Hi All,
TL:DR ; when choosing a foreman install method, is it forman OR katello install choice at install time, and what are the gotchas with each choice? Are there any gotchas around regular system patching on the foreman when pulling down so many dependency packages. Finally, what are peoples experiences with scaling a katello/deployment/puppet solution? Security/network issues aside, Is it best to scale up a single server or scale out and use many smart-proxies on independent servers?
longer version;
I’m a new user to foreman, and have some basic questions if I may?
I’m looking at implementing a foreman infrastructure at a Higher Education establishment in the UK, with a view to displace our current HPE server provisioning, patching and auditing solutions.
Without looking at other commercial solutions, Foreman looks like the ideal orchestrator to front-up a lot of functionality from open-source components.
Looking at the manual’s, it looks like if you ever require the katello functionality, and want to keep your sanity, you MUST install the katello scenario at the time of the foreman installation. Does this then limit or change any of the vanilla foreman behaviour (other than adding katello of course), or affect how you must treat the solution in general?
When it comes to updating katello/foreman, I can see great install instructions on how to do it in the manuals. But when it comes to regular automated OS patching, what is the scope/history of this to breaking functionality? This is of concern because of the immense number of dependencies and packages installed, and we have to install patches within 30 day of them being released.
Finally, when it comes to architecting a foreman/katello deployment, I need to size an initial solution to potentially scale to 500-1000 deployed and managed objects. If we assume that the environment is on a flat network (I wish!!), is the best approach to have an all-in-one deployment, or can I install multiple foreman solutions with different scenarios/plugins installed and somehow link them all together using smart-proxies? e.g., Have a server specifically for katello repos and patching, another for deployment, another for puppet-master.
Thanks for your time in advance, I’d really like to understand how the whole stack hangs together and give it its best change of implementation.
Regards,
Rob.