Revision d8207ebd
Added by Stephen Benjamin over 7 years ago
.fixtures.yml | ||
---|---|---|
trusted_ca: "git://github.com/evenup/evenup-trusted_ca.git"
|
||
squid3: "git://github.com/thias/puppet-squid3.git"
|
||
symlinks:
|
||
capsule: "#{source_dir}"
|
||
foreman_proxy_content: "#{source_dir}"
|
README.md | ||
---|---|---|
[![Puppet Forge](http://img.shields.io/puppetforge/v/katello/capsule.svg)](https://forge.puppetlabs.com/katello/capsule)
|
||
[![Build Status](https://travis-ci.org/Katello/puppet-capsule.svg?branch=master)](https://travis-ci.org/Katello/puppet-capsule)
|
||
[![Puppet Forge](http://img.shields.io/puppetforge/v/katello/foreman_proxy_content.svg)](https://forge.puppetlabs.com/katello/foreman_proxy_content)
|
||
[![Build Status](https://travis-ci.org/Katello/puppet-foreman_proxy_content.svg?branch=master)](https://travis-ci.org/Katello/puppet-foreman_proxy_content)
|
||
####Table of Contents
|
||
|
||
1. [Overview](#overview)
|
||
2. [Setup - The basics of getting started with capsule](#setup)
|
||
* [What capsule affects](#what-capsule-affects)
|
||
2. [Setup - The basics of getting started with foreman_proxy_content](#setup)
|
||
* [What foreman_proxy_content affects](#what-foreman_proxy_content-affects)
|
||
* [Setup requirements](#setup-requirements)
|
||
* [Beginning with capsule](#beginning-with-capsule)
|
||
* [Beginning with foreman_proxy_content](#beginning-with-foreman_proxy_content)
|
||
3. [Usage - Configuration options and additional functionality](#usage)
|
||
4. [Reference - An under-the-hood peek at what the module is doing and how](#reference)
|
||
5. [Limitations - OS compatibility, etc.](#limitations)
|
||
... | ... | |
|
||
##Overview
|
||
|
||
This module is designed to setup a Capsule server.
|
||
This module is designed to configure a Foreman proxy server for Katello content features.
|
||
|
||
##Setup
|
||
|
||
###What capsule affects
|
||
###What foreman_proxy_content affects
|
||
|
||
* Installs and configures Capsule
|
||
* Installs and configures content-related features on a foreman proxy
|
||
|
||
###Beginning with capsule
|
||
###Beginning with foreman_proxy_content
|
||
|
||
The very basic steps needed for a user to get the module up and running.
|
||
|
||
... | ... | |
##Limitations
|
||
|
||
* EL6 (RHEL6 / CentOS 6)
|
||
* EL7 (RHEL7 / CentOS 7)
|
||
|
||
##Development
|
||
|
manifests/dispatch_router.pp | ||
---|---|---|
# == Class: capsule::dispatch_router
|
||
# == Class: foreman_proxy_content::dispatch_router
|
||
#
|
||
# Install and configure Qpid Dispatch Router
|
||
#
|
||
class capsule::dispatch_router (
|
||
class foreman_proxy_content::dispatch_router (
|
||
) {
|
||
|
||
class { '::qpid::router': }
|
||
... | ... | |
|
||
# Listen for katello-agent clients
|
||
qpid::router::listener { 'clients':
|
||
addr => $capsule::qpid_router_agent_addr,
|
||
port => $capsule::qpid_router_agent_port,
|
||
addr => $foreman_proxy_content::qpid_router_agent_addr,
|
||
port => $foreman_proxy_content::qpid_router_agent_port,
|
||
ssl_profile => 'server',
|
||
}
|
||
|
||
# Enable logging for dispatch router
|
||
file { $capsule::qpid_router_logging_path:
|
||
file { $foreman_proxy_content::qpid_router_logging_path:
|
||
ensure => directory,
|
||
owner => 'qdrouterd',
|
||
} ~>
|
||
qpid::router::log { 'logging':
|
||
level => $capsule::qpid_router_logging_level,
|
||
output => "${capsule::qpid_router_logging_path}/qdrouterd.log",
|
||
level => $foreman_proxy_content::qpid_router_logging_level,
|
||
output => "${foreman_proxy_content::qpid_router_logging_path}/qdrouterd.log",
|
||
}
|
||
|
||
# Act as hub if pulp master, otherwise connect to hub
|
||
if $capsule::pulp_master {
|
||
if $foreman_proxy_content::pulp_master {
|
||
qpid::router::listener {'hub':
|
||
addr => $capsule::qpid_router_hub_addr,
|
||
port => $capsule::qpid_router_hub_port,
|
||
addr => $foreman_proxy_content::qpid_router_hub_addr,
|
||
port => $foreman_proxy_content::qpid_router_hub_port,
|
||
role => 'inter-router',
|
||
ssl_profile => 'server',
|
||
}
|
||
|
||
# Connect dispatch router to the local qpid
|
||
qpid::router::connector { 'broker':
|
||
addr => $capsule::qpid_router_broker_addr,
|
||
port => $capsule::qpid_router_broker_port,
|
||
addr => $foreman_proxy_content::qpid_router_broker_addr,
|
||
port => $foreman_proxy_content::qpid_router_broker_port,
|
||
ssl_profile => 'client',
|
||
role => 'on-demand',
|
||
idle_timeout => 0,
|
||
... | ... | |
}
|
||
} else {
|
||
qpid::router::connector { 'hub':
|
||
addr => $capsule::parent_fqdn,
|
||
port => $capsule::qpid_router_hub_port,
|
||
addr => $foreman_proxy_content::parent_fqdn,
|
||
port => $foreman_proxy_content::qpid_router_hub_port,
|
||
ssl_profile => 'client',
|
||
role => 'inter-router',
|
||
idle_timeout => 0,
|
manifests/init.pp | ||
---|---|---|
# == Class: capsule
|
||
# == Class: foreman_proxy_content
|
||
#
|
||
# Configure a Katello capsule
|
||
# Configure content for foreman proxy for use by katello
|
||
#
|
||
# === Parameters:
|
||
#
|
||
... | ... | |
# $puppet:: Use puppet
|
||
# type:boolean
|
||
#
|
||
# $puppet_ca_proxy:: The actual server that handles puppet CA.
|
||
# Setting this to anything non-empty causes
|
||
# the apache vhost to set up a proxy for all
|
||
# certificates pointing to the value.
|
||
#
|
||
# $puppet_server_implementation:: Puppet master implementation, either "master" (traditional
|
||
# Ruby) or "puppetserver" (JVM-based)
|
||
#
|
||
# === Advanced parameters:
|
||
#
|
||
# $pulp_master:: Whether the capsule should be identified as a pulp master server
|
||
# $pulp_master:: Whether the foreman_proxy_content should be identified as a pulp master server
|
||
# type:boolean
|
||
#
|
||
# $pulp_admin_password:: Password for the Pulp admin user. It should be left blank so that a random password is generated
|
||
... | ... | |
#
|
||
# $pulp_oauth_secret:: OAuth secret to be used for Pulp REST interaction
|
||
#
|
||
# $puppet_ca_proxy:: The actual server that handles puppet CA.
|
||
# Setting this to anything non-empty causes
|
||
# the apache vhost to set up a proxy for all
|
||
# certificates pointing to the value.
|
||
#
|
||
# $puppet_server_implementation:: Puppet master implementation, either "master" (traditional
|
||
# Ruby) or "puppetserver" (JVM-based)
|
||
# $reverse_proxy:: Add reverse proxy to the parent
|
||
# type:boolean
|
||
#
|
||
... | ... | |
#
|
||
# $qpid_router_logging_path:: Directory for dispatch router logs
|
||
#
|
||
class capsule (
|
||
$parent_fqdn = $capsule::params::parent_fqdn,
|
||
$certs_tar = $capsule::params::certs_tar,
|
||
$pulp_master = $capsule::params::pulp_master,
|
||
$pulp_admin_password = $capsule::params::pulp_admin_password,
|
||
$pulp_oauth_effective_user = $capsule::params::pulp_oauth_effective_user,
|
||
$pulp_oauth_key = $capsule::params::pulp_oauth_key,
|
||
$pulp_oauth_secret = $capsule::params::pulp_oauth_secret,
|
||
class foreman_proxy_content (
|
||
$parent_fqdn = $foreman_proxy_content::params::parent_fqdn,
|
||
$certs_tar = $foreman_proxy_content::params::certs_tar,
|
||
$pulp_master = $foreman_proxy_content::params::pulp_master,
|
||
$pulp_admin_password = $foreman_proxy_content::params::pulp_admin_password,
|
||
$pulp_oauth_effective_user = $foreman_proxy_content::params::pulp_oauth_effective_user,
|
||
$pulp_oauth_key = $foreman_proxy_content::params::pulp_oauth_key,
|
||
$pulp_oauth_secret = $foreman_proxy_content::params::pulp_oauth_secret,
|
||
|
||
$puppet = $capsule::params::puppet,
|
||
$puppet_ca_proxy = $capsule::params::puppet_ca_proxy,
|
||
$puppet = $foreman_proxy_content::params::puppet,
|
||
$puppet_ca_proxy = $foreman_proxy_content::params::puppet_ca_proxy,
|
||
$puppet_server_implementation = undef,
|
||
|
||
$reverse_proxy = $capsule::params::reverse_proxy,
|
||
$reverse_proxy_port = $capsule::params::reverse_proxy_port,
|
||
$reverse_proxy = $foreman_proxy_content::params::reverse_proxy,
|
||
$reverse_proxy_port = $foreman_proxy_content::params::reverse_proxy_port,
|
||
|
||
$rhsm_url = $capsule::params::rhsm_url,
|
||
$rhsm_url = $foreman_proxy_content::params::rhsm_url,
|
||
|
||
$qpid_router = $capsule::params::qpid_router,
|
||
$qpid_router_hub_addr = $capsule::params::qpid_router_hub_addr,
|
||
$qpid_router_hub_port = $capsule::params::qpid_router_hub_port,
|
||
$qpid_router_agent_addr = $capsule::params::qpid_router_agent_addr,
|
||
$qpid_router_agent_port = $capsule::params::qpid_router_agent_port,
|
||
$qpid_router_broker_addr = $capsule::params::qpid_router_broker_addr,
|
||
$qpid_router_broker_port = $capsule::params::qpid_router_broker_port,
|
||
$qpid_router_logging_level = $capsule::params::qpid_router_logging_level,
|
||
$qpid_router_logging_path = $capsule::params::qpid_router_logging_path,
|
||
$enable_ostree = $capsule::params::enable_ostree,
|
||
) inherits capsule::params {
|
||
$qpid_router = $foreman_proxy_content::params::qpid_router,
|
||
$qpid_router_hub_addr = $foreman_proxy_content::params::qpid_router_hub_addr,
|
||
$qpid_router_hub_port = $foreman_proxy_content::params::qpid_router_hub_port,
|
||
$qpid_router_agent_addr = $foreman_proxy_content::params::qpid_router_agent_addr,
|
||
$qpid_router_agent_port = $foreman_proxy_content::params::qpid_router_agent_port,
|
||
$qpid_router_broker_addr = $foreman_proxy_content::params::qpid_router_broker_addr,
|
||
$qpid_router_broker_port = $foreman_proxy_content::params::qpid_router_broker_port,
|
||
$qpid_router_logging_level = $foreman_proxy_content::params::qpid_router_logging_level,
|
||
$qpid_router_logging_path = $foreman_proxy_content::params::qpid_router_logging_path,
|
||
$enable_ostree = $foreman_proxy_content::params::enable_ostree,
|
||
) inherits foreman_proxy_content::params {
|
||
validate_bool($enable_ostree)
|
||
|
||
include ::certs
|
||
include ::foreman_proxy
|
||
include ::foreman_proxy::plugin::pulp
|
||
|
||
validate_present($capsule::parent_fqdn)
|
||
validate_absolute_path($capsule::qpid_router_logging_path)
|
||
validate_present($foreman_proxy_content::parent_fqdn)
|
||
validate_absolute_path($foreman_proxy_content::qpid_router_logging_path)
|
||
|
||
$pulp = $::foreman_proxy::plugin::pulp::pulpnode_enabled
|
||
if $pulp {
|
||
validate_present($pulp_oauth_secret)
|
||
}
|
||
|
||
$capsule_fqdn = $::fqdn
|
||
$foreman_proxy_fqdn = $::fqdn
|
||
$foreman_url = "https://${parent_fqdn}"
|
||
$reverse_proxy_real = $pulp or $reverse_proxy
|
||
|
||
... | ... | |
}
|
||
|
||
class { '::certs::foreman_proxy':
|
||
hostname => $capsule_fqdn,
|
||
hostname => $foreman_proxy_fqdn,
|
||
require => Package['foreman-proxy'],
|
||
before => Service['foreman-proxy'],
|
||
} ~>
|
||
class { '::certs::katello':
|
||
deployment_url => $capsule::rhsm_url,
|
||
rhsm_port => $capsule::rhsm_port,
|
||
deployment_url => $foreman_proxy_content::rhsm_url,
|
||
rhsm_port => $foreman_proxy_content::rhsm_port,
|
||
}
|
||
|
||
if $pulp or $reverse_proxy_real {
|
||
class { '::certs::apache':
|
||
hostname => $capsule_fqdn,
|
||
hostname => $foreman_proxy_fqdn,
|
||
} ~>
|
||
Class['certs::foreman_proxy'] ~>
|
||
class { '::capsule::reverse_proxy':
|
||
class { '::foreman_proxy_content::reverse_proxy':
|
||
path => '/',
|
||
url => "${foreman_url}/",
|
||
port => $capsule::reverse_proxy_port,
|
||
port => $foreman_proxy_content::reverse_proxy_port,
|
||
}
|
||
}
|
||
|
||
if $pulp_master or $pulp {
|
||
if $qpid_router {
|
||
class { '::capsule::dispatch_router':
|
||
class { '::foreman_proxy_content::dispatch_router':
|
||
require => Class['pulp'],
|
||
}
|
||
}
|
||
... | ... | |
|
||
file {'/etc/httpd/conf.d/pulp_nodes.conf':
|
||
ensure => file,
|
||
content => template('capsule/pulp_nodes.conf.erb'),
|
||
content => template('foreman_proxy_content/pulp_nodes.conf.erb'),
|
||
owner => 'root',
|
||
group => 'root',
|
||
mode => '0644',
|
||
}
|
||
|
||
apache::vhost { 'capsule':
|
||
servername => $capsule_fqdn,
|
||
apache::vhost { 'foreman_proxy_content':
|
||
servername => $foreman_proxy_fqdn,
|
||
port => 80,
|
||
priority => '05',
|
||
docroot => '/var/www/html',
|
||
options => ['SymLinksIfOwnerMatch'],
|
||
custom_fragment => template('capsule/_pulp_includes.erb', 'capsule/httpd_pub.erb'),
|
||
custom_fragment => template('foreman_proxy_content/_pulp_includes.erb', 'foreman_proxy_content/httpd_pub.erb'),
|
||
}
|
||
|
||
class { '::certs::qpid': } ~>
|
||
... | ... | |
messaging_auth_enabled => false,
|
||
messaging_ca_cert => $certs::ca_cert,
|
||
messaging_client_cert => $certs::params::messaging_client_cert,
|
||
messaging_url => "ssl://${capsule_fqdn}:5671",
|
||
messaging_url => "ssl://${foreman_proxy_fqdn}:5671",
|
||
broker_url => "qpid://${qpid_router_broker_addr}:${qpid_router_broker_port}",
|
||
broker_use_ssl => true,
|
||
manage_broker => false,
|
||
... | ... | |
}
|
||
|
||
pulp::apache::fragment{'gpg_key_proxy':
|
||
ssl_content => template('capsule/_pulp_gpg_proxy.erb'),
|
||
ssl_content => template('foreman_proxy_content/_pulp_gpg_proxy.erb'),
|
||
}
|
||
}
|
||
|
||
if $puppet {
|
||
class { '::certs::puppet':
|
||
hostname => $capsule_fqdn,
|
||
hostname => $foreman_proxy_fqdn,
|
||
} ~>
|
||
class { '::puppet':
|
||
server => true,
|
||
... | ... | |
}
|
||
|
||
if $certs_tar {
|
||
certs::tar_extract { $capsule::certs_tar: } -> Class['certs']
|
||
certs::tar_extract { $foreman_proxy_content::certs_tar: } -> Class['certs']
|
||
Certs::Tar_extract[$certs_tar] -> Class['certs::foreman_proxy']
|
||
|
||
if $reverse_proxy_real or $pulp {
|
manifests/params.pp | ||
---|---|---|
# Default params for capsule settings
|
||
class capsule::params {
|
||
# Default params for foreman_proxy_content settings
|
||
class foreman_proxy_content::params {
|
||
|
||
# when not specified, we expect all in one installation
|
||
$parent_fqdn = $::fqdn
|
manifests/reverse_proxy.pp | ||
---|---|---|
#Adds http reverse-proxy to parent conf
|
||
class capsule::reverse_proxy (
|
||
class foreman_proxy_content::reverse_proxy (
|
||
|
||
$path = '/',
|
||
$url = "https://${capsule::parent_fqdn}/",
|
||
$port = $capsule::params::reverse_proxy_port
|
||
$url = "https://${foreman_proxy_content::parent_fqdn}/",
|
||
$port = $foreman_proxy_content::params::reverse_proxy_port
|
||
|
||
) {
|
||
|
||
... | ... | |
|
||
Class['certs::foreman_proxy'] ~>
|
||
apache::vhost { 'katello-reverse-proxy':
|
||
servername => $capsule::capsule_fqdn,
|
||
servername => $foreman_proxy_content::foreman_proxy_fqdn,
|
||
port => $port,
|
||
docroot => '/var/www/',
|
||
priority => '28',
|
metadata.json | ||
---|---|---|
{
|
||
"name": "katello-capsule",
|
||
"version": "4.0.0",
|
||
"name": "katello-foreman_proxy_content",
|
||
"version": "1.0.0",
|
||
"author": "Katello",
|
||
"summary": "Deploys and manages a Capsule",
|
||
"summary": "Deploys and manages a Foreman proxy server with content",
|
||
"license": "GPL-3.0+",
|
||
"source": "https://github.com/Katello/puppet-capsule.git",
|
||
"project_page": "https://github.com/Katello/puppet-capsule",
|
||
"source": "https://github.com/Katello/puppet-foreman_proxy_content.git",
|
||
"project_page": "https://github.com/Katello/puppet-foreman_proxy_content",
|
||
"issues_url": "http://projects.theforeman.org/projects/katello/issues",
|
||
"dependencies": [
|
||
{
|
spec/classes/capsule_spec.rb | ||
---|---|---|
require 'spec_helper'
|
||
|
||
describe 'capsule' do
|
||
on_supported_os.each do |os, facts|
|
||
context "on #{os}" do
|
||
let(:facts) { facts }
|
||
|
||
let :pre_condition do
|
||
"include foreman_proxy"
|
||
end
|
||
|
||
|
||
it { should contain_package('katello-debug') }
|
||
it { should contain_package('katello-client-bootstrap') }
|
||
|
||
context 'with pulp' do
|
||
let(:params) do
|
||
{
|
||
:pulp_oauth_secret => 'mysecret',
|
||
:qpid_router => false
|
||
}
|
||
end
|
||
|
||
let(:pre_condition) do
|
||
"include foreman_proxy
|
||
class {'foreman_proxy::plugin::pulp': pulpnode_enabled => true}
|
||
class {'apache': apache_version => '2.4'}"
|
||
end
|
||
|
||
it { should contain_class('pulp').with(:oauth_secret => 'mysecret') }
|
||
it { should_not contain_class('capsule::dispatch_router') }
|
||
|
||
it { should contain_pulp__apache__fragment('gpg_key_proxy').with({
|
||
:ssl_content => %r{ProxyPass /katello/api/repositories/}} ) }
|
||
end
|
||
end
|
||
end
|
||
end
|
spec/classes/foreman_proxy_content_spec.rb | ||
---|---|---|
require 'spec_helper'
|
||
|
||
describe 'foreman_proxy_content' do
|
||
on_supported_os.each do |os, facts|
|
||
context "on #{os}" do
|
||
let(:facts) { facts }
|
||
|
||
let :pre_condition do
|
||
"include foreman_proxy"
|
||
end
|
||
|
||
|
||
it { should contain_package('katello-debug') }
|
||
it { should contain_package('katello-client-bootstrap') }
|
||
|
||
context 'with pulp' do
|
||
let(:params) do
|
||
{
|
||
:pulp_oauth_secret => 'mysecret',
|
||
:qpid_router => false
|
||
}
|
||
end
|
||
|
||
let(:pre_condition) do
|
||
"include foreman_proxy
|
||
class {'foreman_proxy::plugin::pulp': pulpnode_enabled => true}
|
||
class {'apache': apache_version => '2.4'}"
|
||
end
|
||
|
||
it { should contain_class('pulp').with(:oauth_secret => 'mysecret') }
|
||
it { should_not contain_class('foreman_proxy_content::dispatch_router') }
|
||
|
||
it { should contain_pulp__apache__fragment('gpg_key_proxy').with({
|
||
:ssl_content => %r{ProxyPass /katello/api/repositories/}} ) }
|
||
end
|
||
end
|
||
end
|
||
end
|
Also available in: Unified diff
refs #17366 - rename to puppet-foreman_proxy_content (#106)