Revision b2168388
Added by Ivan Necas over 10 years ago
manifests/certs.pp | ||
---|---|---|
# Katello specific certs settings
|
||
class katello::certs {
|
||
|
||
$ssl_build_path = '/root/ssl-build'
|
||
$katello_www_pub_dir = '/var/www/html/pub'
|
||
$candlepin_cert_name = 'candlepin-cert'
|
||
$candlepin_consumer_name = "${candlepin_cert_name}-consumer-${::fqdn}"
|
||
$candlepin_consumer_summary = "Subscription-manager consumer certificate for Katello instance ${::fqdn}"
|
||
$candlepin_consumer_description = 'Consumer certificate and post installation script that configures rhsm.'
|
||
|
||
file { $katello_www_pub_dir:
|
||
ensure => directory,
|
||
owner => 'apache',
|
||
group => 'apache',
|
||
mode => '0755';
|
||
} ->
|
||
file { $ssl_build_path:
|
||
ensure => directory,
|
||
owner => 'root',
|
||
group => 'root',
|
||
mode => '0700';
|
||
} ->
|
||
file { "${ssl_build_path}/rhsm-katello-reconfigure":
|
||
content => template('certs/rhsm-katello-reconfigure.erb'),
|
||
owner => 'root',
|
||
group => 'root',
|
||
mode => '0700',
|
||
} ~>
|
||
exec { 'generate-candlepin-consumer-certificate':
|
||
cwd => $katello_www_pub_dir,
|
||
command => "gen-rpm.sh --name '${candlepin_consumer_name}' --version 1.0 --release 1 --packager None --vendor None --group 'Applications/System' --summary '${candlepin_consumer_summary}' --description '${candlepin_consumer_description}' --requires subscription-manager --post ${ssl_build_path}/rhsm-katello-reconfigure /etc/rhsm/ca/candlepin-local.pem:644=${ssl_build_path}/${candlepin_cert_name}.crt && /sbin/restorecon ./*rpm",
|
||
path => '/usr/share/katello/certs:/usr/bin:/bin',
|
||
creates => "${katello_www_pub_dir}/${candlepin_consumer_name}-1.0-1.noarch.rpm",
|
||
logoutput => 'on_failure';
|
||
} ~>
|
||
file { "${katello_www_pub_dir}/${candlepin_cert_name}-consumer-latest.noarch.rpm":
|
||
ensure => 'link',
|
||
target => "${katello_www_pub_dir}/${candlepin_consumer_name}-1.0-1.noarch.rpm",
|
||
}
|
||
}
|
manifests/config.pp | ||
---|---|---|
# Katello Config
|
||
class katello::config {
|
||
include katello::config::files
|
||
include katello::params
|
||
|
||
# user { $katello::user:
|
||
# ensure => 'present',
|
||
# shell => '/sbin/nologin',
|
||
# comment => 'Katello',
|
||
# gid => $katello::group,
|
||
# require => Class['katello::install'],
|
||
# }
|
||
group { $katello::group:
|
||
ensure => "present"
|
||
} ~>
|
||
|
||
user { $katello::user:
|
||
ensure => 'present',
|
||
shell => '/sbin/nologin',
|
||
comment => 'Katello',
|
||
gid => $katello::group,
|
||
groups => $katello::user_groups,
|
||
}
|
||
|
||
|
||
# this should be required by all classes that need to log there (one of these)
|
||
file {
|
||
"${katello::params::log_base}":
|
||
owner => $katello::params::user,
|
||
group => $katello::params::group,
|
||
mode => 750;
|
||
# this is a symlink when called via katello-configure
|
||
"${katello::params::configure_log_base}":
|
||
owner => $katello::params::user,
|
||
group => $katello::params::group,
|
||
mode => 750;
|
||
}
|
||
|
||
file { '/usr/share/foreman/bundler.d/katello.rb':
|
||
ensure => file,
|
||
owner => $katello::params::user,
|
||
group => $katello::user_groups,
|
||
mode => "0644",
|
||
}
|
||
|
||
# create Rails logs in advance to get correct owners and permissions
|
||
file {[
|
||
"${katello::params::log_base}/production.log",
|
||
"${katello::params::log_base}/production_sql.log",
|
||
"${katello::params::log_base}/production_delayed_jobs.log",
|
||
"${katello::params::log_base}/production_delayed_jobs_sql.log",
|
||
"${katello::params::log_base}/production_orch.log",
|
||
"${katello::params::log_base}/production_delayed_jobs_orch.log"]:
|
||
owner => $katello::params::user,
|
||
group => $katello::params::group,
|
||
content => "",
|
||
replace => false,
|
||
mode => 640,
|
||
}
|
||
|
||
file {
|
||
"${katello::params::config_dir}/katello.yml":
|
||
ensure => file,
|
||
content => template("katello/${katello::params::config_dir}/katello.yml.erb"),
|
||
owner => $katello::params::user,
|
||
group => $katello::user_groups,
|
||
mode => "0644",
|
||
before => [Class['foreman::database'], Exec['foreman-rake-db:migrate']];
|
||
|
||
"/etc/sysconfig/katello":
|
||
content => template("katello/etc/sysconfig/katello.erb"),
|
||
owner => "root",
|
||
group => "root",
|
||
mode => "644";
|
||
|
||
"/etc/katello/client.conf":
|
||
content => template("katello/etc/katello/client.conf.erb"),
|
||
owner => "root",
|
||
group => "root",
|
||
mode => "644";
|
||
}
|
||
|
||
# exec { 'ktmigrate':
|
||
# command => "${foreman::app_root}/extras/dbmigrate",
|
manifests/init.pp | ||
---|---|---|
ensure => 'present'
|
||
}
|
||
|
||
user { $katello::user:
|
||
ensure => 'present',
|
||
shell => '/sbin/nologin',
|
||
comment => 'Katello',
|
||
gid => $katello::group,
|
||
groups => $katello::user_groups,
|
||
require => Class['katello::install'],
|
||
}
|
||
|
||
class { '::certs': generate => true, deploy => true }
|
||
|
||
class { 'apache::certs': } ->
|
||
class { 'katello::install': } ->
|
||
class { 'katello::ktcerts': } -> # TODO: don't include certs class directly from here and renamd ktcerts to certs later
|
||
class { 'katello::config::files': }
|
||
class { 'apache::certs': } ~>
|
||
class { 'katello::install': } ~>
|
||
class { 'katello::certs': } ~>
|
||
class { 'katello::config': } ~>
|
||
Exec['foreman-rake-db:seed']
|
||
|
||
class { 'pulp::parent::certs': } ~>
|
||
class { 'pulp':
|
||
oauth_key => $katello::oauth_key,
|
||
oauth_secret => $katello::oauth_secret,
|
||
} ~>
|
||
class { 'candlepin':
|
||
user_groups => $katello::user_groups,
|
||
oauth_key => $katello::oauth_key,
|
manifests/ktcerts.pp | ||
---|---|---|
# Katello specific certs
|
||
class katello::ktcerts {
|
||
|
||
$ssl_build_path = '/root/ssl-build'
|
||
$katello_www_pub_dir = '/var/www/html/pub'
|
||
$candlepin_cert_name = 'candlepin-cert'
|
||
$candlepin_consumer_name = "${candlepin_cert_name}-consumer-${::fqdn}"
|
||
$candlepin_consumer_summary = "Subscription-manager consumer certificate for Katello instance ${::fqdn}"
|
||
$candlepin_consumer_description = 'Consumer certificate and post installation script that configures rhsm.'
|
||
|
||
file { $katello_www_pub_dir:
|
||
ensure => directory,
|
||
owner => 'apache',
|
||
group => 'apache',
|
||
mode => '0755';
|
||
} ->
|
||
file { $ssl_build_path:
|
||
ensure => directory,
|
||
owner => 'root',
|
||
group => 'root',
|
||
mode => '0700';
|
||
} ->
|
||
file { "${ssl_build_path}/rhsm-katello-reconfigure":
|
||
content => template('certs/rhsm-katello-reconfigure.erb'),
|
||
owner => 'root',
|
||
group => 'root',
|
||
mode => '0700',
|
||
} ~>
|
||
exec { 'generate-candlepin-consumer-certificate':
|
||
cwd => $katello_www_pub_dir,
|
||
command => "gen-rpm.sh --name '${candlepin_consumer_name}' --version 1.0 --release 1 --packager None --vendor None --group 'Applications/System' --summary '${candlepin_consumer_summary}' --description '${candlepin_consumer_description}' --requires subscription-manager --post ${ssl_build_path}/rhsm-katello-reconfigure /etc/rhsm/ca/candlepin-local.pem:644=${ssl_build_path}/${candlepin_cert_name}.crt && /sbin/restorecon ./*rpm",
|
||
path => '/usr/share/katello/certs:/usr/bin:/bin',
|
||
creates => "${katello_www_pub_dir}/${candlepin_consumer_name}-1.0-1.noarch.rpm",
|
||
logoutput => 'on_failure';
|
||
} ~>
|
||
file { "${katello_www_pub_dir}/${candlepin_cert_name}-consumer-latest.noarch.rpm":
|
||
ensure => 'link',
|
||
target => "${katello_www_pub_dir}/${candlepin_consumer_name}-1.0-1.noarch.rpm",
|
||
}
|
||
}
|
Also available in: Unified diff
Resctructure