.fixtures.yml

@@ -17,6 +17,7 @@ fixtures:
     systemd:  'https://github.com/camptocamp/puppet-systemd'
     tftp:     'https://github.com/theforeman/puppet-tftp'
     translate: 'https://github.com/puppetlabs/puppetlabs-translate'
+    postgresql: 'https://github.com/puppetlabs/puppetlabs-postgresql'
     xinetd:   'https://github.com/puppetlabs/puppetlabs-xinetd'
     yumrepo_core: "https://github.com/puppetlabs/puppetlabs-yumrepo_core"
     sshkeys_core: "https://github.com/puppetlabs/puppetlabs-sshkeys_core"

CHANGELOG.md

@@ -1,5 +1,23 @@
 # Changelog
 
+## [26.0.0](https://github.com/theforeman/puppet-foreman_proxy/tree/26.0.0) (2024-05-21)
+
+[Full Changelog](https://github.com/theforeman/puppet-foreman_proxy/compare/25.3.0...26.0.0)
+
+**Breaking changes:**
+
+- Fixes [\#37325](https://projects.theforeman.org/issues/37325) - make postgres the container gateway default DB [\#835](https://github.com/theforeman/puppet-foreman_proxy/pull/835) ([ianballou](https://github.com/ianballou))
+
+**Implemented enhancements:**
+
+- Mark compatible with theforeman/foreman 25.x [\#836](https://github.com/theforeman/puppet-foreman_proxy/pull/836) ([ekohl](https://github.com/ekohl))
+- Add support for Debian 12 [\#834](https://github.com/theforeman/puppet-foreman_proxy/pull/834) ([evgeni](https://github.com/evgeni))
+- Add support for Ubuntu 22.04 [\#832](https://github.com/theforeman/puppet-foreman_proxy/pull/832) ([evgeni](https://github.com/evgeni))
+
+**Fixed bugs:**
+
+- Move away from systemd::service\_limits [\#837](https://github.com/theforeman/puppet-foreman_proxy/pull/837) ([ekohl](https://github.com/ekohl))
+
 ## [25.3.0](https://github.com/theforeman/puppet-foreman_proxy/tree/25.3.0) (2024-02-19)
 
 [Full Changelog](https://github.com/theforeman/puppet-foreman_proxy/compare/25.2.0...25.3.0)

examples/salt.pp

@@ -0,0 +1,11 @@
+$baseurl = "https://repo.saltproject.io/salt/py3/redhat/${facts['os']['release']['major']}/\$basearch/latest"
+
+yumrepo { 'salt-repo':
+  descr   => "Salt repo for RHEL/CentOS ${facts['os']['release']['major']} PY3",
+  baseurl => $baseurl,
+  gpgkey  => "${baseurl}/SALT-PROJECT-GPG-PUBKEY-2023.pub",
+  before  => Class['foreman_proxy::plugin::salt'],
+}
+
+include foreman_proxy
+include foreman_proxy::plugin::salt

manifests/plugin/container_gateway.pp

@@ -4,6 +4,20 @@
 #
 # $pulp_endpoint::            Pulp 3 server endpoint
 #
+# $database_backend::         'sqlite' or 'postgres'
+#
+# $manage_postgresql::        If the PostgreSQL database should be managed
+#
+# $postgresql_host::          Host of the postgres database.
+#
+# $postgresql_port::          Port of the postgres database.
+#
+# $postgresql_database::      Name of the postgres database
+#
+# $postgresql_user::          User for the postgres database
+#
+# $postgresql_password::      User password for the postgres database
+#
 # $sqlite_db_path::           Absolute path for the SQLite DB file to exist at
 #
 # $sqlite_timeout::           Database busy timeout in milliseconds
@@ -22,13 +36,42 @@
   Boolean $enabled = true,
   Foreman_proxy::ListenOn $listen_on = 'https',
   Stdlib::HTTPUrl $pulp_endpoint = "https://${facts['networking']['fqdn']}",
+  Enum['postgres', 'sqlite'] $database_backend = 'postgres',
   Stdlib::Absolutepath $sqlite_db_path = '/var/lib/foreman-proxy/smart_proxy_container_gateway.db',
   Optional[Integer] $sqlite_timeout = undef,
+  Boolean $manage_postgresql = true,
+  Optional[Stdlib::Host] $postgresql_host = undef,
+  Optional[Stdlib::Port] $postgresql_port = undef,
+  String $postgresql_database = 'container_gateway',
+  Optional[String[1]] $postgresql_user = undef,
+  Optional[String] $postgresql_password = undef
 ) {
   foreman_proxy::plugin::module { 'container_gateway':
     version   => $version,
     enabled   => $enabled,
     feature   => 'Container_Gateway',
     listen_on => $listen_on,
   }
+
+  if $manage_postgresql and $database_backend == 'postgres' {
+    include postgresql::server
+    $_postgresql_user = pick($postgresql_user, $foreman_proxy::user)
+    if $postgresql_password {
+      postgresql::server::db { $postgresql_database:
+        user     => $_postgresql_user,
+        password => postgresql::postgresql_password(
+          $_postgresql_user,
+          $postgresql_password
+        ),
+        encoding => 'utf8',
+        locale   => 'C.utf8',
+      }
+    } else {
+      postgresql::server::db { $postgresql_database:
+        user     => $_postgresql_user,
+        encoding => 'utf8',
+        locale   => 'C.utf8',
+      }
+    }
+  }
 }

manifests/plugin/dynflow.pp

@@ -43,13 +43,14 @@
     version => absent,
   }
 
-  $service = 'foreman-proxy'
+  $service = 'foreman-proxy.service'
 
-  systemd::service_limits { "${service}.service":
-    limits          => {
+  systemd::manage_dropin { "${service}-90-limits.conf":
+    unit           => $service,
+    filename       => '90-limits.conf',
+    service_entry  => {
       'LimitNOFILE' => $open_file_limit,
     },
-    restart_service => false,
-    notify          => Service[$service],
+    notify_service => true,
   }
 }

metadata.json

@@ -1,6 +1,6 @@
 {
   "name": "theforeman-foreman_proxy",
-  "version": "25.3.0",
+  "version": "26.0.0",
   "author": "theforeman",
   "summary": "Foreman Smart Proxy configuration",
   "license": "GPL-3.0+",
@@ -28,7 +28,7 @@
     },
     {
       "name": "theforeman/foreman",
-      "version_requirement": ">= 19.0.0 < 25.0.0"
+      "version_requirement": ">= 19.0.0 < 26.0.0"
     },
     {
       "name": "theforeman/tftp",
@@ -75,13 +75,15 @@
     {
       "operatingsystem": "Debian",
       "operatingsystemrelease": [
-        "11"
+        "11",
+        "12"
       ]
     },
     {
       "operatingsystem": "Ubuntu",
       "operatingsystemrelease": [
-        "20.04"
+        "20.04",
+        "22.04"
       ]
     },
     {

spec/acceptance/container_gateway_spec.rb

@@ -6,4 +6,9 @@
   include_examples 'the example', 'container_gateway.pp'
 
   it_behaves_like 'the default foreman proxy application'
+
+  describe service("postgresql") do
+    it { is_expected.to be_enabled }
+    it { is_expected.to be_running }
+  end
 end

spec/acceptance/salt_spec.rb

@@ -0,0 +1,12 @@
+require 'spec_helper_acceptance'
+
+describe 'Scenario: install foreman-proxy with openscap plugin', if: ['redhat', 'centos'].include?(os[:family]) do
+  before(:context) { purge_foreman_proxy }
+
+  include_examples 'the example', 'salt.pp'
+
+  it_behaves_like 'the default foreman proxy application'
+
+  specify { expect(file('/etc/salt/master.d')).to be_directory }
+  specify { expect(file('/etc/salt/master.d/foreman.conf')).to be_file.and(have_attributes(owner: 'root', group: 'foreman-proxy')) }
+end

spec/classes/foreman_proxy__plugin__container_gateway_spec.rb

@@ -13,16 +13,46 @@
             '---',
             ':enabled: https',
             ":pulp_endpoint: https://#{facts[:fqdn]}",
-            ':sqlite_db_path: /var/lib/foreman-proxy/smart_proxy_container_gateway.db'
+            ':sqlite_db_path: /var/lib/foreman-proxy/smart_proxy_container_gateway.db',
+            ':db_connection_string: postgres:///container_gateway'
           ])
         end
       end
 
-      describe 'with overwritten parameters' do
+      describe 'with overwritten postgres parameters' do
+        let :params do {
+          :pulp_endpoint => 'https://test.example.com',
+          :sqlite_db_path => '/dev/null.db',
+          :database_backend => 'postgres',
+          :postgresql_host => 'test.example.com',
+          :postgresql_port => 5432,
+          :postgresql_database => 'container_gateway',
+          :postgresql_user => 'foreman-proxy',
+          :postgresql_password => 'changeme'
+        } end
+
+        it 'container_gateway.yml should contain the correct configuration' do
+          verify_exact_contents(catalogue, '/etc/foreman-proxy/settings.d/container_gateway.yml', [
+            '---',
+            ':enabled: https',
+            ':pulp_endpoint: https://test.example.com',
+            ':sqlite_db_path: /dev/null.db',
+            ':db_connection_string: postgres://foreman-proxy:changeme@test.example.com:5432/container_gateway'
+          ])
+        end
+      end
+
+      describe 'with overwritten sqlite parameters' do
         let :params do {
           :pulp_endpoint => 'https://test.example.com',
           :sqlite_db_path => '/dev/null.db',
           :sqlite_timeout => 12345,
+          :database_backend => 'sqlite',
+          :postgresql_host => 'test.example.com',
+          :postgresql_port => 5432,
+          :postgresql_database => 'container_gateway',
+          :postgresql_user => 'foreman-proxy',
+          :postgresql_password => 'changeme'
         } end
 
         it 'container_gateway.yml should contain the correct configuration' do
@@ -31,7 +61,8 @@
             ':enabled: https',
             ':pulp_endpoint: https://test.example.com',
             ':sqlite_db_path: /dev/null.db',
-            ':sqlite_timeout: 12345'
+            ':sqlite_timeout: 12345',
+            ':db_connection_string: sqlite:///dev/null.db'
           ])
         end
       end

spec/classes/foreman_proxy__plugin__dynflow_spec.rb

@@ -23,7 +23,12 @@
                                 lines)
         end
 
-        it { should contain_systemd__service_limits('foreman-proxy.service') }
+        it do
+          should contain_systemd__manage_dropin('foreman-proxy.service-90-limits.conf')
+            .with_unit('foreman-proxy.service')
+            .with_filename('90-limits.conf')
+            .with_service_entry({'LimitNOFILE' => 1000000})
+        end
       end
 
       describe 'with custom settings' do

templates/plugin/container_gateway.yml.erb

@@ -6,3 +6,17 @@
 <% if scope.lookupvar("foreman_proxy::plugin::container_gateway::sqlite_timeout") -%>
 :sqlite_timeout: <%= scope.lookupvar("foreman_proxy::plugin::container_gateway::sqlite_timeout") %>
 <% end -%>
+<%-
+case scope.lookupvar('foreman_proxy::plugin::container_gateway::database_backend')
+when 'postgres'
+  uri = URI("postgres://")
+  uri.user = scope.lookupvar('foreman_proxy::plugin::container_gateway::postgresql_user')
+  uri.password = scope.lookupvar('foreman_proxy::plugin::container_gateway::postgresql_password')
+  uri.host = scope.lookupvar('foreman_proxy::plugin::container_gateway::postgresql_host')
+  uri.port = scope.lookupvar('foreman_proxy::plugin::container_gateway::postgresql_port')
+  uri.path = "/#{scope.lookupvar('foreman_proxy::plugin::container_gateway::postgresql_database')}"
+when 'sqlite'
+  uri = "sqlite://#{scope.lookupvar('foreman_proxy::plugin::container_gateway::sqlite_db_path')}"
+end
+-%>
+:db_connection_string: <%= uri %>