Intro to Foreman 2017 (cfgmgmtcamp Gent)

Transcript

1. Introduction to Foreman (2017 edition!) cfgmgmtcamp Gent ‘17 Daniel Lobato

   García (@dLobatog)

2. FOREMAN AT PUPPETNYC - 07/30/15 2 Lifecycle management tool for

   physical and virtual servers FOREMAN 101

3. FOREMAN AT PUPPETNYC - 07/30/15 3 Provisioning Configuration Monitoring FOREMAN

   101 Lifecycle

4. FOREMAN AT PUPPETNYC - 07/30/15 4 BARE METAL VIRTUAL MACHINE

   PXE (vmlinuz + initrd) Optional: discovery (micro image) Image based Optional: Cloud-init FOREMAN 101 Provisioning

5. FOREMAN AT PUPPETNYC - 07/30/15 5 FOREMAN 101 Provisioning •

   DNS • DHCP • AD/IPA realms • PuppetCA autosign

6. FOREMAN AT PUPPETNYC - 07/30/15 6 FOREMAN 101 Configuration Network

   B Network A Smart Proxy Ansible Smart Proxy Puppet master

7. FOREMAN AT PUPPETNYC - 07/30/15 7 FOREMAN 101 Configuration Daemon

   to integrate with existing services • Puppet masters / CA • Salt master • Chef server • AD DNS • Etc... Main tool to make Foreman work in segmented networks Smart Proxy

8. FOREMAN AT PUPPETNYC - 07/30/15 8 FOREMAN 101 Configuration -

   ENC classes: docker: puppetdb::server parameters: puppetmaster: puppetmaster.mylan foreman_env: production foreman_subnets: [] foreman_interfaces: - mac: e6:1f:13:7e:4e:47 ip: 10.16.76.82 type: Interface name: attrs: {} virtual: false link: true identifier: enp0s26u2 managed: true subnet: environment: production

9. FOREMAN AT PUPPETNYC - 07/30/15 9 FOREMAN 101 Monitoring Configuration/system

   inventory • Puppet facts • Puppet reports storage • Salt highstate • Chef reports • ABRT • OpenSCAP

10. SAME AS ANY OTHER YEAR?

11. CONFERENCIA RAILS 2016 11 INSTALLATION OF A RACK SERVER

12. CONFERENCIA RAILS 2016 12 INSTALLATION OF A RACK SERVER 1)

    Upon first connection, Foreman Discovery PXE boots the hosts and provisions them with the right OS and host group and DHCP/DNS setup

13. CONFERENCIA RAILS 2016 13 INSTALLATION OF A RACK SERVER

14. CONFERENCIA RAILS 2016 14 INSTALLATION OF A RACK SERVER

15. CONFERENCIA RAILS 2016 15 INSTALLATION OF A RACK SERVER

16. CONFERENCIA RAILS 2016 16 INSTALLATION OF A RACK SERVER

17. CONFERENCIA RAILS 2016 17 INSTALLATION OF A RACK SERVER

18. CONFERENCIA RAILS 2016 18 INSTALLATION OF A RACK SERVER

19. CONFERENCIA RAILS 2016 19 INSTALLATION OF A RACK SERVER

20. CONFERENCIA RAILS 2016 20 INSTALLATION OF A RACK SERVER

21. CONFERENCIA RAILS 2016 21 INSTALLATION OF A RACK SERVER

22. CONFERENCIA RAILS 2016 22 INSTALLATION OF A RACK SERVER 1)

    Upon first connection, Foreman Discovery PXE boots the hosts and provisions them with the right OS and host group and DHCP/DNS setup 2) Foreman sets up the right SSH keys for remote execution and Ansible automatically

23. CONFERENCIA RAILS 2016 23 INSTALLATION OF A RACK SERVER

24. CONFERENCIA RAILS 2016 24 INSTALLATION OF A RACK SERVER

25. CONFERENCIA RAILS 2016 25 INSTALLATION OF A RACK SERVER 1)

    Upon first connection, Foreman Discovery PXE boots the hosts and provisions them with the right OS and host group and DHCP/DNS setup 2) Foreman sets up the right SSH keys for remote execution and Ansible automatically 3) After the host is created, Ansible runs automatically to enforce its roles

26. CONFERENCIA RAILS 2016 26 INSTALLATION OF A RACK SERVER

27. CONFERENCIA RAILS 2016 27 INSTALLATION OF A RACK SERVER 1)

    Upon first connection, Foreman Discovery PXE boots the hosts and provisions them with the right OS and host group and DHCP/DNS setup 2) Foreman sets up the right SSH keys for remote execution and Ansible automatically 3) After the host is created, Ansible is ran automatically to enforce its role 4) Foreman Remote Execution scheduled jobs keep the host updated. Errata and OpenSCAP policies are checked every night.

28. CONFERENCIA RAILS 2016 28 INSTALLATION OF A RACK SERVER

29. CONFERENCIA RAILS 2016 29

30. CONFERENCIA RAILS 2016 30 INSTALLATION OF A RACK SERVER 1)

    Upon first connection, Foreman Discovery PXE boots the hosts and provisions them with the right OS and host group and DHCP/DNS setup 2) Foreman sets up the right SSH keys for remote execution and Ansible automatically 3) After the host is created, Ansible is ran automatically to enforce its role 4) Foreman Remote Execution scheduled jobs keep the host updated. Errata and OpenSCAP policies are checked every night. 5) Decommissioning of all host “facts.rack_location = C932” • Foreman auto removes DNS entries, DHCP lease, and Puppet CA autosigns.

31. 31 FOREMAN AT PUPPETNYC - 07/30/1 5 THEFOREMAN.ORG Foreman-users #theforeman

    on Freenode IRC @ForemanProject