From 42c41e34fff0a5ae8ac8806839c0cee7759e76bc Mon Sep 17 00:00:00 2001 From: Ewoud Kohl van Wijngaarden Date: Wed, 25 Aug 2021 17:48:20 +0200 Subject: [PATCH] Externalize answer defaults This moves all non-default options into the Hiera layer. Since Kafo 3.0 this works and is supported. It also means --reset-$option loads the installer default rather than the Puppet default. --- config/foreman-answers.yaml | 10 ++---- config/foreman-hiera.yaml | 1 + config/foreman-proxy-content-answers.yaml | 27 +++------------ ...180111142132-foreman_proxy_autosignfile.rb | 2 +- ...702133937-set-puppet-integration-answer.rb | 2 +- .../180813131441-unmanage-puppet-group.rb | 5 --- .../190111180118-delete-removed-settings.rb | 2 +- ...210112194603-enable-pulp3-content-proxy.rb | 2 -- ...07174237-add-puppet-reserved-code-cache.rb | 3 -- config/foreman.hiera/common.yaml | 6 ++++ .../foreman-proxy-content/defaults.yaml | 18 ++++++++++ .../scenario/katello/defaults.yaml | 25 ++++++++++++++ .../20160405122117_passenger_ruby.rb | 2 +- .../20160420224417_puppet_autosign.rb | 4 +-- ...07174237_add_puppet_reserved_code_cache.rb | 3 -- config/katello-answers.yaml | 34 +++---------------- ...180111142132-foreman_proxy_autosignfile.rb | 2 +- .../180813131441-unmanage-puppet-group.rb | 5 --- .../190111180118-delete-removed-settings.rb | 2 +- ...07174237-add-puppet-reserved-code-cache.rb | 3 -- 20 files changed, 69 insertions(+), 89 deletions(-) delete mode 100644 config/foreman-proxy-content.migrations/180813131441-unmanage-puppet-group.rb create mode 100644 config/foreman.hiera/scenario/foreman-proxy-content/defaults.yaml create mode 100644 config/foreman.hiera/scenario/katello/defaults.yaml delete mode 100644 config/katello.migrations/180813131441-unmanage-puppet-group.rb diff --git a/config/foreman-answers.yaml b/config/foreman-answers.yaml index da9ffaf6d..d3013e4a9 100644 --- a/config/foreman-answers.yaml +++ b/config/foreman-answers.yaml @@ -9,7 +9,7 @@ # # See params.pp in each class for what options are available --- -foreman: {} +foreman: true foreman::cli: true foreman::cli::ansible: false foreman::cli::azure: false @@ -57,7 +57,7 @@ foreman::plugin::statistics: false foreman::plugin::tasks: false foreman::plugin::templates: false foreman::plugin::webhooks: false -foreman_proxy: {} +foreman_proxy: true foreman_proxy::plugin::acd: false foreman_proxy::plugin::ansible: false foreman_proxy::plugin::chef: false @@ -73,8 +73,4 @@ foreman_proxy::plugin::openscap: false foreman_proxy::plugin::remote_execution::ssh: false foreman_proxy::plugin::salt: false foreman_proxy::plugin::shellhooks: false -puppet: - server: true - server_jvm_extra_args: - - "-Djruby.logger.class=com.puppetlabs.jruby_utils.jruby.Slf4jLogger" - - "-XX:ReservedCodeCacheSize=512m" +puppet: true diff --git a/config/foreman-hiera.yaml b/config/foreman-hiera.yaml index f96c1e83a..f4fa927d3 100644 --- a/config/foreman-hiera.yaml +++ b/config/foreman-hiera.yaml @@ -15,6 +15,7 @@ hierarchy: - name: "Built in" paths: - "scenario/%{facts.kafo.scenario.id}/family/%{facts.os.family}-%{facts.os.release.major}.yaml" + - "scenario/%{facts.kafo.scenario.id}/defaults.yaml" - "family/%{facts.os.family}-%{facts.os.release.major}.yaml" - "family/%{facts.os.family}.yaml" - "security.yaml" diff --git a/config/foreman-proxy-content-answers.yaml b/config/foreman-proxy-content-answers.yaml index 85141d648..04734b8fc 100644 --- a/config/foreman-proxy-content-answers.yaml +++ b/config/foreman-proxy-content-answers.yaml @@ -9,21 +9,9 @@ # # See params.pp in each class for what options are available --- -certs: - generate: false -foreman_proxy_content: - pulpcore_mirror: true -foreman_proxy: - foreman_ssl_ca: /etc/foreman-proxy/foreman_ssl_ca.pem - foreman_ssl_cert: /etc/foreman-proxy/foreman_ssl_cert.pem - foreman_ssl_key: /etc/foreman-proxy/foreman_ssl_key.pem - http: true - manage_puppet_group: false - ssl_ca: /etc/foreman-proxy/ssl_ca.pem - ssl_cert: /etc/foreman-proxy/ssl_cert.pem - ssl_key: /etc/foreman-proxy/ssl_key.pem - ssl_port: '9090' - templates: true +certs: true +foreman_proxy_content: {} +foreman_proxy: true foreman_proxy::plugin::acd: false foreman_proxy::plugin::ansible: false foreman_proxy::plugin::dhcp::infoblox: false @@ -33,11 +21,4 @@ foreman_proxy::plugin::dns::infoblox: false foreman_proxy::plugin::openscap: false foreman_proxy::plugin::remote_execution::ssh: false foreman_proxy::plugin::shellhooks: false -puppet: - server: true - server_foreman_ssl_ca: /etc/pki/katello/puppet/puppet_client_ca.crt - server_foreman_ssl_cert: /etc/pki/katello/puppet/puppet_client.crt - server_foreman_ssl_key: /etc/pki/katello/puppet/puppet_client.key - server_jvm_extra_args: - - "-Djruby.logger.class=com.puppetlabs.jruby_utils.jruby.Slf4jLogger" - - "-XX:ReservedCodeCacheSize=512m" +puppet: true diff --git a/config/foreman-proxy-content.migrations/180111142132-foreman_proxy_autosignfile.rb b/config/foreman-proxy-content.migrations/180111142132-foreman_proxy_autosignfile.rb index a2ab711a8..4aa1f0a9a 100644 --- a/config/foreman-proxy-content.migrations/180111142132-foreman_proxy_autosignfile.rb +++ b/config/foreman-proxy-content.migrations/180111142132-foreman_proxy_autosignfile.rb @@ -1,4 +1,4 @@ -if answers['foreman_proxy'] +if answers['foreman_proxy'].is_a?(Hash) answers['foreman_proxy']['use_autosignfile'] = true if answers['foreman_proxy'].key?('puppetdir') puppetdir = answers['foreman_proxy']['puppetdir'] diff --git a/config/foreman-proxy-content.migrations/180702133937-set-puppet-integration-answer.rb b/config/foreman-proxy-content.migrations/180702133937-set-puppet-integration-answer.rb index 76a8f892c..efb1612a6 100644 --- a/config/foreman-proxy-content.migrations/180702133937-set-puppet-integration-answer.rb +++ b/config/foreman-proxy-content.migrations/180702133937-set-puppet-integration-answer.rb @@ -1,4 +1,4 @@ if answers['foreman_proxy_content'].is_a?(Hash) - enabled = answers['puppet'].is_a?(Hash) && answers['puppet']['server'] != false && answers['puppet']['server_foreman'] != false + enabled = answers['puppet'] == true || (answers['puppet'].is_a?(Hash) && answers['puppet']['server'] != false && answers['puppet']['server_foreman'] != false) answers['foreman_proxy_content']['puppet'] = false unless enabled end diff --git a/config/foreman-proxy-content.migrations/180813131441-unmanage-puppet-group.rb b/config/foreman-proxy-content.migrations/180813131441-unmanage-puppet-group.rb deleted file mode 100644 index c93a952b4..000000000 --- a/config/foreman-proxy-content.migrations/180813131441-unmanage-puppet-group.rb +++ /dev/null @@ -1,5 +0,0 @@ -if answers['foreman_proxy'].is_a?(Hash) - answers['foreman_proxy']['manage_puppet_group'] = false -elsif answers['foreman_proxy'] == true - answers['foreman_proxy'] = { 'manage_puppet_group' => false } -end diff --git a/config/foreman-proxy-content.migrations/190111180118-delete-removed-settings.rb b/config/foreman-proxy-content.migrations/190111180118-delete-removed-settings.rb index fdac0af02..4ed13626b 100644 --- a/config/foreman-proxy-content.migrations/190111180118-delete-removed-settings.rb +++ b/config/foreman-proxy-content.migrations/190111180118-delete-removed-settings.rb @@ -20,5 +20,5 @@ end if (mod_answers = answers['foreman_proxy']) - mod_answers['dhcp_gateway'] = nil if mod_answers['dhcp_gateway'] == '192.168.100.1' + mod_answers['dhcp_gateway'] = nil if mod_answers.is_a?(Hash) && mod_answers['dhcp_gateway'] == '192.168.100.1' end diff --git a/config/foreman-proxy-content.migrations/210112194603-enable-pulp3-content-proxy.rb b/config/foreman-proxy-content.migrations/210112194603-enable-pulp3-content-proxy.rb index 9fc17b5bd..73f38a1a5 100644 --- a/config/foreman-proxy-content.migrations/210112194603-enable-pulp3-content-proxy.rb +++ b/config/foreman-proxy-content.migrations/210112194603-enable-pulp3-content-proxy.rb @@ -1,8 +1,6 @@ answers.delete('foreman_proxy::plugin::pulp') if answers['foreman_proxy_content'].is_a?(Hash) - answers['foreman_proxy_content']['pulpcore_mirror'] = true - # Prior migrations add these so we need to ensure they are deleted # config/katello.migrations/200611220455-dont-proxy-pulp-yum-to-pulpcore-on-upgrades.rb # config/katello.migrations/200123161606-enable-pulpcore.rb diff --git a/config/foreman-proxy-content.migrations/210407174237-add-puppet-reserved-code-cache.rb b/config/foreman-proxy-content.migrations/210407174237-add-puppet-reserved-code-cache.rb index a30538497..c86b6ca31 100644 --- a/config/foreman-proxy-content.migrations/210407174237-add-puppet-reserved-code-cache.rb +++ b/config/foreman-proxy-content.migrations/210407174237-add-puppet-reserved-code-cache.rb @@ -12,8 +12,5 @@ answers['puppet']['server_jvm_extra_args'] += " #{reserved_code_cache_arg}" end end - else - # The logger is silently added by the module if it's undef - answers['puppet']['server_jvm_extra_args'] = ['-Djruby.logger.class=com.puppetlabs.jruby_utils.jruby.Slf4jLogger', reserved_code_cache_arg] end end diff --git a/config/foreman.hiera/common.yaml b/config/foreman.hiera/common.yaml index aaf35cdcb..29d26cbd9 100644 --- a/config/foreman.hiera/common.yaml +++ b/config/foreman.hiera/common.yaml @@ -19,3 +19,9 @@ katello::globals::enable_file: "%{alias('foreman_proxy_content::enable_file')}" katello::globals::enable_docker: "%{alias('foreman_proxy_content::enable_docker')}" katello::globals::enable_deb: "%{alias('foreman_proxy_content::enable_deb')}" katello::globals::enable_ansible_collection: "%{alias('foreman_proxy_content::enable_ansible')}" + +puppet::server: true +# The logger must be there. The ReservedCodeCacheSize helps with memory issues +puppet::server_jvm_extra_args: + - "-Djruby.logger.class=com.puppetlabs.jruby_utils.jruby.Slf4jLogger" + - "-XX:ReservedCodeCacheSize=512m" diff --git a/config/foreman.hiera/scenario/foreman-proxy-content/defaults.yaml b/config/foreman.hiera/scenario/foreman-proxy-content/defaults.yaml new file mode 100644 index 000000000..757104c98 --- /dev/null +++ b/config/foreman.hiera/scenario/foreman-proxy-content/defaults.yaml @@ -0,0 +1,18 @@ +certs::generate: false + +foreman_proxy_content::pulpcore_mirror: true + +foreman_proxy::foreman_ssl_ca: /etc/foreman-proxy/foreman_ssl_ca.pem +foreman_proxy::foreman_ssl_cert: /etc/foreman-proxy/foreman_ssl_cert.pem +foreman_proxy::foreman_ssl_key: /etc/foreman-proxy/foreman_ssl_key.pem +foreman_proxy::http: true +foreman_proxy::manage_puppet_group: false +foreman_proxy::ssl_ca: /etc/foreman-proxy/ssl_ca.pem +foreman_proxy::ssl_cert: /etc/foreman-proxy/ssl_cert.pem +foreman_proxy::ssl_key: /etc/foreman-proxy/ssl_key.pem +foreman_proxy::ssl_port: 9090 +foreman_proxy::templates: true + +puppet::server_foreman_ssl_ca: /etc/pki/katello/puppet/puppet_client_ca.crt +puppet::server_foreman_ssl_cert: /etc/pki/katello/puppet/puppet_client.crt +puppet::server_foreman_ssl_key: /etc/pki/katello/puppet/puppet_client.key diff --git a/config/foreman.hiera/scenario/katello/defaults.yaml b/config/foreman.hiera/scenario/katello/defaults.yaml new file mode 100644 index 000000000..9710652f9 --- /dev/null +++ b/config/foreman.hiera/scenario/katello/defaults.yaml @@ -0,0 +1,25 @@ +certs::group: foreman + +foreman::client_ssl_ca: /etc/foreman/proxy_ca.pem +foreman::client_ssl_cert: /etc/foreman/client_cert.pem +foreman::client_ssl_key: /etc/foreman/client_key.pem +foreman::initial_location: Default Location +foreman::initial_organization: Default Organization +foreman::server_ssl_ca: /etc/pki/katello/certs/katello-default-ca.crt +foreman::server_ssl_cert: /etc/pki/katello/certs/katello-apache.crt +foreman::server_ssl_chain: /etc/pki/katello/certs/katello-server-ca.crt +foreman::server_ssl_crl: "" +foreman::server_ssl_key: /etc/pki/katello/private/katello-apache.key + +foreman_proxy::foreman_ssl_ca: /etc/foreman-proxy/foreman_ssl_ca.pem +foreman_proxy::foreman_ssl_cert: /etc/foreman-proxy/foreman_ssl_cert.pem +foreman_proxy::foreman_ssl_key: /etc/foreman-proxy/foreman_ssl_key.pem +foreman_proxy::manage_puppet_group: false +foreman_proxy::ssl_ca: /etc/foreman-proxy/ssl_ca.pem +foreman_proxy::ssl_cert: /etc/foreman-proxy/ssl_cert.pem +foreman_proxy::ssl_key: /etc/foreman-proxy/ssl_key.pem +foreman_proxy::ssl_port: 9090 + +puppet::server_foreman_ssl_ca: /etc/pki/katello/puppet/puppet_client_ca.crt +puppet::server_foreman_ssl_cert: /etc/pki/katello/puppet/puppet_client.crt +puppet::server_foreman_ssl_key: /etc/pki/katello/puppet/puppet_client.key diff --git a/config/foreman.migrations/20160405122117_passenger_ruby.rb b/config/foreman.migrations/20160405122117_passenger_ruby.rb index b7879d9d5..6eaa465b4 100644 --- a/config/foreman.migrations/20160405122117_passenger_ruby.rb +++ b/config/foreman.migrations/20160405122117_passenger_ruby.rb @@ -1,2 +1,2 @@ # Redetermine the value of passenger_ruby, as it changed on Debian in puppet-foreman f9329b6 -answers['foreman'].delete('passenger_ruby') if answers['foreman'] +answers['foreman'].delete('passenger_ruby') if answers['foreman'].is_a?(Hash) diff --git a/config/foreman.migrations/20160420224417_puppet_autosign.rb b/config/foreman.migrations/20160420224417_puppet_autosign.rb index 828fc9bbb..cfa3edd62 100644 --- a/config/foreman.migrations/20160420224417_puppet_autosign.rb +++ b/config/foreman.migrations/20160420224417_puppet_autosign.rb @@ -1,7 +1,7 @@ # Redetermine the value of autosign, as it changed from string/boolean to path/boolean # in puppet-puppet a2325f1 and was deleted from puppet-foreman_proxy 9f3c9aa -if answers['puppet'] +if answers['puppet'].is_a?(Hash) current_autosign = answers['puppet']['autosign'] answers['puppet'].delete('autosign') unless !!current_autosign == current_autosign # rubocop:disable Style/DoubleNegation end -answers['foreman_proxy'].delete('autosign_location') if answers['foreman_proxy'] +answers['foreman_proxy'].delete('autosign_location') if answers['foreman_proxy'].is_a?(Hash) diff --git a/config/foreman.migrations/20210407174237_add_puppet_reserved_code_cache.rb b/config/foreman.migrations/20210407174237_add_puppet_reserved_code_cache.rb index a30538497..c86b6ca31 100644 --- a/config/foreman.migrations/20210407174237_add_puppet_reserved_code_cache.rb +++ b/config/foreman.migrations/20210407174237_add_puppet_reserved_code_cache.rb @@ -12,8 +12,5 @@ answers['puppet']['server_jvm_extra_args'] += " #{reserved_code_cache_arg}" end end - else - # The logger is silently added by the module if it's undef - answers['puppet']['server_jvm_extra_args'] = ['-Djruby.logger.class=com.puppetlabs.jruby_utils.jruby.Slf4jLogger', reserved_code_cache_arg] end end diff --git a/config/katello-answers.yaml b/config/katello-answers.yaml index e5c3a9264..b4a1eb380 100644 --- a/config/katello-answers.yaml +++ b/config/katello-answers.yaml @@ -9,19 +9,8 @@ # # See params.pp in each class for what options are available --- -certs: - group: foreman -foreman: - client_ssl_ca: /etc/foreman/proxy_ca.pem - client_ssl_cert: /etc/foreman/client_cert.pem - client_ssl_key: /etc/foreman/client_key.pem - initial_location: Default Location - initial_organization: Default Organization - server_ssl_ca: /etc/pki/katello/certs/katello-default-ca.crt - server_ssl_cert: /etc/pki/katello/certs/katello-apache.crt - server_ssl_chain: /etc/pki/katello/certs/katello-server-ca.crt - server_ssl_crl: "" - server_ssl_key: /etc/pki/katello/private/katello-apache.key +certs: true +foreman: true foreman::cli: true foreman::cli::ansible: false foreman::cli::azure: false @@ -69,15 +58,7 @@ foreman::plugin::tasks: true foreman::plugin::templates: false foreman::plugin::virt_who_configure: false foreman::plugin::webhooks: false -foreman_proxy: - foreman_ssl_ca: /etc/foreman-proxy/foreman_ssl_ca.pem - foreman_ssl_cert: /etc/foreman-proxy/foreman_ssl_cert.pem - foreman_ssl_key: /etc/foreman-proxy/foreman_ssl_key.pem - manage_puppet_group: false - ssl_ca: /etc/foreman-proxy/ssl_ca.pem - ssl_cert: /etc/foreman-proxy/ssl_cert.pem - ssl_key: /etc/foreman-proxy/ssl_key.pem - ssl_port: '9090' +foreman_proxy: true foreman_proxy::plugin::acd: false foreman_proxy::plugin::ansible: false foreman_proxy::plugin::chef: false @@ -92,11 +73,4 @@ foreman_proxy::plugin::salt: false foreman_proxy::plugin::shellhooks: false foreman_proxy_content: true katello: true -puppet: - server: true - server_foreman_ssl_ca: /etc/pki/katello/puppet/puppet_client_ca.crt - server_foreman_ssl_cert: /etc/pki/katello/puppet/puppet_client.crt - server_foreman_ssl_key: /etc/pki/katello/puppet/puppet_client.key - server_jvm_extra_args: - - "-Djruby.logger.class=com.puppetlabs.jruby_utils.jruby.Slf4jLogger" - - "-XX:ReservedCodeCacheSize=512m" +puppet: true diff --git a/config/katello.migrations/180111142132-foreman_proxy_autosignfile.rb b/config/katello.migrations/180111142132-foreman_proxy_autosignfile.rb index a2ab711a8..4aa1f0a9a 100644 --- a/config/katello.migrations/180111142132-foreman_proxy_autosignfile.rb +++ b/config/katello.migrations/180111142132-foreman_proxy_autosignfile.rb @@ -1,4 +1,4 @@ -if answers['foreman_proxy'] +if answers['foreman_proxy'].is_a?(Hash) answers['foreman_proxy']['use_autosignfile'] = true if answers['foreman_proxy'].key?('puppetdir') puppetdir = answers['foreman_proxy']['puppetdir'] diff --git a/config/katello.migrations/180813131441-unmanage-puppet-group.rb b/config/katello.migrations/180813131441-unmanage-puppet-group.rb deleted file mode 100644 index c93a952b4..000000000 --- a/config/katello.migrations/180813131441-unmanage-puppet-group.rb +++ /dev/null @@ -1,5 +0,0 @@ -if answers['foreman_proxy'].is_a?(Hash) - answers['foreman_proxy']['manage_puppet_group'] = false -elsif answers['foreman_proxy'] == true - answers['foreman_proxy'] = { 'manage_puppet_group' => false } -end diff --git a/config/katello.migrations/190111180118-delete-removed-settings.rb b/config/katello.migrations/190111180118-delete-removed-settings.rb index fdac0af02..4ed13626b 100644 --- a/config/katello.migrations/190111180118-delete-removed-settings.rb +++ b/config/katello.migrations/190111180118-delete-removed-settings.rb @@ -20,5 +20,5 @@ end if (mod_answers = answers['foreman_proxy']) - mod_answers['dhcp_gateway'] = nil if mod_answers['dhcp_gateway'] == '192.168.100.1' + mod_answers['dhcp_gateway'] = nil if mod_answers.is_a?(Hash) && mod_answers['dhcp_gateway'] == '192.168.100.1' end diff --git a/config/katello.migrations/210407174237-add-puppet-reserved-code-cache.rb b/config/katello.migrations/210407174237-add-puppet-reserved-code-cache.rb index a30538497..c86b6ca31 100644 --- a/config/katello.migrations/210407174237-add-puppet-reserved-code-cache.rb +++ b/config/katello.migrations/210407174237-add-puppet-reserved-code-cache.rb @@ -12,8 +12,5 @@ answers['puppet']['server_jvm_extra_args'] += " #{reserved_code_cache_arg}" end end - else - # The logger is silently added by the module if it's undef - answers['puppet']['server_jvm_extra_args'] = ['-Djruby.logger.class=com.puppetlabs.jruby_utils.jruby.Slf4jLogger', reserved_code_cache_arg] end end