Some provisioning questions with VMware

I'm currently using Foreman/Puppet to manage configuration across some of
our virtual machines in our VMware infrastructure. I'm now looking into the
provisioning features of Foreman to actually deploy machines to further
streamline things. I've looked through the manual pages and googled a bit
but haven't been able to find concrete answers, so any assistance is
appreciated.

1.) Under 'Infrastructure -> Provisioning Setup' the provisioning network
shows the VLAN of the single NIC currently attached to the Foreman server.
I want to provision my VMs in another VLAN, do I need to add another NIC to
the Foreman server on this alternate VLAN and specify it here before
proceeding? If this needs to be a NIC on the VLAN the provisioned machines
will go into, how do I handle provisioning to multiple VLANs?

2.) Following on from Q1, in the network config should this be the
domain/vlan I want to provision machines into or the domain/vlan of the
Foreman server itself?

3.) Ideally I don't want any DNS or DHCP being performed by the Foreman
server, is it just a simple case specifying IPAM: None and Bootmode: Static?

Apologies for any idiocy.

TIA!

Hi,

Nathan Slinn schrieb:

> 1.) Under 'Infrastructure -> Provisioning Setup' the provisioning
> network shows the VLAN of the single NIC currently attached to the
> Foreman server. I want to provision my VMs in another VLAN, do I need
> to add another NIC to the Foreman server on this alternate VLAN and
> specify it here before proceeding? If this needs to be a NIC on the
> VLAN the provisioned machines will go into, how do I handle
> provisioning to multiple VLANs?

We did something like this:

The Foreman Server has two NICS, one in the public LAN/VLAN and one in
the deployment VLAN. The latter one has to be created and has to be
available on your VMWare Host.

The VM has to be created with the NIC being in the deployment VLAN. We
had foreman handle DNS and DHCP/PXE on only this VLAN. Also foreman did
the routing, so the machines could reach the internet from the
deployment VLAN.
The machine boots (we did this with the discovery plugin) and gets
provisioned. After the machine is finished, it's NIC is switched from
the deployment VLAN to the VLAN it should be in finally (this has to be
done in the VM configuration in VMware).

Note that foreman no longer has contact to the VM after it's NIC has
changed the VLAN.

> 2.) Following on from Q1, in the network config should this be the
> domain/vlan I want to provision machines into or the domain/vlan of
> the Foreman server itself?

I do not understand your question. Does "network config" mean the
foreman provisioning setup or the Vmware VM configuration?

> 3.) Ideally I don't want any DNS or DHCP being performed by the
> Foreman server, is it just a simple case specifying IPAM: None and
> Bootmode: Static?

No idea, sorry.

··· -- Johannes Kastl Linux Consultant & Trainer Tel.: +49 (0) 151 2372 5802 Mail: kastl@b1-systems.de

B1 Systems GmbH
Osterfeldstraße 7 / 85088 Vohburg / http://www.b1-systems.de
GF: Ralph Dehner / Unternehmenssitz: Vohburg / AG: Ingolstadt,HRB 3537

Sorry, when I refer to network config in point 2 I'm referring to the
provisioning setup steps still, I think network config is step 2?

··· On Thursday, 30 March 2017 08:17:51 UTC+1, Johannes Kastl wrote: > > Hi, > > Nathan Slinn schrieb: > > > 1.) Under 'Infrastructure -> Provisioning Setup' the provisioning > > network shows the VLAN of the single NIC currently attached to the > > Foreman server. I want to provision my VMs in another VLAN, do I need > > to add another NIC to the Foreman server on this alternate VLAN and > > specify it here before proceeding? If this needs to be a NIC on the > > VLAN the provisioned machines will go into, how do I handle > > provisioning to multiple VLANs? > > We did something like this: > > The Foreman Server has two NICS, one in the public LAN/VLAN and one in > the deployment VLAN. The latter one has to be created and has to be > available on your VMWare Host. > > The VM has to be created with the NIC being in the deployment VLAN. We > had foreman handle DNS and DHCP/PXE on only this VLAN. Also foreman did > the routing, so the machines could reach the internet from the > deployment VLAN. > The machine boots (we did this with the discovery plugin) and gets > provisioned. After the machine is finished, it's NIC is switched from > the deployment VLAN to the VLAN it should be in finally (this has to be > done in the VM configuration in VMware). > > Note that foreman no longer has contact to the VM after it's NIC has > changed the VLAN. > > > 2.) Following on from Q1, in the network config should this be the > > domain/vlan I want to provision machines into or the domain/vlan of > > the Foreman server itself? > > I do not understand your question. Does "network config" mean the > foreman provisioning setup or the Vmware VM configuration? > > > 3.) Ideally I don't want any DNS or DHCP being performed by the > > Foreman server, is it just a simple case specifying IPAM: None and > > Bootmode: Static? > > No idea, sorry. > > -- > Johannes Kastl > Linux Consultant & Trainer > Tel.: +49 (0) 151 2372 5802 > Mail: ka...@b1-systems.de > > B1 Systems GmbH > Osterfeldstraße 7 / 85088 Vohburg / http://www.b1-systems.de > GF: Ralph Dehner / Unternehmenssitz: Vohburg / AG: Ingolstadt,HRB 3537 >

Nathan Slinn schrieb:
> Sorry, when I refer to network config in point 2 I'm referring to the
> provisioning setup steps still, I think network config is step 2?

>>> 2.) Following on from Q1, in the network config should this be the
>>> domain/vlan I want to provision machines into or the domain/vlan of
>>> the Foreman server itself?

The interface / subnet you define in the provisioning setup is the one,
that foreman should "listen" on. In your case we wanted to have it
listen to DNS, DHCP and PXE only on that VLAN, that the second NIC on
the foreman server was on, as well as the NICs in the VMs.

Did I get you right?

··· -- Johannes Kastl Linux Consultant & Trainer Tel.: +49 (0) 151 2372 5802 Mail: kastl@b1-systems.de

B1 Systems GmbH
Osterfeldstraße 7 / 85088 Vohburg / http://www.b1-systems.de
GF: Ralph Dehner / Unternehmenssitz: Vohburg / AG: Ingolstadt,HRB 3537

You did, thanks Johannes. I've completed all of the provisioning setup
steps, next issue is actually deploying a VM. I've had it begin the build
process in VMware but then rollback with an error relating to DNS records.
I don't want any DNS or DHCP management being handled by Foreman (we don't
use DHCP and already have servers managing DNS). Is there a way to stop it
attempting creating DNS records?

··· On Thursday, 30 March 2017 09:23:28 UTC+1, Johannes Kastl wrote: > > Nathan Slinn schrieb: > > Sorry, when I refer to network config in point 2 I'm referring to the > > provisioning setup steps still, I think network config is step 2? > > >>> 2.) Following on from Q1, in the network config should this be the > >>> domain/vlan I want to provision machines into or the domain/vlan of > >>> the Foreman server itself? > > The interface / subnet you define in the provisioning setup is the one, > that foreman should "listen" on. In your case we wanted to have it > listen to DNS, DHCP and PXE only on that VLAN, that the second NIC on > the foreman server was on, as well as the NICs in the VMs. > > Did I get you right? > > -- > Johannes Kastl > Linux Consultant & Trainer > Tel.: +49 (0) 151 2372 5802 > Mail: ka...@b1-systems.de > > B1 Systems GmbH > Osterfeldstraße 7 / 85088 Vohburg / http://www.b1-systems.de > GF: Ralph Dehner / Unternehmenssitz: Vohburg / AG: Ingolstadt,HRB 3537 >

Nathan Slinn schrieb:
> You did, thanks Johannes. I've completed all of the provisioning
> setup steps, next issue is actually deploying a VM.

OK.

> I've had it begin
> the build process in VMware but then rollback with an error relating
> to DNS records.

Did you provision the machine with foreman?

And could you elaborate what kind of "rollback" that was?

Also: How did you create the VM, in VMware or via Foreman's VMware
"compute resource"?

How do you boot it? Via PXE?

> I don't want any DNS or DHCP management being handled
> by Foreman (we don't use DHCP and already have servers managing DNS).
> Is there a way to stop it attempting creating DNS records?

I do not know how, but AFAIK you can attach foreman to your existing
infrastructure with a feature called "smart proxy".

But you would need to tell the machine where to get its tftp stuff from,
otherwise it wont boot via PXE.

Johannes

P.S.: No need to CC me, I'm subscribed to the list.

··· -- Johannes Kastl Linux Consultant & Trainer Tel.: +49 (0) 151 2372 5802 Mail: kastl@b1-systems.de

B1 Systems GmbH
Osterfeldstraße 7 / 85088 Vohburg / http://www.b1-systems.de
GF: Ralph Dehner / Unternehmenssitz: Vohburg / AG: Ingolstadt,HRB 3537