Project

General

Profile

Katello on Existing Foreman » History » Version 9

Stephen Benjamin, 04/20/2015 08:07 AM

1 1 Stephen Benjamin
h1. Katello on Existing Foreman
2 1 Stephen Benjamin
3 1 Stephen Benjamin
h2. Summary
4 1 Stephen Benjamin
5 1 Stephen Benjamin
Goals:
6 1 Stephen Benjamin
# I am a user and I want to install Katello on my existing production Foreman.
7 1 Stephen Benjamin
# I am Foreman developer, and I want to add Katello to my development environment.
8 1 Stephen Benjamin
9 1 Stephen Benjamin
h2. Targeted Release
10 1 Stephen Benjamin
11 2 Stephen Benjamin
TBD
12 1 Stephen Benjamin
13 1 Stephen Benjamin
h2. Targeted Persona
14 1 Stephen Benjamin
15 1 Stephen Benjamin
[[Personas-SystemEngineer| Samuel - System Engineer]] - production Foreman
16 1 Stephen Benjamin
[[Personas-Developer| Daniel - Developer]] - development environment
17 1 Stephen Benjamin
18 2 Stephen Benjamin
h2. Initial Research
19 2 Stephen Benjamin
20 2 Stephen Benjamin
Based on https://groups.google.com/forum/#!searchin/foreman-dev/katello$20on/foreman-dev/rMc1rWJMmBg/gTjEDJuD_a0J
21 1 Stephen Benjamin
22 4 Stephen Benjamin
h3. Data -- stbenjam/sloranz
23 1 Stephen Benjamin
24 1 Stephen Benjamin
*Databases*
25 1 Stephen Benjamin
26 1 Stephen Benjamin
Katello currently only tests and supports Postgres. 
27 1 Stephen Benjamin
28 1 Stephen Benjamin
Issues:
29 1 Stephen Benjamin
30 1 Stephen Benjamin
# Do we add MySQL support?
31 7 Stephen Benjamin
  _It looks like it should be possible, we'd also need to add MySQL to our testing in Jenkins, and support in the installer.  Currently the migration fails with errors like this, so we will need modifications:_
32 7 Stephen Benjamin
  <pre>
33 6 Stephen Benjamin
Mysql2::Error: Error on rename of './katello/#sql-a3a_13' to './katello/katello_content_view_filters_repositories' (errno: 150): ALTER TABLE `katello_content_view_filters_repositories` CHANGE `filter_id` `content_view_filter_id` int(11) DEFAULT NULL/home/stbenjam/.rvm/gems/ruby-1.9.3-p448/gems/activerecord-3.2.21/lib/active_record/connection_adapters/abstract_mysql_adapter.rb:245:in `query'
34 7 Stephen Benjamin
  </pre>
35 6 Stephen Benjamin
# What about Candlepin?
36 8 Stephen Benjamin
  _Theoretically supports MySQL_
37 1 Stephen Benjamin
38 1 Stephen Benjamin
*Backends*
39 1 Stephen Benjamin
40 1 Stephen Benjamin
Katello has three main backends that store data: Pulp, Candlepin and Elasticsearch. Some Katello objects has corresponding objects in one or all backends. 
41 1 Stephen Benjamin
42 1 Stephen Benjamin
Issues:
43 1 Stephen Benjamin
44 9 Stephen Benjamin
-# Do we remove the use of ES? Some work has already gone into investigating performance differences and in to converting entities away from ES. The question then is, do we remove ES before we allow Katello to be added to an existing Foreman?-
45 1 Stephen Benjamin
# Existing Organizations need to be created in Candlepin
46 1 Stephen Benjamin
# Organization-less Foreman's will need to have them enabled and an initial one created
47 1 Stephen Benjamin
# Users will need to be created in Pulp, and the anonymous_admin and anonymous_api_admin will need to have the correct remote_id to correspond to the Pulp admin user.
48 1 Stephen Benjamin
# Locations would have to be turned on and if existing Locations then there will have to be a default location created or one of the existing locations converted to.
49 1 Stephen Benjamin
50 1 Stephen Benjamin
h3. Installation/Configuration -- ehelms/sloranz
51 1 Stephen Benjamin
52 1 Stephen Benjamin
*Certs*
53 1 Stephen Benjamin
54 1 Stephen Benjamin
Katello requires a number of certificates in order to deploy all of the services that are involved. For a summary of all the certs that are used and deployed see [1]. In order for us to install the Katello plugin alongside an existing Foreman installation, we will need to support deploying certs for new services as well as, in some situations, changing the certs currently being used by Foreman.
55 1 Stephen Benjamin
56 1 Stephen Benjamin
The current design of our certs management is:
57 1 Stephen Benjamin
# We use a centralized puppet-certs that contains manifests for each service
58 1 Stephen Benjamin
# puppet-certs handles generating a CA that is used for each set of certs
59 1 Stephen Benjamin
# puppet-certs handles user supplied server certificates
60 1 Stephen Benjamin
# puppet-certs uses Puppet providers that currently only work with the katello-certs-tools library
61 1 Stephen Benjamin
# katello-certs-tools is a python based command line tool that uses RPMs to wrap certs and deploy them
62 1 Stephen Benjamin
63 1 Stephen Benjamin
Issues:
64 1 Stephen Benjamin
# Do we keep the singular puppet-certs for managing and orchestrating our certs or break it up so that each module is managing what it requires certs wise with parameters?
65 1 Stephen Benjamin
# Do we ditch katello-certs-tools in favor of puppet-openssl [2] ? This may require pushing some changes into the library for our needs. We will still need a way to generate and deploy our bootstrap RPM.
66 1 Stephen Benjamin
# Do we detangle and ditch our nssdb management in favor of puppet-nsstools [3] ? Should the nssdb management be moved into our puppet-qpid since nss is predominantly required by qpid?
67 1 Stephen Benjamin
# What is the best strategy for de-coupling our puppet modules and ensuring they can be imported to manage the configuration of the server itself?
68 1 Stephen Benjamin
# How do we handle the answers file from older Foreman installations?
69 1 Stephen Benjamin
70 1 Stephen Benjamin
*Rake Tasks*
71 1 Stephen Benjamin
72 1 Stephen Benjamin
Katello currently relies on installing and configuring itself and then letting the Foreman installation happen as normal. This is so that as rake tasks such as migrate, seed and api pie cache are run, the Katello migrations, seeds and APIs are included. Further, Katello requires services (Pulp, Candlepin, Elasticsearch) to be running in order to seed the database.
73 1 Stephen Benjamin
74 1 Stephen Benjamin
Issues:
75 1 Stephen Benjamin
# Foreman rake tasks in puppet are currently designed to run once, how do we modify this behavior such that Katello can come along and run them for it's needs?
76 1 Stephen Benjamin
# Katello seeds need to be updated to ensure that backend users are created properly
77 1 Stephen Benjamin
# Katello seeds needs to be updated to ensure organizations get created in Candlepin
78 1 Stephen Benjamin
79 1 Stephen Benjamin
*Answers file vs. Orchestration Module*
80 1 Stephen Benjamin
81 1 Stephen Benjamin
Katello currently uses a single module to orchestrate all services and certs being done in the correct order [4]. The Kafo answers file also serves as a method for combining a number of services and orchestrating parameters to them. Further, only module declared within the answers file can be tuned via parameters. Thus, if a module, such as Pulp, exposed a new configuration option the orchestration module would have to also be updated to expose this. In the answers file method, this option would be exposed to the user by simply updating the Pulp module within the installer.
82 1 Stephen Benjamin
83 1 Stephen Benjamin
Issues:
84 1 Stephen Benjamin
# Does a single orchestration module make the most sense or should we be taking advantage of the answers file method?
85 1 Stephen Benjamin
86 1 Stephen Benjamin
h3. Capsules -- lzap
87 1 Stephen Benjamin
88 1 Stephen Benjamin
Katello deploys Capsules which includes deploying the following:
89 1 Stephen Benjamin
90 1 Stephen Benjamin
* Smart Proxy
91 1 Stephen Benjamin
* Pulp Node or Pulp Master
92 1 Stephen Benjamin
* Certs
93 1 Stephen Benjamin
* Qpid
94 1 Stephen Benjamin
* Puppet Master
95 1 Stephen Benjamin
96 1 Stephen Benjamin
Issues:
97 1 Stephen Benjamin
# Existing smart proxies would require updated certs based on the Katello certs deployment.
98 1 Stephen Benjamin
# Are Capsules really just Smart Proxies? or does the current paradigm of Capsules being Smart Proxies + additional services (e.g. Pulp, qpid, reverse proxy) still make sense?
99 1 Stephen Benjamin
# puppet-capsule currently wraps foreman-proxy, thus to expose new foreman-proxy options we have to expose them in puppet-capsule as options
100 1 Stephen Benjamin
Packaging
101 1 Stephen Benjamin
102 1 Stephen Benjamin
h2. Documentation
103 1 Stephen Benjamin
104 1 Stephen Benjamin
h3. Bugs/RFE
105 1 Stephen Benjamin
106 3 Stephen Benjamin
* Tracker http://projects.theforeman.org/issues/7605 
107 3 Stephen Benjamin
108 1 Stephen Benjamin
h3. Use Cases
109 1 Stephen Benjamin
110 1 Stephen Benjamin
h3. Requirements