Setting up Foreman in multiple locations

I have been using foreman with Katello on a single server as a Proof of Concept. Im now trying to figure out how to setup foreman on several servers. Something like:

Main Server - Has Foreman/Katello Core
Office Services - Foreman Smart Proxy with Content, and all PXE services (discovery,dhcp,dns,tftp)

I understand when you run the foreman installer on a single server it installs a integrated smart proxy. Am I suppose to leave that there?

So would I than setup the main server with this command:

foreman-installer --scenario katello

and use all the defaults.

Should I be something like this:

foreman-installer --scenario katello --no-enable-foreman-proxy

That I assume on each proxy I use the foreman-proxy-content scenario to setup the Smart proxies at each office.

foreman-installer --scenario foreman-proxy-content \

Basically Im trying to figure out what command to run to install core foreman on the main server, than the command to run on each smart proxy.

Expected outcome:

Foreman and Proxy versions:
Foreman - 3.6.1
Katello - 4.8.1

Distribution and version:
Other relevant data:

You should use the regular command on the main Foreman server. Katello has a “pulp primary” smart proxy which is how Katello and Pulp store all the content on the Foreman server. Other Smart Proxies with Content can then sync a subset of content from the primary.

So there are two ways that you can go here…

Option #1: Utilize Katello Smart Proxies which will have a single “main” Foreman/Katello server that is used for management of the entire infrastructure and the smart proxies which will be where the clients are registered to, receive their content from, etc… I will point out that the main foreman server is also a smart proxy so you won’t need to set up the main server AND a smart proxy in the same location.

Option #2: Utilize standalone Foreman/Katello servers in each of your locations. This will be as if you deployed your Proof of Concept server to multiple locations. They are all separate from one another, which means that if one fails, only that location fails (unlike Option #1 where if the main Foreman Server fails, the entire infrastructure is crippled). However, this option requires a lot more work in terms of managing the content (no synchronization of content, views, keys, etc.).

Now I see you’re running this on RHEL 8, so if this is a paid RHEL subscription - do not forget you have access to the Red Hat Satellite as well (if your subscriptions have Smart Management).

Hey All,

Thank you for the responses as they sorta helped. However, Im still confused. So I thought it might be easier to try and seprate out the service of plain Foreman. IE: WithOUT Katello. But still running into troubles. So here is where Im at and where I get confused.

Foreman Core
I run the following command after adding the repos, to get default foreman running:

foreman-installer \
  --foreman-initial-organization "USA" \
  --foreman-initial-location "Casa Grande" \
  --foreman-initial-admin-first-name "Test" \
  --foreman-initial-admin-last-name "User" \
  --foreman-initial-admin-username "testuser" \
  --foreman-initial-admin-password "SuperSecret1" \

Smart Proxy

  • Added the same repos as above
  • Bootstrap cert with: puppet ssl bootstrap --server ""
  • Log into Foreman Core UI and sign cert above.

This is where I get confused. The docs are not very straight forward on this. The Ultimate goal is to have this Smart Proxy be able to provision bare metal laptops/desktops. However, at this point Im just trying to get the proxy installed and recognized by Foreman.

So here are the 2 sets of commands I tried.

From the QuickStart guide when clicking “Get Started” on

foreman-installer \
  --no-enable-foreman \
  --no-enable-foreman-puppet \
  --no-enable-foreman-cli \
  --no-enable-foreman-cli-puppet \
  --no-enable-puppet \
  --enable-foreman-proxy \
  --foreman-proxy-foreman-base-url= \ \
  --foreman-proxy-oauth-consumer-key=<key here> \
  --foreman-proxy-oauth-consumer-secret=<secret here> \
  1. The --no-enable-foreman-puppet option doesn’t exist. But I think it suppose to be --no-enable-foreman-plugin-puppet

  2. After fixing the option it complained about the “puppet” group missing. So I added that and re-ran it, which did go through. However when check the features of this proxy it has all the same features as the foreman_core proxy. IE: Puppet, Puppet CA, Logs

So since I do not think thats what we want. I decided to try again, but this time I use this command from the NEW katello doc site.

foreman-installer \
  --no-enable-foreman \
  --no-enable-foreman-cli \
  --enable-puppet \
  --puppet-server-ca=false \
  --puppet-server-foreman-url= \
  --enable-foreman-proxy \
  --foreman-proxy-puppetca=false \
  --foreman-proxy-tftp=false \
  --foreman-proxy-foreman-base-url= \ \
  --foreman-proxy-oauth-consumer-key=oAuth_Consumer_Key \
  --foreman-proxy-oauth-consumer-secret=oAuth_Consumer_Secret \
  1. Still complained about group “puppet” missing, so added the puppet group, than re-ran the installer. It goes through.

So I go check the features this time and now we have just “puppet” and “logs”. So a little better I think…

Furthermore. If I go to the Puppet tab on this smart proxy and than click environments it just errors out with “Unable to get environments from Puppet”.

The Current Goal
Since Im having troubles understand what DOC to follow, What command do I run on the smart proxy to get basic connection/configuration, so that I can than add in the DNS, DHCP, TFTP servers.

The Ultimate Goal
To be able to have a Main Foreman Server in one location, than have smart proxies at each office that does baremetal provisioning.

I hope someone understands what Im asking and can lead me down the right path.

Thank you

Shawn OG