Skip to content

[WIP] Refs #34239 - [rex_ssh] Install mosquitto with 'pull-mqtt' mode #726

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wbclark wants to merge 1 commit into from
Closed

[WIP] Refs #34239 - [rex_ssh] Install mosquitto with 'pull-mqtt' mode #726

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions .fixtures.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ fixtures:
dns: 'https://github.com/theforeman/puppet-dns'
extlib: 'https://github.com/voxpupuli/puppet-extlib'
foreman: 'https://github.com/theforeman/puppet-foreman'
mosquitto: 'https://github.com/voxpupuli/puppet-mosquitto'
puppet: 'https://github.com/theforeman/puppet-puppet'
redis: 'https://github.com/voxpupuli/puppet-redis'
stdlib: 'https://github.com/puppetlabs/puppetlabs-stdlib'
Expand Down
1 change: 1 addition & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@ Part of the Foreman installer: <https://github.com/theforeman/foreman-installer>
| 2.x | 1.5 - 1.10 | |
| 1.x | 1.4 and older | |

21.x replaced the older `async_ssh` parameter of `foreman_proxy::remote_execution::ssh` with a more generic `mode` parameter, following the change in [smart_proxy_remote_execution_ssh](https://github.com/theforeman/smart_proxy_remote_execution_ssh) itself. This added support for the new `pull-mqtt` mode and - for that specific configuration only - there is a soft dependency on `puppetlabs-mosquitto >= 1.0.1 < 2.0.0` to install Eclipse Mosquitto as the MQTT broker.
20.x started to register as a Smart Proxy host. This requires Foreman 3.1. When using an older Foreman, set `$register_in_foreman` to false. This does require manual registration then.
18.x switched to running `smart_proxy_dynflow` as part of `foreman-proxy` service by default. On EL* distributions and Foreman < 2.5, `foreman_proxy::plugin::dynflow::external_core` needs to be explicitly set to `true`.
16.x added support for Smart Proxy Registration feature, available in Smart Proxy 2.3 and newer.
Expand Down
6 changes: 6 additions & 0 deletions manifests/plugin/remote_execution/ssh.pp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -62,4 +62,10 @@
group => $foreman_proxy::user,
}
}

if $mode == 'pull-mqtt' {
class { 'mosquitto':
package_name => 'mosquitto',
Copy link
Member

@evgeni evgeni Mar 22, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

what's the reason for overriding the package name here?

}
}
}
7 changes: 7 additions & 0 deletions templates/plugin/remote_execution_ssh.yml.erb
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,9 +1,16 @@
---
:enabled: <%= @module_enabled %>
<% if false -%> # TODO: https://projects.theforeman.org/issues/34439 <% end -%>
:ssh_identity_key_file: <%= scope.lookupvar('::foreman_proxy::plugin::remote_execution::ssh::ssh_identity_path') %>
:local_working_dir: <%= scope.lookupvar('::foreman_proxy::plugin::remote_execution::ssh::local_working_dir') %>
:remote_working_dir: <%= scope.lookupvar('::foreman_proxy::plugin::remote_execution::ssh::remote_working_dir') %>
<% if %r(ssh).match(scope.lookupvar("::foreman_proxy::plugin::remote_execution::ssh::mode")) -%>
:kerberos_auth: <%= scope.lookupvar('::foreman_proxy::plugin::remote_execution::ssh::ssh_kerberos_auth') %>
<% end -%>

Copy link
Member

@ekohl ekohl Feb 9, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Are the options above this (like ssh_identify_key_file and kerberos_auth still relevant in mqtt mode?

Copy link
Contributor Author

@wbclark wbclark Feb 11, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@adamruzicka Is this something that you can answer for us? See the question from above comment as well:

Something I never got clarity on is whether MQTT mode still supports SSH mode or if you really need to choose between the two.

Copy link
Contributor

@adamruzicka adamruzicka Feb 11, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

kerberos_auth is only applicable if one of the ssh modes is used.
ssh_identify_key_file is only applicable for ssh modes and ansible. This is probably something that should be looked into as well

smart_proxy_remote_execution_ssh validates that a private key really exists at the location specified by ssh_identity_key_file, regardless of the selected mode[1].

[1] - https://projects.theforeman.org/issues/34439

Copy link
Contributor Author

@wbclark wbclark Mar 21, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added a comment about it at https://github.com/theforeman/puppet-foreman_proxy/pull/726/files#diff-b2aaacbd8a851b0617daa6eee5a0bb4b0330898d90035b1766117a2012c6a3d9R3

Copy link
Contributor

@adamruzicka adamruzicka Mar 23, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hmm, now that I'm thinking about it again, the ssh key is used for web console integration no matter what mode is used. So maybe always managing the key isn't a bad idea?

# Whether to run remote execution jobs asynchronously
:mode: <%= scope.lookupvar("::foreman_proxy::plugin::remote_execution::ssh::mode") %>
<% if scope.lookupvar("::foreman_proxy::plugin::remote_execution::ssh::mode") == 'pull-mqtt' -%>
:mqtt_broker: localhost
:mqtt_port: 1883
Copy link
Member

@ekohl ekohl Feb 9, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It would be nice if this port was somehow extracted from the mosquitto config.

Copy link
Contributor Author

@wbclark wbclark Mar 21, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Will add the additional params necessary to make that happen

<% end -%>