Using Foreman to deploy to multiple subnets

wings · January 31, 2020, 7:08am

Hi everyone,

I’m trying to use Foreman to deploy to multiple subnets. I’ve been able to create a new subnet definition in Foreman and it seems to work fine. I was also able to figure out how to configure how to configure DHCP to serve those subnets, and all that seems to work.

Here’s a (slightly sanitised) copy of my DHCP configuration: https://gist.github.com/Zorlin/a2d036a0be0b651e9eee5f6510bd51eb

Problem:
The issue is that I have my TFTP server listening only on the main subnet (on eth0, 10.20.50.95) and I was wondering if it’s possible to have Foreman also provide a TFTP server/smart proxy on the secondary subnets (on eth1, 10.20.78.254 for example, and later eth2, eth3)

Foreman and Proxy versions:
1.22.2

Foreman and Proxy plugin versions:
1.22.2

Distribution and version:
CentOS 7, up-to-date

Other relevant data:

wings · January 31, 2020, 7:13am

I believe I should be able to make this work by putting the TFTP server in a place that is central, routable and accessible from all the subnets I wish to be able to deploy to, but hoping that isn’t necessary

Dirk · January 31, 2020, 8:47am

You can simply deploy one Smart proxy with the TFTP feature in every subnet not routed to the main network and when the Smart proxy with this feature is registered to Foreman you can assign it to the subnet (in the proxy tab of the subnet).

wings · January 31, 2020, 8:51am

I’d rather not spin up multiple machines, if at all possible, but that is a good suggestion. Was hoping to have the main Foreman server simply have multiple NICs with appropriate IPs (which is roughly done already).

wings · February 3, 2020, 2:43am

Okay - I’m trying to temporarily change my TFTP server’s IP so I can demonstrate PXE booting in the secondary subnet.

I did this:

sudo foreman-installer --scenario katello \
  --enable-foreman-proxy \
  --foreman-proxy-tftp=true \
  --foreman-proxy-tftp-servername=10.20.78.254 \
  --foreman-proxy-dhcp=true \
  --foreman-proxy-dhcp-interface=eth1 \
  --foreman-proxy-dhcp-gateway="10.20.78.1" \
  --foreman-proxy-dhcp-nameservers="10.20.50.6,10.20.50.7" \
  --foreman-proxy-dhcp-range="false"

And unfortunately next-server on the test machine I have appears to be stuck on the old IP (10.20.50.95) no matter what I do.

poulterer · February 3, 2020, 10:32pm

We create VMs in an isolated subnet and run a post install script that fetches permanent IP from DNS and shuts down the VM. We then move it to the destination subnet and reset the VLAN.

synaptik · February 12, 2020, 4:25am

We set up multiple subnets dedicated to provisioning, one for Prod, Test, DMZ, DR etc. Each of these subnets is configured with the Foreman host FQDN as the DHCP, TFTP, DNS and Template Smart Proxy.

Each provisioned host is provisioned with its service IP (currently manually assigned) and a provisioning IP (assigned by Foreman DHCP) on separate NICs. Once the host is successfully provisioned the provisoning NIC is removed by post scripts.

This works well for us in an all VM environment.

lzap · February 12, 2020, 7:29am

The next server is tricky one - Foreman tries to read the setting which is set by --foreman-proxy-tftp-servername and stored in smart proxy YAML configuration file and also published via an API endpoint. If that’s present on the TFTP smart proxy you configured for the subnet, it uses that IP address. If this configuration option is missing, then Foreman performs reverse DNS lookup of the smart proxy hostname you defined in Foreman and uses that IP. Recent Foreman versions also puts hostname to the next server option if and only if the DHCP plugin supports it (ISC DHCP).

ashishsn6 · February 22, 2024, 2:26pm

Hi All,
Need some help here, I want to do provisioning on subnet and VLAN other than where my foreman machine is hosted using static IP. Is it possible, if yes how can I do it?

Also FYI in my setup DHCP is not configured to use smart proxy and There is connectivity between these different subnets and VLAN.