1. Use Case Considerations

Because Amazon Web Services is an image-only service, there are common Foreman use cases that do not work, or require extra configuration in an Amazon Web Service environment. If you plan to use Foreman on AWS, ensure that the use case scenarios that you want to use are available in an AWS environment.

1.1. Use Cases Known to Work

You can perform the following Foreman use cases on AWS:

Multi-homed Foreman and Smart Proxy

One way to use multi-homed Smart Proxies is by configuring Smart Proxies with a load balancer. For more information, see Configuring Smart Proxies with a Load Balancer.

You must do this when Foreman server or Smart Proxy server has different internal and external DNS host names and there is no site-to-site VPN connection between the locations where you deploy Foreman server and Smart Proxy server.

1.2. Use Cases that Do Not Work

In AWS, you cannot manage the DHCP. Because of this, most of Kickstart and PXE provisioning models of Foreman server are unusable. This includes:

  • PXE Provisioning

  • Discovery and Discovery Rules

  • ISO Provisioning methods.

    • PXE-Less Discovery (iPXE)

    • Per-host ISO

    • Generic ISO

    • Full-host ISO

2. Deployment Scenarios

There are three deployment scenarios for Foreman in Amazon Web Services:

  • One-region setup

  • Connecting on-premises and AWS region

  • Connecting different regions

The graphics in this section are Red Hat illustrations. Non-Red Hat illustrations are welcome. If you want to contribute alternative images, raise a pull request in the Foreman Documentation GitHub page. Note that in Red Hat terminology, "Satellite" refers to Foreman and "Capsule" refers to Smart Proxy.

One-region setup
Figure 1. Scenario 1: One-region setup

The least complex configuration of Foreman server in Amazon Web Services consists of both Foreman server and the content hosts residing within the same region and within the Virtual Private Cloud (VPC).

You can also use a different availability zone.

Scenario 2: Connecting on-premises and AWS region

Create a VPN connection between the on-premises location and the AWS region where the Smart Proxy is located.

It is also possible to use the external host name of Foreman server when you register the instance that runs Smart Proxy server.

Option 1: Site-to-site VPN connection between the AWS region and the on-premises datacenter

Site-to-site VPN connection between the AWS region and the on-premises datacenter

Option 2: Direct connection using the external DNS host name

Direct connection using the external DNS host name
Scenario 3: Connecting different regions

Create a site-to-site VPN connection between different regions so that you can use the internal DNS host name when you register the instance that runs Smart Proxy server to Foreman server.

If you do not establish a site-to-site VPN connection, use the external DNS host name when you register the instance that runs Smart Proxy server to Foreman server.

Note

Most public cloud providers do not charge for data being transferred into a region or between availability zones within a single region. However, they do charge for data leaving the region to the Internet.

Option 1: Site-to-site VPN connection between AWS regions

Site-to-site VPN connection between AWS regions

Option 2: Direct connection using the external DNS host name

Direct connection using the external DNS host name

3. Prerequisites

Before you can install and register Foreman and Smart Proxy, you must set up accounts with Amazon Web Services (AWS) and create and start Red Hat Enterprise Linux instances on AWS.

3.1. Amazon Web Service Assumptions

To use this guide, you must have a working knowledge of the following aspects of Amazon Web Services:

  • Creating and accessing Red Hat Enterprise Linux images in AWS

  • Editing network access in AWS Security

  • Creating EC2 instances and how to create EBS volumes

  • Launching instances

  • Importing and exporting virtual machines in AWS

  • Using AWS Direct Connect

To install Foreman in an AWS environment, you must ensure that your AWS set up meets the System Requirements in Installing Foreman Server nightly on Debian/Ubuntu.

To install Smart Proxy in an AWS environment, you must ensure that your AWS set up meets the System Requirements in Installing a Smart Proxy Server nightly on Debian/Ubuntu.

For more information about Amazon Web Services and terminology, see Amazon Elastic Compute Cloud Documentation.

For more information about Amazon Web Services Direct Connect, see What is AWS Direct Connect?

3.2. Foreman-specific prerequisites

  • Ensure that the Amazon EC2 instance type meets or exceeds the System Requirements in Installing Foreman Server nightly on Debian/Ubuntu. For the best performance, use an AWS storage optimized instance.

  • If you want Foreman server and Smart Proxy server to communicate using external DNS hostnames, open the required ports for communication in the AWS Security Group that is associated with the instance.

4. Installing Foreman server on AWS

On your AWS environment, complete the following steps:

  1. Connect to the new instance.

  2. Use Installing Foreman Server nightly on Debian/Ubuntu to install Foreman server.

5. Installing Smart Proxy on AWS

On your AWS environment, complete the following steps:

  1. Connect to the new instance.

  2. Install Smart Proxy server. For more information, see Installing a Smart Proxy Server nightly on Debian/Ubuntu.

6. Registering Hosts to Foreman

When you install Foreman server and Smart Proxy server, you must then register the hosts on EC2 instances to Foreman. For more information, see Registering Hosts in Managing hosts.