theforeman
diff --git a/‎.github/workflows/devel.yml‎
Lines changed: 63 additions & 0 deletions b/‎.github/workflows/devel.yml‎
Lines changed: 63 additions & 0 deletions
diff --git a/‎CLAUDE.md‎
Lines changed: 140 additions & 0 deletions b/‎CLAUDE.md‎
Lines changed: 140 additions & 0 deletions
diff --git a/‎development/ansible.cfg‎
Lines changed: 1 addition & 1 deletion b/‎development/ansible.cfg‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎development/playbooks/deploy-dev/deploy-dev.yaml‎
Lines changed: 57 additions & 0 deletions b/‎development/playbooks/deploy-dev/deploy-dev.yaml‎
Lines changed: 57 additions & 0 deletions
diff --git a/‎development/playbooks/deploy-dev/metadata.obsah.yaml‎
Lines changed: 14 additions & 0 deletions b/‎development/playbooks/deploy-dev/metadata.obsah.yaml‎
Lines changed: 14 additions & 0 deletions
diff --git a/‎development/requirements.yml‎
Lines changed: 5 additions & 0 deletions b/‎development/requirements.yml‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎development/roles/foreman_development/defaults/main.yaml‎
Lines changed: 79 additions & 0 deletions b/‎development/roles/foreman_development/defaults/main.yaml‎
Lines changed: 79 additions & 0 deletions
@@ -0,0 +1,63 @@
+---
+name: Devel Test
+
+on:
+  push:
+    branches:
+      - master
+    paths-ignore:
+      - 'container-images/**'
+      - '.github/workflows/container.yml'
+      - 'docs/**'
+  pull_request:
+    paths-ignore:
+      - 'container-images/**'
+      - '.github/workflows/container.yml'
+      - 'docs/**'
+
+
+concurrency:
+  group: ${{ github.ref_name }}-${{ github.workflow }}
+  cancel-in-progress: true
+
+jobs:
+  tests:
+    strategy:
+      fail-fast: false
+      matrix:
+        certificate_source:
+          - default
+    runs-on: ubuntu-24.04
+    steps:
+      - uses: actions/checkout@v5
+      - name: Set up Python
+        uses: actions/setup-python@v6
+        with:
+          python-version: '3.12'
+      - name: Setup libvirt for Vagrant
+        run: |
+          sudo add-apt-repository --yes ppa:evgeni/vagrant
+          sudo apt-get update
+          sudo apt-get install -y --no-install-recommends vagrant vagrant-libvirt libvirt-clients libvirt-daemon-system libvirt-daemon qemu-system-x86 qemu-utils dnsmasq
+          sudo chmod 666 /var/run/libvirt/libvirt-sock
+      - name: Install Ansible
+        run: pip install --upgrade ansible-core
+      - name: Setup environment
+        run: ./setup-environment
+      - name: Start VMs
+        run: |
+          ./forge vms start
+      - name: Configure repositories
+        run: |
+          ./forge setup-repositories
+      - name: Run deployment
+        run: |
+          ./forge deploy-dev
+      - name: Setup upterm session
+        if: ${{ failure() }}
+        uses: owenthereal/action-upterm@v1
+        with:
+          ## limits ssh access and adds the ssh public key for the user which triggered the workflow
+          limit-access-to-actor: true
+          ## If no one connects after 5 minutes, shut down server.
+          wait-timeout-minutes: 5
@@ -0,0 +1,140 @@
+# CLAUDE.md
+
+This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.
+
+## Project Overview
+
+Foremanctl is a Foreman and Katello deployment tool using Podman quadlets and Ansible. It supports Foreman 3.16, Katello 4.18, Pulp 3.73, and Candlepin 4.6, targeting ansible-core 2.14 as present in CentOS Stream 9.
+
+## Development Environment Setup
+
+Initialize the development environment:
+```bash
+./setup-environment
+source .venv/bin/activate
+```
+
+This creates a Python virtual environment and installs dependencies from `src/requirements.txt` and `development/requirements.txt`, then builds Ansible collections for both production (`foremanctl`) and development (`forge`) use.
+
+## Core Architecture
+
+### CLI Tools
+- `./foremanctl` - Production deployment tool using obsah with production Ansible collections
+- `./forge` - Development/testing tool using obsah with development Ansible collections
+
+Both tools are bash wrappers around the `obsah` CLI tool that set environment variables:
+- `OBSAH_NAME` - Tool identifier
+- `OBSAH_DATA` - Ansible data directory (`src` for foremanctl, `development` for forge)
+- `OBSAH_INVENTORY` - Ansible inventory path
+- `OBSAH_STATE` - State persistence directory
+- `ANSIBLE_COLLECTIONS_PATH` - Path to built collections
+
+### Directory Structure
+- `src/` - Production Ansible roles, playbooks, and configurations
+- `development/` - Development-specific Ansible configurations
+- `tests/` - pytest-based test suite with testinfra integration
+- `inventories/` - Ansible inventory configurations
+- `build/collections/` - Built Ansible collections (generated)
+
+### Ansible Roles
+Key roles in `src/roles/`:
+- `certificates` - Certificate management and issuance
+- `foreman` - Foreman application deployment
+- `candlepin` - Candlepin subscription management
+- `pulp` - Pulp content management
+- `postgresql` - Database setup
+- `httpd` - Web server configuration
+- `redis` - Redis cache configuration
+- `hammer` - Hammer CLI setup
+
+## Common Development Tasks
+
+### VM-based Development and Testing
+```bash
+# Start development environment
+./forge vms start
+
+# Deploy Foreman with default settings
+./foremanctl deploy --foreman-initial-admin-password=changeme
+
+# Setup hammer CLI (optional)
+./forge setup-repositories
+./foremanctl setup-hammer
+
+# Run all tests
+./forge test
+
+# Stop environment
+./forge vms stop
+```
+
+### Building and Collections
+```bash
+# Build production collections
+make build/collections/foremanctl
+
+# Build development collections
+make build/collections/forge
+
+# Create distribution tarball
+make dist
+```
+
+### Testing
+Tests use pytest with testinfra for infrastructure testing and apypie for Foreman API testing. Test configuration is in `tests/conftest.py` with fixtures for:
+- Server and client connection via Vagrant SSH
+- Foreman API client with authentication
+- Certificate management (default vs installer certificates)
+- Katello entities (organizations, products, repositories, content views, etc.)
+
+Run individual test files:
+```bash
+# Run specific test module
+pytest tests/foreman_test.py
+
+# Run with specific certificate source
+pytest --certificate-source=installer tests/
+```
+
+## Configuration Management
+
+### Service Configuration
+Services use Podman secrets for configuration files, following naming conventions:
+- Config files: `<role_namespace>-<filename>-<extension>`
+- Strings: `<role_namespace>-<descriptive_name>`
+- With app context: `<role_namespace>-<app>-<filename>-<extension>`
+
+View configurations:
+```bash
+# List all secrets
+podman secret ls
+
+# View specific secret
+podman secret inspect --showsecret --format "{{.SecretData}}" <secret-name>
+```
+
+### Ansible Collections
+Production requirements in `src/requirements.yml`:
+- `community.postgresql` - PostgreSQL management
+- `community.crypto` - Certificate management
+- `ansible.posix` - POSIX utilities
+- `containers.podman` - Podman container management
+- `theforeman.foreman` - Foreman-specific modules
+
+Development requirements in `development/requirements.yml` include additional collections for testing and VM management.
+
+## Package Management
+
+RPM packages available via COPR:
+```bash
+dnf copr enable @theforeman/foremanctl rhel-9-x86_64
+dnf install foremanctl
+```
+
+## Important Notes
+
+- Uses Vagrant with libvirt provider for VM-based development
+- All Ansible configuration managed through obsah CLI wrapper
+- State persistence handled automatically via `OBSAH_STATE` directory
+- Test fixtures create temporary Katello entities that are cleaned up automatically
+- Certificate management supports both default and installer-provided certificates
@@ -2,5 +2,5 @@
 host_key_checking = False
 stdout_callback=debug
 stderr_callback=debug
-roles_path = ~/.ansible/roles:./roles
+roles_path = ~/.ansible/roles:./roles:../src/roles
 display_skipped_hosts = no
@@ -0,0 +1,57 @@
+---
+- name: Deploy Foreman Development Environment
+  hosts: "{{ target_host if target_host is defined and target_host != '' else 'quadlet' }}"
+  become: true
+  vars_files:
+    - "../../../src/vars/defaults.yml"
+    - "../../../src/vars/{{ certificate_source }}_certificates.yml"
+    - "../../../src/vars/images.yml"
+    - "../../../src/vars/database.yml"
+    - "../../../src/vars/foreman.yml"
+    - "../../../src/vars/base.yaml"
+  vars:
+    httpd_foreman_backend: "http://localhost:3000"
+  roles:
+    - pre_install
+    - role: certificates
+    - role: postgresql
+      vars:
+        postgresql_databases:
+          - name: "{{ candlepin_database_name }}"
+            owner: "{{ candlepin_database_user }}"
+          - name: "foreman_development"
+            owner: "{{ foreman_database_user }}"
+          - name: "foreman_development_test"
+            owner: "{{ foreman_database_user }}"
+          - name: "{{ pulp_database_name }}"
+            owner: "{{ pulp_database_user }}"
+        postgresql_users:
+          - name: "{{ candlepin_database_name }}"
+            password: "{{ candlepin_database_password }}"
+          - name: "{{ foreman_database_name }}"
+            password: "{{ foreman_database_password }}"
+          - name: "{{ pulp_database_name }}"
+            password: "{{ pulp_database_password }}"
+    - role: redis
+    - role: candlepin
+    - role: httpd
+    - role: pulp
+    - role: foreman_development
+  post_tasks:
+    - name: Display development environment information
+      ansible.builtin.debug:
+        msg: |
+          Foreman development environment deployed successfully!
+
+          Access URLs:
+            - Foreman UI: https://{{ ansible_fqdn }}
+            - Direct Rails: http://localhost:3000 (when running)
+
+          Credentials:
+            - Username: {{ foreman_development_admin_user | default('admin') }}
+            - Password: {{ foreman_development_admin_password | default('changeme') }}
+
+          Next steps:
+            - SSH into the VM
+            - Navigate to /home/{{ foreman_development_user }}/foreman
+            - Run: bundle exec foreman start
@@ -0,0 +1,14 @@
+---
+help: |
+  Deploy and manage Foreman development environment with git-based Foreman and containerized backend services.
+
+variables:
+  foreman_development_enabled_plugins:
+    help: List of plugins to enable from registry (comma-separated)
+    default: katello,foreman_remote_execution
+  target_host:
+    help: Target hostname or IP address for deployment
+    action: store
+  foreman_development_user:
+    help: Username for the development user account
+    action: store
@@ -1,7 +1,12 @@
 ---
 collections:
   - ansible.posix
+  - community.crypto
+  - community.postgresql
   - community.general
+  - name: containers.podman
+    version: ">=1.16.4"
   - name: https://github.com/theforeman/forklift
     type: git
+  - name: theforeman.foreman
   - name: theforeman.operations
@@ -0,0 +1,79 @@
+---
+foreman_development_user: "vagrant"
+foreman_development_group: "{{ foreman_development_user }}"
+foreman_development_deployment_dir: "/home/{{ foreman_development_user }}"
+foreman_development_foreman_dir: "{{ foreman_development_deployment_dir }}/foreman"
+foreman_development_cert_dir: "{{ foreman_development_deployment_dir }}/foreman-certs"
+
+foreman_development_ca_certificate: "{{ foreman_ca_certificate }}"
+foreman_development_client_certificate: "{{ foreman_client_certificate }}"
+foreman_development_client_key: "{{ foreman_client_key }}"
+
+foreman_development_admin_user: "admin"
+foreman_development_admin_password: "changeme"
+
+foreman_development_git_repo: "https://github.com/theforeman/foreman.git"
+foreman_development_git_revision: "develop"
+
+foreman_development_rails_port: 3000
+foreman_development_rails_command: "puma -w 2 -p {{ foreman_development_rails_port }} --preload"
+
+foreman_development_database_host: "localhost"
+foreman_development_database_port: 5432
+foreman_development_database_name: "foreman_development"
+foreman_development_database_user: "foreman"
+foreman_development_database_password: "foreman"
+
+foreman_development_nodejs_stream: "22"
+
+foreman_development_plugin_registry:
+  katello:
+    name: "katello/katello"
+    settings_template: "katello.yaml.j2"
+    scm_revision: "master"
+    manage_repo: true
+    extra_gemfiles:
+      - "gemfile.d/test.rb"
+  foreman_remote_execution:
+    name: "theforeman/foreman_remote_execution"
+    scm_revision: "master"
+    manage_repo: true
+  foreman_ansible:
+    name: "theforeman/foreman_ansible"
+    settings_template: "foreman_ansible.yaml.j2"
+    scm_revision: "master"
+    manage_repo: true
+  foreman_rh_cloud:
+    name: "RedHatInsights/foreman_rh_cloud"
+    scm_revision: "master"
+    manage_repo: true
+  foreman_discovery:
+    name: "theforeman/foreman_discovery"
+    scm_revision: "master"
+    manage_repo: true
+  foreman_openscap:
+    name: "theforeman/foreman_openscap"
+    scm_revision: "master"
+    manage_repo: true
+  foreman_bootdisk:
+    name: "theforeman/foreman_bootdisk"
+    scm_revision: "master"
+    manage_repo: true
+
+foreman_development_enabled_plugins:
+  - katello
+  - foreman_remote_execution
+
+foreman_development_packages:
+  - git
+  - ruby-devel
+  - npm
+  - postgresql-devel
+  - libxml2-devel
+  - libxslt-devel
+  - libcurl-devel
+  - gcc-c++
+  - make
+  - rubygem-bundler
+  - rubygem-irb
+  - postgresql