Deploying Foreman on Amazon Web Services

1. Scenarios for Foreman on AWS

You can deploy Foreman on Amazon Web Services (AWS) in several scenarios.

One-region setup

This is the least complex configuration of Foreman in AWS. Deploy both Foreman server and the hosts residing within the same region and within the Virtual Private Cloud (VPC) You can also use a different availability zone.

Connecting on-premises and AWS region

Create a VPN connection between the on-premises location and the AWS region where your Smart Proxy server is located. It is also possible to use the external host name of Foreman server when you register the instance that runs Smart Proxy.

Site-to-site VPN connection between the AWS region and the on-premises data center

Direct connection using the external DNS host name

Connecting different regions

Create a site-to-site VPN connection between different regions so that you can use the internal DNS host name when you register the instance that runs Smart Proxy to Foreman server. If you do not establish a site-to-site VPN connection, use the external DNS host name when you register the instance that runs Smart Proxy to Foreman server.

Note	Most public cloud providers do not charge for data being transferred into a region or between availability zones within a single region. However, they charge for data leaving the region to the Internet.

Site-to-site VPN connection between AWS regions

Direct connection using the external DNS host name

2. Use case considerations for Foreman on AWS

Amazon Web Services (AWS) is an image-only compute resource which means that there are common Foreman use cases that do not work or require extra configuration in your AWS environment. If you plan to deploy Foreman to AWS, ensure that the use case scenarios that you want to use are available in your AWS environment.

2.1. Supported use cases for Foreman on AWS

You can perform the following Foreman use cases on Amazon Web Services (AWS):

Multi-homed Foreman and Smart Proxy

Multi-homed Foreman server is not supported.

Multi-homed Smart Proxy servers are supported by configuring Smart Proxies with a load balancer. For more information, see Configuring Smart Proxies with a Load Balancer.

For a multi-homed Smart Proxy servers setup, ensure you meet these requirements:

Foreman server or Smart Proxy server have different internal and external DNS host names
No site-to-site VPN connection exists between the locations where you deploy Foreman server and Smart Proxy server

On demand content sources

You can use the On demand download policy to reduce the storage footprint of your Foreman server. When you set the download policy to On Demand, content is synchronized to Foreman server or Smart Proxy server when a content host requests it.

For more information, see Download policies overview in Managing content.

Managed database by Amazon

You can use Amazon Relational Database Service as external database for Foreman. For more information, see Migrating from internal Foreman databases to external databases in Administering Foreman.

2.2. Unsupported use cases for Foreman on AWS

In Amazon Web Services (AWS), you cannot manage the DHCP service. Because of this, you cannot use Kickstart and PXE provisioning models of Foreman. This includes:

PXE Provisioning
Discovery and Discovery Rules
ISO Provisioning methods
- PXE-Less Discovery (iPXE)
- Per-host ISO
- Generic ISO
- Full-host ISO

3. Prerequisites for Foreman on AWS

Installing and running Foreman server and Smart Proxy servers on Amazon Web Services (AWS) has additional requirements to your environment.

Amazon Web Service requirements

Use Storage requirements in Installing Foreman Server with Katello 4.15 plugin on Enterprise Linux to understand and assign the correct storage to your AWS EBS volumes. See also an AWS storage optimized instance for further guidance.
Create EBS volumes for directories expected to contain larger amounts of data like /var/lib/pulp and ensure they are correctly mounted on start-up and before continuing the installation.
Optional: Store other data on a separate EBS volume.
If you want Foreman server and Smart Proxy server to communicate using external DNS hostnames, open the required ports for communication in the AWS Security Group that is associated with the instance.

AWS permission requirements

Create and access Enterprise Linux images in AWS
Edit network access in AWS Security
Create EC2 instances and EBS volumes
Launch EC2 instances
Import and export of virtual machines in AWS
Usage of AWS Direct Connect

Foreman requirements

Ensure that your Amazon EC2 instance meets or exceeds requirements for Foreman:

For Foreman server, see Preparing your environment for installation in Installing Foreman Server with Katello 4.15 plugin on Enterprise Linux.
For Smart Proxy servers, see Preparing your environment for installation in Installing a Smart Proxy Server 3.13 on Enterprise Linux.

Additional resources

For more information about Amazon Web Services and terminology, see Amazon Elastic Compute Cloud Documentation.
For more information about Amazon Web Services Direct Connect, see What is AWS Direct Connect?.

4. Deploying Foreman on AWS

You can run Foreman server, Smart Proxy servers, and hosts on your Amazon Web Services (AWS) environment. If you want to provision cloud instances on Amazon EC2, see Provisioning cloud instances in Amazon EC2 in Provisioning hosts.

4.1. Installing Foreman server on AWS

You can install Foreman server on your AWS environment.

Procedure

Launch an EC2 instance running Enterprise Linux AMI.
Connect to the newly created instance.
If you use a Red Hat Gold Image, remove the RHUI client and enable repository managing using subscription-manager:
```
# dnf remove -y rh-amazon-rhui-client*
# dnf clean all
# subscription-manager config --rhsm.manage_repos=1
```
Install Foreman server. For more information, see Installing Foreman Server with Katello 4.15 plugin on Enterprise Linux.

Next steps

Register your hosts to Foreman server. For more information, see Registering hosts on AWS to Foreman.

4.2. Installing Smart Proxy server on AWS

You can install Smart Proxy server on your AWS environment.

Procedure

Create a new EC2 instance and connect to it.

As with Foreman server, there are additional steps required when using the Red Hat Gold Image. For more information, see Installing Foreman server on AWS.
Install Smart Proxy server. For more information, see Installing a Smart Proxy Server 3.13 on Enterprise Linux.

Next steps

Register your hosts to Smart Proxy server. For more information, see Registering hosts on AWS to Foreman.

4.3. Registering hosts on AWS to Foreman

When you install Foreman server and Smart Proxy server, you must then register the hosts on EC2 instances to Foreman.

Procedure

Register your hosts to Foreman. For more information, see Registering hosts and setting up host integration in Managing hosts.