-
Notifications
You must be signed in to change notification settings - Fork 991
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fixes #37601 - Add Foreman CA refresh template
In this PR I am introducing a way to refresh CA certificate for Foreman server. It will have the following parts: [X] Downloadable template to run directly on a server [ ] REX script template to be used with SSH REX provider [ ] REX Ansible template to be used with Ansible REX provider All the ways would refresh `katello-server-ca.pem` file and refresh CA root store accordingly. Also added the certs to the ENC, so every ENC consumer would be able to use them to refresh Foreman's CA on host.
- Loading branch information
1 parent
d59c5c1
commit d7a8a1e
Showing
22 changed files
with
167 additions
and
44 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
17 changes: 17 additions & 0 deletions
17
app/views/unattended/provisioning_templates/registration/foreman_ca_refresh.erb
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
<%# | ||
kind: public | ||
name: foreman_ca_refresh | ||
model: ProvisioningTemplate | ||
oses: | ||
- AlmaLinux | ||
- CentOS | ||
- CentOS_Stream | ||
- Fedora | ||
- RedHat | ||
- Rocky | ||
description: | | ||
This template is used to refresh foreman CA certificates on Katello-registered hosts | ||
-%> | ||
#!/bin/sh | ||
|
||
<%= snippet('ca_registration') -%> |
15 changes: 15 additions & 0 deletions
15
app/views/unattended/provisioning_templates/registration/foreman_raw_ca.erb
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
<%# | ||
kind: public | ||
name: foreman_raw_ca | ||
model: ProvisioningTemplate | ||
oses: | ||
- AlmaLinux | ||
- CentOS | ||
- CentOS_Stream | ||
- Fedora | ||
- RedHat | ||
- Rocky | ||
description: | | ||
This template exposes the CA certificate to be consumed directly from a URL. | ||
-%> | ||
<%= foreman_server_ca_cert -%> |
34 changes: 34 additions & 0 deletions
34
app/views/unattended/provisioning_templates/snippet/ca_registration.erb
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,34 @@ | ||
<%# | ||
kind: snippet | ||
name: ca_registration | ||
model: ProvisioningTemplate | ||
snippet: true | ||
description: | | ||
This template is used for updating Foreman's CA on hosts that are registered by Katello. | ||
It replaces the CA used by subscription-manager and adds the CA to trusted anchors. | ||
-%> | ||
<% if plugin_present?('katello') -%> | ||
# Define the path to the Katello server CA certificate | ||
KATELLO_SERVER_CA_CERT=/etc/rhsm/ca/katello-server-ca.pem | ||
|
||
# If katello ca cert file exists on host, update it and make sure it's in trust anchors | ||
if [ -f "$KATELLO_SERVER_CA_CERT" ]; then | ||
<%= save_to_file('"$KATELLO_SERVER_CA_CERT"', foreman_server_ca_cert) -%> | ||
|
||
if [ -f /etc/debian_version ]; then | ||
CA_TRUST_ANCHORS=/usr/local/share/ca-certificates/ | ||
else | ||
CA_TRUST_ANCHORS=/etc/pki/ca-trust/source/anchors | ||
fi | ||
|
||
# Add the Katello CA certificate to the system-wide CA certificate store | ||
cp $KATELLO_SERVER_CA_CERT $CA_TRUST_ANCHORS | ||
|
||
if [ -f /etc/debian_version ]; then | ||
update-ca-certificates | ||
else | ||
update-ca-trust | ||
fi | ||
fi | ||
<% end -%> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.