Skip to content

Commit

Permalink
capsule scenario - initial changes to support installing capsule as a…
Browse files Browse the repository at this point in the history 
… scenario

This change is to enable using the kafo installer to install a
capule as a 'scenario'.  It decouples the module from the puppet-foreman_proxy
as it will be executed as part of the foreman-installer (vs capsule-installer).

The following is an example of the installer command-line using
this puppet module:

foreman-installer --scenario capsule \
                  --capsule-parent-fqdn                 "katello.example.com"\
                  --foreman-proxy-register-in-foreman   "true"\
                  --foreman-proxy-registered-proxy-url  "https://capsule.example.com:9090"\
                  --foreman-proxy-oauth-consumer-key    "QSJ2qCGV3zWyohCJfKxQBDCCjceBiTMy"\
                  --foreman-proxy-oauth-consumer-secret "DGKBJjXWfkyroiyDHNhYAFn9uTnUcJxa"\
                  --foreman-proxy-foreman-base-url      "https://katello.example.com"\
                  --foreman-proxy-trusted-hosts         "katello.example.com"\
                  --foreman-proxy-trusted-hosts         "capsule.example.com"\
                  --capsule-pulp-oauth-secret           "bQ5zUPVd2qVDY987D4VtD6Va9pDj4Y7J"\
                  --capsule-certs-tar                   "~/capsule.example.com-certs.tar"\
                  --capsule-puppet                      "true"\
                  --capsule-puppetca                    "true"\
                  --capsule-pulp                        "true"

Note: The installer currently assumes existing procedures for
certificate generation and installation (via capsule-certs-generate).
This may change; however, it will be done separately.
  • Loading branch information
@bbuckingham
bbuckingham committed Nov 9, 2015
1 parent d7c0a13 commit 1175bf2
Show file tree
Hide file tree
Showing 2 changed files with 44 additions and 362 deletions.
301 changes: 26 additions & 275 deletions manifests/init.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,15 +19,6 @@
#
# $pulp_oauth_secret:: OAuth secret to be used for Pulp REST interaction
#
# $foreman_proxy_port:: SSL port on which foreman proxy will listen
# type:integer
#
# $foreman_proxy_http:: Foreman proxy listen on HTTP
# type:boolean
#
# $foreman_proxy_http_port:: HTTP port on which foreman proxy will listen
# type:integer
#
# $puppet:: Use puppet
# type:boolean
#
Expand All @@ -39,121 +30,13 @@
# the apache vhost to set up a proxy for all
# certificates pointing to the value.
#
# $remote_execution_ssh:: Enable remote execution SSH plugin
#
# $remote_execution_ssh_generate_keys:: Automatically generate SSH keys or not
#
# $remote_execution_ssh_identity_dir:: Directory where SSH keys are stored
#
# $remote_execution_ssh_identity_file:: Location of SSH key
#
# $reverse_proxy:: Add reverse proxy to the parent
# type:boolean
#
# $reverse_proxy_port:: reverse proxy listening port
#
# $tftp:: Use TFTP
# type:boolean
#
# $tftp_syslinux_root:: Directory that hold syslinux files
#
# $tftp_syslinux_files:: Syslinux files to install on TFTP (copied from $tftp_syslinux_root)
# type:array
#
# $tftp_root:: TFTP root directory
#
# $tftp_dirs:: Directories to be create in $tftp_root
# type:array
#
# $tftp_servername:: Defines the TFTP server name to use, overrides the name in the subnet declaration
#
# $bmc:: Enable BMC feature
# type:boolean
#
# $bmc_default_provider:: BMC default provider.
#
# $dhcp:: Use DHCP
# type:boolean
#
# $dhcp_listen_on:: DHCP proxy to listen on https, http, or both
#
# $dhcp_option_domain:: DHCP config option domain-name
# type: array
#
# $dhcp_managed:: DHCP is managed by Foreman proxy
# type:boolean
#
# $dhcp_interface:: DHCP listen interface
#
# $dhcp_gateway:: DHCP pool gateway
#
# $dhcp_range:: Space-separated DHCP pool range
#
# $dhcp_nameservers:: DHCP nameservers
#
# $dhcp_vendor:: DHCP vendor
#
# $dhcp_config:: DHCP config file path
#
# $dhcp_leases:: DHCP leases file
#
# $dhcp_key_name:: DHCP key name
#
# $dhcp_key_secret:: DHCP password
#
# $dns:: Use DNS
# type:boolean
#
# $dns_managed:: DNS is managed by Foreman proxy
# type:boolean
#
# $dns_provider:: DNS provider
#
# $dns_zone:: DNS zone name
#
# $dns_reverse:: DNS reverse zone name
#
# $dns_interface:: DNS interface
#
# $dns_server:: Address of DNS server to manage
#
# $dns_ttl:: DNS default TTL override
#
# $dns_tsig_keytab:: Kerberos keytab for DNS updates using GSS-TSIG authentication
#
# $dns_tsig_principal:: Kerberos principal for DNS updates using GSS-TSIG authentication
#
# $dns_forwarders:: DNS forwarders
# type:array
#
# $virsh_network:: Network for virsh DNS/DHCP provider
#
# $realm:: Use realm management
# type:boolean
#
# $realm_provider:: Realm management provider
#
# $realm_keytab:: Kerberos keytab path to authenticate realm updates
#
# $realm_principal:: Kerberos principal for realm updates
#
# $freeipa_remove_dns:: Remove DNS entries from FreeIPA when deleting hosts from realm
# type:boolean
#
# $register_in_foreman:: Register proxy back in Foreman
# type:boolean
#
# $foreman_oauth_effective_user:: User to be used for Foreman REST interaction
#
# $foreman_oauth_key:: OAuth key to be used for Foreman REST interaction
#
# $foreman_oauth_secret:: OAuth secret to be used for Foreman REST interaction
#
# $rhsm_url:: The URL that the RHSM API is rooted at
#
# $templates:: Enable templates proxying feature
# type:boolean
#
# $qpid_router:: Configure qpid dispatch router
# type:boolean
#
Expand All @@ -170,91 +53,31 @@
# $qpid_router_broker_port:: Port of qpidd broker to connect to
#
class capsule (
$parent_fqdn = $capsule::params::parent_fqdn,
$certs_tar = $capsule::params::certs_tar,
$pulp = $capsule::params::pulp,
$pulp_master = $capsule::params::pulp_master,
$pulp_admin_password = $capsule::params::pulp_admin_password,
$pulp_oauth_effective_user = $capsule::params::pulp_oauth_effective_user,
$pulp_oauth_key = $capsule::params::pulp_oauth_key,
$pulp_oauth_secret = $capsule::params::pulp_oauth_secret,

$foreman_proxy_port = $capsule::params::foreman_proxy_port,
$foreman_proxy_http = $capsule::params::foreman_proxy_http,
$foreman_proxy_http_port = $capsule::params::foreman_proxy_http_port,

$puppet = $capsule::params::puppet,
$puppetca = $capsule::params::puppetca,
$puppet_ca_proxy = $capsule::params::puppet_ca_proxy,

$remote_execution_ssh = $capsule::params::remote_execution_ssh,
$remote_execution_ssh_generate_keys = $capsule::params::remote_execution_ssh_generate_keys,
$remote_execution_ssh_identity_dir = $capsule::params::remote_execution_ssh_identity_dir,
$remote_execution_ssh_identity_file = $capsule::params::remote_execution_ssh_identity_file,

$reverse_proxy = $capsule::params::reverse_proxy,
$reverse_proxy_port = $capsule::params::reverse_proxy_port,

$tftp = $capsule::params::tftp,
$tftp_syslinux_root = $capsule::params::tftp_syslinux_root,
$tftp_syslinux_files = $capsule::params::tftp_syslinux_files,
$tftp_root = $capsule::params::tftp_root,
$tftp_dirs = $capsule::params::tftp_dirs,
$tftp_servername = $capsule::params::tftp_servername,

$bmc = $capsule::params::bmc,
$bmc_default_provider = $capsule::params::bmc_default_provider,

$dhcp = $capsule::params::dhcp,
$dhcp_listen_on = $capsule::params::dhcp_listen_on,
$dhcp_option_domain = $capsule::params::dhcp_option_domain,
$dhcp_managed = $capsule::params::dhcp_managed,
$dhcp_interface = $capsule::params::dhcp_interface,
$dhcp_gateway = $capsule::params::dhcp_gateway,
$dhcp_range = $capsule::params::dhcp_range,
$dhcp_nameservers = $capsule::params::dhcp_nameservers,
$dhcp_vendor = $capsule::params::dhcp_vendor,
$dhcp_config = $capsule::params::dhcp_config,
$dhcp_leases = $capsule::params::dhcp_leases,
$dhcp_key_name = $capsule::params::dhcp_key_name,
$dhcp_key_secret = $capsule::params::dhcp_key_secret,

$dns = $capsule::params::dns,
$dns_managed = $capsule::params::dns_managed,
$dns_provider = $capsule::params::dns_provider,
$dns_zone = $capsule::params::dns_zone,
$dns_reverse = $capsule::params::dns_reverse,
$dns_interface = $capsule::params::dns_interface,
$dns_server = $capsule::params::dns_server,
$dns_ttl = $capsule::params::dns_ttl,
$dns_tsig_keytab = $capsule::params::dns_tsig_keytab,
$dns_tsig_principal = $capsule::params::dns_tsig_principal,
$dns_forwarders = $capsule::params::dns_forwarders,

$virsh_network = $capsule::params::virsh_network,

$realm = $capsule::params::realm,
$realm_provider = $capsule::params::realm_provider,
$realm_keytab = $capsule::params::realm_keytab,
$realm_principal = $capsule::params::realm_principal,
$freeipa_remove_dns = $capsule::params::freeipa_remove_dns,

$register_in_foreman = $capsule::params::register_in_foreman,
$foreman_oauth_effective_user = $capsule::params::foreman_oauth_effective_user,
$foreman_oauth_key = $capsule::params::foreman_oauth_key,
$foreman_oauth_secret = $capsule::params::foreman_oauth_secret,

$rhsm_url = $capsule::params::rhsm_url,

$templates = $capsule::params::templates,

$qpid_router = $capsule::params::qpid_router,
$qpid_router_hub_addr = $capsule::params::qpid_router_hub_addr,
$qpid_router_hub_port = $capsule::params::qpid_router_hub_port,
$qpid_router_agent_addr = $capsule::params::qpid_router_agent_addr,
$qpid_router_agent_port = $capsule::params::qpid_router_agent_port,
$qpid_router_broker_addr = $capsule::params::qpid_router_broker_addr,
$qpid_router_broker_port = $capsule::params::qpid_router_broker_port,
$parent_fqdn = $capsule::params::parent_fqdn,
$certs_tar = $capsule::params::certs_tar,
$pulp = $capsule::params::pulp,
$pulp_master = $capsule::params::pulp_master,
$pulp_admin_password = $capsule::params::pulp_admin_password,
$pulp_oauth_effective_user = $capsule::params::pulp_oauth_effective_user,
$pulp_oauth_key = $capsule::params::pulp_oauth_key,
$pulp_oauth_secret = $capsule::params::pulp_oauth_secret,

$puppet = $capsule::params::puppet,
$puppetca = $capsule::params::puppetca,
$puppet_ca_proxy = $capsule::params::puppet_ca_proxy,

$reverse_proxy = $capsule::params::reverse_proxy,
$reverse_proxy_port = $capsule::params::reverse_proxy_port,

$rhsm_url = $capsule::params::rhsm_url,

$qpid_router = $capsule::params::qpid_router,
$qpid_router_hub_addr = $capsule::params::qpid_router_hub_addr,
$qpid_router_hub_port = $capsule::params::qpid_router_hub_port,
$qpid_router_agent_addr = $capsule::params::qpid_router_agent_addr,
$qpid_router_agent_port = $capsule::params::qpid_router_agent_port,
$qpid_router_broker_addr = $capsule::params::qpid_router_broker_addr,
$qpid_router_broker_port = $capsule::params::qpid_router_broker_port,
) inherits capsule::params {

validate_present($capsule::parent_fqdn)
Expand All @@ -263,10 +86,6 @@
validate_present($pulp_oauth_secret)
}

if $register_in_foreman {
validate_present($foreman_oauth_secret)
}

$capsule_fqdn = $::fqdn
$foreman_url = "https://${parent_fqdn}"
$reverse_proxy_real = $pulp or $reverse_proxy
Expand All @@ -276,6 +95,7 @@
false => '443'
}

include ::certs
class { '::capsule::install': } ~>
class { '::capsule::config': }
class { '::certs::foreman_proxy':
Expand Down Expand Up @@ -328,75 +148,6 @@
}
}

class { '::foreman_proxy':
custom_repo => true,
http => $foreman_proxy_http,
http_port => $foreman_proxy_http_port,
ssl_port => $foreman_proxy_port,
puppetca => $puppetca,
ssl_cert => $::certs::foreman_proxy::proxy_cert,
ssl_key => $::certs::foreman_proxy::proxy_key,
ssl_ca => $::certs::foreman_proxy::proxy_ca_cert,
foreman_ssl_cert => $::certs::foreman_proxy::foreman_ssl_cert,
foreman_ssl_key => $::certs::foreman_proxy::foreman_ssl_key,
foreman_ssl_ca => $::certs::foreman_proxy::foreman_ssl_ca_cert,
tftp => $tftp,
tftp_syslinux_root => $tftp_syslinux_root,
tftp_syslinux_files => $tftp_syslinux_files,
tftp_root => $tftp_root,
tftp_dirs => $tftp_dirs,
tftp_servername => $tftp_servername,
bmc => $bmc,
bmc_default_provider => $bmc_default_provider,
dhcp => $dhcp,
dhcp_listen_on => $dhcp_listen_on,
dhcp_option_domain => $dhcp_option_domain,
dhcp_interface => $dhcp_interface,
dhcp_gateway => $dhcp_gateway,
dhcp_range => $dhcp_range,
dhcp_nameservers => $dhcp_nameservers,
dhcp_vendor => $dhcp_vendor,
dhcp_config => $dhcp_config,
dhcp_leases => $dhcp_leases,
dhcp_key_name => $dhcp_key_name,
dhcp_key_secret => $dhcp_key_secret,
dns => $dns,
dns_managed => $dns_managed,
dns_provider => $dns_provider,
dns_zone => $dns_zone,
dns_reverse => $dns_reverse,
dns_interface => $dns_interface,
dns_server => $dns_server,
dns_ttl => $dns_ttl,
dns_tsig_keytab => $dns_tsig_keytab,
dns_tsig_principal => $dns_tsig_principal,
dns_forwarders => $dns_forwarders,
virsh_network => $virsh_network,
realm => $realm,
realm_provider => $realm_provider,
realm_keytab => $realm_keytab,
realm_principal => $realm_principal,
freeipa_remove_dns => $freeipa_remove_dns,
register_in_foreman => $register_in_foreman,
foreman_base_url => $foreman_url,
trusted_hosts => [$parent_fqdn, $capsule_fqdn],
registered_proxy_url => "https://${capsule_fqdn}:${capsule::foreman_proxy_port}",
oauth_effective_user => $foreman_oauth_effective_user,
oauth_consumer_key => $foreman_oauth_key,
oauth_consumer_secret => $foreman_oauth_secret,
templates => $templates,
}

if $remote_execution_ssh {
class { '::foreman_proxy::plugin::remote_execution::ssh':
enabled => $remote_execution_ssh,
generate_keys => $remote_execution_ssh_generate_keys,
ssh_identity_dir => $remote_execution_ssh_identity_dir,
ssh_identity_file => $remote_execution_ssh_identity_file,
require => Class['::foreman_proxy'],
}
}

if $pulp {

apache::vhost { 'capsule':
Expand Down
Loading

0 comments on commit 1175bf2

Please sign in to comment.