Skip to content

Iop dev deploy#442

Draft
ehelms wants to merge 24 commits intotheforeman:masterfrom
ehelms:iop-dev-deploy
Draft

Iop dev deploy#442
ehelms wants to merge 24 commits intotheforeman:masterfrom
ehelms:iop-dev-deploy

Conversation

@ehelms
Copy link
Copy Markdown
Member

@ehelms ehelms commented Apr 2, 2026

Requires #280 first

@ehelms ehelms force-pushed the iop-dev-deploy branch 2 times, most recently from 77512f5 to 42cf8ef Compare April 21, 2026 15:39
jeremylenz
jeremylenz reviewed Apr 22, 2026
View reviewed changes
Comment thread src/roles/iop_cvemap_downloader/templates/iop-cvemap-download.sh.j2
--connect-timeout 10 \
--max-time 30 \
--request PUT \
"https://localhost:24443/api/vmaas-reposcan/v1/sync"; then
Copy link
Copy Markdown
Contributor

@jeremylenz jeremylenz Apr 22, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we need to add X-Org-Id here?

ehelms and others added 23 commits April 23, 2026 14:40
@ehelms
Add iop_kafka
08eeae0 
Signed-off-by: Eric D. Helms <ericdhelms@gmail.com>
@ehelms
Add iop_ingress
f9d2e3f
@ehelms
Add iop_puptoo
ab0fe16
@ehelms
Add iop_yuptoo
2b37129
@ehelms
Add iop_engine
cc9f852
@ehelms
Add iop_gateway
3c168a5
@ehelms
Add iop_inventory
8b27dda 
Signed-off-by: Eric D. Helms <ericdhelms@gmail.com>
@ehelms
Add iop_advisor
8782742 
Signed-off-by: Eric D. Helms <ericdhelms@gmail.com>
@ehelms
Add iop_remediation
6285f83
@ehelms
Add iop_vmaas and iop_vulnerability
b3fd54f 
Signed-off-by: Eric D. Helms <ericdhelms@gmail.com>
@ehelms
Add frontends for advisor and vulnerability
897fcff
@ehelms
Add iop test github actions
b2396e6 
Signed-off-by: Eric D. Helms <ericdhelms@gmail.com>
@ehelms
Specify explicit volume mount permissions
c9c7c18
@ehelms
Use nightly tag for images
ee8ef99
@ehelms
Add documentation
1d12445
@evgeni @ehelms
add iop to the artifact name
cb76743
@evgeni @ehelms
Restart dynflow containers when the config changes
c1eb801 
Useful when you install plugins and want their code to work
@ehelms
Add missing secret notifiers for iop
0b6fd04
@ehelms
Update to foreman-3.18 image tags
bfc899e
@ehelms
Add authenticated registry support to iop images
c79f030
@ehelms @claude
Add iop inventory frontend role
88cc56a 
puppet-iop deploys host-inventory-frontend assets but foremanctl was
missing this role. Adds the iop_inventory_frontend role following the
same pattern as the advisor and vulnerability frontend roles, and
includes it in the iop_core orchestration.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@ehelms @claude
Update vuln-vmaas-sync timer to match puppet-iop schedule
c1a797b 
The timer was set to OnCalendar=daily with 1h jitter, but puppet-iop
runs every 4 hours with a 10-minute boot delay. The daily schedule
left vulnerability data stale for too long between syncs.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@ehelms @claude
Add iop cvemap downloader role
cb21596 
puppet-iop has a cvemap_downloader class that manages downloading
cvemap.xml for the VMAAS reposcan service. Without this, VMAAS cannot
fetch CVE data from the REDHAT_CVEMAP_URL it's configured to use.

Adds a service, timer, and path watcher unit matching the puppet-iop
implementation, along with the download script that supports both
online (curl from Red Hat) and offline (manual file) modes.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@jeremylenz jeremylenz jeremylenz left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@ehelms @jeremylenz @evgeni