Updated on October 11, 2016 by UpGuard
A long time ago in a datacenter far, far away, developers and operators were writing specialized scripts by hand to manage IT resources. Configuration management (CM) and automation tools integrated these processes into streamlined solutions for delivering repeatable, rapidly deployable IT environments. Well, times they are a changin’ again, and automation tools have evolved—this time into comprehensive IT lifecycle management platforms for automating resource deployment from bare-metal to the application stack.
Two such technologies—Puppet and Foreman—offer powerful orchestration and provisioning capabilities to eliminate time-consuming and error-prone processes from soup-to-nuts.
Foreman is an open source tool for complete server lifecycle management. The tool first appeared on the scene 6 years ago and is actively maintained by a core team and supported by a legion of community volunteers and contributors. Written in Ruby on Rails, the tool features a visual interface for GUI-based resource management, integration with leading automation solutions (e.g., Puppet, Chef, SaltStack), a powerful REST API, and more.
The Foreman UI. Image courtesy of theforeman.org
Automation tools typically handle the installation/configuration of software, users, and network interfaces, while orchestration solutions like Foreman set up the foundational components from bare metal. In fact, Foreman is commonly used in conjunction with tools like SaltStack or Puppet for creating and managing servers; these tools in turn report back to Foreman with system facts. In essence, Foreman oversees and manages the big picture of infrastructure resource creation, leaving pieces like server automation to the tools that do it best.
Extensible Through Plugins
Foreman is written in Ruby and is highly modular and extensible. Plugins—also written in Ruby—can be authored or installed to give the tool additional capabilities. For example. the Docker plugin enables the management of Docker containers; similarly, its Salt plugin enables integration with SaltStack. Plugins are implemented as Rails engines and packaged as gems.
Smart Proxy Architecture
Foreman’s Smart Proxy Architecture drives the tool's easy integration capabilities. It consists of a powerful REST API for hooking into and extending various subsystems like Puppet, Chef, or SaltStack. Smart Proxy components reside on or near machines that perform specific functions and facilitate Foreman’s orchestration efforts. Smart Proxies support DHCP, DNS, TFTP, as well as connectivity to tools like Puppet and Chef out-of-the-box.
Foreman’s Smart Proxy Architecture. Image courtesy of theforeman.org
Leading IT automation solution Puppet comes in two flavors: Open Source Puppet and Puppet Enterprise. For an in-depth comparison of the two, check out Open Source Puppet and Puppet Enterprise. For the sake of this comparison, we'll be focusing on Puppet Enterprise and its physical and virtual hardware provisioning solution called Razor.
Puppet and Razor. Source: Puppet Labs.
Puppet Razor fully automates the setup of bare metal servers to be managed by Puppet Enterprise. It takes a physical server "blank slate", provisions an OS or hypervisor on top of it, and turns it over to Puppet Enterprise for further policy-based configuration.
The Razor's Edge
Razor is included as a module (pe_razor) with Puppet Enterprise and consists of a server and client component. The client is installed as a Ruby gem on any machine to be managed by Razor server. The following sequence illustrates how Razor work on a high level:
Open Source Puppet and Razor
What's open source without a little legwork? Razor comes as an easy-to-install tarball that ships with Puppet Enterprise; Open Source Puppet users will have to install it manually, either from package or source. Additionally, open source Razor requires the installation/configuration of PostgreSQL as its primary database backend.
Both Foreman and Puppet Razor are effective tools for bare-metal provisioning—in fact, using Foreman specifically to manage Puppet nodes is arguably the most popular use case. However, an important distinction must be made here in regards to Foreman's limitations: the tool will automate provisioning to the OS/hypervisor level and then hand it off to an automation tool like Puppet, Chef, or Ansible.
In contrast, Puppet Razor will automatically take a machine from bare-metal to the state of being managed by Puppet Enterprise. Puppet nodes can be managed visually with Foreman's competent web GUI, whereas Puppet's visual management console is only available in the Enterprise version of the product (read: pay to play). In fact, many happily use Foreman as an open source front-end to either version of Puppet. Indeed, various 3rd-party front-ends to Puppet can be had such as Puppet Open Source Dashboard and Puppetboard, but Foreman remains the most popular and well-supported complement to Puppet.
In short, if your organization has gone the route of a full Puppet Enterprise deployment, Razor is clearly the best bet for streamlining your server lifecycle management and automation workflow. However, if you've gone the open source route—Foreman can provide competent bare metal provisioning that integrates well with Open Source Puppet. Additionally, you'll get a nice management GUI for managing your Open Source Puppet deployment.
Misconfigurations are an internal problem that emanate from within the IT infrastructure of any enterprise; no hacker is necessary for massive damage to occur to digital systems and stored data. And the problem is pervasive, with Gartner estimating anywhere from 70% to 99% of data breaches result not from external, concerted attacks, but from internal misconfiguration of the affected IT systems.