We're sorry but this page doesn't work properly without JavaScript enabled. Please enable it to continue.
Feedback

Foreman integration with Chef

00:00

Formale Metadaten

Titel
Foreman integration with Chef
Serientitel
Anzahl der Teile
199
Autor
Lizenz
CC-Namensnennung 2.0 Belgien:
Sie dürfen das Werk bzw. den Inhalt zu jedem legalen Zweck nutzen, verändern und in unveränderter oder veränderter Form vervielfältigen, verbreiten und öffentlich zugänglich machen, sofern Sie den Namen des Autors/Rechteinhabers in der von ihm festgelegten Weise nennen.
Identifikatoren
Herausgeber
Erscheinungsjahr
Sprache

Inhaltliche Metadaten

Fachgebiet
Genre
Abstract
In this talk I'd like to show a live demo covering status of Foreman and Chef integration and try to answer the question "where do we want to get"? Also I could sum up what's needed to add similar support for config management tools of your will
65
Vorschaubild
1:05:10
77
Vorschaubild
22:24
78
Vorschaubild
26:32
90
115
Vorschaubild
41:20
139
Vorschaubild
25:17
147
150
Vorschaubild
26:18
154
158
161
Vorschaubild
51:47
164
Vorschaubild
17:38
168
Vorschaubild
24:34
176
194
Vorschaubild
32:39
195
Vorschaubild
34:28
IntegralVerzweigendes ProgrammWort <Informatik>WärmeausdehnungWasserdampftafelMereologieNichtlinearer OperatorPhysikalisches SystemRechter WinkelEnergiedichteCoxeter-GruppeMultiplikationsoperatorWald <Graphentheorie>Likelihood-FunktionProjektive EbeneDateiformatBitFront-End <Software>SprachsyntheseGruppenoperationVersionsverwaltungInstallation <Informatik>ClientVirtuelle MaschineXMLUML
SummierbarkeitGruppenoperationMomentenproblemGemeinsamer SpeicherRelativitätstheorieAblaufverfolgungPhysikalische TheorieWort <Informatik>DateiformatParametersystemKategorie <Mathematik>NeuroinformatikKorrelationsfunktionGraphDialektBitrateMereologieMailing-ListeQuellcodeNetzbetriebssystemInstallation <Informatik>Klasse <Mathematik>IterationBootenDatenmissbrauchServerClientHardwareATMDatensatzService providerMultiplikationsoperatorBildschirmmaskeSoftwareTypentheorieNetzadresseVirtuelle MaschineDirekte numerische SimulationFlussdiagramm
Installation <Informatik>Elektronische PublikationKonfigurationsraumMomentenproblemBootenThumbnailSoftwareQuellcodeVersionsverwaltung
Elektronische PublikationKonfigurationsraumVerkehrsinformationEndliche ModelltheorieSchnittmengeHeimcomputerKonfiguration <Informatik>BildschirmmaskeRelativitätstheorieDualitätstheorieEinfügungsdämpfungGemeinsamer SpeicherDateiformatMereologieZahlenbereichFormale GrammatikVarianzGamecontrollerSystemaufrufURLSpezifisches VolumenComputerspielServerStapeldateiDefaultClientPublic-Key-KryptosystemSkriptspracheDemo <Programm>ValiditätTemplateInstallation <Informatik>Digitales ZertifikatKlasse <Mathematik>ParametersystemOpen SourceProgrammierumgebungLebesgue-IntegralBitProgramm/Quellcode
Message-PassingDateiformatResultanteExistenzsatzEichtheorieVerschiebungsoperatorEinsAttributierte GrammatikTemplateDemo <Programm>LoginMultiplikationsoperatorFontPhysikalisches SystemSkriptspracheProgramm/QuellcodeXML
SchnittmengeTelekommunikationElektronische UnterschriftKlasse <Mathematik>MereologieVerkehrsinformationEinfach zusammenhängender RaumInstallation <Informatik>Online-KatalogClientCASE <Informatik>DifferenteInstantiierungMailing-ListeProzess <Informatik>Virtuelle MaschineAttributierte GrammatikIntegralServerPunktInternetworkingDefaultKartesische KoordinatenMomentenproblemDirekte numerische SimulationPublic-Key-KryptosystemVersionsverwaltungProxy ServerAuthentifikationOpen SourceRechenschieberRichtungDateiformatParametersystemSchlüsselverwaltungArithmetisches MittelMagnettrommelspeicherEuler-WinkelComputerspielPhysikalisches SystemMultiplikationsoperatorBildschirmmaskeKomplex <Algebra>Logischer SchlussVerschiebungsoperatorAnalysisQuellcodeIntranetEinsTabellePartikelsystemSchlussregelCompilerAlgorithmische ProgrammierspracheInformationMessage-PassingLeistung <Physik>WasserdampftafelSoundverarbeitungGruppenoperationSichtenkonzeptChirurgie <Mathematik>Basis <Mathematik>XML
TemplateMomentenproblemMultiplikationsoperatorClientVerkehrsinformationStrömungsrichtungBootenEreignishorizontHyperbelverfahrenPi <Zahl>Schreib-Lese-KopfKategorie <Mathematik>SystemaufrufMereologieDemoszene <Programmierung>Flussdiagramm
StatistikWeb-SeiteFlächeninhaltBildschirmmaskeVerkehrsinformationComputerarchitekturLastSoftwaretestFlussdiagramm
GruppenoperationPhysikalisches SystemTemplateVerschlingungIntegralAttributierte GrammatikGeradeVerkehrsinformationDistributionenraumClientMailing-ListeEin-AusgabeKomplex <Algebra>DifferenteDivisionHalbleiterspeicherCASE <Informatik>DateiformatBootstrap-AggregationMAPKonfigurationsverwaltungServerBenutzerbeteiligungSpeicherverwaltungMereologieMetrisches SystemDemo <Programm>Message-PassingMultiplikationsoperatorQuellcodeAuswahlaxiomPlug inSynchronisierungVirtuelle MaschineBenutzeroberflächeVersionsverwaltungWort <Informatik>Gesetz <Mathematik>BildschirmmaskeProdukt <Mathematik>Uniformer RaumOrdnung <Mathematik>MaßerweiterungLeistung <Physik>Natürliche ZahlWald <Graphentheorie>BitMathematikCoxeter-GruppePunktFrequenzProzess <Informatik>SoundverarbeitungVerschiebungsoperatorElektronische PublikationTeilbarkeitProgramm/QuellcodeXML
TermDatenstrukturLeistung <Physik>AnalogieschlussRelativitätstheorieDifferenteInformationBildschirmmaskeComputerspielMereologieAbstandWort <Informatik>VariableElektronische PublikationKonfigurationsverwaltungPhysikalisches SystemE-MailCASE <Informatik>MaschinencodeVerkehrsinformationWeb-SeiteVorlesung/Konferenz
Transkript: Englisch(automatisch erzeugt)
We have all these members of the party, so it's pretty hard to enter the market if you want to. I thought that was about the back end of the service, because I also got this. I don't even know if they do that now.
I think you guys are fine. I'm not used to all this as part of it. We don't speak English at all.
Of course, we speak English. Well, they speak English at all times. No, we don't speak English at all. We speak English at all times.
We speak English at all times.
All right. I think we're good to go now. It's 16.29. Somebody is one minute late. Mark, I wish you good luck.
So hello everybody. Welcome to my presentation about format integration with Chef. So first let me introduce myself. I'm not sure if you can see, but it's not important anyway. So my name is Marek Hunan and I work in Red Hat for more than one year now and most of the time I work on
the Foreman project. So first please let me know how many of you use Foreman and how many of you use Chef. Cool. So it wasn't wasted time I guess. So in this presentation I'd like to
briefly show you the status of our current work of the integration with the Chef. So I'll try to provision a new system in here and bootstrap a Chef client on this machine. Then I'll talk about other integration bits and I'll try to show you what are the challenges that we are
experiencing with further steps of integration. And also I'll try to mention how hard it is or how easy it is to actually integrate other integration. So this will be, or this
kind of scary part for me, but hopefully fun for you. So let me start with some life action. So as you can see here we have Foreman installed. It's the nightly version so hopefully you don't know a lot of that. So I'll just log in and I'll start with the provisioning very quickly because it will take some time.
In here I have a form for creating a new virtual machine. So I'll get a name. Now I select a host group.
This host is inside which here gives me, or by this I get the parameters in here from this host group so I don't have to say this for every host type provision. I select a compute resource so we could work with Vermetal or we could use any other compute resource provider. In here I've just delivered stuff
but we support Obert and other engines like Amazon, Google Compute Engines, VMware, things like that. Here you can see that I could also assign a puppet classes to this host so it would configure my host
accordingly, but we are trying to work with Chef here so just ignore this stuff for a moment. Here we can set up networking. So when Foreman creates this host it will also create DNS record and DCPVs. It will also configure a TFTP server so this host when boots it gets the IP address
and runs the installer in an attempt to fresh mode. Here we can select the operating system so I'll be installing a Debian in here and hopefully the wireless network will work during this.
Here I can set some hardware iterations and here we can see that we have some parameters I was talking about when I assigned the host group so these parameters are inherited from this host group and the most important part in here is that we can set that we would
like to use the Chef. We want to set the Chef server URL and also the elevation privacy which will be used when the Chef client is run for the first time to register in the Chef server that I've also installed here in my infrastructure.
So now when I hit the submit button I should see a new note in here. It's currently booting. So installer should start in a moment and it will download a configuration file for its installer so it knows what software should it install and things like that.
So I'll just put a thumbnail in here so we can see whether it works or not. So how is this working? It downloads the pre-seed configuration file. We support not only pre-seed installers but also installers based on Kickstart so we have
something called provisioning templates here and as you can see we have a number of them. So for Debian it's just a configuration file so you can preset the answers for
questions of installer. In a similar way we have this finish script which is basically a batch script and we have a responsible design. And here you can see it's basically just a batch script so you can see that we are looking into a parameter
value for a particular note and we can see that we don't want to use a puppet we want to use a Chef so we skip this puppet because the format as you probably know is built on top of the puppet so puppet is some kind of a first class format but in here in our template we have also support for Chef so here you
can see that we have this snippet that we call snippet is basically just another provisioning template which can be shared among other templates so let's look at that. And here is probably the most interesting part so this script
is run after installer finishes so as you can see it will install the Chef gem and also it will install the Chef handler format gem which contains the integrations bits we created. Also we created a file with a validation
certificate with a private key so the Chef client can register. Here is the Chef configuration file so this is the most important part here that we set the Chef server URL and also here you can see the configuration options
that we set for our integration. I'll talk about details later but here you can see again specify some URL and we enable face uploading and reports uploading for this Chef environment. And here we just set the default role
that should be assigned to this host so the client is then run. You can see it in here and when it's assigned this role it will just converge and set this role to the client persistently. So now we can look into this demo
role into Chef server so I have the open source Chef server installed here and we can see that the role demo has just one recipe and if you go to this book you can see that. So the only thing it does basically
is that it installs the package called toilet. It also uploads the BaskyArt font and it will set two templates in here so some login script which will basically just print out the host name of the particular host
and sets the message of the day to some attributes that we can find here so we should see the message of the day that this system is provisioned by the format and uses Chef. Okay so meanwhile because it will take some time to install
so I'll go on with other details. So I'd like to compare how the things work with Puppet and Chef so you can see what parts of the integration we already have and what should we concentrate on in the future. So in a Puppet, on some level of abstraction, every run or
run version of the node starts by sending a fact from the node to a Puppet master and the node asks for a kettle. In a Chef terminology this would mean upload the data from OHA and ask for a run list.
The Puppet master then can use in our setup and how it works with a format is that the Puppet master asks Foreman what public classes should be applied for this particular node and Foreman also provides the values for
the parameters for these classes that should be applied. Again in the Chef world it would probably mean something like give me the cookbooks and recipes for this node and provide me attributes for this host. Then the public master composes it to a catalog
and sends it back to the node. The node then converges and after this it uploads the report of this run to the Foreman. So the report in here means something like the log for every resource that was applied or restarted, things like that. So if we now look into the Chef world, the biggest difference in here
is that we communicate with the Foreman at the end of the run process. So node first asks for the run list and Chef answers with the run list and the node attributes which it computed based on roles and default attributes from cookbooks and things like that.
It sends it to the node, node then runs OHA and combines these attributes together then converges and uploads the status back to Chef and then optionally it can run some handlers, for example in a case when something went wrong or everything was okay. So for example you could use it for monitoring or things like that.
And here comes our part. We created a new set of handlers that you can use easily for your Chef client that will upload facts and by facts in here I mean all the Chef attributes to the Foreman and also it uploads the report of this particular run.
So to better understand the infrastructure I have here and I'm working with, I have this little overview. So every bubble is basically a node or host. You can see that I have a Foreman, hopefully you can see.
It's the bottom right corner which is running on my physical machine and all the other nodes are virtual hosts on my different instance. So I have the Chef open source server here and I already have some nodes that have Chef client installed and here is something we call the Chef Proxy
which is just some small application that's responsible for creating DNS and DHC triggers and things like that. And also in a 1.4 release we added this Chef Proxy feature which is currently used in here. So when nodes run the Chef client they upload the data
as you saw in the previous picture and this proxy actually handles the authentication. I'll talk about this in the next slide. And then forwards the data to the Foreman. The use case in here is that you can have nodes that don't have direct connection to the Foreman.
For example, they can't access internet and the Foreman Proxy would be the only entry point to your infrastructure. But you can also run, you could use the integration also without the Foreman Proxy or you can install Foreman Proxy on Foreman. This is, I would say, the most common use case.
So let's talk about the authentication for a moment. So in this example we upload the facts from the node. Chef client uses KB-based authentication. So we use the Chef client key that is used for direct communication with Chef
and we use it for making a digital signature and these data are signed in a Foreman Proxy and asks the Chef for the public key of this particular node. So then it can verify the digital signature. And if it matches it forwards the data to the Foreman.
So if we look to the status of our installer we can now see that it's running the finished template so it should be done in a minute. It basically installs the Chef gem and runs the client for the first time.
So in a very near moment we should see the node in here. But meanwhile, since it could take a minute or two, meanwhile we can look into Foreman and what it actually means that we upload this data from the Chef client. What's the benefit? So in Foreman we have these monitor features so you can see the overview of your infrastructure.
So we all like the pie charts, right? So we can see that we have the overview of all our hosts. Currently we see that we have one host with no reports. This is the host that I'm currently installing since the report was not yet uploaded but the host already exists within my infrastructure.
And we can see that I have seven host other things which means that these hosts are turned off and does not respond or does not upload any report for some time frame. Also we can see that last events that happened in my infrastructure
so these are basically the reports I will show details later. And now we can see that the host is booting. So now if I refresh the page, I should see already the report uploaded. So you can see that I have no host without reports right now
and the host is set as active. Also we have some statistics here so we can see some data load on our infrastructure within my testing infrastructure is not so interesting because I have the same architecture for all of them
but you get the idea. Now I could log into this new host to show that the group was applied so we can see nice SQL here saying my host name and also we can see that the system was provisioned by Foreman
and now it uses Chef. So back to Foreman, we can now see the data that were uploaded into a Foreman. So for every host you can see the history, for this node I have just one report and I can see that four resources were applied
which means something was installed or things like that and if we go into a detail we can see what exactly happened. So in here we can see that the template of message of the day was changed so we can also see the div. So we see that the system was provisioned by Foreman.
Also we see the details about what version of package was installed and we have some metrics here. Basically we have times per resource class. In here it's again not so interesting but I can show maybe some other example which is more powerful.
Also you can see that there were some problems for example and this is actually a report from Puppet but you have no way out to distinguish between them. So this is how it would look like for the Chef as well if we had more resources.
Okay so hopefully that's about reports and now facts. So facts are the data that are gathered by Ojai and also comes from Chef. So if we look for the node 5,
also as you can see we have auto-completion which is at the end there. We can now see all the facts or data for this node. We sort it by name. We can see that these data are the same as in Chef.
So in here if we look into the Chef server. So these attributes are basically the same we had in Foreman
but we have a different user interface for working with them. So as you already saw we can search for hosts like this and for facts. So we can for example find values for memory so we can see free memory on a particular node.
We can also search across the whole infrastructure so we can see the free memory on every node. We also generate charts for this.
In here it doesn't make pretty much sense but maybe if we look for another fact we can see the distribution of the value across the infrastructure so maybe we can find. We can see that I'm using WNVC on most of my machines
and there's some further on that we're going to cover. So that's probably the live demo so we can get back to the presentation. Okay so what about Fiverr integration? There are a couple of questions that we need to answer before we are moving on.
The most important fact is that we don't have easy way how to tell Chef client node which recipes should be executed. But we have to figure out what is the source of the choice. Is it the Chef or Foreman? Should you assign these recipes or cookbooks in a Foreman or still in a Chef?
Or do we need two way synchronization between Foreman and Chef and it's becoming a bit complex. And also if we allow users to assign these recipes and cookbooks in a Foreman then we are basically creating a new UI for a Chef.
We have command line tool as well on the same level as knife I would say. We have nice API and web UI but it feels like rewriting it. So to actually answer these questions we need your input here,
we need to hear your stories, we need to prepare use cases and then we can realize how you would like to use this together. So I also said that I will talk about how easy it is to add a support for other configuration management tools.
So we provide API, so everything you have to do is just upload data in a JSON format. So here you can see this is a format for uploading facts. Basically we support nested facts because obviously the Chef has the nested attributes.
So on line 7 you can see that you can also upload nested data. The same works for reports. The most important part in here is just that you have to compute all the metrics and status on the client which is usually easier because you have all the data up
from the run of the node. I'm not sure about Ansible. So to wrap up this presentation, the most important notes are that we need to hear your stories. We already provide some integration parts that you could use.
So for example you could provision a host and bootstrap a Chef client in there. Also you saw that you could use the monitoring and inventory listing within your Chef infrastructure. And the important note in here is that we want to go deeper.
We would like to see Chef better integrated but for that, as I already told you, we need to understand your input. Here are some links. So if you're interested and if you would like to share your use cases, please just visit us on the Foreman channel on Freenote.
Also here are some links for the Project Wiki and plugins you need for this integration. So I think it's time to thank for your attention and if you have any questions, I'm not sure about timing, but okay, so if you have any questions.
So maybe let me ask you, do you find this useful? Would you think to run the Foreman within your Chef infrastructure?
Okay, at least one? Okay, that's good. So once again, thanks for answering this question. Well, that's not a two-minute question.
I wouldn't recommend it, but I think there are... You know, it's a personal preference, I think, I would say. I have to admit I like Chef more, but that's not the reason. I think there can be use cases. For example, if you want to merge two infrastructures together and one is based on a puppet and one is based on a Chef,
you can use Foreman for this to manage both of them. For example, if there's some merging of two companies and things like that. Also, you just go into existing infrastructure, which is built on Chef and you would like to use Foreman, for example, for provisioning. So maybe this could be used as a tool.
Personally, I don't.
This is very, very fresh stuff, so I don't think... I know about some people using Chef with Foreman, but on a different level, they have some Foreman tools for running Chef. So I think there's no one already using it. There's no success story I know about.
But I think it should be possible to use it. So if you need any information how to start, just ask me or stop me on. So the question is whether there are any built-in notification system
for a REST from Chef file. Well, basically, these are the reports. So maybe I could show you... There's no notification. Foreman, I think, can't tell you that something went wrong to send an email. Yeah, it can, right. I'm sorry.
So there's a way how you can set up Foreman to, for example, send you an email of something went wrong. I'm sorry? What is the way? Um... I have to admit, I...
No, I think it's built-in. You just can set up, I would say, in some file or maybe using it first, but I haven't used that, so I'm sorry I can't answer. Also, Lord Levy is down there, so just attack him.
Well, I'm sorry, I don't... I think yes, but I'm not sure if I see all the corners that you are asking for.
I don't see anything wrong with that.
That's going to be the last question. Yeah, so the question was whether there are people working on support for other configuration management tools.
So there are some people from community that would like to help us with salt, but as far as I know, there's no code yet, just some information on the page how could we do that. So no code yet. Okay, so thank you.
All right, thank you very much.