Project

General

Profile

« Previous | Next » 

Revision d8207ebd

Added by Stephen Benjamin over 7 years ago

refs #17366 - rename to puppet-foreman_proxy_content (#106)

  • refs #17366 - rename to puppet-foreman_proxy_content

View differences:

.fixtures.yml
trusted_ca: "git://github.com/evenup/evenup-trusted_ca.git"
squid3: "git://github.com/thias/puppet-squid3.git"
symlinks:
capsule: "#{source_dir}"
foreman_proxy_content: "#{source_dir}"
README.md
[![Puppet Forge](http://img.shields.io/puppetforge/v/katello/capsule.svg)](https://forge.puppetlabs.com/katello/capsule)
[![Build Status](https://travis-ci.org/Katello/puppet-capsule.svg?branch=master)](https://travis-ci.org/Katello/puppet-capsule)
[![Puppet Forge](http://img.shields.io/puppetforge/v/katello/foreman_proxy_content.svg)](https://forge.puppetlabs.com/katello/foreman_proxy_content)
[![Build Status](https://travis-ci.org/Katello/puppet-foreman_proxy_content.svg?branch=master)](https://travis-ci.org/Katello/puppet-foreman_proxy_content)
####Table of Contents
1. [Overview](#overview)
2. [Setup - The basics of getting started with capsule](#setup)
* [What capsule affects](#what-capsule-affects)
2. [Setup - The basics of getting started with foreman_proxy_content](#setup)
* [What foreman_proxy_content affects](#what-foreman_proxy_content-affects)
* [Setup requirements](#setup-requirements)
* [Beginning with capsule](#beginning-with-capsule)
* [Beginning with foreman_proxy_content](#beginning-with-foreman_proxy_content)
3. [Usage - Configuration options and additional functionality](#usage)
4. [Reference - An under-the-hood peek at what the module is doing and how](#reference)
5. [Limitations - OS compatibility, etc.](#limitations)
......
##Overview
This module is designed to setup a Capsule server.
This module is designed to configure a Foreman proxy server for Katello content features.
##Setup
###What capsule affects
###What foreman_proxy_content affects
* Installs and configures Capsule
* Installs and configures content-related features on a foreman proxy
###Beginning with capsule
###Beginning with foreman_proxy_content
The very basic steps needed for a user to get the module up and running.
......
##Limitations
* EL6 (RHEL6 / CentOS 6)
* EL7 (RHEL7 / CentOS 7)
##Development
manifests/dispatch_router.pp
# == Class: capsule::dispatch_router
# == Class: foreman_proxy_content::dispatch_router
#
# Install and configure Qpid Dispatch Router
#
class capsule::dispatch_router (
class foreman_proxy_content::dispatch_router (
) {
class { '::qpid::router': }
......
# Listen for katello-agent clients
qpid::router::listener { 'clients':
addr => $capsule::qpid_router_agent_addr,
port => $capsule::qpid_router_agent_port,
addr => $foreman_proxy_content::qpid_router_agent_addr,
port => $foreman_proxy_content::qpid_router_agent_port,
ssl_profile => 'server',
}
# Enable logging for dispatch router
file { $capsule::qpid_router_logging_path:
file { $foreman_proxy_content::qpid_router_logging_path:
ensure => directory,
owner => 'qdrouterd',
} ~>
qpid::router::log { 'logging':
level => $capsule::qpid_router_logging_level,
output => "${capsule::qpid_router_logging_path}/qdrouterd.log",
level => $foreman_proxy_content::qpid_router_logging_level,
output => "${foreman_proxy_content::qpid_router_logging_path}/qdrouterd.log",
}
# Act as hub if pulp master, otherwise connect to hub
if $capsule::pulp_master {
if $foreman_proxy_content::pulp_master {
qpid::router::listener {'hub':
addr => $capsule::qpid_router_hub_addr,
port => $capsule::qpid_router_hub_port,
addr => $foreman_proxy_content::qpid_router_hub_addr,
port => $foreman_proxy_content::qpid_router_hub_port,
role => 'inter-router',
ssl_profile => 'server',
}
# Connect dispatch router to the local qpid
qpid::router::connector { 'broker':
addr => $capsule::qpid_router_broker_addr,
port => $capsule::qpid_router_broker_port,
addr => $foreman_proxy_content::qpid_router_broker_addr,
port => $foreman_proxy_content::qpid_router_broker_port,
ssl_profile => 'client',
role => 'on-demand',
idle_timeout => 0,
......
}
} else {
qpid::router::connector { 'hub':
addr => $capsule::parent_fqdn,
port => $capsule::qpid_router_hub_port,
addr => $foreman_proxy_content::parent_fqdn,
port => $foreman_proxy_content::qpid_router_hub_port,
ssl_profile => 'client',
role => 'inter-router',
idle_timeout => 0,
manifests/init.pp
# == Class: capsule
# == Class: foreman_proxy_content
#
# Configure a Katello capsule
# Configure content for foreman proxy for use by katello
#
# === Parameters:
#
......
# $puppet:: Use puppet
# type:boolean
#
# $puppet_ca_proxy:: The actual server that handles puppet CA.
# Setting this to anything non-empty causes
# the apache vhost to set up a proxy for all
# certificates pointing to the value.
#
# $puppet_server_implementation:: Puppet master implementation, either "master" (traditional
# Ruby) or "puppetserver" (JVM-based)
#
# === Advanced parameters:
#
# $pulp_master:: Whether the capsule should be identified as a pulp master server
# $pulp_master:: Whether the foreman_proxy_content should be identified as a pulp master server
# type:boolean
#
# $pulp_admin_password:: Password for the Pulp admin user. It should be left blank so that a random password is generated
......
#
# $pulp_oauth_secret:: OAuth secret to be used for Pulp REST interaction
#
# $puppet_ca_proxy:: The actual server that handles puppet CA.
# Setting this to anything non-empty causes
# the apache vhost to set up a proxy for all
# certificates pointing to the value.
#
# $puppet_server_implementation:: Puppet master implementation, either "master" (traditional
# Ruby) or "puppetserver" (JVM-based)
# $reverse_proxy:: Add reverse proxy to the parent
# type:boolean
#
......
#
# $qpid_router_logging_path:: Directory for dispatch router logs
#
class capsule (
$parent_fqdn = $capsule::params::parent_fqdn,
$certs_tar = $capsule::params::certs_tar,
$pulp_master = $capsule::params::pulp_master,
$pulp_admin_password = $capsule::params::pulp_admin_password,
$pulp_oauth_effective_user = $capsule::params::pulp_oauth_effective_user,
$pulp_oauth_key = $capsule::params::pulp_oauth_key,
$pulp_oauth_secret = $capsule::params::pulp_oauth_secret,
class foreman_proxy_content (
$parent_fqdn = $foreman_proxy_content::params::parent_fqdn,
$certs_tar = $foreman_proxy_content::params::certs_tar,
$pulp_master = $foreman_proxy_content::params::pulp_master,
$pulp_admin_password = $foreman_proxy_content::params::pulp_admin_password,
$pulp_oauth_effective_user = $foreman_proxy_content::params::pulp_oauth_effective_user,
$pulp_oauth_key = $foreman_proxy_content::params::pulp_oauth_key,
$pulp_oauth_secret = $foreman_proxy_content::params::pulp_oauth_secret,
$puppet = $capsule::params::puppet,
$puppet_ca_proxy = $capsule::params::puppet_ca_proxy,
$puppet = $foreman_proxy_content::params::puppet,
$puppet_ca_proxy = $foreman_proxy_content::params::puppet_ca_proxy,
$puppet_server_implementation = undef,
$reverse_proxy = $capsule::params::reverse_proxy,
$reverse_proxy_port = $capsule::params::reverse_proxy_port,
$reverse_proxy = $foreman_proxy_content::params::reverse_proxy,
$reverse_proxy_port = $foreman_proxy_content::params::reverse_proxy_port,
$rhsm_url = $capsule::params::rhsm_url,
$rhsm_url = $foreman_proxy_content::params::rhsm_url,
$qpid_router = $capsule::params::qpid_router,
$qpid_router_hub_addr = $capsule::params::qpid_router_hub_addr,
$qpid_router_hub_port = $capsule::params::qpid_router_hub_port,
$qpid_router_agent_addr = $capsule::params::qpid_router_agent_addr,
$qpid_router_agent_port = $capsule::params::qpid_router_agent_port,
$qpid_router_broker_addr = $capsule::params::qpid_router_broker_addr,
$qpid_router_broker_port = $capsule::params::qpid_router_broker_port,
$qpid_router_logging_level = $capsule::params::qpid_router_logging_level,
$qpid_router_logging_path = $capsule::params::qpid_router_logging_path,
$enable_ostree = $capsule::params::enable_ostree,
) inherits capsule::params {
$qpid_router = $foreman_proxy_content::params::qpid_router,
$qpid_router_hub_addr = $foreman_proxy_content::params::qpid_router_hub_addr,
$qpid_router_hub_port = $foreman_proxy_content::params::qpid_router_hub_port,
$qpid_router_agent_addr = $foreman_proxy_content::params::qpid_router_agent_addr,
$qpid_router_agent_port = $foreman_proxy_content::params::qpid_router_agent_port,
$qpid_router_broker_addr = $foreman_proxy_content::params::qpid_router_broker_addr,
$qpid_router_broker_port = $foreman_proxy_content::params::qpid_router_broker_port,
$qpid_router_logging_level = $foreman_proxy_content::params::qpid_router_logging_level,
$qpid_router_logging_path = $foreman_proxy_content::params::qpid_router_logging_path,
$enable_ostree = $foreman_proxy_content::params::enable_ostree,
) inherits foreman_proxy_content::params {
validate_bool($enable_ostree)
include ::certs
include ::foreman_proxy
include ::foreman_proxy::plugin::pulp
validate_present($capsule::parent_fqdn)
validate_absolute_path($capsule::qpid_router_logging_path)
validate_present($foreman_proxy_content::parent_fqdn)
validate_absolute_path($foreman_proxy_content::qpid_router_logging_path)
$pulp = $::foreman_proxy::plugin::pulp::pulpnode_enabled
if $pulp {
validate_present($pulp_oauth_secret)
}
$capsule_fqdn = $::fqdn
$foreman_proxy_fqdn = $::fqdn
$foreman_url = "https://${parent_fqdn}"
$reverse_proxy_real = $pulp or $reverse_proxy
......
}
class { '::certs::foreman_proxy':
hostname => $capsule_fqdn,
hostname => $foreman_proxy_fqdn,
require => Package['foreman-proxy'],
before => Service['foreman-proxy'],
} ~>
class { '::certs::katello':
deployment_url => $capsule::rhsm_url,
rhsm_port => $capsule::rhsm_port,
deployment_url => $foreman_proxy_content::rhsm_url,
rhsm_port => $foreman_proxy_content::rhsm_port,
}
if $pulp or $reverse_proxy_real {
class { '::certs::apache':
hostname => $capsule_fqdn,
hostname => $foreman_proxy_fqdn,
} ~>
Class['certs::foreman_proxy'] ~>
class { '::capsule::reverse_proxy':
class { '::foreman_proxy_content::reverse_proxy':
path => '/',
url => "${foreman_url}/",
port => $capsule::reverse_proxy_port,
port => $foreman_proxy_content::reverse_proxy_port,
}
}
if $pulp_master or $pulp {
if $qpid_router {
class { '::capsule::dispatch_router':
class { '::foreman_proxy_content::dispatch_router':
require => Class['pulp'],
}
}
......
file {'/etc/httpd/conf.d/pulp_nodes.conf':
ensure => file,
content => template('capsule/pulp_nodes.conf.erb'),
content => template('foreman_proxy_content/pulp_nodes.conf.erb'),
owner => 'root',
group => 'root',
mode => '0644',
}
apache::vhost { 'capsule':
servername => $capsule_fqdn,
apache::vhost { 'foreman_proxy_content':
servername => $foreman_proxy_fqdn,
port => 80,
priority => '05',
docroot => '/var/www/html',
options => ['SymLinksIfOwnerMatch'],
custom_fragment => template('capsule/_pulp_includes.erb', 'capsule/httpd_pub.erb'),
custom_fragment => template('foreman_proxy_content/_pulp_includes.erb', 'foreman_proxy_content/httpd_pub.erb'),
}
class { '::certs::qpid': } ~>
......
messaging_auth_enabled => false,
messaging_ca_cert => $certs::ca_cert,
messaging_client_cert => $certs::params::messaging_client_cert,
messaging_url => "ssl://${capsule_fqdn}:5671",
messaging_url => "ssl://${foreman_proxy_fqdn}:5671",
broker_url => "qpid://${qpid_router_broker_addr}:${qpid_router_broker_port}",
broker_use_ssl => true,
manage_broker => false,
......
}
pulp::apache::fragment{'gpg_key_proxy':
ssl_content => template('capsule/_pulp_gpg_proxy.erb'),
ssl_content => template('foreman_proxy_content/_pulp_gpg_proxy.erb'),
}
}
if $puppet {
class { '::certs::puppet':
hostname => $capsule_fqdn,
hostname => $foreman_proxy_fqdn,
} ~>
class { '::puppet':
server => true,
......
}
if $certs_tar {
certs::tar_extract { $capsule::certs_tar: } -> Class['certs']
certs::tar_extract { $foreman_proxy_content::certs_tar: } -> Class['certs']
Certs::Tar_extract[$certs_tar] -> Class['certs::foreman_proxy']
if $reverse_proxy_real or $pulp {
manifests/params.pp
# Default params for capsule settings
class capsule::params {
# Default params for foreman_proxy_content settings
class foreman_proxy_content::params {
# when not specified, we expect all in one installation
$parent_fqdn = $::fqdn
manifests/reverse_proxy.pp
#Adds http reverse-proxy to parent conf
class capsule::reverse_proxy (
class foreman_proxy_content::reverse_proxy (
$path = '/',
$url = "https://${capsule::parent_fqdn}/",
$port = $capsule::params::reverse_proxy_port
$url = "https://${foreman_proxy_content::parent_fqdn}/",
$port = $foreman_proxy_content::params::reverse_proxy_port
) {
......
Class['certs::foreman_proxy'] ~>
apache::vhost { 'katello-reverse-proxy':
servername => $capsule::capsule_fqdn,
servername => $foreman_proxy_content::foreman_proxy_fqdn,
port => $port,
docroot => '/var/www/',
priority => '28',
metadata.json
{
"name": "katello-capsule",
"version": "4.0.0",
"name": "katello-foreman_proxy_content",
"version": "1.0.0",
"author": "Katello",
"summary": "Deploys and manages a Capsule",
"summary": "Deploys and manages a Foreman proxy server with content",
"license": "GPL-3.0+",
"source": "https://github.com/Katello/puppet-capsule.git",
"project_page": "https://github.com/Katello/puppet-capsule",
"source": "https://github.com/Katello/puppet-foreman_proxy_content.git",
"project_page": "https://github.com/Katello/puppet-foreman_proxy_content",
"issues_url": "http://projects.theforeman.org/projects/katello/issues",
"dependencies": [
{
spec/classes/capsule_spec.rb
require 'spec_helper'
describe 'capsule' do
on_supported_os.each do |os, facts|
context "on #{os}" do
let(:facts) { facts }
let :pre_condition do
"include foreman_proxy"
end
it { should contain_package('katello-debug') }
it { should contain_package('katello-client-bootstrap') }
context 'with pulp' do
let(:params) do
{
:pulp_oauth_secret => 'mysecret',
:qpid_router => false
}
end
let(:pre_condition) do
"include foreman_proxy
class {'foreman_proxy::plugin::pulp': pulpnode_enabled => true}
class {'apache': apache_version => '2.4'}"
end
it { should contain_class('pulp').with(:oauth_secret => 'mysecret') }
it { should_not contain_class('capsule::dispatch_router') }
it { should contain_pulp__apache__fragment('gpg_key_proxy').with({
:ssl_content => %r{ProxyPass /katello/api/repositories/}} ) }
end
end
end
end
spec/classes/foreman_proxy_content_spec.rb
require 'spec_helper'
describe 'foreman_proxy_content' do
on_supported_os.each do |os, facts|
context "on #{os}" do
let(:facts) { facts }
let :pre_condition do
"include foreman_proxy"
end
it { should contain_package('katello-debug') }
it { should contain_package('katello-client-bootstrap') }
context 'with pulp' do
let(:params) do
{
:pulp_oauth_secret => 'mysecret',
:qpid_router => false
}
end
let(:pre_condition) do
"include foreman_proxy
class {'foreman_proxy::plugin::pulp': pulpnode_enabled => true}
class {'apache': apache_version => '2.4'}"
end
it { should contain_class('pulp').with(:oauth_secret => 'mysecret') }
it { should_not contain_class('foreman_proxy_content::dispatch_router') }
it { should contain_pulp__apache__fragment('gpg_key_proxy').with({
:ssl_content => %r{ProxyPass /katello/api/repositories/}} ) }
end
end
end
end

Also available in: Unified diff