I'm from the team that develops ABRT , the Automatic Bug Reporting Tool
that is currently used in Fedora and RH Enterprise Linux. ABRT can
detect several types of application problems (e.g. binary segfaults,
uncaught python exceptions, ...), collect related data, and more or less
automatically report them somewhere.
For the detected crashes, ABRT can send something called uReport , a
small, machine-friendly report that doesn't necessarily contain enough
information to fix the underlying problem but can be useful to determine
whether similar problem happened before and to maintain crash
statistics. These reports can be collected by ABRT server (called "FAF"
in some places) - Fedora users send them to the instance located here
What we would like to do is to provide a Foreman plugin that would
associate to every Foreman-managed machine the uReports the machine
sent. The reports would then be displayed in the web interface so that
the administrator can see if something bad is going on on their machine.
We're not familiar with Foreman and still trying to figure out how would
this integration work. After a quick discussion with Foreman guys in Red
Hat Brno office, we've identified two design problems:
1. How should Foreman and ABRT server interact
We were able to come up with two scenarios:
A) uReports are collected by ABRT server deployed by the administrator.
Upon receiving a report, the ABRT server notifies Foreman (or Foreman
can periodically ask the ABRT server for new reports). Foreman
communicates with ABRT server using some kind of REST API.
* machine authentication has to be handled by ABRT server
* ABRT server has to provide suitable API
* not necessary to duplicate ABRT server code in Foreman
B) uReports are collected by Foreman, or some kind of proxy written for
this purpose. The reports can be browsed in Foreman and can be
forwarded to ABRT server instance, either automatically or after the
administrator manually accepts the report. The report can be
forwarded to ABRT server run by the administrator, or it can be
forwarded to the instance managed by Fedora/Red Hat/etc.
* Foreman handles machine authentication
* administrator can benefit from this without deploying their own ABRT
* subset of the ABRT server functionality would have to be implemented
by the Foreman plugin/proxy
2. Machine authentication
uReports were originally designed to allow anonymous reporting, mainly
for Fedora users. They only contain data that are not considered
sensitive and we currently have no way to find out where did an uReport
While we could just add an item containing e.g. FQDN to the uReport,
such information can be easily spoofed. Can we take advantage of the
fact that there already exists authentication between the managed
machines and Foreman (or Puppet?)?
I'll be grateful for your thoughts on this subject.