Using Foreman to deploy to multiple subnets

Hi everyone,

I’m trying to use Foreman to deploy to multiple subnets. I’ve been able to create a new subnet definition in Foreman and it seems to work fine. I was also able to figure out how to configure how to configure DHCP to serve those subnets, and all that seems to work.

Here’s a (slightly sanitised) copy of my DHCP configuration: https://gist.github.com/Zorlin/a2d036a0be0b651e9eee5f6510bd51eb

Problem:
The issue is that I have my TFTP server listening only on the main subnet (on eth0, 10.20.50.95) and I was wondering if it’s possible to have Foreman also provide a TFTP server/smart proxy on the secondary subnets (on eth1, 10.20.78.254 for example, and later eth2, eth3)

Foreman and Proxy versions:
1.22.2

Foreman and Proxy plugin versions:
1.22.2

Distribution and version:
CentOS 7, up-to-date

Other relevant data:

I believe I should be able to make this work by putting the TFTP server in a place that is central, routable and accessible from all the subnets I wish to be able to deploy to, but hoping that isn’t necessary :slight_smile:

1 Like

You can simply deploy one Smart proxy with the TFTP feature in every subnet not routed to the main network and when the Smart proxy with this feature is registered to Foreman you can assign it to the subnet (in the proxy tab of the subnet).

1 Like

I’d rather not spin up multiple machines, if at all possible, but that is a good suggestion. Was hoping to have the main Foreman server simply have multiple NICs with appropriate IPs (which is roughly done already).

Okay - I’m trying to temporarily change my TFTP server’s IP so I can demonstrate PXE booting in the secondary subnet.

I did this:

sudo foreman-installer --scenario katello \
  --enable-foreman-proxy \
  --foreman-proxy-tftp=true \
  --foreman-proxy-tftp-servername=10.20.78.254 \
  --foreman-proxy-dhcp=true \
  --foreman-proxy-dhcp-interface=eth1 \
  --foreman-proxy-dhcp-gateway="10.20.78.1" \
  --foreman-proxy-dhcp-nameservers="10.20.50.6,10.20.50.7" \
  --foreman-proxy-dhcp-range="false"

And unfortunately next-server on the test machine I have appears to be stuck on the old IP (10.20.50.95) no matter what I do.

We create VMs in an isolated subnet and run a post install script that fetches permanent IP from DNS and shuts down the VM. We then move it to the destination subnet and reset the VLAN.

We set up multiple subnets dedicated to provisioning, one for Prod, Test, DMZ, DR etc. Each of these subnets is configured with the Foreman host FQDN as the DHCP, TFTP, DNS and Template Smart Proxy.

Each provisioned host is provisioned with its service IP (currently manually assigned) and a provisioning IP (assigned by Foreman DHCP) on separate NICs. Once the host is successfully provisioned the provisoning NIC is removed by post scripts.

This works well for us in an all VM environment.

The next server is tricky one - Foreman tries to read the setting which is set by --foreman-proxy-tftp-servername and stored in smart proxy YAML configuration file and also published via an API endpoint. If that’s present on the TFTP smart proxy you configured for the subnet, it uses that IP address. If this configuration option is missing, then Foreman performs reverse DNS lookup of the smart proxy hostname you defined in Foreman and uses that IP. Recent Foreman versions also puts hostname to the next server option if and only if the DHCP plugin supports it (ISC DHCP).