Foreman and Puppet @ University of Bonn

FOREMAN AND PUPPET @ UNIVERSITY OF BONN

OLIVER FREYERMUTH, PETER WIENEMANN PHYSICS INSTITUTE @ U BONN

● The Physics Institute at the University of Bonn has – ~240 members – ~1500 registered devices in IPAM – Biggest particle accelerator run by a German university (164.4 m circumference) with two „large“ experiments (O(50) collaborators)

● IT group of Physics Institute – 2 „full time“ persons with teaching duties – 1 technician – 5 part-time persons (~0.2 FTE each) – Plan to merge with IT group of Nuclear/Hadron Physics Institute (HISKP)

O. Freyermuth and P. Wienemann: Foreman and Puppet @ University of Bonn 2 MORE NUMBERS

● Run approximately 400 centrally managed Linux nodes at Physics Institute – Desktops (Ubuntu 18.04) → ~150 nodes – HPC/HTC cluster nodes (SL6/CentOS 7) → ~150 nodes – Servers → ~100 nodes with ~40 different services

● O(1000) self-managed (sometimes ~unmanaged) devices (laptops, lab PCs, printers, cameras, oscilloscopes, H.323 devices, TVs, tablets, PDUs, ...)

● Use central university computing centre offerings for standard services like mail system, web content management system, IPAM, ticket system, network services, OwnCloud with Onlyoffice, etc.

O. Freyermuth and P. Wienemann: Foreman and Puppet @ University of Bonn 3 HISTORY

● Using Puppet since ~2009 – Completely self-written manifests, no modules, poor maintainability – Only used for desktops and HPC/HTC cluster nodes

● Refactored everything in ~2014: Switch to „roles and profiles“ paradigm – Started using publicly available third-party modules – Still self-written PXE/kickstart/preseed machinery

● Started Foreman tests in 2015 Migration of production systems to Foreman started in 2017 – Full puppetization of all nodes/services – Discarded self-written deployment machinery → replaced by Foreman tools

O. Freyermuth and P. Wienemann: Foreman and Puppet @ University of Bonn 4 LAYOUT Network A Network B

Foreman Proxy Foreman Proxy (Puppet Master, TFTP) (Puppet Master, TFTP)

Network C Network D Foreman Server (Puppet-Master, CA)

Foreman Proxy Foreman Proxy (Puppet Master, TFTP) (Puppet Master, TFTP) Git Repository

O. Freyermuth and P. Wienemann: Foreman and Puppet @ University of Bonn 5 PRESENT WORKFLOW

● Most of the presently used 86 Puppet modules are third-party code. Forked on Github and collected on https://github.com/unibonn. Patches always sent upstream.

● Discarded „roles“ → Foreman hostgroups/config groups

● „profiles“ kept on private, on premise git hosting platform – Contains site/host specific configuration, augmented by parameters (see below)

● Module management done with r10k, synced to all Puppet masters

● Foreman Puppet class filter: Only „profiles“ visible (to avoid clutter)

● No hiera → Foreman global and smart class parameters

● No mcollective

O. Freyermuth and P. Wienemann: Foreman and Puppet @ University of Bonn 6 QUESTIONS

● What is your Puppet module design „philosophy“?

● How do you manage Puppet code?

● How do you handle parameters?

● Which Foreman plugins do you use/do you consider useful?

O. Freyermuth and P. Wienemann: Foreman and Puppet @ University of Bonn 7 Thanks for your attention!

Oliver Freyermuth: [email protected] Peter Wienemann: [email protected]