Fixes #32235,#19494 - Run Dynflow within smart-proxy on EL*

README.md

@@ -12,7 +12,7 @@ Part of the Foreman installer: <https://github.com/theforeman/foreman-installer>
 
 | Module version | Proxy versions | Notes                                               |
 |----------------|----------------|-----------------------------------------------------|
-| 16.x - 17.x    | 2.3 and newer  | See compatibility notes in its README for 2.0-2.2   |
+| 16.x - 18.x    | 2.3 and newer  | See compatibility notes in its README for 2.0-2.2   |
 | 13.x - 15.x    | 2.0 - 2.2      |                                                     |
 | 12.x           | 1.19 - 1.24    | See compatibility notes in its README for 1.19-1.22 |
 | 11.x           | 1.19 - 1.23    | See compatibility notes in its README for 1.19-1.21 |
@@ -23,6 +23,7 @@ Part of the Foreman installer: <https://github.com/theforeman/foreman-installer>
 | 2.x            | 1.5 - 1.10     |                                                     |
 | 1.x            | 1.4 and older  |                                                     |
 
+18.x switched to running `smart_proxy_dynflow` as part of `foreman-proxy` service by default. On EL* distributions and Foreman < 2.5, `foreman_proxy::plugin::dynflow::external_core` needs to be explicitly set to `true`.
 16.x added support for Smart Proxy Registration feature, available in Smart Proxy 2.3 and newer.
 12.x has dropped support for Puppet 3 which was officially unsupported for a while and Foreman Proxy 1.23 dropped altogether.
 

manifests/plugin/dynflow.pp

@@ -35,7 +35,7 @@
   Optional[Array[String]] $ssl_disabled_ciphers = $foreman_proxy::plugin::dynflow::params::ssl_disabled_ciphers,
   Optional[Array[String]] $tls_disabled_versions = $foreman_proxy::plugin::dynflow::params::tls_disabled_versions,
   Integer[1] $open_file_limit = $foreman_proxy::plugin::dynflow::params::open_file_limit,
-  Optional[Boolean] $external_core = $foreman_proxy::plugin::dynflow::params::external_core,
+  Boolean $external_core = $foreman_proxy::plugin::dynflow::params::external_core,
 ) inherits foreman_proxy::plugin::dynflow::params {
   if $foreman_proxy::ssl {
     $core_url = "https://${facts['networking']['fqdn']}:${core_port}"
@@ -49,36 +49,40 @@
   }
 
   if $external_core {
-    foreman_proxy::plugin { 'dynflow_core':
-      notify  => Service['smart_proxy_dynflow_core'],
-    }
+    $service = 'smart_proxy_dynflow_core'
 
     file { '/etc/smart_proxy_dynflow_core/settings.yml':
       ensure  => file,
       content => template('foreman_proxy/plugin/dynflow_core.yml.erb'),
       require => Foreman_proxy::Plugin['dynflow_core'],
-      notify  => Service['smart_proxy_dynflow_core'],
+      notify  => Service[$service],
     }
 
     file { '/etc/smart_proxy_dynflow_core/settings.d':
       ensure  => link,
       target  => "${foreman_proxy::config_dir}/settings.d",
       require => Foreman_proxy::Plugin['dynflow_core'],
-      notify  => Service['smart_proxy_dynflow_core'],
+      notify  => Service[$service],
     }
+  } else {
+    $service = 'foreman-proxy'
+  }
 
-    systemd::service_limits { 'smart_proxy_dynflow_core.service':
-      limits          => {
-        'LimitNOFILE' => $open_file_limit,
-      },
-      restart_service => false,
-      require         => Foreman_proxy::Plugin['dynflow_core'],
-      notify          => Service['smart_proxy_dynflow_core'],
-    }
+  foreman_proxy::plugin { 'dynflow_core':
+    notify  => Service[$service],
+  }
 
-    service { 'smart_proxy_dynflow_core':
-      ensure => running,
-      enable => true,
-    }
+  systemd::service_limits { "${service}.service":
+    limits          => {
+      'LimitNOFILE' => $open_file_limit,
+    },
+    restart_service => false,
+    require         => Foreman_proxy::Plugin['dynflow_core'],
+    notify          => Service[$service],
+  }
+
+  service { 'smart_proxy_dynflow_core':
+    ensure => $external_core,
+    enable => $external_core,
   }
 }

manifests/plugin/dynflow/params.pp

@@ -11,8 +11,5 @@
   $ssl_disabled_ciphers  = undef
   $tls_disabled_versions = undef
   $open_file_limit       = 1000000
-  $external_core         = $facts['os']['family'] ? {
-    'RedHat' => true,
-    default  => undef
-  }
+  $external_core         = false
 }

spec/acceptance/dynflow_spec.rb

@@ -7,23 +7,12 @@
 
   it_behaves_like 'the default foreman proxy application'
 
-  if os[:family] =~ /redhat|fedora/
-    describe service('smart_proxy_dynflow_core') do
-      it { is_expected.to be_enabled }
-      it { is_expected.to be_running }
-    end
-
-    describe port(8008) do
-      it { is_expected.to be_listening }
-    end
-  else
-    describe service('smart_proxy_dynflow_core') do
-      it { is_expected.not_to be_enabled }
-      it { is_expected.not_to be_running }
-    end
+  describe service('smart_proxy_dynflow_core') do
+    it { is_expected.not_to be_enabled }
+    it { is_expected.not_to be_running }
+  end
 
-    describe port(8008) do
-      it { is_expected.not_to be_listening }
-    end
+  describe port(8008) do
+    it { is_expected.not_to be_listening }
   end
 end

spec/classes/foreman_proxy__plugin__dynflow_spec.rb

@@ -7,8 +7,6 @@
       let(:pre_condition) { 'include foreman_proxy' }
       let(:etc_dir) { ['FreeBSD', 'DragonFly'].include?(facts[:osfamily]) ? '/usr/local/etc' : '/etc' }
 
-      has_core = facts[:osfamily] == 'RedHat'
-
       describe 'with default settings' do
         it { should compile.with_all_deps }
         it { should contain_foreman_proxy__plugin__module('dynflow') }
@@ -19,55 +17,21 @@
             ':enabled: https',
             ':database: ',
             ':core_url: https://foo.example.com:8008',
+            ':external_core: false',
           ]
-          lines << ':external_core: true' if has_core
           verify_exact_contents(catalogue,
                                 "#{etc_dir}/foreman-proxy/settings.d/dynflow.yml",
                                 lines)
         end
 
-        if has_core
-          it { should contain_foreman_proxy__plugin('dynflow_core') }
-          it { should contain_service('smart_proxy_dynflow_core') }
-
-          it 'should create settings.d symlink' do
-            should contain_file("#{etc_dir}/smart_proxy_dynflow_core/settings.d").
-              with_ensure('link').with_target("#{etc_dir}/foreman-proxy/settings.d")
-          end
-
-          it 'should create systemd service limits' do
-            should contain_systemd__service_limits('smart_proxy_dynflow_core.service').
-              with_limits({'LimitNOFILE' => 1000000}).that_notifies('Service[smart_proxy_dynflow_core]')
-          end
-
-          it 'should generate correct dynflow core settings.yml' do
-            verify_exact_contents(catalogue, "#{etc_dir}/smart_proxy_dynflow_core/settings.yml", [
-              "---",
-              ":database: ",
-              ":console_auth: true",
-              ":foreman_url: https://foo.example.com",
-              ':listen: "*"',
-              ":port: 8008",
-              ":use_https: true",
-              ":ssl_ca_file: /etc/puppetlabs/puppet/ssl/certs/ca.pem",
-              ":ssl_certificate: /etc/puppetlabs/puppet/ssl/certs/foo.example.com.pem",
-              ":ssl_private_key: /etc/puppetlabs/puppet/ssl/private_keys/foo.example.com.pem",
-            ])
-          end
+        it { should contain_foreman_proxy__plugin('dynflow_core') }
+        it { should contain_service('smart_proxy_dynflow_core').
+               with(ensure: false, enable: false) }
+        it { should contain_systemd__service_limits('foreman-proxy.service') }
 
-          it 'should restart external core' do
-            should contain_file("#{etc_dir}/smart_proxy_dynflow_core/settings.yml").
-              that_notifies('Service[smart_proxy_dynflow_core]')
-            should contain_file("#{etc_dir}/smart_proxy_dynflow_core/settings.d").
-              that_notifies('Service[smart_proxy_dynflow_core]')
-          end
-        else
-          it { should_not contain_foreman_proxy__plugin('dynflow_core') }
-          it { should_not contain_file("#{etc_dir}/smart_proxy_dynflow_core/settings.d") }
-          it { should_not contain_file("#{etc_dir}/smart_proxy_dynflow_core/settings.yml") }
-          it { should_not contain_service('smart_proxy_dynflow_core') }
-          it { should_not contain_systemd__service_limits('smart_proxy_dynflow_core.service') }
-        end
+        it { should_not contain_file("#{etc_dir}/smart_proxy_dynflow_core/settings.d") }
+        it { should_not contain_file("#{etc_dir}/smart_proxy_dynflow_core/settings.yml") }
+        it { should_not contain_systemd__service_limits('smart_proxy_dynflow_core.service') }
       end
 
       describe 'with custom settings' do
@@ -123,10 +87,13 @@
       describe 'without external_core' do
         let(:params) { { external_core: false } }
 
-        it { should_not contain_foreman_proxy__plugin('dynflow_core') }
+        it { should contain_foreman_proxy__plugin('dynflow_core') }
+        it { should contain_service('smart_proxy_dynflow_core').
+            with(ensure: false, enable: false) }
+        it { should contain_systemd__service_limits('foreman-proxy.service') }
+
         it { should_not contain_file("#{etc_dir}/smart_proxy_dynflow_core/settings.d") }
         it { should_not contain_file("#{etc_dir}/smart_proxy_dynflow_core/settings.yml") }
-        it { should_not contain_service('smart_proxy_dynflow_core') }
         it { should_not contain_systemd__service_limits('smart_proxy_dynflow_core.service') }
 
         it 'should generate correct dynflow.yml' do