Fixes #11936 - Add support for kerberos auth #351
Conversation
|
@adamruzicka, the Redmine ticket used is for a different project than the one associated with this GitHub repository. Please either:
If changing the ticket number used, remember to update the PR title and the commit message (using This message was auto-generated by Foreman's prprocessor |
| $scl_prefix = '' # lint:ignore:empty_string_assignment | ||
| } | ||
|
|
||
| foreman_proxy::plugin { 'net-ssh-krb': |
There was a problem hiding this comment.
I think you should use package since this isn't a plugin, it's a library. Another thing is that this will break on Debian where the package would most likely be named ruby-net-ssh-krb but isn't packaged.
There was a problem hiding this comment.
Good point about package, will do. I'll have to look into the debian naming, debian packaging pr is here
There was a problem hiding this comment.
It will be ruby-net-ssh-krb per Debian policies.
| @@ -49,6 +52,18 @@ | |||
| template_path => 'foreman_proxy/plugin/remote_execution_ssh.yml.erb', | |||
| } | |||
|
|
|||
| if $ssh_kerberos_auth { | |||
| if $::osfamily == 'RedHat' and $::operatingsystem != 'Fedora' { | |||
There was a problem hiding this comment.
The smart proxy doesn't run in SCL.
There was a problem hiding this comment.
This is an optional dependency for the smart_proxy_dynflow_core service which runs in SCL
|
@adamruzicka, the Redmine ticket used is for a different project than the one associated with this GitHub repository. Please either:
If changing the ticket number used, remember to update the PR title and the commit message (using This message was auto-generated by Foreman's prprocessor |
4 similar comments
|
@adamruzicka, the Redmine ticket used is for a different project than the one associated with this GitHub repository. Please either:
If changing the ticket number used, remember to update the PR title and the commit message (using This message was auto-generated by Foreman's prprocessor |
|
@adamruzicka, the Redmine ticket used is for a different project than the one associated with this GitHub repository. Please either:
If changing the ticket number used, remember to update the PR title and the commit message (using This message was auto-generated by Foreman's prprocessor |
|
@adamruzicka, the Redmine ticket used is for a different project than the one associated with this GitHub repository. Please either:
If changing the ticket number used, remember to update the PR title and the commit message (using This message was auto-generated by Foreman's prprocessor |
|
@adamruzicka, the Redmine ticket used is for a different project than the one associated with this GitHub repository. Please either:
If changing the ticket number used, remember to update the PR title and the commit message (using This message was auto-generated by Foreman's prprocessor |
| if $::osfamily == 'RedHat' { | ||
| $ruby_prefix = 'rubygem-' | ||
| if $::operatingsystem != 'Fedora' { | ||
| $ruby_prefix = 'tfm-' + $ruby_prefix |
There was a problem hiding this comment.
This isn't valid since variables can't re-declared.
| @@ -49,6 +52,23 @@ | |||
| template_path => 'foreman_proxy/plugin/remote_execution_ssh.yml.erb', | |||
| } | |||
|
|
|||
| if $ssh_kerberos_auth { | |||
| if $::osfamily == 'RedHat' { | |||
| $rh_ruby_prefix = 'rubygem' | |||
There was a problem hiding this comment.
I wonder if this additional variable is actually needed. I'd just inline string below.
| $ruby_prefix = 'ruby' | ||
| } | ||
|
|
||
| package { "${ruby_prefix}-net-ssh-krb": |
There was a problem hiding this comment.
Should this restart the dynflow_core service? Note that it's only used on EL and not Fedora or other distro's.
|
@ekohl Sorry for taking so long, hopefully I addressed all your comments and added some tests |
| @@ -71,6 +78,10 @@ | |||
|
|
|||
| it { should_not contain_exec('generate_ssh_key') } | |||
| it { should_not contain_file('/root/.ssh') } | |||
|
|
|||
| it 'should not install tfm-rubygem-net-ssh-krb package' do | |||
There was a problem hiding this comment.
nit: s/not // (the actual test is correct)
There was a problem hiding this comment.
Right, bad copy-paste
|
@mmoll mind re-reviewing this? |
| @@ -49,6 +52,22 @@ | |||
| template_path => 'foreman_proxy/plugin/remote_execution_ssh.yml.erb', | |||
| } | |||
|
|
|||
| if $ssh_kerberos_auth { | |||
| if $::osfamily == 'RedHat' { | |||
| if $::operatingsystem != 'Fedora' { | |||
There was a problem hiding this comment.
(untested) the following looks shorter and more readable to me:
unless $::osfamily == 'RedHat' {
$ruby_prefix = 'ruby'
} else {
$ruby_prefix ? $::operatingsystem {
'Fedora' => 'rubygem',
default => 'tfm-rubygem',
}
}There was a problem hiding this comment.
Forgot puppet has selector expressions, changed.
| @@ -49,6 +52,22 @@ | |||
| template_path => 'foreman_proxy/plugin/remote_execution_ssh.yml.erb', | |||
| } | |||
|
|
|||
| if $ssh_kerberos_auth { | |||
| unless $::osfamily == 'RedHat' { | |||
There was a problem hiding this comment.
This might be a bit picky, but in my mind if x == y is easier to read and if both true and false are present I'd prefer to use if.
|
Thanks @adamruzicka! |
No description provided.