Add feature conflicts and parameter persistence for forge#570
Draft
jeremylenz wants to merge 11 commits into
Draft
Add feature conflicts and parameter persistence for forge#570jeremylenz wants to merge 11 commits into
jeremylenz wants to merge 11 commits into
Conversation
Re-implements the upstream satellite_operations.cloud_connector role natively in foremanctl so users can enable it via: foremanctl deploy --add-feature cloud-connector The new role installs rhc and yggdrasil-worker-forwarder, templates the worker config, starts the rhcd service, and sets rhc_instance_id via the Foreman API. Optional HTTP proxy support is included. Works with both foremanctl deploy and forge deploy-dev (with appropriate credential overrides for the dev environment). Enforces mutual exclusion with the iop feature at runtime. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Move iop mutual exclusion and package availability checks into a new check_cloud_connector role that runs in the checks phase, before any services are deployed. This avoids a long deploy-dev run failing late when it reaches the cloud_connector role. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Use ca_path with the Foreman CA certificate instead of validate_certs, matching the pattern used by other roles (foreman, check_foreman_api). The self-signed CA cert is always available in the deploy context. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
After setting the rhc_instance_id, POST to the new /api/v2/rh_cloud/announce_to_sources endpoint to register the Satellite in Sources on console.redhat.com. This replaces the Ruby-side CloudConnectorAnnounceTask that previously triggered on REX job completion. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The yggdrasil-worker-forwarder binary uses the OS trust store and doesn't accept a CA path argument. Add the Foreman CA certificate to the system trust store so the worker can verify Foreman's self-signed certificate when forwarding cloud requests. Also fix Content-Type header on the announce_to_sources POST. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Set allow_auto_inventory_upload to true via the Foreman API, matching the previous cloud connector setup behavior. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Verify /etc/pki/consumer/cert.pem exists early in the checks phase, since the cloud_connector role needs it to derive the rhc_instance_id from the certificate CN. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Remove cross-role variable references from defaults (use standalone fallback values; base.yaml provides the real overrides) - Rename task "Configure rhc-cloud-connector-worker" for consistency - Rename "Announce Satellite to Sources" to "Announce to Sources" - Fix var-naming lint: use role-prefixed variable names instead of double-underscore prefix Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Adds a 'conflicts' key to features.yaml that declares mutually exclusive features. A new conflicting_features filter function validates enabled features and the check_features role fails early with a clear error message when conflicts are detected. Uses cloud-connector / iop as the first conflict pair. Also adds check_features role to deploy-dev so the validation runs in both production and development deploy paths. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Adds OBSAH_PERSIST_PARAMS=true to the forge wrapper, matching foremanctl's behavior. This ensures features added via forge deploy-dev --add-feature are remembered across runs, which is required for conflict detection to work when features are added in separate deploys. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
9 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Why are you introducing these changes? (Problem description, related links)
Some features are mutually exclusive and enabling both leads to a broken deployment. This adds a
conflictsmechanism to the feature system so incompatible combinations are caught at deploy time. Also enables parameter persistence for forge so deploy-dev arguments are remembered between runs.Builds on #569 (cloud-connector-feature) — this PR is intended to be rebased on top of that one. **** ONLY look at the last 3 commits here. ****
What are the changes introduced in this pull request?
conflictskey support tofeatures.yamland aconflicting_featuresfilter plugin that detects mutually exclusive featurescheck_featuresrole to fail deploys when conflicting features are enabledOBSAH_PERSIST_PARAMS)--preserve-plugin-branchesparameter for forge deploy-devHow to test this pull request
Steps to reproduce:
conflictsentry infeatures.yaml, enable both, and verify deployment fails with a clear error messagepython -m pytest tests/unit/features_filter_test.py -vvforge deploy-devwith arguments, then run again without them and verify they are rememberedChecklist
🤖 Generated with Claude Code