[event] Deep Dive: Running the Foreman Stack in Containers - Mon 10th July, 2pm (UK)

Hi all,

Running Foreman in a container is a question that comes up from time to
time in the Foreman community. Eric Helms has been experimenting with
running the whole Foreman stack (core, proxies, plugins) inside
Kubernetes, and wants to show you how it looks. We'll be holding a deep
dive into this on Monday 10th July, at 2pm (GMT +1). You can tune in
here:

As always, we welcome your contributions to the video - do join us live
on YouTube Live chat or in our IRC channel to put your questions to
Eric!

Cheers,
Greg

Thanks for setting this up Greg.

I wanted to send out a few notes ahead of time so that folks can do any
background reading, using the work I'll be presenting or think about
questions they might have. If you want to send along questions ahead of
time you'd like addressed (or to ensure I cover) please feel free to reply
here and I'll do my best to work them into the presentation.

Rough Topics I'll be covering:

• Brief presentation on why containers, the technologies involved in build
  and deploy
• Architecture presentation of service breakdown
• How the PR[1] works
• Current state and future Roadmap

Thanks,
Eric

[1] https://github.com/theforeman/forklift/pull/424

Ey,

thank you for the video! really good stuff.

Since one of the strong points of k8s is to make rapid development I think
it would be good to make a P2 video showing that. Ex.: how can you
code/update/ mix and mach new services and deploy and/or rollback if broken.

I think also it would be good to add Kubernetes to the title to make it
more reachable in youtube.

Cheers,

Alex

> Thanks for setting this up Greg.
>
> I wanted to send out a few notes ahead of time so that folks can do any
> background reading, using the work I'll be presenting or think about
> questions they might have. If you want to send along questions ahead of
> time you'd like addressed (or to ensure I cover) please feel free to reply
> here and I'll do my best to work them into the presentation.
>
> Rough Topics I'll be covering:
>
> * Brief presentation on why containers, the technologies involved in
> build and deploy
> * Architecture presentation of service breakdown
> * How the PR[1] works
> * Current state and future Roadmap
>

I would be happy if you could also cover:

• Smart proxy features (and how it works - e.g. a container per feature
  with base container etc).
• Dev vs Production (whats in scope vs not)
• Installer - do we still need it in a context of a Kubernetes application?
• SCL ? can we move away from it?
• reuse? for example, https://github.com/manageiq?q=container have some
  basic ruby / rails containers etc
• application scaling ? (e.g. more dynflow workers etc).

sorry for the long list

thanks,
Ohad

Excellent one, thanks.

> Ey,
>
> thank you for the video! really good stuff.
>
> Since one of the strong points of k8s is to make rapid development I think
> it would be good to make a P2 video showing that. Ex.: how can you
> code/update/ mix and mach new services and deploy and/or rollback if broken.
>

I'll put this on the list for when we get to this in general. I've mostly
spent time just trying to get the stack to come up and not on advanced
workflows yet. This is definitely in the pipeline of things to look at
though. And I think it would be helpful to get info from users as to how
they see themselves wanting to use and deploy the stack on a platform like
this given what it can provide.

For example, in my current way of tackling it I am imaging users pulling
pre-built images and running them. That is, not pushing the requirement to
build the images on to the users. This comes with its own benefits and
potential downsides for flexibility.

>
> I think also it would be good to add Kubernetes to the title to make it
> more reachable in youtube.
>

Greg - is that possible to add keywords or adjust the title for Kubernetes
/ Openshift?

I did not get a chance to answer all the questions during the deep dive so
here is my follow up.

>
> * Current state and future Roadmap
>>
>
> I would be happy if you could also cover:
> - Smart proxy features (and how it works - e.g. a container per feature
> with base container etc).
>

I have not touched more of the core smart proxy feature management such as
DHCP and DNS yet.

> - Dev vs Production (whats in scope vs not)
>

I mentioned this in the video, but I'll recap. I have mostly targeted
production setups but there are known strategies for development. There are
a few ways we could consider and try to do development with this:

1. ansible-container run is local docker and has a section for
   dev_overrides [1]. With this you should point and mount source code
   directly in when using 'run' (however, run does not entirely work currently
   due to size of the setup)
2. Openshift could have a host path mounted for development and allow
   source code to be edited directly to use it as a dev environment
3. Openshift has an rsync strategy to rsync a directory to a container for
   development work

[1]
https://docs.ansible.com/ansible-container/container_yml/reference.html#dev-overrides

> - Installer - do we still need it in a context of a Kubernetes
> application?
>

I would say no given the current state of the installer. The installer is
designed around a single machine deployment currently. The puppet modules
themselves are not currently usable as they would each need to be tweaked
to allow for deploying no runtime configuration. We could then explore
trying to puppet apply them to build the containers. You could argue it is
bad on me to try to not re-use them due to all the work that has gone into
them. I just found starting from scratch and working with Ansible to be
easier and quicker than attempting to dissect them so far.

I do believe we still need an "installer" or "deployer" to orchestrate
everything being configured and setup for users. Our stack can get complex,
and between all the customization pieces, passwords, certificates, having a
tool to manage that would be useful for user interaction and ease.

> - SCL ? can we move away from it?
>

I think that's a big question. You are essentially asking can we move away
from RPM packaging (since Deb uses gems directly if I recall). There is a
valid argument for using gems directly. That would reduce build overhead,
allow for development and production to be closer to together and reduce
build time. We'd still want the SCL for runtime on enterprise Linux to
allow for upgrading the version of Ruby as I think that is better than
relying on RVM.

> - reuse? for example, https://github.com/manageiq?q=container have some
> basic ruby / rails containers etc
>

Sure, any container could be used as a base and built on top of. This would
come down to how much customization do we need or is there in an existing
container. Right now I build the entire stack, so every application gets a
container built except for using thirdparty Postgres and Mongodb.

> - application scaling ? (e.g. more dynflow workers etc).
>

I touched on this briefly, by default I am attempting to set services as
scaled by default to enforce getting used to and dealing with those
behaviors for scaling. For example, having 2 Foreman applications, 4 Pulp
workers by default. I have not yet tried a 2 or more foreman-tasks replica
yet. But I'll put it on my list to bump next spin up.

Eric

It appears to already be that way - looks like someone beat me to it

Greg