People may know I work for Red Hat to work on Satellite and its upstream(s), but even before I joined Red Hat I was already a Foreman user, Puppet user (started on 0.25.x) and co-maintainer of Foreman’s installer. Notably, the installer uses Puppet (through kafo). I’m also part of Vox Pupuli’s Project Management Committee and overall strong proponent of open source. What I’m writing here is my own opinion, but I think I’m in a position to have an opinion.
Many people have chosen Puppet and invested a lot of time and energy into it because it was open source. I see Perforce’s statement as a betrayal of the implicit social contract now that it’s moving to open code. I will not sign any EULA to get access to Puppet and if all the bits (including the gems) require that, it’s a problem. While a lot is still unclear (there’s a town hall planned for next week), I’m counting on the worst case scenario. Perforce’s actions mean I no longer give them the benefit of the doubt.
For the long term there is an effort that investigates a whole new deployment model, based on containers. While it’s very early days, GitHub - theforeman/foreman-quadlet is where the experiment is built. There are many open questions (some tracked in issues), but I think eventually this will replace the entire installer.
Then there is also the other big component: integration with Puppetserver. Luckily we mostly talk over REST APIs and as long as those APIs don’t change, we should be good. Here is another place where we will probably switch over to the fork and make the EULA-protected bits a best effort support, if at all supported. That will very much depend on the community’s desires and willingness to fix issues.
These are my own opinions and vision for the future. I’m posting this to the community section to ask for your opinions so please share them.
My two cents as a user of both Foreman and stand-alone (Open Source) Puppet
I hope there will be no need for an “hard fork” - as far as I understood Open Source Puppet should remain under Apache 2.0 and continue to be developed publicly (although slower than “hardened Puppet”), so building the binaries/gems might be enough (the situation should be monitored until it’s clear).
Although selling sw based on a open core/upstream, or additional components/support (see Foreman and Satellite or Orcharino, or the various OpenStack distributions) is widely accepted (we all need a wage :D), I agree that Perforce’s move is upsetting (and possibly might reduce contributions to OSP) - people contribute to open software for mutual benefit, why should they contribute to a software they’re paying for? We’ll see how this goes
About the installer, I’d prefer to still have the alternative to install it on a machine through packages, for easier customization and reduced overhead (even though the management might get more complicated) [XKCD + meme to have a laugh]
And well, I hope that it will still be possible to integrate OSP into Foreman and use it to automate
I understand the motivation to move away from the installer. Would be a shame though as I started using kafo2 for an installer for Icinga some time ago.
I haven’t really posted an update, but a lot has happened. Those following along have probably seen that Vox Pupuli has forked into OpenVox. During cfgmgmtcamp we could see that effectively the entire community is moving over. Since then the EULA has also been published and as expected, it’s problematic to say the least (a small example).
I don’t see how we can reasonably continue testing with Perforce Puppet. Luckily for now OpenVox is mostly a drop in replacement and I think soon we should start with converting Foreman to rely on OpenVox.
What hit me today: Puppet Open Source even 8.10 which is the latest release is now EOL February 2025, after this it is Puppet Core. So everyone who was not able to process with a migration could be left with a security issue in very near future!
I would suggest to have a meeting about the strategy we want to take. There are some options we should discuss and we should talk about the time frame when we are able to take one or the other route.
I guess and hope @Dirk and @ekohl are interested in this - and hopefully @knoppi from our side. Someone else who should join?
Definitely interested, especially as from an enterprise / customer view I do not see good options (yet). Another opinion I would be interested in is @tuxmea or @bastelfreak if we do a meeting and they want to join.
from an enterprise / customer view I do not see good options (yet).
I think the openvox packages are the only way forward, and I think it’s a good path. The project is now owned by an open source org which in turn is baked by different companies. I think that’s the best structure for a project. Vox Pupuli itself receives sufficient funding from those companies, and there are also different consulting companies around that offer commercial training/support/consulting/development, for openvox, to their customers.
Hey, just want to chime in on this. We’ve experimentally validated that the Foreman currently works properly with OpenVox. Because we’ve committed to maintaining command line compatibility for the foreseeable future, it only takes a small docs change to move. Simply install OpenVox where your install docs instruct the user to install Puppet and everything just works.
So everyone who was not able to process with a migration could be left with a security issue in very near future!