13 changes: 13 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,18 @@
# Changelog

## [11.0.0](https://github.com/theforeman/puppet-pulpcore/tree/11.0.0) (2024-11-04)

[Full Changelog](https://github.com/theforeman/puppet-pulpcore/compare/10.4.0...11.0.0)

**Breaking changes:**

- never set REMOTE\_USER to the value of SSL\_CLIENT\_S\_DN\_CN [\#360](https://github.com/theforeman/puppet-pulpcore/pull/360) ([evgeni](https://github.com/evgeni))

**Fixed bugs:**

- properly escape quotes in passwords by calling to\_python [\#361](https://github.com/theforeman/puppet-pulpcore/pull/361) ([evgeni](https://github.com/evgeni))
- Add Wants=postgresql.service to Pulpcore service files [\#359](https://github.com/theforeman/puppet-pulpcore/pull/359) ([ekohl](https://github.com/ekohl))

## [10.4.0](https://github.com/theforeman/puppet-pulpcore/tree/10.4.0) (2024-09-04)

[Full Changelog](https://github.com/theforeman/puppet-pulpcore/compare/10.3.0...10.4.0)
Expand Down
1 change: 0 additions & 1 deletion manifests/apache.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,6 @@
$api_default_request_headers = [
"unset ${remote_user_environ_header}",
"unset ${remote_user_environ_header_underscore}",
"set ${remote_user_environ_header} \"%{SSL_CLIENT_S_DN_CN}s\" env=SSL_CLIENT_S_DN_CN",
]

$api_additional_request_headers = $pulpcore::api_client_auth_cn_map.map |String $cn, String $pulp_user| {
Expand Down
8 changes: 1 addition & 7 deletions manifests/plugin/container.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,12 +9,6 @@
String $location_prefix = '/pulpcore_registry',
String $registry_version_path = '/v2/',
) {
# This is like pulpcore::apache's value, but slightly different
$api_default_request_headers = [
"unset ${pulpcore::apache::remote_user_environ_header}",
"unset ${pulpcore::apache::remote_user_environ_header_underscore}",
]

$context = {
'directories' => [
{
Expand All @@ -25,7 +19,7 @@
'url' => "${pulpcore::apache::api_base_url}${registry_version_path}",
},
],
'request_headers' => $api_default_request_headers + $pulpcore::apache::api_additional_request_headers,
'request_headers' => $pulpcore::apache::api_default_request_headers + $pulpcore::apache::api_additional_request_headers,
},
],
'proxy_pass' => [
Expand Down
2 changes: 1 addition & 1 deletion metadata.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{

Check warning on line 1 in metadata.json

View workflow job for this annotation

GitHub Actions / Puppet / Static validations 

Skipping EOL operating system CentOS 8
"name": "theforeman-pulpcore",
"version": "10.4.0",
"version": "11.0.0",
"author": "theforeman",
"summary": "Installs next generation Pulp server",
"license": "GPL-3.0-or-later",
Expand Down
6 changes: 4 additions & 2 deletions spec/acceptance/hieradata/common.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,8 @@
---
apache::default_mods: false
pulpcore::apache_https_cert: '/etc/pulpcore-certs/ca-cert.pem'
pulpcore::apache_https_key: '/etc/pulpcore-certs/ca-key.pem'
pulpcore::apache_https_cert: '/etc/pulpcore-certs/client-cert.pem'
pulpcore::apache_https_key: '/etc/pulpcore-certs/client-key.pem'
pulpcore::apache_https_ca: '/etc/pulpcore-certs/ca-cert.pem'
pulpcore::database::always_run_migrations: false
pulpcore::api_client_auth_cn_map:
"%{facts.networking.fqdn}": "admin"
3 changes: 0 additions & 3 deletions spec/classes/pulpcore_spec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -133,7 +133,6 @@
'request_headers' => [
'unset REMOTE-USER',
'unset REMOTE_USER',
'set REMOTE-USER "%{SSL_CLIENT_S_DN_CN}s" env=SSL_CLIENT_S_DN_CN',
],
}
])
Expand Down Expand Up @@ -359,7 +358,6 @@
<Location "/pulp/api/v3">
RequestHeader unset REMOTE-USER
RequestHeader unset REMOTE_USER
RequestHeader set REMOTE-USER "%{SSL_CLIENT_S_DN_CN}s" env=SSL_CLIENT_S_DN_CN
ProxyPass unix:///run/pulpcore-api.sock|http://pulpcore-api/pulp/api/v3 timeout=600
ProxyPassReverse unix:///run/pulpcore-api.sock|http://pulpcore-api/pulp/api/v3
</Location>
Expand Down Expand Up @@ -524,7 +522,6 @@
'request_headers' => [
'unset REMOTE-USER',
'unset REMOTE_USER',
'set REMOTE-USER "%{SSL_CLIENT_S_DN_CN}s" env=SSL_CLIENT_S_DN_CN',
'set REMOTE-USER "admin" "expr=%{SSL_CLIENT_S_DN_CN} == \'foreman.example.com\'"',
],
}
Expand Down
11 changes: 8 additions & 3 deletions spec/setup_acceptance_node.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,8 +18,9 @@
$client_csr = "${directory}/client-csr.pem"
$client_cert = "${directory}/client-cert.pem"
$client_key = "${directory}/client-key.pem"
$client_ext = "${directory}/client-ext"

$ca_cmd = "openssl req -nodes -x509 -newkey rsa:2048 -subj '/CN=${facts['networking']['fqdn']}' -addext 'subjectAltName = DNS:${facts['networking']['fqdn']}' -keyout '${ca_key}' -out '${ca_cert}' -days 365"
$ca_cmd = "openssl req -nodes -x509 -newkey rsa:2048 -subj '/CN=puppet-pulpcore acceptance CA' -keyout '${ca_key}' -out '${ca_cert}' -days 365"

exec { 'Create certificate directory':
command => "mkdir -p ${directory}",
Expand All @@ -34,14 +35,18 @@
umask => '0022',
}
-> exec { 'Generate CSR':
command => "openssl req -nodes -new -newkey rsa:2048 -subj '/CN=admin' -out '${client_csr}' -keyout '${client_key}'",
command => "openssl req -nodes -new -newkey rsa:2048 -subj '/CN=${facts['networking']['fqdn']}' -addext 'subjectAltName = DNS:${facts['networking']['fqdn']}' -out '${client_csr}' -keyout '${client_key}'",
path => ['/bin', '/usr/bin'],
creates => $client_csr,
logoutput => 'on_failure',
umask => '0022',
}
-> file { $client_ext:
content => "subjectAltName = DNS:${facts['networking']['fqdn']}",
mode => '0644',
}
-> exec { 'Sign CSR':
command => "openssl x509 -req -days 360 -in '${client_csr}' -CA '${ca_cert}' -CAkey '${ca_key}' -CAcreateserial -out '${client_cert}'",
command => "openssl x509 -req -days 360 -in '${client_csr}' -CA '${ca_cert}' -CAkey '${ca_key}' -CAcreateserial -out '${client_cert}' -extfile '${client_ext}'",
path => ['/bin', '/usr/bin'],
creates => $client_cert,
logoutput => 'on_failure',
Expand Down
1 change: 1 addition & 0 deletions templates/pulpcore-api.service.erb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@
Description=Pulp API Server
After=network.target
Requires=pulpcore-api.socket
Wants=postgresql.service

[Service]
Type=notify
Expand Down
1 change: 1 addition & 0 deletions templates/pulpcore-content.service.erb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@
Description=Pulp Content App
Requires=pulpcore-content.socket
After=network.target
Wants=postgresql.service

[Service]
Type=notify
Expand Down
2 changes: 1 addition & 1 deletion templates/pulpcore-worker@.service.erb
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
[Unit]
Description=Pulp Worker
After=network-online.target
Wants=network-online.target
Wants=network-online.target postgresql.service

[Service]
Type=simple
Expand Down
2 changes: 1 addition & 1 deletion templates/settings.py.erb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ DATABASES = {
'ENGINE': 'django.db.backends.postgresql',
'NAME': '<%= scope['pulpcore::postgresql_db_name'] %>',
'USER': '<%= scope['pulpcore::postgresql_db_user'] %>',
'PASSWORD': '<%= scope['pulpcore::postgresql_db_password'] %>',
'PASSWORD': <%= scope.call_function('to_python', [scope['pulpcore::postgresql_db_password']]) %>,
'HOST': '<%= scope['pulpcore::postgresql_db_host'] %>',
'PORT': '<%= scope['pulpcore::postgresql_db_port'] %>',
<% if scope['pulpcore::postgresql_db_ssl'] && !scope['pulpcore::postgresql_manage_db'] -%>
Expand Down