Project

General

Profile

« Previous | Next » 

Revision fc17ce2d

Added by Michael Moll almost 8 years ago

remove formerly deprecated parameters and code (#257)

- remove libvirt_backend parameter
- remove puppet_split_config_files parameter
- remove unneeded ERB in dhcp.yml and dns.yml template
- mark Fedora 24 supported instead of Fedora 21
- remove Debian 7 (wheezy) support
- remove Ubuntu 12.04 (precise) support

View differences:

README.md
## Compatibility
This module only supports Smart Proxy 1.11 or higher as of version 3.0, as the
This module only supports Smart Proxy 1.12 or higher as of version 4.0, as the
configuration layout changed significantly.
To configure older versions of the Smart Proxy (1.5 to 1.10), use version 2.x
of this module.
### 1.11 compatibility notes
* Puppet users must set `puppet_split_config_files => false` to keep a single
puppet.yml configuration file.
* If using the virsh DHCP/DNS provider, `libvirt_backend => "virsh"` must be set.
To configure older versions of the Smart Proxy use version 2.x of this module
for 1.5 to 1.10 and 3.x for 1.11.
# Contributing
manifests/config.pp
foreman_proxy::settings_file { ['dns_nsupdate', 'dns_nsupdate_gss']:
module => false,
}
if $::foreman_proxy::libvirt_backend == 'libvirt' {
foreman_proxy::settings_file { ['dns_libvirt', 'dhcp_libvirt']:
module => false,
}
foreman_proxy::settings_file { ['dns_libvirt', 'dhcp_libvirt']:
module => false,
}
foreman_proxy::settings_file { 'puppet':
enabled => $::foreman_proxy::puppet,
listen_on => $::foreman_proxy::puppet_listen_on,
}
if $::foreman_proxy::puppet_split_config_files {
foreman_proxy::settings_file { [
'puppet_proxy_customrun',
'puppet_proxy_legacy',
'puppet_proxy_mcollective',
'puppet_proxy_puppet_api',
'puppet_proxy_puppetrun',
'puppet_proxy_salt',
'puppet_proxy_ssh',
]:
module => false,
}
foreman_proxy::settings_file { [
'puppet_proxy_customrun',
'puppet_proxy_legacy',
'puppet_proxy_mcollective',
'puppet_proxy_puppet_api',
'puppet_proxy_puppetrun',
'puppet_proxy_salt',
'puppet_proxy_ssh',
]:
module => false,
}
foreman_proxy::settings_file { 'puppetca':
enabled => $::foreman_proxy::puppetca,
manifests/init.pp
# $puppet:: Enable Puppet module for environment imports and Puppet runs
# type:boolean
#
# $puppet_split_config_files:: Split Puppet configuration files. This is needed since version 1.12.
# type:boolean
#
# $puppet_listen_on:: Puppet feature to listen on https, http, or both
#
# $puppetrun_provider:: Provider for running/kicking Puppet agents
......
# $dns_forwarders:: DNS forwarders
# type:array
#
# $libvirt_backend:: Backend of libvirt DNS/DHCP provider (virsh or libvirt)
#
# $libvirt_connection:: Connection string of libvirt DNS/DHCP provider (e.g. "qemu:///system")
#
# $libvirt_network:: Network for libvirt DNS/DHCP provider
......
$puppetca_cmd = $foreman_proxy::params::puppetca_cmd,
$puppet_group = $foreman_proxy::params::puppet_group,
$puppet = $foreman_proxy::params::puppet,
$puppet_split_config_files = $foreman_proxy::params::puppet_split_config_files,
$puppet_listen_on = $foreman_proxy::params::puppet_listen_on,
$puppetrun_cmd = $foreman_proxy::params::puppetrun_cmd,
$puppetrun_provider = $foreman_proxy::params::puppetrun_provider,
......
$dns_tsig_keytab = $foreman_proxy::params::dns_tsig_keytab,
$dns_tsig_principal = $foreman_proxy::params::dns_tsig_principal,
$dns_forwarders = $foreman_proxy::params::dns_forwarders,
$libvirt_backend = $foreman_proxy::params::libvirt_backend,
$libvirt_network = $foreman_proxy::params::libvirt_network,
$libvirt_connection = $foreman_proxy::params::libvirt_connection,
$bmc = $foreman_proxy::params::bmc,
......
# lint:endignore
# Validate puppet params
validate_bool($puppet, $puppet_split_config_files, $puppetssh_wait)
validate_bool($puppet, $puppetssh_wait)
validate_string($ssldir, $puppetdir, $puppetca_cmd, $puppetrun_cmd)
validate_string($puppet_url, $puppet_ssl_ca, $puppet_ssl_cert, $puppet_ssl_key)
validate_string($mcollective_user, $salt_puppetrun_cmd)
......
}
if $puppetrun_provider {
validate_string($puppetrun_provider)
if $puppetrun_provider == 'puppetssh' and $puppet_split_config_files {
$real_puppetrun_provider = 'ssh'
warning('foreman_proxy::puppetrun_provider should be "ssh", not "puppetssh" for 1.12 and above')
} else {
$real_puppetrun_provider = $puppetrun_provider
}
}
# Validate template params
......
validate_array($dns_forwarders)
# Validate libvirt params
validate_re($libvirt_backend, '^(libvirt|virsh)$')
validate_string($libvirt_network, $libvirt_connection)
# Validate bmc params
manifests/params.pp
$keyfile = '/etc/bind/rndc.key'
$nsupdate = 'dnsutils'
if ($::operatingsystem == 'Debian') and (versioncmp($::operatingsystemrelease, '8.0') >= 0) or
($::operatingsystem == 'Ubuntu') and (versioncmp($::operatingsystemrelease, '14.10') >= 0) {
if $::operatingsystem == 'Ubuntu' and $::operatingsystemrelease == '14.04' {
$tftp_syslinux_filenames = ['/usr/lib/syslinux/chain.c32',
'/usr/lib/syslinux/mboot.c32',
'/usr/lib/syslinux/menu.c32',
'/usr/lib/syslinux/memdisk',
'/usr/lib/syslinux/pxelinux.0']
} else {
$tftp_syslinux_filenames = ['/usr/lib/PXELINUX/pxelinux.0',
'/usr/lib/syslinux/memdisk',
'/usr/lib/syslinux/modules/bios/chain.c32',
......
'/usr/lib/syslinux/modules/bios/libutil.c32',
'/usr/lib/syslinux/modules/bios/mboot.c32',
'/usr/lib/syslinux/modules/bios/menu.c32']
} else {
$tftp_syslinux_filenames = ['/usr/lib/syslinux/chain.c32',
'/usr/lib/syslinux/mboot.c32',
'/usr/lib/syslinux/menu.c32',
'/usr/lib/syslinux/memdisk',
'/usr/lib/syslinux/pxelinux.0']
}
}
/^(FreeBSD|DragonFly)$/: {
......
# puppetrun settings
$puppet = true
$puppet_split_config_files = true
$puppet_listen_on = 'https'
$puppetrun_cmd = $puppet::params::puppetrun_cmd
......
$dns_forwarders = []
# libvirt options
$libvirt_backend = 'libvirt'
$libvirt_connection = 'qemu:///system'
$libvirt_network = 'default'
metadata.json
{
"name": "theforeman-foreman_proxy",
"version": "3.0.1",
"version": "4.0.0",
"author": "theforeman",
"summary": "Foreman Smart Proxy configuration",
"license": "GPL-3.0+",
......
{
"operatingsystem": "Fedora",
"operatingsystemrelease": [
"21"
"24"
]
},
{
"operatingsystem": "Debian",
"operatingsystemrelease": [
"7",
"8"
]
},
{
"operatingsystem": "Ubuntu",
"operatingsystemrelease": [
"12.04",
"14.04",
"16.04"
]
spec/classes/foreman_proxy__config__spec.rb
end
if facts[:osfamily] == 'Debian'
case facts[:operatingsystemmajrelease]
when '7'
it 'should copy the correct default files for Debian 7' do
if facts[:operatingsystem] == 'Ubuntu' && facts[:operatingsystemrelease] == '14.04'
it 'should copy the correct default files for Ubuntu 14.04' do
should contain_foreman_proxy__tftp__copy_file('/usr/lib/syslinux/chain.c32')
should contain_foreman_proxy__tftp__copy_file('/usr/lib/syslinux/mboot.c32')
should contain_foreman_proxy__tftp__copy_file('/usr/lib/syslinux/menu.c32')
should contain_foreman_proxy__tftp__copy_file('/usr/lib/syslinux/memdisk')
should contain_foreman_proxy__tftp__copy_file('/usr/lib/syslinux/pxelinux.0')
end
when '8'
it 'should copy the correct default files for Debian 8' do
else
it 'should copy the correct default files for newer Debian/Ubuntu versions' do
should contain_foreman_proxy__tftp__copy_file('/usr/lib/PXELINUX/pxelinux.0')
should contain_foreman_proxy__tftp__copy_file('/usr/lib/syslinux/memdisk')
should contain_foreman_proxy__tftp__copy_file('/usr/lib/syslinux/modules/bios/chain.c32')
......
end
end
context 'when puppetrun_provider => ssh and user/key overridden' do
context 'when puppetrun_provider => ssh' do
let :pre_condition do
'class {"foreman_proxy":
puppetrun_provider => "ssh",
puppetssh_user => "example",
puppetssh_keyfile => "/home/example/.ssh/id_rsa",
}'
end
......
':use_provider: puppet_proxy_ssh',
])
end
it 'should set puppetssh_user and puppetssh_keyfile' do
verify_contents(catalogue, "#{etc_dir}/foreman-proxy/settings.d/puppet_proxy_ssh.yml", [
':user: example',
':keyfile: /home/example/.ssh/id_rsa',
])
end
end
context 'when puppetrun_provider => puppetssh' do
context 'when puppetrun_provider => ssh and user/key overridden' do
let :pre_condition do
'class {"foreman_proxy":
puppetrun_provider => "puppetssh",
puppetrun_provider => "ssh",
puppetssh_user => "example",
puppetssh_keyfile => "/home/example/.ssh/id_rsa",
}'
end
it 'should set provider to puppet_proxy_ssh' do
verify_contents(catalogue, "#{etc_dir}/foreman-proxy/settings.d/puppet.yml", [
':use_provider: puppet_proxy_ssh',
it 'should set puppetssh_user and puppetssh_keyfile' do
verify_contents(catalogue, "#{etc_dir}/foreman-proxy/settings.d/puppet_proxy_ssh.yml", [
':user: example',
':keyfile: /home/example/.ssh/id_rsa',
])
end
end
......
])
end
end
context 'when libvirt_backend => virsh' do
let :pre_condition do
'class {"foreman_proxy":
libvirt_backend => "virsh",
libvirt_network => "mynet",
}'
end
it 'should generate correct settings.yml' do
verify_contents(catalogue, "#{etc_dir}/foreman-proxy/settings.yml", [
':virsh_network: mynet',
])
end
it "should not manage libvirt backend config files" do
should_not contain_file("#{etc_dir}/foreman-proxy/settings.d/dhcp_libvirt.yml")
should_not contain_file("#{etc_dir}/foreman-proxy/settings.d/dns_libvirt.yml")
end
end
context 'with puppet_split_config_files => false' do
let :pre_condition do
'class {"foreman_proxy":
puppet_split_config_files => false,
}'
end
it 'should generate correct puppet.yml' do
verify_exact_contents(catalogue, "#{etc_dir}/foreman-proxy/settings.d/puppet.yml", [
'---',
':enabled: https',
":puppet_conf: #{etc_dir}/puppet/puppet.conf",
":customrun_cmd: #{shell}",
':customrun_args: -ay -f -s',
':puppetssh_sudo: false',
":puppetssh_command: #{usr_dir}/bin/puppet agent --onetime --no-usecacheonfailure",
':puppetssh_wait: false',
":puppet_url: https://#{facts[:fqdn]}:8140",
":puppet_ssl_ca: #{var_dir}/ssl/certs/ca.pem",
":puppet_ssl_cert: #{var_dir}/ssl/certs/#{facts[:fqdn]}.pem",
":puppet_ssl_key: #{var_dir}/ssl/private_keys/#{facts[:fqdn]}.pem",
])
end
context 'with pupppetrun_provider set to mcollective' do
let :pre_condition do
'class {"foreman_proxy":
puppet => true,
puppet_split_config_files => false,
puppetrun_provider => "mcollective",
}'
end
it 'should contain mcollective as puppet_provider and mcollective_user as root' do
verify_contents(catalogue, "#{etc_dir}/foreman-proxy/settings.d/puppet.yml", [
':puppet_provider: mcollective',
':mcollective_user: root',
])
end
end
context 'when puppetrun_provider => puppetrun' do
let :pre_condition do
'class {"foreman_proxy":
puppet_split_config_files => false,
puppetrun_provider => "puppetrun",
}'
end
it 'should contain puppetrun as puppet_provider and puppet_user as root' do
verify_contents(catalogue, "#{etc_dir}/foreman-proxy/settings.d/puppet.yml", [
':puppet_provider: puppetrun',
':puppet_user: root',
])
end
end
context 'when puppetrun_provider => puppetssh' do
let :pre_condition do
'class {"foreman_proxy":
puppet_split_config_files => false,
puppetrun_provider => "puppetssh",
}'
end
it 'should set provider to puppetssh' do
verify_contents(catalogue, "#{etc_dir}/foreman-proxy/settings.d/puppet.yml", [
':puppet_provider: puppetssh',
])
end
it 'should set puppetssh_user and puppetssh_keyfile' do
verify_contents(catalogue, "#{etc_dir}/foreman-proxy/settings.d/puppet.yml", [
':puppetssh_user: root',
":puppetssh_keyfile: #{etc_dir}/foreman-proxy/id_rsa",
])
end
end
context 'when puppetrun_provider => salt' do
let :pre_condition do
'class {"foreman_proxy":
puppet_split_config_files => false,
puppetrun_provider => "salt",
}'
end
it 'should contain salt as puppet_provider and salt_puppetrun_cmd' do
verify_contents(catalogue, "#{etc_dir}/foreman-proxy/settings.d/puppet.yml", [
':puppet_provider: salt',
':salt_puppetrun_cmd: puppet.run',
])
end
end
context 'when puppet_use_environment_api set' do
let :pre_condition do
'class {"foreman_proxy":
puppet_split_config_files => false,
puppet_use_environment_api => false,
}'
end
it 'should set puppet_use_environment_api' do
verify_contents(catalogue, "#{etc_dir}/foreman-proxy/settings.d/puppet.yml", [
':puppet_use_environment_api: false',
])
end
end
context 'with puppet use_cache enabled' do
let :pre_condition do
'class {"foreman_proxy":
puppet_split_config_files => false,
puppet_use_cache => true,
}'
end
it 'should set use_cache' do
verify_contents(catalogue, "#{etc_dir}/foreman-proxy/settings.d/puppet.yml", [
':use_cache: true',
])
end
end
end
end
end
end
templates/dhcp.yml.erb
:enabled: <%= @module_enabled %>
# valid providers:
# - <%= "dhcp_" %>isc (ISC dhcp server)
# - <%= "dhcp_" %>native_ms (Microsoft native implementation)
# - <%= "dhcp_" %><%= scope.lookupvar("foreman_proxy::libvirt_backend") %> (dnsmasq via libvirt)
# - dhcp_isc (ISC dhcp server)
# - dhcp_native_ms (Microsoft native implementation)
# - dhcp_libvirt (dnsmasq via libvirt)
:use_provider: dhcp_<%= scope.lookupvar("foreman_proxy::dhcp_provider") %>
:server: <%= scope.lookupvar("foreman_proxy::dhcp_server") %>
# subnets restricts the subnets queried to a subset, to reduce the query time.
templates/dns.yml.erb
# DNS management
:enabled: <%= @module_enabled %>
# valid providers:
# <%= "dns_" %>dnscmd (Microsoft Windows native implementation)
# <%= "dns_" %>nsupdate
# <%= "dns_" %>nsupdate_gss (for GSS-TSIG support)
# <%= "dns_" %><%= scope.lookupvar("foreman_proxy::libvirt_backend") %> (dnsmasq via libvirt)
# dns_dnscmd (Microsoft Windows native implementation)
# dns_nsupdate
# dns_nsupdate_gss (for GSS-TSIG support)
# dns_libvirt (dnsmasq via libvirt)
:use_provider: dns_<%= scope.lookupvar("foreman_proxy::dns_provider") %>
# use this setting if you want to override default TTL setting (86400)
:dns_ttl: <%= scope.lookupvar("foreman_proxy::dns_ttl") %>
templates/puppet.yml.erb
---
<% split_files = scope.lookupvar("foreman_proxy::puppet_split_config_files") -%>
# Puppet management
:enabled: <%= @module_enabled %>
# valid providers:
# <%= "puppet_proxy_" if split_files %>puppetrun (for puppetrun/kick, deprecated in Puppet 3)
# <%= "puppet_proxy_" if split_files %>mcollective (uses mco puppet)
<% if split_files -%>
# puppet_proxy_puppetrun (for puppetrun/kick, deprecated in Puppet 3)
# puppet_proxy_mcollective (uses mco puppet)
# puppet_proxy_ssh (run puppet over ssh)
# puppet_proxy_salt (uses salt puppet.run)
# puppet_proxy_customrun (calls a custom command with args)
<% unless [nil, :undefined, :undef, ''].include?(scope.lookupvar("foreman_proxy::puppetrun_provider")) -%>
:use_provider: puppet_proxy_<%= scope.lookupvar("foreman_proxy::puppetrun_provider") %>
<% else -%>
# puppetssh (run puppet over ssh)
<% end -%>
# <%= "puppet_proxy_" if split_files %>salt (uses salt puppet.run)
# <%= "puppet_proxy_" if split_files %>customrun (calls a custom command with args)
<% unless [nil, :undefined, :undef, ''].include?(scope.lookupvar("foreman_proxy::real_puppetrun_provider")) -%>
:<%= split_files ? 'use' : 'puppet' %>_provider: <%= "puppet_proxy_" if split_files %><%= scope.lookupvar("foreman_proxy::real_puppetrun_provider") %>
<% else -%>
#:<%= split_files ? 'use' : 'puppet' %>_provider: <%= "puppet_proxy_" if split_files %>puppetrun
#:use_provider: puppet_proxy_puppetrun
<% end -%>
<% if split_files -%>
:puppet_version: <%= @puppetversion %>
<% else -%>
:puppet_conf: <%= scope.lookupvar("foreman_proxy::puppetdir") %>/puppet.conf
# customrun command details
# Set :customrun_cmd to the full path of the script you want to run, instead of /bin/false
:customrun_cmd: <%= scope.lookupvar("foreman_proxy::customrun_cmd") %>
# Set :customrun_args to any args you want to pass to your custom script. The hostname of the
# system to run against will be appended after the custom commands.
:customrun_args: <%= scope.lookupvar("foreman_proxy::customrun_args") %>
# whether to use sudo before the ssh command
:puppetssh_sudo: <%= scope.lookupvar("foreman_proxy::puppetssh_sudo") %>
# the command which will be sent to the host
:puppetssh_command: <%= scope.lookupvar("foreman_proxy::puppetssh_command") %>
# wait for the command to finish (and capture exit code), or detach process and return 0
# Note: enabling this option causes the Foreman web UI to be blocked when executing puppetrun,
# with timeout from the Browser and/or Foreman's REST client after 60 seconds.
:puppetssh_wait: <%= scope.lookupvar("foreman_proxy::puppetssh_wait") %>
# With which user should the proxy connect
<% if scope.lookupvar("foreman_proxy::puppetrun_provider") == 'puppetssh' -%>
:puppetssh_user: <%= scope.lookupvar("foreman_proxy::puppetssh_user") %>
:puppetssh_keyfile: <%= scope.lookupvar("foreman_proxy::puppetssh_keyfile") %>
<% else -%>
#:puppetssh_user: root
#:puppetssh_keyfile: /etc/foreman-proxy/id_rsa
<% end -%>
# Custom salt puppet.run command
# Set :salt_puppetrun_cmd to 'puppet.run agent no-noop' to run in no-noop mode.
# Default command is puppet.run
<% if scope.lookupvar("foreman_proxy::puppetrun_provider") == 'salt' -%>
:salt_puppetrun_cmd: <%= scope.lookupvar("foreman_proxy::salt_puppetrun_cmd") %>
<% else -%>
#:salt_puppetrun_cmd: puppet.run
<% end -%>
# Which user to invoke sudo as to run puppet commands
<% if scope.lookupvar("foreman_proxy::puppetrun_provider") == 'puppetrun' -%>
:puppet_user: <%= scope.lookupvar("foreman_proxy::puppet_user") %>
<% else -%>
#:puppet_user: root
<% end -%>
# If you want to override the puppet_user above just for mco commands
<% if scope.lookupvar("foreman_proxy::puppetrun_provider") == 'mcollective' -%>
:mcollective_user: <%= scope.lookupvar("foreman_proxy::mcollective_user") %>
<% else -%>
#:mcollective_user: peadmin
<% end -%>
# URL of the puppet master itself for API requests
:puppet_url: <%= scope.lookupvar("foreman_proxy::puppet_url") %>
# SSL certificates used to access the puppet master API
:puppet_ssl_ca: <%= scope.lookupvar("foreman_proxy::puppet_ssl_ca") %>
:puppet_ssl_cert: <%= scope.lookupvar("foreman_proxy::puppet_ssl_cert") %>
:puppet_ssl_key: <%= scope.lookupvar("foreman_proxy::puppet_ssl_key") %>
# Override use of Puppet's API to list environments, by default it will use only if
# environmentpath is given in puppet.conf, else will look for environments in puppet.conf
<% if [nil, :undefined, :undef].include?(scope.lookupvar("foreman_proxy::puppet_use_environment_api")) %>
#:puppet_use_environment_api: true
<% else %>
:puppet_use_environment_api: <%= scope.lookupvar("foreman_proxy::puppet_use_environment_api") %>
<% end %>
# Cache options
<% if [nil, :undefined, :undef].include?(scope.lookupvar("foreman_proxy::puppet_use_cache")) -%>
#:use_cache: true
<% else -%>
:use_cache: <%= scope.lookupvar("foreman_proxy::puppet_use_cache") %>
<% end -%>
<% end -%>
templates/settings.yml.erb
# default values for https_port is 8443
<%= '#' unless ssl -%>:https_port: <%= scope.lookupvar("foreman_proxy::ssl_port") %>
<%= '#' unless http -%>:http_port: <%= scope.lookupvar("foreman_proxy::http_port") %>
<%- if scope.lookupvar('foreman_proxy::libvirt_backend') == 'virsh' -%>
# shared options for virsh DNS/DHCP provider
:virsh_network: <%= scope.lookupvar('foreman_proxy::libvirt_network') %>
<%- end -%>
# Log configuration
# Uncomment and modify if you want to change the location of the log file or use STDOUT or SYSLOG values
:log_file: <%= scope.lookupvar("foreman_proxy::log") %>

Also available in: Unified diff