CHANGELOG.md

@@ -1,5 +1,24 @@
 # Changelog
 
+## [18.0.0](https://github.com/theforeman/puppet-foreman_proxy/tree/18.0.0) (2021-04-27)
+
+[Full Changelog](https://github.com/theforeman/puppet-foreman_proxy/compare/17.1.1...18.0.0)
+
+**Breaking changes:**
+
+-  Fixes [\#31893](https://projects.theforeman.org/issues/31893) - make theforeman.foreman.foreman default callback on RH [\#661](https://github.com/theforeman/puppet-foreman_proxy/pull/661) ([evgeni](https://github.com/evgeni))
+- Fixes [\#32235](https://projects.theforeman.org/issues/32235),\#19494 - Run Dynflow within smart-proxy on EL\* [\#655](https://github.com/theforeman/puppet-foreman_proxy/pull/655) ([adamruzicka](https://github.com/adamruzicka))
+- Update Pulp plugin to drop Pulp 2 [\#638](https://github.com/theforeman/puppet-foreman_proxy/pull/638) ([ehelms](https://github.com/ehelms))
+
+**Implemented enhancements:**
+
+- Refs [\#31893](https://projects.theforeman.org/issues/31893) - make ansible callback configurable [\#662](https://github.com/theforeman/puppet-foreman_proxy/pull/662) ([evgeni](https://github.com/evgeni))
+- Mark compatible with Foreman 17.x [\#658](https://github.com/theforeman/puppet-foreman_proxy/pull/658) ([ekohl](https://github.com/ekohl))
+- Remove Puppet version check [\#657](https://github.com/theforeman/puppet-foreman_proxy/pull/657) ([ekohl](https://github.com/ekohl))
+- Add smart\_proxy\_dns\_route53 plugin support [\#656](https://github.com/theforeman/puppet-foreman_proxy/pull/656) ([Nevermore24](https://github.com/Nevermore24))
+- Support Puppet 7 [\#652](https://github.com/theforeman/puppet-foreman_proxy/pull/652) ([ekohl](https://github.com/ekohl))
+- Add shellhooks plugin [\#651](https://github.com/theforeman/puppet-foreman_proxy/pull/651) ([adamruzicka](https://github.com/adamruzicka))
+
 ## [17.1.1](https://github.com/theforeman/puppet-foreman_proxy/tree/17.1.1) (2021-03-18)
 
 [Full Changelog](https://github.com/theforeman/puppet-foreman_proxy/compare/17.1.0...17.1.1)

README.md

@@ -12,7 +12,7 @@ Part of the Foreman installer: <https://github.com/theforeman/foreman-installer>
 
 | Module version | Proxy versions | Notes                                               |
 |----------------|----------------|-----------------------------------------------------|
-| 16.x - 17.x    | 2.3 and newer  | See compatibility notes in its README for 2.0-2.2   |
+| 16.x - 18.x    | 2.3 and newer  | See compatibility notes in its README for 2.0-2.2   |
 | 13.x - 15.x    | 2.0 - 2.2      |                                                     |
 | 12.x           | 1.19 - 1.24    | See compatibility notes in its README for 1.19-1.22 |
 | 11.x           | 1.19 - 1.23    | See compatibility notes in its README for 1.19-1.21 |
@@ -23,6 +23,7 @@ Part of the Foreman installer: <https://github.com/theforeman/foreman-installer>
 | 2.x            | 1.5 - 1.10     |                                                     |
 | 1.x            | 1.4 and older  |                                                     |
 
+18.x switched to running `smart_proxy_dynflow` as part of `foreman-proxy` service by default. On EL* distributions and Foreman < 2.5, `foreman_proxy::plugin::dynflow::external_core` needs to be explicitly set to `true`.
 16.x added support for Smart Proxy Registration feature, available in Smart Proxy 2.3 and newer.
 12.x has dropped support for Puppet 3 which was officially unsupported for a while and Foreman Proxy 1.23 dropped altogether.
 

manifests/params.pp

@@ -206,7 +206,7 @@
   $puppetca_certificate  = undef
 
   # The puppet-agent package, (puppet 4 AIO) doesn't create a puppet group
-  $manage_puppet_group = versioncmp($::puppetversion, '4.0') > 0
+  $manage_puppet_group = true
 
   # puppetrun settings
   $puppet = true

manifests/plugin/ansible.pp

@@ -30,6 +30,8 @@
 #
 # $manage_runner_repo:: If true, adds upstream repositories to install ansible-runner package from
 #
+# $callback:: The callback plugin to configure in ansible.cfg
+#
 class foreman_proxy::plugin::ansible (
   Boolean $enabled = $foreman_proxy::plugin::ansible::params::enabled,
   Foreman_proxy::ListenOn $listen_on = $foreman_proxy::plugin::ansible::params::listen_on,
@@ -41,6 +43,7 @@
   String $ssh_args = $foreman_proxy::plugin::ansible::params::ssh_args,
   Boolean $install_runner = $foreman_proxy::plugin::ansible::params::install_runner,
   Boolean $manage_runner_repo = $foreman_proxy::plugin::ansible::params::manage_runner_repo,
+  String $callback = $foreman_proxy::plugin::ansible::params::callback,
 ) inherits foreman_proxy::plugin::ansible::params {
   $foreman_url = $foreman_proxy::foreman_base_url
   $foreman_ssl_cert = pick($foreman_proxy::foreman_ssl_cert, $foreman_proxy::ssl_cert)

manifests/plugin/ansible/params.pp

@@ -13,4 +13,15 @@
   $ssh_args = '-o ProxyCommand=none -C -o ControlMaster=auto -o ControlPersist=60s'
   $install_runner = true
   $manage_runner_repo = true
+  case $facts['os']['family'] {
+    'RedHat': {
+      $callback = 'theforeman.foreman.foreman'
+    }
+    'Debian': {
+      $callback = 'foreman'
+    }
+    default: {
+      $callback = 'foreman'
+    }
+  }
 }

manifests/plugin/dns/route53.pp

@@ -0,0 +1,15 @@
+# @summary Install the Amazon Route53 DNS plugin for Foreman proxy
+#
+# @param aws_access_key
+#   The Access Key ID of the IAM account
+#
+# @param aws_secret_key
+#   The Secret Access Key of the IAM account
+#
+class foreman_proxy::plugin::dns::route53 (
+  String $aws_access_key,
+  String $aws_secret_key,
+) {
+  foreman_proxy::plugin::provider { 'dns_route53':
+  }
+}

manifests/plugin/dynflow.pp

@@ -35,7 +35,7 @@
   Optional[Array[String]] $ssl_disabled_ciphers = $foreman_proxy::plugin::dynflow::params::ssl_disabled_ciphers,
   Optional[Array[String]] $tls_disabled_versions = $foreman_proxy::plugin::dynflow::params::tls_disabled_versions,
   Integer[1] $open_file_limit = $foreman_proxy::plugin::dynflow::params::open_file_limit,
-  Optional[Boolean] $external_core = $foreman_proxy::plugin::dynflow::params::external_core,
+  Boolean $external_core = $foreman_proxy::plugin::dynflow::params::external_core,
 ) inherits foreman_proxy::plugin::dynflow::params {
   if $foreman_proxy::ssl {
     $core_url = "https://${facts['networking']['fqdn']}:${core_port}"
@@ -49,36 +49,40 @@
   }
 
   if $external_core {
-    foreman_proxy::plugin { 'dynflow_core':
-      notify  => Service['smart_proxy_dynflow_core'],
-    }
+    $service = 'smart_proxy_dynflow_core'
 
     file { '/etc/smart_proxy_dynflow_core/settings.yml':
       ensure  => file,
       content => template('foreman_proxy/plugin/dynflow_core.yml.erb'),
       require => Foreman_proxy::Plugin['dynflow_core'],
-      notify  => Service['smart_proxy_dynflow_core'],
+      notify  => Service[$service],
     }
 
     file { '/etc/smart_proxy_dynflow_core/settings.d':
       ensure  => link,
       target  => "${foreman_proxy::config_dir}/settings.d",
       require => Foreman_proxy::Plugin['dynflow_core'],
-      notify  => Service['smart_proxy_dynflow_core'],
+      notify  => Service[$service],
     }
+  } else {
+    $service = 'foreman-proxy'
+  }
 
-    systemd::service_limits { 'smart_proxy_dynflow_core.service':
-      limits          => {
-        'LimitNOFILE' => $open_file_limit,
-      },
-      restart_service => false,
-      require         => Foreman_proxy::Plugin['dynflow_core'],
-      notify          => Service['smart_proxy_dynflow_core'],
-    }
+  foreman_proxy::plugin { 'dynflow_core':
+    notify  => Service[$service],
+  }
 
-    service { 'smart_proxy_dynflow_core':
-      ensure => running,
-      enable => true,
-    }
+  systemd::service_limits { "${service}.service":
+    limits          => {
+      'LimitNOFILE' => $open_file_limit,
+    },
+    restart_service => false,
+    require         => Foreman_proxy::Plugin['dynflow_core'],
+    notify          => Service[$service],
+  }
+
+  service { 'smart_proxy_dynflow_core':
+    ensure => $external_core,
+    enable => $external_core,
   }
 }

manifests/plugin/dynflow/params.pp

@@ -11,8 +11,5 @@
   $ssl_disabled_ciphers  = undef
   $tls_disabled_versions = undef
   $open_file_limit       = 1000000
-  $external_core         = $facts['os']['family'] ? {
-    'RedHat' => true,
-    default  => undef
-  }
+  $external_core         = false
 }

manifests/plugin/pulp.pp

@@ -4,21 +4,11 @@
 #
 # === Advanced parameters:
 #
-# $enabled::            enables/disables the pulp plugin
-#
 # $listen_on::          proxy feature listens on http, https, or both
 #
 # $version::            plugin package version, it's passed to ensure parameter of package resource
 #                       can be set to specific version number, 'latest', 'present' etc.
 #
-# $pulp_url::           pulp url to use
-#
-# $pulp_dir::           directory for pulp
-#
-# $pulp_content_dir::   directory for pulp content
-#
-# $pulpnode_enabled::   enables/disables the pulpnode plugin
-#
 # $pulpcore_enabled::      enables/disables the pulpcore plugin
 #
 # $pulpcore_mirror::       Whether this pulpcore plugin acts as a mirror or another pulp node. A pulpcore mirror is the pulpcore equivalent of a pulpnode.
@@ -27,50 +17,28 @@
 #
 # $pulpcore_content_url::  The URL to the Pulp 3 content
 #
-# $puppet_content_dir:: Directory for puppet content. Automatically determined if empty.
-#
-# $mongodb_dir::        directory for Mongo DB
-#
 class foreman_proxy::plugin::pulp (
-  Boolean $enabled = $foreman_proxy::plugin::pulp::params::enabled,
-  Foreman_proxy::ListenOn $listen_on = $foreman_proxy::plugin::pulp::params::listen_on,
-  Boolean $pulpnode_enabled = $foreman_proxy::plugin::pulp::params::pulpnode_enabled,
-  Boolean $pulpcore_enabled = $foreman_proxy::plugin::pulp::params::pulpcore_enabled,
+  Foreman_proxy::ListenOn $listen_on = 'https',
+  Boolean $pulpcore_enabled = true,
+  Boolean $pulpcore_mirror = false,
   Stdlib::HTTPUrl $pulpcore_api_url = $foreman_proxy::plugin::pulp::params::pulpcore_api_url,
   Stdlib::HTTPUrl $pulpcore_content_url = $foreman_proxy::plugin::pulp::params::pulpcore_content_url,
-  Boolean $pulpcore_mirror = $foreman_proxy::plugin::pulp::params::pulpcore_mirror,
-  Optional[String] $version = $foreman_proxy::plugin::pulp::params::version,
-  Stdlib::HTTPUrl $pulp_url = $foreman_proxy::plugin::pulp::params::pulp_url,
-  Stdlib::Absolutepath $pulp_dir = $foreman_proxy::plugin::pulp::params::pulp_dir,
-  Stdlib::Absolutepath $pulp_content_dir = $foreman_proxy::plugin::pulp::params::pulp_content_dir,
-  Optional[Stdlib::Absolutepath] $puppet_content_dir = $foreman_proxy::plugin::pulp::params::puppet_content_dir,
-  Stdlib::Absolutepath $mongodb_dir = $foreman_proxy::plugin::pulp::params::mongodb_dir,
+  Optional[String] $version = undef,
 ) inherits foreman_proxy::plugin::pulp::params {
-  $real_puppet_content_dir = pick($puppet_content_dir, lookup('puppet::server_envs_dir') |$key| { undef }, $facts['puppet_environmentpath'], "${foreman_proxy::puppetcodedir}/environments")
 
   foreman_proxy::plugin {'pulp':
     version => $version,
   }
   -> [
-    foreman_proxy::module { 'pulp':
-      template_path => 'foreman_proxy/plugin/pulp.yml.erb',
-      enabled       => $enabled,
-      feature       => 'Pulp',
-      listen_on     => $listen_on,
-    },
-    foreman_proxy::module { 'pulpnode':
-      template_path => 'foreman_proxy/plugin/pulpnode.yml.erb',
-      enabled       => $pulpnode_enabled,
-      feature       => 'Pulp Node',
-      listen_on     => $listen_on,
-    },
     foreman_proxy::module { 'pulpcore':
       template_path => 'foreman_proxy/plugin/pulpcore.yml.erb',
       enabled       => $pulpcore_enabled,
       feature       => 'Pulpcore',
       listen_on     => $listen_on,
     },
-    foreman_proxy::settings_file { 'pulp3': # file removed in rubygem-smart_proxy_pulp 2.0
+    # pulp3: removed in rubygem-smart_proxy_pulp 2.0
+    # pulp/pulpnode: removed in rubygem-smart_proxy_pulp 3.0
+    foreman_proxy::settings_file { ['pulp3', 'pulp', 'pulpnode']:
       ensure        => absent,
     },
   ]

manifests/plugin/pulp/params.pp

@@ -1,17 +1,6 @@
 # Default parameters for the Pulp smart proxy plugin
 # @api private
 class foreman_proxy::plugin::pulp::params {
-  $enabled              = true
-  $listen_on            = 'https'
-  $version              = undef
-  $pulpnode_enabled     = false
-  $pulpcore_enabled     = false
-  $pulpcore_mirror      = false
-  $pulp_url             = "https://${facts['networking']['fqdn']}/pulp"
   $pulpcore_api_url     = "https://${facts['networking']['fqdn']}"
-  $pulpcore_content_url = "${pulp_url}/content"
-  $pulp_dir             = '/var/lib/pulp'
-  $pulp_content_dir     = '/var/lib/pulp/content'
-  $puppet_content_dir   = undef
-  $mongodb_dir          = '/var/lib/mongodb'
+  $pulpcore_content_url = "${pulpcore_api_url}/pulp/content"
 }

manifests/plugin/shellhooks.pp

@@ -0,0 +1,30 @@
+# = Foreman Proxy Shellhooks plugin
+#
+# This class installs the Shellhooks plugin
+#
+# === Parameters:
+#
+# $directory::                Absolute path to directory with executables
+#
+# === Advanced parameters:
+#
+# $enabled::                  enables/disables the shellhooks plugin
+#
+# $listen_on::                proxy feature listens on http, https, or both
+#
+# $version::                  plugin package version, it's passed to ensure parameter of package resource
+#                             can be set to specific version number, 'latest', 'present' etc.
+#
+class foreman_proxy::plugin::shellhooks (
+  Optional[String] $version = undef,
+  Boolean $enabled = true,
+  Stdlib::Absolutepath $directory = '/var/lib/foreman-proxy/shellhooks',
+  Foreman_proxy::ListenOn $listen_on = 'https',
+) {
+  foreman_proxy::plugin::module { 'shellhooks':
+    enabled   => $enabled,
+    feature   => 'Shellhooks',
+    listen_on => $listen_on,
+    version   => $version,
+  }
+}

metadata.json

@@ -1,6 +1,6 @@
 {
   "name": "theforeman-foreman_proxy",
-  "version": "17.1.1",
+  "version": "18.0.0",
   "author": "theforeman",
   "summary": "Foreman Smart Proxy configuration",
   "license": "GPL-3.0+",
@@ -28,7 +28,7 @@
     },
     {
       "name": "theforeman/foreman",
-      "version_requirement": ">= 10.0.0 < 17.0.0"
+      "version_requirement": ">= 10.0.0 < 18.0.0"
     },
     {
       "name": "theforeman/puppet",
@@ -54,7 +54,7 @@
   "requirements": [
     {
       "name": "puppet",
-      "version_requirement": ">= 5.5.8 < 7.0.0"
+      "version_requirement": ">= 5.5.8 < 8.0.0"
     }
   ],
   "operatingsystem_support": [

spec/acceptance/dynflow_spec.rb

@@ -7,23 +7,12 @@
 
   it_behaves_like 'the default foreman proxy application'
 
-  if os[:family] =~ /redhat|fedora/
-    describe service('smart_proxy_dynflow_core') do
-      it { is_expected.to be_enabled }
-      it { is_expected.to be_running }
-    end
-
-    describe port(8008) do
-      it { is_expected.to be_listening }
-    end
-  else
-    describe service('smart_proxy_dynflow_core') do
-      it { is_expected.not_to be_enabled }
-      it { is_expected.not_to be_running }
-    end
+  describe service('smart_proxy_dynflow_core') do
+    it { is_expected.not_to be_enabled }
+    it { is_expected.not_to be_running }
+  end
 
-    describe port(8008) do
-      it { is_expected.not_to be_listening }
-    end
+  describe port(8008) do
+    it { is_expected.not_to be_listening }
   end
 end

spec/classes/foreman_proxy__plugin__ansible_spec.rb

@@ -42,9 +42,10 @@
         end
 
         it 'should configure ansible.cfg' do
+          callback = facts[:os]['family'] == 'RedHat' ? 'theforeman.foreman.foreman' : 'foreman'
           verify_exact_contents(catalogue, '/etc/foreman-proxy/ansible.cfg', [
             '[defaults]',
-            'callback_whitelist = foreman',
+            "callback_whitelist = #{callback}",
             'local_tmp = /tmp',
             'host_key_checking = False',
             'stdout_callback = yaml',
@@ -90,9 +91,10 @@
         end
 
         it 'should configure ansible.cfg' do
+          callback = facts[:os]['family'] == 'RedHat' ? 'theforeman.foreman.foreman' : 'foreman'
           verify_exact_contents(catalogue, '/etc/foreman-proxy/ansible.cfg', [
             '[defaults]',
-            'callback_whitelist = foreman',
+            "callback_whitelist = #{callback}",
             'local_tmp = /tmp/ansible',
             'host_key_checking = True',
             'stdout_callback = debug',