Revision 99d41ad9
Added by Adam Ruzicka about 3 years ago
README.md | ||
---|---|---|
|
||
| Module version | Proxy versions | Notes |
|
||
|----------------|----------------|-----------------------------------------------------|
|
||
| 16.x - 17.x | 2.3 and newer | See compatibility notes in its README for 2.0-2.2 |
|
||
| 16.x - 18.x | 2.3 and newer | See compatibility notes in its README for 2.0-2.2 |
|
||
| 13.x - 15.x | 2.0 - 2.2 | |
|
||
| 12.x | 1.19 - 1.24 | See compatibility notes in its README for 1.19-1.22 |
|
||
| 11.x | 1.19 - 1.23 | See compatibility notes in its README for 1.19-1.21 |
|
||
... | ... | |
| 2.x | 1.5 - 1.10 | |
|
||
| 1.x | 1.4 and older | |
|
||
|
||
18.x switched to running `smart_proxy_dynflow` as part of `foreman-proxy` service by default. On EL* distributions and Foreman < 2.5, `foreman_proxy::plugin::dynflow::external_core` needs to be explicitly set to `true`.
|
||
16.x added support for Smart Proxy Registration feature, available in Smart Proxy 2.3 and newer.
|
||
12.x has dropped support for Puppet 3 which was officially unsupported for a while and Foreman Proxy 1.23 dropped altogether.
|
||
|
manifests/plugin/dynflow.pp | ||
---|---|---|
Optional[Array[String]] $ssl_disabled_ciphers = $foreman_proxy::plugin::dynflow::params::ssl_disabled_ciphers,
|
||
Optional[Array[String]] $tls_disabled_versions = $foreman_proxy::plugin::dynflow::params::tls_disabled_versions,
|
||
Integer[1] $open_file_limit = $foreman_proxy::plugin::dynflow::params::open_file_limit,
|
||
Optional[Boolean] $external_core = $foreman_proxy::plugin::dynflow::params::external_core,
|
||
Boolean $external_core = $foreman_proxy::plugin::dynflow::params::external_core,
|
||
) inherits foreman_proxy::plugin::dynflow::params {
|
||
if $foreman_proxy::ssl {
|
||
$core_url = "https://${facts['networking']['fqdn']}:${core_port}"
|
||
... | ... | |
}
|
||
|
||
if $external_core {
|
||
foreman_proxy::plugin { 'dynflow_core':
|
||
notify => Service['smart_proxy_dynflow_core'],
|
||
}
|
||
$service = 'smart_proxy_dynflow_core'
|
||
|
||
file { '/etc/smart_proxy_dynflow_core/settings.yml':
|
||
ensure => file,
|
||
content => template('foreman_proxy/plugin/dynflow_core.yml.erb'),
|
||
require => Foreman_proxy::Plugin['dynflow_core'],
|
||
notify => Service['smart_proxy_dynflow_core'],
|
||
notify => Service[$service],
|
||
}
|
||
|
||
file { '/etc/smart_proxy_dynflow_core/settings.d':
|
||
ensure => link,
|
||
target => "${foreman_proxy::config_dir}/settings.d",
|
||
require => Foreman_proxy::Plugin['dynflow_core'],
|
||
notify => Service['smart_proxy_dynflow_core'],
|
||
notify => Service[$service],
|
||
}
|
||
} else {
|
||
$service = 'foreman-proxy'
|
||
}
|
||
|
||
systemd::service_limits { 'smart_proxy_dynflow_core.service':
|
||
limits => {
|
||
'LimitNOFILE' => $open_file_limit,
|
||
},
|
||
restart_service => false,
|
||
require => Foreman_proxy::Plugin['dynflow_core'],
|
||
notify => Service['smart_proxy_dynflow_core'],
|
||
}
|
||
foreman_proxy::plugin { 'dynflow_core':
|
||
notify => Service[$service],
|
||
}
|
||
|
||
service { 'smart_proxy_dynflow_core':
|
||
ensure => running,
|
||
enable => true,
|
||
}
|
||
service { 'smart_proxy_dynflow_core':
|
||
ensure => $external_core,
|
||
enable => $external_core,
|
||
}
|
||
}
|
manifests/plugin/dynflow/params.pp | ||
---|---|---|
$ssl_disabled_ciphers = undef
|
||
$tls_disabled_versions = undef
|
||
$open_file_limit = 1000000
|
||
$external_core = $facts['os']['family'] ? {
|
||
'RedHat' => true,
|
||
default => undef
|
||
}
|
||
$external_core = false
|
||
}
|
spec/acceptance/dynflow_spec.rb | ||
---|---|---|
|
||
it_behaves_like 'the default foreman proxy application'
|
||
|
||
if os[:family] =~ /redhat|fedora/
|
||
describe service('smart_proxy_dynflow_core') do
|
||
it { is_expected.to be_enabled }
|
||
it { is_expected.to be_running }
|
||
end
|
||
|
||
describe port(8008) do
|
||
it { is_expected.to be_listening }
|
||
end
|
||
else
|
||
describe service('smart_proxy_dynflow_core') do
|
||
it { is_expected.not_to be_enabled }
|
||
it { is_expected.not_to be_running }
|
||
end
|
||
describe service('smart_proxy_dynflow_core') do
|
||
it { is_expected.not_to be_enabled }
|
||
it { is_expected.not_to be_running }
|
||
end
|
||
|
||
describe port(8008) do
|
||
it { is_expected.not_to be_listening }
|
||
end
|
||
describe port(8008) do
|
||
it { is_expected.not_to be_listening }
|
||
end
|
||
end
|
spec/classes/foreman_proxy__plugin__dynflow_spec.rb | ||
---|---|---|
let(:pre_condition) { 'include foreman_proxy' }
|
||
let(:etc_dir) { ['FreeBSD', 'DragonFly'].include?(facts[:osfamily]) ? '/usr/local/etc' : '/etc' }
|
||
|
||
has_core = facts[:osfamily] == 'RedHat'
|
||
|
||
describe 'with default settings' do
|
||
it { should compile.with_all_deps }
|
||
it { should contain_foreman_proxy__plugin__module('dynflow') }
|
||
... | ... | |
':enabled: https',
|
||
':database: ',
|
||
':core_url: https://foo.example.com:8008',
|
||
':external_core: false',
|
||
]
|
||
lines << ':external_core: true' if has_core
|
||
verify_exact_contents(catalogue,
|
||
"#{etc_dir}/foreman-proxy/settings.d/dynflow.yml",
|
||
lines)
|
||
end
|
||
|
||
if has_core
|
||
it { should contain_foreman_proxy__plugin('dynflow_core') }
|
||
it { should contain_service('smart_proxy_dynflow_core') }
|
||
|
||
it 'should create settings.d symlink' do
|
||
should contain_file("#{etc_dir}/smart_proxy_dynflow_core/settings.d").
|
||
with_ensure('link').with_target("#{etc_dir}/foreman-proxy/settings.d")
|
||
end
|
||
|
||
it 'should create systemd service limits' do
|
||
should contain_systemd__service_limits('smart_proxy_dynflow_core.service').
|
||
with_limits({'LimitNOFILE' => 1000000}).that_notifies('Service[smart_proxy_dynflow_core]')
|
||
end
|
||
|
||
it 'should generate correct dynflow core settings.yml' do
|
||
verify_exact_contents(catalogue, "#{etc_dir}/smart_proxy_dynflow_core/settings.yml", [
|
||
"---",
|
||
":database: ",
|
||
":console_auth: true",
|
||
":foreman_url: https://foo.example.com",
|
||
':listen: "*"',
|
||
":port: 8008",
|
||
":use_https: true",
|
||
":ssl_ca_file: /etc/puppetlabs/puppet/ssl/certs/ca.pem",
|
||
":ssl_certificate: /etc/puppetlabs/puppet/ssl/certs/foo.example.com.pem",
|
||
":ssl_private_key: /etc/puppetlabs/puppet/ssl/private_keys/foo.example.com.pem",
|
||
])
|
||
end
|
||
it { should contain_foreman_proxy__plugin('dynflow_core') }
|
||
it { should contain_service('smart_proxy_dynflow_core').
|
||
with(ensure: false, enable: false) }
|
||
|
||
it 'should restart external core' do
|
||
should contain_file("#{etc_dir}/smart_proxy_dynflow_core/settings.yml").
|
||
that_notifies('Service[smart_proxy_dynflow_core]')
|
||
should contain_file("#{etc_dir}/smart_proxy_dynflow_core/settings.d").
|
||
that_notifies('Service[smart_proxy_dynflow_core]')
|
||
end
|
||
else
|
||
it { should_not contain_foreman_proxy__plugin('dynflow_core') }
|
||
it { should_not contain_file("#{etc_dir}/smart_proxy_dynflow_core/settings.d") }
|
||
it { should_not contain_file("#{etc_dir}/smart_proxy_dynflow_core/settings.yml") }
|
||
it { should_not contain_service('smart_proxy_dynflow_core') }
|
||
it { should_not contain_systemd__service_limits('smart_proxy_dynflow_core.service') }
|
||
end
|
||
it { should_not contain_file("#{etc_dir}/smart_proxy_dynflow_core/settings.d") }
|
||
it { should_not contain_file("#{etc_dir}/smart_proxy_dynflow_core/settings.yml") }
|
||
it { should_not contain_systemd__service_limits('smart_proxy_dynflow_core.service') }
|
||
end
|
||
|
||
describe 'with custom settings' do
|
||
... | ... | |
describe 'without external_core' do
|
||
let(:params) { { external_core: false } }
|
||
|
||
it { should_not contain_foreman_proxy__plugin('dynflow_core') }
|
||
it { should contain_foreman_proxy__plugin('dynflow_core') }
|
||
it { should contain_service('smart_proxy_dynflow_core').
|
||
with(ensure: false, enable: false) }
|
||
|
||
it { should_not contain_file("#{etc_dir}/smart_proxy_dynflow_core/settings.d") }
|
||
it { should_not contain_file("#{etc_dir}/smart_proxy_dynflow_core/settings.yml") }
|
||
it { should_not contain_service('smart_proxy_dynflow_core') }
|
||
it { should_not contain_systemd__service_limits('smart_proxy_dynflow_core.service') }
|
||
|
||
it 'should generate correct dynflow.yml' do
|
Also available in: Unified diff
Fixes #32235 - Run Dynflow within smart-proxy on EL*