Capsule related certs settings

[iNecas]

Generate certs and configure certificates for capsule related stuff
(smart-proxy, pulp node etc).

[ehelms]

Just to clarify my understanding, this is a username coming from the application itself?

[iNecas]

Yes, this are the credentials needed to creating the certificates repositories in Katello and uploading the cert packages

[ehelms]

This looks like we should add an explicit include ::foreman to ensure that the Foreman class is loaded by the time it reaches this manifest.

[iNecas]

include ::foreman will not help you here, as it needs to be not just included, but also initialized: the include doesn't make $::foreman::user to be set. Actually, it would cause more troubles, as it would use the defaults, instead the real params for foreman module, that would work for base cases, but start failing if you actually would change same foreman params. That's the reason why there is order setting for kafo, to define the right order of initializing of the classes

[ehelms]

Fair enough. My only worry with this being required by one class but ordering ensured by kafo is that it will be easy but not obvious that there is a required ordering. And further, ensuring that that isn't broken.

[iNecas]

The only other solution I can think of is having one entry-point class, that would make sure the ordering is right (something the capsule module does), but it has downsides of having to maintain the list of parameters twice: one in the entry class and one in the sub-classes. Therefore, letting kafo to deal with that is better from maintainability POV (not saying it's ideal)

[ehelms]

Sounds reasonable given the alternative - ACK