 Today I want to talk about the PHY tool and I call it the universal deployment tool. My name is Thomas Lange. I am working at the University of Cologne, started like 20 years ago running SunOS machines on Spark hardware and there was this Jumpstart automatic installation thing. And in 1999 we had the first cluster, very old cluster dual-pensium 2 that we had to install. And since I'm very lazy I wanted to do something automatically. During this time there was nothing for an automatic installation with Tabion. We choose Tabion for this cluster and so since there was nothing I started the PHY project. What is a deployment in the view of PHY? PHY was started as the fully automatic installation, so we want to install a machine. And installing means we have all zeros on the hard disk so it's a really empty disk and we want to make the computer ready to go that the user can work on it. So from power off to applications running or that the user can lock in. And for PHY it's always about installing software packages. Even the kernel or some applications. PHY depends on this that everything is packed into a software package and PHY installs and configures all these packages for you in a very automatically way. And we have a central administration because everything is on a server and a lot of clients can be controlled and installed from this server. So PHY does everything as this admin and I guess most of you ask this admin so everything that you have to do normally putting in a CD and installing the machine configuring and editing files in slash ETC. So that the brand new computer can be used. We have a server, this is an installed server where everything is running on it and we PHY then configures the operating system and the applications. Here I wrote both operating system and application but in the end it's all about software packages that gets installed and configured. We do not need a master or golden image and I'm not a friend of master or golden image except if you say oh I want to deploy in a very special environment a golden image and if you then create this golden image with PHY in an automatic way that's fine for me. But a lot of people that are doing installations or deployments with golden images are doing this by manual creating a golden image. And that's very bad. PHY also provides a class system and the class system it's a little bit like LEGO bricks where you can define certain parts of the configuration and then take all these bricks together to create the configuration for all your systems. PHY is very flexible and easy to expand. We call it hooks. It's like plugins that you can write but there's a major disadvantage of PHY. PHY can't plan your installation. That's the part that you have to do but if you plan your installation and write down the configuration files and configuration scripts then PHY runs this configuration automatically for you. So here's now a technical overview. On the left side you see the installed server. There are three main parts that needs to be available on the server. We have an NFS root. In PHY there's a command you can call justice command and this command creates this NFS root. Then we have a configuration space and the configuration space is just a list of or a set of sub directories with some config files in it and everything is plain text, ASCII text, no XML things. So very easy to edit for an advanced system. And in this example if you like to install Debian machines we need a mirror or a partition mirror or a cache where the packages are available. On the right side we have the install client and this client boots up. We normally we're doing the network pixie boot. It mounts the NFS root. Then creates access to the config space. We support different protocols and then everything is run on the client within script. So how does it work? First again you have to plan your installation. We only use very common techniques like pixie boot with DHCP and TFTP and after the client boots up it runs as a diskless client. It mounts the NFS root and we use the RFS, another union FS for making this NFS root writable and then we have this client running as a diskless client so we have complete access to the local disk we can partition it and so on. Then we define some classes and variables which are very handy for doing things in FI. After creating the partitions and file systems the software packages will be installed and this will be the part that takes most time and in the end we are doing a customization on all these packages and then we can reboot the new system. The class concept means you can group a list of hosts and every host that belongs to this class shares the same information for part of the configuration and normally every time hosts belong to several classes and all the parts of the FI installation can use these classes. Here's an example for a part of the configuration space in the first sub-directory class we have some scripts that define the classes and the variables and then the second part, the partitioning part, uses these classes so if a host belongs to the class FI base default grub and desktop and desktop would be the class with the highest priority then in the partitioning part FI uses the file desktop and this describes how the local disk should be partitioned I will show an example later. The same is then for the package selection which packages to install there we use all classes that are defined for certain hosts. Here's an example how you can define classes it's very easy you can write shell scripts or Perl or Python scripts we have some magic in FI everything that those scripts write to standard output are automatically defined as a class so if you like to put all the configuration data the assignment of classes to the host into a database this is no problem then you just have to write a small script that accesses the databases and writes the list of classes just to standard out, that's it. So this is also very flexible. Variables are just shell variables that can later be used with the customization scripts. As I said, the first part where data is written on the disk is the partitioning part and there we have created something that is very similar to FSTAP so if a sysadmin knows how an FSTAP files look you can easily write a configuration for FI for the partitioning. The butterfs support was added one or two months ago that's very nice that we can do all this and you see the size of the partitions can be defined very flexible you can say we have a minimal or maximum size this is an easy example for the disk partitioning we can also automatically create software rate and LVM partitions with FI this is an extended example but for me it was very important that if you once have seen such a file you can just take one, modify it and it's very easy to create a configuration of your own and no XML things in it. The software package installation part is we have several files, again here there's a file called Beowulf so if the client belongs to the class Beowulf this file will be read by the FI part and then you only write down the names of the software packages this part also supports the whole list of packaging tools and in the end after you've installed the software packages you can call your own customization scripts and there we support all things of scripting languages, sometimes FI users do not use this customization script but just say oh we have Puppet or CF Engine running so we use FI for partitioning installing software packages and then run our CF Engine environment. This is a shell example there are some very handy tools that I've created, one is the F copy where you can have some templates for a certain ETC file and F copy knows to which classes you belong and another is AINSL which is append if no such line which is a very nice function that I know from CF Engine and I've re-implemented it. Something about the installation times it's very fast and even with a bigger cluster there is no scaling problem often people say oh you are using NFS and NFS does not scale, NFS is not a problem because most traffic on the network is HTTP traffic so please believe me NFS will not be a problem Why is FI the universal installation tool? It started in 1999 for installing Debian but in the meantime we have installed Ubuntu, CentOS, SUSE even Solaris and also on very different hardware architectures The booting up part of FI does not need any modification if we want to support a new Linux distribution There are also users that are installing a different Linux distribution with only one NFS route so you can use a Debian NFS route for installing other Linux distribution This works really nice The only thing that you have to change is how to access the package repository you have to adjust the package names for example in Debian the package is called Apache 2 and in another distribution maybe it's just called Apache or Apache minus server so these things have to be adjusted and of course that would be the main part the customization scripts FI is also the universal deployment tool because it does not care if you want to install a bare metal or virtual machine or want to set up a change route or a live CD or create your golden image by configuring software packages We have this thing called FI Deer install and that's how you could create a change route environment What I like to do is a new command called FI Cloud Image it's more like FI Disk Image but for the enterprise version of FI that does not exist, I would call it FI Cloud Image I think that's important that you can create it's very similar to creating a change route but a disk image needs the master boot record thing a little bit more Here is a list of some FI users for example at the end the Grimel Live CD, it's an Admin Live CD uses FI for daily builds of eight different ISO images This is one user that is using FI for creating live CDs and there are very different sizes of users out now FI is a tool that gives you the base technology for deploying We do not have a GUI There are some GUIs out there that have FI plugins OpenQRM and the Goza which is used as a city of Munich They deploy 16,000 machines and the Goza is a PHP web front and for the LDAP and using this front end they can say please reinstall or install a new machine or the installation a little bit FI itself includes this FI monitor GUI which just shows at which part of the installation certain machines are on Yeah and now some questions and during the questions I will start an installation from CD if you have set up the installed server but the network installation is running you can create a FI CD this is not a live CD this is an installation CD and with two commands you can create this CD and then start the installation That's what I'm doing here in a virtual machine that's because it will be very fast I measured it's yeah the XFC desktop on a complete empty machine and since the virtual hard disk is in RAM here it will only take 90 seconds and the password is install me so nobody can blame me or why did this CD just wiped my machine you have told it install me I'm trying to understand the mechanism is it all through the packages through custom packages is there code that modifies the configuration just trying to understand the actual way by which the configuration is made on the target system because I didn't grasp that That's absolute up to you how you want to do it with the pre-seeding feature so we have some questions for the packages for example do you want to start the SSH daemon on booting up the machine and you can pre-define the answers to those questions this is called the pre-seeding FI supports this pre-seeding the customization scripts I'm using in ETC but if you are using software packages that include configuration your customized configuration information FI only has to install those packages so FI would never say you have to do it in this way you are always flexible edit files automatically in ETC or put them in the packages what do you mean suppose I've got one machine is a member of a cluster and then I've got some clients that are a member of this cluster can FI set these things up from a high level knowledge of these relationships or do you need to actually specify those individual relationships entirely within the individual configuration files that you provide to each of these machines the only thing that you can do is FI's create a class where you define all machines that belong to this FI classes should be configured in that way that's the only thing that you can do with FI so the installation of the CD was finished even there's errors found in some log file but we now just reboot the CD and here we have a time out of 20 seconds I've got one question can you do criteria based installation you can do criteria based installation if it's got 2 GB RAM if it has 2 cores I want human 2 or something else yeah you can also install different distribution depending on the classes on the FI website there are 2 demo CD images one is this one and there's another multi-distribution CD where you have a grab menu where you can select I want to install Debian or CentOS okay one more question hi yeah I saw that you it's pretty easy to define the partitions and everything we are now in the migration to GPT partition tables support that out of the box then the partitioning part also supports GPT tables no problem so as you see here the installation finished the machine boots up and demo user was installed and I could log in in 97 seconds alright one more question from the back well the next we can get set up I need the mic yeah you mentioned CF I'll try that yeah you mentioned CF engine and puppet do you support other config management tools like Chef, Saltstack, Ansible not yet but it's about I would say it's like 5 to 10 lines of shell code that I have to write because we only go into the sub directories look for files that match a class name and execute this file and if you then put a puppet or chef script there what Phi does not do is setting up the CF engine server or puppet server we use CF engine just as a script language and if you want to do this with a chef or puppet that's really easy some users what they are doing the installation with Phi and then they reboot the machine during the first reboot they start their puppet or whatever infrastructure so that's also possible okay thank you very much