ManageIQ Blog

CloudForms Service Bundle Creation using VM Provisioning and Ansible Tower Automation Job

Service catalog bundles are a really useful CloudForms feature that enable us to mix and match various existing service catalog items together to form bundles of tasks.

One of the more useful examples of a bundle is to create a new VM, and then run an Ansible Tower job template on the resulting VM to configure it with an application role. If we have an Ansible Tower server added to our CloudForms installation as an automation provider, this is quite simple. We described the procedure to configure an Ansible Tower provider in CloudForms as part of our previous series on Ansible Tower integration in CloudForms 4.1.

In this example we’ll combine two existing service catalog items. The first creates a new CentOS 7 virtual machine in a Red Hat Virtualization provider, and the second installs a simple LAMP stack using a job template defined in an Ansible Tower server, attached to CloudForms as an automation provider.

Each standalone catalog item has its own service dialog. The dialog for the VM provision service simply prompts for the service name and VM name, as follows:

Best Practice Recommendations for Automate

Few days ago one of our fellows, Christian Jung, published a very good article explaining best practices while coding Ruby code inside Red Hat CloudForms. The post does not claim to be exhaustive, but establishes guidelines about coding, naming conventions and rules to follow in order to make the code cleaner, easier to understand, and more consumable by others.

In the article, several key topics are discussed, such as:

Announcing Fine-4

We’ve just built Fine-4. This release contains bug fixes, UI tweaks, and stabilization.

Container Management with CloudForms – Financial Management

This blog is part 5 of our series on Container Management with CloudForms].

In this last post, we focus on financial management of container environments for both chargeback and for optimizing infrastructure resource usage and spending.

API Contributor's Guide

The API has been growing quickly thanks to our many contributors. In an effort to help new contributors get up to speed quickly, it was about time for a blog post to explain the process of adding in a new collection and subcollection, as well as provide some examples for commonly asked questions.

Last Week in ManageIQ: Survey Says

Hi all,…John Prause here. Last Week in ManageIQ, we reviewed the responses provided by our community users to a survey with five questions. The questions were as follows:

  • How satisfied are you with the look and feel of the ManageIQ user interface?
  • What are the challenges you face when getting started with ManageIQ?
  • Do you attend the ManageIQ Sprint Reviews held every two weeks?
  • Do you know how to contribute to the ManageIQ open source project?
  • Is there anything else you’d like to share about ManageIQ?

Hawkular Alerts in ManageIQ

Note: Hawkular was deprecated as of December 18th, 2017. New releases of ManageIQ won’t include support for Hawkular as a Middleware Provider.

Container Management with CloudForms – Security & Compliance

This blog is part 4 of our series on Container Management with CloudForms.

This blog post focuses on the security and compliance aspects of managing containerized environments. In a container based infrastructure, the container software is often built directly by developers, usually via continuous integration (CI/CD). Once it comes to deploying this software in production, we need to make sure it is securely validated.

Another challenge is the source of those containers. Developers can use any base images for their builds, including insecure container images downloaded from the Internet. On the other hand, Enterprise IT needs to ensure all containers running in production are built based on trusted and approved sources.

And finally, it is also important to validate that all containers images, as well as containers instantiated from those images, are up to date with respect to security fixes.

CloudForms provides specific capabilities for managing security and compliance for container based infrastructures.

It can enforce policies for container hosts, and marks the nodes that are not compliant (e.g. outdated versions, configuration issues, security risks, etc). Those policies take into account information about the container host itself, but also about any resources that are connected to this host. If needed, it can trigger an action to start automatic remediation. We could for example automatically trigger an update of a package when a new security fix is available.

CloudForms also provides reporting for container sources. For example, it can identify containers that come from untrusted registries.

Finally it can scan the content of container images using OpenSCAP for standardized security checks. When an image is identified as non-compliant, all running containers instantiated from this image can be flagged automatically.

The following video demonstration highlights these capabilities in CloudForms: