Move GCE to a plugin

voting

#1

Continuing the discussion from "Not Found" message when creating GCE compute resource:

GCE hasn’t been maintained in a long time. I suggest we migrate it to a plugin, or drop it entirely, and remove it from core.

  • Keep in core
  • Move to plugin
  • Drop entirely

0 voters


Connect Foreman 1.20 to GCE
#2

After some more thought on the issue, I think we should keep it in core and start maintaining it again. GCE is the 3rd largest cloud provider, and one of our strongest “selling points” for foreman is it works with whatever infra you use - we can’t just ignore GCE and keep stating that.


#3

My 2 cent: in case GCE is moved to a plugin, why should AWS be in core? In my eyes, maintain all these compute resource as plugin or try to have a good bundle of the most important in core. I would move even more to core as this is the power of foreman.


#4

While it’s nice to have it in core, I think everything in core should be well maintained. We can’t really say that for GCE right now. I don’t know about AWS but if it’s slowly bit rotting then moving it to a plugin makes sense. Plugins can also iterate at a different pace, for better or worse.


#5

This is not an official statement from Red Hat or anything, end of disclaimer.

According to Red Hat Satellite 6.3 official docs, these are the mentioned Compute Resources at the moment:

  • libvirt
  • RHEV
  • VMWare
  • OpenStack
  • EC2
  • Docker

If we as a community cannot maintain any of these, Red Hat will probably interfere and invest engineering resource in doing necessary changes. There is some general confidence that these components are “safe” and moving them into plugins does not need to happen now.

Now for the following resources the support scope is not clear from Red Hat documentation. Satellite 6 customers should reach out to their representatives in order to learn scope of support for these:

  • Google
  • Rackspace

Looking into git, Rackspace was mainly maintained by our currently non-active Dominic and Sam and GCE was created by Romain Vrignaud and then random people. I don’t see much activity of currently active community members for these.

Therefore it would be good idea to move both GCE and Rackspace into plugins short term and long term move everything into plugin. That’s our long-term thinking for whole Foreman application for many years already, this does not change. So my suggestion and proposal is actually: Move all Compute Resources to plugins, but start with GCE and Rackspace.

We should also call for maintainers, maybe a blogpost @Gwmngilfen?


#6

It’s in the newsletter which will be published shortly.


#7

This topic seems to have been abandoned and given GCE being such a big player I wonder how can it even be possible, with no one from Google investing on it.

Anyways, I upgraded today to 1.22 and I see that GCE integration is still broken. I can’t really determine even if what I used to use to connect is still valid.

What can be done to help? I really would like to if possible.


#8

@kgaikwad will probably have most up-to-date knowledge about this as she’s been working in this area lately. Could you provide any details about how the plugin breaks for you?


#9

@Guillem_Liarte, it would be great help if you provide more details about what is not working for you.


#10

Just adding a GC project, which worked in previous versions, does not work now. Importing VMs, Getting settings from VMs, any operation.
Also the documented procedure to add a GCE project is not complete, in my opinion. The difference between EC2 is abysmal.

Let me know what level of detail I should add here, logs, etc.

Basically, the same project and credentials work well using the GCE CLI, fail when used in later versions of Foreman.

In any case, I would be happy yo be proven wrong and have most of the functions working again with the current versions.


#11

Did you mean that with version 1.22, it fails to create ‘google’ compute resource for your project?
I would like to know below things before concluding anything:

  • Have you tried both CLI and web-UI for adding project i.e while creating ‘google’ compute resource?
  • It would be great if you share errors that you are facing while adding compute resource. +1 for logs.
  • What details you are using while creation
    • Are you using a service account?
    • Which key are you using while creating compute resource? is it of type .p12 or .json?

#12

@kgaikwad

I have tried to use Graphical UI only as I had only found instructions to do it that way in the past.

Yes, it is for 1.22 version.

It failed to play ball since some versions ago, if I remember correctly, I gave up about 1.18 or even 1.17, and now having more VMs in GCP than EC2, I tried again.

I had an existing project, and yes, I use a service account as per instructions of the type:

service-nnnnnnnnnnnn@compute-system.iam.gserviceaccount.com

The key is p12, again as per instructions ------> AH!

OK I stopped here, as I see that now the new instructions recommend JSON instead of p12.
My bad.

Let me try with that.


#13

OK So I shut my mouth: Yes it works. For reference, I was reusing something that used to work before, the p12 key, that does not work anymore.

The error message how ever was NOT clear at all about this. It failed with an auth issue, but it did not say why!

Thanks @kgaikwad for putting me in the right path. I see I can:

  • Add project
  • List current VMS
  • create an image
  • Associate profiles to images

I assume I can spin VMs from here or CLI, but i have not tried it, I script my way to do that as for almost two years I could not use it for GCP.

Are there any recommendations to do so?

With my current script, using gcloud and hammer, I can:

  • Spin an instance
  • Assign its external IP address to an A record in a designated forward zone
  • Assign a role or roles to instance with hammer
  • ssh into the instance using pre-shred keys in image and
    – Do LDAP setup
    – Run Puppet

I would think of using Terraform as I do for EC2, but, is it there a better way to do so from the Foreman CLI maybe?

Many thanks for digging me out of the hole and for the advice!


#14

If the issue is JSON vs p12, then would it be an idea to add a data validation to ensure the content is valid JSON instead of just text?


#15

+1, created issue - Bug #27025: Validate JSON keyfile for authentication as P12 keyfile deprecated - Foreman