diff --git a/src/features.yaml b/src/features.yaml index 4f82adcb4..06effb3a3 100644 --- a/src/features.yaml +++ b/src/features.yaml @@ -62,6 +62,11 @@ iop: description: iop services dependencies: - rh-cloud +container-gateway: + description: Container registry gateway for smart proxy + internal: true + foreman_proxy: + plugin_name: container_gateway bmc: description: Power management for bare metal hosts (IPMI, Redfish) foreman_proxy: diff --git a/src/roles/foreman_proxy/defaults/main.yaml b/src/roles/foreman_proxy/defaults/main.yaml index abd664b17..dd4a933f8 100644 --- a/src/roles/foreman_proxy/defaults/main.yaml +++ b/src/roles/foreman_proxy/defaults/main.yaml @@ -18,6 +18,9 @@ foreman_proxy_disabled_features: "{{ foreman_proxy_available_features | differen foreman_proxy_foreman_server_url: "https://{{ ansible_facts['fqdn'] }}" +# Container gateway settings +foreman_proxy_container_gateway_pulp_endpoint: "https://{{ ansible_facts['fqdn'] }}" + # BMC settings foreman_proxy_bmc_ipmi_implementation: ipmitool foreman_proxy_bmc_redfish_verify_ssl: true diff --git a/src/roles/foreman_proxy/templates/settings.d/container_gateway.yml.j2 b/src/roles/foreman_proxy/templates/settings.d/container_gateway.yml.j2 new file mode 100644 index 000000000..1958932f5 --- /dev/null +++ b/src/roles/foreman_proxy/templates/settings.d/container_gateway.yml.j2 @@ -0,0 +1,4 @@ +--- +:enabled: {{ feature_enabled }} +:pulp_endpoint: {{ foreman_proxy_container_gateway_pulp_endpoint }} +:db_connection_string: postgresql://{{ container_gateway_database_user }}:{{ container_gateway_database_password }}@{{ container_gateway_database_host }}:{{ container_gateway_database_port }}/{{ container_gateway_database_name }} diff --git a/src/roles/httpd/defaults/main.yml b/src/roles/httpd/defaults/main.yml index aab561ba4..5dd2310bb 100644 --- a/src/roles/httpd/defaults/main.yml +++ b/src/roles/httpd/defaults/main.yml @@ -21,6 +21,8 @@ httpd_ipa_keytab: /etc/httpd/conf/http.keytab httpd_ipa_pam_service: "{{ external_authentication_pam_service | default('foreman') }}" httpd_ipa_gssapi_local_name: true +httpd_foreman_proxy_url: "https://{{ ansible_facts['fqdn'] }}:8443" + httpd_with_foreman: "{{ 'foreman' in enabled_features }}" httpd_with_pulpcore: "{{ not httpd_with_foreman and not httpd_with_pulp_mirror }}" httpd_with_pulp_mirror: "{{ pulp_mirror | default(false) }}" diff --git a/src/roles/httpd/templates/foreman-ssl-vhost.conf.j2 b/src/roles/httpd/templates/foreman-ssl-vhost.conf.j2 index 1288b2251..826d336da 100644 --- a/src/roles/httpd/templates/foreman-ssl-vhost.conf.j2 +++ b/src/roles/httpd/templates/foreman-ssl-vhost.conf.j2 @@ -127,6 +127,14 @@ ProxyPass / {{ httpd_foreman_backend }}/ retry=0 timeout=900 upgrade=websocket ProxyPassReverse / {{ httpd_foreman_backend }}/ {% else %} + ## Container Gateway + ProxyPass /v1/ {{ httpd_foreman_proxy_url }}/container_gateway/v1/ + ProxyPassReverse /v1/ {{ httpd_foreman_proxy_url }}/container_gateway/v1/ + ProxyPass /v2/ {{ httpd_foreman_proxy_url }}/container_gateway/v2/ + ProxyPassReverse /v2/ {{ httpd_foreman_proxy_url }}/container_gateway/v2/ + ProxyPass /index/ {{ httpd_foreman_proxy_url }}/container_gateway/index/ + ProxyPassReverse /index/ {{ httpd_foreman_proxy_url }}/container_gateway/index/ + ProxyPass /rhsm {{ httpd_foreman_url }}/rhsm disablereuse=on retry=0 ProxyPassReverse /rhsm {{ httpd_foreman_url }}/rhsm ProxyPass /redhat_access {{ httpd_foreman_url }}/redhat_access disablereuse=on retry=0 diff --git a/src/vars/base.yaml b/src/vars/base.yaml index ed3023aa9..1e27ff0a1 100644 --- a/src/vars/base.yaml +++ b/src/vars/base.yaml @@ -29,6 +29,7 @@ httpd_server_certificate: "{{ server_certificate }}" httpd_server_key: "{{ server_key }}" httpd_enabled_pulp_snippets: "{{ ['pypi'] if 'pulp_python' in pulp_plugins else [] }}" httpd_foreman_url: "{{ foreman_url }}" +httpd_foreman_proxy_url: "{{ foreman_proxy_url }}" httpd_pulp_trusted_hosts: - "{{ foreman_name }}" diff --git a/src/vars/database.yml b/src/vars/database.yml index 7efcfb7d8..f445416e7 100644 --- a/src/vars/database.yml +++ b/src/vars/database.yml @@ -17,6 +17,13 @@ pulp_database_user: pulp pulp_database_password_file: "{{ obsah_state_path }}/pulp-db-password" pulp_database_password: "{{ lookup('ansible.builtin.password', pulp_database_password_file, chars=['ascii_letters', 'digits']) }}" +container_gateway_database_name: container_gateway +container_gateway_database_user: container_gateway +container_gateway_database_password_file: "{{ obsah_state_path }}/container-gateway-db-password" +container_gateway_database_password: "{{ lookup('ansible.builtin.password', container_gateway_database_password_file, chars=['ascii_letters', 'digits']) }}" +container_gateway_database_host: "{{ database_host }}" +container_gateway_database_port: "{{ database_port }}" + postgresql_admin_password_file: "{{ obsah_state_path }}/postgresql-admin-password" postgresql_admin_password: "{{ lookup('ansible.builtin.password', postgresql_admin_password_file, chars=['ascii_letters', 'digits']) }}" @@ -101,6 +108,13 @@ databases: ssl_mode: "{{ pulp_database_ssl_mode }}" ssl_ca: "{{ pulp_database_ssl_ca }}" feature: pulp + - name: container_gateway + database: "{{ container_gateway_database_name }}" + host: "{{ container_gateway_database_host }}" + port: "{{ container_gateway_database_port }}" + user: "{{ container_gateway_database_user }}" + password: "{{ container_gateway_database_password }}" + feature: container-gateway - name: iop_advisor database: "{{ iop_advisor_database_name }}" host: "{{ iop_advisor_database_host }}" diff --git a/src/vars/flavors/foreman-proxy-content.yml b/src/vars/flavors/foreman-proxy-content.yml index 36668f4cc..a3147c4dc 100644 --- a/src/vars/flavors/foreman-proxy-content.yml +++ b/src/vars/flavors/foreman-proxy-content.yml @@ -1,5 +1,6 @@ flavor_features: - foreman-proxy + - container-gateway - content/rpm - content/deb - content/container