Flavor: foreman-proxy-content by arvind4501 · Pull Request #571 · theforeman/foremanctl

arvind4501 · 2026-06-14T17:00:01Z

Why are you introducing these changes? (Problem description, related links)

What are the changes introduced in this pull request?

Introduce foreman-proxy-content flavor to deploy standalone content proxy

How to test this pull request

./foremanctl deploy --flavor foreman-proxy-content --foreman-url https://quadlet.example.com
Observe only relevent services are deployed

Steps to reproduce:

./foremanctl deploy --flavor foreman-proxy-content --foreman-url https://quadlet.example.com

Checklist

Tests added/updated (if applicable)
Documentation updated (if applicable)

arvind4501 · 2026-06-15T05:29:03Z

+- name: Setup quadlet machine
  hosts:
-    - quadlet
+    - "{{ foremanctl_target | default('quadlet') }}"


This is a workaround for development and CI, in production quadlet should just work fine

ehelms · 2026-06-15T17:16:39Z

@@ -1,7 +1,7 @@
 ---
- name: Setup quadlet demo machine
+- name: Setup quadlet machine


Might as well update this as a whole, we don't need to reference the quadlet part in the name here.

ehelms · 2026-06-15T17:17:44Z

+    - role: pulp
+      when: enabled_features | has_feature('pulp')
+    - role: foreman
+      when: "'foreman' in enabled_features"


Should this also use has_feature ?

ehelms · 2026-06-15T17:18:21Z

        - "'hammer' in enabled_features"
-    - post_install
+    - role: post_install
+      when: "'foreman' in enabled_features"


I expect post_install to have elements that can affect other flavors, so I don't think gating it here is the right approach.

ehelms · 2026-06-15T17:18:59Z

    parameter: --bmc-redfish-verify-ssl
    help: Verify SSL certificates for Redfish BMC connections.
    type: Boolean
+  foreman_proxy_foreman_server_url:


I am starting to think foreman_proxy_ should have it's own variable file.

ehelms · 2026-06-15T17:20:16Z

+    parameter: --foreman-url
+    help: URL of the parent Foreman server this proxy connects to.
+  foreman_proxy_trusted_hosts:
+    help: FQDN of a host trusted by the smart proxy. Can be specified multiple times.


This might be confusing to end users as to what should be specified. e.g. clients? foreman servers?

ehelms · 2026-06-15T17:21:24Z

+    action: append_unique
+  foreman_oauth_consumer_key:
+    parameter: --oauth-consumer-key
+    help: OAuth consumer key.


oauth consumer key of what? foreman I assume, but it's ambiguous.

ehelms · 2026-06-15T17:22:16Z

+    parameter: --rhsm-url
+    help: RHSM URL for Pulp smart proxy content mirroring.
+  pulp_smart_proxy_auth_methods:
+    parameter: --smart-proxy-auth-methods


This is confusing, I don't know what this applies to.

ehelms · 2026-06-15T17:22:39Z

@@ -1,2 +1,13 @@
 ---
 checks_databases: []
+checks_per_flavor:


Should the flavor define this instead of the checks role defining it?

ehelms · 2026-06-15T17:25:23Z

 foreman_proxy_bmc_ipmi_implementation: ipmitool
 foreman_proxy_bmc_redfish_verify_ssl: true
+
+foreman_proxy_with_pulp_mirror: "{{ pulp_mirror | default(false) }}"


Where does pulp_mirror come from? That reads like a non-role variable.

Does foreman_proxy know about Pulp? Pulp has a built in smart-proxy.

ehelms · 2026-06-15T17:26:47Z

  - "{{ foreman_proxy_name }}"

+foreman_proxy_trusted_hosts: []
+foreman_proxy_all_trusted_hosts: "{{ (foreman_proxy_default_trusted_hosts + foreman_proxy_trusted_hosts) | unique | list }}"


Is this useful here in the defaults? Could you move this directly into the template?

ehelms · 2026-06-15T17:27:37Z

 httpd_enabled_pulp_snippets: []

+httpd_proxy_foreman_url: "{{ foreman_proxy_foreman_server_url }}"
+httpd_client_certificate: "{{ client_certificate }}"


What is client_certificate? This role doesn't know about this variable. Be mindful, throughout this PR you are blending role and non-role variables.

ehelms · 2026-06-15T17:32:41Z

There are definitely some good nuggets of changes that would make for good, go-ahead, stand-alone PRs to get added. This also points to the need for flavor specific parameters that are only shown for a given flavor.

pr-processor Bot added the Not yet reviewed label Jun 14, 2026

arvind4501 marked this pull request as draft June 15, 2026 05:25

arvind4501 commented Jun 15, 2026

View reviewed changes

pr-processor Bot removed the Not yet reviewed label Jun 15, 2026

arvind4501 force-pushed the flavor/foreman-proxy-content branch 3 times, most recently from 1c4914d to 30bf7ff Compare June 15, 2026 12:19

Arvind Jangir added 4 commits June 15, 2026 17:56

Initial scaffold for flavor foreman-proxy-content

8811ddd

fix ansible lint

41915bc

use flavor specific checks

cd45cfc

add httpd vhost for pulp mirror

9e24eab

arvind4501 force-pushed the flavor/foreman-proxy-content branch from 30bf7ff to 22f010a Compare June 15, 2026 12:26

Tests Structure with flavor directory

b367887

arvind4501 force-pushed the flavor/foreman-proxy-content branch from 019e1bb to b367887 Compare June 15, 2026 15:18

update CI

58ccccd

ehelms reviewed Jun 15, 2026

View reviewed changes

Conversation

arvind4501 commented Jun 14, 2026

Why are you introducing these changes? (Problem description, related links)

What are the changes introduced in this pull request?

How to test this pull request

Checklist

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

ehelms commented Jun 15, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants