Hello,
With this post I’d like to announce a new effort to make Puppet integration an optional part of the Foreman project. The goal is to shape the Foreman as a neutral platform that can be integrated with any configuration management system, similar to how we integrate with other third-party services. Foreman core will continue to provide generic API’s for storing facts and reports, as well as providing means for plugins to extend and expose host attributes. We hope to make Puppet equal to other configuration management systems. While it’s already possible to install Foreman without deploying Puppet, users still see many menu items related to Puppet. There’s little value in showing Puppet Environments, Classes, Config Groups or Smart Class Parameters to users who don’t use it. We expect that this change will make Foreman simpler and easier to adopt for non-Puppet users, while still providing the same capabilities and support for those who choose to use Puppet.
Foreman was traditionally deployed with Puppet and we understand a lot of existing Foreman users are Puppet users, so we’ll focus on making the transition as smooth as possible. We also hope this will enable faster development and more contributors to the Puppet integration, as it will be better defined and less intertwined with other parts of the codebase.
We plan to achieve this in 2-3 upcoming releases, so 2.3 (or probably 3.0) should be a release where non-Puppet users will not see Puppet related screens, API endpoints and hammer commands. The whole effort will be led by @tbrisker who will make sure that we don’t decrease the quality of the integration in the process. I also expect @ezr-ondrej and @ekohl to be involved in this. You can expect RFC on the technical side of it soon. If you want to get involved, please reach out to @tbrisker.
Foreman has a core use case as a CMDB for your inventory. Shared resources will continue to be enabled by default as they are key components to this core use case across config management providers. You’ll still see Facts and Reports if you forward them from your Puppet server, even if you don’t enable Puppet integration in Foreman.
Last thing I wanted to mention is a big THANK YOU to everyone who shared their thoughts in the Community survey, Puppet mini-questionnaire and talked to us on recent conferences. That helps us to understand what we need to focus on during the process.
FAQ:
Q: Why are we doing it now?
A: This is a long time overdue, the first alternative configuration management integration dates back to 2013. However, a large driver for this is feedback from our community about simplifying the user experience. We believe this includes both a redo of the UI, and a simplification of the features in a default install. Our priority is the most thoughtful way of engineering this change without impact to the community.
Q: Is this just Red Hat pushing out Puppet in favor of Ansible?
A: No, Foreman has long strove to be neutral towards configuration management choices but have seen limited success due to the initial tie to Puppet during the early releases of the project. These proposed changes are working to finalize the neutrality of the core project.
Q: How will this work technically? Is the code going to be extracted to a foreman_puppet plugin?
A: At this point, it’s too early to say. @tbrisker and the team will start experimenting and investigate the best option. Plugin is one way, hiding the code behind a configuration option is another.
Q: What does it mean for Puppet integration maintenance?
A: Not much. While Puppet integration is part of the core application, it didn’t receive many contributions in the last few years. That means it’s mature and also a bit dusty. Touching it may result in dusting off. However we need help from users who use Puppet today since we don’t have many developers experienced with current Puppet best practices. We would be happy to leverage this opportunity to improve Puppet integration.
Q: Does that mean the installer will be rewritten?
A: No, we still plan to use Puppet as the engine for our installer, that does not need full Puppet infrastructure and only uses the agent package. There may be some changes that will be needed inside the installer to support this effort.
Q: Will the default Foreman installation (without Katello) still ship Puppet integration by default?
A: This is undecided at the moment, we may create more spins of Foreman in the future, but that’s a different discussion. Shared resources such as Facts and Reports will remain in Foreman core, therefore will be present in default installation.
Q: How will the Foreman installer scenario get its default certificates?
A: This is undecided at the moment. We are aware that currently properly setting up all certificates for Foreman is complicated and we may be able to take this opportunity to simplify it.
Q: How do I get involved?
A: Reach out to @tbrisker or reply to this post.
Q: How do I follow the progress?
A: We’ll use the standard channels, you can expect a discourse post for the technical solution, redmine issue tracker covering the effort and community demos showing the current state.
We’ll keep this post updated as more questions come in