Help setting up libvirt on one host for use by foreman on another

Support
1

I have a RHEL-6.5 desktop that I run libvirt on. Normally I subscription-manager register this to my development foretello to test host/guest subscriptions (I work on the subscription aspects of katello). This development foretello runs from git on my laptop. What I would like to do is have the foretello running on my laptop use the libvirt on the desktop. I'm sure this is possible, but this is well out of my experience.

As a user, I would like to add an arbitrary running libvirt to foreman so it is fully functional to launch VMs and console into them.

As a user, I would like to provision a RHEL-6.5 server with libvirt and add it to the foreman that launched so it is fully functional to launch VMs and console into them.

As a user, I would like to provision a RHEL-6.5 server with RHEV-H and add it to the foreman that launched so it is fully functional to launch VMs and console into them.

I have this vision that I believe it is likely foreman can already do were it not for my own lack of knowledge. Hopefully foreman is the tool to abstract those details to a point that it is possible. This vision is, "As a user, I see a host in inventory and choose to make it a libvirt host for use in foreman."

Some resources I've looked through…
https://forge.puppetlabs.com/domcleal/katellovirt
https://github.com/theforeman/staypuft/blob/master/doc/setup.md

Thanks!

··· -- @thomasmckay


“The leader must aim high, see big, judge widely, thus setting himself apart form the ordinary people who debate in narrow confines.” ~ Charles De Gaulle

“Leadership is about making others better as a result of your presence and making sure that impact lasts in your absence.” ~ Harvard Business School

2

>
> I have a RHEL-6.5 desktop that I run libvirt on. Normally I subscription-manager register this to my development foretello to test host/guest subscriptions (I work on the subscription aspects of katello). This development foretello runs from git on my laptop. What I would like to do is have the foretello running on my laptop use the libvirt on the desktop. I'm sure this is possible, but this is well out of my experience.
>
> As a user, I would like to add an arbitrary running libvirt to foreman so it is fully functional to launch VMs and console into them.
>

This is easy, add a new compute resource -> and use the libvirt URL
qemu+ssh://<hostname>/system. Foreman needs to have SSH
keys to the libvirtd host.

On my own systems, I have a working PKI infrastructure so I
use TLS to auth to libvirt, which saves the trouble of deploying
SSH keys. It’s a bit more complex.

You’ll need a Smart Proxy in the network used by the libvirt
VM's so they can DHCP, TFTP, etc.

> As a user, I would like to provision a RHEL-6.5 server with libvirt and add it to the foreman that launched so it is fully functional to launch VMs and console into them.

You’ll have to call back from the provisioned host to the Foreman API
to add the compute resource.

> As a user, I would like to provision a RHEL-6.5 server with RHEV-H and add it to the foreman that launched so it is fully functional to launch VMs and console into them.

Provisioning an oVirt node w/ Foreman that automatically registered with
a Manager is doable. There’s some work being done on this, but I don’t
know how current it is.

http://www.ovirt.org/Features/AdvancedForemanIntegration

> I have this vision that I believe it is likely foreman can already do were it not for my own lack of knowledge. Hopefully foreman is the tool to abstract those details to a point that it is possible. This vision is, "As a user, I see a host in inventory and choose to make it a libvirt host for use in foreman.”

Sure, foreman_discovery should be able to do that. You’d need a libvirt host group
in Foreman, and some action to run on the host after provisioing (via Puppet, shell,
whatever) that calls back to Foreman to add the compute resource.

It would actually be interesting to have something like Staypuft that could deploy
an entire oVirt (or Libvirt) infrastructure, and then manage the lifecycle of
the VM’s.

··· On 14 Apr 2014, at 16:40, Tom McKay wrote:

Some resources I’ve looked through…
https://forge.puppetlabs.com/domcleal/katellovirt
https://github.com/theforeman/staypuft/blob/master/doc/setup.md

Thanks!


@thomasmckay


“The leader must aim high, see big, judge widely, thus setting himself apart form the ordinary people who debate in narrow confines.” ~ Charles De Gaulle

“Leadership is about making others better as a result of your presence and making sure that impact lasts in your absence.” ~ Harvard Business School


You received this message because you are subscribed to the Google Groups “Foreman users” group.
To unsubscribe from this group and stop receiving emails from it, send an email to foreman-users+unsubscribe@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at http://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.

3

>
> >
> > I have a RHEL-6.5 desktop that I run libvirt on. Normally I
> > subscription-manager register this to my development foretello to test
> > host/guest subscriptions (I work on the subscription aspects of katello).
> > This development foretello runs from git on my laptop. What I would like
> > to do is have the foretello running on my laptop use the libvirt on the
> > desktop. I'm sure this is possible, but this is well out of my experience.
> >
> > As a user, I would like to add an arbitrary running libvirt to foreman so
> > it is fully functional to launch VMs and console into them.
> >
>
> This is easy, add a new compute resource -> and use the libvirt URL
> qemu+ssh://<hostname>/system. Foreman needs to have SSH
> keys to the libvirtd host.

Ha! I will try this. The end result should just be a puppet module that does this all, right? Like @domcleal's katellovirt?

I mean some ports need to be opened, probably proxying to the launched VMs too for the console (not even sure I said that in proper technical terminology).

Is there some puppet to do the ssh key copying?

I guess what I'm asking is, none of this should be necessary to do by hand right? Puppet can do it?

··· ----- Original Message ----- > On 14 Apr 2014, at 16:40, Tom McKay wrote:

On my own systems, I have a working PKI infrastructure so I
use TLS to auth to libvirt, which saves the trouble of deploying
SSH keys. It’s a bit more complex.

You’ll need a Smart Proxy in the network used by the libvirt
VM’s so they can DHCP, TFTP, etc.

As a user, I would like to provision a RHEL-6.5 server with libvirt and add
it to the foreman that launched so it is fully functional to launch VMs
and console into them.

You’ll have to call back from the provisioned host to the Foreman API
to add the compute resource.

As a user, I would like to provision a RHEL-6.5 server with RHEV-H and add
it to the foreman that launched so it is fully functional to launch VMs
and console into them.

Provisioning an oVirt node w/ Foreman that automatically registered with
a Manager is doable. There’s some work being done on this, but I don’t
know how current it is.

http://www.ovirt.org/Features/AdvancedForemanIntegration

I have this vision that I believe it is likely foreman can already do were
it not for my own lack of knowledge. Hopefully foreman is the tool to
abstract those details to a point that it is possible. This vision is, "As
a user, I see a host in inventory and choose to make it a libvirt host for
use in foreman.”

Sure, foreman_discovery should be able to do that. You’d need a libvirt host
group
in Foreman, and some action to run on the host after provisioing (via Puppet,
shell,
whatever) that calls back to Foreman to add the compute resource.

It would actually be interesting to have something like Staypuft that could
deploy
an entire oVirt (or Libvirt) infrastructure, and then manage the lifecycle of
the VM’s.

Some resources I’ve looked through…
https://forge.puppetlabs.com/domcleal/katellovirt
https://github.com/theforeman/staypuft/blob/master/doc/setup.md

Thanks!


@thomasmckay


“The leader must aim high, see big, judge widely, thus setting himself
apart form the ordinary people who debate in narrow confines.” ~ Charles
De Gaulle

“Leadership is about making others better as a result of your presence and
making sure that impact lasts in your absence.” ~ Harvard Business School


You received this message because you are subscribed to the Google Groups
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to foreman-users+unsubscribe@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at http://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.

4

> > This is easy, add a new compute resource -> and use the libvirt URL
> > qemu+ssh://<hostname>/system. Foreman needs to have SSH
> > keys to the libvirtd host.
>
> Ha! I will try this. The end result should just be a puppet module that does this all, right? Like @domcleal's katellovirt?
>
> I mean some ports need to be opened, probably proxying to the launched VMs too for the console (not even sure I said that in proper technical terminology).
>
> Is there some puppet to do the ssh key copying?
>
> I guess what I'm asking is, none of this should be necessary to do by hand right? Puppet can do it?

FYI you can set libvirt for plain tcp (beware: unsecure) and get rid of
all the ssh keys mangling.

cat /etc/libvirt/libvirtd.conf

listen_tls = 0
listen_tcp = 1
auth_tcp = "none"

grep listen /etc/sysconfig/libvirtd

LIBVIRTD_ARGS="–listen"

Allow access only from your virtual network on your firewall and you are
safe :slight_smile:

··· -- Later,

Lukas “lzap” Zapletal
irc: lzap #theforeman

5

Looks like domcleal/katellovirt did that already. I can create a compute resource in the laptop foretello, see the existing VMs, and even console to them.

Next I tried to make a smart proxy on the laptop; is this correct? I could not figure out the proper url, though. The port configured in foreman-proxy is 9090. I'd either get:

Unable to communicate with the proxy: No such file or directory - /var/lib/puppet/ssl/certs/tomckay.localdomain.pem
Please check the proxy is configured and running on the host.

or

Unable to communicate with the proxy: ERF12-2530 [ProxyAPI::ProxyException]: Unable to detect features ([Errno::ECONNRESET]: Connection reset by peer) for proxy http://thomasmckay.usersys.redhat.com:9090/features
Please check the proxy is configured and running on the host.

depending on https or http.

··· ----- Original Message ----- > > > This is easy, add a new compute resource -> and use the libvirt URL > > > qemu+ssh:///system. Foreman needs to have SSH > > > keys to the libvirtd host. > > > > Ha! I will try this. The end result should just be a puppet module that > > does this all, right? Like @domcleal's katellovirt? > > > > I mean some ports need to be opened, probably proxying to the launched VMs > > too for the console (not even sure I said that in proper technical > > terminology). > > > > Is there some puppet to do the ssh key copying? > > > > I guess what I'm asking is, none of this should be necessary to do by hand > > right? Puppet can do it? > > FYI you can set libvirt for plain tcp (beware: unsecure) and get rid of > all the ssh keys mangling. > > # cat /etc/libvirt/libvirtd.conf > listen_tls = 0 > listen_tcp = 1 > auth_tcp = "none" > > # grep listen /etc/sysconfig/libvirtd > LIBVIRTD_ARGS="--listen" > > Allow access only from your virtual network on your firewall and you are > safe :-) > > -- > Later, > > Lukas "lzap" Zapletal > irc: lzap #theforeman > > -- > You received this message because you are subscribed to the Google Groups > "Foreman users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to foreman-users+unsubscribe@googlegroups.com. > To post to this group, send email to foreman-users@googlegroups.com. > Visit this group at http://groups.google.com/group/foreman-users. > For more options, visit https://groups.google.com/d/optout. >