Infrastructure

Overview

The Foreman project runs a number of different servers for testing, packaging, and continuous integration. Most of these servers are available as Jenkins build slaves for http://ci.theforeman.org. A listing of machines is below.

Machines

This list is out of date.

Name Hostname IP address OS Purpose Owner
CI ci.theforeman.org 5.9.188.106 Ubuntu 12.04 Jenkins front-end and build Sam Kottler
server2 server2.theforeman.org 208.74.145.172 Ubuntu 12.04 web server for theforeman.org (not the wiki) Brian Gupta
server3 server3.theforeman.org 208.74.145.175 Fedora 16 Puppetmaster and internal Foreman instance Brian Gupta
server06 server06.theforeman.org 5.9.188.105 CentOS 6.3 Runs the majority of the tests and has mock for RPM packaging Sam Kottler
server09 server09.theforeman.org 5.9.188.104 Debian 6.05 Debian packaging and repository creation/promotion Sam Kottler

Access

Access to Foreman project infrastructure is available for those who wish to assist in building packages, testing, and building Jenkins jobs. Fork http://github.com/theforeman/foreman-infra and add an ssh_user resource to the users module (see puppet/modules/users/manifests/init.pp) and your key into the files directory. Submit a pull request to the infrastructure project and then talk to samkottler or gwmngilfen in #theforeman on irc.freenode.net. One of them can merge your change and update the puppetmaster.

Puppetmaster and Foreman

Puppet and Foreman are of course used to manage the machines. The Foreman instance is accessible only to those with SSH access to server3.theforeman.org. Add the following snippet to ~/.ssh/config:

Host foreman-pm
HostName server3.theforeman.org
User <your SSH user>
LocalForward localhost:3080 server3.theforeman.org:80
ExitOnForwardFailure yes

and then run:

ssh foreman-pm

and open http://localhost:3080 in your browser.

Host notes

Web server

The main web server hosts:

  • theforeman.org, www.theforeman.org
  • deb.theforeman.org
  • debugs.theforeman.org
  • downloads.theforeman.org
  • stagingdeb.theforeman.org
  • yum.theforeman.org

/var/www is mounted on a separate 100GB block device via LVM. /var/www/freight* contain the staging areas for freight (deb), and /var/www/vhosts contain the web roots themselves.

It has the following customisations:

  • firewalld is configured with TCP ports 22, 80, 443 and 873 open - should be Puppetised
  • /home/freight* has go+x to permit the deb deploy script (running under the freight user) to read both freight and freightstage config files - should be rolled into secure_ssh or freight Puppet module
  • slave01's SSH key is added to permit yum uploads - should be moved to a separate secure_ssh user
  • freight and freightstage users have private auto-signing GPG key imported

In case of maintenance, a template page and config file snippet are under /var/www/503. The config should be copied into each vhost.