Use foreman to provision a smart-proxy?

Support
1

Hi,
There are several install scenarios in the documentation for manually
configuring smart proxies using the foreman-installer. Is there anyone out
there who is using Foreman and the Puppet-Foreman-Proxy module to provision
systems that will serve as smart-proxy systems running proxy-able
subsystems? (puppet master, dhcpd, bind, tfptd, etc.)?

I'm thinking about using config groups to define various common proxy
scenarios that we might deploy as we expand foreman's reach across the
enterprise. I think its a bit silly that there's no way (out of the box)
to quickly provision additional proxies and services…instead the
installation processes involve doing things somewhat manually. Please
don't take offense - I love the foreman installer, its great…but I'd like
to be able to goto Foreman, click New Host and assign a config group or
puppet class that makes a new foreman proxy somewhere in my environment. I
get there's site specific configuration data needed, but the parts about
getting the software installed and the smart proxy connected to Foreman
should be pretty simply obtained from within the existing environment,
right?

2

Yes, we do this, although we have our own puppet module for doing it -
foreman proxies are pretty simple to set up anyway. Obviously you have to
seed a DHCP/DNS/TFTP server and a puppet master first manually, but once
you've done that and got Foreman running you can then go back and puppetise
them as well. We use hiera, so all the domain specific stuff comes from
there.

··· On 27 January 2016 at 21:43, Sean A wrote:

Hi,
There are several install scenarios in the documentation for manually
configuring smart proxies using the foreman-installer. Is there anyone out
there who is using Foreman and the Puppet-Foreman-Proxy module to provision
systems that will serve as smart-proxy systems running proxy-able
subsystems? (puppet master, dhcpd, bind, tfptd, etc.)?

I’m thinking about using config groups to define various common proxy
scenarios that we might deploy as we expand foreman’s reach across the
enterprise. I think its a bit silly that there’s no way (out of the box)
to quickly provision additional proxies and services…instead the
installation processes involve doing things somewhat manually. Please
don’t take offense - I love the foreman installer, its great…but I’d like
to be able to goto Foreman, click New Host and assign a config group or
puppet class that makes a new foreman proxy somewhere in my environment. I
get there’s site specific configuration data needed, but the parts about
getting the software installed and the smart proxy connected to Foreman
should be pretty simply obtained from within the existing environment,
right?


You received this message because you are subscribed to the Google Groups
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to foreman-users+unsubscribe@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at https://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.


Matt Jarvis
Head of Cloud Computing
DataCentred
Office: (+44)0161 8703985
Mobile: (+44)07983 725372
Email: matt.jarvis@datacentred.co.uk
Website: http://www.datacentred.co.uk


DataCentred Limited registered in England and Wales no. 05611763

3

I see, well thanks for the info. I was hoping there was an available
solution, but as you point out, you've rolled your own and it's not
difficult.

So what are you doing to register the smart proxies? I was thinking it
might be possible to extract the oauth details as parameters or something
so that the smart proxy could be registered like it is with the
foreman-installer…except automatically - since Foreman's doing the
provisioning and Puppet's doing the config.

Anyway, one more question… I've noticed that it seems like Foreman can
only import classes from one puppet system. I've not done this before, so
maybe I'm off track. In my lab, I have
foreman+proxy+puppet+puppetca+dhcp+dns+tftp on one host, and proxy+puppet
on another. I've easily setup new hosts to be provisioned and use the 2nd
puppet server. What I run into is that Foreman seems to be confused about
which puppet server provides which environments, classes and smart class
params. Does foreman not associate those puppet master details
individually with the puppet master hosts across the smart proxies?

For example, if I put class foo on both servers and class bar only on the
Foreman server, then if I want to use class bar at all I have to import
from Foreman. If I import from the other puppet, I'm asked to confirm
removing class bar. Even more interesting is when I try to use smart class
parameters, because these apparently are specific to each puppet master.
On the smart class parameters page, if I search for class foo, then I see
two links for each of foo's params. That seems pretty difficult to manage
as the environment grows across the enterprise and many puppet masters are
added.

I am missing a piece of the puzzle here?

Thank you kindly!

··· On Wednesday, January 27, 2016 at 6:06:58 PM UTC-5, Matt Jarvis wrote: > > Yes, we do this, although we have our own puppet module for doing it - > foreman proxies are pretty simple to set up anyway. Obviously you have to > seed a DHCP/DNS/TFTP server and a puppet master first manually, but once > you've done that and got Foreman running you can then go back and puppetise > them as well. We use hiera, so all the domain specific stuff comes from > there. > > On 27 January 2016 at 21:43, Sean A <smal...@gmail.com > > wrote: > >> Hi, >> There are several install scenarios in the documentation for manually >> configuring smart proxies using the foreman-installer. Is there anyone out >> there who is using Foreman and the Puppet-Foreman-Proxy module to provision >> systems that will serve as smart-proxy systems running proxy-able >> subsystems? (puppet master, dhcpd, bind, tfptd, etc.)? >> >> I'm thinking about using config groups to define various common proxy >> scenarios that we might deploy as we expand foreman's reach across the >> enterprise. I think its a bit silly that there's no way (out of the box) >> to quickly provision additional proxies and services...instead the >> installation processes involve doing things somewhat manually. Please >> don't take offense - I love the foreman installer, its great...but I'd like >> to be able to goto Foreman, click New Host and assign a config group or >> puppet class that makes a new foreman proxy somewhere in my environment. I >> get there's site specific configuration data needed, but the parts about >> getting the software installed and the smart proxy connected to Foreman >> should be pretty simply obtained from within the existing environment, >> right? >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Foreman users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to foreman-user...@googlegroups.com . >> To post to this group, send email to forema...@googlegroups.com >> . >> Visit this group at https://groups.google.com/group/foreman-users. >> For more options, visit https://groups.google.com/d/optout. >> > > > > -- > Matt Jarvis > Head of Cloud Computing > DataCentred > Office: (+44)0161 8703985 > Mobile: (+44)07983 725372 > Email: matt....@datacentred.co.uk > Website: http://www.datacentred.co.uk > > DataCentred Limited registered in England and Wales no. 05611763
4

> I see, well thanks for the info. I was hoping there was an available
> solution, but as you point out, you've rolled your own and it's not
> difficult.
>
> So what are you doing to register the smart proxies? I was thinking it
> might be possible to extract the oauth details as parameters or something
> so that the smart proxy could be registered like it is with the
> foreman-installer…except automatically - since Foreman's doing the
> provisioning and Puppet's doing the config.
>

It's worth knowing that the installer modules are pure puppet and can be
imported into an existing master to continue to maintain the infra once the
installer has done it's job. I do this, using the puppet-puppet,
puppet-foreman, and puppet-foreman_proxy modules. Further, the proxy module
contains code to register the proxy in Foreman, so that should solve your
problem.

Anyway, one more question… I've noticed that it seems like Foreman can
> only import classes from one puppet system. I've not done this before, so
> maybe I'm off track. In my lab, I have
> foreman+proxy+puppet+puppetca+dhcp+dns+tftp on one host, and proxy+puppet
> on another. I've easily setup new hosts to be provisioned and use the 2nd
> puppet server. What I run into is that Foreman seems to be confused about
> which puppet server provides which environments, classes and smart class
> params. Does foreman not associate those puppet master details
> individually with the puppet master hosts across the smart proxies?
>

Correct, Foreman makes the assumption that all masters have access to the
same set of classes.

> For example, if I put class foo on both servers and class bar only on the
> Foreman server, then if I want to use class bar at all I have to import
> from Foreman. If I import from the other puppet, I'm asked to confirm
> removing class bar. Even more interesting is when I try to use smart class
> parameters, because these apparently are specific to each puppet master.
> On the smart class parameters page, if I search for class foo, then I see
> two links for each of foo's params. That seems pretty difficult to manage
> as the environment grows across the enterprise and many puppet masters are
> added.
>
> I am missing a piece of the puzzle here?
>

It's not proxy related, Foreman simply assumes the same puppet code is on
all masters. If you go to the effort of using different environments on
each master, then you should be ok as the class parameters are stored per
environment - there's a filter at the top of the tab.

··· On 28 January 2016 at 22:04, Sean A wrote: