Skip to content

Update Satellite server topology diagram #3905

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 3 commits into
base: master
Choose a base branch
from
Draft

Update Satellite server topology diagram #3905

wants to merge 3 commits into from

Conversation

aneta-petrova
Copy link
Member

What changes are you introducing?

  • Drop port 8443
  • Foreman talks to the Foreman Proxy on the server
  • Include PostgreSQL and Redis
  • Move Pulp out of the "Internal Capsule" box and put it alongside Foreman and Candlepin
  • Drop the term "Isolated Capsule" in favor of "Capsule"
  • Drop the term "Isolated Host" in favor of "Host"
  • Add Registration to Foreman Proxy
  • Drop port 8443

Why are you introducing these changes? (Explanation, links to references, issues, etc.)

https://issues.redhat.com/browse/SAT-21492

Anything else to add? (Considerations, potential downsides, alternative solutions you have explored, etc.)

Checklists

  • I am okay with my commits getting squashed when you merge this PR.
  • I am familiar with the contributing guidelines.

Please cherry-pick my commits into:

  • Foreman 3.15/Katello 4.17
  • Foreman 3.14/Katello 4.16 (Satellite 6.17)
  • Foreman 3.13/Katello 4.15 (EL9 only)
  • Foreman 3.12/Katello 4.14 (Satellite 6.16; orcharhino 7.2 on EL9 only)
  • Foreman 3.11/Katello 4.13 (orcharhino 6.11 on EL8 only; orcharhino 7.0 on EL8+EL9; orcharhino 7.1 with Leapp)
  • Foreman 3.10/Katello 4.12
  • Foreman 3.9/Katello 4.11 (Satellite 6.15; orcharhino 6.8/6.9/6.10)
  • Foreman 3.8/Katello 4.10
  • Foreman 3.7/Katello 4.9 (Satellite 6.14)
  • We do not accept PRs for Foreman older than 3.7.

@github-actions github-actions bot added Needs tech review Requires a review from the technical perspective Needs style review Requires a review from docs style/grammar perspective Needs testing Requires functional testing labels May 29, 2025
@github-actions GitHub Actions
Copy link

github-actions bot commented May 29, 2025
edited
Loading

The PR preview for d3e3766 is available at theforeman-foreman-documentation-preview-pr-3905.surge.sh

The following output files are affected by this PR:

show diff

show diff as HTML

@aneta-petrova
Copy link
Member Author

Hi @ehelms, can you please take a look at the updated diagram? I did my best to implement the suggestions from https://issues.redhat.com/browse/SAT-21492. I was unclear about these two:

Apache is integral part of the architecture and I think it's instructive to include it so folks understand how the communication routes through it for services

I don't know where exactly to add Apache. Can you help?

We should include PostgreSQL and Redis

For now, I added Redis only to Foreman. Should I add it to both Foreman Proxies too?

Note that this is a WIP version so the elements are not aligned properly etc. This is because I want to first make sure to collect feedback and acks on technical accuracy. Only then will I start finalizing the design itself.

@aneta-petrova aneta-petrova changed the title Updated Satellite server topology diagram Update Satellite server topology diagram May 29, 2025
@aneta-petrova aneta-petrova removed the Needs testing Requires functional testing label May 29, 2025
@ehelms
Copy link
Member

ehelms commented Jun 2, 2025

I don't know where exactly to add Apache. Can you help?

This sits in front of everything but the foreman-proxy. I'll send along a diagram that may help.

For now, I added Redis only to Foreman. Should I add it to both Foreman Proxies too?

Yes. Redis is used by Foreman, Dynflow and Pulp.

@aneta-petrova
Copy link
Member Author

Thanks @ehelms! I added the missing components reported in the Jira. Can you please re-review? Are all the components in the appropriate places now?

In d3e3766, I also dropped the port numbers from the diagram and replaced them with a textual link to the section on port requirements in the Installation guide. This helps us maintain this information in one place only and in text form, which is easier. Additionally, I believe it makes the diagram itself look cleaner and less intimidating at first glance. Let me know if you have any concerns about this particular change.

@ehelms
Copy link
Member

ehelms commented Jun 3, 2025

A few notes on what we should try to show:

  • I think we could drop the plugins listed inside of Foreman
  • Apache should sit on top of and across Foreman, Pulp, Candlepin
  • Postgresql and Redis should be outside of the Foreman Proxy

One thing our port/firewall documentation doesn't appear to do is talk about it in terms of the components in this diagram. That makes it hard to connect the diagram with the port table.

@aneta-petrova
Copy link
Member Author

One thing our port/firewall documentation doesn't appear to do is talk about it in terms of the components in this diagram. That makes it hard to connect the diagram with the port table.

Is this something we tell users to do or expect them to do? To open or close ports to enable or prevent communication between the individual components? I think users are only expected to open ports as described in https://docs.theforeman.org/nightly/Installing_Server/index-katello.html#Enabling_Connections_from_a_Client_to_Server_foreman, aren't they? If so, then including details on internal communications (ports between individual components) doesn't represent any actionable items for users, which would support dropping the port numbers + reducing the number of arrows. The current diagram seems more like a jungle of arrows and numbers than a clear and useful diagram :)

@aneta-petrova aneta-petrova mentioned this pull request Jun 18, 2025
Closed
9 tasks
@aneta-petrova
Copy link
Member Author

If there really is a need to have a reference of the ports for communication among the internal components, perhaps we could document it in a table too, just like https://docs.theforeman.org/nightly/Installing_Server/index-katello.html#Enabling_Connections_from_a_Client_to_Server_foreman That would make the diagram simpler and easier to process visually, with the added benefit of making the list of ports themselves easier to maintain.

@ehelms
Copy link
Member

ehelms commented Jun 20, 2025

Is this something we tell users to do or expect them to do? To open or close ports to enable or prevent communication between the individual components? I think users are only expected to open ports as described in https://docs.theforeman.org/nightly/Installing_Server/index-katello.html#Enabling_Connections_from_a_Client_to_Server_foreman, aren't they? If so, then including details on internal communications (ports between individual components) doesn't represent any actionable items for users, which would support dropping the port numbers + reducing the number of arrows. The current diagram seems more like a jungle of arrows and numbers than a clear and useful diagram :)

Users ask these kind of questions as they like to understand what is talking to what. And I think through docs we can capture that information and prevent users raising issues or forum questions.

A table works.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
Needs style review Requires a review from docs style/grammar perspective Needs tech review Requires a review from the technical perspective Not yet reviewed
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@aneta-petrova @ehelms