Use unix socket for httpd -> Foreman communication

ekohl · ekohl · commit 3c95a0df854e · 2025-03-11T21:06:37.000+01:00
diff --git a/roles/foreman/defaults/main.yaml b/roles/foreman/defaults/main.yaml
@@ -1,4 +1,5 @@
 ---
 foreman_container_image: "quay.io/evgeni/foreman-rpm"
 foreman_container_tag: "nightly"
-foreman_listen_stream: localhost:3000
+foreman_listen_stream: /run/foreman.sock
+foreman_url: "https://{{ ansible_fqdn }}"
diff --git a/roles/foreman/tasks/main.yaml b/roles/foreman/tasks/main.yaml
@@ -122,7 +122,8 @@
 
 - name: Wait for Foreman service to be accessible
   ansible.builtin.uri:
-    url: 'http://{{ foreman_listen_stream }}/api/v2/ping'
+    url: '{{ foreman_url }}/api/v2/ping'
+    validate_certs: false # TODO
   until: foreman_status.status == 200
   retries: 60
   delay: 5
@@ -140,7 +141,8 @@
 
 - name: Wait for Foreman tasks to be ready
   ansible.builtin.uri:
-    url: 'http://{{ foreman_listen_stream }}/api/v2/ping'
+    url: '{{ foreman_url }}/api/v2/ping'
+    validate_certs: false # TODO
   until: foreman_tasks_status.json['results']['katello']['services']['foreman_tasks']['status'] == 'ok'
   retries: 60
   delay: 5
@@ -152,6 +154,7 @@
   theforeman.foreman.smart_proxy:
     name: "{{ ansible_fqdn }}"
     url: "https://{{ ansible_fqdn }}:9090"
-    server_url: "http://{{ foreman_listen_stream }}"
+    server_url: "{{ foreman_url }}"
+    validate_certs: false # TODO
     username: admin
     password: changeme
diff --git a/roles/foreman/templates/settings.yaml.j2 b/roles/foreman/templates/settings.yaml.j2
@@ -3,6 +3,8 @@
 :ssl_ca_file: /etc/foreman/katello-default-ca.crt
 :ssl_priv_key: /etc/foreman/client_key.pem
 
+:foreman_url: {{ foreman_url }}
+
 :rails_cache_store:
   :type: redis
   :urls:
diff --git a/roles/foreman_proxy/templates/settings.yaml.j2 b/roles/foreman_proxy/templates/settings.yaml.j2
@@ -7,7 +7,7 @@
 :trusted_hosts:
   - {{ ansible_fqdn }}
 
-:foreman_url: http://{{ ansible_fqdn }}:3000
+:foreman_url: https://{{ ansible_fqdn }}
 
 :foreman_ssl_ca: /etc/foreman-proxy/foreman_ssl_ca.pem
 :foreman_ssl_cert: /etc/foreman-proxy/foreman_ssl_cert.pem
diff --git a/roles/httpd/defaults/main.yml b/roles/httpd/defaults/main.yml
@@ -1,4 +1,4 @@
 httpd_ssl_dir: /etc/pki/httpd
 httpd_pulp_api_backend: http://localhost:24817
 httpd_pulp_content_backend: http://localhost:24816
-httpd_foreman_backend: http://localhost:3000
+httpd_foreman_backend: unix:///run/foreman.sock
