We are using Foreman for a little time now and I wanted to share my experience on the product and see if we are wrong in our way we use the product…
I first looked on the web for a tool :
1/ To provision in a simple way Virtual Machines on our VMWare infrastructure
2/ To provision automatically, along with the VM, our different infrastructure tools (DNS, IPAM, Monitoring, Backup server…)
3/ To be able to push applications & configuration to those virtual machines
4/ To be able to execute, on demand, some commands & scripts on several VM at the same time
5/ To be able to monitor & deploy security patches on our VM
6/ To be able to execute, on demand, some commands & scripts on several network devices at the same time
7/ To be stable and simple !
Then I found Foreman who seems to perfectly fit our needs.
However, after some time using it, here is some problems or feature requests I’d like to share for each listed items.
1/ We are using VM Provisionning with User Data template (because boot PXE is not an option for us : too complex on the network side, longer than template provisionning). It works fine, however I find it a little too complex to deploy a new VM. Let’s take an exemple :
- You click on “Create Host”
- On the “Host” tab, you choose VM name and Host Group. OK
- On the “Virtual Machine” tab you must choose CPU, RAM, Disk… OK. But you must also choose some irrelevant information for a template deployment : Firmware, Guest OS, Virtual HW version… all these are included in the VMWare template and therefore ignored.
One feature also would be to be able to choose the specific ESX Host on which we want the VM to be deployed. Currently, it is always deployed on the Host where the template is stored, which force us to manually move the VM afterwards.
- On the “Operating System” tab, you must again choose Architecture, Operating System, the image name…
- Then finally you must configure IP information on the “Interfaces” tab. We are using an external IPAM tool, called Netbox. It would be really great that Foreman could work with external IPAM so that it only proposes free IPs.
To sum up, it would be great to have a “Create Host from Template” button, asking only for the needed informations : destination ESX, Image Name, CPU/RAM/Disk, Interface.
Also, a VMWare Template comes with a default disk size. When we choose a different disk size, we must manually resize it on the OS level. So maybe it would be great to gather information on the template, display it, and let the user decide whether he wants to add a new disk or change the template disk size
2/ After VM deployment, we would like to execute some commands on the Host and provision several different tools. To do so, we are using Hooks. First feature request : be able to configure Hooks through the WebUI, because actually it’s just a script on the foreman server… not very user friendly.
We use a “create” hook that just does a “touch file”. Then we use a “after_commit” hook to execute the real script because during the create or post create we don’t have access to all the Host information (see “Problem with Hooks events” support entry).
The problem of doing so is that there is no graphical information, during Host Creation, whether the process was ok or not.
Our after_commit hooks are currently :
- Creating all VM and IP information on our Netbox IPAM through webservices
- Deploying the Foreman Proxy SSH Key so that Foreman Remote Execution can work
We would like also to be able to, in the future :
- Automatically provision our Network Monitoring tool (Centreon)
- Automatically provision our Backup tool
- Automatically update our DNS server (Windows AD)
Last thing, when we delete a Host we must be able to automatically “unprovision” all those tools.
To do so, we are currently using a “destroy” hook, but again without any information on the WebUI if the process was ok or not.
To sum up : are hooks the right way to achieve all this ? If yes, it would be great that hooks can be completely integrated in the WebUI instead of having to change script files.
3/ To push application & configuration to deployed VM, we are mainly using Puppet (because it is the most integrated into Foreman). However, Puppet requires an Agent on the VM and some network port to be opened (which is sometime forbidden by our customers security policy).
Puppet Agent is deployed, after Host Creation, through a Remote Execution job template.
For our “complicated” hosts, we are using Ansible. Far more simple as it does not require an agent and just SSH connection. However, Ansible is today not very integrated in the WebUI.
To sum up : it would be great to have a real Ansible integration on the WebUI.
4/ Remote Execution is a great tool, however when I run it on several Host at a time, it often fails for some hosts, without good reason. For instance, I just tried to execute “uname -a” on 12 Linux Hosts. 58% Failed with “Net::SSH::AuthenticationFailed”. However, if I rerun only failed Hosts several times, it ends up to work on all of them. This Module does not seem very reliable…
5/ We are using CentOS and Ubuntu Linux Distribution. As far as I understand, Katello plugin does only deal with rpm packages. Is there a solution for monitoring & deploying security fixes regardless of the OS distribution ?
6/ Here, it is the only thing were Foreman clearly does not do the Job. First, Host Creation seems to be always tied to a deployment (through PXE or VM Template). Not possible to simply create just an empty Host representing a Network Device (or even a remote Standard Host not deployed by Foreman). I had to do so through a job template and a hammer command.
Then, for Network Devices, Remote Execution does not work because it is build in such a way that it needs a linux shell on the remote device. I tried using Ansible, but did not manage to make it work either…
7/ Stability seems OK, but regarding simplicity, Foreman is not the best product ever…
Installation is quite complex (even with the foreman setup wizard), logs are complicated to find and analyse, monitoring is not very obvious (for instance, I see a red cross on a Host. What happens ? I click on it, it says “Status : Error” and “Execution : last execution failed”. OK, then how do I go from there to the explanation of those errors ?), many things are not integrated in the WebUI (see my previous remarks).
Anyway, Foreman stays a great product, but I think it would gain in being more “user friendly” and simple for dumb users as me
Thank you for your feedback on this message !