Atomic Questionaire

We have not been able to go very far on this since Dmitri's last email so going to restate it.
Atomic Hosts can be installed a few ways but here are 2 ways relevant to foreman

1. PXE based provisioning.
2. Image based provisioning

Each have their own set of challenges and we need to figure out the right course of action here

1. PXE based provisioning -> Bare metal boot isos are provided as a part of installation by both RH and Community, but no kickstart trees are available for atomic. That means every time we provision a machine we would have to download a 700 MB iso and mount it at place accessible to the machine getting provisioned, and update the kickstart scripts to point to the mounted location. Similar to the approach detailed here https://access.redhat.com/blogs/1169563/posts/1318283 (even though he mounts it one location /var/www/html/pub/atomic there by making them accessible to the machines being provisioned). Also for capsule/smartproxy isolation scenario this may not be well suited because one would need to open up ports to access the mounted iso if we go the article's way.

2. Image based provisioning
   Atomic images are provided by both RH and Community. However in addition to using the images we need to create a "Configuration ISO" or "Cloud init iso" which holds metadata like the root password, allowable ssh keys etc. This information is needed by the image or else the provisioned image will be unusable. For the config iso we either make foreman build it or have the user some how upload it.

I am not aware of other ways to provision, that could be relevant here. Given these 2 being the main ways to provision we need to figure out whats the best way to make foreman/katello aid in this.

I believe at this point image based provisioning is the way to go.

Any opinions or suggestions, opening it to a larger group here.

Partha

Perhaps you can cross post over at
https://lists.projectatomic.io/mailman/listinfo/atomic

– bk

>
>
> 1) PXE based provisioning -> Bare metal boot isos are provided as a part
> of installation by both RH and Community, but no kickstart trees are
> available for atomic.

To the best of my knowlege, the "split-out install tree" is also not
available for Red Hat Enterprise Linux by default via the CDN - does that
match your understanding?
If this is correct, doesn't foreman or some other component already have
code to perform the spilitting?

> That means every time we provision a machine we would have to download a
> 700 MB iso and mount it at place accessible to the machine getting
> provisioned,

This process can happen once per ISO version, not once per machine
provisioning.

Atomic images are provided by both RH and Community. However in addition to
> using the images we need to create a "Configuration ISO" or "Cloud init
> iso" which holds metadata like the root password, allowable ssh keys etc.
> This information is needed by the image or else the provisioned image will
> be unusable. For the config iso we either make foreman build it or have the
> user some how upload it.
>

I call these "cloud images" to distinguish between other types of image.
And yes, the use of cloud-init metadata is common with other products.

One simple option is to synthesize the data from a ssh key, as well as
allowing the user to upload.

>
>
> We have not been able to go very far on this since Dmitri's last email so
> going to restate it.
> Atomic Hosts can be installed a few ways but here are 2 ways relevant to
> foreman
>
> 1) PXE based provisioning.
> 2) Image based provisioning
>
> Each have their own set of challenges and we need to figure out the right
> course of action here
>
> 1) PXE based provisioning -> Bare metal boot isos are provided as a part
> of installation by both RH and Community, but no kickstart trees are
> available for atomic. That means every time we provision a machine we would
> have to download a 700 MB iso and mount it at place accessible to the
> machine getting provisioned, and update the kickstart scripts to point to
> the mounted location. Similar to the approach detailed here
> https://access.redhat.com/blogs/1169563/posts/1318283 (even though he
> mounts it one location /var/www/html/pub/atomic there by making them
> accessible to the machines being provisioned). Also for capsule/smartproxy
> isolation scenario this may not be well suited because one would need to
> open up ports to access the mounted iso if we go the article's way.
>
> can we extract the iso into pulp and publish it as a kickstat tree?
alternatively, what is the effort to ask atomic guys to publish their
kickstart trees?

> 2) Image based provisioning
> Atomic images are provided by both RH and Community. However in addition
> to using the images we need to create a "Configuration ISO" or "Cloud init
> iso" which holds metadata like the root password, allowable ssh keys etc.
> This information is needed by the image or else the provisioned image will
> be unusable. For the config iso we either make foreman build it or have the
> user some how upload it.
>
> I am not aware of other ways to provision, that could be relevant here.
> Given these 2 being the main ways to provision we need to figure out whats
> the best way to make foreman/katello aid in this.
>
> I believe at this point image based provisioning is the way to go.
>
> Any opinions or suggestions, opening it to a larger group here.
>

I assume that Image works only virt/cloud instances, and in many cases, the
virtualization provider (openstack, ovirt, vmware etc) already provide a
way to inject userdata via the api (where they have to handle the details
of how to push iso/floppy etc into the hypervisor), libvirt is the
exception.

Going forward, imho, we need to have both ways of installing atomic (for
bare metal / virt usage cases).

Ohad

>
>>
>> 1) PXE based provisioning -> Bare metal boot isos are provided as a part of installation by both RH and Community, but no kickstart trees are available for atomic.
>
> To the best of my knowlege, the "split-out install tree" is also not available for Red Hat Enterprise Linux by default via the CDN - does that match your understanding?
> If this is correct, doesn't foreman or some other component already have code to perform the spilitting?
>
Yes don't see the split out trees by default. But even with the split out aren't we downloading like a 500 MB img file that has everything including content + configuration ?. May be thats is to be expected anyway…

Split out trees for both community and RH would still be useful though.

>> That means every time we provision a machine we would have to download a 700 MB iso and mount it at place accessible to the machine getting provisioned,
>
> This process can happen once per ISO version, not once per machine provisioning.
>
You are right as long the mounted version is accessible via network to machines being provisioned. In katello/foreman terms that probably means every capsule/smart proxy.

>
>
>
>>
>>
>> We have not been able to go very far on this since Dmitri's last email so going to restate it.
>> Atomic Hosts can be installed a few ways but here are 2 ways relevant to foreman
>>
>> 1) PXE based provisioning.
>> 2) Image based provisioning
>>
>> Each have their own set of challenges and we need to figure out the right course of action here
>>
>> 1) PXE based provisioning -> Bare metal boot isos are provided as a part of installation by both RH and Community, but no kickstart trees are available for atomic. That means every time we provision a machine we would have to download a 700 MB iso and mount it at place accessible to the machine getting provisioned, and update the kickstart scripts to point to the mounted location. Similar to the approach detailed here https://access.redhat.com/blogs/1169563/posts/1318283 (even though he mounts it one location /var/www/html/pub/atomic there by making them accessible to the machines being provisioned). Also for capsule/smartproxy isolation scenario this may not be well suited because one would need to open up ports to access the mounted iso if we go the article's way.
> can we extract the iso into pulp and publish it as a kickstat tree? alternatively, what is the effort to ask atomic guys to publish their kickstart trees?
>
Will check with pulp guys, but I think pulp supports uploading an iso. Think they have an "upload any file" content type.
But don't think they functionality to extract isos. But thats an interesting idea.

>>
>> 2) Image based provisioning
>> Atomic images are provided by both RH and Community. However in addition to using the images we need to create a "Configuration ISO" or "Cloud init iso" which holds metadata like the root password, allowable ssh keys etc. This information is needed by the image or else the provisioned image will be unusable. For the config iso we either make foreman build it or have the user some how upload it.
>>
>> I am not aware of other ways to provision, that could be relevant here. Given these 2 being the main ways to provision we need to figure out whats the best way to make foreman/katello aid in this.
>>
>> I believe at this point image based provisioning is the way to go.
>>
>> Any opinions or suggestions, opening it to a larger group here.
>
> I assume that Image works only virt/cloud instances, and in many cases, the virtualization provider (openstack, ovirt, vmware etc) already provide a way to inject userdata via the api (where they have to handle the details of how to push iso/floppy etc into the hypervisor), libvirt is the exception.
>
I guess we were trying to get it work with libvirt first and cloud init iso seemed to be the way to go since we could not find an api route to deal with this. Will check with the atomic folks.,

They do not have a transform step yet. There was some talk to turn RPMs
-> DeltaRPMS. Perhaps this is another transform use case?

But… I agree with Ohad… I assume we need the case of bare metal and
virt installs.

– bk

> From: "Partha Aji" <paji@redhat.com>
> To: foreman-dev@googlegroups.com
> Sent: Sunday, April 26, 2015 2:40:46 PM
> Subject: Re: [foreman-dev] Re: Atomic Questionaire
>
>
>
> >
> >>
> >> 1) PXE based provisioning -> Bare metal boot isos are provided as a part
> >> of installation by both RH and Community, but no kickstart trees are
> >> available for atomic.
> >
> > To the best of my knowlege, the "split-out install tree" is also not
> > available for Red Hat Enterprise Linux by default via the CDN - does that
> > match your understanding?
> > If this is correct, doesn't foreman or some other component already have
> > code to perform the spilitting?
> >
""Yes don't see the split out trees by default. ""
Correction: I mixed up RHEL Atomic iso vs RHEL. The rpm based RHEL isos are split-out by default in CDN.
We infact rely on that for PXEing rhel based hosts.

I meant to say for RHEL Atomic iso's I do not see the split out install tree.

You're right, I see it now. I was told it didn't exist, but obviously
that person was wrong =)

Can you report a bug downstream against the rhel-server-atomic product?
.

Cross posting this to pulp-list. Assuming a split out atomic tree is available, I am not sure pulp will be able to able sync the tree without a .treeinfo file. Which of the 3 suggestions or rfe's will help and provide the easiest path?

1. Pulp learns to sync and extract iso's directly.
2. Pulp learns to sync an extracted iso tree without the tree info file
3. We figure out an automated way to setup .treeinfo OR require the atomic isos to include them (both community and downstream.)

I 'd like 1 or 2 but would like to hear suggestions.

Partha

> From: "colin" <cgwalters@gmail.com>
> To: foreman-dev@googlegroups.com
> Sent: Monday, April 27, 2015 10:25:05 AM
> Subject: Re: [foreman-dev] Re: Atomic Questionaire
>
> >
> > Correction: I mixed up RHEL Atomic iso vs RHEL. The rpm based RHEL isos are
> > split-out by default in CDN.
> > We infact rely on that for PXEing rhel based hosts.
> >
> > I meant to say for RHEL Atomic iso's I do not see the split out install
> > tree.
>
> You're right, I see it now. I was told it didn't exist, but obviously
> that person was wrong =)
>
> Can you report a bug downstream against the rhel-server-atomic product?

Filed. Thanks!.