Cloud Installation & Configuration Management

Outline  Definitions  Tools, “Comparison”  References

Definitions  Configuration management (CM) WikipediaWikipedia - “field of management that focuses on establishing and maintaining consistency of a system’s or product’s performance and its functional and physical attributes with its requirements, design, and operational information throughout its life. For information assurance, CM can be defined as the management of security features and assurances through control of changes made to hardware, software, firmware, documentation, test, test fixtures, and test documentation throughout the life cycle of an information system” PuppetLabsPuppetLabs – “the process of standardizing resource configurations and enforcing their state across IT infrastructure in an automated yet agile manner. Configuration management is critical to the success of other IT processes, including provisioning, change management, release management, patch management, compliance and security.”  “Configuration management tools should probably be considered as an essential tool when moving into the cloud”  From OpenStack:OpenStack “Maintaining an OpenStack cloud requires that you manage multiple physical servers, and this number might grow over time. Because managing nodes manually is error-prone, we strongly recommend that you use a configuration management tool. These tools automate the process of ensuring that all of your nodes are configured properly and encourage you to maintain your configuration information (such as packages and configuration options) in a version controlled repository”

Tools – Configuration Management  AnsibleWorks AnsibleWorks  an orchestration engine—built to provide a powerful framework for systems automation  Ansible and Openstack Ansible and Openstack  CFEngine CFEngine  systems management tool designed to help you configure and automate your IT infrastructure   Manage Openstack instances with CFEngine Manage Openstack instances with CFEngine  Chef Chef  a configuration management tool written in Ruby and ErlangRubyErlang   OpenStack Chef recipes OpenStack Chef recipes  PuppetLabs PuppetLabs  

Some Comparison LanguageLicense Mutual auth Encrypts Verify mode AnsiblePythonGPLYes[1]Yes[2]Yes Bcfg2PythonBSD [12]Yes[5]Yes[6]Yes[7] ChefRubyApacheYes[10]Yes[6]Yes [11] CFEngineCGPL, COSL [14]Yes[1]Yes[14]Yes [15] JujuPython Affero Gen. Public Lic. PuppetRuby Apache (>2.7.0), GPL before Yes[27]Yes[6]Yes [28] QuattorPerl, Python EDG[19], Apache 2.0 Yes[31]Yes[32] SmartFrogJavaLGPLYes[42] SaltPython[46]Apache [21]Yes[47] Yes Spacewalk Java (C, Pl, Py, PL/SQL) GPLv2Yes AIX*BSDHP-UXLinuxMac OS XSolarisWindowsOthers AnsibleYes No Bcfg2Partial[56]Yes[57]NoYes[58]Partial[59]YesNo CFEngineYesYes [57][60][61] Yes Yes[62]Yes ChefNo[63]YesYes[63]YesPartialYesYes[64]Yes JujuYes PuppetYes PartialYes QuattorNo YesNoYesNo SmartFrogNo[69] Yes No[69] SaltNo[70]YesNo[70]Yes[71]YesYes[72]YesPartial[70] SpacewalkNo[73]No Yes[74]NoYes[75]No Reference:

References (I)  Puppet vs Chef vs CFEngine vs Ansible  vs-cfengine-vs-chef-guide-stressed-developers vs-cfengine-vs-chef-guide-stressed-developers    puppet/ puppet/ 

Tools – Cloud Management/Installation  Packstack:  OpenStack install tool  command line utility that uses Puppet modules to support rapid deployment of OpenStack on existing servers over an SSH connection  Deploying OpenStack using PackStack Deploying OpenStack using PackStack  RDO Quickstart RDO Quickstart  Poor doc. On OpenStack wiki Poor doc. On OpenStack wiki  DevStack DevStack  Deploy OpenStack for developers  ideal for potential users who want to see what the Dashboard looks like from an admin or user perspective, and OpenStack contributors wanting to test against a complete local environment.  script to quickly create an OpenStack development environment  is not and has never been intended to be a general OpenStack installer

Foreman (I)  Idea:  CHEP Facilities, Infrastructures, Networking and Collaborative ToolsFacilities, Infrastructures, Networking and Collaborative Tools  “Configuration Management:  Puppet + ecosystem as configuration management system  Foreman as machine inventory tool and dashboard  Receives reports from Puppet runs & provides dashboard”  Other intentions to move to Foreman - BNL

Foreman (II)  Complete lifecycle management tool – physical & virtual hosts  Language: Ruby  Offers  Provisioning – bare-metal & cloud, one place, simple process  Configuration – complete config. managem. solution, Puppet  Monitoring – collects Puppet reports, host config.

Foreman Architecture

More on Foreman (I)  Swift proxy - autonomous web-based foreman component that is placed on a host performing a specific function in the host commissioning phase Swift proxy  Puppet  Import reports, facts, classes, env from Puppet Master  Node classifier & param store for Puppet Master  Can manage multiple Puppet Masters  Inventory  Automatically collect system inventory  Reporting  Dashboard for all puppet hosts, detailed logs, alerting s  Node Classifier (ENC)  UI to associate hosts with recipes  Group hosts in hostgourps  Update many hosts at oce

More on Foreman (II)  Provisioning  Public & private clouds, bare-metal  PXE or imaged-based  Manage DNS/DHCP, TFTP (smart-proxies)  Orchestration  VM setup  Supports rollback  Knows to handle conflicts ( IP address already in use)  User managem.  LDAP  RBAC – per host-group, domain,..  Organization & Location  Support multiple locations & organizations units

More on Foreman (III)  Foreman-Installer – automatic install Foreman-Installer  Foreman  Foreman Proxy  Puppet-master  Apache, git,…

Foreman snapshots

Foreman – CERN experience

References (II)  Foreman     CERN  &resId=1&materialId=slides&confId= &resId=1&materialId=slides&confId=  &resId=0&materialId=slides&confId= &resId=0&materialId=slides&confId=214784