Skip to content

Deploy in three stages - certs, Ansible, puppet#1015

Draft
ehelms wants to merge 6 commits intotheforeman:developfrom
ehelms:bride-of-frankenstein
Draft

Deploy in three stages - certs, Ansible, puppet#1015
ehelms wants to merge 6 commits intotheforeman:developfrom
ehelms:bride-of-frankenstein

Conversation

@ehelms
Copy link
Member

@ehelms ehelms commented Mar 5, 2025
edited
Loading

This is built on top of #1011

To run this:

foreman-installer --scenario katello --foreman-proxy-oauth-consumer-key abcdefghijklmnopqrstuvwxyz123456 --foreman-proxy-oauth-consumer-secret abcdefghijklmnopqrstuvwxyz123456 --tuning development

@ehelms ehelms force-pushed the bride-of-frankenstein branch from 55b4762 to d06c4f9 Compare March 5, 2025 14:49
ekohl
ekohl reviewed Mar 5, 2025
View reviewed changes
Copy link
Member

@ekohl ekohl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

At this point I'm wondering if we shouldn't simply create a content proxy like scenario and then call the installer from Ansible.

@ehelms
Copy link
Member Author

ehelms commented Mar 5, 2025

At this point I'm wondering if we shouldn't simply create a content proxy like scenario and then call the installer from Ansible.

That's the tactic @evgeni is exploring.

evgeni
evgeni reviewed Mar 7, 2025
View reviewed changes
evgeni
evgeni reviewed Mar 7, 2025
View reviewed changes
hooks/pre/40-exacto.rb Outdated
Comment on lines 1 to 29
def apply_installer_puppet(manifest)
bin_path = Kafo::PuppetCommand.search_puppet_path('puppet')
command = "echo \"#{manifest}\" | #{bin_path} apply --detailed-exitcodes --modulepath=/usr/share/foreman-installer/modules"

stdout, stderr, status = Open3.capture3(*Kafo::PuppetCommand.format_command(command))
if status != 1
puts stdout
else
puts stderr
end
end

generate_manifest = <<~MANIFEST
class { 'certs::generate':
foreman => true,
apache => true,
candlepin => true,
foreman_proxy => true,
}
MANIFEST

deploy_manifest = <<~MANIFEST
class { 'certs::foreman_proxy':
deploy => true,
}
MANIFEST

apply_installer_puppet(generate_manifest)
apply_installer_puppet(deploy_manifest)
Copy link
Member

@evgeni evgeni Mar 7, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ideally this would use #935 instead?
Also, why deploying Proxy certs already? The proxy is not yet installed so this should fail?

Copy link
Member Author

@ehelms ehelms Mar 7, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You are likely right, I added this after I had run it a few times.

In this use case, I think #935 is probably overkill for what we need. Unless the tactic was to have the user run the three stages rather than the installer orchestrating it.

Copy link
Member Author

@ehelms ehelms Mar 7, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I added a deploy class (https://github.com/theforeman/puppet-certs/pull/449/files#diff-e6327449f108163297d1ce69ca08f3a4d8013b01d772a4be3aba628b223bd8c5) that now handles this within the puppet properly. It's added to the answers file and this part is dropped.

I think you could drop katello from your Ansible based version now, and rely on this same mechanism as well.

@ehelms
Copy link
Member Author

ehelms commented Mar 7, 2025

At this point I'm wondering if we shouldn't simply create a content proxy like scenario and then call the installer from Ansible.

That's the tactic @evgeni is exploring.

The Ansible approach -- #1016

@ehelms ehelms force-pushed the bride-of-frankenstein branch from d06c4f9 to 8375635 Compare March 7, 2025 19:06
@ehelms
Deploy in three stages - certs, Ansible, puppet
f12584f 
Signed-off-by: Eric D. Helms <ericdhelms@gmail.com>
@ehelms ehelms force-pushed the bride-of-frankenstein branch from 8375635 to f12584f Compare March 7, 2025 20:27
@ehelms
Copy link
Member Author

ehelms commented Mar 7, 2025

Testing steps:

dnf -y install https://yum.puppetlabs.com/puppet8/el/9/x86_64/puppet8-release-1.0.0-9.el9.noarch.rpm
dnf -y install https://yum.theforeman.org/nightly/el9/x86_64/foreman-release.rpm
dnf -y install https://yum.theforeman.org/katello/nightly/katello/el9/x86_64/katello-repos-latest.rpm
dnf -y copr enable packit/theforeman-foreman-installer-1015 rhel-9-x86_64
dnf install -y foreman-installer-katello
foreman-installer --scenario katello --foreman-proxy-oauth-consumer-key abcdefghijklmnopqrstuvwxyz123456 --foreman-proxy-oauth-consumer-secret abcdefghijklmnopqrstuvwxyz123456 --tuning development

@ehelms ehelms mentioned this pull request Mar 12, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@evgeni evgeni evgeni left review comments

@ekohl ekohl ekohl left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@ehelms @evgeni @ekohl