Add diagrams of provisioning methods #3069
There are no files selected for viewing
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,48 @@ | ||
| ' Foreman style for PlantUML diagrams | ||
| ' This style was created for sequence diagrams and may be incomplete. | ||
|
|
||
| skinparam RoundCorner 8 | ||
| skinparam Shadowing false | ||
|
|
||
| ' #ffcc32 Foreman yellow | ||
| ' #025d8c Foreman blue | ||
|
|
||
| skinparam sequence { | ||
| ArrowColor #025d8c | ||
| LifeLineBorderColor #ecf4f8 | ||
| LifeLineBorderThickness 32 | ||
| DividerBorderColor #025d8c | ||
| DividerFontColor #025d8c | ||
| group { | ||
| TitleFontColor #025d8c | ||
| BorderColor #d2e4ed | ||
| FontColor #025d8c | ||
| } | ||
| groupHeader { | ||
| BackgroundColor #d2e4ed | ||
| FontColor #025d8c | ||
| } | ||
| } | ||
|
|
||
| skinparam Actor { | ||
| BackgroundColor #025d8c | ||
| BorderColor #025d8c | ||
| FontColor #025d8c | ||
| } | ||
|
|
||
| skinparam Participant { | ||
| BackgroundColor #025d8c | ||
| BorderColor #025d8c | ||
| FontColor White | ||
| } | ||
|
|
||
| skinparam Note { | ||
| BackgroundColor #d2e4ed | ||
| BorderColor #025d8c | ||
| FontColor #025d8c | ||
| } | ||
|
|
||
| ' Puppet enabled=1, disabled=0 | ||
| !$puppet = 0 | ||
|
|
||
| autonumber |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,16 @@ | ||
| User -> Foreman : clicks **Create Host** | ||
| Foreman -> Proxy : requests free IP address | ||
| Proxy -> DHCP : reads DHCP cofiguration | ||
| note over Foreman : pings IP address | ||
| User -> Foreman : submits the **Create host** form | ||
| group Templates [*PXE* installer boot] | ||
| Foreman -> Proxy : renders bootloader configuration files | ||
| end | ||
| Proxy -> TFTP : deploys bootloader configuration files | ||
| Foreman -> Proxy : commands to download installation media | ||
| note over Proxy : downloads installation media | ||
| Foreman -> Proxy : creates DHCP reservation | ||
| Proxy -> DHCP : forwards DHCP reservation | ||
| Foreman -> Proxy : creates DNS records | ||
| Proxy -> DNS : forwards DNS records | ||
| note over Foreman : host is created\n(build mode enabled) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,4 @@ | ||
| !if ($networkboot) | ||
| Host -> DHCP : requests the reserved IP | ||
| !endif | ||
| Host -> Host : boots from HDD |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,5 @@ | ||
| Host -> DHCP : requests the reserved IP and DHCP options | ||
| Host -> TFTP : downloads bootloader | ||
| Host -> TFTP : gets MAC-based bootloader config | ||
| Host -> Host : config tells bootloader to boot from HDD | ||
| Host -> Host : boots from HDD |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,8 @@ | ||
| !if ($puppet) | ||
| opt when Puppet enabled | ||
| Host -> Puppet : sends CSR | ||
| Puppet -> Host : sends certificate (if allowed to) | ||
| end | ||
| !else | ||
| note over Host : initial host configuration\n- remote execution,\n- signs Puppet client cert,\n- runs Ansible roles,\n- etc. | ||
| !endif |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,6 @@ | ||
| loop | ||
| Host -> Foreman : requests installation media | ||
| Foreman -> Proxy : requests installation media | ||
| Proxy -> Foreman : provides installation media | ||
| Foreman -> Host : provides installation media | ||
| end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change | ||||
|---|---|---|---|---|---|---|
| @@ -0,0 +1,50 @@ | ||||||
| @startuml | ||||||
|
|
||||||
| !include foreman.pstyle | ||||||
|
|
||||||
| title Image-based provisioning with cloud-init configuration | ||||||
|
|
||||||
| actor User | ||||||
| participant "Provisioned\nInstance" as Host | ||||||
| participant "Foreman" as Foreman | ||||||
| participant "Foreman\nProxy" as Proxy | ||||||
| participant "Infrastructure\nCloud" as Cloud | ||||||
| participant DNS | ||||||
| !if ($puppet) | ||||||
| participant "Puppet\nserver" as Puppet | ||||||
| !endif | ||||||
|
|
||||||
| note over Foreman : has an image\nwith the *User Data* flag | ||||||
|
|
||||||
| == Create host in Foreman == | ||||||
|
|
||||||
| User -> Foreman : clicks **Create Host** | ||||||
| User -> Foreman : selects cloud resource,\nthe image and submits | ||||||
| group Template [cloud-init] | ||||||
| Foreman -> Proxy : renders the cloud-init script | ||||||
| end | ||||||
| Foreman -> Cloud : creates new instance\nwith cloud-init info | ||||||
|
There was a problem hiding this comment. There was a problem hiding this comment. So this?
Suggested change
|
||||||
| Cloud -> Foreman : reports IP address | ||||||
|
There was a problem hiding this comment. Technically it can report IPv4 and IPv6. If both are reported, that also means the DNS record will get both After this will store the instance details that the compute resource provided: Not all compute resources provide IPs and some provide MAC addresses. In that case it will also try to reserve an IP: There was a problem hiding this comment.
That is not the level of detail we want here.
I don't understand what it means for the diagram. There was a problem hiding this comment.
It's about singular vs plural.
Suggested change
Probably not for this specific diagram. |
||||||
| Foreman -> Proxy : creates DNS records | ||||||
| Proxy -> DNS : forwards DNS records | ||||||
|
Comment on lines
+28
to
+29
There was a problem hiding this comment. This is not entirely correct. First the code reference: https://github.com/theforeman/foreman/blob/e80d5558767bb713c13264e821122baea577af76/app/models/concerns/orchestration/dns.rb#L63-L71 It will create all feasible DNS record types. That can mean The second part is IMHO confusing. The Proxy tells the DNS server to create the DNS records. A Foreman Proxy, especially the DNS module, implements the facade pattern. It abstracts away the actual implementation away from Foreman. IMHO it is forwarding the DNS record creation, not the records themselves. There was a problem hiding this comment. So what wording do you suggest precisely? |
||||||
| !if ($puppet) | ||||||
| Foreman -> Proxy : creates Puppet sign request (autosign enabled) | ||||||
| Proxy -> Puppet : forwards Puppet sign request | ||||||
|
There was a problem hiding this comment. No proxying is happening. The Smart Proxy (depending on implementation) sets up the Puppetserver so it will accept the Certificate Signing Request (CSR) that the client will later present. In the default Smart Proxy implementation that means Foreman Proxy rewrites https://theforeman.org/manuals/3.11/index.html#4.3.7PuppetCA documents both |
||||||
| !endif | ||||||
| Foreman -> Cloud : starts the instance | ||||||
|
There was a problem hiding this comment. There was a problem hiding this comment. I'm assuming that means that it's correct. |
||||||
| note over Host : boots up | ||||||
|
|
||||||
| == Cloud-init script == | ||||||
|
|
||||||
| !include prov-initial-configuration.iuml | ||||||
| Host -> Foreman : calls home\n(disables build mode) | ||||||
|
There was a problem hiding this comment. This is the part that can go through the Proxy's template feature. The use of the Foreman Proxy templates module is optional. If that isn't used then cloud-init requests it directly from Foreman. |
||||||
|
|
||||||
| !if ($puppet) | ||||||
| == First Puppet run == | ||||||
|
|
||||||
| !include puppet-run.iuml | ||||||
| !endif | ||||||
|
|
||||||
| note over Host : in operation | ||||||
|
|
||||||
| @enduml | ||||||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,47 @@ | ||
| @startuml | ||
|
|
||
| !include foreman.pstyle | ||
|
|
||
| title Image-based provisioning with Finish script configuration | ||
|
|
||
| actor User | ||
| participant "Provisioned\nInstance" as Host | ||
| participant "Foreman" as Foreman | ||
| participant "Foreman\nProxy" as Proxy | ||
| participant "Infrastructure\nCloud" as Cloud | ||
| participant DNS | ||
| !if ($puppet) | ||
| participant "Puppet\nserver" as Puppet | ||
| !endif | ||
|
|
||
| note over Foreman : has an image with credentials\ndefined in compute resource | ||
|
|
||
| == Create host in Foreman == | ||
|
|
||
| User -> Foreman : clicks on **Create Host** | ||
| User -> Foreman : selects cloud resource, the image and submits | ||
| group Template [Finish] | ||
| Foreman -> Proxy : renders the Finish script | ||
| end | ||
| Foreman -> Cloud : creates new instance | ||
| Cloud -> Foreman : reports IP address | ||
| Foreman -> Proxy : creates DNS records | ||
| Proxy -> DNS : forwards DNS records | ||
| Foreman -> Cloud : starts the instance | ||
| note over Host : boots up | ||
| Foreman -> Host : executes Finish script via SSH | ||
|
|
||
| == Finish script == | ||
|
|
||
| !include prov-initial-configuration.iuml | ||
| Host -> Foreman : calls home\n(disables build mode) | ||
|
|
||
| !if ($puppet) | ||
| == First Puppet run == | ||
|
|
||
| !include puppet-run.iuml | ||
| !endif | ||
|
|
||
| note over Host : in operation | ||
|
|
||
| @enduml |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,66 @@ | ||
| @startuml | ||
|
|
||
| !include foreman.pstyle | ||
| !$networkboot = 0 | ||
|
|
||
| title Installer-based provisioning with full-host bootdisk | ||
|
|
||
| actor User | ||
| participant "Provisioned\nHost" as Host | ||
| participant "Foreman" as Foreman | ||
| participant "Foreman\nProxy" as Proxy | ||
| 'participant "Pulp\n(Katello)" as Pulp | ||
| 'participant TFTP | ||
| 'participant DHCP | ||
| participant DNS | ||
| !if ($puppet) | ||
| participant "Puppet\nserver" as Puppet | ||
| !endif | ||
|
|
||
| note over Host : powered off | ||
|
|
||
| == Create host in Foreman == | ||
|
|
||
| User -> Foreman : clicks **Create Host** | ||
| User -> Foreman : assigns static IP address | ||
| User -> Foreman : submits the **Create host** form | ||
| group Templates [*PXE* installer boot] | ||
| Foreman -> Proxy : renders bootloader configuration files | ||
| end | ||
| Proxy -> Proxy : deploys bootloader configuration files | ||
| Foreman -> Proxy : commands to download installation media | ||
| note over Proxy : downloads installation media | ||
| Foreman -> Proxy : creates DNS records | ||
| Proxy -> DNS : forwards DNS records | ||
| note over Foreman : host is created\n(build mode enabled) | ||
|
|
||
| User -> Foreman : downloads the bootdisk ISO of the host | ||
| note over User : writes the bootdisk ISO\nto a USB/CD/DVD drive | ||
|
|
||
| == Boot into OS installer == | ||
|
|
||
| User -> Host : configures the machine to boot\nfrom the USB/CD/DVD drive | ||
| User -> Host : powers on the machine | ||
| Host -> Host : uses IP from the bootdisk | ||
| note over Host : boots from the USB/CD/DVD drive | ||
| note over Host : loads OS installer | ||
| User -> Host : eliminates the USB/CD/DVD drive\n(too soon?) | ||
|
There was a problem hiding this comment. If we don't know the exact step where it happens, do we have to mention it? There was a problem hiding this comment. Well, they have to do it at some point, otherwise they would be stuck in a loop :D As it is a necessary step in the process, I would prefer to keep it. |
||
| !include prov-installation-media.iuml | ||
| note over Host : OS is installed | ||
| !include prov-initial-configuration.iuml | ||
| Host -> Foreman : calls home\n(disables build mode) | ||
| note over Host : reboots | ||
|
|
||
| == First local boot == | ||
|
|
||
| !include prov-first-local-boot-hdd.iuml | ||
|
|
||
| !if ($puppet) | ||
| == First Puppet run == | ||
|
|
||
| !include puppet-run.iuml | ||
| !endif | ||
|
|
||
| note over Host : in operation | ||
|
|
||
| @enduml | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,60 @@ | ||
| @startuml | ||
|
|
||
| !include foreman.pstyle | ||
| !$networkboot = 1 | ||
|
|
||
| title Installer-based provisioning with subnet bootdisk | ||
|
|
||
| actor User | ||
| participant "Provisioned\nHost" as Host | ||
| participant "Foreman" as Foreman | ||
| participant "Foreman\nProxy" as Proxy | ||
| 'participant "Pulp\n(Katello)" as Pulp | ||
| 'participant TFTP | ||
| participant DHCP | ||
| participant DNS | ||
| !if ($puppet) | ||
| participant "Puppet\nserver" as Puppet | ||
| !endif | ||
|
|
||
| note over Host : powered off | ||
|
|
||
| User -> Foreman : downloads the bootdisk of the subnet | ||
| note over User : writes the bootdisk\nto a USB/CD/DVD drive | ||
|
|
||
| == Boot into OS installer == | ||
|
|
||
| User -> Host : configures the machine to boot\nfrom the USB/CD/DVD drive | ||
| User -> Host : powers on the machine | ||
| Host -> DHCP : requests the reserved IP | ||
| note over Host : boots from the USB/CD/DVD drive | ||
| note over Host : bootloader loads | ||
| User -> Host : eliminates the USB/CD/DVD drive\n(too soon?) | ||
| Host -> Proxy : gets MAC-based bootloader config | ||
| Host -> Proxy : downloads OS installer kernel\nand initial RAM disk | ||
| note over Host : OS installer loads | ||
| Host -> Proxy : requests installer configuration | ||
| group Template [Provision] | ||
| Proxy -> Proxy : renders installer configuration | ||
| end | ||
| Proxy -> Host : gets installer configuration | ||
| !include prov-installation-media.iuml | ||
| note over Host : OS is installed | ||
| !include prov-initial-configuration.iuml | ||
| Host -> Foreman : calls home\n(disables build mode) | ||
|
|
||
| note over Host : reboots | ||
|
|
||
| == First local boot == | ||
|
|
||
| !include prov-first-local-boot-hdd.iuml | ||
|
|
||
| !if ($puppet) | ||
| == First Puppet run == | ||
|
|
||
| !include puppet-run.iuml | ||
| !endif | ||
|
|
||
| note over Host : in operation | ||
|
|
||
| @enduml |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,61 @@ | ||
| @startuml | ||
|
|
||
| !include foreman.pstyle | ||
|
|
||
| title Installer-based provisioning with HTTP boot | ||
|
|
||
| actor User | ||
| participant "Provisioned\nHost" as Host | ||
| participant "Foreman" as Foreman | ||
| participant "Foreman\nProxy" as Proxy | ||
| 'participant "Pulp\n(Katello)" as Pulp | ||
| participant TFTP | ||
| participant DHCP | ||
| participant DNS | ||
| !if ($puppet) | ||
| participant "Puppet\nserver" as Puppet | ||
| !endif | ||
|
|
||
| note over Host : powered off | ||
|
|
||
| == Create host in Foreman == | ||
|
|
||
| !include prov-create-host-pxe.iuml | ||
|
|
||
| == Boot into OS installer == | ||
|
|
||
| User -> Host : powers on the machine | ||
| Host -> DHCP : requests the reserved IP and DHCP options | ||
| Host -> Proxy : downloads bootloader | ||
| note over Host : bootloader loads | ||
| Host -> Proxy : gets MAC-based bootloader config | ||
| Host -> Proxy : downloads OS installer kernel\nand initial RAM disk | ||
| note over Host : OS installer loads | ||
| Host -> Proxy : requests installer configuration | ||
| group Template [Provision] | ||
| Proxy -> Proxy : renders installer configuration | ||
| end | ||
| Proxy -> Host : receives installer configuration | ||
| !include prov-installation-media.iuml | ||
| note over Host : OS is installed | ||
| !include prov-initial-configuration.iuml | ||
| Host -> Foreman : calls home\n(disables build mode) | ||
| group Templates [*PXE* local boot] | ||
| Foreman -> Proxy : renders bootloader configuration files | ||
| end | ||
| Proxy -> TFTP : deploys bootloader configuration files | ||
| note over Host : reboots | ||
|
|
||
| == First local boot == | ||
|
|
||
| !include prov-first-local-boot-pxe.iuml | ||
|
|
||
| !if ($puppet) | ||
| == First Puppet run == | ||
|
|
||
| !include puppet-run.iuml | ||
| !endif | ||
|
|
||
| note over Host : in operation | ||
|
|
||
| @enduml |
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Internally Foreman will render the user data template as the first step:
https://github.com/theforeman/foreman/blob/e80d5558767bb713c13264e821122baea577af76/app/models/concerns/orchestration/compute.rb#L63-L66
This rendered template is then sent to the compute resource directly and the whole Proxy is not involved at all.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So this is correct then.