :: Plugin Manuals --> --pulp?
When i sue forlift i play with two playbook :

  • playbooks/katello.yml (for the katello server)
  • playbooks/foreman_proxy_content.yml (for the other)
    the last one looks ok until i try to add some flags to avoid installing pulp and everything that come with the proxy-content

I also have some concern about the my setup also, to communicate all the component use TLS, since i deploy first a katello server without puppet/CA how katello will manage these certificate ? Maybe i need to setup a regular katello all in one and then move the component out, but then doing with forklift will become complicated.

Maybe using forklift is not the right idea for what we try to achieve?
Do you have some link or idea to help me?
Best Regards

To give a more precise example here is the log of the installation of a content-proxy
Unfortunately, pulp is still enable even with the flag:–no-enable-foreman-proxy-plugin-pulp


- hosts: server foreman-proxy-puppet
  become: true
    foreman_proxy_puppet_server_group: "server-{{ inventory_hostname }}"
    foreman_proxy_content_server: "{{ groups[foreman_proxy_puppet_server_group][0] }}"
    - selinux
#    - etc_hosts
    - epel_repositories
    - puppet_repositories
    - foreman_repositories
    - katello_repositories
    - ostree_repositories
    - foreman_proxy_content
    - role: foreman_installer
      foreman_installer_scenario: foreman-proxy-content
          - '--disable-system-checks
            --foreman-proxy-templates false
            --foreman-proxy-content-enable-deb false
            --foreman-proxy-content-enable-docker false
            --foreman-proxy-content-enable-file false
            --foreman-proxy-content-enable-yum false
            --foreman-proxy-tftp false
            --foreman-proxy-trusted-hosts "{{ server_fqdn.stdout }}"
            --foreman-proxy-trusted-hosts "{{ ansible_nodename }}"
            --foreman-proxy-foreman-base-url "https://{{ server_fqdn.stdout }}"
            --foreman-proxy-register-in-foreman true
            --foreman-proxy-oauth-consumer-key "{{ oauth_consumer_key.stdout }}"
            --foreman-proxy-oauth-consumer-secret "{{ oauth_consumer_secret.stdout }}"
            --foreman-proxy-content-certs-tar "{{ foreman_proxy_content_certs_tar }}"
            --foreman-proxy-content-parent-fqdn "{{ server_fqdn.stdout }}"
            --puppet-server-foreman-url https://"{{ server_fqdn.stdout }}"'
          - foreman-installer-katello

Full logs here :