diff --git a/.packit.yaml b/.packit.yaml index f80e3815c..3ccbe3820 100644 --- a/.packit.yaml +++ b/.packit.yaml @@ -17,7 +17,7 @@ upstream_tag_template: "{version}" actions: post-upstream-clone: - - "wget https://raw.githubusercontent.com/theforeman/foreman-packaging/rpm/develop/packages/foreman/foreman-installer/foreman-installer.spec -O foreman-installer.spec" + - "wget https://raw.githubusercontent.com/evgeni/foreman-packaging/ansible-installer/packages/foreman/foreman-installer/foreman-installer.spec -O foreman-installer.spec" get-current-version: - "sed 's/-develop//' VERSION" create-archive: diff --git a/Puppetfile b/Puppetfile index 2432ebb01..c1cf06858 100644 --- a/Puppetfile +++ b/Puppetfile @@ -33,5 +33,5 @@ mod 'theforeman/puppet', :git => 'https://github.com/theforeman/pu # Top-level katello modules mod 'katello/foreman_proxy_content', :git => 'https://github.com/theforeman/puppet-foreman_proxy_content' -mod 'katello/certs', :git => 'https://github.com/theforeman/puppet-certs' -mod 'katello/katello', :git => 'https://github.com/theforeman/puppet-katello' +mod 'katello/certs', :git => 'https://github.com/ehelms/puppet-certs', branch: 'add-generate' +mod 'katello/katello', :git => 'https://github.com/theforeman/puppet-katello', branch: 'headless-frankenstein' diff --git a/Rakefile b/Rakefile index de7701996..648fc89ba 100644 --- a/Rakefile +++ b/Rakefile @@ -37,9 +37,11 @@ task :modules => "#{BUILDDIR}/modules" if BUILD_KATELLO SCENARIOS = ['foreman', 'foreman-proxy-content', 'katello'].freeze CERTS_SCENARIOS = ['foreman-proxy-certs'].freeze + NEW_CERTS_SCENARIOS = ['foreman-certs'].freeze else SCENARIOS = ['foreman'].freeze CERTS_SCENARIOS = [].freeze + NEW_CERTS_SCENARIOS = [].freeze end exporter_dirs = ENV['PATH'].split(':').push('/usr/bin', ENV['KAFO_EXPORTER']) @@ -136,6 +138,33 @@ CERTS_SCENARIOS.each do |scenario| end end +NEW_CERTS_SCENARIOS.each do |scenario| + config = "foreman_certs/config/#{scenario}.yaml" + file "#{BUILDDIR}/#{scenario}.yaml" => [config, BUILDDIR] do |t| + cp t.prerequisites.first, t.name + + scenario_config_replacements = { + 'answer_file' => "#{DATADIR}/foreman-installer/foreman-certs/scenarios.d/#{scenario}-answers.yaml", + 'installer_dir' => "#{DATADIR}/foreman-installer/foreman-certs", + 'log_dir' => "#{LOGDIR}/foreman-installer", + 'module_dirs' => "#{DATADIR}/foreman-installer/modules", + 'parser_cache_path' => "#{DATADIR}/foreman-installer/parser_cache/#{scenario}.yaml", + } + + scenario_config_replacements.each do |setting, value| + sh format('sed -i "s#\(.*%s:\).*#\1 %s#" %s', setting, value, t.name) + end + end + + file "#{BUILDDIR}/parser_cache/#{scenario}.yaml" => [config, "#{BUILDDIR}/modules", "#{BUILDDIR}/parser_cache"] do |t| + sh "#{exporter}/kafo-export-params -c #{t.prerequisites.first} -f parsercache --no-parser-cache -o #{t.name}" + end + + file "#{BUILDDIR}/#{scenario}-options.asciidoc" => [config, "#{BUILDDIR}/parser_cache/#{scenario}.yaml"] do |t| + sh "#{exporter}/kafo-export-params -c #{t.prerequisites.first} -f asciidoc -o #{t.name}" + end +end + file "#{BUILDDIR}/foreman-installer" => 'bin/foreman-installer' do |t| cp t.prerequisites[0], t.name sh format('sed -i "s#\(^.*CONFIG_DIR = \).*#CONFIG_DIR = %s#" %s', "'#{SYSCONFDIR}/foreman-installer/scenarios.d/'", t.name) @@ -147,6 +176,11 @@ file "#{BUILDDIR}/foreman-proxy-certs-generate" => 'bin/foreman-proxy-certs-gene sh format('sed -i "s#^.*\(LAST_SCENARIO_PATH = \).*#\1%s#" %s', "'#{SYSCONFDIR}/foreman-installer/scenarios.d/last_scenario.yaml'", t.name) end +file "#{BUILDDIR}/foreman-certs" => 'bin/foreman-certs' do |t| + cp t.prerequisites[0], t.name + sh format('sed -i "s#^.*\(CONFIG_DIR = \).*#\1%s#" %s', "'#{DATADIR}/foreman-installer/foreman-certs/scenarios.d/'", t.name) +end + file "#{BUILDDIR}/katello-certs-check" => 'bin/katello-certs-check' do |t| cp t.prerequisites[0], t.name end @@ -212,6 +246,7 @@ namespace :build do if BUILD_KATELLO task :base => [ + "#{BUILDDIR}/foreman-certs", "#{BUILDDIR}/foreman-proxy-certs-generate", "#{BUILDDIR}/katello-certs-check", ] @@ -235,9 +270,16 @@ namespace :build do "#{BUILDDIR}/parser_cache/#{scenario}.yaml", ] end].flatten + + task :new_certs_scenarios => [NEW_CERTS_SCENARIOS.map do |scenario| + [ + "#{BUILDDIR}/#{scenario}.yaml", + "#{BUILDDIR}/parser_cache/#{scenario}.yaml", + ] + end].flatten end -task :build => ['build:base', 'build:scenarios', 'build:certs_scenarios'] +task :build => ['build:base', 'build:scenarios', 'build:certs_scenarios', 'build:new_certs_scenarios'] task :install => :build do mkdir_p "#{DATADIR}/foreman-installer" @@ -262,6 +304,14 @@ task :install => :build do cp "katello_certs/config/#{scenario}-answers.yaml", "#{DATADIR}/foreman-installer/katello-certs/scenarios.d/#{scenario}-answers.yaml" end + if NEW_CERTS_SCENARIOS.any? + mkdir_p "#{DATADIR}/foreman-installer/foreman-certs/scenarios.d" + end + NEW_CERTS_SCENARIOS.each do |scenario| + cp "#{BUILDDIR}/#{scenario}.yaml", "#{DATADIR}/foreman-installer/foreman-certs/scenarios.d/#{scenario}.yaml" + cp "foreman_certs/config/#{scenario}-answers.yaml", "#{DATADIR}/foreman-installer/foreman-certs/scenarios.d/#{scenario}-answers.yaml" + end + cp_r "#{BUILDDIR}/modules", "#{DATADIR}/foreman-installer", :preserve => true cp_r "#{BUILDDIR}/parser_cache", "#{DATADIR}/foreman-installer" @@ -272,6 +322,7 @@ task :install => :build do install "#{BUILDDIR}/foreman-installer", "#{SBINDIR}/foreman-installer", :mode => 0o755, :verbose => true if BUILD_KATELLO + install "#{BUILDDIR}/foreman-certs", "#{SBINDIR}/foreman-certs", :mode => 0o755, :verbose => true install "#{BUILDDIR}/foreman-proxy-certs-generate", "#{SBINDIR}/foreman-proxy-certs-generate", :mode => 0o755, :verbose => true install "#{BUILDDIR}/katello-certs-check", "#{SBINDIR}/katello-certs-check", :mode => 0o755, :verbose => true end diff --git a/bin/foreman-certs b/bin/foreman-certs new file mode 100755 index 000000000..44ff05595 --- /dev/null +++ b/bin/foreman-certs @@ -0,0 +1,9 @@ +#!/usr/bin/env ruby +require 'rubygems' +require 'kafo' + +CONFIG_DIR = './foreman_certs/config/'.freeze +LAST_SCENARIO_PATH = './config/last_scenario.yaml'.freeze + +@result = Kafo::KafoConfigure.run +exit((@result.nil? || @result.exit_code == 2) ? 0 : @result.exit_code) diff --git a/config/katello-answers.yaml b/config/katello-answers.yaml index dc9dc4415..bcb802504 100644 --- a/config/katello-answers.yaml +++ b/config/katello-answers.yaml @@ -9,78 +9,6 @@ # # See params.pp in each class for what options are available --- -certs: - group: foreman -foreman: - client_ssl_ca: /etc/foreman/proxy_ca.pem - client_ssl_cert: /etc/foreman/client_cert.pem - client_ssl_key: /etc/foreman/client_key.pem - initial_location: Default Location - initial_organization: Default Organization - server_ssl_ca: /etc/pki/katello/certs/katello-default-ca.crt - server_ssl_cert: /etc/pki/katello/certs/katello-apache.crt - server_ssl_chain: /etc/pki/katello/certs/katello-server-ca.crt - server_ssl_crl: "" - server_ssl_key: /etc/pki/katello/private/katello-apache.key -foreman::cli: true -foreman::cli::ansible: false -foreman::cli::azure: false -foreman::cli::bootdisk: false -foreman::cli::discovery: false -foreman::cli::google: false -foreman::cli::katello: true -foreman::cli::kubevirt: false -foreman::cli::openscap: false -foreman::cli::puppet: false -foreman::cli::remote_execution: true -foreman::cli::resource_quota: false -foreman::cli::rh_cloud: false -foreman::cli::ssh: false -foreman::cli::tasks: false -foreman::cli::templates: false -foreman::cli::virt_who_configure: false -foreman::cli::webhooks: false -foreman::compute::ec2: false -foreman::compute::libvirt: false -foreman::compute::openstack: false -foreman::compute::ovirt: false -foreman::compute::vmware: false -foreman::plugin::acd: false -foreman::plugin::ansible: false -foreman::plugin::azure: false -foreman::plugin::bootdisk: false -foreman::plugin::default_hostgroup: false -foreman::plugin::dhcp_browser: false -foreman::plugin::discovery: false -foreman::plugin::dlm: false -foreman::plugin::expire_hosts: false -foreman::plugin::git_templates: false -foreman::plugin::google: false -foreman::plugin::hdm: false -foreman::plugin::kernel_care: false -foreman::plugin::kubevirt: false -foreman::plugin::leapp: false -foreman::plugin::monitoring: false -foreman::plugin::netbox: false -foreman::plugin::openscap: false -foreman::plugin::proxmox: false -foreman::plugin::puppet: false -foreman::plugin::puppetdb: false -foreman::plugin::remote_execution: true -foreman::plugin::remote_execution::cockpit: false -foreman::plugin::rescue: false -foreman::plugin::resource_quota: false -foreman::plugin::rh_cloud: false -foreman::plugin::salt: false -foreman::plugin::scc_manager: false -foreman::plugin::snapshot_management: false -foreman::plugin::statistics: false -foreman::plugin::tasks: true -foreman::plugin::templates: false -foreman::plugin::vault: false -foreman::plugin::virt_who_configure: false -foreman::plugin::webhooks: false -foreman::plugin::wreckingball: false foreman_proxy: foreman_ssl_ca: /etc/foreman-proxy/foreman_ssl_ca.pem foreman_ssl_cert: /etc/foreman-proxy/foreman_ssl_cert.pem @@ -106,7 +34,5 @@ foreman_proxy::plugin::openscap: false foreman_proxy::plugin::remote_execution::script: false foreman_proxy::plugin::salt: false foreman_proxy::plugin::shellhooks: false -foreman_proxy_content: true katello: true puppet: false -apache::mod::status: false diff --git a/config/katello.migrations/250226000000-frankenstein.rb b/config/katello.migrations/250226000000-frankenstein.rb new file mode 100644 index 000000000..6d9d3ad89 --- /dev/null +++ b/config/katello.migrations/250226000000-frankenstein.rb @@ -0,0 +1,3 @@ +answers.delete_if do |key, _value| + ['foreman', 'foreman_proxy_content', 'apache::mod::status'].include?(key) || key.start_with?('foreman::') +end diff --git a/config/katello.yaml b/config/katello.yaml index ca21507e4..6b79ddf73 100644 --- a/config/katello.yaml +++ b/config/katello.yaml @@ -17,12 +17,8 @@ tuning: 'default' :order: - - certs - - foreman - katello - foreman_proxy - - foreman_proxy::plugin::pulp - - foreman_proxy_content - puppet # If using the Debian ruby-kafo package, uncomment this diff --git a/foreman_certs/config/foreman-certs-answers.yaml b/foreman_certs/config/foreman-certs-answers.yaml new file mode 100644 index 000000000..09f0e4cda --- /dev/null +++ b/foreman_certs/config/foreman-certs-answers.yaml @@ -0,0 +1,7 @@ +certs: + generate: true + regenerate: true + deploy: false + group: foreman + ssl_build_dir: /root/ssl-build +certs::generate: true diff --git a/foreman_certs/config/foreman-certs.yaml b/foreman_certs/config/foreman-certs.yaml new file mode 100644 index 000000000..ee37fbfd7 --- /dev/null +++ b/foreman_certs/config/foreman-certs.yaml @@ -0,0 +1,27 @@ +--- +:answer_file: "./foreman_certs/config/foreman-certs-answers.yaml" +:color_of_background: :dark +:colors: true +:custom: {} +:description: Generate Foreman certificates +:dont_save_answers: true +:enabled: true +:facts: {} +:hook_dirs: [] +:installer_dir: "./foreman_certs" +:log_dir: "./_build/" +:log_level: :debug +:log_name: foreman-certs.log +:low_priority_modules: [] +:mapping: {} +:module_dirs: "./_build/modules" +:name: foreman-certs +:no_prefix: true +:order: +- certs +- certs::generate +:parser_cache_path: "./_build/parser_cache/foreman-certs.yaml" +:skip_puppet_version_check: false +:store_dir: '' +:verbose: false +:verbose_log_level: debug diff --git a/hooks/pre/33-pulpcore_assets_permissions.rb b/hooks/pre/33-pulpcore_assets_permissions.rb deleted file mode 100644 index b27d6c3d5..000000000 --- a/hooks/pre/33-pulpcore_assets_permissions.rb +++ /dev/null @@ -1,11 +0,0 @@ -# Prior to Katello 3.18 assets were built by root. Katello 3.18 runs it as pulp -# and this corrects the permissions. -unless app_value(:noop) - DIRECTORY = '/var/lib/pulp/assets'.freeze - USER = 'pulp'.freeze - - if File.directory?(DIRECTORY) && File.stat(DIRECTORY).uid == 0 - require 'fileutils' - FileUtils.chown_R(USER, USER, DIRECTORY) - end -end diff --git a/hooks/pre/34-pulpcore_directory_layout.rb b/hooks/pre/34-pulpcore_directory_layout.rb deleted file mode 100644 index f76183d9a..000000000 --- a/hooks/pre/34-pulpcore_directory_layout.rb +++ /dev/null @@ -1,13 +0,0 @@ -require 'pathname' - -PULP_ROOT = Pathname.new('/var/lib/pulp') -LEGACY_DIR = PULP_ROOT / 'docroot' -DESTINATION = PULP_ROOT / 'media' - -if LEGACY_DIR.directory? && !LEGACY_DIR.symlink? - logger.debug("Migrating #{LEGACY_DIR} to #{DESTINATION}") - unless app_value(:noop) - LEGACY_DIR.rename(DESTINATION) - LEGACY_DIR.make_symlink(DESTINATION) - end -end diff --git a/hooks/pre_commit/13-tuning.rb b/hooks/pre_commit/13-tuning.rb index bce4ccc57..9a2563107 100644 --- a/hooks/pre_commit/13-tuning.rb +++ b/hooks/pre_commit/13-tuning.rb @@ -14,11 +14,7 @@ EXIT_INSUFFICIENT_MEMORY = 103 current_tuning = get_custom_fact(TUNING_FACT) - if module_enabled?('foreman') - new_tuning = app_value(:tuning) - else - new_tuning = current_tuning - end + new_tuning = app_value(:tuning) required = TUNING_SIZES[new_tuning] required_cores = required[:cpu_cores] diff --git a/hooks/pre_commit/33-pulpcore_assets_permissions.rb b/hooks/pre_commit/33-pulpcore_assets_permissions.rb deleted file mode 100644 index 5da3f25c7..000000000 --- a/hooks/pre_commit/33-pulpcore_assets_permissions.rb +++ /dev/null @@ -1,12 +0,0 @@ -# hooks/pre/33-pulpcore_assets_permissions.rb needs user pulp -DIRECTORY = '/var/lib/pulp/assets'.freeze -USER = 'pulp'.freeze -if File.directory?(DIRECTORY) - require 'etc' - - begin - Etc.getpwnam(USER) - rescue ArgumentError - fail_and_exit("Detected incorrect permissions on #{DIRECTORY} but user #{USER} doesn't exist") - end -end