when I was researching our Grubby default script template, I noticed that ability to render and download shell scripts from Foreman is really powerful feature which could help to improve discovery. I would like to present an idea to change discovery to fix few major painpoints:
- no ability to configure NICs during provisioning (creating bonds, bridges, VLANs)
- complicated way of running custom scripts after boot
- unreliable kexec
- Discovery would require Foreman TLS server certificate fingerprint to be included on the kernel command line both for PXE and for PXE-less (remaster script would not be optional anymore).
- After host is successfully discovered, node would request script from Foreman either of Script kind or newly created custom kind. The shell script would be executed. Users could leverage this to do post-boot initializations. The transport would be strictly HTTPS with fingerprint validation. Default script would be probably no operation - ready for users to be customized.
- When a host is provisioned a different script would be trigggered right after a host is converted to managed host in a similar way. The default script would only include
rebootcommand. We would ship another template which would do
kexeccommand as well.
- Kexec feature and kexec template would be removed from Foreman completely (as kexec template could still be used).
- Now, rendering ERB after boot and during provisioning would enable users to actually modify discovered and managed host using Ruby if we provided macros and allowed some methods in safemode. It should be possible to create bonds, bridges, VLANS or rename identifiers based on facts, hostgroup selected etc. This is one of the top-voted issues in Foreman core and across Foreman plugins: Feature #13847: Auto-provisioning custom scripts for NIC configurations - Discovery - Foreman
- Since Foreman must do unused_ip call during provisioning (e.g. when Subnet is changed - this is WIP and also highly requested feature Bug #16143: Discovered host IP address is not changed to fall within the subnet range - Discovery - Foreman). This must be integrated into helper responsible for saving NICs/host (it must be called after all subnet changes).