SlideShare uma empresa Scribd logo

Deploying Foreman in Enterprise Environments

Transferir como PPTX, PDF
inovex GmbH
inovex GmbH

Nils Domrose, inovex GmbH Config Management Camp cfgmgmtcamp.eu 3 and 4 February 2014 Gent, Belgium

Tecnologia
1 de 22
Deploying Foreman in Enterprise Environments best practices and lessons learned… Nils Domrose Gent, February, 3 2014
About me ▸ senior linux systems engineer at inovex GmbH ▸ worked as a network engineer, software developer and systems engineer ▸ using foreman for about 1 year ▸ using bare-metal deployment for ages ▸ life is short – let’s focus on interesting stuff! #irc __endy__ @endyman https://plus.google.com/+NilsDomrose 2
About inovex We use technology to make our customers happy. And ourselves. ▸ http://www.inovex.de ▸ offices in [‘Pforzheim’, ‘Karlsruhe’, ‘Cologne’, ‘Munich’] ▸ we have open positions... 1 SHAPE Consulting 2 BUILD Application Development 3 RUN IT Engineering & Operations 4 TRACK Business Intelligence 5 TEACH Academy 3
Agenda ▸ ▸ ▸ ▸ ▸ the chicken & egg problem foreman components we are the borg fail! foreman HA best practices 4
The Chicken & Egg Problem ...deploying your deployment infrastructure ▸ some shell scripts to push installer and answers.yaml to new system (installer is subject to rpm/deb packaging) ▸ run a custom kafo installer ▸ setup repos ▸ configure nics (bonding) ▸ setup pacemaker & corosync ▸ setup drbd ▸ setup dhcp server ▸ setup postgreSQL ▸ setup puppetDB ▸ run foreman kafo installer
The Chicken & Egg Problem build your first kafo installer ▸ kafo? ▸ kafo! - imagine master-less puppet plus config data in yaml (like hiera) ▸ can’t tell wether it’s the chicken or the egg or both but it’s cool  ▸ stores parameters for your modules in answers.yaml ▸ simply copy your modules into the installer’s modules directory ▸ or even use puppet-librarian to manage your modules (poor man’s git-submodules) https://github.com/rodjek/librarian-puppet https://github.com/theforeman/kafo
The Chicken & Egg Problem kafo - getting started ▸ Never give up, never surrender!: depending on your kafo gem it might not (yet) be as easy as: root@foreman:~# cd /var/tmp/ root@foreman:/var/tmp# i=my-installer; mkdir $i; cd $i; kafofy $i ▸ It’s more like: i=my-installer; mkdir $i && cd $i && kafofy $i && mkdir /etc/$i && cat > /etc/$i/$i.yaml << EOF > --> :log_dir: /var/log/$i > :log_name: configuration.log > :log_level: info > :no_prefix: false > :mapping: {} > :answer_file: /etc/$i/answers.yaml > :installer_dir: $(pwd) > :modules_dir: $(pwd)/modules > :default_values_dir: /tmp > :colors: true > :kafo_modules_dir: /usr/lib/ruby/vendor_ruby/kafo/modules > EOF
The Chicken & Egg Problem get the modules ▸ delete the modules directory root@foreman:/var/tmp/my-installer# rm -Rf modules/ ▸ create a Puppetfile root@foreman:/var/tmp/my-installer# cat Puppetfile forge "http://forge.puppetlabs.com" mod 'puppetlabs/stdlib' mod 'ntp', :git => 'git://github.com/puppetlabs/puppetlabs-ntp.git' ▸ run the librarian root@foreman:/var/tmp/my-installer# librarian-puppet install --clean root@foreman:/var/tmp/my-installer# ll modules total 16 drwxr-xr-x 4 root root 4096 Jan 29 12:25 ./ drwxr-xr-x 7 root root 4096 Jan 29 12:17 ../ drwxr-xr-x 7 root root 4096 Jan 29 12:25 ntp/ drwxr-xr-x 6 root root 4096 Jan 29 12:24 stdlib/ ▸ next: package it, install it
Foreman Components foreman ▸ ▸ ▸ ▸ ▸ rails application apache mod_passenger Webinterface REST API unattended resources – rendered templates database REST API unattended resources foreman frontend apache mod_passenger Port 80 HTTP Port 443 HTTPS 9
Foreman Components smart-proxy ▸ WEBrick based REST server to manage supporting infrastructure Port 8443 HTTPS WEBrick server puppet CA puppet apache mod_passenger Port 8140 HTTPS BMC DHCP TFTP DNS ipmitool ISC dhcpd tftpd nsupdate Port 67 UDP Port 69 UDP 10
Foreman Components placement of foreman components ▸ ▸ ▸ ▸ flows at each side to local puppet and smart proxy all VLANs directly access puppet ca all VLANs directly access foreman unattended resources we need DNS only once (so let’s limit TSIG key distribution) VLAN D Site2 mgmt VLAN2 fw VLAN C Site2 Smartproxy, puppet, DHCP VLAN A Site1 mgmt VLAN1 fw Foreman Smartproxy, puppet, CA, DNS, DHCP VLAN B Site1 11
Foreman Components optimizing comms flows ▸ limit access to the smartproxy and foreman to local clients only ▸ open dedicate flow from proxy to foreman and puppet VLAN D Site2 mgmt VLAN2 fw VLAN C Site2 smartproxy, puppet, DHCP, Proxy VLAN A Site1 mgmt VLAN1 fw Foreman smartproxy, puppet, CA, DNS, DHCP VLAN B Site1 12
Foreman Components optimizing comms flows ▸ install apache mod_rewrite on remote smartproxy ▸ rewrite/proxy unattended resources ▸ rewrite/proxy puppet CA resources ... rewrite_rule => [ ‘^/unattended/(.*)$ http://foreman.mysite.com/unattended/$1 [P]’, ] rewrite_rule => [ ‘^/([^/]+/certificate.*)$ https://puppetca.mysite.com:8140/$1’, ] ... 13
Foreman Components foreman customization ▸ ▸ ▸ we must identify proxied servers foreman url must be customized templates must be adapted ▸ enable tokens (default in 1.4) ▸ create parameter in hostgroups for each segment (unattended_url in 1.4 does not seam to help here…) ▸ adapt templates 14
Resistance is futile Integrating foreman into corporate infrastructure Integrating foreman into corporate infrastructure is: ▸ not a technical issue ▸ mostly even not a security issue ▸ It’s about convincing people to do things differently ▸ It’s about responsibilities ▸ It’s about fear ▸ It’s about laziness 15
Resistance is futile The one with the wrong <enter vendor name> DHCP product The corporate DHCP does not provide a proper API and changes are distributed across the DHCP infrastructure in a slow, asynchronous manner… Deploy your own DHCP server: - You must be able to create and delete leases instantly - You only need it to bootstrap your servers. Later a static NIC configuration can be applied using your favorite cfgmgmt. No, it’s not that static – we can use ENC variables to update IP addresses. - Repeat: I won’t create my leases manually and I won’t wait for changes to be replicated until I power-on my server 16
Resistance is futile The one with the DHCP caused Zombiecalypse You are about to deploy your own DHCP but people complain that your DHCP will nuke the corporate datacenter and will cause an epic loss of revenue… Ask for dedicated VLANs and for ip-helper configs on routers and firewalls - Your DHCP is limited to your VLANs only - You only need one DHCP server - It’s not an evil plan to make the guy running the corporate DHCP redundant 17
Resistance is futile The one with static DNS You kindly ask for TSIG keys to create your A and PTR records automatically but the DNS is managed manually and there is no TSIG key although dynamic updates are enabled… Make a deal: you won’t talk about the missing TSIG keys and get your key or keytab and permissions right after the guy fixed the security issue. Ask for dedicated zones and for credentials which allow you to manage your zones using nsupdate - Alternatively ask for delegation of your zones and setup a dedicated DNS server (protected by keys) 18
FAIL! Foreman HA ▸ use pacemaker/corosync to provide basic resilience for postgreSQL and puppetDB, puppetCA ▸ If you scale out, you might setup a nice pg-pool2 cluster ▸ puppetmasters could be ran active active as well as the foreman rails application (keep memcached in mind) ▸ on pure smartproxies no pacemaker cluster is required. A simple failover using VRRP (via keepalived) should be sufficient – if you replicate the tftp and dhcp data (for puppet you’ll have to do the exercise anyhow.) HA IP(s) HA IP(s) puppetDB puppetDB Apache mod_passenger Apache mod_passenger postgreSQL postgreSQL DRBD DRBD pacemaker pacemaker corosync node1 node2 19
Best practices ▸ use separate IP addresses for each service so you can split up stuff later on ▸ If you can’t use DHCP the bootdisk plugin might be an option (currently .deb package 1.2.3 is broken for 1.4 but version plugin source is ready for 1.4) ▸ LDAP or kerberos5 (1.4) for user authentication ▸ use Locations for filtering ▸ classes are not tight to locations so you better use the same set of classes and import only once from you master puppet master  ▸ use the column plugin for better overview ▸ ENC and smart variables are nice – ever configured dhcp pool as yaml hash? Use smart variables as switches, and for simple datatypes only - do the complex stuff in service modules - ideally by using data in modules 20
Wishlist ...secret guide to world domination ▸ integrate the reverse proxy feature into smart-proxy (there is a ticket for that somewhere) ▸ implement iso image provisioning based vm installation in conjunction with the bootdisk plugin ▸ support more configuration management stacks ▸ better support for discovery, ipmi and hardware provisioning (like HW-Raid) 21
Thank You! Contact Nils Domrose Senior Systems Engineer inovex GmbH Office cologne Schanzenstr. 6-20 51063 Köln nils.domrose@inovex.de 22

Recomendados

Foreman presentation
Foreman presentationForeman presentation
Foreman presentationGlen Ogilvie
 
Simplifying Your IT Workflow with Katello and Foreman
Simplifying Your IT Workflow with Katello and ForemanSimplifying Your IT Workflow with Katello and Foreman
Simplifying Your IT Workflow with Katello and ForemanNikhil Kathole
 
Foreman in your datacenter
Foreman in your datacenterForeman in your datacenter
Foreman in your datacenterlzap
 
Linux host orchestration with Foreman, Puppet and Gitlab
Linux host orchestration with Foreman, Puppet and GitlabLinux host orchestration with Foreman, Puppet and Gitlab
Linux host orchestration with Foreman, Puppet and GitlabBen Tullis
 
Full Stack Automation with Katello & The Foreman
Full Stack Automation with Katello & The ForemanFull Stack Automation with Katello & The Foreman
Full Stack Automation with Katello & The ForemanWeston Bassler
 
Lifecycle Management with Foreman
Lifecycle Management with ForemanLifecycle Management with Foreman
Lifecycle Management with ForemanJulien Pivotto
 
Ansible Integration in Foreman
Ansible Integration in ForemanAnsible Integration in Foreman
Ansible Integration in ForemanNikhil Kathole
 
Data Onboarding Breakout Session
Data Onboarding Breakout SessionData Onboarding Breakout Session
Data Onboarding Breakout SessionSplunk
 

Recomendados

Foreman presentation
Foreman presentationForeman presentation
Foreman presentationGlen Ogilvie
 
Simplifying Your IT Workflow with Katello and Foreman
Simplifying Your IT Workflow with Katello and ForemanSimplifying Your IT Workflow with Katello and Foreman
Simplifying Your IT Workflow with Katello and ForemanNikhil Kathole
 
Foreman in your datacenter
Foreman in your datacenterForeman in your datacenter
Foreman in your datacenterlzap
 
Linux host orchestration with Foreman, Puppet and Gitlab
Linux host orchestration with Foreman, Puppet and GitlabLinux host orchestration with Foreman, Puppet and Gitlab
Linux host orchestration with Foreman, Puppet and GitlabBen Tullis
 
Full Stack Automation with Katello & The Foreman
Full Stack Automation with Katello & The ForemanFull Stack Automation with Katello & The Foreman
Full Stack Automation with Katello & The ForemanWeston Bassler
 
Lifecycle Management with Foreman
Lifecycle Management with ForemanLifecycle Management with Foreman
Lifecycle Management with ForemanJulien Pivotto
 
Ansible Integration in Foreman
Ansible Integration in ForemanAnsible Integration in Foreman
Ansible Integration in ForemanNikhil Kathole
 
Data Onboarding Breakout Session
Data Onboarding Breakout SessionData Onboarding Breakout Session
Data Onboarding Breakout SessionSplunk
 
ORACLE DBA RESUME
ORACLE DBA RESUMEORACLE DBA RESUME
ORACLE DBA RESUMEchristian fotachwi
 
EDB Postgres Replication Server
EDB Postgres Replication ServerEDB Postgres Replication Server
EDB Postgres Replication ServerEDB
 
Microservices Architectures: Become a Unicorn like Netflix, Twitter and Hailo
Microservices Architectures: Become a Unicorn like Netflix, Twitter and HailoMicroservices Architectures: Become a Unicorn like Netflix, Twitter and Hailo
Microservices Architectures: Become a Unicorn like Netflix, Twitter and Hailogjuljo
 
Grafana vs Kibana
Grafana vs KibanaGrafana vs Kibana
Grafana vs Kibanajeetendra mandal
 
Provisioning on Libvirt with Foreman
Provisioning on Libvirt with ForemanProvisioning on Libvirt with Foreman
Provisioning on Libvirt with ForemanNikhil Kathole
 
OpenTelemetry For Architects
OpenTelemetry For ArchitectsOpenTelemetry For Architects
OpenTelemetry For ArchitectsKevin Brockhoff
 
Event-Driven Messaging and Actions using Apache Flink and Apache NiFi
Event-Driven Messaging and Actions using Apache Flink and Apache NiFiEvent-Driven Messaging and Actions using Apache Flink and Apache NiFi
Event-Driven Messaging and Actions using Apache Flink and Apache NiFiDataWorks Summit
 
Notebooks @ Netflix: From analytics to engineering with Jupyter notebooks
Notebooks @ Netflix: From analytics to engineering with Jupyter notebooksNotebooks @ Netflix: From analytics to engineering with Jupyter notebooks
Notebooks @ Netflix: From analytics to engineering with Jupyter notebooksMichelle Ufford
 
Nifi workshop
Nifi workshopNifi workshop
Nifi workshopYifeng Jiang
 
Apache NiFi Crash Course Intro
Apache NiFi Crash Course IntroApache NiFi Crash Course Intro
Apache NiFi Crash Course IntroDataWorks Summit/Hadoop Summit
 
Distributed Models Over Distributed Data with MLflow, Pyspark, and Pandas
Distributed Models Over Distributed Data with MLflow, Pyspark, and PandasDistributed Models Over Distributed Data with MLflow, Pyspark, and Pandas
Distributed Models Over Distributed Data with MLflow, Pyspark, and PandasDatabricks
 
OpenShift Virtualization - VM and OS Image Lifecycle
OpenShift Virtualization - VM and OS Image LifecycleOpenShift Virtualization - VM and OS Image Lifecycle
OpenShift Virtualization - VM and OS Image LifecycleMihai Criveti
 
Introduction to CRI and OCI
Introduction to CRI and OCIIntroduction to CRI and OCI
Introduction to CRI and OCIHungWei Chiu
 
OpenStack networking (Neutron)
OpenStack networking (Neutron) OpenStack networking (Neutron)
OpenStack networking (Neutron) CREATE-NET
 
A Day in the Life of a ClickHouse Query Webinar Slides
A Day in the Life of a ClickHouse Query Webinar Slides A Day in the Life of a ClickHouse Query Webinar Slides
A Day in the Life of a ClickHouse Query Webinar Slides Altinity Ltd
 
Integrating Apache NiFi and Apache Flink
Integrating Apache NiFi and Apache FlinkIntegrating Apache NiFi and Apache Flink
Integrating Apache NiFi and Apache FlinkHortonworks
 
PNDA - Platform for Network Data Analytics
PNDA - Platform for Network Data AnalyticsPNDA - Platform for Network Data Analytics
PNDA - Platform for Network Data AnalyticsJohn Evans
 
BYOP: Custom Processor Development with Apache NiFi
BYOP: Custom Processor Development with Apache NiFiBYOP: Custom Processor Development with Apache NiFi
BYOP: Custom Processor Development with Apache NiFiDataWorks Summit
 
Apache Sentry for Hadoop security
Apache Sentry for Hadoop securityApache Sentry for Hadoop security
Apache Sentry for Hadoop securitybigdatagurus_meetup
 
The Art of VoIP Hacking - Defcon 23 Workshop
The Art of VoIP Hacking - Defcon 23 WorkshopThe Art of VoIP Hacking - Defcon 23 Workshop
The Art of VoIP Hacking - Defcon 23 WorkshopFatih Ozavci
 
OpenNebula, the foreman and CentOS play nice, too
OpenNebula, the foreman and CentOS play nice, tooOpenNebula, the foreman and CentOS play nice, too
OpenNebula, the foreman and CentOS play nice, tooinovex GmbH
 
[k8s] Kubernetes terminology (1).pdf
[k8s] Kubernetes terminology (1).pdf[k8s] Kubernetes terminology (1).pdf
[k8s] Kubernetes terminology (1).pdfFrederik Wouters
 

Mais conteúdo relacionado

Mais procurados

EDB Postgres Replication Server
EDB Postgres Replication ServerEDB Postgres Replication Server
EDB Postgres Replication ServerEDB
 
Microservices Architectures: Become a Unicorn like Netflix, Twitter and Hailo
Microservices Architectures: Become a Unicorn like Netflix, Twitter and HailoMicroservices Architectures: Become a Unicorn like Netflix, Twitter and Hailo
Microservices Architectures: Become a Unicorn like Netflix, Twitter and Hailogjuljo
 
Provisioning on Libvirt with Foreman
Provisioning on Libvirt with ForemanProvisioning on Libvirt with Foreman
Provisioning on Libvirt with ForemanNikhil Kathole
 
OpenTelemetry For Architects
OpenTelemetry For ArchitectsOpenTelemetry For Architects
OpenTelemetry For ArchitectsKevin Brockhoff
 
Event-Driven Messaging and Actions using Apache Flink and Apache NiFi
Event-Driven Messaging and Actions using Apache Flink and Apache NiFiEvent-Driven Messaging and Actions using Apache Flink and Apache NiFi
Event-Driven Messaging and Actions using Apache Flink and Apache NiFiDataWorks Summit
 
Notebooks @ Netflix: From analytics to engineering with Jupyter notebooks
Notebooks @ Netflix: From analytics to engineering with Jupyter notebooksNotebooks @ Netflix: From analytics to engineering with Jupyter notebooks
Notebooks @ Netflix: From analytics to engineering with Jupyter notebooksMichelle Ufford
 
Distributed Models Over Distributed Data with MLflow, Pyspark, and Pandas
Distributed Models Over Distributed Data with MLflow, Pyspark, and PandasDistributed Models Over Distributed Data with MLflow, Pyspark, and Pandas
Distributed Models Over Distributed Data with MLflow, Pyspark, and PandasDatabricks
 
OpenShift Virtualization - VM and OS Image Lifecycle
OpenShift Virtualization - VM and OS Image LifecycleOpenShift Virtualization - VM and OS Image Lifecycle
OpenShift Virtualization - VM and OS Image LifecycleMihai Criveti
 
Introduction to CRI and OCI
Introduction to CRI and OCIIntroduction to CRI and OCI
Introduction to CRI and OCIHungWei Chiu
 
OpenStack networking (Neutron)
OpenStack networking (Neutron) OpenStack networking (Neutron)
OpenStack networking (Neutron) CREATE-NET
 
A Day in the Life of a ClickHouse Query Webinar Slides
A Day in the Life of a ClickHouse Query Webinar Slides A Day in the Life of a ClickHouse Query Webinar Slides
A Day in the Life of a ClickHouse Query Webinar Slides Altinity Ltd
 
Integrating Apache NiFi and Apache Flink
Integrating Apache NiFi and Apache FlinkIntegrating Apache NiFi and Apache Flink
Integrating Apache NiFi and Apache FlinkHortonworks
 
PNDA - Platform for Network Data Analytics
PNDA - Platform for Network Data AnalyticsPNDA - Platform for Network Data Analytics
PNDA - Platform for Network Data AnalyticsJohn Evans
 
BYOP: Custom Processor Development with Apache NiFi
BYOP: Custom Processor Development with Apache NiFiBYOP: Custom Processor Development with Apache NiFi
BYOP: Custom Processor Development with Apache NiFiDataWorks Summit
 
Apache Sentry for Hadoop security
Apache Sentry for Hadoop securityApache Sentry for Hadoop security
Apache Sentry for Hadoop securitybigdatagurus_meetup
 
The Art of VoIP Hacking - Defcon 23 Workshop
The Art of VoIP Hacking - Defcon 23 WorkshopThe Art of VoIP Hacking - Defcon 23 Workshop
The Art of VoIP Hacking - Defcon 23 WorkshopFatih Ozavci
 

Mais procurados (20)

ORACLE DBA RESUME
ORACLE DBA RESUMEORACLE DBA RESUME
ORACLE DBA RESUME
 
EDB Postgres Replication Server
EDB Postgres Replication ServerEDB Postgres Replication Server
EDB Postgres Replication Server
 
Microservices Architectures: Become a Unicorn like Netflix, Twitter and Hailo
Microservices Architectures: Become a Unicorn like Netflix, Twitter and HailoMicroservices Architectures: Become a Unicorn like Netflix, Twitter and Hailo
Microservices Architectures: Become a Unicorn like Netflix, Twitter and Hailo
 
Grafana vs Kibana
Grafana vs KibanaGrafana vs Kibana
Grafana vs Kibana
 
Provisioning on Libvirt with Foreman
Provisioning on Libvirt with ForemanProvisioning on Libvirt with Foreman
Provisioning on Libvirt with Foreman
 
OpenTelemetry For Architects
OpenTelemetry For ArchitectsOpenTelemetry For Architects
OpenTelemetry For Architects
 
Event-Driven Messaging and Actions using Apache Flink and Apache NiFi
Event-Driven Messaging and Actions using Apache Flink and Apache NiFiEvent-Driven Messaging and Actions using Apache Flink and Apache NiFi
Event-Driven Messaging and Actions using Apache Flink and Apache NiFi
 
Notebooks @ Netflix: From analytics to engineering with Jupyter notebooks
Notebooks @ Netflix: From analytics to engineering with Jupyter notebooksNotebooks @ Netflix: From analytics to engineering with Jupyter notebooks
Notebooks @ Netflix: From analytics to engineering with Jupyter notebooks
 
Nifi workshop
Nifi workshopNifi workshop
Nifi workshop
 
Apache NiFi Crash Course Intro
Apache NiFi Crash Course IntroApache NiFi Crash Course Intro
Apache NiFi Crash Course Intro
 
Distributed Models Over Distributed Data with MLflow, Pyspark, and Pandas
Distributed Models Over Distributed Data with MLflow, Pyspark, and PandasDistributed Models Over Distributed Data with MLflow, Pyspark, and Pandas
Distributed Models Over Distributed Data with MLflow, Pyspark, and Pandas
 
OpenShift Virtualization - VM and OS Image Lifecycle
OpenShift Virtualization - VM and OS Image LifecycleOpenShift Virtualization - VM and OS Image Lifecycle
OpenShift Virtualization - VM and OS Image Lifecycle
 
Introduction to CRI and OCI
Introduction to CRI and OCIIntroduction to CRI and OCI
Introduction to CRI and OCI
 
OpenStack networking (Neutron)
OpenStack networking (Neutron) OpenStack networking (Neutron)
OpenStack networking (Neutron)
 
A Day in the Life of a ClickHouse Query Webinar Slides
A Day in the Life of a ClickHouse Query Webinar Slides A Day in the Life of a ClickHouse Query Webinar Slides
A Day in the Life of a ClickHouse Query Webinar Slides
 
Integrating Apache NiFi and Apache Flink
Integrating Apache NiFi and Apache FlinkIntegrating Apache NiFi and Apache Flink
Integrating Apache NiFi and Apache Flink
 
PNDA - Platform for Network Data Analytics
PNDA - Platform for Network Data AnalyticsPNDA - Platform for Network Data Analytics
PNDA - Platform for Network Data Analytics
 
BYOP: Custom Processor Development with Apache NiFi
BYOP: Custom Processor Development with Apache NiFiBYOP: Custom Processor Development with Apache NiFi
BYOP: Custom Processor Development with Apache NiFi
 
Apache Sentry for Hadoop security
Apache Sentry for Hadoop securityApache Sentry for Hadoop security
Apache Sentry for Hadoop security
 
The Art of VoIP Hacking - Defcon 23 Workshop
The Art of VoIP Hacking - Defcon 23 WorkshopThe Art of VoIP Hacking - Defcon 23 Workshop
The Art of VoIP Hacking - Defcon 23 Workshop
 

Semelhante a Deploying Foreman in Enterprise Environments

OpenNebula, the foreman and CentOS play nice, too
OpenNebula, the foreman and CentOS play nice, tooOpenNebula, the foreman and CentOS play nice, too
OpenNebula, the foreman and CentOS play nice, tooinovex GmbH
 
[k8s] Kubernetes terminology (1).pdf
[k8s] Kubernetes terminology (1).pdf[k8s] Kubernetes terminology (1).pdf
[k8s] Kubernetes terminology (1).pdfFrederik Wouters
 
FOSDEM'17: Disaster Recovery Management with ReaR (relax-and-recover) & DRLM ...
FOSDEM'17: Disaster Recovery Management with ReaR (relax-and-recover) & DRLM ...FOSDEM'17: Disaster Recovery Management with ReaR (relax-and-recover) & DRLM ...
FOSDEM'17: Disaster Recovery Management with ReaR (relax-and-recover) & DRLM ...Didac Oliveira
 
Bare metal Hadoop provisioning
Bare metal Hadoop provisioningBare metal Hadoop provisioning
Bare metal Hadoop provisioningGoDataDriven
 
Nrpe - Nagios Remote Plugin Executor. NRPE plugin for Nagios Core
Nrpe - Nagios Remote Plugin Executor. NRPE plugin for Nagios CoreNrpe - Nagios Remote Plugin Executor. NRPE plugin for Nagios Core
Nrpe - Nagios Remote Plugin Executor. NRPE plugin for Nagios CoreNagios
 
NRPE - Nagios Remote Plugin Executor. NRPE plugin for Nagios Core 4 and others.
NRPE - Nagios Remote Plugin Executor. NRPE plugin for Nagios Core 4 and others.NRPE - Nagios Remote Plugin Executor. NRPE plugin for Nagios Core 4 and others.
NRPE - Nagios Remote Plugin Executor. NRPE plugin for Nagios Core 4 and others.Marc Trimble
 
A Detailed Look At cassandra.yaml (Edward Capriolo, The Last Pickle) | Cassan...
A Detailed Look At cassandra.yaml (Edward Capriolo, The Last Pickle) | Cassan...A Detailed Look At cassandra.yaml (Edward Capriolo, The Last Pickle) | Cassan...
A Detailed Look At cassandra.yaml (Edward Capriolo, The Last Pickle) | Cassan...DataStax
 
Cfgmgmt Challenges aren't technical anymore
Cfgmgmt Challenges aren't technical anymoreCfgmgmt Challenges aren't technical anymore
Cfgmgmt Challenges aren't technical anymoreJulien Pivotto
 
Free radius billing server with practical vpn exmaple
Free radius billing server with practical vpn exmapleFree radius billing server with practical vpn exmaple
Free radius billing server with practical vpn exmapleChanaka Lasantha
 
Cobbler, Func and Puppet: Tools for Large Scale Environments
Cobbler, Func and Puppet: Tools for Large Scale EnvironmentsCobbler, Func and Puppet: Tools for Large Scale Environments
Cobbler, Func and Puppet: Tools for Large Scale EnvironmentsMichael Zhang
 
Install MariaDB on IBM i - Tips, troubleshooting, and more
Install MariaDB on IBM i - Tips, troubleshooting, and moreInstall MariaDB on IBM i - Tips, troubleshooting, and more
Install MariaDB on IBM i - Tips, troubleshooting, and moreRod Flohr
 
the NML project
the NML projectthe NML project
the NML projectLei Yang
 
Hands on Docker - Launch your own LEMP or LAMP stack - SunshinePHP
Hands on Docker - Launch your own LEMP or LAMP stack - SunshinePHPHands on Docker - Launch your own LEMP or LAMP stack - SunshinePHP
Hands on Docker - Launch your own LEMP or LAMP stack - SunshinePHPDana Luther
 
Building Apache Cassandra clusters for massive scale
Building Apache Cassandra clusters for massive scaleBuilding Apache Cassandra clusters for massive scale
Building Apache Cassandra clusters for massive scaleAlex Thompson
 
Containers with systemd-nspawn
Containers with systemd-nspawnContainers with systemd-nspawn
Containers with systemd-nspawnGábor Nyers
 
RAC-Installing your First Cluster and Database
RAC-Installing your First Cluster and DatabaseRAC-Installing your First Cluster and Database
RAC-Installing your First Cluster and DatabaseNikhil Kumar
 
DoS and DDoS mitigations with eBPF, XDP and DPDK
DoS and DDoS mitigations with eBPF, XDP and DPDKDoS and DDoS mitigations with eBPF, XDP and DPDK
DoS and DDoS mitigations with eBPF, XDP and DPDKMarian Marinov
 
图文详解安装Net backup 6.5备份恢复oracle 10g rac 数据库
图文详解安装Net backup 6.5备份恢复oracle 10g rac 数据库图文详解安装Net backup 6.5备份恢复oracle 10g rac 数据库
图文详解安装Net backup 6.5备份恢复oracle 10g rac 数据库maclean liu
 

Semelhante a Deploying Foreman in Enterprise Environments (20)

OpenNebula, the foreman and CentOS play nice, too
OpenNebula, the foreman and CentOS play nice, tooOpenNebula, the foreman and CentOS play nice, too
OpenNebula, the foreman and CentOS play nice, too
 
[k8s] Kubernetes terminology (1).pdf
[k8s] Kubernetes terminology (1).pdf[k8s] Kubernetes terminology (1).pdf
[k8s] Kubernetes terminology (1).pdf
 
FOSDEM'17: Disaster Recovery Management with ReaR (relax-and-recover) & DRLM ...
FOSDEM'17: Disaster Recovery Management with ReaR (relax-and-recover) & DRLM ...FOSDEM'17: Disaster Recovery Management with ReaR (relax-and-recover) & DRLM ...
FOSDEM'17: Disaster Recovery Management with ReaR (relax-and-recover) & DRLM ...
 
Bare metal Hadoop provisioning
Bare metal Hadoop provisioningBare metal Hadoop provisioning
Bare metal Hadoop provisioning
 
Nrpe - Nagios Remote Plugin Executor. NRPE plugin for Nagios Core
Nrpe - Nagios Remote Plugin Executor. NRPE plugin for Nagios CoreNrpe - Nagios Remote Plugin Executor. NRPE plugin for Nagios Core
Nrpe - Nagios Remote Plugin Executor. NRPE plugin for Nagios Core
 
NRPE - Nagios Remote Plugin Executor. NRPE plugin for Nagios Core 4 and others.
NRPE - Nagios Remote Plugin Executor. NRPE plugin for Nagios Core 4 and others.NRPE - Nagios Remote Plugin Executor. NRPE plugin for Nagios Core 4 and others.
NRPE - Nagios Remote Plugin Executor. NRPE plugin for Nagios Core 4 and others.
 
A Detailed Look At cassandra.yaml (Edward Capriolo, The Last Pickle) | Cassan...
A Detailed Look At cassandra.yaml (Edward Capriolo, The Last Pickle) | Cassan...A Detailed Look At cassandra.yaml (Edward Capriolo, The Last Pickle) | Cassan...
A Detailed Look At cassandra.yaml (Edward Capriolo, The Last Pickle) | Cassan...
 
Cfgmgmt Challenges aren't technical anymore
Cfgmgmt Challenges aren't technical anymoreCfgmgmt Challenges aren't technical anymore
Cfgmgmt Challenges aren't technical anymore
 
Free radius billing server with practical vpn exmaple
Free radius billing server with practical vpn exmapleFree radius billing server with practical vpn exmaple
Free radius billing server with practical vpn exmaple
 
Cobbler, Func and Puppet: Tools for Large Scale Environments
Cobbler, Func and Puppet: Tools for Large Scale EnvironmentsCobbler, Func and Puppet: Tools for Large Scale Environments
Cobbler, Func and Puppet: Tools for Large Scale Environments
 
Cobbler, Func and Puppet: Tools for Large Scale Environments
Cobbler, Func and Puppet: Tools for Large Scale EnvironmentsCobbler, Func and Puppet: Tools for Large Scale Environments
Cobbler, Func and Puppet: Tools for Large Scale Environments
 
Install MariaDB on IBM i - Tips, troubleshooting, and more
Install MariaDB on IBM i - Tips, troubleshooting, and moreInstall MariaDB on IBM i - Tips, troubleshooting, and more
Install MariaDB on IBM i - Tips, troubleshooting, and more
 
the NML project
the NML projectthe NML project
the NML project
 
Kdump
KdumpKdump
Kdump
 
Hands on Docker - Launch your own LEMP or LAMP stack - SunshinePHP
Hands on Docker - Launch your own LEMP or LAMP stack - SunshinePHPHands on Docker - Launch your own LEMP or LAMP stack - SunshinePHP
Hands on Docker - Launch your own LEMP or LAMP stack - SunshinePHP
 
Building Apache Cassandra clusters for massive scale
Building Apache Cassandra clusters for massive scaleBuilding Apache Cassandra clusters for massive scale
Building Apache Cassandra clusters for massive scale
 
Containers with systemd-nspawn
Containers with systemd-nspawnContainers with systemd-nspawn
Containers with systemd-nspawn
 
RAC-Installing your First Cluster and Database
RAC-Installing your First Cluster and DatabaseRAC-Installing your First Cluster and Database
RAC-Installing your First Cluster and Database
 
DoS and DDoS mitigations with eBPF, XDP and DPDK
DoS and DDoS mitigations with eBPF, XDP and DPDKDoS and DDoS mitigations with eBPF, XDP and DPDK
DoS and DDoS mitigations with eBPF, XDP and DPDK
 
图文详解安装Net backup 6.5备份恢复oracle 10g rac 数据库
图文详解安装Net backup 6.5备份恢复oracle 10g rac 数据库图文详解安装Net backup 6.5备份恢复oracle 10g rac 数据库
图文详解安装Net backup 6.5备份恢复oracle 10g rac 数据库
 

Mais de inovex GmbH

lldb – Debugger auf Abwegen
lldb – Debugger auf Abwegenlldb – Debugger auf Abwegen
lldb – Debugger auf Abwegeninovex GmbH
 
Are you sure about that?! Uncertainty Quantification in AI
Are you sure about that?! Uncertainty Quantification in AIAre you sure about that?! Uncertainty Quantification in AI
Are you sure about that?! Uncertainty Quantification in AIinovex GmbH
 
Why natural language is next step in the AI evolution
Why natural language is next step in the AI evolutionWhy natural language is next step in the AI evolution
Why natural language is next step in the AI evolutioninovex GmbH
 
Network Policies
Network PoliciesNetwork Policies
Network Policiesinovex GmbH
 
Interpretable Machine Learning
Interpretable Machine LearningInterpretable Machine Learning
Interpretable Machine Learninginovex GmbH
 
Jenkins X – CI/CD in wolkigen Umgebungen
Jenkins X – CI/CD in wolkigen UmgebungenJenkins X – CI/CD in wolkigen Umgebungen
Jenkins X – CI/CD in wolkigen Umgebungeninovex GmbH
 
AI auf Edge-Geraeten
AI auf Edge-GeraetenAI auf Edge-Geraeten
AI auf Edge-Geraeteninovex GmbH
 
Prometheus on Kubernetes
Prometheus on KubernetesPrometheus on Kubernetes
Prometheus on Kubernetesinovex GmbH
 
Deep Learning for Recommender Systems
Deep Learning for Recommender SystemsDeep Learning for Recommender Systems
Deep Learning for Recommender Systemsinovex GmbH
 
Representation Learning von Zeitreihen
Representation Learning von ZeitreihenRepresentation Learning von Zeitreihen
Representation Learning von Zeitreiheninovex GmbH
 
Talk to me – Chatbots und digitale Assistenten
Talk to me – Chatbots und digitale AssistentenTalk to me – Chatbots und digitale Assistenten
Talk to me – Chatbots und digitale Assistenteninovex GmbH
 
Künstlich intelligent?
Künstlich intelligent?Künstlich intelligent?
Künstlich intelligent?inovex GmbH
 
Das Android Open Source Project
Das Android Open Source ProjectDas Android Open Source Project
Das Android Open Source Projectinovex GmbH
 
Machine Learning Interpretability
Machine Learning InterpretabilityMachine Learning Interpretability
Machine Learning Interpretabilityinovex GmbH
 
Performance evaluation of GANs in a semisupervised OCR use case
Performance evaluation of GANs in a semisupervised OCR use casePerformance evaluation of GANs in a semisupervised OCR use case
Performance evaluation of GANs in a semisupervised OCR use caseinovex GmbH
 
People & Products – Lessons learned from the daily IT madness
People & Products – Lessons learned from the daily IT madnessPeople & Products – Lessons learned from the daily IT madness
People & Products – Lessons learned from the daily IT madnessinovex GmbH
 
Infrastructure as (real) Code – Manage your K8s resources with Pulumi
Infrastructure as (real) Code – Manage your K8s resources with PulumiInfrastructure as (real) Code – Manage your K8s resources with Pulumi
Infrastructure as (real) Code – Manage your K8s resources with Pulumiinovex GmbH
 

Mais de inovex GmbH (20)

lldb – Debugger auf Abwegen
lldb – Debugger auf Abwegenlldb – Debugger auf Abwegen
lldb – Debugger auf Abwegen
 
Are you sure about that?! Uncertainty Quantification in AI
Are you sure about that?! Uncertainty Quantification in AIAre you sure about that?! Uncertainty Quantification in AI
Are you sure about that?! Uncertainty Quantification in AI
 
Why natural language is next step in the AI evolution
Why natural language is next step in the AI evolutionWhy natural language is next step in the AI evolution
Why natural language is next step in the AI evolution
 
WWDC 2019 Recap
WWDC 2019 RecapWWDC 2019 Recap
WWDC 2019 Recap
 
Network Policies
Network PoliciesNetwork Policies
Network Policies
 
Interpretable Machine Learning
Interpretable Machine LearningInterpretable Machine Learning
Interpretable Machine Learning
 
Jenkins X – CI/CD in wolkigen Umgebungen
Jenkins X – CI/CD in wolkigen UmgebungenJenkins X – CI/CD in wolkigen Umgebungen
Jenkins X – CI/CD in wolkigen Umgebungen
 
AI auf Edge-Geraeten
AI auf Edge-GeraetenAI auf Edge-Geraeten
AI auf Edge-Geraeten
 
Prometheus on Kubernetes
Prometheus on KubernetesPrometheus on Kubernetes
Prometheus on Kubernetes
 
Deep Learning for Recommender Systems
Deep Learning for Recommender SystemsDeep Learning for Recommender Systems
Deep Learning for Recommender Systems
 
Azure IoT Edge
Azure IoT EdgeAzure IoT Edge
Azure IoT Edge
 
Representation Learning von Zeitreihen
Representation Learning von ZeitreihenRepresentation Learning von Zeitreihen
Representation Learning von Zeitreihen
 
Talk to me – Chatbots und digitale Assistenten
Talk to me – Chatbots und digitale AssistentenTalk to me – Chatbots und digitale Assistenten
Talk to me – Chatbots und digitale Assistenten
 
Künstlich intelligent?
Künstlich intelligent?Künstlich intelligent?
Künstlich intelligent?
 
Dev + Ops = Go
Dev + Ops = GoDev + Ops = Go
Dev + Ops = Go
 
Das Android Open Source Project
Das Android Open Source ProjectDas Android Open Source Project
Das Android Open Source Project
 
Machine Learning Interpretability
Machine Learning InterpretabilityMachine Learning Interpretability
Machine Learning Interpretability
 
Performance evaluation of GANs in a semisupervised OCR use case
Performance evaluation of GANs in a semisupervised OCR use casePerformance evaluation of GANs in a semisupervised OCR use case
Performance evaluation of GANs in a semisupervised OCR use case
 
People & Products – Lessons learned from the daily IT madness
People & Products – Lessons learned from the daily IT madnessPeople & Products – Lessons learned from the daily IT madness
People & Products – Lessons learned from the daily IT madness
 
Infrastructure as (real) Code – Manage your K8s resources with Pulumi
Infrastructure as (real) Code – Manage your K8s resources with PulumiInfrastructure as (real) Code – Manage your K8s resources with Pulumi
Infrastructure as (real) Code – Manage your K8s resources with Pulumi
 

Último

How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 

Último (20)

How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 

Deploying Foreman in Enterprise Environments

  • 1. Deploying Foreman in Enterprise Environments best practices and lessons learned… Nils Domrose Gent, February, 3 2014
  • 2. About me ▸ senior linux systems engineer at inovex GmbH ▸ worked as a network engineer, software developer and systems engineer ▸ using foreman for about 1 year ▸ using bare-metal deployment for ages ▸ life is short – let’s focus on interesting stuff! #irc __endy__ @endyman https://plus.google.com/+NilsDomrose 2
  • 3. About inovex We use technology to make our customers happy. And ourselves. ▸ http://www.inovex.de ▸ offices in [‘Pforzheim’, ‘Karlsruhe’, ‘Cologne’, ‘Munich’] ▸ we have open positions... 1 SHAPE Consulting 2 BUILD Application Development 3 RUN IT Engineering & Operations 4 TRACK Business Intelligence 5 TEACH Academy 3
  • 4. Agenda ▸ ▸ ▸ ▸ ▸ the chicken & egg problem foreman components we are the borg fail! foreman HA best practices 4
  • 5. The Chicken & Egg Problem ...deploying your deployment infrastructure ▸ some shell scripts to push installer and answers.yaml to new system (installer is subject to rpm/deb packaging) ▸ run a custom kafo installer ▸ setup repos ▸ configure nics (bonding) ▸ setup pacemaker & corosync ▸ setup drbd ▸ setup dhcp server ▸ setup postgreSQL ▸ setup puppetDB ▸ run foreman kafo installer
  • 6. The Chicken & Egg Problem build your first kafo installer ▸ kafo? ▸ kafo! - imagine master-less puppet plus config data in yaml (like hiera) ▸ can’t tell wether it’s the chicken or the egg or both but it’s cool  ▸ stores parameters for your modules in answers.yaml ▸ simply copy your modules into the installer’s modules directory ▸ or even use puppet-librarian to manage your modules (poor man’s git-submodules) https://github.com/rodjek/librarian-puppet https://github.com/theforeman/kafo
  • 7. The Chicken & Egg Problem kafo - getting started ▸ Never give up, never surrender!: depending on your kafo gem it might not (yet) be as easy as: root@foreman:~# cd /var/tmp/ root@foreman:/var/tmp# i=my-installer; mkdir $i; cd $i; kafofy $i ▸ It’s more like: i=my-installer; mkdir $i && cd $i && kafofy $i && mkdir /etc/$i && cat > /etc/$i/$i.yaml << EOF > --> :log_dir: /var/log/$i > :log_name: configuration.log > :log_level: info > :no_prefix: false > :mapping: {} > :answer_file: /etc/$i/answers.yaml > :installer_dir: $(pwd) > :modules_dir: $(pwd)/modules > :default_values_dir: /tmp > :colors: true > :kafo_modules_dir: /usr/lib/ruby/vendor_ruby/kafo/modules > EOF
  • 8. The Chicken & Egg Problem get the modules ▸ delete the modules directory root@foreman:/var/tmp/my-installer# rm -Rf modules/ ▸ create a Puppetfile root@foreman:/var/tmp/my-installer# cat Puppetfile forge "http://forge.puppetlabs.com" mod 'puppetlabs/stdlib' mod 'ntp', :git => 'git://github.com/puppetlabs/puppetlabs-ntp.git' ▸ run the librarian root@foreman:/var/tmp/my-installer# librarian-puppet install --clean root@foreman:/var/tmp/my-installer# ll modules total 16 drwxr-xr-x 4 root root 4096 Jan 29 12:25 ./ drwxr-xr-x 7 root root 4096 Jan 29 12:17 ../ drwxr-xr-x 7 root root 4096 Jan 29 12:25 ntp/ drwxr-xr-x 6 root root 4096 Jan 29 12:24 stdlib/ ▸ next: package it, install it
  • 9. Foreman Components foreman ▸ ▸ ▸ ▸ ▸ rails application apache mod_passenger Webinterface REST API unattended resources – rendered templates database REST API unattended resources foreman frontend apache mod_passenger Port 80 HTTP Port 443 HTTPS 9
  • 10. Foreman Components smart-proxy ▸ WEBrick based REST server to manage supporting infrastructure Port 8443 HTTPS WEBrick server puppet CA puppet apache mod_passenger Port 8140 HTTPS BMC DHCP TFTP DNS ipmitool ISC dhcpd tftpd nsupdate Port 67 UDP Port 69 UDP 10
  • 11. Foreman Components placement of foreman components ▸ ▸ ▸ ▸ flows at each side to local puppet and smart proxy all VLANs directly access puppet ca all VLANs directly access foreman unattended resources we need DNS only once (so let’s limit TSIG key distribution) VLAN D Site2 mgmt VLAN2 fw VLAN C Site2 Smartproxy, puppet, DHCP VLAN A Site1 mgmt VLAN1 fw Foreman Smartproxy, puppet, CA, DNS, DHCP VLAN B Site1 11
  • 12. Foreman Components optimizing comms flows ▸ limit access to the smartproxy and foreman to local clients only ▸ open dedicate flow from proxy to foreman and puppet VLAN D Site2 mgmt VLAN2 fw VLAN C Site2 smartproxy, puppet, DHCP, Proxy VLAN A Site1 mgmt VLAN1 fw Foreman smartproxy, puppet, CA, DNS, DHCP VLAN B Site1 12
  • 13. Foreman Components optimizing comms flows ▸ install apache mod_rewrite on remote smartproxy ▸ rewrite/proxy unattended resources ▸ rewrite/proxy puppet CA resources ... rewrite_rule => [ ‘^/unattended/(.*)$ http://foreman.mysite.com/unattended/$1 [P]’, ] rewrite_rule => [ ‘^/([^/]+/certificate.*)$ https://puppetca.mysite.com:8140/$1’, ] ... 13
  • 14. Foreman Components foreman customization ▸ ▸ ▸ we must identify proxied servers foreman url must be customized templates must be adapted ▸ enable tokens (default in 1.4) ▸ create parameter in hostgroups for each segment (unattended_url in 1.4 does not seam to help here…) ▸ adapt templates 14
  • 15. Resistance is futile Integrating foreman into corporate infrastructure Integrating foreman into corporate infrastructure is: ▸ not a technical issue ▸ mostly even not a security issue ▸ It’s about convincing people to do things differently ▸ It’s about responsibilities ▸ It’s about fear ▸ It’s about laziness 15
  • 16. Resistance is futile The one with the wrong <enter vendor name> DHCP product The corporate DHCP does not provide a proper API and changes are distributed across the DHCP infrastructure in a slow, asynchronous manner… Deploy your own DHCP server: - You must be able to create and delete leases instantly - You only need it to bootstrap your servers. Later a static NIC configuration can be applied using your favorite cfgmgmt. No, it’s not that static – we can use ENC variables to update IP addresses. - Repeat: I won’t create my leases manually and I won’t wait for changes to be replicated until I power-on my server 16
  • 17. Resistance is futile The one with the DHCP caused Zombiecalypse You are about to deploy your own DHCP but people complain that your DHCP will nuke the corporate datacenter and will cause an epic loss of revenue… Ask for dedicated VLANs and for ip-helper configs on routers and firewalls - Your DHCP is limited to your VLANs only - You only need one DHCP server - It’s not an evil plan to make the guy running the corporate DHCP redundant 17
  • 18. Resistance is futile The one with static DNS You kindly ask for TSIG keys to create your A and PTR records automatically but the DNS is managed manually and there is no TSIG key although dynamic updates are enabled… Make a deal: you won’t talk about the missing TSIG keys and get your key or keytab and permissions right after the guy fixed the security issue. Ask for dedicated zones and for credentials which allow you to manage your zones using nsupdate - Alternatively ask for delegation of your zones and setup a dedicated DNS server (protected by keys) 18
  • 19. FAIL! Foreman HA ▸ use pacemaker/corosync to provide basic resilience for postgreSQL and puppetDB, puppetCA ▸ If you scale out, you might setup a nice pg-pool2 cluster ▸ puppetmasters could be ran active active as well as the foreman rails application (keep memcached in mind) ▸ on pure smartproxies no pacemaker cluster is required. A simple failover using VRRP (via keepalived) should be sufficient – if you replicate the tftp and dhcp data (for puppet you’ll have to do the exercise anyhow.) HA IP(s) HA IP(s) puppetDB puppetDB Apache mod_passenger Apache mod_passenger postgreSQL postgreSQL DRBD DRBD pacemaker pacemaker corosync node1 node2 19
  • 20. Best practices ▸ use separate IP addresses for each service so you can split up stuff later on ▸ If you can’t use DHCP the bootdisk plugin might be an option (currently .deb package 1.2.3 is broken for 1.4 but version plugin source is ready for 1.4) ▸ LDAP or kerberos5 (1.4) for user authentication ▸ use Locations for filtering ▸ classes are not tight to locations so you better use the same set of classes and import only once from you master puppet master  ▸ use the column plugin for better overview ▸ ENC and smart variables are nice – ever configured dhcp pool as yaml hash? Use smart variables as switches, and for simple datatypes only - do the complex stuff in service modules - ideally by using data in modules 20
  • 21. Wishlist ...secret guide to world domination ▸ integrate the reverse proxy feature into smart-proxy (there is a ticket for that somewhere) ▸ implement iso image provisioning based vm installation in conjunction with the bootdisk plugin ▸ support more configuration management stacks ▸ better support for discovery, ipmi and hardware provisioning (like HW-Raid) 21
  • 22. Thank You! Contact Nils Domrose Senior Systems Engineer inovex GmbH Office cologne Schanzenstr. 6-20 51063 Köln nils.domrose@inovex.de 22