Project

General

Profile

Infrastructure

Overview

The Foreman project runs a number of different servers for testing, packaging, and continuous integration. Most of these servers are available as Jenkins build slaves for http://ci.theforeman.org.

Access

Access to Foreman project infrastructure is available for those who wish to assist in building packages, testing, and building Jenkins jobs. Fork http://github.com/theforeman/foreman-infra and add an ssh_user resource to the users module (see puppet/modules/users/manifests/init.pp) and your key into the files directory. Submit a pull request to the infrastructure project and then talk to ? in #theforeman-dev on irc.freenode.net. One of them can merge your change and update the puppetmaster.

Puppetmaster and Foreman

Puppet and Foreman are of course used to manage the machines. The Foreman instance is accessible only to those with SSH access to puppet.theforeman.org. Add the following snippet to ~/.ssh/config:

Host foreman-pm
  HostName puppetmaster.theforeman.org
  Port 8122
  User <your SSH user>
  LocalForward 9443 localhost:443
  ExitOnForwardFailure yes

and then run:

ssh foreman-pm

and open https://localhost:9443 in your browser.

Host notes

Web server

THIS IS OUT OF DATE!

The main web server hosts:

  • theforeman.org, www.theforeman.org
  • deb.theforeman.org
  • debugs.theforeman.org
  • downloads.theforeman.org
  • stagingdeb.theforeman.org
  • yum.theforeman.org

/var/www is mounted on a separate 100GB block device via LVM. /var/www/freight* contain the staging areas for freight (deb), and /var/www/vhosts contain the web roots themselves.

It has the following customisations:

  • firewalld is configured with TCP ports 22, 80, 443 and 873 open - should be Puppetised
  • /home/freight* has go+x to permit the deb deploy script (running under the freight user) to read both freight and freightstage config files - should be rolled into secure_ssh or freight Puppet module
  • slave01's SSH key is added to permit yum uploads - should be moved to a separate secure_ssh user
  • freight and freightstage users have private auto-signing GPG key imported

In case of maintenance, a template page and config file snippet are under /var/www/503. The config should be copied into each vhost.

Infrastructure_Discourse

-> Notes on how Discourse is hosted

Redmine

-> Notes on how Redmine is hosted

Infrastructure providers

A list of the hosting we have, who provides it, and what capacity it has

  • Rackspace
    • $2k per month
    • Hosts web02, the Elastic logging instance, Jenkins, and some permanent slaves
    • Contact support from our account as needed
  • Scaleway
    • $25 per month (not a lot!), but they're cheap so we do OK. Hosts Discourse, Redmine, and some ARM build slaves
    • Support usually helpful, Edouard Bonlieu & Yann L├ęger were initial contacts
  • Fastly
    • $1k/month CDN
    • Elaine Greenberg was initial contact
  • OSUOSL
    • Free
    • Hosts test machines, slaves, and stats.tf.o
    • Contact Lance Alberston if more capacity is needed
  • NETWAYS
    • Free
    • Contributing a single VM for the Builders/RH hostgroup
    • Option to add an Icinga Monitoring host here, talk to Dirk to progress
  • Individual contributors
    • Variety of single VMs, see the Foreman Dashboard for details

Other handy stuff

Greg wrote a parser for the invoices which come from Rackspace. Rackspace "helpfully" deduct the discount at the time the cost is incurred, so every item on the PDF invoice is $0.00. To get at the real costs, you have to get the CSV invoice and then only use one-half of the double-entry accounting (the "CHARGE" column).

To automate this and graph the costs over the last year, see this repo:

https://github.com/theforeman/stats-dashboard/tree/master/useful-tools/Rackspace