Skip to content

Commit

Permalink
[WIP] Refactor module
Browse files Browse the repository at this point in the history
  • Loading branch information
@ekohl
ekohl committed Aug 22, 2017
1 parent 3a1118d commit 365745b
Show file tree
Hide file tree
Showing 9 changed files with 283 additions and 223 deletions.
95 changes: 26 additions & 69 deletions manifests/dispatch_router.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,91 +3,48 @@
# Install and configure Qpid Dispatch Router
#
class foreman_proxy_content::dispatch_router (
$agent_addr = $::foreman_proxy_content::qpid_router_agent_addr,
$agent_port = $::foreman_proxy_content::qpid_router_agent_port,
$logging_path = $::foreman_proxy_content::qpid_router_logging_path,
$logging_level = $::foreman_proxy_content::qpid_router_logging_level,
) {

class { '::qpid::router': }
include ::qpid::router

# SSL Certificate Configuration
class { '::certs::qpid_router':
require => Class['qpid::router::install'],
}
~> qpid::router::ssl_profile { 'client':
ca => $certs::ca_cert,
cert => $certs::qpid_router::client_cert,
key => $certs::qpid_router::client_key,
include ::certs
include ::certs::qpid_router

Class['qpid::router::install'] -> Class['certs::qpid_router']

qpid::router::ssl_profile { 'client':
ca => $certs::ca_cert,
cert => $certs::qpid_router::client_cert,
key => $certs::qpid_router::client_key,
subscribe => Class['certs', 'certs::qpid_router'],
}
~> qpid::router::ssl_profile { 'server':
ca => $certs::ca_cert,
cert => $certs::qpid_router::server_cert,
key => $certs::qpid_router::server_key,

qpid::router::ssl_profile { 'server':
ca => $certs::ca_cert,
cert => $certs::qpid_router::server_cert,
key => $certs::qpid_router::server_key,
subscribe => Class['certs', 'certs::qpid_router'],
}

# Listen for katello-agent clients
qpid::router::listener { 'clients':
addr => $foreman_proxy_content::qpid_router_agent_addr,
port => $foreman_proxy_content::qpid_router_agent_port,
addr => $agent_addr,
port => $agent_port,
ssl_profile => 'server',
}

# Enable logging for dispatch router
file { $foreman_proxy_content::qpid_router_logging_path:
file { $logging_path:
ensure => directory,
owner => 'qdrouterd',
}
~> qpid::router::log { 'logging':
level => $foreman_proxy_content::qpid_router_logging_level,
output => "${foreman_proxy_content::qpid_router_logging_path}/qdrouterd.log",
}

# Act as hub if pulp master, otherwise connect to hub
if $foreman_proxy_content::pulp_master {
qpid::router::listener {'hub':
addr => $foreman_proxy_content::qpid_router_hub_addr,
port => $foreman_proxy_content::qpid_router_hub_port,
role => 'inter-router',
ssl_profile => 'server',
}

# Connect dispatch router to the local qpid
qpid::router::connector { 'broker':
addr => $foreman_proxy_content::qpid_router_broker_addr,
port => $foreman_proxy_content::qpid_router_broker_port,
ssl_profile => 'client',
role => 'on-demand',
idle_timeout => 0,
}

qpid::router::link_route_pattern { 'broker-pulp-route':
prefix => 'pulp.',
direction => 'out',
connector => 'broker',
}

qpid::router::link_route_pattern { 'broker-pulp-task-route':
prefix => 'pulp.task',
direction => 'in',
connector => 'broker',
}

qpid::router::link_route_pattern { 'broker-qmf-route':
prefix => 'qmf.',
connector => 'broker',
}
} else {
qpid::router::connector { 'hub':
addr => $foreman_proxy_content::parent_fqdn,
port => $foreman_proxy_content::qpid_router_hub_port,
ssl_profile => 'client',
role => 'inter-router',
idle_timeout => 0,
}

qpid::router::link_route_pattern { 'hub-pulp-route':
prefix => 'pulp.',
}

qpid::router::link_route_pattern { 'hub-qmf-route':
prefix => 'qmf.',
}
level => $logging_level,
output => "${logging_path}/qdrouterd.log",
}
}
136 changes: 16 additions & 120 deletions manifests/init.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -79,151 +79,47 @@
Boolean $enable_ostree = $foreman_proxy_content::params::enable_ostree,
) inherits foreman_proxy_content::params {
include ::certs
include ::certs::foreman_proxy
include ::foreman_proxy
include ::foreman_proxy::plugin::pulp
Class['certs::foreman_proxy'] ~> Class['foreman_proxy::service']

$pulp = $::foreman_proxy::plugin::pulp::pulpnode_enabled
if $pulp {
assert_type(String[1], $pulp_oauth_secret)
$pulp_node = $::foreman_proxy::plugin::pulp::pulpnode_enabled

if $pulp_node and $pulp_master {
fail("Can't enable both pulp node and master support")
}

$foreman_proxy_fqdn = $::fqdn
$foreman_url = "https://${parent_fqdn}"
$reverse_proxy_real = $pulp or $reverse_proxy
$setup_reverse_proxy = $pulp_node or $reverse_proxy

$rhsm_port = $reverse_proxy_real ? {
$rhsm_port = $setup_reverse_proxy ? {
true => $reverse_proxy_port,
false => '443'
}

package{ ['katello-debug', 'katello-client-bootstrap']:
package { ['katello-debug', 'katello-client-bootstrap']:
ensure => installed,
}

class { '::certs::foreman_proxy':
hostname => $foreman_proxy_fqdn,
require => Class['certs'],
notify => Service['foreman-proxy'],
}

class { '::certs::katello':
deployment_url => $rhsm_url,
rhsm_port => $rhsm_port,
require => Class['certs'],
}

if $pulp or $reverse_proxy_real {
class { '::certs::apache':
hostname => $foreman_proxy_fqdn,
require => Class['certs'],
}
~> class { '::foreman_proxy_content::reverse_proxy':
path => '/',
url => "${foreman_url}/",
port => $reverse_proxy_port,
subscribe => Class['certs::foreman_proxy'],
}
if $setup_reverse_proxy {
include ::foreman_proxy_content::reverse_proxy
}

if $pulp_master or $pulp {
if $qpid_router {
class { '::foreman_proxy_content::dispatch_router':
require => Class['pulp'],
}
}

class { '::pulp::crane':
cert => $certs::apache::apache_cert,
key => $certs::apache::apache_key,
ca_cert => $certs::ca_cert,
data_dir => '/var/lib/pulp/published/docker/v2/app',
require => Class['certs::apache'],
}
if $pulp_master {
include ::foreman_proxy_content::pulp_master
}

if $pulp {
include ::apache
$apache_version = $::apache::apache_version

file {'/etc/httpd/conf.d/pulp_nodes.conf':
ensure => file,
content => template('foreman_proxy_content/pulp_nodes.conf.erb'),
owner => 'root',
group => 'root',
mode => '0644',
}

apache::vhost { 'foreman_proxy_content':
servername => $foreman_proxy_fqdn,
port => 80,
priority => '05',
docroot => '/var/www/html',
options => ['SymLinksIfOwnerMatch'],
additional_includes => ['/etc/pulp/vhosts80/*.conf'],
custom_fragment => template('foreman_proxy_content/httpd_pub.erb'),
}

class { '::certs::qpid':
require => Class['certs'],
}
~> class { '::qpid':
ssl => true,
ssl_cert_db => $::certs::nss_db_dir,
ssl_cert_password_file => $::certs::qpid::nss_db_password_file,
ssl_cert_name => 'broker',
interface => 'lo',
}

class { '::certs::qpid_client':
require => Class['certs'],
}
~> class { '::pulp':
enable_rpm => true,
enable_puppet => true,
enable_docker => true,
enable_ostree => $enable_ostree,
default_password => $pulp_admin_password,
oauth_enabled => true,
oauth_key => $pulp_oauth_key,
oauth_secret => $pulp_oauth_secret,
messaging_transport => 'qpid',
messaging_auth_enabled => false,
messaging_ca_cert => $certs::ca_cert,
messaging_client_cert => $certs::messaging_client_cert,
messaging_url => "ssl://${qpid_router_broker_addr}:${qpid_router_broker_port}",
broker_url => "qpid://${qpid_router_broker_addr}:${qpid_router_broker_port}",
broker_use_ssl => true,
manage_broker => false,
manage_httpd => true,
manage_plugins_httpd => true,
manage_squid => true,
repo_auth => true,
node_oauth_effective_user => $pulp_oauth_effective_user,
node_oauth_key => $pulp_oauth_key,
node_oauth_secret => $pulp_oauth_secret,
node_server_ca_cert => $certs::pulp_server_ca_cert,
https_cert => $certs::apache::apache_cert,
https_key => $certs::apache::apache_key,
ca_cert => $certs::ca_cert,
yum_max_speed => $pulp_max_speed,
}

pulp::apache::fragment{'gpg_key_proxy':
ssl_content => template('foreman_proxy_content/_pulp_gpg_proxy.erb', 'foreman_proxy_content/httpd_pub.erb'),
}
if $pulp_node {
include ::foreman_proxy_content::pulp_node
}

if $puppet {
# We can't pull the certs out to the top level, because of how it gets the default
# parameter values from the main ::certs class. Kafo can't handle that case, so
# it remains here for now.
include ::puppet
include ::puppet::server
class { '::certs::puppet':
hostname => $foreman_proxy_fqdn,
require => Class['certs'],
notify => Class['puppet'],
}
include ::foreman_proxy_content::puppet
}

if $certs_tar {
Expand Down
54 changes: 54 additions & 0 deletions manifests/pulp_master.pp
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,54 @@
# The pulp master configuration
class foreman_proxy_content::pulp_master (
Boolean $qpid_router = $::foreman_proxy_content::qpid_router,
String $hub_addr = $::foreman_proxy_content::qpid_router_hub_addr,
Integer[0, 65535] $hub_port = $::foreman_proxy_content::qpid_router_hub_port,
String $broker_addr = $::foreman_proxy_content::qpid_router_broker_addr,
Integer[0, 65535] $broker_port = $::foreman_proxy_content::qpid_router_broker_port,
) {
if $qpid_router {
include ::foreman_proxy_content::dispatch_router

qpid::router::listener {'hub':
addr => $hub_addr,
port => $hub_port,
role => 'inter-router',
ssl_profile => 'server',
}

# Connect dispatch router to the local qpid
qpid::router::connector { 'broker':
addr => $broker_addr,
port => $broker_port,
ssl_profile => 'client',
role => 'on-demand',
idle_timeout => 0,
}

qpid::router::link_route_pattern { 'broker-pulp-route':
prefix => 'pulp.',
direction => 'out',
connector => 'broker',
}

qpid::router::link_route_pattern { 'broker-pulp-task-route':
prefix => 'pulp.task',
direction => 'in',
connector => 'broker',
}

qpid::router::link_route_pattern { 'broker-qmf-route':
prefix => 'qmf.',
connector => 'broker',
}
}

include ::certs::apache
class { '::pulp::crane':
cert => $::certs::apache::apache_cert,
key => $::certs::apache::apache_key,
ca_cert => $::certs::ca_cert,
data_dir => '/var/lib/pulp/published/docker/v2/app',
subscribe => Class['certs::apache'],
}
}
Loading

0 comments on commit 365745b

Please sign in to comment.