Infrastructure

Overview

The Foreman project runs a number of different servers for testing, packaging, and continuous integration. Most of these servers are available as Jenkins build slaves for http://ci.theforeman.org.

Access

Access to Foreman project infrastructure is available for those who wish to assist in building packages, testing, and building Jenkins jobs. Fork http://github.com/theforeman/foreman-infra and add an ssh_user resource to the users module (see puppet/modules/users/manifests/init.pp) and your key into the files directory. Submit a pull request to the infrastructure project and then talk to ? in #theforeman-dev on irc.freenode.net. One of them can merge your change and update the puppetmaster.

Puppetmaster and Foreman

Puppet and Foreman are of course used to manage the machines. The Foreman instance is accessible only to those with SSH access to puppet.theforeman.org. Add the following snippet to ~/.ssh/config:

Host foreman-pm
  HostName puppetmaster.theforeman.org
  Port 8122
  User <your SSH user>
  LocalForward 9443 localhost:443
  ExitOnForwardFailure yes

and then run:

ssh foreman-pm

and open https://localhost:9443 in your browser.

Host notes

Web server

THIS IS OUT OF DATE!

The main web server hosts:

  • theforeman.org, www.theforeman.org
  • deb.theforeman.org
  • debugs.theforeman.org
  • downloads.theforeman.org
  • stagingdeb.theforeman.org
  • yum.theforeman.org

/var/www is mounted on a separate 100GB block device via LVM. /var/www/freight* contain the staging areas for freight (deb), and /var/www/vhosts contain the web roots themselves.

It has the following customisations:

  • firewalld is configured with TCP ports 22, 80, 443 and 873 open - should be Puppetised
  • /home/freight* has go+x to permit the deb deploy script (running under the freight user) to read both freight and freightstage config files - should be rolled into secure_ssh or freight Puppet module
  • slave01's SSH key is added to permit yum uploads - should be moved to a separate secure_ssh user
  • freight and freightstage users have private auto-signing GPG key imported

In case of maintenance, a template page and config file snippet are under /var/www/503. The config should be copied into each vhost.

Infrastructure Updates