Avoid the integrated SmartProxy for non-Katello #3084
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
All the components mentioned are optional and not provided by default (except Puppet Server in non-Katello deployments).
The concept of an "integrated" or "external" Smart Proxy has never been used outside of Katello. In vanilla Foreman all Smart Proxies are equal. Some just happen to run on the same server as Foreman, but even that's optional. Advanced users can use `--no-enable-foreman-proxy` to the installer to disable this. Within Katello there is a slight nuance and that's the role of Pulp. Each Smart Proxy Pulp plugin can identify itself as a mirror. Typically this is true for every Smart Proxy that's not on the Foreman server while it's false for the one on the Foreman server. If the number of non-mirrors isn't equal to 1 then Katello has a problem. On a technical level there is no code difference and it's just a simple configuration flag. It would also be perfectly valid to separate out the non-mirror from Foreman, but the current installer doesn't make that easy and our upgrade tooling also doesn't support this. In the future this may become supported, so it's best to keep the references to integrated/external to a minimum.
|
The PR preview for edd6b50 is available at theforeman-foreman-documentation-preview-pr-3084.surge.sh The following output files are affected by this PR: |
maximiliankolb
approved these changes
Jun 20, 2024
|
The link flagged by the linkchecker seems to work now. |
apinnick
pushed a commit
that referenced
this pull request
Jul 28, 2024
* Make it obvious that a SmartProxyServer can provide services All the components mentioned are optional and not provided by default (except Puppet Server in non-Katello deployments). * Avoid the integrated SmartProxy for non-Katello The concept of an "integrated" or "external" Smart Proxy has never been used outside of Katello. In vanilla Foreman all Smart Proxies are equal. Some just happen to run on the same server as Foreman, but even that's optional. Advanced users can use `--no-enable-foreman-proxy` to the installer to disable this. Within Katello there is a slight nuance and that's the role of Pulp. Each Smart Proxy Pulp plugin can identify itself as a mirror. Typically this is true for every Smart Proxy that's not on the Foreman server while it's false for the one on the Foreman server. If the number of non-mirrors isn't equal to 1 then Katello has a problem. On a technical level there is no code difference and it's just a simple configuration flag. It would also be perfectly valid to separate out the non-mirror from Foreman, but the current installer doesn't make that easy and our upgrade tooling also doesn't support this. In the future this may become supported, so it's best to keep the references to integrated/external to a minimum. (cherry picked from commit 95bf26b)
apinnick
pushed a commit
that referenced
this pull request
Jul 28, 2024
* Make it obvious that a SmartProxyServer can provide services All the components mentioned are optional and not provided by default (except Puppet Server in non-Katello deployments). * Avoid the integrated SmartProxy for non-Katello The concept of an "integrated" or "external" Smart Proxy has never been used outside of Katello. In vanilla Foreman all Smart Proxies are equal. Some just happen to run on the same server as Foreman, but even that's optional. Advanced users can use `--no-enable-foreman-proxy` to the installer to disable this. Within Katello there is a slight nuance and that's the role of Pulp. Each Smart Proxy Pulp plugin can identify itself as a mirror. Typically this is true for every Smart Proxy that's not on the Foreman server while it's false for the one on the Foreman server. If the number of non-mirrors isn't equal to 1 then Katello has a problem. On a technical level there is no code difference and it's just a simple configuration flag. It would also be perfectly valid to separate out the non-mirror from Foreman, but the current installer doesn't make that easy and our upgrade tooling also doesn't support this. In the future this may become supported, so it's best to keep the references to integrated/external to a minimum. (cherry picked from commit 95bf26b)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The concept of an "integrated" or "external" Smart Proxy has never been used outside of Katello. In vanilla Foreman all Smart Proxies are equal. Some just happen to run on the same server as Foreman, but even that's optional. Advanced users can use
--no-enable-foreman-proxyto the installer to disable this.Within Katello there is a slight nuance and that's the role of Pulp. Each Smart Proxy Pulp plugin can identify itself as a mirror. Typically this is true for every Smart Proxy that's not on the Foreman server while it's false for the one on the Foreman server. If the number of non-mirrors isn't equal to 1 then Katello has a problem.
On a technical level there is no code difference and it's just a simple configuration flag. It would also be perfectly valid to separate out the non-mirror from Foreman, but the current installer doesn't make that easy and our upgrade tooling also doesn't support this.
In the future this may become supported, so it's best to keep the references to integrated/external to a minimum.
It also makes it obvious that a SmartProxyServer can provide services. All the components mentioned are optional and not provided by default (except Puppet Server in non-Katello deployments).
I still struggle to properly define these things. For example, I couldn't find how we define Smart Proxy, but here's how I would define it:
Smart Proxy: a service that acts as a facade for various services, providing a unified REST API with a single authentication mechanism. Each Smart Proxy is registered to Foreman, allowing Foreman to delegate functionality for hosts, hostgroups, domains and subnet to specific Smart Proxies.
Foreman Proxy: the default (and currently only) implementation of a Smart Proxy.
Smart Proxy Server: a server running the Smart Proxy, with optionally additional services such as DHCP, DNS, TFTP and Puppet Server.
I debated leaving these comments on #2972 or open a new issue. Feel free to consider this a bug report and take it over.
Please cherry-pick my commits into: