Skip to content

Add IOP#280

Open
ehelms wants to merge 13 commits intotheforeman:masterfrom
ehelms:add-iop
Open

Add IOP#280
ehelms wants to merge 13 commits intotheforeman:masterfrom
ehelms:add-iop

Conversation

@ehelms
Copy link
Member

@ehelms ehelms commented Nov 2, 2025

No description provided.

@ehelms ehelms force-pushed the add-iop branch 5 times, most recently from bfdcd43 to 2fd7276 Compare November 4, 2025 01:51
@ehelms ehelms marked this pull request as ready for review November 4, 2025 16:45
@ehelms ehelms mentioned this pull request Nov 6, 2025
Merged
@ehelms ehelms force-pushed the add-iop branch 2 times, most recently from 71ce03e to 4cf96ac Compare November 25, 2025 20:35
@ehelms ehelms force-pushed the add-iop branch 6 times, most recently from ddfec69 to eb1df00 Compare December 11, 2025 20:38
@ehelms
Copy link
Member Author

ehelms commented Dec 12, 2025

@evgeni Could you check just the github action part of the commit (eb1df00) to make sure it matches with how you think we should use matrix?

evgeni
evgeni reviewed Dec 12, 2025
View reviewed changes
evgeni
evgeni reviewed Dec 12, 2025
View reviewed changes
.github/workflows/test.yml
Comment on lines +114 to +117
- name: Enable iop
if: matrix.iop == 'enabled'
run: |
./foremanctl deploy --add-feature iop
Copy link
Member

@evgeni evgeni Dec 12, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

calls to foremanctl deploy are expensive (adds ca 2 minutes to the execution), so I wonder if it'd be smarter to have fewer of those "add optional feature" steps and use something like {{ matrix.iop == 'enabled' && '--add-feature iop' || '' }} inside an existing step

@evgeni
Copy link
Member

evgeni commented Dec 12, 2025

@evgeni Could you check just the github action part of the commit (eb1df00) to make sure it matches with how you think we should use matrix?

I think it can be optimized, posted comments how :)

@ehelms ehelms force-pushed the add-iop branch 5 times, most recently from a200e68 to ffcfc02 Compare December 15, 2025 16:58
@ehelms
Copy link
Member Author

ehelms commented Dec 15, 2025

@evgeni For now, I want to keep the same behavior of not supporting remote database yet. Looking at Obsah, I don't think that's possible but I wanted you to check me on that. I need to forbid:

  • database_mode == external and 'iop' in enabled_features

forbidden_if looks like it only allows the first parameter to have a value. Do I read that correctly?

@ehelms ehelms force-pushed the add-iop branch 2 times, most recently from d5bfe6f to 1b2bf3f Compare December 17, 2025 21:29
@evgeni
Copy link
Member

evgeni commented Dec 18, 2025
edited
Loading

@evgeni For now, I want to keep the same behavior of not supporting remote database yet. Looking at Obsah, I don't think that's possible but I wanted you to check me on that. I need to forbid:

* database_mode == external and 'iop' in enabled_features

forbidden_if looks like it only allows the first parameter to have a value. Do I read that correctly?

That's correct, today we can only forbid "if param P has value Y you can't set params A and B at all"

You could add a check, that's more flexible than what you get at the obsah level?

@ehelms
Copy link
Member Author

ehelms commented Dec 18, 2025

You could add a check, that's more flexible than what you get at the obsah level?

I could... just less clear then when do we do parameter validation at the CLI level and when do we do it at the checks level.

@evgeni
Copy link
Member

evgeni commented Dec 18, 2025

Sure, yeah.

We could easily enhance obsah to reject things like "if A=1 then B can't be 2", but in your case you need "if A=1 then 2 cant be IN B", and I'm not sure how to nicely express that in metadata

@ehelms
Copy link
Member Author

ehelms commented Dec 18, 2025

Here is my attempt to implement that structure: theforeman/obsah#104

@ehelms ehelms force-pushed the add-iop branch 3 times, most recently from 95c8203 to acbe14a Compare December 18, 2025 19:44
pablomh
pablomh reviewed Dec 19, 2025
View reviewed changes
Copy link
Contributor

@pablomh pablomh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Builds and creates running services :)

@ehelms ehelms changed the title Add core services for iop Add IOP Jan 20, 2026
@ehelms ehelms force-pushed the add-iop branch 2 times, most recently from e96e49f to c333fd0 Compare February 2, 2026 13:58
@ehelms
Copy link
Member Author

ehelms commented Feb 3, 2026

I'll need theforeman/puppet-certs#505 to get in so that installer certificate testing can pass.

@ehelms ehelms force-pushed the add-iop branch 3 times, most recently from 85f7f48 to 2e42420 Compare February 4, 2026 13:24
ehelms added 7 commits February 4, 2026 10:03
@ehelms
Add iop_gateway
d860044
@ehelms
Add iop_inventory
f031baf 
Signed-off-by: Eric D. Helms <ericdhelms@gmail.com>
@ehelms
Add iop_advisor
f497f71 
Signed-off-by: Eric D. Helms <ericdhelms@gmail.com>
@ehelms
Add iop_remediation
5d45dbf
@ehelms
Add iop_vmaas and iop_vulnerability
f5bf658 
Signed-off-by: Eric D. Helms <ericdhelms@gmail.com>
@ehelms
Add frontends for advisor and vulnerability
41ae84b
@ehelms
Add iop test github actions
15296d6 
Signed-off-by: Eric D. Helms <ericdhelms@gmail.com>
@evgeni evgeni mentioned this pull request Feb 16, 2026
Draft
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@evgeni evgeni evgeni left review comments

+1 more reviewer

@pablomh pablomh pablomh left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@ehelms @evgeni @pablomh

Comments