Construct foreman_url from servername and drop parameter #987
Conversation
There was a problem hiding this comment.
If we simplify this, we should also drop support in the Apache config. In particular here:
puppet-foreman/manifests/config/apache.pp
Lines 137 to 158 in 172a16d
There was a problem hiding this comment.
Is there any reason to prevent an user from having a Foreman URL such as https://mybox.example.com/foreman and providing additional services from mybox.example.com ?
I suppose you could still have foreman.example.com and otherservice.example.com running on the same machine but need to be able to create multiple PTR records for reverse lookups (to my knowledge we require full forward and reverse name resolution).
I also understand that downstream, the application is supported as an appliance that should not share hardware with any other services. I don't see any obvious reason to impose this restriction upstream where the user should be free to pursue whatever configuration they desire, as they are the one supporting it.
This used to be supported but the UI broke this a long time ago and we haven't had bug reports from users. Either nobody knew it was there or nobody cares. See https://community.theforeman.org/t/rfc-stop-attempting-to-allow-running-foreman-under-a-sub-folder-in-3-0/24526 |
manifests/init.pp
Outdated
| @@ -296,6 +293,8 @@ | |||
| timeout => 0, | |||
| } | |||
|
|
|||
| $foreman_url = "https://${foreman::servername}" | |||
There was a problem hiding this comment.
This can be simplified to using a local variable.
| $foreman_url = "https://${foreman::servername}" | |
| $foreman_url = "https://${servername}" |
|
@ehelms any plans to revisit this? |
|
I do. And I am wondering how to integrate this into a related request. If we look at https://bugzilla.redhat.com/show_bug.cgi?id=2127515 it denotes multiple URLs that the user wishes could be driven off a single installer input to update: |
I started some investigations into if we can actually move to a world where the whole unattended URL is no longer needed. It's going to be a long one because you want kickstart to get the template over HTTPS (which it can do, even today) while establishing a trusted chain (which we haven't solved today). The main benefit is that we can get rid of serving HTTP on port 80 using Puma altogether and move everything to HTTPS on port 443. Apache can keep a redirect to HTTPS for users. Given it's going to be long term, we should probably simplify it in the installer in the short term.
These all live in the puppet-foreman_proxy module, so should be considered out of scope here.
This lives in puppet-puppet, so also out of scope for this PR. I've been thinking about how to link them up on the same system. You can use Hiera aliases, but for technical reasons that now interferes with how Kafo treats the answer file. What you can do in those other modules is default to |
ehelms
force-pushed
the
drop-foreman-url
branch
from
569e445
to
78716e1
Compare
Drops the foreman_url parameter and constructs it from the servername given to Apache. The foreman_url and servername should match and this gives one less parameter that needs to be configured to get a correct installation.
ehelms
force-pushed
the
drop-foreman-url
branch
from
78716e1
to
96a446e
Compare
Drops the foreman_url parameter and constructs it from the servername
given to Apache. The foreman_url and servername should match
and this gives one less parameter that needs to be configured to get
a correct installation.
@ekohl I was not sure if this is what you mean tor if there is some nuance of these parameters that I am missing where you would want them to be different. I also realize this is a "breaking" change but if accurate, feels cleaner.