Skip to content

Commit

Permalink
fixes #8990 - deprecate port and separate http and https settings
Browse files Browse the repository at this point in the history
  • Loading branch information
@stbenjam
stbenjam committed Jan 26, 2015
1 parent 33054bc commit 49435dc
Show file tree
Hide file tree
Showing 24 changed files with 341 additions and 88 deletions.
27 changes: 27 additions & 0 deletions lib/puppet/parser/functions/validate_listen_on.rb
View file
@@ -0,0 +1,27 @@
module Puppet::Parser::Functions
newfunction(:validate_listen_on, :doc => <<-'EOF'
Validate whether a Foreman Smart Proxy feature is configured for http, https or both
EOF
) do |args|

valid_values = ['http', 'https', 'both']

unless args.length > 0 then
raise Puppet::ParseError, ("validate_listen_on(): wrong number of arguments (#{args.length}; must be > 0)")
end

args.each do |arg|
candidates = args

unless arg.is_a?(Array) then
candidates = Array.new(1,arg)
end

candidates.each do |value|
unless valid_values.include? value
raise Puppet::ParseError, ("#{value.inspect} is not a valid value. Valid values are: #{valid_values.map(&:to_s).uniq.join(", ")}")
end
end
end
end
end
16 changes: 12 additions & 4 deletions manifests/config.pp
View file
Expand Up @@ -8,8 +8,8 @@
Class['puppet::server::config'] ~> Class['foreman_proxy::service']
}

if $foreman_proxy::puppetca { include foreman_proxy::puppetca }
if $foreman_proxy::tftp { include foreman_proxy::tftp }
if $foreman_proxy::puppetca { include foreman_proxy::puppetca }
if $foreman_proxy::tftp { include foreman_proxy::tftp }

# Somehow, calling these DHCP and DNS seems to conflict. So, they get a prefix...
if $foreman_proxy::dhcp and $foreman_proxy::dhcp_managed { include foreman_proxy::proxydhcp }
Expand All @@ -32,11 +32,19 @@
notify => Class['foreman_proxy::service'],
}

foreman_proxy::settings_file { 'settings': path => '/etc/foreman-proxy/settings.yml' }
foreman_proxy::settings_file { 'settings':
path => '/etc/foreman-proxy/settings.yml',
module => false,
}

foreman_proxy::settings_file { 'puppet':
enabled => $::foreman_proxy::puppetrun,
listen_on => $::foreman_proxy::puppetrun_listen_on,
}

foreman_proxy::settings_file { 'bmc': }
foreman_proxy::settings_file { 'dhcp': }
foreman_proxy::settings_file { 'dns': }
foreman_proxy::settings_file { 'puppet': }
foreman_proxy::settings_file { 'puppetca': }
foreman_proxy::settings_file { 'tftp': }
foreman_proxy::settings_file { 'realm': }
Expand Down
81 changes: 69 additions & 12 deletions manifests/init.pp
View file
Expand Up @@ -18,7 +18,19 @@
# $plugin_version:: foreman plugins version, it's passed to ensure parameter of plugins package resource
# can be set to 'latest', 'present', 'installed', 'absent'.
#
# $port:: Port on which will foreman proxy listen
# $port:: Port to listen on (deprecated in favor of $ssl_port and $http_port)
# type:integer
#
# $http:: Enable HTTP
# type:boolean
#
# $http_port:: HTTP port to listen on (if http is enabled)
# type:integer
#
# $ssl:: Enable SSL, ensure feature is added with "https://" protocol if true
# type:boolean
#
# $ssl_port:: HTTPS port to listen on (if ssl is enabled)
# type:integer
#
# $dir:: Foreman proxy install directory
Expand All @@ -29,9 +41,6 @@
#
# $log_level:: Foreman proxy log level, e.g. INFO, DEBUG, FATAL etc.
#
# $ssl:: Enable SSL, ensure proxy is added with "https://" protocol if true
# type:boolean
#
# $ssl_ca:: SSL CA to validate the client certificates used to access the proxy
#
# $ssl_cert:: SSL certificate to be used to run the foreman proxy via https.
Expand All @@ -57,9 +66,11 @@
# $use_sudoersd:: Add a file to /etc/sudoers.d (true) or uses augeas (false)
# type:boolean
#
# $puppetca:: Use Puppet CA
# $puppetca:: Enable Puppet CA feature
# type:boolean
#
# $puppetca_listen_on:: Puppet CA feature to listen on https, http, or both
#
# $ssldir:: Puppet CA ssl directory
#
# $puppetdir:: Puppet var directory
Expand All @@ -70,9 +81,11 @@
#
# $puppet_group:: Groups of Foreman proxy user
#
# $puppetrun:: Enable puppet run/kick management
# $puppetrun:: Enable puppet run/kick feature
# type:boolean
#
# $puppetrun_listen_on:: Puppet run proxy to listen on https, http, or both
#
# $puppetrun_provider:: Set puppet_provider to handle puppet run/kick via mcollective
#
# $puppetrun_cmd:: Puppet run/kick command to be allowed in sudoers
Expand Down Expand Up @@ -108,14 +121,18 @@
# try to determine this automatically.
# type:boolean
#
# $templates:: Enable templates proxying feature
# $templates:: Enable templates feature
# type:boolean
#
# $templates_listen_on:: Templates proxy to listen on https, http, or both
#
# $template_url:: URL a client should use for provisioning templates
#
# $tftp:: Use TFTP
# $tftp:: Enable TFTP feature
# type:boolean
#
# $tftp_listen_on:: TFTP proxy to listen on https, http, or both
#
# $tftp_syslinux_root:: Directory that hold syslinux files
#
# $tftp_syslinux_files:: Syslinux files to install on TFTP (copied from $tftp_syslinux_root)
Expand All @@ -128,9 +145,11 @@
#
# $tftp_servername:: Defines the TFTP Servername to use, overrides the name in the subnet declaration
#
# $dhcp:: Use DHCP
# $dhcp:: Enable DHCP feature
# type:boolean
#
# $dhcp_listen_on:: DHCP proxy to listen on https, http, or both
#
# $dhcp_managed:: DHCP is managed by Foreman proxy
# type:boolean
#
Expand All @@ -152,9 +171,11 @@
#
# $dhcp_key_secret:: DHCP password
#
# $dns:: Use DNS
# $dns:: Enable DNS feature
# type:boolean
#
# $dns_listen_on:: DNS proxy to listen on https, http, or both
#
# $dns_managed:: DNS is managed by Foreman proxy
# type:boolean
#
Expand All @@ -179,16 +200,20 @@
#
# $virsh_network:: Network for virsh DNS/DHCP provider
#
# $bmc:: Use BMC
# $bmc:: Enable BMC feature
# type:boolean
#
# $bmc_listen_on:: BMC proxy to listen on https, http, or both
#
# $bmc_default_provider:: BMC default provider.
#
# $keyfile:: DNS server keyfile path
#
# $realm:: Use realm management
# $realm:: Enable realm management feature
# type:boolean
#
# $realm_listen_on:: Realm proxy to listen on https, http, or both
#
# $realm_provider:: Realm management provider
#
# $realm_keytab:: Kerberos keytab path to authenticate realm updates
Expand Down Expand Up @@ -220,10 +245,13 @@
$version = $foreman_proxy::params::version,
$plugin_version = $foreman_proxy::params::plugin_version,
$port = $foreman_proxy::params::port,
$http_port = $foreman_proxy::params::http_port,
$ssl_port = $foreman_proxy::params::ssl_port,
$dir = $foreman_proxy::params::dir,
$user = $foreman_proxy::params::user,
$log = $foreman_proxy::params::log,
$log_level = $foreman_proxy::params::log_level,
$http = $foreman_proxy::params::http,
$ssl = $foreman_proxy::params::ssl,
$ssl_ca = $foreman_proxy::params::ssl_ca,
$ssl_cert = $foreman_proxy::params::ssl_cert,
Expand All @@ -235,12 +263,14 @@
$manage_sudoersd = $foreman_proxy::params::manage_sudoersd,
$use_sudoersd = $foreman_proxy::params::use_sudoersd,
$puppetca = $foreman_proxy::params::puppetca,
$puppetca_listen_on = $foreman_proxy::params::puppetca_listen_on,
$ssldir = $foreman_proxy::params::ssldir,
$puppetdir = $foreman_proxy::params::puppetdir,
$autosign_location = $foreman_proxy::params::autosign_location,
$puppetca_cmd = $foreman_proxy::params::puppetca_cmd,
$puppet_group = $foreman_proxy::params::puppet_group,
$puppetrun = $foreman_proxy::params::puppetrun,
$puppetrun_listen_on = $foreman_proxy::params::puppetrun_listen_on,
$puppetrun_cmd = $foreman_proxy::params::puppetrun_cmd,
$puppetrun_provider = $foreman_proxy::params::puppetrun_provider,
$customrun_cmd = $foreman_proxy::params::customrun_cmd,
Expand All @@ -257,14 +287,17 @@
$puppet_ssl_key = $foreman_proxy::params::ssl_key,
$puppet_use_environment_api = $foreman_proxy::params::puppet_use_environment_api,
$templates = $foreman_proxy::params::templates,
$templates_listen_on = $foreman_proxy::params::templates_listen_on,
$template_url = $foreman_proxy::params::template_url,
$tftp = $foreman_proxy::params::tftp,
$tftp_listen_on = $foreman_proxy::params::tftp_listen_on,
$tftp_syslinux_root = $foreman_proxy::params::tftp_syslinux_root,
$tftp_syslinux_files = $foreman_proxy::params::tftp_syslinux_files,
$tftp_root = $foreman_proxy::params::tftp_root,
$tftp_dirs = $foreman_proxy::params::tftp_dirs,
$tftp_servername = $foreman_proxy::params::tftp_servername,
$dhcp = $foreman_proxy::params::dhcp,
$dhcp_listen_on = $foreman_proxy::params::dhcp_listen_on,
$dhcp_managed = $foreman_proxy::params::dhcp_managed,
$dhcp_interface = $foreman_proxy::params::dhcp_interface,
$dhcp_gateway = $foreman_proxy::params::dhcp_gateway,
Expand All @@ -276,6 +309,7 @@
$dhcp_key_name = $foreman_proxy::params::dhcp_key_name,
$dhcp_key_secret = $foreman_proxy::params::dhcp_key_secret,
$dns = $foreman_proxy::params::dns,
$dns_listen_on = $foreman_proxy::params::dns_listen_on,
$dns_managed = $foreman_proxy::params::dns_managed,
$dns_provider = $foreman_proxy::params::dns_provider,
$dns_interface = $foreman_proxy::params::dns_interface,
Expand All @@ -288,8 +322,10 @@
$dns_forwarders = $foreman_proxy::params::dns_forwarders,
$virsh_network = $foreman_proxy::params::virsh_network,
$bmc = $foreman_proxy::params::bmc,
$bmc_listen_on = $foreman_proxy::params::bmc_listen_on,
$bmc_default_provider = $foreman_proxy::params::bmc_default_provider,
$realm = $foreman_proxy::params::realm,
$realm_listen_on = $foreman_proxy::params::realm_listen_on,
$realm_provider = $foreman_proxy::params::realm_provider,
$realm_keytab = $foreman_proxy::params::realm_keytab,
$realm_principal = $foreman_proxy::params::realm_principal,
Expand All @@ -304,38 +340,59 @@
$oauth_consumer_secret = $foreman_proxy::params::oauth_consumer_secret
) inherits foreman_proxy::params {

# Port is deprecated
if $port {
warning("${::hostname}: foreman_proxy::port is deprecated; please use http_port or ssl_port instead")
$real_ssl = $ssl
$real_http = !$ssl
$real_http_port = $port
$real_https_port = $port
} else {
$real_ssl = $ssl
$real_http = $http
$real_http_port = $http_port
$real_https_port = $ssl_port
}

# Validate misc params
validate_bool($ssl, $manage_sudoersd, $use_sudoersd, $register_in_foreman)
validate_array($trusted_hosts)
validate_re($log_level, '^(UNKNOWN|FATAL|ERROR|WARN|INFO|DEBUG)$')
validate_re($plugin_version, '^(installed|present|latest|absent)$')

# Validate puppet params
validate_listen_on($puppetca_listen_on, $puppetrun_listen_on)
validate_bool($puppetca, $puppetrun, $puppetssh_wait)
validate_string($ssldir, $puppetdir, $autosign_location, $puppetca_cmd, $puppetrun_cmd)
validate_string($puppet_url, $puppet_ssl_ca, $puppet_ssl_cert, $puppet_ssl_key)

# Validate template params
validate_bool($templates)
validate_listen_on($templates_listen_on)
validate_string($template_url)

# Validate tftp params
validate_bool($tftp)
validate_listen_on($tftp_listen_on)
validate_string($tftp_servername)

# Validate dhcp params
validate_bool($dhcp, $dhcp_managed)
validate_listen_on($dhcp_listen_on)

# Validate dns params
validate_listen_on($dns_listen_on)
validate_bool($dns)
validate_string($dns_interface, $dns_provider, $dns_reverse, $dns_server, $keyfile)
validate_array($dns_forwarders)

# Validate bmc params
validate_bool($bmc)
validate_listen_on($bmc_listen_on)
validate_re($bmc_default_provider, '^(freeipmi|ipmitool|shell)$')

# Validate realm params
validate_listen_on($realm_listen_on)
validate_bool($realm, $freeipa_remove_dns)
validate_string($realm_provider, $realm_principal)
validate_absolute_path($realm_keytab)
Expand Down

0 comments on commit 49435dc

Please sign in to comment.