Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update Candlepin configuration #9

Merged
merged 2 commits into from
Jul 1, 2014
Merged

Update Candlepin configuration #9

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
cdb8a2f
Refs #6418 - Configure Candlepin to use Qpid.
awood Jun 26, 2014
4a3d73a
Fixes #6426 - Remove bad cipher suites. BZ1010082
awood Jun 19, 2014
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
4 changes: 3 additions & 1 deletion manifests/init.pp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -77,12 +77,14 @@

$ca_key = $candlepin::params::ca_key,
$ca_cert = $candlepin::params::ca_crt,
$ca_key_password = $candlepin::params::ca_key_password
$ca_key_password = $candlepin::params::ca_key_password,
$qpid_ssl_port = $candlepin::params::qpid_ssl_port

) inherits candlepin::params {

$weburl = "https://${::fqdn}/${candlepin::deployment_url}/distributors?uuid="
$apiurl = "https://${::fqdn}/${candlepin::deployment_url}/api/distributors/"
$amqpurl = "tcp://${::fqdn}:${qpid_ssl_port}?ssl='true'&ssl_cert_alias='amqp-client'"

class { 'candlepin::install': } ~>
class { 'candlepin::config': } ~>
Expand Down
4 changes: 4 additions & 0 deletions manifests/params.pp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,8 @@

# this comes from keystore
$db_password = cache_data('candlepin_db_password', random_password(32))
$amqp_keystore_password = $::certs::candlepin::keystore_password
$amqp_truststore_password = $::certs::candlepin::keystore_password
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would define these two in init.pp unless you plan to allow them to be set via parameters.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If I would like them to be settable via parameters, what changes would I need to make? I think it would be nice if people could configure the keystore/truststore passwords if they wished.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Look at https://github.com/Katello/puppet-candlepin/pull/9/files#diff-60ae41fd0a31977447947f59940ee9a4L53 those are all configurable parameters that have defaults set by the params.pp file. Also note documentation above for each parameter.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This also means you can break your reliance on the certs module here, and pass that information in when the Candlepin module is delcared if you want.


# where to store output from cpsetup execution
$log_dir = '/var/log/candlepin'
Expand All @@ -39,4 +41,6 @@

$deployment_url = 'candlepin'

$qpid_ssl_port = 5671

}
5 changes: 5 additions & 0 deletions templates/candlepin.conf.erb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,11 @@ candlepin.auth.trusted.enable = false
candlepin.enable_cert_v3=true
candlepin.export.prefix.weburl=<%= @weburl %>
candlepin.export.prefix.apiurl=<%= @apiurl %>
# enable events via AMQP
candlepin.amqp.enable=true
candlepin.amqp.connect=<%= @amqpurl %>
candlepin.amqp.keystore_password=<%= @amqp_keystore_password %>
candlepin.amqp.truststore_password=<%= @amqp_truststore_password %>

<% if @oauth_key != "" -%>
module.config.katello=org.candlepin.katello.KatelloModule
Expand Down
4 changes: 1 addition & 3 deletions templates/tomcat/server.xml.erb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -100,9 +100,7 @@
TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA,
TLS_ECDH_anon_WITH_AES_128_CBC_SHA,
TLS_ECDH_anon_WITH_AES_256_CBC_SHA"
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"
truststorePass="<%= scope.lookupvar("candlepin::keystore_password") %>" />

<!-- Define an AJP 1.3 Connector on port 8009 -->
Expand Down
4 changes: 1 addition & 3 deletions templates/tomcat6/server.xml.erb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -101,9 +101,7 @@
TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA,
TLS_ECDH_anon_WITH_AES_128_CBC_SHA,
TLS_ECDH_anon_WITH_AES_256_CBC_SHA"
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"
truststorePass="<%= scope.lookupvar("candlepin::keystore_password") %>" />

<!-- Define an AJP 1.3 Connector on port 8009 -->
Expand Down