Skip to content

Commit

Permalink
run foreman in a container
Browse files Browse the repository at this point in the history
  • Loading branch information
evgeni committed May 21, 2024
1 parent 1fc15de commit 2c3df07
Show file tree
Hide file tree
Showing 6 changed files with 81 additions and 21 deletions.
3 changes: 3 additions & 0 deletions .fixtures.yml
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,9 @@ fixtures:
concat: 'https://github.com/puppetlabs/puppetlabs-concat'
cron_core: 'https://github.com/puppetlabs/puppetlabs-cron_core'
extlib: 'https://github.com/voxpupuli/puppet-extlib'
podman:
repo: 'https://github.com/evgeni/puppet-podman'
branch: 'quadlet'
postgresql: 'https://github.com/puppetlabs/puppetlabs-postgresql'
puppet: 'https://github.com/theforeman/puppet-puppet'
redis: 'https://github.com/voxpupuli/puppet-redis'
Expand Down
36 changes: 23 additions & 13 deletions manifests/config.pp
Original file line number Diff line number Diff line change
Expand Up @@ -98,11 +98,13 @@
)
)
$min_puma_threads = pick($foreman::foreman_service_puma_threads_min, $foreman::foreman_service_puma_threads_max)
systemd::dropin_file { 'foreman-service':
filename => 'installer.conf',
unit => "${foreman::foreman_service}.service",
content => template('foreman/foreman.service-overrides.erb'),
notify_service => true,
if $foreman::deployment_mode == 'package' {
systemd::dropin_file { 'foreman-service':
filename => 'installer.conf',
unit => "${foreman::foreman_service}.service",
content => template('foreman/foreman.service-overrides.erb'),
notify_service => true,
}
}

if ! defined(File[$foreman::app_root]) {
Expand Down Expand Up @@ -153,7 +155,13 @@
}

if $foreman::apache {
$listen_socket = '/run/foreman.sock'
if $foreman::deployment_mode == 'container' {
$listen_socket = 'localhost:3000'
$backend_protocol = 'http'
} else {
$listen_socket = '/run/foreman.sock'
$backend_protocol = 'unix'
}

class { 'foreman::config::apache':
app_root => $foreman::app_root,
Expand All @@ -162,7 +170,7 @@
serveraliases => $foreman::serveraliases,
server_port => $foreman::server_port,
server_ssl_port => $foreman::server_ssl_port,
proxy_backend => "unix://${listen_socket}",
proxy_backend => "${backend_protocol}://${listen_socket}",
ssl => $foreman::ssl,
ssl_ca => $foreman::server_ssl_ca,
ssl_chain => $foreman::server_ssl_chain,
Expand Down Expand Up @@ -280,11 +288,13 @@
$foreman_socket_override = undef
}

systemd::dropin_file { 'foreman-socket':
ensure => bool2str($foreman_socket_override =~ Undef, 'absent', 'present'),
filename => 'installer.conf',
unit => "${foreman::foreman_service}.socket",
content => $foreman_socket_override,
notify_service => true,
if $foreman::deployment_mode == 'package' {
systemd::dropin_file { 'foreman-socket':
ensure => bool2str($foreman_socket_override =~ Undef, 'absent', 'present'),
filename => 'installer.conf',
unit => "${foreman::foreman_service}.socket",
content => $foreman_socket_override,
notify_service => true,
}
}
}
3 changes: 3 additions & 0 deletions manifests/init.pp
Original file line number Diff line number Diff line change
Expand Up @@ -189,6 +189,8 @@
#
# $provisioning_fcct_location:: The location of the binary to call when transpiling Fedora CoreOS templates.
#
# $deployment_mode:: The way foreman is deployed: packages or container
#
# === Dynflow parameters:
#
# $dynflow_manage_services:: Whether to manage the dynflow services
Expand Down Expand Up @@ -307,6 +309,7 @@
Boolean $register_in_foreman = true,
Optional[Stdlib::Absolutepath] $provisioning_ct_location = undef,
Optional[Stdlib::Absolutepath] $provisioning_fcct_location = undef,
Enum['package', 'container'] $deployment_mode = 'package',
) inherits foreman::params {
assert_type(Array[Stdlib::IP::Address], $trusted_proxies)

Expand Down
40 changes: 32 additions & 8 deletions manifests/service.pp
Original file line number Diff line number Diff line change
Expand Up @@ -35,14 +35,38 @@
}
}

service { "${foreman_service}.socket":
ensure => $foreman_service_ensure,
enable => $foreman_service_enable,
}
if $foreman::deployment_mode == 'package' {
service { "${foreman_service}.socket":
ensure => $foreman_service_ensure,
enable => $foreman_service_enable,
}

service { $foreman_service:
ensure => $foreman_service_ensure,
enable => $foreman_service_enable,
before => Service["${foreman_service}.socket"],
service { $foreman_service:
ensure => $foreman_service_ensure,
enable => $foreman_service_enable,
before => Service["${foreman_service}.socket"],
}
} else {
podman::quadlet { 'foreman.container':
ensure => present,
unit_entry => {
'Description' => 'Foreman',
},
service_entry => {
'TimeoutStartSec' => '900',
},
container_entry => {
'Image' => 'quay.io/evgeni/foreman-rpm:latest',
'PublishPort' => ['127.0.0.1:3000:3000'],
'Volume' => ['/etc/foreman/:/etc/foreman/'],
'AddCapability' => ['CAP_DAC_OVERRIDE', 'CAP_IPC_OWNER'],
'Network' => 'host',
'HostName' => $foreman::servername,
},
install_entry => {
'WantedBy' => 'default.target',
},
active => true,
}
}
}
4 changes: 4 additions & 0 deletions metadata.json
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,10 @@
{
"name": "puppet/redis",
"version_requirement": ">= 5.0.0 < 12.0.0"
},
{
"name": "southalc/podman",
"version_requirement": ">= 0.6.7 < 1.0.0"
}
],
"requirements": [
Expand Down
16 changes: 16 additions & 0 deletions spec/acceptance/foreman_basic_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,22 @@ class { 'foreman':
# https://projects.theforeman.org/issues/36113
end

describe 'in a Container' do
it_behaves_like 'an idempotent resource' do
let(:manifest) do
<<~PUPPET
class { 'foreman':
deployment_mode => 'container',
db_host => 'localhost',
db_manage_rake => false,
}
PUPPET
end
end

it_behaves_like 'the foreman application'
end

context 'GSSAPI auth enabled' do
before { on default, 'mkdir -p /etc/httpd && touch /etc/httpd/conf.keytab' }

Expand Down

0 comments on commit 2c3df07

Please sign in to comment.