23 changes: 23 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,28 @@
# Changelog

## [25.0.0](https://github.com/theforeman/puppet-foreman/tree/25.0.0) (2024-05-16)

[Full Changelog](https://github.com/theforeman/puppet-foreman/compare/24.2.0...25.0.0)

**Breaking changes:**

- Fixes [\#33974](https://projects.theforeman.org/issues/33974) - Change the pool size to threads + 4 [\#1161](https://github.com/theforeman/puppet-foreman/pull/1161) ([ShimShtein](https://github.com/ShimShtein))
- Refs [\#37296](https://projects.theforeman.org/issues/37296) - Drop foreman-hooks [\#1159](https://github.com/theforeman/puppet-foreman/pull/1159) ([adamruzicka](https://github.com/adamruzicka))
- Refs [\#37212](https://projects.theforeman.org/issues/37212) - Drop foreman\_setup plugin support [\#1155](https://github.com/theforeman/puppet-foreman/pull/1155) ([ekohl](https://github.com/ekohl))

**Implemented enhancements:**

- Allow puppet/redis 11.x [\#1163](https://github.com/theforeman/puppet-foreman/pull/1163) ([evgeni](https://github.com/evgeni))
- Allow puppet/systemd 7.x [\#1162](https://github.com/theforeman/puppet-foreman/pull/1162) ([gcoxmoz](https://github.com/gcoxmoz))
- Fixes [\#35832](https://projects.theforeman.org/issues/35832) - set default\_domain\_suffix in sssd.conf [\#1160](https://github.com/theforeman/puppet-foreman/pull/1160) ([adamruzicka](https://github.com/adamruzicka))
- Add support for Debian 12 [\#1158](https://github.com/theforeman/puppet-foreman/pull/1158) ([evgeni](https://github.com/evgeni))
- Allow puppetlabs/apache 12.x [\#1157](https://github.com/theforeman/puppet-foreman/pull/1157) ([evgeni](https://github.com/evgeni))
- Add support for Ubuntu 22.04 [\#1156](https://github.com/theforeman/puppet-foreman/pull/1156) ([evgeni](https://github.com/evgeni))

**Fixed bugs:**

- Fixes [\#37211](https://projects.theforeman.org/issues/37211) - Add ProxyPass for /images to support avatars [\#1154](https://github.com/theforeman/puppet-foreman/pull/1154) ([dgoetz](https://github.com/dgoetz))

## [24.2.0](https://github.com/theforeman/puppet-foreman/tree/24.2.0) (2024-02-19)

[Full Changelog](https://github.com/theforeman/puppet-foreman/compare/24.1.0...24.2.0)
Expand Down
30 changes: 22 additions & 8 deletions manifests/config.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -68,7 +68,15 @@
'database' => $foreman::db_database,
'username' => $foreman::db_username,
'password' => $foreman::db_password,
'db_pool' => max($foreman::db_pool, $foreman::foreman_service_puma_threads_max),
# Set the pool size to at least the amount of puma threads + 4 threads that are spawned automatically by the process.
# db_pool is optional, and undef means "use default" and the second part of the max statement will be set.
# The number 4 is for 4 threads that are spawned internally during the execution:
# 1. Katello event daemon listener
# 2. Katello event monitor poller
# 3. Stomp listener (required by Katello)
# 4. Puma server listener thread
# This means for systems without Katello we can reduce the amount of the pool to puma_threads_max + 1
'db_pool' => pick($foreman::db_pool, $foreman::foreman_service_puma_threads_max + 4),
}

file { '/etc/foreman/database.yml':
Expand Down Expand Up @@ -238,16 +246,22 @@
$sssd_ldap_user_extra_attrs = join(unique(pick($sssd['ldap_user_extra_attrs'], []) + ['email:mail', 'lastname:sn', 'firstname:givenname']), ', ')
$sssd_allowed_uids = join(unique(pick($sssd['allowed_uids'], []) + [$apache::user, 'root']), ', ')
$sssd_user_attributes = join(unique(pick($sssd['user_attributes'], []) + ['+email', '+firstname', '+lastname']), ', ')
$sssd_ifp_extra_attributes = [
"set target[.=~regexp('domain/.*')]/ldap_user_extra_attrs '${sssd_ldap_user_extra_attrs}'",
"set target[.='sssd']/services '${sssd_services}'",
'set target[.=\'ifp\'] \'ifp\'',
"set target[.='ifp']/allowed_uids '${sssd_allowed_uids}'",
"set target[.='ifp']/user_attributes '${sssd_user_attributes}'",
]

$sssd_changes = $sssd_ifp_extra_attributes + ($foreman::ipa_sssd_default_realm ? {
undef => [],
default => ["set target[.='sssd']/default_domain_suffix '${$foreman::ipa_sssd_default_realm}'"],
})

augeas { 'sssd-ifp-extra-attributes':
context => '/files/etc/sssd/sssd.conf',
changes => [
"set target[.=~regexp('domain/.*')]/ldap_user_extra_attrs '${sssd_ldap_user_extra_attrs}'",
"set target[.='sssd']/services '${sssd_services}'",
'set target[.=\'ifp\'] \'ifp\'',
"set target[.='ifp']/allowed_uids '${sssd_allowed_uids}'",
"set target[.='ifp']/user_attributes '${sssd_user_attributes}'",
],
changes => $sssd_changes,
notify => Service['sssd'],
}
}
Expand Down
2 changes: 1 addition & 1 deletion manifests/config/apache.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -99,7 +99,7 @@
Pattern['^(https?|unix)://'] $proxy_backend = 'unix:///run/foreman.sock',
Boolean $proxy_add_headers = true,
Hash $proxy_params = { 'retry' => '0' },
Array[String] $proxy_no_proxy_uris = ['/pulp', '/pub', '/icons', '/server-status'],
Array[String] $proxy_no_proxy_uris = ['/pulp', '/pub', '/icons', '/images', '/server-status'],
Boolean $proxy_assets = false,
Boolean $ssl = false,
Optional[Stdlib::Absolutepath] $ssl_ca = undef,
Expand Down
10 changes: 7 additions & 3 deletions manifests/init.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -84,8 +84,8 @@
#
# $db_root_cert:: Root cert used to verify SSL connection to postgres
#
# $db_pool:: Database 'production' size of connection pool. When running as a reverse proxy,
# the value of `$foreman_service_puma_threads_max` is used if it's higher than `$db_pool`.
# $db_pool:: Database 'production' size of connection pool. If the value is not set, it will be
# set by default to the amount of puma threads + 4 (for internal system threads)
#
# $db_manage_rake:: if enabled, will run rake jobs, which depend on the database
#
Expand Down Expand Up @@ -132,6 +132,9 @@
# $ipa_manage_sssd:: If ipa_authentication is true, should the installer manage SSSD? You can disable it
# if you use another module for SSSD configuration
#
# $ipa_sssd_default_realm:: If ipa_manage_sssd is true, set default_domain_suffix option in sssd configuration to this value
# to allow logging in without having to provide the domain name.
#
# $websockets_encrypt:: Whether to encrypt websocket connections
#
# $websockets_ssl_key:: SSL key file to use when encrypting websocket connections
Expand Down Expand Up @@ -226,7 +229,7 @@
String[1] $db_password = $foreman::params::db_password,
Optional[String[1]] $db_sslmode = undef,
Optional[String[1]] $db_root_cert = undef,
Integer[0] $db_pool = 5,
Optional[Integer[0]] $db_pool = undef,
Boolean $db_manage_rake = true,
Stdlib::Port $server_port = 80,
Stdlib::Port $server_ssl_port = 443,
Expand Down Expand Up @@ -260,6 +263,7 @@
Boolean $gssapi_local_name = true,
String $pam_service = 'foreman',
Boolean $ipa_manage_sssd = true,
Optional[String] $ipa_sssd_default_realm = undef,
Boolean $websockets_encrypt = true,
Optional[Stdlib::Absolutepath] $websockets_ssl_key = undef,
Optional[Stdlib::Absolutepath] $websockets_ssl_cert = undef,
Expand Down
5 changes: 0 additions & 5 deletions manifests/plugin/hooks.pp
View file

This file was deleted.

5 changes: 0 additions & 5 deletions manifests/plugin/setup.pp
View file

This file was deleted.

14 changes: 8 additions & 6 deletions metadata.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "theforeman-foreman",
"version": "24.2.0",
"version": "25.0.0",
"author": "theforeman",
"summary": "Foreman server configuration",
"license": "GPL-3.0+",
Expand All @@ -14,11 +14,11 @@
"dependencies": [
{
"name": "puppet/systemd",
"version_requirement": ">= 3.1.0 < 7.0.0"
"version_requirement": ">= 3.1.0 < 8.0.0"
},
{
"name": "puppetlabs/apache",
"version_requirement": ">= 8.0.0 < 12.0.0"
"version_requirement": ">= 8.0.0 < 13.0.0"
},
{
"name": "puppetlabs/apt",
Expand All @@ -42,7 +42,7 @@
},
{
"name": "puppet/redis",
"version_requirement": ">= 5.0.0 < 11.0.0"
"version_requirement": ">= 5.0.0 < 12.0.0"
}
],
"requirements": [
Expand All @@ -69,13 +69,15 @@
{
"operatingsystem": "Debian",
"operatingsystemrelease": [
"11"
"11",
"12"
]
},
{
"operatingsystem": "Ubuntu",
"operatingsystemrelease": [
"20.04"
"20.04",
"22.04"
]
}
]
Expand Down
6 changes: 3 additions & 3 deletions spec/classes/foreman_config_apache_spec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -63,7 +63,7 @@
'unset REMOTE_USER_GROUPS'
])
.with_proxy_pass(
"no_proxy_uris" => ['/pulp', '/pub', '/icons', '/server-status', '/webpack', '/assets'],
"no_proxy_uris" => ['/pulp', '/pub', '/icons', '/images', '/server-status', '/webpack', '/assets'],
"path" => '/',
"url" => 'unix:///run/foreman.sock|http://foreman/',
"params" => { "retry" => '0' },
Expand Down Expand Up @@ -136,7 +136,7 @@ class { 'apache':

it { should contain_apache__vhost('foreman')
.with_proxy_pass(
"no_proxy_uris" => ['/pulp', '/pub', '/icons', '/server-status'],
"no_proxy_uris" => ['/pulp', '/pub', '/icons', '/images', '/server-status'],
"path" => '/',
"url" => 'unix:///run/foreman.sock|http://foreman/',
"params" => { "retry" => '0' },
Expand Down Expand Up @@ -200,7 +200,7 @@ class { 'apache':
])
.with_ssl_proxyengine(true)
.with_proxy_pass(
"no_proxy_uris" => ['/pulp', '/pub', '/icons', '/server-status', '/webpack', '/assets'],
"no_proxy_uris" => ['/pulp', '/pub', '/icons', '/images', '/server-status', '/webpack', '/assets'],
"path" => '/',
"url" => 'unix:///run/foreman.sock|http://foreman/',
"params" => { "retry" => '0' },
Expand Down
2 changes: 1 addition & 1 deletion spec/classes/foreman_spec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -199,7 +199,7 @@
db_username: 'foreman',
db_password: 'secret',
db_sslmode: 'prefer',
db_pool: 5,
db_pool: 9,
db_manage_rake: true,
server_port: 80,
server_ssl_port: 443,
Expand Down
5 changes: 0 additions & 5 deletions spec/classes/plugin/hooks_spec.rb
View file

This file was deleted.

5 changes: 0 additions & 5 deletions spec/classes/plugin/setup_spec.rb
View file

This file was deleted.