-
Notifications
You must be signed in to change notification settings - Fork 130
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add pull-mqtt support to smart_proxy_remote_execution
- Loading branch information
Showing
6 changed files
with
176 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,4 @@ | ||
| include foreman_proxy | ||
| class { 'foreman_proxy::plugin::remote_execution::script': | ||
| mode => 'pull-mqtt', | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,94 @@ | ||
| # = Foreman Proxy Remote Execution Mosquitto Configuration | ||
| # | ||
| # This class configures mosquitto for use by Remote Execution pull transport | ||
| # | ||
| # === Parameters: | ||
| # | ||
| # $ssl_ca:: SSL CA to validate the client certificates used to access mosquitto | ||
| # | ||
| # $ssl_cert:: SSL certificate to be used to run mosquitto via SSL. | ||
| # | ||
| # $ssl_key:: Corresponding key to a ssl_cert certificate | ||
| # | ||
| # === Advanced parameters: | ||
| # | ||
| # $port:: Port mosquitto will run on | ||
| # | ||
| # $require_certificate:: When true the client must provide a valid certificate in order to connect successfully | ||
| # | ||
| # $use_identity_as_username:: Use the CN value from the client certificate as a username | ||
| # | ||
| class foreman_proxy::plugin::remote_execution::mosquitto ( | ||
| Stdlib::Port $port = 1883, | ||
| Stdlib::Absolutepath $ssl_ca = $foreman_proxy::ssl_ca, | ||
| Stdlib::Absolutepath $ssl_cert = $foreman_proxy::ssl_cert, | ||
| Stdlib::Absolutepath $ssl_key = $foreman_proxy::ssl_key, | ||
| Boolean $require_certificate = true, | ||
| Boolean $use_identity_as_username = true, | ||
| ) { | ||
| $mosquitto_config_dir = '/etc/mosquitto' | ||
| $mosquitto_ssl_dir = "${mosquitto_config_dir}/ssl" | ||
|
|
||
| class { 'mosquitto': | ||
| package_name => 'mosquitto', | ||
| config => [ | ||
| "listener ${port}", | ||
| "acl_file ${mosquitto_config_dir}/foreman.acl", | ||
| "cafile ${mosquitto_ssl_dir}/ssl_ca.pem", | ||
| "certfile ${mosquitto_ssl_dir}/ssl_cert.pem", | ||
| "keyfile ${mosquitto_ssl_dir}/ssl_key.pem", | ||
| "require_certificate ${require_certificate}", | ||
| "use_identity_as_username ${use_identity_as_username}", | ||
| ], | ||
| } | ||
|
|
||
| file { $mosquitto_config_dir: | ||
| ensure => directory, | ||
| owner => 'root', | ||
| group => 'mosquitto', | ||
| mode => '0755', | ||
| require => Package['mosquitto'], | ||
| } | ||
|
|
||
| file { "${mosquitto_config_dir}/foreman.acl": | ||
| ensure => 'file', | ||
| content => epp( | ||
| "${module_name}/plugin/foreman.acl.epp", | ||
| { user => $facts['networking']['fqdn'] } | ||
| ), | ||
| owner => 'root', | ||
| group => 'mosquitto', | ||
| mode => '0640', | ||
| } | ||
|
|
||
| file { $mosquitto_ssl_dir: | ||
| ensure => directory, | ||
| owner => 'root', | ||
| group => 'mosquitto', | ||
| mode => '0755', | ||
| } | ||
|
|
||
| file { "${mosquitto_ssl_dir}/ssl_cert.pem": | ||
| ensure => 'file', | ||
| content => file($ssl_cert), | ||
| owner => 'root', | ||
| group => 'mosquitto', | ||
| mode => '0440', | ||
| } | ||
|
|
||
| file { "${mosquitto_ssl_dir}/ssl_key.pem": | ||
| ensure => 'file', | ||
| content => file($ssl_key), | ||
| owner => 'root', | ||
| group => 'mosquitto', | ||
| mode => '0440', | ||
| } | ||
|
|
||
| file { "${mosquitto_ssl_dir}/ssl_ca.pem": | ||
| ensure => 'file', | ||
| content => file($ssl_ca), | ||
| owner => 'root', | ||
| group => 'mosquitto', | ||
| mode => '0440', | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,60 @@ | ||
| require 'spec_helper_acceptance' | ||
|
|
||
| describe 'Scenario: install foreman-proxy with remote_execution script plugin with pull-mqtt' do | ||
| before(:context) { purge_installed_packages } | ||
|
|
||
| include_examples 'the example', 'remote_execution_script_pull_mqtt.pp' | ||
|
|
||
| it_behaves_like 'the default foreman proxy application' | ||
|
|
||
| describe port(1883) do | ||
| it { is_expected.to be_listening } | ||
| end | ||
|
|
||
| describe file('/etc/mosquitto/foreman.acl') do | ||
| it { should be_file } | ||
| its(:content) { should match(%r{pattern read yggdrasil\/%u\/data\/in}) } | ||
| its(:content) { should match(%r{pattern write yggdrasil\/%u\/control\/out}) } | ||
| its(:content) { should match(%r{user #{host_inventory['fqdn']}}) } | ||
| its(:content) { should match(%r{topic write yggdrasil\/\+\/data\/in}) } | ||
| its(:content) { should match(%r{topic read yggdrasil\/\+\/control\/out}) } | ||
| end | ||
|
|
||
| describe x509_certificate('/etc/mosquitto/ssl/ssl_cert.pem') do | ||
| it { should be_certificate } | ||
| it { should be_valid } | ||
| end | ||
|
|
||
| describe file('/etc/mosquitto/ssl/ssl_cert.pem') do | ||
| it { should be_file } | ||
| it { should be_mode 440 } | ||
| it { should be_owned_by 'root' } | ||
| it { should be_grouped_into 'mosquitto' } | ||
| end | ||
|
|
||
| describe x509_private_key('/etc/mosquitto/ssl/ssl_key.pem') do | ||
| it { should_not be_encrypted } | ||
| it { should be_valid } | ||
| it { should have_matching_certificate('/etc/mosquitto/ssl/ssl_cert.pem') } | ||
| end | ||
|
|
||
| describe file('/etc/mosquitto/ssl/ssl_key.pem') do | ||
| it { should be_file } | ||
| it { should be_mode 440 } | ||
| it { should be_owned_by 'root' } | ||
| it { should be_grouped_into 'mosquitto' } | ||
| end | ||
|
|
||
| describe x509_certificate('/etc/mosquitto/ssl/ssl_ca.pem') do | ||
| it { should be_certificate } | ||
| it { should be_valid } | ||
| end | ||
|
|
||
| describe file('/etc/mosquitto/ssl/ssl_ca.pem') do | ||
| it { should be_file } | ||
| it { should be_mode 440 } | ||
| it { should be_owned_by 'root' } | ||
| it { should be_grouped_into 'mosquitto' } | ||
| end | ||
|
|
||
| end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,9 @@ | ||
| <%- | | ||
| String[1] $user, | ||
| | -%> | ||
| pattern read yggdrasil/%u/data/in | ||
| pattern write yggdrasil/%u/control/out | ||
|
|
||
| user <%= $user %> | ||
| topic write yggdrasil/+/data/in | ||
| topic read yggdrasil/+/control/out |