Foreman Basics - docs.adfinis-sygroup.ch · Foreman - Basics Lifecycle management of physical and virtual machines made easy!

ForemanBasics

Besmart.Thinkopensource.

Foreman-BasicsLifecyclemanagementofphysicalandvirtualmachinesmadeeasy!

Agenda

IntroductiontoForeman

Architecture

Setup

Provisioning

Configuration

Monitoring

Advancedfeatures

IntroductiontoForemanWhat'sitallabout?

Facts

Projectstartedin2009

LicensedundertheGPLv3

DevelopmentpushedbyRedHat

Veryactive&helpfulcommunity

Overview

ToolforprovisioningofVMs&baremetal

Providesconfigmanagement&monitoringintegration

Rails&JavaScriptapplication

Exposesawebinterface,RESTAPI&CLI

Ecosystem

Foreman

SmartProxy(foreman-proxy)

Katello

Tonsofplugins

Strongsuite

Veryflexible

Offerstonsoffeatures

Activedevelopment&opencommunity

Modularsetup,startsmallthenexpand

Strongsuite

Canserveasasourceoftruth(CMDB)

CanbeusedasanENC

ProperACLimplementation

EnterpriseSupportavailable(RedHatSatellite6)

Weakspots

Somewhatsteeplearningcurve

Canbequitetrickytodebuganissue

APIhasroomforimprovement

Offerssometimestoomanypossiblewaystoimplementatask

ArchitectureOverviewofthedifferentcomponents

Bird's-eyeview

Foreman

Heartofthewholestack

Storesallresources&information

Railsstack,usePassenger+nginx/Apachetorunit

StoresmostdatainaDB(SQLite,MySQLorPostgreSQL)

LocalorLDAPusersforauthentication

SmartProxy

SmallautonomousHTTPapplication

ExposesaRESTAPItoprovidedifferentservices

AllowsForemantocontrolcomponentsinisolatednetworks

Alsocalledforeman-proxy

SmartProxy

DHCP

DNS

TFTP

BMC/IPMI

Puppet/Salt/Chef/Ansible

Realm/FreeIPA

SmartProxy-DHCP

TakescareofreservingtherequiredIPs

ProvidesIPauto-assignment

SupportsISCDHCP,MSDHCP&libvirt

Moreproviderscanbeinstalledordeveloped(e.g.InfoBlox)

SmartProxy-DNS

UpdateandremoveDNSrecordsautomatically

TakescareofA,AAAA&PTRrecords

SupportsBind,MSDNS&libvirt

Moreproviderscanbeinstalledordeveloped(e.g.AWS53)

SmartProxy-TFTP

ProvideimagesduringPXEboot

Automagicallydownloadskernel+initrd(installer)

PreparesMACspecificconfigdependingonthebuildstate

Fallbackto default

Terminology

Host

Installationmedia

Partitiontables

Provisioningtemplates

Terminology

Environment

Computeresources

Computeprofiles

Hands-on::Basics01DiscoverthebasicsofForeman

ForemanSetupGetForemanupandrunninginminutes

RequirementsSupporteddistributions:

RHEL7,CentOS7&ScientificLinux7

Fedora24

Debian8

Ubuntu14.04&16.04

Requirements

StandardVMissufficientforthestart

Additionalrepositoriesdependingonthedistribution

Internetaccess

Firewallports

Installationpaths

foreman-installer(recommendedbytheproject)

Installfrompackage

Installfromsource

Alternatives(Ansibleplaybook,etc.)

foreman-installerMakesuseofdifferentPuppetmodulestodeployacompleteForemanstack:

Foreman

Smartproxy

Passenger

TFTP,DNS&DHCP

foreman-installer

CustomizablewithCLIparameters

Answersfile

Scenarios

ProvisioningMakingdeploymentsaseasyaspie

Introduction

Provisioningincludesallthetasksrequiredtosetupanewmachine

Savingtimeisn'tthemaingoal

Enforceconsistencyacrossalldeploymentsiskey

Workflow

1. Boottheinstaller

2. Starttheinstallation

3. GetfurtherinstructionsfromForeman

Boottheinstaller

PXEBoot(TFTPprovidedbyForeman)

ISOimage

iPXEimage

Starttheinstallation

Telltheinstallerwherefurtherinstructionsarelocated

RedHatKickstart

ks=http://foreman.example.com/unattended/provision

DebianPreseed

url=http://foreman.example.com/unattended/provision

Definedaskernelparameterswhenloadingtheinstaller

Installerinstructions

Foremanprovidestemplatingfunctionality

ERBtemplatesarerenderedperhostContainvariables,loops,snippets,etc.

See provisioningtemplates & partitiontables

Templates

Foremanprovidescommunitytemplates

Vanillatemplatesarelockedbydefault

Canbedeletedbutsomearemandatory(e.g. PXELinuxglobaldefault )

Templates

Partitiontablesareusedtodefinethefilesystemlayout

Differentprovisioningtemplatetypesareavailable:

Provisioning

Finish

etc.

RequirementsForacompleteprovisioningworkflowweneedsomeresources:

Architecture

Installationmedia(mirror)

OS

Templates

Example

x86_64

http://mirror.centos.org/centos/$version/os/$arch

CentOS7

DefaultFSLayout,Kickstart&Finishscript

Hands-on::Basics02AutomatingOSdeploymentsishardyou'vesaid?

ConfigurationBringorderintoyourorganization

StructureForemanprovidesdifferentresourcestoorganizehosts:

Hostgroup

Domains

Environments

Organizations&Locations

StructureParameterinheritancelookslikethis:

Environment->Domains->Hostgroup->Host

ConfigManagement„Definehowasystemshouldlooklikeinanabstractway.“

Integration

ForemanprovidesENCfunctionality

SupportsmainlyPuppetbutextendablewithplugins

Ansible

Ansiblepluginisstillthenewfaceintown

AnsibleprovidesdynamicForemaninventoryscript

Rolescanbeassignedtohostsandhostgroups

PlayrolesthroughtheGUI

ImportanddeleterolesthroughtheGUI

Hands-on::Basics03LookingintotheAnsibleintegration

MonitoringCollectandaggregateeverything

Facts

Foremansavesfactsforeachhost

CollectfactsregularlyandstoretheminForeman

LeveragethemagaininyourConfigManagementTool

Reports

Collectandtrackconfigchanges

MainlysupportedforPuppet/Salt

Moredata

Auditlogkeepstrackofallchanges,veryhandy

Trendsgiveanoverviewofyourinfrastructure

AdvancedfeaturesAddingevenmorefancystuff

Plugins

Cloudproviders(Azure,Digitalocean,etc.)

Docker

VMWare&libvirt

Katello

OpenSCAP

ForemanAutomation

ForemanprovidesRESTAPI

Canbeeasilyusedtoautomateadditionaltasks

HammerisaCLItool

SomewhatlimitedbecauseinternalIDshavetobelookedupfirst

Othertools(foreman-yml,etc.)

FieldreportWhathaveyoulearned?

Architecture

Setup

Provisioning

Configuration

Monitoring

Advancedfeatures

Quovadis?

ForemanAutomation

Externalservices(passwordstores,CMDB,etc.)

DevelopmentWorkflow(CI&CT)

FeedbackThegood,thebadandtheugly

Thankyou!Besmart.Thinkopensource.

FeelFreetoContactUswww.adfinis-sygroup.ch

TechBlog

GitHub

[email protected]

Twitter

Attribution/License

TheForemanlogobyTheForemanprojectLicenseCCBY-SA3.0https://github.com/theforeman/foreman-graphics

ForemanArchitecturebyTheForemanprojectLicenseCCBY-SA3.0https://theforeman.org/static/images/foreman_architecture.png

ForemanProvisioningbyTheForemanprojectLicenseCCBY-SA3.0https://theforeman.org/static/images/provisioning.png

Attribution/License

ForemanConfigurationbyTheForemanprojectLicenseCCBY-SA3.0https://theforeman.org/static/images/configuration.png

ForemanMonitoringbyTheForemanprojectLicenseCCBY-SA3.0https://theforeman.org/static/images/monitoring.png

XKCD-TheGeneralProblembyxkcdhttps://xkcd.com/974/LicenseCC-BY-NChttps://xkcd.com/license.html