O slideshow foi denunciado.
Utilizamos seu perfil e dados de atividades no LinkedIn para personalizar e exibir anúncios mais relevantes. Altere suas preferências de anúncios quando desejar.

Managing a R&D Lab with Foreman

573 visualizações

Publicada em

Feedback about 5 years of Foreman Experience to manage different kinds of infrastructure. A story about Open Source. Given for the 7th Birthday of The Foreman.

Publicada em: Tecnologia
  • Seja o primeiro a comentar

  • Seja a primeira pessoa a gostar disto

Managing a R&D Lab with Foreman

  1. 1. Managing a R&D Lab with ForemanManaging a R&D Lab with ForemanManaging a R&D Lab with ForemanManaging a R&D Lab with ForemanManaging a R&D Lab with ForemanManaging a R&D Lab with ForemanManaging a R&D Lab with ForemanManaging a R&D Lab with ForemanManaging a R&D Lab with ForemanManaging a R&D Lab with ForemanManaging a R&D Lab with ForemanManaging a R&D Lab with ForemanManaging a R&D Lab with ForemanManaging a R&D Lab with ForemanManaging a R&D Lab with ForemanManaging a R&D Lab with ForemanManaging a R&D Lab with Foreman Julien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien Pivotto Foreman 7th Birthday Party Inuits, Antwerp July 13th, 2016
  2. 2. whoamiwhoamiwhoamiwhoamiwhoamiwhoamiwhoamiwhoamiwhoamiwhoamiwhoamiwhoamiwhoamiwhoamiwhoamiwhoamiwhoami Julien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien Pivotto • Sysadmin at inuits.euSysadmin at inuits.euSysadmin at inuits.euSysadmin at inuits.euSysadmin at inuits.euSysadmin at inuits.euSysadmin at inuits.euSysadmin at inuits.euSysadmin at inuits.euSysadmin at inuits.euSysadmin at inuits.euSysadmin at inuits.euSysadmin at inuits.euSysadmin at inuits.euSysadmin at inuits.euSysadmin at inuits.euSysadmin at inuits.eu • FLOSS user since 2004FLOSS user since 2004FLOSS user since 2004FLOSS user since 2004FLOSS user since 2004FLOSS user since 2004FLOSS user since 2004FLOSS user since 2004FLOSS user since 2004FLOSS user since 2004FLOSS user since 2004FLOSS user since 2004FLOSS user since 2004FLOSS user since 2004FLOSS user since 2004FLOSS user since 2004FLOSS user since 2004 • Foreman user since 2011Foreman user since 2011Foreman user since 2011Foreman user since 2011Foreman user since 2011Foreman user since 2011Foreman user since 2011Foreman user since 2011Foreman user since 2011Foreman user since 2011Foreman user since 2011Foreman user since 2011Foreman user since 2011Foreman user since 2011Foreman user since 2011Foreman user since 2011Foreman user since 2011 • DevOps believerDevOps believerDevOps believerDevOps believerDevOps believerDevOps believerDevOps believerDevOps believerDevOps believerDevOps believerDevOps believerDevOps believerDevOps believerDevOps believerDevOps believerDevOps believerDevOps believer • @roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie on irc/twitter/githubon irc/twitter/githubon irc/twitter/githubon irc/twitter/githubon irc/twitter/githubon irc/twitter/githubon irc/twitter/githubon irc/twitter/githubon irc/twitter/githubon irc/twitter/githubon irc/twitter/githubon irc/twitter/githubon irc/twitter/githubon irc/twitter/githubon irc/twitter/githubon irc/twitter/githubon irc/twitter/github
  3. 3. inuits.eu
  4. 4. The Foreman
  5. 5. The Foreman Provisioning
  6. 6. The Foreman Provisioning Configuration
  7. 7. The Foreman Provisioning Configuration Monitoring
  8. 8. The Foreman Provisioning Configuration Monitoring Reporting
  9. 9. Foreman: A good choiceForeman: A good choiceForeman: A good choiceForeman: A good choiceForeman: A good choiceForeman: A good choiceForeman: A good choiceForeman: A good choiceForeman: A good choiceForeman: A good choiceForeman: A good choiceForeman: A good choiceForeman: A good choiceForeman: A good choiceForeman: A good choiceForeman: A good choiceForeman: A good choice • OOOOOOOOOOOOOOOOOpen-Source • LLLLLLLLLLLLLLLLLarge, active community • RRRRRRRRRRRRRRRRRest API and cli tools
  10. 10. Behind the scenesBehind the scenesBehind the scenesBehind the scenesBehind the scenesBehind the scenesBehind the scenesBehind the scenesBehind the scenesBehind the scenesBehind the scenesBehind the scenesBehind the scenesBehind the scenesBehind the scenesBehind the scenesBehind the scenes Licensed under a Creative Commons Attribution 2.0 License https://www.flickr.com/photos/reuver/10105949326
  11. 11. Foreman overviewForeman overviewForeman overviewForeman overviewForeman overviewForeman overviewForeman overviewForeman overviewForeman overviewForeman overviewForeman overviewForeman overviewForeman overviewForeman overviewForeman overviewForeman overviewForeman overview Licensed under a Creative Commons Attribution-ShareAlike 3.0 License http://theforeman.org
  12. 12. Technology stackTechnology stackTechnology stackTechnology stackTechnology stackTechnology stackTechnology stackTechnology stackTechnology stackTechnology stackTechnology stackTechnology stackTechnology stackTechnology stackTechnology stackTechnology stackTechnology stack • FFFFFFFFFFFFFFFFForeman-web: Ruby-on-Rails • SSSSSSSSSSSSSSSSSmart Proxies: Ruby • TTTTTTTTTTTTTTTTTLS everywhere
  13. 13. Supported technologiesSupported technologiesSupported technologiesSupported technologiesSupported technologiesSupported technologiesSupported technologiesSupported technologiesSupported technologiesSupported technologiesSupported technologiesSupported technologiesSupported technologiesSupported technologiesSupported technologiesSupported technologiesSupported technologies • PPPPPPPPPPPPPPPPPuppet (other CM are WIP) • lllllllllllllllllibvirt (kvm), VMWare, ec2, openstack, ovirt • DDDDDDDDDDDDDDDDDHCP, DNS, TFTP, IPMI • VVVVVVVVVVVVVVVVVNC
  14. 14. PluginsPluginsPluginsPluginsPluginsPluginsPluginsPluginsPluginsPluginsPluginsPluginsPluginsPluginsPluginsPluginsPlugins • KKKKKKKKKKKKKKKKKatello: Content management • RRRRRRRRRRRRRRRRRemote Execution • HHHHHHHHHHHHHHHHHubot • CCCCCCCCCCCCCCCCCockpit
  15. 15. UsecasesUsecasesUsecasesUsecasesUsecasesUsecasesUsecasesUsecasesUsecasesUsecasesUsecasesUsecasesUsecasesUsecasesUsecasesUsecasesUsecases Licensed under a Creative Commons Attribution 2.0 License https://www.flickr.com/photos/aydun/14108842993
  16. 16. Puppet reportingPuppet reportingPuppet reportingPuppet reportingPuppet reportingPuppet reportingPuppet reportingPuppet reportingPuppet reportingPuppet reportingPuppet reportingPuppet reportingPuppet reportingPuppet reportingPuppet reportingPuppet reportingPuppet reporting • 22222222222222222011-2013: Puppet reporting • RRRRRRRRRRRRRRRRReplacement for Puppet Dashboard • AAAAAAAAAAAAAAAAAlready had a API, hooked into icinga
  17. 17. 2013-now: Lab management2013-now: Lab management2013-now: Lab management2013-now: Lab management2013-now: Lab management2013-now: Lab management2013-now: Lab management2013-now: Lab management2013-now: Lab management2013-now: Lab management2013-now: Lab management2013-now: Lab management2013-now: Lab management2013-now: Lab management2013-now: Lab management2013-now: Lab management2013-now: Lab management • PPPPPPPPPPPPPPPPProvisioning: libvirt/vmware • CCCCCCCCCCCCCCCCConfig: Puppet Master+ENC • RRRRRRRRRRRRRRRRReporting
  18. 18. Our ScaleOur ScaleOur ScaleOur ScaleOur ScaleOur ScaleOur ScaleOur ScaleOur ScaleOur ScaleOur ScaleOur ScaleOur ScaleOur ScaleOur ScaleOur ScaleOur Scale • 22222222222222222 countries • 44444444444444444 datacenter • 11111111111111111 Foreman • 55555555555555555 Foreman Proxies • 33333333333333333 Puppet env • 99999999999999999 Compute Resource (hypervisor) • 1111111111111111150 machines
  19. 19. What can be hard?What can be hard?What can be hard?What can be hard?What can be hard?What can be hard?What can be hard?What can be hard?What can be hard?What can be hard?What can be hard?What can be hard?What can be hard?What can be hard?What can be hard?What can be hard?What can be hard? Licensed under a Creative Commons Attribution 2.0 License https://www.flickr.com/photos/130811041@N04/19114856463
  20. 20. foreman-installerforeman-installerforeman-installerforeman-installerforeman-installerforeman-installerforeman-installerforeman-installerforeman-installerforeman-installerforeman-installerforeman-installerforeman-installerforeman-installerforeman-installerforeman-installerforeman-installer Licensed under a Creative Commons Attribution 2.0 License https://www.flickr.com/photos/gabprr/8325699254
  21. 21. foreman-installerforeman-installerforeman-installerforeman-installerforeman-installerforeman-installerforeman-installerforeman-installerforeman-installerforeman-installerforeman-installerforeman-installerforeman-installerforeman-installerforeman-installerforeman-installerforeman-installer • FFFFFFFFFFFFFFFFForeman Installer is a package • UUUUUUUUUUUUUUUUUses Puppet behind the scene • IIIIIIIIIIIIIIIIInstalls and configure *
  22. 22. How to install The ForemanHow to install The ForemanHow to install The ForemanHow to install The ForemanHow to install The ForemanHow to install The ForemanHow to install The ForemanHow to install The ForemanHow to install The ForemanHow to install The ForemanHow to install The ForemanHow to install The ForemanHow to install The ForemanHow to install The ForemanHow to install The ForemanHow to install The ForemanHow to install The Foreman • 11111111111111111. yum install foreman-installer • 22222222222222222. run foreman-installer • 33333333333333333. done
  23. 23. foreman-installer scopeforeman-installer scopeforeman-installer scopeforeman-installer scopeforeman-installer scopeforeman-installer scopeforeman-installer scopeforeman-installer scopeforeman-installer scopeforeman-installer scopeforeman-installer scopeforeman-installer scopeforeman-installer scopeforeman-installer scopeforeman-installer scopeforeman-installer scopeforeman-installer scope • FFFFFFFFFFFFFFFFForeman-web • FFFFFFFFFFFFFFFFForeman-proxy • PPPPPPPPPPPPPPPPPuppet master • DDDDDDDDDDDDDDDDDHCP, DNS, TFTP services • GGGGGGGGGGGGGGGGGit repositories • LLLLLLLLLLLLLLLLLink between those
  24. 24. The chicken-and-egg problemThe chicken-and-egg problemThe chicken-and-egg problemThe chicken-and-egg problemThe chicken-and-egg problemThe chicken-and-egg problemThe chicken-and-egg problemThe chicken-and-egg problemThe chicken-and-egg problemThe chicken-and-egg problemThe chicken-and-egg problemThe chicken-and-egg problemThe chicken-and-egg problemThe chicken-and-egg problemThe chicken-and-egg problemThe chicken-and-egg problemThe chicken-and-egg problem Licensed under a Creative Commons Attribution 2.0 License https://www.flickr.com/photos/100739735@N06/15892201516
  25. 25. First foreman installFirst foreman installFirst foreman installFirst foreman installFirst foreman installFirst foreman installFirst foreman installFirst foreman installFirst foreman installFirst foreman installFirst foreman installFirst foreman installFirst foreman installFirst foreman installFirst foreman installFirst foreman installFirst foreman install • CCCCCCCCCCCCCCCCCreates everything needed to puppetize • gggggggggggggggggit repo, puppetmaster • bbbbbbbbbbbbbbbbbut not to puppetize itself
  26. 26. State is not enforcedState is not enforcedState is not enforcedState is not enforcedState is not enforcedState is not enforcedState is not enforcedState is not enforcedState is not enforcedState is not enforcedState is not enforcedState is not enforcedState is not enforcedState is not enforcedState is not enforcedState is not enforcedState is not enforced • SSSSSSSSSSSSSSSSSystem is not up to date • NNNNNNNNNNNNNNNNNo confidence that the state is still correct • SSSSSSSSSSSSSSSSSolution A: integrate within the puppet tree • SSSSSSSSSSSSSSSSSolution B: Re-run the foreman-installer
  27. 27. Importing the modules in your treeImporting the modules in your treeImporting the modules in your treeImporting the modules in your treeImporting the modules in your treeImporting the modules in your treeImporting the modules in your treeImporting the modules in your treeImporting the modules in your treeImporting the modules in your treeImporting the modules in your treeImporting the modules in your treeImporting the modules in your treeImporting the modules in your treeImporting the modules in your treeImporting the modules in your treeImporting the modules in your tree • SSSSSSSSSSSSSSSSState is enforced • OOOOOOOOOOOOOOOOOnly thing to care about: updating the modules • TTTTTTTTTTTTTTTTThey are linked to the foreman
  28. 28. Building and rebuildingBuilding and rebuildingBuilding and rebuildingBuilding and rebuildingBuilding and rebuildingBuilding and rebuildingBuilding and rebuildingBuilding and rebuildingBuilding and rebuildingBuilding and rebuildingBuilding and rebuildingBuilding and rebuildingBuilding and rebuildingBuilding and rebuildingBuilding and rebuildingBuilding and rebuildingBuilding and rebuilding Licensed under a Creative Commons Attribution 2.0 License https://www.flickr.com/photos/artbystevejohnson/6405400351
  29. 29. Building a hostBuilding a hostBuilding a hostBuilding a hostBuilding a hostBuilding a hostBuilding a hostBuilding a hostBuilding a hostBuilding a hostBuilding a hostBuilding a hostBuilding a hostBuilding a hostBuilding a hostBuilding a hostBuilding a host • CCCCCCCCCCCCCCCCCreate/cycle VM • CCCCCCCCCCCCCCCCCreate/change DNS Config • CCCCCCCCCCCCCCCCCreate/change DHCP lease • CCCCCCCCCCCCCCCCCreate/change TFTP files
  30. 30. An expensive operationAn expensive operationAn expensive operationAn expensive operationAn expensive operationAn expensive operationAn expensive operationAn expensive operationAn expensive operationAn expensive operationAn expensive operationAn expensive operationAn expensive operationAn expensive operationAn expensive operationAn expensive operationAn expensive operation • IIIIIIIIIIIIIIIIIf something is wrong, it rollbacks • SSSSSSSSSSSSSSSSSolution: Foreman 1.10 allows you to force config rebuild • HHHHHHHHHHHHHHHHHidden in the UI in the `All hosts' view
  31. 31. DNSDNSDNSDNSDNSDNSDNSDNSDNSDNSDNSDNSDNSDNSDNSDNSDNS Licensed under a Creative Commons Attribution-ShareAlike 2.0 License https://www.flickr.com/photos/quinnanya/4464205726
  32. 32. Everything is a Freaking DNS Problem Kris Buytaert
  33. 33. Foreman managing DNS entriesForeman managing DNS entriesForeman managing DNS entriesForeman managing DNS entriesForeman managing DNS entriesForeman managing DNS entriesForeman managing DNS entriesForeman managing DNS entriesForeman managing DNS entriesForeman managing DNS entriesForeman managing DNS entriesForeman managing DNS entriesForeman managing DNS entriesForeman managing DNS entriesForeman managing DNS entriesForeman managing DNS entriesForeman managing DNS entries • KKKKKKKKKKKKKKKKKeeps the data consistent • CCCCCCCCCCCCCCCCCreates only hostnames that exist • AAAAAAAAAAAAAAAAAlso does the reverse entries
  34. 34. Adding custom recordsAdding custom recordsAdding custom recordsAdding custom recordsAdding custom recordsAdding custom recordsAdding custom recordsAdding custom recordsAdding custom recordsAdding custom recordsAdding custom recordsAdding custom recordsAdding custom recordsAdding custom recordsAdding custom recordsAdding custom recordsAdding custom records • AAAAAAAAAAAAAAAAAt some point you want CNAME records • ooooooooooooooooor change NS records
  35. 35. Manipulating zonesManipulating zonesManipulating zonesManipulating zonesManipulating zonesManipulating zonesManipulating zonesManipulating zonesManipulating zonesManipulating zonesManipulating zonesManipulating zonesManipulating zonesManipulating zonesManipulating zonesManipulating zonesManipulating zones • FFFFFFFFFFFFFFFFForeman uses Dynamic Zones • rrrrrrrrrrrrrrrrrndc freeze • CCCCCCCCCCCCCCCCChange the zone (incr the serial) • rrrrrrrrrrrrrrrrrndc thaw
  36. 36. Org-level reverse DNSOrg-level reverse DNSOrg-level reverse DNSOrg-level reverse DNSOrg-level reverse DNSOrg-level reverse DNSOrg-level reverse DNSOrg-level reverse DNSOrg-level reverse DNSOrg-level reverse DNSOrg-level reverse DNSOrg-level reverse DNSOrg-level reverse DNSOrg-level reverse DNSOrg-level reverse DNSOrg-level reverse DNSOrg-level reverse DNS • YYYYYYYYYYYYYYYYYou own DNS servers should forward the unknown to your org • WWWWWWWWWWWWWWWWWe could not make it work for PTR records • NNNNNNNNNNNNNNNNNeed to set empty-zones-enable=no • PPPPPPPPPPPPPPPPPR theforeman/puppet-dns#47
  37. 37. DMZDMZDMZDMZDMZDMZDMZDMZDMZDMZDMZDMZDMZDMZDMZDMZDMZ Licensed under a Creative Commons Attribution-ShareAlike 2.0 License https://www.flickr.com/photos/flintymcginty/9997879333
  38. 38. Managing hosts outside the labManaging hosts outside the labManaging hosts outside the labManaging hosts outside the labManaging hosts outside the labManaging hosts outside the labManaging hosts outside the labManaging hosts outside the labManaging hosts outside the labManaging hosts outside the labManaging hosts outside the labManaging hosts outside the labManaging hosts outside the labManaging hosts outside the labManaging hosts outside the labManaging hosts outside the labManaging hosts outside the lab • SSSSSSSSSSSSSSSSSecurity purpose • RRRRRRRRRRRRRRRRRun Demos • HHHHHHHHHHHHHHHHHandover to other teams
  39. 39. Foreman-proxies solutionsForeman-proxies solutionsForeman-proxies solutionsForeman-proxies solutionsForeman-proxies solutionsForeman-proxies solutionsForeman-proxies solutionsForeman-proxies solutionsForeman-proxies solutionsForeman-proxies solutionsForeman-proxies solutionsForeman-proxies solutionsForeman-proxies solutionsForeman-proxies solutionsForeman-proxies solutionsForeman-proxies solutionsForeman-proxies solutions • DDDDDDDDDDDDDDDDDNS Proxy, DHCP proxy, TFTP… • KKKKKKKKKKKKKKKKKickstart proxying? • DDDDDDDDDDDDDDDDDigging into the documentation • FFFFFFFFFFFFFFFFFeature is there but not really visible • IIIIIIIIIIIIIIIIImprove docs: PR theforeman/theforeman.org#547
  40. 40. DocumentationDocumentationDocumentationDocumentationDocumentationDocumentationDocumentationDocumentationDocumentationDocumentationDocumentationDocumentationDocumentationDocumentationDocumentationDocumentationDocumentation Licensed under a Creative Commons Attribution-ShareAlike 2.0 License https://www.flickr.com/photos/flyingblogspot/15361704293
  41. 41. DocumentationDocumentationDocumentationDocumentationDocumentationDocumentationDocumentationDocumentationDocumentationDocumentationDocumentationDocumentationDocumentationDocumentationDocumentationDocumentationDocumentation • TTTTTTTTTTTTTTTTThe Foreman documentation is huge • HHHHHHHHHHHHHHHHHosted on theforeman.org • IIIIIIIIIIIIIIIIImprove it so the next guy doesn't lose your time again
  42. 42. A NoVNC StoryA NoVNC StoryA NoVNC StoryA NoVNC StoryA NoVNC StoryA NoVNC StoryA NoVNC StoryA NoVNC StoryA NoVNC StoryA NoVNC StoryA NoVNC StoryA NoVNC StoryA NoVNC StoryA NoVNC StoryA NoVNC StoryA NoVNC StoryA NoVNC Story • FFFFFFFFFFFFFFFFForeman embeds NoVNC • AAAAAAAAAAAAAAAAAllows you to see VNC console in browser • LLLLLLLLLLLLLLLLLots of problems with certificates
  43. 43. Details mattersDetails mattersDetails mattersDetails mattersDetails mattersDetails mattersDetails mattersDetails mattersDetails mattersDetails mattersDetails mattersDetails mattersDetails mattersDetails mattersDetails mattersDetails mattersDetails matters • IIIIIIIIIIIIIIIIIn the 1.7 docs: websockets_encrypt: true • LLLLLLLLLLLLLLLLLet's change it to false • PPPPPPPPPPPPPPPPProblem: true/false vs on/off • EEEEEEEEEEEEEEEEExtra work: Updated the docs
  44. 44. Release NotesRelease NotesRelease NotesRelease NotesRelease NotesRelease NotesRelease NotesRelease NotesRelease NotesRelease NotesRelease NotesRelease NotesRelease NotesRelease NotesRelease NotesRelease NotesRelease Notes • RRRRRRRRRRRRRRRRRelease notes are part of Documentation • WWWWWWWWWWWWWWWWWhen you change behaviour, think about others • LLLLLLLLLLLLLLLLLower update cost
  45. 45. ScalabilityScalabilityScalabilityScalabilityScalabilityScalabilityScalabilityScalabilityScalabilityScalabilityScalabilityScalabilityScalabilityScalabilityScalabilityScalabilityScalability Licensed under a Creative Commons Attribution-ShareAlike 2.0 License https://www.flickr.com/photos/21499502@N04/13905270178
  46. 46. Scaling tipsScaling tipsScaling tipsScaling tipsScaling tipsScaling tipsScaling tipsScaling tipsScaling tipsScaling tipsScaling tipsScaling tipsScaling tipsScaling tipsScaling tipsScaling tipsScaling tips • EEEEEEEEEEEEEEEEEnable organizations/locations • UUUUUUUUUUUUUUUUUse one foreman for separated entities • UUUUUUUUUUUUUUUUUse one foreman for separated countries • UUUUUUUUUUUUUUUUUse foreman proxies where needed
  47. 47. AssociationAssociationAssociationAssociationAssociationAssociationAssociationAssociationAssociationAssociationAssociationAssociationAssociationAssociationAssociationAssociationAssociation • OOOOOOOOOOOOOOOOOne terrible thing in the Foreman • AAAAAAAAAAAAAAAAAssigning things to each other
  48. 48. AssociationAssociationAssociationAssociationAssociationAssociationAssociationAssociationAssociationAssociationAssociationAssociationAssociationAssociationAssociationAssociationAssociation • OOOOOOOOOOOOOOOOOS -> Location and Org • CCCCCCCCCCCCCCCCCompute Resource -> Location and Org • TTTTTTTTTTTTTTTTTemplates -> Location and Org • OOOOOOOOOOOOOOOOOS -> Installation Media • IIIIIIIIIIIIIIIIInstallation media -> Location and Org
  49. 49. Scaling Compute ResourcesScaling Compute ResourcesScaling Compute ResourcesScaling Compute ResourcesScaling Compute ResourcesScaling Compute ResourcesScaling Compute ResourcesScaling Compute ResourcesScaling Compute ResourcesScaling Compute ResourcesScaling Compute ResourcesScaling Compute ResourcesScaling Compute ResourcesScaling Compute ResourcesScaling Compute ResourcesScaling Compute ResourcesScaling Compute Resources • CCCCCCCCCCCCCCCCCompute Resources = Virtualization or Cloud Service • EEEEEEEEEEEEEEEEEasy to create hosts in those CR • lllllllllllllllllibvirt, ec2, gce, vmware…
  50. 50. Scaling LibvirtScaling LibvirtScaling LibvirtScaling LibvirtScaling LibvirtScaling LibvirtScaling LibvirtScaling LibvirtScaling LibvirtScaling LibvirtScaling LibvirtScaling LibvirtScaling LibvirtScaling LibvirtScaling LibvirtScaling LibvirtScaling Libvirt • WWWWWWWWWWWWWWWWWe have 8 libvirt servers • TTTTTTTTTTTTTTTTTo create a VM, you chose CPU, RAM, disks… • AAAAAAAAAAAAAAAAAny change requires deletion and creation
  51. 51. Creating consistent hostsCreating consistent hostsCreating consistent hostsCreating consistent hostsCreating consistent hostsCreating consistent hostsCreating consistent hostsCreating consistent hostsCreating consistent hostsCreating consistent hostsCreating consistent hostsCreating consistent hostsCreating consistent hostsCreating consistent hostsCreating consistent hostsCreating consistent hostsCreating consistent hosts • HHHHHHHHHHHHHHHHHostgroups • EEEEEEEEEEEEEEEEEnvironments • CCCCCCCCCCCCCCCCCompute profiles?
  52. 52. Libvirt Compute ProfilesLibvirt Compute ProfilesLibvirt Compute ProfilesLibvirt Compute ProfilesLibvirt Compute ProfilesLibvirt Compute ProfilesLibvirt Compute ProfilesLibvirt Compute ProfilesLibvirt Compute ProfilesLibvirt Compute ProfilesLibvirt Compute ProfilesLibvirt Compute ProfilesLibvirt Compute ProfilesLibvirt Compute ProfilesLibvirt Compute ProfilesLibvirt Compute ProfilesLibvirt Compute Profiles • CCCCCCCCCCCCCCCCCPU • MMMMMMMMMMMMMMMMMemory • NNNNNNNNNNNNNNNNNIC • SSSSSSSSSSSSSSSSStorage • MMMMMMMMMMMMMMMMMultiple profiles per hypervisor
  53. 53. What's wrong then?What's wrong then?What's wrong then?What's wrong then?What's wrong then?What's wrong then?What's wrong then?What's wrong then?What's wrong then?What's wrong then?What's wrong then?What's wrong then?What's wrong then?What's wrong then?What's wrong then?What's wrong then?What's wrong then? • LLLLLLLLLLLLLLLLLibvirt servers are not a group • TTTTTTTTTTTTTTTTThey are separated Compute Resources • AAAAAAAAAAAAAAAAA lot of work (UI and API)
  54. 54. Is it libvirt specific?Is it libvirt specific?Is it libvirt specific?Is it libvirt specific?Is it libvirt specific?Is it libvirt specific?Is it libvirt specific?Is it libvirt specific?Is it libvirt specific?Is it libvirt specific?Is it libvirt specific?Is it libvirt specific?Is it libvirt specific?Is it libvirt specific?Is it libvirt specific?Is it libvirt specific?Is it libvirt specific? • YYYYYYYYYYYYYYYYYes: other providers are `centralized' • eeeeeeeeeeeeeeeeec2, gce, openstack…
  55. 55. VMWareVMWareVMWareVMWareVMWareVMWareVMWareVMWareVMWareVMWareVMWareVMWareVMWareVMWareVMWareVMWareVMWare • SSSSSSSSSSSSSSSSSome part of the lab runs VMWare • GGGGGGGGGGGGGGGGGreat: Foreman supports VMWare • (((((((((((((((((on paper)
  56. 56. VMWare integrationVMWare integrationVMWare integrationVMWare integrationVMWare integrationVMWare integrationVMWare integrationVMWare integrationVMWare integrationVMWare integrationVMWare integrationVMWare integrationVMWare integrationVMWare integrationVMWare integrationVMWare integrationVMWare integration • MMMMMMMMMMMMMMMMMost of the settings, Foreman will take user defaults • FFFFFFFFFFFFFFFFForeman is not for VMWare Power users • SSSSSSSSSSSSSSSSSounds like a lack of interest from community
  57. 57. Logging mattersLogging mattersLogging mattersLogging mattersLogging mattersLogging mattersLogging mattersLogging mattersLogging mattersLogging mattersLogging mattersLogging mattersLogging mattersLogging mattersLogging mattersLogging mattersLogging matters • FFFFFFFFFFFFFFFFForeman requires on Fog • FFFFFFFFFFFFFFFFFog is a gem for the `clouds' • FFFFFFFFFFFFFFFFFog for vmware is not as advances as we'd like
  58. 58. Empowering the DevelopersEmpowering the DevelopersEmpowering the DevelopersEmpowering the DevelopersEmpowering the DevelopersEmpowering the DevelopersEmpowering the DevelopersEmpowering the DevelopersEmpowering the DevelopersEmpowering the DevelopersEmpowering the DevelopersEmpowering the DevelopersEmpowering the DevelopersEmpowering the DevelopersEmpowering the DevelopersEmpowering the DevelopersEmpowering the Developers Licensed under a Creative Commons Attribution 2.0 License https://www.flickr.com/photos/julesdphotographie/8421289746
  59. 59. Distributing the powerDistributing the powerDistributing the powerDistributing the powerDistributing the powerDistributing the powerDistributing the powerDistributing the powerDistributing the powerDistributing the powerDistributing the powerDistributing the powerDistributing the powerDistributing the powerDistributing the powerDistributing the powerDistributing the power • RRRRRRRRRRRRRRRRRebuilding a host is simple • OOOOOOOOOOOOOOOOOne clic operation • FFFFFFFFFFFFFFFFForeman as a VM shop
  60. 60. The DevOps movementThe DevOps movementThe DevOps movementThe DevOps movementThe DevOps movementThe DevOps movementThe DevOps movementThe DevOps movementThe DevOps movementThe DevOps movementThe DevOps movementThe DevOps movementThe DevOps movementThe DevOps movementThe DevOps movementThe DevOps movementThe DevOps movement • DDDDDDDDDDDDDDDDDevOps is a movement born in 2009 • CCCCCCCCCCCCCCCCCollaboration between Developers and Operations • NNNNNNNNNNNNNNNNNothing new, just common sense • DDDDDDDDDDDDDDDDDevOpsDays, a serie of conferences all around the world
  61. 61. #DevOps CAMS#DevOps CAMS#DevOps CAMS#DevOps CAMS#DevOps CAMS#DevOps CAMS#DevOps CAMS#DevOps CAMS#DevOps CAMS#DevOps CAMS#DevOps CAMS#DevOps CAMS#DevOps CAMS#DevOps CAMS#DevOps CAMS#DevOps CAMS#DevOps CAMS • CCCCCCCCCCCCCCCCCulture • AAAAAAAAAAAAAAAAAutomation • MMMMMMMMMMMMMMMMMeasurement • SSSSSSSSSSSSSSSSSharing John Willis and Damon Edwards
  62. 62. The C of CAMSThe C of CAMSThe C of CAMSThe C of CAMSThe C of CAMSThe C of CAMSThe C of CAMSThe C of CAMSThe C of CAMSThe C of CAMSThe C of CAMSThe C of CAMSThe C of CAMSThe C of CAMSThe C of CAMSThe C of CAMSThe C of CAMS • DDDDDDDDDDDDDDDDDevOps is a Cultural change • EEEEEEEEEEEEEEEEEveryone is in the team • OOOOOOOOOOOOOOOOOps and Devs work together • SSSSSSSSSSSSSSSSShare the responsibilities
  63. 63. Foreman in the pictureForeman in the pictureForeman in the pictureForeman in the pictureForeman in the pictureForeman in the pictureForeman in the pictureForeman in the pictureForeman in the pictureForeman in the pictureForeman in the pictureForeman in the pictureForeman in the pictureForeman in the pictureForeman in the pictureForeman in the pictureForeman in the picture • FFFFFFFFFFFFFFFFForeman empowers the developers • WWWWWWWWWWWWWWWWWhile still providing enough security • OOOOOOOOOOOOOOOOOrganisations in Foreman
  64. 64. Developer ACLDeveloper ACLDeveloper ACLDeveloper ACLDeveloper ACLDeveloper ACLDeveloper ACLDeveloper ACLDeveloper ACLDeveloper ACLDeveloper ACLDeveloper ACLDeveloper ACLDeveloper ACLDeveloper ACLDeveloper ACLDeveloper ACL Licensed under a Creative Commons Attribution-ShareAlike 3.0 License Screenshot
  65. 65. The Developer sideThe Developer sideThe Developer sideThe Developer sideThe Developer sideThe Developer sideThe Developer sideThe Developer sideThe Developer sideThe Developer sideThe Developer sideThe Developer sideThe Developer sideThe Developer sideThe Developer sideThe Developer sideThe Developer side • OOOOOOOOOOOOOOOOOne-clic rebuild (at will) • AAAAAAAAAAAAAAAAAccess to build reports • IIIIIIIIIIIIIIIIIn-browser access to VNC • FFFFFFFFFFFFFFFFFresh vm in minutes
  66. 66. The Ops sideThe Ops sideThe Ops sideThe Ops sideThe Ops sideThe Ops sideThe Ops sideThe Ops sideThe Ops sideThe Ops sideThe Ops sideThe Ops sideThe Ops sideThe Ops sideThe Ops sideThe Ops sideThe Ops side • KKKKKKKKKKKKKKKKKeep everything under control • AAAAAAAAAAAAAAAAAudit logs, reports • IIIIIIIIIIIIIIIIInventory • BBBBBBBBBBBBBBBBBring regular updates to VM's/developers
  67. 67. UpdatesUpdatesUpdatesUpdatesUpdatesUpdatesUpdatesUpdatesUpdatesUpdatesUpdatesUpdatesUpdatesUpdatesUpdatesUpdatesUpdates Licensed under a Creative Commons Attribution 2.0 License https://www.flickr.com/photos/inyucho/7866698878
  68. 68. Foreman updatesForeman updatesForeman updatesForeman updatesForeman updatesForeman updatesForeman updatesForeman updatesForeman updatesForeman updatesForeman updatesForeman updatesForeman updatesForeman updatesForeman updatesForeman updatesForeman updates • AAAAAAAAAAAAAAAAAs any software: • TTTTTTTTTTTTTTTTTake a backup first • TTTTTTTTTTTTTTTTTry on your dev environment • FFFFFFFFFFFFFFFFFirst upgrade the main UI • TTTTTTTTTTTTTTTTThen update the proxies (#12506)
  69. 69. Upgrade problemsUpgrade problemsUpgrade problemsUpgrade problemsUpgrade problemsUpgrade problemsUpgrade problemsUpgrade problemsUpgrade problemsUpgrade problemsUpgrade problemsUpgrade problemsUpgrade problemsUpgrade problemsUpgrade problemsUpgrade problemsUpgrade problems • 11111111111111111.5->1.6: DHCP config file not readable by foreman proxy WWWWWWWWWWWWWWWWWe did a DHCP upgrade at the same time FFFFFFFFFFFFFFFFFile ownership was changed rrrrrrrrrrrrrrrrre-run the foreman installer fixed it
  70. 70. Upgrade problemsUpgrade problemsUpgrade problemsUpgrade problemsUpgrade problemsUpgrade problemsUpgrade problemsUpgrade problemsUpgrade problemsUpgrade problemsUpgrade problemsUpgrade problemsUpgrade problemsUpgrade problemsUpgrade problemsUpgrade problemsUpgrade problems • 11111111111111111.5->1.6: Puppet reports not coming into the foreman FFFFFFFFFFFFFFFFForeman report preprocessor has changed NNNNNNNNNNNNNNNNNeed to update foreman.rb + config nnnnnnnnnnnnnnnnnode.rb also needed an update
  71. 71. Upgrade problemsUpgrade problemsUpgrade problemsUpgrade problemsUpgrade problemsUpgrade problemsUpgrade problemsUpgrade problemsUpgrade problemsUpgrade problemsUpgrade problemsUpgrade problemsUpgrade problemsUpgrade problemsUpgrade problemsUpgrade problemsUpgrade problems • 11111111111111111.7->1.8: Big stack trace on opening the UI yyyyyyyyyyyyyyyyyum erase ruby193-rubygem-foreman_openstack_cluster ruby193-rubygem-foreman_openstack_cluster-doc
  72. 72. Upgrade problemsUpgrade problemsUpgrade problemsUpgrade problemsUpgrade problemsUpgrade problemsUpgrade problemsUpgrade problemsUpgrade problemsUpgrade problemsUpgrade problemsUpgrade problemsUpgrade problemsUpgrade problemsUpgrade problemsUpgrade problemsUpgrade problems • 11111111111111111.8->1.9: Yaml transformations in Puppet parameters FFFFFFFFFFFFFFFFFixed in 1.10, backported to 1.9
  73. 73. Upgrade problemsUpgrade problemsUpgrade problemsUpgrade problemsUpgrade problemsUpgrade problemsUpgrade problemsUpgrade problemsUpgrade problemsUpgrade problemsUpgrade problemsUpgrade problemsUpgrade problemsUpgrade problemsUpgrade problemsUpgrade problemsUpgrade problems • 11111111111111111.11: DHCP bugs TTTTTTTTTTTTTTTTTwo DHCP bugs 11111111111111111. Do not create DHCP reservation is host is static 22222222222222222. Ruby 1.8 issues (EL6 support to be removed in 1.13) hhhhhhhhhhhhhhhhhttps://theforeman.org/2016/06/foreman-1.11-dhcp- bugs.html
  74. 74. Community and Open-SourceCommunity and Open-SourceCommunity and Open-SourceCommunity and Open-SourceCommunity and Open-SourceCommunity and Open-SourceCommunity and Open-SourceCommunity and Open-SourceCommunity and Open-SourceCommunity and Open-SourceCommunity and Open-SourceCommunity and Open-SourceCommunity and Open-SourceCommunity and Open-SourceCommunity and Open-SourceCommunity and Open-SourceCommunity and Open-Source Licensed under a Creative Commons Attribution-2.0 License https://www.flickr.com/photos/maicosnap/4393929855
  75. 75. Foreman is Open-SourceForeman is Open-SourceForeman is Open-SourceForeman is Open-SourceForeman is Open-SourceForeman is Open-SourceForeman is Open-SourceForeman is Open-SourceForeman is Open-SourceForeman is Open-SourceForeman is Open-SourceForeman is Open-SourceForeman is Open-SourceForeman is Open-SourceForeman is Open-SourceForeman is Open-SourceForeman is Open-Source • GGGGGGGGGGGGGGGGGPLv3+ • WWWWWWWWWWWWWWWWWe've got around 20 patches integrated • TTTTTTTTTTTTTTTTThey rely mostly on open-source tools • CCCCCCCCCCCCCCCCCI, testing, bugtracker
  76. 76. Story: Foreman Global StatusStory: Foreman Global StatusStory: Foreman Global StatusStory: Foreman Global StatusStory: Foreman Global StatusStory: Foreman Global StatusStory: Foreman Global StatusStory: Foreman Global StatusStory: Foreman Global StatusStory: Foreman Global StatusStory: Foreman Global StatusStory: Foreman Global StatusStory: Foreman Global StatusStory: Foreman Global StatusStory: Foreman Global StatusStory: Foreman Global StatusStory: Foreman Global Status • PPPPPPPPPPPPPPPPPut in build mode, go back home • RRRRRRRRRRRRRRRRRestart on the next day • LLLLLLLLLLLLLLLLLooping reboots
  77. 77. Foreman global statusForeman global statusForeman global statusForeman global statusForeman global statusForeman global statusForeman global statusForeman global statusForeman global statusForeman global statusForeman global statusForeman global statusForeman global statusForeman global statusForeman global statusForeman global statusForeman global status • FFFFFFFFFFFFFFFFForeman keeps several status for hosts • PPPPPPPPPPPPPPPPPlugins can register a status • BBBBBBBBBBBBBBBBBut reporting and provisioning also • LLLLLLLLLLLLLLLLLet's use that for expired tokens (bug#5883)
  78. 78. SolutionsSolutionsSolutionsSolutionsSolutionsSolutionsSolutionsSolutionsSolutionsSolutionsSolutionsSolutionsSolutionsSolutionsSolutionsSolutionsSolutions • WWWWWWWWWWWWWWWWWrite a patch, keep it • WWWWWWWWWWWWWWWWWrite a plugin • WWWWWWWWWWWWWWWWWrite and upstream a patch
  79. 79. Advantages of upstreamingAdvantages of upstreamingAdvantages of upstreamingAdvantages of upstreamingAdvantages of upstreamingAdvantages of upstreamingAdvantages of upstreamingAdvantages of upstreamingAdvantages of upstreamingAdvantages of upstreamingAdvantages of upstreamingAdvantages of upstreamingAdvantages of upstreamingAdvantages of upstreamingAdvantages of upstreamingAdvantages of upstreamingAdvantages of upstreaming • FFFFFFFFFFFFFFFFFeature will be available in next releases • WWWWWWWWWWWWWWWWWe won't patch in the future • CCCCCCCCCCCCCCCCCalls in the patch will evolve as well • PPPPPPPPPPPPPPPPPeer review with the Foreman team • FFFFFFFFFFFFFFFFForced to write tests, doc, etc…
  80. 80. 2 weeks after2 weeks after2 weeks after2 weeks after2 weeks after2 weeks after2 weeks after2 weeks after2 weeks after2 weeks after2 weeks after2 weeks after2 weeks after2 weeks after2 weeks after2 weeks after2 weeks after • PPPPPPPPPPPPPPPPPatch is accepted for 2 weeks • AAAAAAAAAAAAAAAAA new bug is opened: performance problem (bug#14050) • SSSSSSSSSSSSSSSSSomeone else fixed the bug • WWWWWWWWWWWWWWWWWe applied the second patch
  81. 81. ConclusionConclusionConclusionConclusionConclusionConclusionConclusionConclusionConclusionConclusionConclusionConclusionConclusionConclusionConclusionConclusionConclusion Licensed under a Creative Commons Attribution 2.0 License https://www.flickr.com/photos/trevor-king/12534585293
  82. 82. Where can the Foreman improveWhere can the Foreman improveWhere can the Foreman improveWhere can the Foreman improveWhere can the Foreman improveWhere can the Foreman improveWhere can the Foreman improveWhere can the Foreman improveWhere can the Foreman improveWhere can the Foreman improveWhere can the Foreman improveWhere can the Foreman improveWhere can the Foreman improveWhere can the Foreman improveWhere can the Foreman improveWhere can the Foreman improveWhere can the Foreman improve • PPPPPPPPPPPPPPPPPerformance • SSSSSSSSSSSSSSSSSome features are missing from API • DDDDDDDDDDDDDDDDDecoupling from Puppet • ……………………………………………
  83. 83. Where did the Foreman improveWhere did the Foreman improveWhere did the Foreman improveWhere did the Foreman improveWhere did the Foreman improveWhere did the Foreman improveWhere did the Foreman improveWhere did the Foreman improveWhere did the Foreman improveWhere did the Foreman improveWhere did the Foreman improveWhere did the Foreman improveWhere did the Foreman improveWhere did the Foreman improveWhere did the Foreman improveWhere did the Foreman improveWhere did the Foreman improve • TTTTTTTTTTTTTTTTTests reliability • TTTTTTTTTTTTTTTTTesting Infra • CCCCCCCCCCCCCCCCCommunity • SSSSSSSSSSSSSSSSStability
  84. 84. The ForemanThe ForemanThe ForemanThe ForemanThe ForemanThe ForemanThe ForemanThe ForemanThe ForemanThe ForemanThe ForemanThe ForemanThe ForemanThe ForemanThe ForemanThe ForemanThe Foreman • SSSSSSSSSSSSSSSSStability, Maturity, Flexibility • MMMMMMMMMMMMMMMMMade out of bricks: complex but not complicated • IIIIIIIIIIIIIIIIIt meets our needs • IIIIIIIIIIIIIIIIIt is very active • PPPPPPPPPPPPPPPPPeople are welcoming
  85. 85. Any Question?
  86. 86. ContactContactContactContactContactContactContactContactContactContactContactContactContactContactContactContactContact Julien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien Pivotto julien@inuits.eujulien@inuits.eujulien@inuits.eujulien@inuits.eujulien@inuits.eujulien@inuits.eujulien@inuits.eujulien@inuits.eujulien@inuits.eujulien@inuits.eujulien@inuits.eujulien@inuits.eujulien@inuits.eujulien@inuits.eujulien@inuits.eujulien@inuits.eujulien@inuits.eu @roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie inuitsinuitsinuitsinuitsinuitsinuitsinuitsinuitsinuitsinuitsinuitsinuitsinuitsinuitsinuitsinuitsinuits https://inuits.euhttps://inuits.euhttps://inuits.euhttps://inuits.euhttps://inuits.euhttps://inuits.euhttps://inuits.euhttps://inuits.euhttps://inuits.euhttps://inuits.euhttps://inuits.euhttps://inuits.euhttps://inuits.euhttps://inuits.euhttps://inuits.euhttps://inuits.euhttps://inuits.eu info@inuits.euinfo@inuits.euinfo@inuits.euinfo@inuits.euinfo@inuits.euinfo@inuits.euinfo@inuits.euinfo@inuits.euinfo@inuits.euinfo@inuits.euinfo@inuits.euinfo@inuits.euinfo@inuits.euinfo@inuits.euinfo@inuits.euinfo@inuits.euinfo@inuits.eu +32 473 441 636+32 473 441 636+32 473 441 636+32 473 441 636+32 473 441 636+32 473 441 636+32 473 441 636+32 473 441 636+32 473 441 636+32 473 441 636+32 473 441 636+32 473 441 636+32 473 441 636+32 473 441 636+32 473 441 636+32 473 441 636+32 473 441 636

×