Foreman is an efficient open source tool for lifecycle management of physical and virtual servers. With it, system administrators can automate repetitive tasks, deploy applications quickly, and proactively manage the architecture under their care, whether it’s physical or in the cloud. iRonin.IT’s experts have been working on Foreman development for a long time, adding plugins and core features. Let’s take a look at what we’ve brought to the project.
Our involvement with Foreman starter at the request of one of our clients. The company needed to adjust Foreman in several areas so it would fit their and their customers’ needs more closely. The focus landed on automation, security and external integrations. The changes were meant to improve Foreman’s overall efficiency and make it easier to use as a part of a larger ecosystem of tools.
Creating a GraphQL API for Foreman
The client was interested in an interface for easier creation of hosts (virtual machines). It was a separate app written in React, called LISA. We decided to introduce a new GraphQL API - while the original REST API that came with Foreman at the time did many things well, it wasn’t the best option for complex requests for data. It was often impossible to issue a single request, so multiple ones were required, making the process of creating hosts less efficient. However, GraphQL handles complex requests with multiple conditions, and provides a single response to them.
This new API was originally built as a plugin. The client was happy with our work, and thought that it could be just as useful for others. They went open source with it, and the API became one of Foreman’s core features, available in its main repository.
An engine for rendering scripts based on Foreman templates
The existing rendering system wasn’t really extendable through Foreman plugins. The code also needed to be cleaned up to make it easier to maintain. This way, developing the engine further would be easier, and the client would be able to extend it to fit the needs of specific customers.
Foreman’s default is to store templates in the database. We wanted the new version to allow using templates from other sources, e.g. Git repositories. We divided the new renderer into two parts:
- the source object delivers the content of the template, regardless of where the content comes from,
- the scope object contains all variables and macros available within a given template.
By using the helper method, we can bring the source and scope objects together, rendering a template. To make the solution more scalable, we added support for extending renderer classes with new macros that can be defined in separate Foreman plugins. Then, we built support for extending renderer classes with additional context details, such as scope variables. This was, they solution can be easily tailored to a project’s needs.
A support tool for using Hashicorp Vault credentials in Foreman
Our client used Hashicorp Vault for added security. They asked us to develop a plugin that would add support for the
vault_url parameter in the Host model, and to create a service to fetch credentials from Hashicorp Vault. The resulting plugin allows for using credentials in the template by using a dedicated macro.
Being part of the Foreman community
Foreman has seen a lot of growth since we first engaged with its community. Members of iRonin.IT’s team have greatly enjoyed working on open source tools - it’s gratifying to know that our work can make people’s lives easier. The experience involved interesting technical challenges and puzzles, as well as participating in a wonderful community. We hope to continue contributing to Foreman in the future.