Lifecycle Management with Foreman

;

Julien PivottoJulien Pivotto

CentOS Dojo, BrusselsCentOS Dojo, BrusselsJanuary 31, 2014January 31, 2014

;

whoamiwhoami• sysadmin @ inuitssysadmin @ inuits• open-source defender for 7+ yearsopen-source defender for 7+ years• devops believerdevops believer• @roidelapluie on twitter/github@roidelapluie on twitter/github

Julien Pivotto Foreman

;

IntroductionIntroduction


;

Lifecycle managementLifecycle management• ProvisioningProvisioning• AutomationAutomation• ReportingReporting


;

We had tools!?We had tools!?• Provisioning using CobblerProvisioning using Cobbler• Automation using Puppet/Chef/. . .Automation using Puppet/Chef/. . .• Puppet reporting with Puppet DashboardPuppet reporting with Puppet Dashboard


;

Then came virtualisationThen came virtualisation• Cobbler was not enoughCobbler was not enough• Using virt-install to automate VM creationUsing virt-install to automate VM creation• One shot command line, decentralizedOne shot command line, decentralized• Cobbler does not clusterCobbler does not cluster


;

Then came cloudThen came cloud• Where is my machine?Where is my machine?• Bare-Metal? Bare-what?Bare-Metal? Bare-what?• Dynamic environmentsDynamic environments• Change quickly and oftenChange quickly and often


;

CobblerCobbler• Not intuitive or reactiveNot intuitive or reactive• Support for XenSupport for Xen• TFTP on the local machineTFTP on the local machine• Direct control of DHCP configurationDirect control of DHCP configuration• Basic yumrepo supportBasic yumrepo support


;

Puppet-dashboardPuppet-dashboard• Puppet web frontendPuppet web frontend• It was the referenceIt was the reference• Until the arrival of ForemanUntil the arrival of Foreman• Puppetlabs abandoned it for PuppetDBPuppetlabs abandoned it for PuppetDB


;

ProvisioningProvisioning• Bare metal and virtualBare metal and virtual• Multiple backendsMultiple backends• Decentralized (control remote TFTP, DNS, DHCP)Decentralized (control remote TFTP, DNS, DHCP)


;

AutomationAutomation• (puppet) ENC(puppet) ENC• Trigger puppet runsTrigger puppet runs• Advanced use: parameters,. . .Advanced use: parameters,. . .• History of changesHistory of changes• ENC is optionalENC is optional


;

ReportingReporting• Visualise changesVisualise changes• See the full logsSee the full logs• View the factsView the facts


;

ForemanForeman


;

Foreman 101Foreman 101• Foreman was used for one thingForeman was used for one thing• Viewing puppet reportsViewing puppet reports• Having cool statistics gathering, factsHaving cool statistics gathering, facts


;

;

MeanwhileMeanwhile• More and more featuresMore and more features• More than a fact/reports viewerMore than a fact/reports viewer• Interacts deeply with puppetInteracts deeply with puppet


;

Foreman 201Foreman 201• Puppet reports viewerPuppet reports viewer• Machine provisioningMachine provisioning• Puppet ENCPuppet ENC• Extendable with pluginsExtendable with plugins


;

ArchitectureArchitecture


;

Smart ProxiesSmart Proxies• Provides Restful APIProvides Restful API• Connect to Bind, DHCP, TFTP, . . .Connect to Bind, DHCP, TFTP, . . .• Also puppet-ca, mcollective, . . .Also puppet-ca, mcollective, . . .• Allow foreman to talk with servicesAllow foreman to talk with services


;

From the Foreman documentationFrom the Foreman documentation

;

Foreman installerForeman installer• kafokafo• a rubygema rubygem• Command line installerCommand line installer• Using puppet modulesUsing puppet modules• Generic ProjectGeneric Project


;

Foreman installerForeman installer• a lot of optionsa lot of options• interactive installation: -iinteractive installation: -i• enables/disables stuffenables/disables stuff• sets up git repositoriessets up git repositories• creates a puppet tree skeletoncreates a puppet tree skeleton


;

ProvisioningProvisioning


;

ProvisioningProvisioning• Install any distributionInstall any distribution• Configure almost everythingConfigure almost everything• Generate snippets, kickstarts,. . .Generate snippets, kickstarts,. . .• ERB ScriptingERB Scripting


;

;

ProvidersProviders• LibvirtLibvirt• EC2EC2• OpenStackOpenStack• Google Compute EngineGoogle Compute Engine• oVirtoVirt• VMWareVMWare


;

;

OSOS• CentOS/RHELCentOS/RHEL• FedoraFedora• Ubuntu/DebianUbuntu/Debian• SuseSuse• SolarisSolaris


;

;

Features of providersFeatures of providers• Depending on the providerDepending on the provider• Unattended installationUnattended installation• Image-based installImage-based install• Power managementPower management• Console (noVNC)Console (noVNC)


;

;

AutomationAutomation


;

Puppet ENCPuppet ENC• Support classesSupport classes• Parametrized classesParametrized classes• Smart variablesSmart variables


;

;

ConfigurationConfiguration• EnvironmentsEnvironments• Host groupsHost groups• Classes + paramsClasses + params• Global parametersGlobal parameters


;

;

;

CertificatesCertificates• Puppet-ca proxyPuppet-ca proxy• Takes care of signing certificatesTakes care of signing certificates• Trigger first puppet runTrigger first puppet run• Run first puppet run in noop mode (before reboot).Run first puppet run in noop mode (before reboot).


;

ReportingReporting


;

Puppet reportsPuppet reports• Very detailedVery detailed• HistoryHistory• Time per ressourceTime per ressource• Overview of the last reportsOverview of the last reports


;

;

Host groupsHost groups• Default provisioning parametersDefault provisioning parameters• Puppet classesPuppet classes• Network configurationNetwork configuration


;

IntegrationIntegration


;

QueriesQueries• Advanced queriesAdvanced queries• Query by facts, by last report timeQuery by facts, by last report time• Create custom shorcut in the uiCreate custom shorcut in the ui


;

RESTful APIRESTful API• Complete and well documentedComplete and well documented• Everything is possibleEverything is possible• Integrate foreman with anythingIntegrate foreman with anything


;

HammerHammer• Command line to foremanCommand line to foreman• ScriptingScripting• AutomationAutomation• Without browser (e.g no http(s) access)Without browser (e.g no http(s) access)


;

;

ScaleScale


;

Large infrastructureLarge infrastructure• Fine-grained roles (ACL)Fine-grained roles (ACL)• LDAP authenticationLDAP authentication• Organisation/location supportOrganisation/location support


;

Scaling upScaling up• Multiple Puppet MastersMultiple Puppet Masters• Multiple Smart ProxiesMultiple Smart Proxies• Foreman talks with the CAForeman talks with the CA• Multiple compute resourcesMultiple compute resources


;

Use casesUse cases


;

Puppet logs readerPuppet logs reader• Why are my puppet runs taking so long?Why are my puppet runs taking so long?• When does that node report the last timeWhen does that node report the last time• Quickly view facter factsQuickly view facter facts• Just ignoring the provision part of foremanJust ignoring the provision part of foreman


;

Giving accessGiving access• Allow developers to create VM’sAllow developers to create VM’s• Easy, secure, less risksEasy, secure, less risks• NoVNC access in browserNoVNC access in browser• Usage of ACLUsage of ACL


;

Phoenix testsPhoenix tests• Really easy to rebuild a VMReally easy to rebuild a VM• Re-provisioningRe-provisioning• Puppet certs managed across foremanPuppet certs managed across foreman• Integrate with Jenkins (REST)Integrate with Jenkins (REST)


;

ConclusionConclusion


;

ConclusionConclusion• From small labs to larger environmentsFrom small labs to larger environments• Interactions with RESTful APIInteractions with RESTful API• Complete puppet managementComplete puppet management• Bare Metal and virtual machinesBare Metal and virtual machines


;

Foreman meetings in the next daysForeman meetings in the next days• Configuration management devroom at FOSDEMConfiguration management devroom at FOSDEM• Config Management Camp in Ghent (no tickets left)Config Management Camp in Ghent (no tickets left)


;

Thank youThank youAny question?Any question?


;

ContactContactJulien PivottoJulien [email protected]@inuits.eu@roidelapluie@roidelapluie

INUITS bvbaINUITS bvbaBelgiumBelgium+32 473 441 636+32 473 441 636https://inuits.euhttps://inuits.eu


Technology

Lifecycle Management with Foreman