Menu principal

Statut de la page

How to use the new virsh provider in Foreman 1.4

This morning I decided to play with a new Foreman 1.4 feature : TFTP, DHCP and DNS provider for my local workstation : virsh. Virsh provider allow you to manage DHCP and DNS libvirt’s network (via dnsmasq) for some local development. It allow to have a full provisioning workflow without having to install bind, tftpd and dhcpd. This post is hugely inspired from Foreman 1.4 manual. Libvirt configuration The first thing to do is to define a persistent virtual network in libvirt. Copy in a file named net-defintion.xml. You can off course change the network name, ip range, domain name, etc … $ cat net-defintion.xml <network> <name>default</name> <uuid>16b7b280-7462-428c-a65c-5753b84c7545</uuid> <forward mode='nat'> <nat> <port start='1024' [...]
Lire la suite
tags : foreman foreman-proxy libvirt linux admin nouveau pl-fr provisioning virsh
0 vote
19/01/2014 15:30
Ecrit par Fitzdsl Blog - Afficher l'article originel
Vus : 4242
Publié par Fitzdsl Blog : 27

Using PKGNG on FreeBSD with Puppet

This is how I installed the new package manager on FreeBSD : pkgng and how to use it with Puppet. This has been tested on a FreeBSD 8.3 jail with Puppet 3.2. Pkgng setup The official documentation is here. Pkgng installation: # portsnap fetch update # portmaster -dB ports-mgmt/pkg You need then to convert your package database to new pkgng format. Warning ! As mentioned in documentation, this step is not reversible. You won’t be able to use pkg_add anymore after that. # pkg2ng To use pkgng format by default, you must add in your make.conf: # echo "WITH_PKGNG=yes" >> /etc/make.conf Define new repository for pkgng: # mkdir -p /usr/local/etc/pkg/repos # cat /usr/local/etc/pkg/repos/FreeBSD.conf FreeBSD: { url: "http://pkg.FreeBSD.org/${ABI}/latest", mirror_type: "srv",  [...]
Lire la suite
tags : freebsd linux admin package pkgng pl-fr puppet
0 vote
05/11/2013 09:54
Ecrit par Fitzdsl Blog - Afficher l'article originel
Vus : 2357
Publié par Fitzdsl Blog : 27

Foreman 1.3 has been released

What’s new in that release ? Foreman 1.3 has just been released, let’s have a look to the content of that new version: The installer is now based on Kafo project. I didn’t test it because I always install Foreman with a git checkout The Hammer project (the Foreman CLI) is going on ! This is great because Foreman was lacking a good CLI at the beginning. However Core Team still warn that CLI is still limited, to be continued so. On Compute Resource level, the most wanted Amazon EC2 VPC support (Virtual Private Cloud) has been included. On top of that a first shot for GCE (Google Compute Engine) has been released. It’s now quite limited as it doesn’t support VMs that requires persistant disk creation. Spice support for Libvirt Compute Resource is now available And Foreman allows now to transform a VM seen like a BareMetal host in Foreman as … a VM associated to a Compute Resource! There is some changes also on API side. The API v2 is still [...]
Lire la suite
tags : chef foreman linux admin pl-fr puppet release sortie
0 vote
15/10/2013 08:28
Ecrit par Fitzdsl Blog - Afficher l'article originel
Vus : 1709
Publié par Fitzdsl Blog : 27

New webservice to manage monitoring downtimes with Livestatus

To follow my previous post about distributed monitoring, I had to update my script to manage nagios’ downtimes. I explained my first method in a previous article. I completly rewrote the webservice in python using Livestatus. The sources are available on my github. This script supports multiples Livestatus daemons. The use of this webservice is quite similar to the old one. You need to query an HTTP GET with multiples arguments. The query format is the following: ACTION=(schedule-svc-downtime|remove-svc-downtime|schedule-servicegroup-downtime)&MANDATORY_ARGUMENTS The MANDATORY_ARGUMENTS depends on the ACTION: If [...]
Lire la suite
tags : linux admin livestatus monitoring nagios nouveau pl-fr shinken supervision webservice
0 vote
31/07/2013 10:43
Ecrit par Fitzdsl Blog - Afficher l'article originel
Vus : 3416
Publié par Fitzdsl Blog : 27

Power management of Bare Metal servers with Foreman

Power management of bare-metal servers is a new feature that comes with Foreman 1.2. You will need to have deployed Foreman and smart-proxy to 1.2 to enjoy this. With that feature you will be able to provide a way to start, stop and reboot servers directly from Foreman’s Webinterface or from REST API. This has been tested on DELL servers configuring DRAC/ Smart-proxy configuration On your smart-proxy, you need: * The rubyipmi gem installed # gem install rubyipmi * ipmitool installed: # apt-get install ipmitool Configuration in Foreman You need to edit the host you want to manage with BMC: Go on foreman/hosts/server.example.com/edit Click on  Network tab Click on ‘Add Interface’ Type = ‘BMC’ You need then to get the MAC [...]
Lire la suite
tags : bare-metal bmc drac foreman foreman-proxy ipmi linux admin pl-fr serveurs smart-proxy
0 vote
19/07/2013 17:22
Ecrit par Fitzdsl Blog - Afficher l'article originel
Vus : 4036
Publié par Fitzdsl Blog : 27

Distributed monitoring with Nagios and Puppet

In the past I had only one Nagios3 server to monitor all my production servers. The configuration was fully generated with Puppet by Naginator. This solution even with drawbacks (hard to set specific alert thresholds, appliances without Puppet, etc…) is very powerfull. I never had to mind about monitoring configuration : I’m always sure that every host in production is monitored by nagios thanks to Puppet. However my needs have evolved and I begun to have distributed monitoring problems : 4 datacenters spread between Europe and USA and networks outages between datacenters raising a lot of False Positives alerts. I didn’t have any performance isssues as I have less than 200 hosts and 2K services. I tried Shinken, really I tried. 2 years ago and again this last few months. I had to package it into Debian package because all of our servers are built unattended : the installation script was not an option for me. On the paper Shinekn was perfect : * fully compatible with Nagios [...]
Lire la suite
tags : distributed distribuée linux admin monitoring naginator nagios pl-fr puppet shinken supervision
0 vote
16/07/2013 10:23
Ecrit par Fitzdsl Blog - Afficher l'article originel
Vus : 5233
Publié par Fitzdsl Blog : 27

Howto integrate Puppet, Foreman and Mcollective

Since we deployed Foreman in production, we didn’t use the ‘Run puppet’ button in Foreman’s interface because we run puppet with a crontab. However Foreman 1.2 release changed that : now smart-proxy have mcollective native integration. This is how to setup that. I assume that you already have a working Foreman and Mcollective setup. In all your ‘puppet’ proxies you need to : Install mcollective client and puppet plugin: # apt-get install mcollective-client mcollective-puppet-client You need to configure you mcollective client (/etc/mcollective/client.cfg). This configuration should be quite similar to the one you have for your desktop. You need then to grant the user foreman-proxy to run mcollective client : # visudo Defaults:foreman-proxy !requiretty foreman-proxy ALL = NOPASSWD: /usr/bin/mco puppet runonce * In your proxy configuration : :puppet: true :puppet_provider: [...]
Lire la suite
tags : foreman foreman-proxy howto linux admin mcollective pl-fr puppet smart-proxy
0 vote
08/07/2013 17:50
Ecrit par Fitzdsl Blog - Afficher l'article originel
Vus : 3776
Publié par Fitzdsl Blog : 27

How to run foreman-proxy with passenger

I recently decided to run my Foreman-Proxy daemon with Passenger instead of commonly used webrick. As we will see, the setup is quite simple. I assume that you already have apache and passenger installed (for Foreman, puppetmasted, …). As I use Git for my setup, my smart-proxy is located in /opt, I let you fix your paths! My apache configuration is (for apache2.4): Listen 8444 <VirtualHost *:8444> ServerName foreman-proxy.example.com ServerAlias proxy1.example.com DocumentRoot /opt/smart-proxy/public RailsAutoDetect On PassengerTempDir /opt/smart-proxy/tmp AddDefaultCharset UTF-8 HostnameLookups On SSLEngine on SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/proxy1.example.com.pem SSLCertificateFile /var/lib/puppet/ssl/certs/proxy1.example.com.pem SSLCACertificateFile /var/lib/puppet/ssl/certs/ca.pem <Directory /opt/smart-proxy/public> Require local Require ip 192.168.0.0/16 10.0.0.0/8 </Directory> CustomLog ${APACHE_LOG_DIR}/foreman-proxy.example.com/access.log [...]
Lire la suite
tags : apache2 foreman foreman-proxy linux admin passenger pl-fr smart-proxy webrick
0 vote
07/03/2013 08:59
Ecrit par Fitzdsl Blog - Afficher l'article originel
Vus : 2254
Publié par Fitzdsl Blog : 27

How to generate Puppet SSL certificate with “Alternative Name”

I needed to add DNS Alt name in order to setup a full SSL comunication between my 2 Foreman servers et their proxies. My problem was that my Foreman servers are used in faillover (with a VIP) and the clients use a generic DNS record and not directly their FQDN. This was a problem because the address didn’t match with the certificate’s CN. In order to fix that, I seted up a Puppet certificate where CN is the FQDN of the server (ie: foreman1.example.com) and which have an ‘Subject Alternative Name’ with VIP address (ie: foreman.example.com). This is really simple to do but not that easy to find on the internet: You first need to revoke the certicate on the master and remove it on the client : On the client (on Debian): # rm -rf /var/lib/puppet/ssl On the master: # puppet cert clean foreman1.example.com You should add to the client’s puppet.conf the following: dns_alt_names = foreman.example.com The you [...]
Lire la suite
tags : certificate dnsaltname foreman pl-fr puppet puppetca ssl
0 vote
06/03/2013 08:51
Ecrit par Fitzdsl Blog - Afficher l'article originel
Vus : 3078
Publié par Fitzdsl Blog : 27

Foreman migration without problems.

I just migrated my Foreman instances to 1.1 in production (I’ll writte later about nice new features on 1.1).

One of most important test I do before upgrading the production is the non regression of ENC output. What I mean is that I check that the new Foreman server sends the same YAML to the Puppet master during ENC lookup. I wrote a small ruby script (using the external controler script from Foreman community) wich compares YAML responses between 2 Foreman instances (ie: production and QA).

In order to support parameterized classes, Foreman changed a bit the YAML structure but this script supports this changement.
You can find it on my Github repo. You just have to change the 2 URLs of Foreman instances and set your login and password.

This script stop automaticaly if it founds a different node defintion between dev and production. This tool allow me to be more confident before a major Foreman’s migration.

tags : foreman linux admin migration pl-fr puppet ruby
0 vote
16/01/2013 16:18
Ecrit par Fitzdsl Blog - Afficher l'article originel
Vus : 1719
Publié par Fitzdsl Blog : 27
x

Login into Planet Libre

(?)
or Inscription
Powered by BilboPlanet