Project

General

Profile

« Previous | Next » 

Revision 99d41ad9

Added by Adam Ruzicka about 3 years ago

Fixes #32235 - Run Dynflow within smart-proxy on EL*

View differences:

README.md
| Module version | Proxy versions | Notes |
|----------------|----------------|-----------------------------------------------------|
| 16.x - 17.x | 2.3 and newer | See compatibility notes in its README for 2.0-2.2 |
| 16.x - 18.x | 2.3 and newer | See compatibility notes in its README for 2.0-2.2 |
| 13.x - 15.x | 2.0 - 2.2 | |
| 12.x | 1.19 - 1.24 | See compatibility notes in its README for 1.19-1.22 |
| 11.x | 1.19 - 1.23 | See compatibility notes in its README for 1.19-1.21 |
......
| 2.x | 1.5 - 1.10 | |
| 1.x | 1.4 and older | |
18.x switched to running `smart_proxy_dynflow` as part of `foreman-proxy` service by default. On EL* distributions and Foreman < 2.5, `foreman_proxy::plugin::dynflow::external_core` needs to be explicitly set to `true`.
16.x added support for Smart Proxy Registration feature, available in Smart Proxy 2.3 and newer.
12.x has dropped support for Puppet 3 which was officially unsupported for a while and Foreman Proxy 1.23 dropped altogether.
manifests/plugin/dynflow.pp
Optional[Array[String]] $ssl_disabled_ciphers = $foreman_proxy::plugin::dynflow::params::ssl_disabled_ciphers,
Optional[Array[String]] $tls_disabled_versions = $foreman_proxy::plugin::dynflow::params::tls_disabled_versions,
Integer[1] $open_file_limit = $foreman_proxy::plugin::dynflow::params::open_file_limit,
Optional[Boolean] $external_core = $foreman_proxy::plugin::dynflow::params::external_core,
Boolean $external_core = $foreman_proxy::plugin::dynflow::params::external_core,
) inherits foreman_proxy::plugin::dynflow::params {
if $foreman_proxy::ssl {
$core_url = "https://${facts['networking']['fqdn']}:${core_port}"
......
}
if $external_core {
foreman_proxy::plugin { 'dynflow_core':
notify => Service['smart_proxy_dynflow_core'],
}
$service = 'smart_proxy_dynflow_core'
file { '/etc/smart_proxy_dynflow_core/settings.yml':
ensure => file,
content => template('foreman_proxy/plugin/dynflow_core.yml.erb'),
require => Foreman_proxy::Plugin['dynflow_core'],
notify => Service['smart_proxy_dynflow_core'],
notify => Service[$service],
}
file { '/etc/smart_proxy_dynflow_core/settings.d':
ensure => link,
target => "${foreman_proxy::config_dir}/settings.d",
require => Foreman_proxy::Plugin['dynflow_core'],
notify => Service['smart_proxy_dynflow_core'],
notify => Service[$service],
}
} else {
$service = 'foreman-proxy'
}
systemd::service_limits { 'smart_proxy_dynflow_core.service':
limits => {
'LimitNOFILE' => $open_file_limit,
},
restart_service => false,
require => Foreman_proxy::Plugin['dynflow_core'],
notify => Service['smart_proxy_dynflow_core'],
}
foreman_proxy::plugin { 'dynflow_core':
notify => Service[$service],
}
service { 'smart_proxy_dynflow_core':
ensure => running,
enable => true,
}
service { 'smart_proxy_dynflow_core':
ensure => $external_core,
enable => $external_core,
}
}
manifests/plugin/dynflow/params.pp
$ssl_disabled_ciphers = undef
$tls_disabled_versions = undef
$open_file_limit = 1000000
$external_core = $facts['os']['family'] ? {
'RedHat' => true,
default => undef
}
$external_core = false
}
spec/acceptance/dynflow_spec.rb
it_behaves_like 'the default foreman proxy application'
if os[:family] =~ /redhat|fedora/
describe service('smart_proxy_dynflow_core') do
it { is_expected.to be_enabled }
it { is_expected.to be_running }
end
describe port(8008) do
it { is_expected.to be_listening }
end
else
describe service('smart_proxy_dynflow_core') do
it { is_expected.not_to be_enabled }
it { is_expected.not_to be_running }
end
describe service('smart_proxy_dynflow_core') do
it { is_expected.not_to be_enabled }
it { is_expected.not_to be_running }
end
describe port(8008) do
it { is_expected.not_to be_listening }
end
describe port(8008) do
it { is_expected.not_to be_listening }
end
end
spec/classes/foreman_proxy__plugin__dynflow_spec.rb
let(:pre_condition) { 'include foreman_proxy' }
let(:etc_dir) { ['FreeBSD', 'DragonFly'].include?(facts[:osfamily]) ? '/usr/local/etc' : '/etc' }
has_core = facts[:osfamily] == 'RedHat'
describe 'with default settings' do
it { should compile.with_all_deps }
it { should contain_foreman_proxy__plugin__module('dynflow') }
......
':enabled: https',
':database: ',
':core_url: https://foo.example.com:8008',
':external_core: false',
]
lines << ':external_core: true' if has_core
verify_exact_contents(catalogue,
"#{etc_dir}/foreman-proxy/settings.d/dynflow.yml",
lines)
end
if has_core
it { should contain_foreman_proxy__plugin('dynflow_core') }
it { should contain_service('smart_proxy_dynflow_core') }
it 'should create settings.d symlink' do
should contain_file("#{etc_dir}/smart_proxy_dynflow_core/settings.d").
with_ensure('link').with_target("#{etc_dir}/foreman-proxy/settings.d")
end
it 'should create systemd service limits' do
should contain_systemd__service_limits('smart_proxy_dynflow_core.service').
with_limits({'LimitNOFILE' => 1000000}).that_notifies('Service[smart_proxy_dynflow_core]')
end
it 'should generate correct dynflow core settings.yml' do
verify_exact_contents(catalogue, "#{etc_dir}/smart_proxy_dynflow_core/settings.yml", [
"---",
":database: ",
":console_auth: true",
":foreman_url: https://foo.example.com",
':listen: "*"',
":port: 8008",
":use_https: true",
":ssl_ca_file: /etc/puppetlabs/puppet/ssl/certs/ca.pem",
":ssl_certificate: /etc/puppetlabs/puppet/ssl/certs/foo.example.com.pem",
":ssl_private_key: /etc/puppetlabs/puppet/ssl/private_keys/foo.example.com.pem",
])
end
it { should contain_foreman_proxy__plugin('dynflow_core') }
it { should contain_service('smart_proxy_dynflow_core').
with(ensure: false, enable: false) }
it 'should restart external core' do
should contain_file("#{etc_dir}/smart_proxy_dynflow_core/settings.yml").
that_notifies('Service[smart_proxy_dynflow_core]')
should contain_file("#{etc_dir}/smart_proxy_dynflow_core/settings.d").
that_notifies('Service[smart_proxy_dynflow_core]')
end
else
it { should_not contain_foreman_proxy__plugin('dynflow_core') }
it { should_not contain_file("#{etc_dir}/smart_proxy_dynflow_core/settings.d") }
it { should_not contain_file("#{etc_dir}/smart_proxy_dynflow_core/settings.yml") }
it { should_not contain_service('smart_proxy_dynflow_core') }
it { should_not contain_systemd__service_limits('smart_proxy_dynflow_core.service') }
end
it { should_not contain_file("#{etc_dir}/smart_proxy_dynflow_core/settings.d") }
it { should_not contain_file("#{etc_dir}/smart_proxy_dynflow_core/settings.yml") }
it { should_not contain_systemd__service_limits('smart_proxy_dynflow_core.service') }
end
describe 'with custom settings' do
......
describe 'without external_core' do
let(:params) { { external_core: false } }
it { should_not contain_foreman_proxy__plugin('dynflow_core') }
it { should contain_foreman_proxy__plugin('dynflow_core') }
it { should contain_service('smart_proxy_dynflow_core').
with(ensure: false, enable: false) }
it { should_not contain_file("#{etc_dir}/smart_proxy_dynflow_core/settings.d") }
it { should_not contain_file("#{etc_dir}/smart_proxy_dynflow_core/settings.yml") }
it { should_not contain_service('smart_proxy_dynflow_core') }
it { should_not contain_systemd__service_limits('smart_proxy_dynflow_core.service') }
it 'should generate correct dynflow.yml' do

Also available in: Unified diff