This patchset adds a new parameter to `foreman::config::apache` called
`request_headers_to_unset` containing a list of HTTP headers to be
unset before proxy passing the request to the application. See the
associated issue for more information.

Fixes #941

This brings the two files in sync with how they include the
_header.erb subtemplate.

Fixes #949

When the Apache instance configured by this module is not dealing with
user requests directly because there's another proxy in front, it's
undesirable that the "local" Apache resets headers like
X-Forwarded-Host. When it does, it could happen that links created
using Rails _url helpers do not contain the Host initially sent by the
client leading to broken links (as they point to backend nodes not
reachable by the user).

This patch makes this setting customisable by the administrator by
exposing it a parameter.

Fixes #952

Finally there's a released version of beaker-hiera that includes the
fixes needed. voxpupuli-acceptance now includes this integration as well
as some other changes we had locally. This leads to a smaller helper.

The breaking changes do not affect this module.

Forcing the locale in acceptance tests isn't pretty but for now it's a
valid workaround. Note that the candlepin DB is already forced to
en_US.UTF-8 but this affects initdb. We may see similar problems in
production, but in general LANG should be matching a system locale.

As part of CVE-2021-3584 the option email_sendmail_location was limited
to just 4 choices. This allows admins to set it via settings.yaml. The
idea is that if you can edit settings.yaml, you're already compromised
while UI could be less protected.

When a setting is present in settings.yaml, the option becomes read-only
in the UI.

If the options are not set, they don't show up in settings.yaml.

…certificate contains puppet path

With this it's sufficient to include foreman::providers where prior to
this the caller was responsible for ensuring the correct dependency.

This results in the same content on disk and removes the need for a
template. This gives more guarantees that it's correct.

Since 0dc29a3 this file is unused and
should have been removed.

Fixes: 0dc29a3

Apache is packaged in different locations between Red Hat and Debian.
The user differs (apache vs www-data) and conf dir (/etc/httpd vs
/etc/apache2). This changes the code to use variables already defined on
the apache module to avoid duplicating this logic.

As a Preparation for making this Module "Sensitive"-aware, we prefer
to use EPP instead of ERB in such Situations, where "Sensitive" could
come into Play, as EPP is able to handle Data of Type Sensitive
natively.

…nfigurable

ipa-getkeytab can figure out the default server on its own[1]. There is no
need to specify it and can even break things. For example, DNS can be
used to detect servers. Then the fact is empty and it fails while the
command would actually pass.

The foreman_ipa fact is removed since it's a major version bump anyway
and nothing else should use our foreman_ipa fact.

[1] #880 (comment)

This matches what the RPM and Debian packages already do so it should
have no effect in reality, but it does align the two.

In dcb8a70 the shell was changed from
/sbin/nologin to /bin/false since on Debian it is /usr/sbin/nologin.

Technically we can now always use /usr/sbin/nologin since on EL7
/sbin is a symlink to /usr/sbin, but that doesn't match packaging.
Aligning this to packaging means there's one step that no longer needs
to happen during installation.

The parameter is not exposed in init.pp since most users won't care
about this (in the past 6 years no PR has been submitted to do so).

Currently we're using your module to install and configure Foreman.
We want to install Foreman in its own filesystem, but the file resource for
$foreman::app_root makes it hard to implement this in puppet - it will always
result in duplicate resource.  Furthermore I'm not sure, if this resource is
necessary or placed in the right class (ordering, first install the package and
then create the directory?!).

Testing if this directory is already defined gives other the chance to do some
stuff, e.g. creating a filesystem before installing foreman :)

These parameters are not commonly changed. Moving them to globals makes
the list of parameters in init.pp shorter and easier to manage. This
is of particular benefit in the installer while it shouldn't hinder
users of the module in a pure Puppet environment too much.

This can be tested with native methods. The only difference is that now
we need to test for comments and whitespace too, but this is not a bad
thing.