From e9c751cfce9f07228f858bf2dad7b2615853a9ea Mon Sep 17 00:00:00 2001 From: Arvind Jangir Date: Mon, 4 May 2026 11:18:41 +0530 Subject: [PATCH 1/6] Add BMC feature to foreman-proxy --- src/features.yaml | 4 ++++ src/playbooks/deploy/metadata.obsah.yaml | 11 +++++++++++ src/roles/foreman_proxy/defaults/main.yaml | 3 +++ .../foreman_proxy/templates/settings.d/bmc.yml.j2 | 3 +++ 4 files changed, 21 insertions(+) create mode 100644 src/roles/foreman_proxy/templates/settings.d/bmc.yml.j2 diff --git a/src/features.yaml b/src/features.yaml index 5a77a1585..24dc7a084 100644 --- a/src/features.yaml +++ b/src/features.yaml @@ -44,3 +44,7 @@ iop: description: iop services dependencies: - rh-cloud +bmc: + description: Power management for bare metal hosts (IPMI, Redfish, SSH) + foreman_proxy: + plugin_name: bmc diff --git a/src/playbooks/deploy/metadata.obsah.yaml b/src/playbooks/deploy/metadata.obsah.yaml index 0f75a7922..8ea6db526 100644 --- a/src/playbooks/deploy/metadata.obsah.yaml +++ b/src/playbooks/deploy/metadata.obsah.yaml @@ -44,6 +44,17 @@ variables: type: AbsolutePath parameter: --certificate-server-ca-certificate persist: false + foreman_proxy_bmc_default_provider: + parameter: --bmc-default-provider + help: Default BMC provider. + choices: + - freeipmi + - ipmitool + - redfish + foreman_proxy_bmc_redfish_verify_ssl: + parameter: --bmc-redfish-verify-ssl + help: Verify SSL certificates for Redfish BMC connections. + type: Boolean constraints: required_together: diff --git a/src/roles/foreman_proxy/defaults/main.yaml b/src/roles/foreman_proxy/defaults/main.yaml index 1d48354d3..cd4e343bc 100644 --- a/src/roles/foreman_proxy/defaults/main.yaml +++ b/src/roles/foreman_proxy/defaults/main.yaml @@ -19,3 +19,6 @@ foreman_proxy_available_features: "{{ [] | available_foreman_proxy_plugins }}" foreman_proxy_disabled_features: "{{ foreman_proxy_available_features | difference(foreman_proxy_features) }}" foreman_proxy_foreman_server_url: "https://{{ ansible_facts['fqdn'] }}" + +# BMC settings +foreman_proxy_bmc_default_provider: ipmitool diff --git a/src/roles/foreman_proxy/templates/settings.d/bmc.yml.j2 b/src/roles/foreman_proxy/templates/settings.d/bmc.yml.j2 new file mode 100644 index 000000000..21abd2baa --- /dev/null +++ b/src/roles/foreman_proxy/templates/settings.d/bmc.yml.j2 @@ -0,0 +1,3 @@ +--- +:enabled: {{ feature_enabled }} +:bmc_default_provider: {{ foreman_proxy_bmc_default_provider }} From 602b4fdfb39c221aad66eb5cecce7404ee7a2eda Mon Sep 17 00:00:00 2001 From: Arvind Jangir Date: Mon, 4 May 2026 17:13:53 +0530 Subject: [PATCH 2/6] Add Redfish configurations --- src/roles/foreman_proxy/defaults/main.yaml | 1 + src/roles/foreman_proxy/templates/settings.d/bmc.yml.j2 | 4 ++++ 2 files changed, 5 insertions(+) diff --git a/src/roles/foreman_proxy/defaults/main.yaml b/src/roles/foreman_proxy/defaults/main.yaml index cd4e343bc..11792e62a 100644 --- a/src/roles/foreman_proxy/defaults/main.yaml +++ b/src/roles/foreman_proxy/defaults/main.yaml @@ -22,3 +22,4 @@ foreman_proxy_foreman_server_url: "https://{{ ansible_facts['fqdn'] }}" # BMC settings foreman_proxy_bmc_default_provider: ipmitool +foreman_proxy_bmc_redfish_verify_ssl: true diff --git a/src/roles/foreman_proxy/templates/settings.d/bmc.yml.j2 b/src/roles/foreman_proxy/templates/settings.d/bmc.yml.j2 index 21abd2baa..a37d75c00 100644 --- a/src/roles/foreman_proxy/templates/settings.d/bmc.yml.j2 +++ b/src/roles/foreman_proxy/templates/settings.d/bmc.yml.j2 @@ -1,3 +1,7 @@ --- :enabled: {{ feature_enabled }} :bmc_default_provider: {{ foreman_proxy_bmc_default_provider }} + +{% if foreman_proxy_bmc_default_provider == 'redfish' %} +:redfish_verify_ssl: {{ foreman_proxy_bmc_redfish_verify_ssl }} +{% endif %} From 3f2dfe9dd4337433a49abe4322e8c3bd86c61415 Mon Sep 17 00:00:00 2001 From: Arvind Jangir Date: Tue, 5 May 2026 14:43:30 +0530 Subject: [PATCH 3/6] tests --- tests/bmc_test.py | 41 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) create mode 100644 tests/bmc_test.py diff --git a/tests/bmc_test.py b/tests/bmc_test.py new file mode 100644 index 000000000..265e002a7 --- /dev/null +++ b/tests/bmc_test.py @@ -0,0 +1,41 @@ +import json +import os +import pytest +import yaml + +FOREMAN_PROXY_PORT = 8443 +BMC_CONFIG = "/etc/foreman-proxy/settings.d/bmc.yml" + +test_dir = os.path.dirname(os.path.abspath(__file__)) +foremanctl_dir = os.path.dirname(test_dir) +params_file = os.path.join(foremanctl_dir, '.var', 'lib', 'foremanctl', 'parameters.yaml') + +def is_bmc_enabled(): + if os.path.exists(params_file): + with open(params_file, 'r') as f: + params = yaml.safe_load(f) + features = params.get('features', []) + if isinstance(features, str): + features = features.split() + return 'bmc' in features + return False + +def get_bmc_provider(): + if os.path.exists(params_file): + with open(params_file, 'r') as f: + params = yaml.safe_load(f) + return params.get('foreman_proxy_bmc_default_provider', 'ipmitool') + return 'ipmitool' + +@pytest.mark.skipif("not is_bmc_enabled()") +def test_bmc_feature_in_proxy(server, certificates, server_fqdn): + cmd = server.run(f"curl --cacert {certificates['ca_certificate']} --silent https://{server_fqdn}:{FOREMAN_PROXY_PORT}/features") + assert cmd.succeeded + features = json.loads(cmd.stdout) + assert "bmc" in features + +@pytest.mark.skipif("not is_bmc_enabled()") +def test_bmc_default_provider(server): + cmd = server.run(f"podman exec foreman-proxy grep ':bmc_default_provider:' {BMC_CONFIG}") + assert cmd.succeeded + assert get_bmc_provider() in cmd.stdout From a199b4c496b32435101e45e087f0e04554e9100d Mon Sep 17 00:00:00 2001 From: Arvind Jangir Date: Wed, 6 May 2026 11:40:07 +0530 Subject: [PATCH 4/6] update parameters doc --- docs/user/parameters.md | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/docs/user/parameters.md b/docs/user/parameters.md index 4b35b713c..f6ba356ac 100644 --- a/docs/user/parameters.md +++ b/docs/user/parameters.md @@ -103,6 +103,13 @@ There are multiple use cases from the users perspective that dictate what parame ## Smart Proxy +### Mapped + +| Parameter | Description | foreman-installer Parameters | +| --------- | ----------- | ---------------------------- | +| `--bmc-default-provider` | Default BMC provider | `--foreman-proxy-bmc-default-provider` | +| `--bmc-redfish-verify-ssl` | Verify SSL certificates for Redfish BMC connections | `--foreman-proxy-bmc-redfish-verify-ssl` | + ### Undetermined | Installer Parameter | Description | Module | Puppet Parameter | @@ -152,8 +159,6 @@ There are multiple use cases from the users perspective that dictate what parame | `--foreman-proxy-plugin-remote-execution-script-mode` | | foreman_proxy::plugin::remote_execution_script | mode | | `--foreman-proxy-plugin-openscap-ansible-module` | | foreman_proxy::plugin::openscap | ansible_module | | `--foreman-proxy-plugin-openscap-puppet-module` | | foreman_proxy::plugin::openscap | puppet_module | -| `--foreman-proxy-bmc` | | | | -| `--foreman-proxy-bmc-default-provider` | | | | | `--foreman-proxy-content-enable-ostree` | | | | | `--foreman-proxy-content-pulpcore-additional-import-paths` | | | | | `--foreman-proxy-http` | | | | From 7c4db9f2b8ccae96c3f10da883120411eaecb058 Mon Sep 17 00:00:00 2001 From: Arvind Jangir Date: Wed, 6 May 2026 14:04:05 +0530 Subject: [PATCH 5/6] refactor tests --- tests/bmc_test.py | 41 ------------------------------------- tests/conftest.py | 14 ++++++------- tests/foreman_proxy_test.py | 26 ++++++++++++++++++++++- 3 files changed, 31 insertions(+), 50 deletions(-) delete mode 100644 tests/bmc_test.py diff --git a/tests/bmc_test.py b/tests/bmc_test.py deleted file mode 100644 index 265e002a7..000000000 --- a/tests/bmc_test.py +++ /dev/null @@ -1,41 +0,0 @@ -import json -import os -import pytest -import yaml - -FOREMAN_PROXY_PORT = 8443 -BMC_CONFIG = "/etc/foreman-proxy/settings.d/bmc.yml" - -test_dir = os.path.dirname(os.path.abspath(__file__)) -foremanctl_dir = os.path.dirname(test_dir) -params_file = os.path.join(foremanctl_dir, '.var', 'lib', 'foremanctl', 'parameters.yaml') - -def is_bmc_enabled(): - if os.path.exists(params_file): - with open(params_file, 'r') as f: - params = yaml.safe_load(f) - features = params.get('features', []) - if isinstance(features, str): - features = features.split() - return 'bmc' in features - return False - -def get_bmc_provider(): - if os.path.exists(params_file): - with open(params_file, 'r') as f: - params = yaml.safe_load(f) - return params.get('foreman_proxy_bmc_default_provider', 'ipmitool') - return 'ipmitool' - -@pytest.mark.skipif("not is_bmc_enabled()") -def test_bmc_feature_in_proxy(server, certificates, server_fqdn): - cmd = server.run(f"curl --cacert {certificates['ca_certificate']} --silent https://{server_fqdn}:{FOREMAN_PROXY_PORT}/features") - assert cmd.succeeded - features = json.loads(cmd.stdout) - assert "bmc" in features - -@pytest.mark.skipif("not is_bmc_enabled()") -def test_bmc_default_provider(server): - cmd = server.run(f"podman exec foreman-proxy grep ':bmc_default_provider:' {BMC_CONFIG}") - assert cmd.succeeded - assert get_bmc_provider() in cmd.stdout diff --git a/tests/conftest.py b/tests/conftest.py index 656632c90..468235c7c 100644 --- a/tests/conftest.py +++ b/tests/conftest.py @@ -191,22 +191,20 @@ def wait_for_tasks(foremanapi, search=None): def wait_for_metadata_generate(foremanapi): wait_for_tasks(foremanapi, 'label = Actions::Katello::Repository::MetadataGenerate') - -def is_iop_enabled(): +def enabled_features(): test_dir = os.path.dirname(os.path.abspath(__file__)) foremanctl_dir = os.path.dirname(test_dir) params_file = os.path.join(foremanctl_dir, '.var', 'lib', 'foremanctl', 'parameters.yaml') - if os.path.exists(params_file): with open(params_file, 'r') as f: - params = yaml.safe_load(f) - features = params.get('features', []) + features = yaml.safe_load(f).get('features', []) if isinstance(features, str): features = features.split() - return 'iop' in features - - return False + return features + return [] +def is_iop_enabled(): + return 'iop' in enabled_features() def pytest_configure(config): config.addinivalue_line("markers", "iop: tests requiring IOP to be enabled") diff --git a/tests/foreman_proxy_test.py b/tests/foreman_proxy_test.py index 4cf886dcb..6236c04a5 100644 --- a/tests/foreman_proxy_test.py +++ b/tests/foreman_proxy_test.py @@ -1,16 +1,34 @@ import datetime import json import pytest +import yaml +from conftest import enabled_features FOREMAN_PROXY_PORT = 8443 +BMC_CONFIG = "/etc/foreman-proxy/settings.d/bmc.yml" + +def get_proxy_feature_setting(server, feature, default=None): + cmd = server.run(f"podman exec foreman-proxy cat /etc/foreman-proxy/settings.d/{feature}.yml") + if cmd.succeeded: + return yaml.safe_load(cmd.stdout) + return default + +def is_bmc_enabled(): + return 'bmc' in enabled_features() + +def get_default_bmc_provider(server): + bmc_setting = get_proxy_feature_setting(server, 'bmc') + return bmc_setting.get(':bmc_default_provider', 'ipmitool') def test_foreman_proxy_features(server, certificates, server_fqdn): - cmd = server.run(f"curl --cacert {certificates['server_ca_certificate']} --silent https://{server_fqdn}:{FOREMAN_PROXY_PORT}/features") + cmd = server.run(f"curl --cacert {certificates['ca_certificate']} --silent https://{server_fqdn}:{FOREMAN_PROXY_PORT}/features") assert cmd.succeeded features = json.loads(cmd.stdout) assert "logs" in features assert "script" in features assert "dynflow" in features + if is_bmc_enabled(): + assert "bmc" in features def test_foreman_proxy_service(server): foreman_proxy = server.service("foreman-proxy") @@ -33,3 +51,9 @@ def test_foreman_proxy_client_auth_to_foreman(server, certificates, server_fqdn) ) assert cmd.succeeded assert cmd.stdout == '201' + +@pytest.mark.skipif("not is_bmc_enabled()") +def test_bmc_default_provider(server): + cmd = server.run(f"podman exec foreman-proxy grep ':bmc_default_provider:' {BMC_CONFIG}") + assert cmd.succeeded + assert get_default_bmc_provider(server) in cmd.stdout From 3a93f2cb0980af4d82d48b3f96809209a46aa11d Mon Sep 17 00:00:00 2001 From: Arvind Jangir Date: Wed, 6 May 2026 15:03:25 +0530 Subject: [PATCH 6/6] use server ca --- tests/foreman_proxy_test.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/foreman_proxy_test.py b/tests/foreman_proxy_test.py index 6236c04a5..bd39dd64c 100644 --- a/tests/foreman_proxy_test.py +++ b/tests/foreman_proxy_test.py @@ -21,7 +21,7 @@ def get_default_bmc_provider(server): return bmc_setting.get(':bmc_default_provider', 'ipmitool') def test_foreman_proxy_features(server, certificates, server_fqdn): - cmd = server.run(f"curl --cacert {certificates['ca_certificate']} --silent https://{server_fqdn}:{FOREMAN_PROXY_PORT}/features") + cmd = server.run(f"curl --cacert {certificates['server_ca_certificate']} --silent https://{server_fqdn}:{FOREMAN_PROXY_PORT}/features") assert cmd.succeeded features = json.loads(cmd.stdout) assert "logs" in features