foreman basics - docs.adfinis-sygroup.ch · foreman - basics lifecycle management of physical and...
Post on 03-Mar-2019
228 Views
Preview:
TRANSCRIPT
ForemanBasics
Besmart.Thinkopensource.
Foreman-BasicsLifecyclemanagementofphysicalandvirtualmachinesmadeeasy!
Agenda
IntroductiontoForeman
Architecture
Setup
Provisioning
Configuration
Monitoring
Advancedfeatures
IntroductiontoForemanWhat'sitallabout?
Facts
Projectstartedin2009
LicensedundertheGPLv3
DevelopmentpushedbyRedHat
Veryactive&helpfulcommunity
Overview
ToolforprovisioningofVMs&baremetal
Providesconfigmanagement&monitoringintegration
Rails&JavaScriptapplication
Exposesawebinterface,RESTAPI&CLI
Ecosystem
Foreman
SmartProxy(foreman-proxy)
Katello
Tonsofplugins
Strongsuite
Veryflexible
Offerstonsoffeatures
Activedevelopment&opencommunity
Modularsetup,startsmallthenexpand
Strongsuite
Canserveasasourceoftruth(CMDB)
CanbeusedasanENC
ProperACLimplementation
EnterpriseSupportavailable(RedHatSatellite6)
Weakspots
Somewhatsteeplearningcurve
Canbequitetrickytodebuganissue
APIhasroomforimprovement
Offerssometimestoomanypossiblewaystoimplementatask
ArchitectureOverviewofthedifferentcomponents
Bird's-eyeview
Foreman
Heartofthewholestack
Storesallresources&information
Railsstack,usePassenger+nginx/Apachetorunit
StoresmostdatainaDB(SQLite,MySQLorPostgreSQL)
LocalorLDAPusersforauthentication
SmartProxy
SmallautonomousHTTPapplication
ExposesaRESTAPItoprovidedifferentservices
AllowsForemantocontrolcomponentsinisolatednetworks
Alsocalledforeman-proxy
SmartProxy
DHCP
DNS
TFTP
BMC/IPMI
Puppet/Salt/Chef/Ansible
Realm/FreeIPA
SmartProxy-DHCP
TakescareofreservingtherequiredIPs
ProvidesIPauto-assignment
SupportsISCDHCP,MSDHCP&libvirt
Moreproviderscanbeinstalledordeveloped(e.g.InfoBlox)
SmartProxy-DNS
UpdateandremoveDNSrecordsautomatically
TakescareofA,AAAA&PTRrecords
SupportsBind,MSDNS&libvirt
Moreproviderscanbeinstalledordeveloped(e.g.AWS53)
SmartProxy-TFTP
ProvideimagesduringPXEboot
Automagicallydownloadskernel+initrd(installer)
PreparesMACspecificconfigdependingonthebuildstate
Fallbackto default
Terminology
Host
Installationmedia
Partitiontables
Provisioningtemplates
Terminology
Environment
Computeresources
Computeprofiles
Hands-on::Basics01DiscoverthebasicsofForeman
ForemanSetupGetForemanupandrunninginminutes
RequirementsSupporteddistributions:
RHEL7,CentOS7&ScientificLinux7
Fedora24
Debian8
Ubuntu14.04&16.04
Requirements
StandardVMissufficientforthestart
Additionalrepositoriesdependingonthedistribution
Internetaccess
Firewallports
Installationpaths
foreman-installer(recommendedbytheproject)
Installfrompackage
Installfromsource
Alternatives(Ansibleplaybook,etc.)
foreman-installerMakesuseofdifferentPuppetmodulestodeployacompleteForemanstack:
Foreman
Smartproxy
Passenger
TFTP,DNS&DHCP
foreman-installer
CustomizablewithCLIparameters
Answersfile
Scenarios
ProvisioningMakingdeploymentsaseasyaspie
Introduction
Provisioningincludesallthetasksrequiredtosetupanewmachine
Savingtimeisn'tthemaingoal
Enforceconsistencyacrossalldeploymentsiskey
Workflow
1. Boottheinstaller
2. Starttheinstallation
3. GetfurtherinstructionsfromForeman
Boottheinstaller
PXEBoot(TFTPprovidedbyForeman)
ISOimage
iPXEimage
Starttheinstallation
Telltheinstallerwherefurtherinstructionsarelocated
RedHatKickstart
ks=http://foreman.example.com/unattended/provision
DebianPreseed
url=http://foreman.example.com/unattended/provision
Definedaskernelparameterswhenloadingtheinstaller
Installerinstructions
Foremanprovidestemplatingfunctionality
ERBtemplatesarerenderedperhostContainvariables,loops,snippets,etc.
See provisioningtemplates & partitiontables
Templates
Foremanprovidescommunitytemplates
Vanillatemplatesarelockedbydefault
Canbedeletedbutsomearemandatory(e.g. PXELinuxglobaldefault )
Templates
Partitiontablesareusedtodefinethefilesystemlayout
Differentprovisioningtemplatetypesareavailable:
Provisioning
Finish
etc.
RequirementsForacompleteprovisioningworkflowweneedsomeresources:
Architecture
Installationmedia(mirror)
OS
Templates
Example
x86_64
http://mirror.centos.org/centos/$version/os/$arch
CentOS7
DefaultFSLayout,Kickstart&Finishscript
Hands-on::Basics02AutomatingOSdeploymentsishardyou'vesaid?
ConfigurationBringorderintoyourorganization
StructureForemanprovidesdifferentresourcestoorganizehosts:
Hostgroup
Domains
Environments
Organizations&Locations
StructureParameterinheritancelookslikethis:
Environment->Domains->Hostgroup->Host
ConfigManagement„Definehowasystemshouldlooklikeinanabstractway.“
Integration
ForemanprovidesENCfunctionality
SupportsmainlyPuppetbutextendablewithplugins
Ansible
Ansiblepluginisstillthenewfaceintown
AnsibleprovidesdynamicForemaninventoryscript
Rolescanbeassignedtohostsandhostgroups
PlayrolesthroughtheGUI
ImportanddeleterolesthroughtheGUI
Hands-on::Basics03LookingintotheAnsibleintegration
MonitoringCollectandaggregateeverything
Facts
Foremansavesfactsforeachhost
CollectfactsregularlyandstoretheminForeman
LeveragethemagaininyourConfigManagementTool
Reports
Collectandtrackconfigchanges
MainlysupportedforPuppet/Salt
Moredata
Auditlogkeepstrackofallchanges,veryhandy
Trendsgiveanoverviewofyourinfrastructure
AdvancedfeaturesAddingevenmorefancystuff
Plugins
Cloudproviders(Azure,Digitalocean,etc.)
Docker
VMWare&libvirt
Katello
OpenSCAP
ForemanAutomation
ForemanprovidesRESTAPI
Canbeeasilyusedtoautomateadditionaltasks
HammerisaCLItool
SomewhatlimitedbecauseinternalIDshavetobelookedupfirst
Othertools(foreman-yml,etc.)
FieldreportWhathaveyoulearned?
Architecture
Setup
Provisioning
Configuration
Monitoring
Advancedfeatures
Quovadis?
ForemanAutomation
Externalservices(passwordstores,CMDB,etc.)
DevelopmentWorkflow(CI&CT)
FeedbackThegood,thebadandtheugly
Thankyou!Besmart.Thinkopensource.
FeelFreetoContactUswww.adfinis-sygroup.ch
TechBlog
GitHub
info@adfinis-sygroup.ch
Attribution/License
TheForemanlogobyTheForemanprojectLicenseCCBY-SA3.0https://github.com/theforeman/foreman-graphics
ForemanArchitecturebyTheForemanprojectLicenseCCBY-SA3.0https://theforeman.org/static/images/foreman_architecture.png
ForemanProvisioningbyTheForemanprojectLicenseCCBY-SA3.0https://theforeman.org/static/images/provisioning.png
Attribution/License
ForemanConfigurationbyTheForemanprojectLicenseCCBY-SA3.0https://theforeman.org/static/images/configuration.png
ForemanMonitoringbyTheForemanprojectLicenseCCBY-SA3.0https://theforeman.org/static/images/monitoring.png
XKCD-TheGeneralProblembyxkcdhttps://xkcd.com/974/LicenseCC-BY-NChttps://xkcd.com/license.html
top related