Post on 08-Apr-2018
8/6/2019 Foreman Fosdem
1/26
The Foreman
FOSDEM 2011Ohad Levy
8/6/2019 Foreman Fosdem
2/26
02/06/11 The Foreman - Ohad Levy - FOSDEM 2011
Why is your infrastructure special?
8/6/2019 Foreman Fosdem
3/26
02/06/11 The Foreman - Ohad Levy - FOSDEM 2011
Automate as many processes as possible,
using best practice where available, and actas the glue between the gaps
8/6/2019 Foreman Fosdem
4/26
02/06/11 The Foreman - Ohad Levy - FOSDEM 2011
The Foreman Realm
Provisioning
Configuration Management Puppet
Inventory and Activity Reporting
One (simple) interface/console/API for yourinfrastructure
8/6/2019 Foreman Fosdem
5/26
02/06/11 The Foreman - Ohad Levy - FOSDEM 2011
Segmented Network
Foreman Architecture
Foreman
DB LDAP / ADINTERNAL
PuppetPuppetPuppet
SmartProxy
ISCDHCP
SmartProxy
MSDNSTFTP
SmartProxy
PupetCA
SmartProxy
DNSDHCPTFTP
..
Restful APIHTTP(s)
LibvirtRHEV-M
EC2
Virtualization
SmartProxy
DNSDHCPTFTP
..
SmartProxy
ISCDHCP
SmartProxy
MSDNSTFTP
SmartProxy
PuppetCA
Reports
/Facts
/ENC
Web UsersAPI
8/6/2019 Foreman Fosdem
6/26
02/06/11 The Foreman - Ohad Levy - FOSDEM 2011
Provisioning
8/6/2019 Foreman Fosdem
7/26
02/06/11 The Foreman - Ohad Levy - FOSDEM 2011
JeOSJust Enough OS
8/6/2019 Foreman Fosdem
8/26
02/06/11 The Foreman - Ohad Levy - FOSDEM 2011
Template Engine
Kickstart, Preseed, Jumpstart
Managed per group of hosts (role, environmentand OS)
Snippets, (g)PXE, PXE Menus, grub..
We don't really care what we render but we doit safely
8/6/2019 Foreman Fosdem
9/26
02/06/11 The Foreman - Ohad Levy - FOSDEM 2011
Smart Proxies
DHCP, DNS, TFTP, Puppet(CA)...
Restful interface to network services
Easily extended
Runs on Linux/Windows
Allows each service to run on a different host
One(Foreman) to Many(Proxies) relationship Uses SSL for Encryption and Authentication
Could be used as a standalone service
8/6/2019 Foreman Fosdem
10/26
02/06/11 The Foreman - Ohad Levy - FOSDEM 2011
Virtualization Integration
One process to create virtual machinesregardless if its in your private or publiccloud
We currently support libvirt RHEV-M, EC2... is in the works
8/6/2019 Foreman Fosdem
11/26
02/06/11 The Foreman - Ohad Levy - FOSDEM 2011
Configuration Management withPuppet
8/6/2019 Foreman Fosdem
12/26
02/06/11 The Foreman - Ohad Levy - FOSDEM 2011
Inventory
Automatically collects your Puppet basedinventory (including your custom facts)
Easy to browse and search though your
inventory Facts can be used as a permission filter to your
hosts
8/6/2019 Foreman Fosdem
13/26
02/06/11 The Foreman - Ohad Levy - FOSDEM 2011
8/6/2019 Foreman Fosdem
14/26
02/06/11 The Foreman - Ohad Levy - FOSDEM 2011
Node Classifier
Simple UI to associate hosts with puppetclasses
Multiple Puppet Environment support
Allows you to group your hosts
Variable inheritance (split the variables from themanifests)
Update many hosts at once
8/6/2019 Foreman Fosdem
15/26
02/06/11 The Foreman - Ohad Levy - FOSDEM 2011
8/6/2019 Foreman Fosdem
16/26
02/06/11 The Foreman - Ohad Levy - FOSDEM 2011
8/6/2019 Foreman Fosdem
17/26
02/06/11 The Foreman - Ohad Levy - FOSDEM 2011
Reporting
Dashboard for all of your puppet hosts
Detailed Log for what Puppet did
Simple Search though the logs (show me all
hosts/reports with yum related activities)
Audit Log
Summary Emails
Alerting (API, Email etc)
8/6/2019 Foreman Fosdem
18/26
02/06/11 The Foreman - Ohad Levy - FOSDEM 2011
8/6/2019 Foreman Fosdem
19/26
02/06/11 The Foreman - Ohad Levy - FOSDEM 2011
More Puppet integrations
PuppetCA management
Trigger Puppet runs
Puppetdoc integration
Can work with your existing storeconfigs
Support multiple Puppetmasters
8/6/2019 Foreman Fosdem
20/26
02/06/11 The Foreman - Ohad Levy - FOSDEM 2011
8/6/2019 Foreman Fosdem
21/26
02/06/11 The Foreman - Ohad Levy - FOSDEM 2011
Restful API
Simple API to collect hosts (and their associated data)
Can by used by scripts
Can by used within Puppet as an alternative to
storeconfigs CRUD operations on most objects
8/6/2019 Foreman Fosdem
22/26
02/06/11 The Foreman - Ohad Levy - FOSDEM 2011
User Management
Internal and External (LDAP/AD) userauthentication
RBAC (Role Based Access Control)
Per host group, domain, fact etc Dynamic groups (AD like)
Can be used to CRUD and restrict to "your" set
of hosts self service
8/6/2019 Foreman Fosdem
23/26
02/06/11 The Foreman - Ohad Levy - FOSDEM 2011
Too many options?
You're not required to use every feature
Foreman has 3 modes of operation
Provisioning + Puppet
Puppet
Provisioning
8/6/2019 Foreman Fosdem
24/26
02/06/11 The Foreman - Ohad Levy - FOSDEM 2011
Final words
About 1.5 years old
20+ Contributors
Largest installation =~ 4000 active hosts
Homepage http://theforeman.org
Irc - #theforeman on freenode
Usergroup -http://groups.google.com/group/foreman-users (&dev)
http://theforeman.org/http://groups.google.com/group/foreman-usershttp://groups.google.com/group/foreman-usershttp://theforeman.org/8/6/2019 Foreman Fosdem
25/26
02/06/11 The Foreman - Ohad Levy - FOSDEM 2011
Questions ?
8/6/2019 Foreman Fosdem
26/26