Managing a R&D Lab with Foreman Managing a R&D Lab with Foreman Managing a R&D Lab with Foreman Managing a R&D Lab with Foreman Managing a R&D Lab with Foreman Managing a R&D Lab with Foreman Managing a R&D Lab with Foreman Managing a R&D Lab with Foreman Managing a R&D Lab with Foreman Managing a R&D Lab with Foreman Managing a R&D Lab with Foreman Managing a R&D Lab with Foreman Managing a R&D Lab with Foreman Managing a R&D Lab with Foreman Managing a R&D Lab with Foreman Managing a R&D Lab with Foreman Managing a R&D Lab with Foreman Julien Pivotto Julien Pivotto Julien Pivotto Julien Pivotto Julien Pivotto Julien Pivotto Julien Pivotto Julien Pivotto Julien Pivotto Julien Pivotto Julien Pivotto Julien Pivotto Julien Pivotto Julien Pivotto Julien Pivotto Julien Pivotto Julien Pivotto Foreman 7th Birthday Party Inuits, Antwerp July 13th, 2016
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Managing a R&D Lab with ForemanManaging a R&D Lab with ForemanManaging a R&D Lab with ForemanManaging a R&D Lab with ForemanManaging a R&D Lab with ForemanManaging a R&D Lab with ForemanManaging a R&D Lab with ForemanManaging a R&D Lab with ForemanManaging a R&D Lab with ForemanManaging a R&D Lab with ForemanManaging a R&D Lab with ForemanManaging a R&D Lab with ForemanManaging a R&D Lab with ForemanManaging a R&D Lab with ForemanManaging a R&D Lab with ForemanManaging a R&D Lab with ForemanManaging a R&D Lab with Foreman
• Sysadmin at inuits.euSysadmin at inuits.euSysadmin at inuits.euSysadmin at inuits.euSysadmin at inuits.euSysadmin at inuits.euSysadmin at inuits.euSysadmin at inuits.euSysadmin at inuits.euSysadmin at inuits.euSysadmin at inuits.euSysadmin at inuits.euSysadmin at inuits.euSysadmin at inuits.euSysadmin at inuits.euSysadmin at inuits.euSysadmin at inuits.eu
• FLOSS user since 2004FLOSS user since 2004FLOSS user since 2004FLOSS user since 2004FLOSS user since 2004FLOSS user since 2004FLOSS user since 2004FLOSS user since 2004FLOSS user since 2004FLOSS user since 2004FLOSS user since 2004FLOSS user since 2004FLOSS user since 2004FLOSS user since 2004FLOSS user since 2004FLOSS user since 2004FLOSS user since 2004• Foreman user since 2011Foreman user since 2011Foreman user since 2011Foreman user since 2011Foreman user since 2011Foreman user since 2011Foreman user since 2011Foreman user since 2011Foreman user since 2011Foreman user since 2011Foreman user since 2011Foreman user since 2011Foreman user since 2011Foreman user since 2011Foreman user since 2011Foreman user since 2011Foreman user since 2011• DevOps believerDevOps believerDevOps believerDevOps believerDevOps believerDevOps believerDevOps believerDevOps believerDevOps believerDevOps believerDevOps believerDevOps believerDevOps believerDevOps believerDevOps believerDevOps believerDevOps believer• @roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie on irc/twitter/githubon irc/twitter/githubon irc/twitter/githubon irc/twitter/githubon irc/twitter/githubon irc/twitter/githubon irc/twitter/githubon irc/twitter/githubon irc/twitter/githubon irc/twitter/githubon irc/twitter/githubon irc/twitter/githubon irc/twitter/githubon irc/twitter/githubon irc/twitter/githubon irc/twitter/githubon irc/twitter/github
inuits.eu
The Foreman
Provisioning Configuration MonitoringReporting
The Foreman
Provisioning
Configuration MonitoringReporting
The Foreman
Provisioning Configuration
MonitoringReporting
The Foreman
Provisioning Configuration Monitoring
Reporting
The Foreman
Provisioning Configuration MonitoringReporting
Foreman: A good choiceForeman: A good choiceForeman: A good choiceForeman: A good choiceForeman: A good choiceForeman: A good choiceForeman: A good choiceForeman: A good choiceForeman: A good choiceForeman: A good choiceForeman: A good choiceForeman: A good choiceForeman: A good choiceForeman: A good choiceForeman: A good choiceForeman: A good choiceForeman: A good choice
• OOOOOOOOOOOOOOOOOpen-Source• LLLLLLLLLLLLLLLLLarge, active community• RRRRRRRRRRRRRRRRRest API and cli tools
Behind the scenesBehind the scenesBehind the scenesBehind the scenesBehind the scenesBehind the scenesBehind the scenesBehind the scenesBehind the scenesBehind the scenesBehind the scenesBehind the scenesBehind the scenesBehind the scenesBehind the scenesBehind the scenesBehind the scenesLicensed under a Creative Commons Attribution 2.0 License
UsecasesUsecasesUsecasesUsecasesUsecasesUsecasesUsecasesUsecasesUsecasesUsecasesUsecasesUsecasesUsecasesUsecasesUsecasesUsecasesUsecasesLicensed under a Creative Commons Attribution 2.0 License
What can be hard?What can be hard?What can be hard?What can be hard?What can be hard?What can be hard?What can be hard?What can be hard?What can be hard?What can be hard?What can be hard?What can be hard?What can be hard?What can be hard?What can be hard?What can be hard?What can be hard?Licensed under a Creative Commons Attribution 2.0 License
foreman-installerforeman-installerforeman-installerforeman-installerforeman-installerforeman-installerforeman-installerforeman-installerforeman-installerforeman-installerforeman-installerforeman-installerforeman-installerforeman-installerforeman-installerforeman-installerforeman-installerLicensed under a Creative Commons Attribution 2.0 License
• FFFFFFFFFFFFFFFFForeman Installer is a package• UUUUUUUUUUUUUUUUUses Puppet behind the scene• IIIIIIIIIIIIIIIIInstalls and configure *
How to install The ForemanHow to install The ForemanHow to install The ForemanHow to install The ForemanHow to install The ForemanHow to install The ForemanHow to install The ForemanHow to install The ForemanHow to install The ForemanHow to install The ForemanHow to install The ForemanHow to install The ForemanHow to install The ForemanHow to install The ForemanHow to install The ForemanHow to install The ForemanHow to install The Foreman
• 11111111111111111. yum install foreman-installer• 22222222222222222. run foreman-installer• 33333333333333333. done
• CCCCCCCCCCCCCCCCCreates everything needed to puppetize• gggggggggggggggggit repo, puppetmaster• bbbbbbbbbbbbbbbbbut not to puppetize itself
State is not enforcedState is not enforcedState is not enforcedState is not enforcedState is not enforcedState is not enforcedState is not enforcedState is not enforcedState is not enforcedState is not enforcedState is not enforcedState is not enforcedState is not enforcedState is not enforcedState is not enforcedState is not enforcedState is not enforced
• SSSSSSSSSSSSSSSSSystem is not up to date• NNNNNNNNNNNNNNNNNo confidence that the state is still correct• SSSSSSSSSSSSSSSSSolution A: integrate within the puppet tree• SSSSSSSSSSSSSSSSSolution B: Re-run the foreman-installer
Importing the modules in your treeImporting the modules in your treeImporting the modules in your treeImporting the modules in your treeImporting the modules in your treeImporting the modules in your treeImporting the modules in your treeImporting the modules in your treeImporting the modules in your treeImporting the modules in your treeImporting the modules in your treeImporting the modules in your treeImporting the modules in your treeImporting the modules in your treeImporting the modules in your treeImporting the modules in your treeImporting the modules in your tree
• SSSSSSSSSSSSSSSSState is enforced• OOOOOOOOOOOOOOOOOnly thing to care about: updating themodules
• TTTTTTTTTTTTTTTTThey are linked to the foreman
Building and rebuildingBuilding and rebuildingBuilding and rebuildingBuilding and rebuildingBuilding and rebuildingBuilding and rebuildingBuilding and rebuildingBuilding and rebuildingBuilding and rebuildingBuilding and rebuildingBuilding and rebuildingBuilding and rebuildingBuilding and rebuildingBuilding and rebuildingBuilding and rebuildingBuilding and rebuildingBuilding and rebuildingLicensed under a Creative Commons Attribution 2.0 License
Building a hostBuilding a hostBuilding a hostBuilding a hostBuilding a hostBuilding a hostBuilding a hostBuilding a hostBuilding a hostBuilding a hostBuilding a hostBuilding a hostBuilding a hostBuilding a hostBuilding a hostBuilding a hostBuilding a host
Foreman managing DNS entriesForeman managing DNS entriesForeman managing DNS entriesForeman managing DNS entriesForeman managing DNS entriesForeman managing DNS entriesForeman managing DNS entriesForeman managing DNS entriesForeman managing DNS entriesForeman managing DNS entriesForeman managing DNS entriesForeman managing DNS entriesForeman managing DNS entriesForeman managing DNS entriesForeman managing DNS entriesForeman managing DNS entriesForeman managing DNS entries
• KKKKKKKKKKKKKKKKKeeps the data consistent• CCCCCCCCCCCCCCCCCreates only hostnames that exist• AAAAAAAAAAAAAAAAAlso does the reverse entries
• FFFFFFFFFFFFFFFFForeman uses Dynamic Zones• rrrrrrrrrrrrrrrrrndc freeze• CCCCCCCCCCCCCCCCChange the zone (incr the serial)• rrrrrrrrrrrrrrrrrndc thaw
• YYYYYYYYYYYYYYYYYou own DNS servers should forward theunknown to your org
• WWWWWWWWWWWWWWWWWe could not make it work for PTR records• NNNNNNNNNNNNNNNNNeed to set empty-zones-enable=no• PPPPPPPPPPPPPPPPPR theforeman/puppet-dns#47
DMZDMZDMZDMZDMZDMZDMZDMZDMZDMZDMZDMZDMZDMZDMZDMZDMZLicensed under a Creative Commons Attribution-ShareAlike 2.0 License
Managing hosts outside the labManaging hosts outside the labManaging hosts outside the labManaging hosts outside the labManaging hosts outside the labManaging hosts outside the labManaging hosts outside the labManaging hosts outside the labManaging hosts outside the labManaging hosts outside the labManaging hosts outside the labManaging hosts outside the labManaging hosts outside the labManaging hosts outside the labManaging hosts outside the labManaging hosts outside the labManaging hosts outside the lab
• SSSSSSSSSSSSSSSSSecurity purpose• RRRRRRRRRRRRRRRRRun Demos• HHHHHHHHHHHHHHHHHandover to other teams
• DDDDDDDDDDDDDDDDDNS Proxy, DHCP proxy, TFTP…• KKKKKKKKKKKKKKKKKickstart proxying?• DDDDDDDDDDDDDDDDDigging into the documentation• FFFFFFFFFFFFFFFFFeature is there but not really visible• IIIIIIIIIIIIIIIIImprove docs: PRtheforeman/theforeman.org#547
DocumentationDocumentationDocumentationDocumentationDocumentationDocumentationDocumentationDocumentationDocumentationDocumentationDocumentationDocumentationDocumentationDocumentationDocumentationDocumentationDocumentationLicensed under a Creative Commons Attribution-ShareAlike 2.0 License
• TTTTTTTTTTTTTTTTThe Foreman documentation is huge• HHHHHHHHHHHHHHHHHosted on theforeman.org• IIIIIIIIIIIIIIIIImprove it so the next guy doesn't lose yourtime again
• IIIIIIIIIIIIIIIIIn the 1.7 docs: websockets_encrypt: true• LLLLLLLLLLLLLLLLLet's change it to false• PPPPPPPPPPPPPPPPProblem: true/false vs on/off• EEEEEEEEEEEEEEEEExtra work: Updated the docs
• RRRRRRRRRRRRRRRRRelease notes are part of Documentation• WWWWWWWWWWWWWWWWWhen you change behaviour, think aboutothers
• LLLLLLLLLLLLLLLLLower update cost
ScalabilityScalabilityScalabilityScalabilityScalabilityScalabilityScalabilityScalabilityScalabilityScalabilityScalabilityScalabilityScalabilityScalabilityScalabilityScalabilityScalabilityLicensed under a Creative Commons Attribution-ShareAlike 2.0 License
• EEEEEEEEEEEEEEEEEnable organizations/locations• UUUUUUUUUUUUUUUUUse one foreman for separated entities• UUUUUUUUUUUUUUUUUse one foreman for separated countries• UUUUUUUUUUUUUUUUUse foreman proxies where needed
• LLLLLLLLLLLLLLLLLibvirt servers are not a group• TTTTTTTTTTTTTTTTThey are separated Compute Resources• AAAAAAAAAAAAAAAAA lot of work (UI and API)
Is it libvirt specific?Is it libvirt specific?Is it libvirt specific?Is it libvirt specific?Is it libvirt specific?Is it libvirt specific?Is it libvirt specific?Is it libvirt specific?Is it libvirt specific?Is it libvirt specific?Is it libvirt specific?Is it libvirt specific?Is it libvirt specific?Is it libvirt specific?Is it libvirt specific?Is it libvirt specific?Is it libvirt specific?
• YYYYYYYYYYYYYYYYYes: other providers are `centralized'• eeeeeeeeeeeeeeeeec2, gce, openstack…
• FFFFFFFFFFFFFFFFForeman requires on Fog• FFFFFFFFFFFFFFFFFog is a gem for the `clouds'• FFFFFFFFFFFFFFFFFog for vmware is not as advances as we'dlike
Empowering the DevelopersEmpowering the DevelopersEmpowering the DevelopersEmpowering the DevelopersEmpowering the DevelopersEmpowering the DevelopersEmpowering the DevelopersEmpowering the DevelopersEmpowering the DevelopersEmpowering the DevelopersEmpowering the DevelopersEmpowering the DevelopersEmpowering the DevelopersEmpowering the DevelopersEmpowering the DevelopersEmpowering the DevelopersEmpowering the DevelopersLicensed under a Creative Commons Attribution 2.0 License
Distributing the powerDistributing the powerDistributing the powerDistributing the powerDistributing the powerDistributing the powerDistributing the powerDistributing the powerDistributing the powerDistributing the powerDistributing the powerDistributing the powerDistributing the powerDistributing the powerDistributing the powerDistributing the powerDistributing the power
• RRRRRRRRRRRRRRRRRebuilding a host is simple• OOOOOOOOOOOOOOOOOne clic operation• FFFFFFFFFFFFFFFFForeman as a VM shop
The C of CAMSThe C of CAMSThe C of CAMSThe C of CAMSThe C of CAMSThe C of CAMSThe C of CAMSThe C of CAMSThe C of CAMSThe C of CAMSThe C of CAMSThe C of CAMSThe C of CAMSThe C of CAMSThe C of CAMSThe C of CAMSThe C of CAMS
• DDDDDDDDDDDDDDDDDevOps is a Cultural change• EEEEEEEEEEEEEEEEEveryone is in the team• OOOOOOOOOOOOOOOOOps and Devs work together• SSSSSSSSSSSSSSSSShare the responsibilities
Foreman in the pictureForeman in the pictureForeman in the pictureForeman in the pictureForeman in the pictureForeman in the pictureForeman in the pictureForeman in the pictureForeman in the pictureForeman in the pictureForeman in the pictureForeman in the pictureForeman in the pictureForeman in the pictureForeman in the pictureForeman in the pictureForeman in the picture
• FFFFFFFFFFFFFFFFForeman empowers the developers• WWWWWWWWWWWWWWWWWhile still providing enough security• OOOOOOOOOOOOOOOOOrganisations in Foreman
• OOOOOOOOOOOOOOOOOne-clic rebuild (at will)• AAAAAAAAAAAAAAAAAccess to build reports• IIIIIIIIIIIIIIIIIn-browser access to VNC• FFFFFFFFFFFFFFFFFresh vm in minutes
• KKKKKKKKKKKKKKKKKeep everything under control• AAAAAAAAAAAAAAAAAudit logs, reports• IIIIIIIIIIIIIIIIInventory• BBBBBBBBBBBBBBBBBring regular updates to VM's/developers
UpdatesUpdatesUpdatesUpdatesUpdatesUpdatesUpdatesUpdatesUpdatesUpdatesUpdatesUpdatesUpdatesUpdatesUpdatesUpdatesUpdatesLicensed under a Creative Commons Attribution 2.0 License
• AAAAAAAAAAAAAAAAAs any software:• TTTTTTTTTTTTTTTTTake a backup first• TTTTTTTTTTTTTTTTTry on your dev environment• FFFFFFFFFFFFFFFFFirst upgrade the main UI• TTTTTTTTTTTTTTTTThen update the proxies (#12506)
• 11111111111111111.5->1.6: DHCP config file not readable byforeman proxy
I WWWWWWWWWWWWWWWWWe did a DHCP upgrade at the same timeI FFFFFFFFFFFFFFFFFile ownership was changedI rrrrrrrrrrrrrrrrre-run the foreman installer fixed it
• 11111111111111111.5->1.6: Puppet reports not coming into theforeman
I FFFFFFFFFFFFFFFFForeman report preprocessor has changedI NNNNNNNNNNNNNNNNNeed to update foreman.rb + configI nnnnnnnnnnnnnnnnnode.rb also needed an update
• 11111111111111111.7->1.8: Big stack trace on opening the UII yyyyyyyyyyyyyyyyyum erase ruby193-rubygem-foreman_openstack_clusterruby193-rubygem-foreman_openstack_cluster-doc
• 11111111111111111.11: DHCP bugsI TTTTTTTTTTTTTTTTTwo DHCP bugsI 11111111111111111. Do not create DHCP reservation is host is staticI 22222222222222222. Ruby 1.8 issues (EL6 support to be removed in 1.13)I hhhhhhhhhhhhhhhhhttps://theforeman.org/2016/06/foreman-1.11-dhcp-bugs.html
Community and Open-SourceCommunity and Open-SourceCommunity and Open-SourceCommunity and Open-SourceCommunity and Open-SourceCommunity and Open-SourceCommunity and Open-SourceCommunity and Open-SourceCommunity and Open-SourceCommunity and Open-SourceCommunity and Open-SourceCommunity and Open-SourceCommunity and Open-SourceCommunity and Open-SourceCommunity and Open-SourceCommunity and Open-SourceCommunity and Open-SourceLicensed under a Creative Commons Attribution-2.0 License
Foreman is Open-SourceForeman is Open-SourceForeman is Open-SourceForeman is Open-SourceForeman is Open-SourceForeman is Open-SourceForeman is Open-SourceForeman is Open-SourceForeman is Open-SourceForeman is Open-SourceForeman is Open-SourceForeman is Open-SourceForeman is Open-SourceForeman is Open-SourceForeman is Open-SourceForeman is Open-SourceForeman is Open-Source
• GGGGGGGGGGGGGGGGGPLv3+• WWWWWWWWWWWWWWWWWe've got around 20 patches integrated• TTTTTTTTTTTTTTTTThey rely mostly on open-source tools• CCCCCCCCCCCCCCCCCI, testing, bugtracker
Story: Foreman Global StatusStory: Foreman Global StatusStory: Foreman Global StatusStory: Foreman Global StatusStory: Foreman Global StatusStory: Foreman Global StatusStory: Foreman Global StatusStory: Foreman Global StatusStory: Foreman Global StatusStory: Foreman Global StatusStory: Foreman Global StatusStory: Foreman Global StatusStory: Foreman Global StatusStory: Foreman Global StatusStory: Foreman Global StatusStory: Foreman Global StatusStory: Foreman Global Status
• PPPPPPPPPPPPPPPPPut in build mode, go back home• RRRRRRRRRRRRRRRRRestart on the next day• LLLLLLLLLLLLLLLLLooping reboots
Foreman global statusForeman global statusForeman global statusForeman global statusForeman global statusForeman global statusForeman global statusForeman global statusForeman global statusForeman global statusForeman global statusForeman global statusForeman global statusForeman global statusForeman global statusForeman global statusForeman global status
• FFFFFFFFFFFFFFFFForeman keeps several status for hosts• PPPPPPPPPPPPPPPPPlugins can register a status• BBBBBBBBBBBBBBBBBut reporting and provisioning also• LLLLLLLLLLLLLLLLLet's use that for expired tokens (bug#5883)
• WWWWWWWWWWWWWWWWWrite a patch, keep it• WWWWWWWWWWWWWWWWWrite a plugin• WWWWWWWWWWWWWWWWWrite and upstream a patch
Advantages of upstreamingAdvantages of upstreamingAdvantages of upstreamingAdvantages of upstreamingAdvantages of upstreamingAdvantages of upstreamingAdvantages of upstreamingAdvantages of upstreamingAdvantages of upstreamingAdvantages of upstreamingAdvantages of upstreamingAdvantages of upstreamingAdvantages of upstreamingAdvantages of upstreamingAdvantages of upstreamingAdvantages of upstreamingAdvantages of upstreaming
• FFFFFFFFFFFFFFFFFeature will be available in next releases• WWWWWWWWWWWWWWWWWe won't patch in the future• CCCCCCCCCCCCCCCCCalls in the patch will evolve as well• PPPPPPPPPPPPPPPPPeer review with the Foreman team• FFFFFFFFFFFFFFFFForced to write tests, doc, etc…
• PPPPPPPPPPPPPPPPPatch is accepted for 2 weeks• AAAAAAAAAAAAAAAAA new bug is opened: performance problem(bug#14050)
• SSSSSSSSSSSSSSSSSomeone else fixed the bug• WWWWWWWWWWWWWWWWWe applied the second patch
ConclusionConclusionConclusionConclusionConclusionConclusionConclusionConclusionConclusionConclusionConclusionConclusionConclusionConclusionConclusionConclusionConclusionLicensed under a Creative Commons Attribution 2.0 License
Where can the Foreman improveWhere can the Foreman improveWhere can the Foreman improveWhere can the Foreman improveWhere can the Foreman improveWhere can the Foreman improveWhere can the Foreman improveWhere can the Foreman improveWhere can the Foreman improveWhere can the Foreman improveWhere can the Foreman improveWhere can the Foreman improveWhere can the Foreman improveWhere can the Foreman improveWhere can the Foreman improveWhere can the Foreman improveWhere can the Foreman improve
• PPPPPPPPPPPPPPPPPerformance• SSSSSSSSSSSSSSSSSome features are missing from API• DDDDDDDDDDDDDDDDDecoupling from Puppet• ……………………………………………
Where did the Foreman improveWhere did the Foreman improveWhere did the Foreman improveWhere did the Foreman improveWhere did the Foreman improveWhere did the Foreman improveWhere did the Foreman improveWhere did the Foreman improveWhere did the Foreman improveWhere did the Foreman improveWhere did the Foreman improveWhere did the Foreman improveWhere did the Foreman improveWhere did the Foreman improveWhere did the Foreman improveWhere did the Foreman improveWhere did the Foreman improve