Skip to content

Flavor: foreman-proxy-content#571

Merged
ehelms merged 22 commits into
theforeman:masterfrom
arvind4501:flavor/foreman-proxy-content
Jul 2, 2026
Merged

Flavor: foreman-proxy-content#571
ehelms merged 22 commits into
theforeman:masterfrom
arvind4501:flavor/foreman-proxy-content

Conversation

@arvind4501

@arvind4501 arvind4501 commented Jun 14, 2026

Copy link
Copy Markdown
Contributor

Why are you introducing these changes? (Problem description, related links)

What are the changes introduced in this pull request?

  • Add deploy-proxy sub-command to deploy proxy specific flavors(ex: foreman-proxy-content)
  • Add proxy specific parameters to deploy-proxy ex: certs tar file and foreman fqdn
  • Make health checks, post-install tasks, and pull-images flavor-aware instead of hardcoded to katello
  • Support certificate extraction from tar bundles on proxy nodes
  • Add httpd vhosts for proxying Pulp content and RHSM requests
  • Add flavor-specific test directories, --flavor pytest option, and proxy CI job
  • Refactor deploy metadata into reusable obsah includes (_foreman, _foreman_proxy, _pulp, _flavors/katello)

How to test this pull request

  • ./foremanctl deploy

  • ./foremanctl certificate-bundle proxy.example.com to generate bundle

  • ./foremanctl deploy-proxy --flavor foreman-proxy-content --certificate-bundle /path-to-tar --foreman-fqdn quadlet.example.com

  • Observe only relevent services are deployed

Steps to reproduce:

  • ./foremanctl deploy-proxy --flavor foreman-proxy-content --certificate-bundle /path-to-tar --foreman-fqdn quadlet.example.com

Checklist

  • Tests added/updated (if applicable)
  • Documentation updated (if applicable)

@arvind4501 arvind4501 marked this pull request as draft June 15, 2026 05:25
Comment thread src/playbooks/deploy/deploy.yaml Outdated
@arvind4501 arvind4501 force-pushed the flavor/foreman-proxy-content branch 5 times, most recently from 019e1bb to b367887 Compare June 15, 2026 15:18
Comment thread src/playbooks/deploy/deploy.yaml Outdated
Comment thread src/playbooks/deploy/deploy.yaml Outdated
Comment thread src/playbooks/deploy/deploy.yaml Outdated
Comment thread src/playbooks/deploy/metadata.obsah.yaml Outdated
Comment thread src/playbooks/deploy/metadata.obsah.yaml Outdated
Comment thread src/playbooks/deploy/metadata.obsah.yaml Outdated
Comment thread src/playbooks/deploy/metadata.obsah.yaml Outdated
Comment thread src/roles/checks/defaults/main.yml Outdated
Comment thread src/roles/foreman_proxy/defaults/main.yaml
Comment thread src/roles/foreman_proxy/defaults/main.yaml Outdated
Comment thread src/roles/httpd/defaults/main.yml Outdated
@ehelms

ehelms commented Jun 15, 2026

Copy link
Copy Markdown
Member

There are definitely some good nuggets of changes that would make for good, go-ahead, stand-alone PRs to get added. This also points to the need for flavor specific parameters that are only shown for a given flavor.

Comment thread src/roles/pulp/defaults/main.yaml Outdated
@arvind4501 arvind4501 requested a review from stejskalleos June 16, 2026 11:45
Comment thread src/playbooks/_foreman_proxy/metadata.obsah.yaml Outdated
Comment thread src/playbooks/_foreman_proxy/metadata.obsah.yaml Outdated
Comment thread src/vars/flavors/foreman-proxy-content.yml
Comment thread Vagrantfile
@ehelms ehelms mentioned this pull request Jun 16, 2026
2 tasks
@arvind4501

arvind4501 commented Jun 16, 2026

Copy link
Copy Markdown
Contributor Author

I have been facing one issue which i already have a workaround implemented but i wanted to know if we should solve it properly?

so we have a static quadlet target in our playbooks(which may be fine for today as it points to localhost), but in CI and development we need to deploy on different servers not localhost. currently the workaround is to pass a extra var in command and use that to determine the host.

What about exposting a --target obsah option to manage that, but the issue is its visible to users

@arvind4501 arvind4501 force-pushed the flavor/foreman-proxy-content branch from b199850 to 90c6bcf Compare June 16, 2026 16:47
Comment thread src/playbooks/deploy-proxy/metadata.obsah.yaml
Comment thread src/playbooks/deploy-proxy/metadata.obsah.yaml
Comment thread src/roles/certificate_bundle/tasks/main.yml
@arvind4501 arvind4501 force-pushed the flavor/foreman-proxy-content branch from 56349d9 to bb71f97 Compare July 2, 2026 06:27

@Gauravtalreja1 Gauravtalreja1 left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ACK, tested with foremanctl-3.0.0.develop-2.20260701164348391310.pr571.89.g56349d9.el9.noarch 🍏

Tested deploy-proxy with foreman-proxy-content flavor on a two-node setup (quadlet + proxy).

Certificate sources tested:

  • Default (internal CA)
  • Custom server certificates (generated via Robottelo scripts)

Validated:

  • Proxy deploys successfully with both cert sources
  • Only expected services running on proxy (pulp-api, pulp-content, pulp-worker, postgresql, valkey, httpd, foreman-proxy) (no foreman, candlepin, or dynflow)
  • PostgreSQL has only pulp database and user on proxy (no foreman/candlepin)
  • HTTPS endpoints working: /pulp/api/v3/status/ (200), /pulp/content/ (200), /rhsm (proxied to server), /katello/api/v2/repositories/ (proxied to server)
  • Pulp mirror mode enabled on proxy (mirror: true, client_authentication: ["client_certificate"])
  • Smart proxy capabilities include all expected features (core, smart_proxy, rpm, deb, ansible, python, container, file, certguard)
  • Trusted hosts includes only foreman server FQDN

Issues found:

@ehelms ehelms merged commit 2198602 into theforeman:master Jul 2, 2026
16 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

6 participants