Revision 1277d078
Added by Eric Helms over 8 years ago
| .fixtures.yml | ||
|---|---|---|
|
common: "git://github.com/katello/puppet-common.git"
|
||
|
qpid: "git://github.com/katello/puppet-qpid.git"
|
||
|
candlepin: "git://github.com/katello/puppet-candlepin.git"
|
||
|
gutterball: "git://github.com/katello/puppet-gutterball.git"
|
||
|
pulp:
|
||
|
repo: "git://github.com/katello/puppet-pulp.git"
|
||
|
branch: "0.1-stable"
|
||
|
gutterball: "git://github.com/katello/puppet-gutterball.git"
|
||
|
pulp: "git://github.com/katello/puppet-pulp.git"
|
||
|
elasticsearch: "git://github.com/katello/puppet-elasticsearch.git"
|
||
|
symlinks:
|
||
|
katello: "#{source_dir}"
|
||
| manifests/config.pp | ||
|---|---|---|
|
mode => '0755',
|
||
|
}
|
||
|
|
||
|
file {'/etc/httpd/conf.d/pulp.conf':
|
||
|
ensure => file,
|
||
|
content => template('katello/pulp.conf.erb'),
|
||
|
owner => 'root',
|
||
|
group => 'root',
|
||
|
mode => '0644',
|
||
|
}
|
||
|
|
||
|
}
|
||
| manifests/init.pp | ||
|---|---|---|
|
#
|
||
|
# $config_dir:: Location for Katello config files
|
||
|
#
|
||
|
# $mongodb_path:: Path where mongodb should be stored
|
||
|
#
|
||
|
# $use_passenger:: Whether Katello is being deployed with Passenger
|
||
|
#
|
||
|
# $proxy_url:: URL of the proxy server
|
||
| ... | ... | |
|
|
||
|
$log_dir = $katello::params::log_dir,
|
||
|
$config_dir = $katello::params::config_dir,
|
||
|
$mongodb_path = $katello::params::mongodb_path,
|
||
|
|
||
|
$use_passenger = $katello::params::use_passenger,
|
||
|
|
||
| ... | ... | |
|
ca_cert => $certs::ca_cert_stripped,
|
||
|
keystore_password => $::certs::candlepin::keystore_password,
|
||
|
} ~>
|
||
|
class { '::qpid':
|
||
|
ssl => true,
|
||
|
ssl_cert_db => $::certs::nss_db_dir,
|
||
|
ssl_cert_password_file => $::certs::qpid::nss_db_password_file,
|
||
|
ssl_cert_name => 'broker',
|
||
|
} ~>
|
||
|
class { '::certs::pulp_parent': } ~>
|
||
|
class { '::pulp':
|
||
|
oauth_key => $katello::oauth_key,
|
||
|
oauth_secret => $katello::oauth_secret,
|
||
|
messaging_url => "ssl://${::fqdn}:5671",
|
||
|
qpid_ssl_cert_db => $certs::nss_db_dir,
|
||
|
qpid_ssl_cert_password_file => $certs::qpid::nss_db_password_file,
|
||
|
messaging_ca_cert => $certs::pulp_parent::messaging_ca_cert,
|
||
|
messaging_client_cert => $certs::pulp_parent::messaging_client_cert,
|
||
|
consumers_ca_cert => $certs::ca_cert,
|
||
|
consumers_ca_key => $certs::ca_key,
|
||
|
consumers_crl => $candlepin::crl_file,
|
||
|
proxy_url => $proxy_url,
|
||
|
proxy_port => $proxy_port,
|
||
|
proxy_username => $proxy_username,
|
||
|
proxy_password => $proxy_password,
|
||
|
mongodb_path => $mongodb_path,
|
||
|
ca_cert => $::certs::ca_cert,
|
||
|
ca_key => $::certs::ca_key,
|
||
|
ssl_ca_cert => $::certs::ca_cert,
|
||
|
oauth_enabled => true,
|
||
|
oauth_key => $katello::oauth_key,
|
||
|
oauth_secret => $katello::oauth_secret,
|
||
|
messaging_url => "ssl://${::fqdn}:5671",
|
||
|
messaging_ca_cert => $certs::pulp_parent::messaging_ca_cert,
|
||
|
messaging_client_cert => $certs::pulp_parent::messaging_client_cert,
|
||
|
messaging_transport => 'qpid',
|
||
|
broker_url => "qpid://${::fqdn}:5671",
|
||
|
broker_use_ssl => true,
|
||
|
consumers_crl => $candlepin::crl_file,
|
||
|
proxy_url => $proxy_url,
|
||
|
proxy_port => $proxy_port,
|
||
|
proxy_username => $proxy_username,
|
||
|
proxy_password => $proxy_password,
|
||
|
manage_broker => false,
|
||
|
manage_httpd => false,
|
||
|
} ~>
|
||
|
class { '::qpid::client':
|
||
|
ssl => true,
|
||
| metadata.json | ||
|---|---|---|
|
},
|
||
|
{
|
||
|
"name": "katello-pulp",
|
||
|
"version_requirement": ">= 0.1.0 < 1.0.0"
|
||
|
"version_requirement": ">= 1.0.0 < 2.0.0"
|
||
|
},
|
||
|
{
|
||
|
"name": "katello-elasticsearch",
|
||
| templates/pulp.conf.erb | ||
|---|---|---|
|
#
|
||
|
# WARNING: THIS CONFIGURATION WAS GENERATED BY KATELLO-CONFIGURE TOOL,
|
||
|
# CHANGES WILL LIKELY BE OVERWRITTEN.
|
||
|
#
|
||
|
|
||
|
# Apache configuration file for pulp web services and repositories
|
||
|
|
||
|
AddType application/x-pkcs7-crl .crl
|
||
|
AddType application/x-x509-ca-cert .crt
|
||
|
|
||
|
# Example ssl cert and key files to get you started.
|
||
|
# This MUST match /etc/pulp/pulp.conf [security] 'cacert'.
|
||
|
SSLCACertificateFile <%= scope.lookupvar("::certs::ca_cert") %>
|
||
|
|
||
|
# allow older yum clients to connect, see bz 647828
|
||
|
SSLInsecureRenegotiation on
|
||
|
|
||
|
WSGIProcessGroup pulp
|
||
|
WSGIApplicationGroup pulp
|
||
|
WSGIDaemonProcess pulp user=apache group=apache processes=1 threads=8 display-name=%{GROUP}
|
||
|
|
||
|
# DEBUG - uncomment the next 2 lines to enable debugging
|
||
|
#WSGIRestrictStdin Off
|
||
|
#WSGIRestrictStdout Off
|
||
|
|
||
|
WSGISocketPrefix run/wsgi
|
||
|
WSGIScriptAlias /pulp/api /srv/pulp/webservices.wsgi
|
||
|
WSGIImportScript /srv/pulp/webservices.wsgi process-group=pulp application-group=pulp
|
||
|
|
||
|
<Files webservices.wsgi>
|
||
|
WSGIPassAuthorization On
|
||
|
WSGIProcessGroup pulp
|
||
|
WSGIApplicationGroup pulp
|
||
|
SSLRenegBufferSize 1048576
|
||
|
SSLRequireSSL
|
||
|
SSLVerifyDepth 3
|
||
|
SSLOptions +StdEnvVars +ExportCertData
|
||
|
SSLVerifyClient optional
|
||
|
</Files>
|
||
|
|
||
|
<%- if scope.lookupvar('operatingsystem') == 'Fedora' && scope.lookupvar('operatingsystemrelease') == '18' -%>
|
||
|
<Directory /srv/pulp>
|
||
|
Require all granted
|
||
|
</Directory>
|
||
|
|
||
|
<VirtualHost *:80>
|
||
|
Include /etc/pulp/vhosts80/*.conf
|
||
|
</VirtualHost>
|
||
|
<%- end -%>
|
||
Also available in: Unified diff
Fixes #11609: Use Pulp module 1.0