Skip to content

Add IOP#280

Merged
ehelms merged 23 commits into
theforeman:masterfrom
ehelms:add-iop
May 1, 2026
Merged

Add IOP#280
ehelms merged 23 commits into
theforeman:masterfrom
ehelms:add-iop

Conversation

@ehelms

@ehelms ehelms commented Nov 2, 2025

Copy link
Copy Markdown
Member

No description provided.

@ehelms ehelms force-pushed the add-iop branch 5 times, most recently from bfdcd43 to 2fd7276 Compare November 4, 2025 01:51
@ehelms ehelms marked this pull request as ready for review November 4, 2025 16:45
@ehelms ehelms force-pushed the add-iop branch 2 times, most recently from 71ce03e to 4cf96ac Compare November 25, 2025 20:35
@ehelms ehelms force-pushed the add-iop branch 6 times, most recently from ddfec69 to eb1df00 Compare December 11, 2025 20:38
@ehelms

ehelms commented Dec 12, 2025

Copy link
Copy Markdown
Member Author

@evgeni Could you check just the github action part of the commit (eb1df00) to make sure it matches with how you think we should use matrix?

Comment thread .github/workflows/test.yml Outdated
Comment thread .github/workflows/test.yml
@evgeni

evgeni commented Dec 12, 2025

Copy link
Copy Markdown
Member

@evgeni Could you check just the github action part of the commit (eb1df00) to make sure it matches with how you think we should use matrix?

I think it can be optimized, posted comments how :)

@ehelms ehelms force-pushed the add-iop branch 5 times, most recently from a200e68 to ffcfc02 Compare December 15, 2025 16:58
@ehelms

ehelms commented Dec 15, 2025

Copy link
Copy Markdown
Member Author

@evgeni For now, I want to keep the same behavior of not supporting remote database yet. Looking at Obsah, I don't think that's possible but I wanted you to check me on that. I need to forbid:

  • database_mode == external and 'iop' in enabled_features

forbidden_if looks like it only allows the first parameter to have a value. Do I read that correctly?

@ehelms ehelms force-pushed the add-iop branch 2 times, most recently from d5bfe6f to 1b2bf3f Compare December 17, 2025 21:29
@evgeni

evgeni commented Dec 18, 2025

Copy link
Copy Markdown
Member

@evgeni For now, I want to keep the same behavior of not supporting remote database yet. Looking at Obsah, I don't think that's possible but I wanted you to check me on that. I need to forbid:

* database_mode == external and 'iop' in enabled_features

forbidden_if looks like it only allows the first parameter to have a value. Do I read that correctly?

That's correct, today we can only forbid "if param P has value Y you can't set params A and B at all"

You could add a check, that's more flexible than what you get at the obsah level?

@ehelms

ehelms commented Dec 18, 2025

Copy link
Copy Markdown
Member Author

You could add a check, that's more flexible than what you get at the obsah level?

I could... just less clear then when do we do parameter validation at the CLI level and when do we do it at the checks level.

@ehelms ehelms force-pushed the add-iop branch 2 times, most recently from c38f9bc to 562a335 Compare April 23, 2026 18:29
@ehelms ehelms force-pushed the add-iop branch 2 times, most recently from 90db263 to 0bf442e Compare April 24, 2026 00:02
ehelms and others added 18 commits April 24, 2026 11:27
Signed-off-by: Eric D. Helms <ericdhelms@gmail.com>
Signed-off-by: Eric D. Helms <ericdhelms@gmail.com>
Signed-off-by: Eric D. Helms <ericdhelms@gmail.com>
Signed-off-by: Eric D. Helms <ericdhelms@gmail.com>
Useful when you install plugins and want their code to work
puppet-iop deploys host-inventory-frontend assets but foremanctl was
missing this role. Adds the iop_inventory_frontend role following the
same pattern as the advisor and vulnerability frontend roles, and
includes it in the iop_core orchestration.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The timer was set to OnCalendar=daily with 1h jitter, but puppet-iop
runs every 4 hours with a 10-minute boot delay. The daily schedule
left vulnerability data stale for too long between syncs.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
puppet-iop has a cvemap_downloader class that manages downloading
cvemap.xml for the VMAAS reposcan service. Without this, VMAAS cannot
fetch CVE data from the REDHAT_CVEMAP_URL it's configured to use.

Adds a service, timer, and path watcher unit matching the puppet-iop
implementation, along with the download script that supports both
online (curl from Red Hat) and offline (manual file) modes.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

@jeremylenz jeremylenz left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🚀

@ehelms ehelms merged commit fbe19fc into theforeman:master May 1, 2026
11 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

5 participants