The Foreman project runs a number of different servers for testing, packaging, and continuous integration. Most of these servers are available as Jenkins build slaves for http://ci.theforeman.org. A listing of machines is below.
This list is out of date.
|CI||ci.theforeman.org||126.96.36.199||Ubuntu 12.04||Jenkins front-end and build||Sam Kottler|
|server2||server2.theforeman.org||188.8.131.52||Ubuntu 12.04||web server for theforeman.org (not the wiki)||Brian Gupta|
|server3||server3.theforeman.org||184.108.40.206||Fedora 16||Puppetmaster and internal Foreman instance||Brian Gupta|
|server06||server06.theforeman.org||220.127.116.11||CentOS 6.3||Runs the majority of the tests and has mock for RPM packaging||Sam Kottler|
|server09||server09.theforeman.org||18.104.22.168||Debian 6.05||Debian packaging and repository creation/promotion||Sam Kottler|
Access to Foreman project infrastructure is available for those who wish to assist in building packages, testing, and building Jenkins jobs. Fork http://github.com/theforeman/foreman-infra and add an ssh_user resource to the users module (see puppet/modules/users/manifests/init.pp) and your key into the files directory. Submit a pull request to the infrastructure project and then talk to samkottler or gwmngilfen in #theforeman on irc.freenode.net. One of them can merge your change and update the puppetmaster.
Puppetmaster and Foreman¶
Puppet and Foreman are of course used to manage the machines. The Foreman instance is accessible only to those with SSH access to server3.theforeman.org. Add the following snippet to ~/.ssh/config:
Host foreman-pm HostName server3.theforeman.org User <your SSH user> LocalForward localhost:3080 server3.theforeman.org:80 ExitOnForwardFailure yes
and then run:
and open http://localhost:3080 in your browser.
The main web server hosts:
- theforeman.org, www.theforeman.org
/var/www is mounted on a separate 100GB block device via LVM. /var/www/freight* contain the staging areas for freight (deb), and /var/www/vhosts contain the web roots themselves.
It has the following customisations:
- firewalld is configured with TCP ports 22, 80, 443 and 873 open - should be Puppetised
- /home/freight* has go+x to permit the deb deploy script (running under the freight user) to read both freight and freightstage config files - should be rolled into secure_ssh or freight Puppet module
- slave01's SSH key is added to permit yum uploads - should be moved to a separate secure_ssh user
- freight and freightstage users have private auto-signing GPG key imported
In case of maintenance, a template page and config file snippet are under /var/www/503. The config should be copied into each vhost.