Refs #35985 - Implement optional Katello integration

Katello uses a different certificate structure. This moves over the integration bits from puppet-foreman_proxy_content to this module. It also means fewer variables need to be set in the installer itself.
theforeman · Jan 27, 2023 · 49fb1af · 49fb1af
1 parent 11d1eef
commit 49fb1af
Show file tree

Hide file tree

Showing 2 changed files with 28 additions and 4 deletions.
diff --git a/README.md b/README.md
@@ -53,6 +53,15 @@ Since version 15.0.0 the integration bits depend on the standalone module where
 previously it depended on
 [theforeman/foreman](https://forge.puppetlabs.com/theforeman/foreman)
 
+There is also optional integration for [katello/certs](https://forge.puppetlabs.com/katello/certs).
+This can be enabled via Hiera:
+
+```yaml
+puppet::server::foreman::katello: true
+```
+
+Then the `foreman_ssl_{ca,cert,key}` parameters are ignored and `certs::puppet` is used as a source.
+
 ## PuppetDB integration
 
 The Puppet master can be configured to export catalogs and reports to a

diff --git a/manifests/server/foreman.pp b/manifests/server/foreman.pp
@@ -1,6 +1,21 @@
 # @summary Set up Foreman integration
 # @api private
-class puppet::server::foreman {
+class puppet::server::foreman (
+  Boolean $katello = false,
+) {
+  if $katello {
+    include certs::puppet
+    Class['certs::puppet'] -> Class['puppetserver_foreman']
+
+    $ssl_ca = $certs::puppet::ssl_ca_cert
+    $ssl_cert = $certs::puppet::client_cert
+    $ssl_key = $certs::puppet::client_key
+  } else {
+    $ssl_ca = pick($puppet::server::foreman_ssl_ca, $puppet::server::ssl_ca_cert)
+    $ssl_cert = pick($puppet::server::foreman_ssl_cert, $puppet::server::ssl_cert)
+    $ssl_key = pick($puppet::server::foreman_ssl_key, $puppet::server::ssl_cert_key)
+  }
+
   # Include foreman components for the puppetmaster
   # ENC script, reporting script etc.
   class { 'puppetserver_foreman':
@@ -10,9 +25,9 @@
     puppet_home      => $puppet::server::puppetserver_vardir,
     puppet_basedir   => $puppet::server::puppet_basedir,
     puppet_etcdir    => $puppet::dir,
-    ssl_ca           => pick($puppet::server::foreman_ssl_ca, $puppet::server::ssl_ca_cert),
-    ssl_cert         => pick($puppet::server::foreman_ssl_cert, $puppet::server::ssl_cert),
-    ssl_key          => pick($puppet::server::foreman_ssl_key, $puppet::server::ssl_cert_key),
+    ssl_ca           => $ssl_ca,
+    ssl_cert         => $ssl_cert,
+    ssl_key          => $ssl_key,
   }
   contain puppetserver_foreman
 }