What do you want to see in Foreman next?

Hi Everyone,

as we wrap Foreman 1.1, I wanted to check with Foreman users on what they
find good/useful in Foreman, and what they would like to see improved/added
in coming versions?

Thanks,
Ohad

I'm not sure if this is best done by foreman, but I'll try to describe what
I'm working on should anyone have suggestions: I would like to see a way of
generating yaml files not necessarily associated with a host.

The problem that I'm trying to solve is keeping puppet config data unified.
I have an apache farm serving out 700-some virtual hosts. For that large
amount of apache config files, I don't want to have puppet directly manage
them as iterating through a large list of files and checking sums would be
an intensive process. So I'd like to have a deb file built with the needed
bits. That deb file is generated from a yaml file of sites.

Thus, our workflow is currently:
check site.yaml into git -> post commit hook kicks off a jenkins run ->
builds a deb file of apache configs -> kicks off an mcollective message to
kick puppet on the apache servers to ensure they are running the latest
version of our sites.deb file.

So as it stands we have some config info in foreman for most host
configuration, and now some config info in extra yaml files managed in git.
It would be nice if there was some way to manage bulk data like that in
foreman, so we could use one tool for our systems administration and
auditing.

Additionally, we patched foreman to run an mco command to trigger client
puppet runs using the puppetkick bits. It would be nice if there was
mcollective support natively.

Finally, I would also like to see foreman utilize puppetdb since
storedconfigs seems to be going that way.

I would love to see support for parameterized definitions next to
classes. Should probably be optional and will require to have some
work done on the puppet side too.

Hi Ohad,

what about a Foreman-MCollective integration?? I posted this a couple of
weeks ago in this group:
https://groups.google.com/d/topic/foreman-users/vmCcTsdidD0/discussion

I also know there are some other users waiting for such integration.

Thanks
Cesar

> Hi Everyone,
Hello, and happy new year!

> as we wrap Foreman 1.1, I wanted to check with Foreman users on what they
> find good/useful in Foreman, and what they would like to see improved/added
> in coming versions?

I see main axes where Foreman can improve :

• Better data management. Foreman was born as a Puppet ENC. IT's main role is
  to be the glue between hosts, variables and classes. The bug tracker
  contains already good feature requests in this field. I wish Foreman add
  as much features as possible regarding data management.

• Polishing Foreman as application. Better error description and reporting,
  more careful to small details, better documentation (This one is directed
  also at me as I could help making the one in place better)

Regards,

Benjamin

Hiera support would be very useful - we've just externalised a lot of our
configuration data into Hiera, but getting people to edit YAML/JSON files
isn't nearly as nice as being able to do it via the Foreman interface. At
the moment I use Foreman for unattended builds and as an ENC, so Hiera is
the last component that isn't under Foreman.

Andy

+1 to mcollective integration (puppet console 'live management')
+1 to hiera

I think foreman does do something like hiera with smart variables and
paramaterized classes … but puppetlabs is supporting hiera so its kind of
the path I would prefer to use when abstracting out my params/data.

Thanks!
Jake

> I'm not sure if this is best done by foreman, but I'll try to describe
> what I'm working on should anyone have suggestions: I would like to see a
> way of generating yaml files not necessarily associated with a host.
>
> The problem that I'm trying to solve is keeping puppet config data
> unified. I have an apache farm serving out 700-some virtual hosts. For that
> large amount of apache config files, I don't want to have puppet directly
> manage them as iterating through a large list of files and checking sums
> would be an intensive process. So I'd like to have a deb file built with
> the needed bits. That deb file is generated from a yaml file of sites.

Are foreman smart variables (or maybe even class params) are in any use
here?

I wonder if on a higher level, we can't simply store BLOB (e.g. whatever)
data as a paramter, i think we can, if you had a simple way to upload YAML
(or whatever) is that good enough? or do you need to perform some logic on
that data?

> Thus, our workflow is currently:
> check site.yaml into git -> post commit hook kicks off a jenkins run ->
> builds a deb file of apache configs -> kicks off an mcollective message to
> kick puppet on the apache servers to ensure they are running the latest
> version of our sites.deb file.
>
> So as it stands we have some config info in foreman for most host
> configuration, and now some config info in extra yaml files managed in git.
> It would be nice if there was some way to manage bulk data like that in
> foreman, so we could use one tool for our systems administration and
> auditing.
>
>
>
> Additionally, we patched foreman to run an mco command to trigger client
> puppet runs using the puppetkick bits. It would be nice if there was
> mcollective support natively.
>

Would you mind sharing your patches? I"m sure you are not the only one who
wants this feature, and it could be used as a starting point for
implementation?

>
> Finally, I would also like to see foreman utilize puppetdb since
> storedconfigs seems to be going that way.
>

The main question I have here, is which kind of data do you want to pull
from puppetdb? if its plain facts, I'm not sure i see the benefit, if its
catalog, then the first question, is what do you want to do with it, then
we could figure out what exactly and where we pull data from, it is true
however, that we are moving away from traditional store configs, and i
think that starting 1.2 version we would not support sharing the two
databases (simply dump the db to another db and use it as foreman one).

thanks,
Ohad

> Hi Ohad,
>
> there are two things that would be very helpful for us:
> - having the Foreman configuration available in Puppet via ENC Variables,
> e.g. the IP addresses configured for the host.
>
I think thats already supported (assuming you turn on
ignore_puppet_facts_for_provisioning setting, you would get a mac/ip
values in your enc), but that was done mostly as a solution for something
else, and would not report other interfaces (now that 1.1 supports multiple
nics).
would you mind opening an issue, it should not be hard (read easy) to add
that info to the ENC output.

• the API covering all configurable aspects of the Foreman (no need to
  > access reports, audits, …) to make an automated
  >

> customization easier and independent of the database structure.
>
Thats one of the main things we added in 1.1 (along side with multi
orgs/locations support and param classes), there is no pretty useful (i
think) documented api (with multiple version support - read - we dont break
your scripts if we change our api)
you can get a glance at the new api at
http://server2.theforeman.org/api.html

there are a couple of CLI that are now done, there is a ruby one, that can
be auto generated via the api docuemntation, and another python version
called foreman buddy (https://github.com/jpoppe/foremanBuddy).

Almost all of the features I'd like to see already have feature request
bugs open on them.

• the ability to have a host be a member of multiple host groups.
  Currently, I have a bad mix of hardware sets and roles defined as
  hostgroups.

• the ability to remove a class from a hostgroup that is inherited from
  a parent hostgroup. I have several examples where just one of many sub
  hostgroups doesn't need/want a particular class defined.

• the UI for BMC control to be implemented. I really want this feature
  for "the boss" to be able to reprovision real hardware without having to
  logon to the real host's BMC or use the PDU.

• the garbage libvirt VNC console password issue is driving me bonkers!
  At a minimum, I need to be able to turn off console password setting
  and have the option to fix the password so foreman doesn't keep changing it.

• there are a couple of messy bugs dealing with foreman role users that
  are preventing me from letting our internal development group having access.

• there are a number of VM management issues; there's no way to
  [re]associate a VM with a particular libvirt hypervisor so
  relocations/migrations are a mess. If you change the hostname/domain
  name of a VM, you can't ever remove the original foreman host entry or
  it deletes the VM image (we had a VM get accidentally deleted again last
  week).

• hiera integration

• import/export of all foreman enc data as one big yaml dump such that
  it can be used as a fast backup / restore mechanism, and as a means to
  provide rspec-puppet testing for our local site configuration, eg., this
  important host should have these classes defined on it).

• a UI element to view / flush storeconfigs (export resources)

• route53 DNS support

-Josh

Most of these are already feature request.

Puppet params via hostgroups
Force much of what you can do via host into hostgroups to make it so you
can force defaults by way of hostgroups. This way a operator only have to
supply a hostname and a IP in case of static ip config.

Build a host from vmware templates

Extend BMC support to include Cisco UCS:

• https://supportforums.cisco.com/docs/DOC-6110

Hi,

Support for kerberized windows dns (tsig) would be very useful as this
is still not supported and a big security risk.There
is already a pull request for this. It just needs testing and a little
code cleanup. I did my best but I'm really not a ruby expert.

Feature #1685

> Hi Everyone,
>
> as we wrap Foreman 1.1, I wanted to check with Foreman users on what they find good/useful in Foreman, and what they would like to see improved/added in coming versions?
>

Better support for groups of users, i.e giving roles to a group of users… that group then resolvable in ldap. #1583
There was some discussion somewhere (?) about redoing all of the auth'n layer.

I may have some more in a couple of days.

Hi Ohad,

> […]
> as we wrap Foreman 1.1, I wanted to check with Foreman users on what they
> find good/useful in Foreman, and what they would like to see improved/added
> in coming versions?
> […]
>

as already mentioned, mcollective support and hiera support, maybe
integration of puppetdb and something into the direction of patch
management, nothing weired, more something like host x has 10 security
patches waiting for installation, do with mco (as an example).

Beside this I would like to thank everyone involved in the foreman
development for the great product, great work, keep going!

Regards, Thomas

+1 mcollective integration

Hello everybody,

• I think that we would need a better ACL user management.
  The one already in place is a bit complicated to use and we can't express
  lots of case.

• On second hand maybe a notion to apply logic both from hostgroup and
  something like labels (see my previous mail http://bit.ly/XHzn4b)

• I don't use it, but IMHO I think this would be really a great benefit for
  the project to be agnostic on the configuration management system, with
  maybe on the
  a Chef integration at the beginning. I'm not a Chef user so I don't know
  how it would be possible / interesting. But I think that Foreman is a
  greatest tool but have competitor
  in puppet world. If it become a standard with Puppet and Chef and Cfengine
  this would be really great.

Regards,
Romain

I would personally like to see the ability to have hosts automatically
assigned to specific hostgroups based on certain puppet facts. Similarly,
having the ability to assign certain puppet classes to hosts based on
certain puppet facts would be great. Also the ability to assign a host to
more than one hostgroup would be nice.

>
> Hi Everyone,
>
> as we wrap Foreman 1.1, I wanted to check with Foreman users on what they
> find good/useful in Foreman, and what they would like to see improved/added
> in coming versions?
>
>
I'd like to see customized reporting, and the ability to customize the
dashboard and the statistics page.

I'd also like to see the rdoc working in the class browser again, and I'll
+1 the mcollective integration - both for the puppetrun replacement and the
PE "Live Management" functionality.

> Hi Everyone,
Hi Ohad,

>
> as we wrap Foreman 1.1, I wanted to check with Foreman users on what they
> find good/useful in Foreman, and what they would like to see improved/added
> in coming versions?

I think it is planned anyway, but I would really like to see some chef
integration.

Also I would love to see more documentation on a smart-proxy is
organised (think basic skeleton needed ).
For example, i have a script that use the foreman API to get a list of
host and go create gdash dashboard accordingly. It would be better if
i could have a smart proxy being notified on host creations and then
add the logic to do the dirty work.

Anyway, thanks to all the contributors, the foreman rocks.

Regards,
Flo

I'd like to see support for Microsoft Azure, but i guess that depends on
the FOG support right?