Add apache config support for /pypi by pavanshekar · Pull Request #458 · theforeman/foremanctl

pavanshekar · 2026-04-20T15:41:37Z

Why are you introducing these changes? (Problem description, related links)

Add Apache config support for /pypi in foremanctl

Fixes SAT-44475

What are the changes introduced in this pull request?

Added <Location "/pypi"> block in foreman-ssl-vhost.conf.j2 to proxy requests to Pulp API backend
Configured required headers: X-CLIENT-CERT, X-FORWARDED-PROTO
Set timeout to 600 seconds (matching other Pulp API routes)

How to test this pull request

Steps to reproduce:

Deploy the changes
SSH into the VM
Verify the Apache configuration was generated:
grep -A 6 'Location "/pypi"' /etc/httpd/conf.d/foreman-ssl.conf
Expected: Should show the /pypi Location block with correct headers and proxy settings

Checklist

Tests added/updated (if applicable)
Documentation updated (if applicable)

ehelms · 2026-04-21T14:04:27Z

    ProxyPassReverse {{ httpd_pulp_content_backend }}/pulp/content
  </Location>

+  <Location "/pypi">


In foreman-installer this was added conditionally if python content type was enabled. I think we should do the same here so as not to expose routes that have no effect.

I've updated the template to conditionally include the /pypi Location block only when pulp_python is in the enabled plugins list.

ehelms · 2026-04-21T17:07:40Z

    ProxyPassReverse {{ httpd_pulp_content_backend }}/pulp/content
  </Location>

+{% if 'pulp_python' in (pulp_enabled_plugins | default([])) %}


The problem is that this variable is from the pulp role, and this is the httpd role.

@evgeni -- do you think we should go with role variables httpd_pulp_python or we should have Pulp role require/expect httpd, and use our drop in directory to have the pulp role drop in chunks?

Just checking in on this when you have a moment. Happy to proceed based on your suggestion.

Jinja has an include tag, so we could do something like:

# httpd/defaults/main.yml httpd_enabled_pulp_snippets: [] # vhost.conf.j2: {% for httpd_pulp_snippet in httpd_enabled_pulp_snippets %} {% include httpd_pulp_snippet+'.j2' %} {% endfor %}

and then feed httpd_enabled_pulp_snippets with the right list of enabled pulp plugins at the foremanctl level (and of course provide those snippets)

Thanks! Implemented using httpd_enabled_pulp_snippets with includes as suggested.

ehelms · 2026-04-28T16:08:38Z

 httpd_client_ca_certificate: "{{ client_ca_certificate }}"
 httpd_server_certificate: "{{ server_certificate }}"
 httpd_server_key: "{{ server_key }}"
+httpd_enabled_pulp_snippets: "{{ ['pypi'] if 'pulp_python' in pulp_enabled_plugins else [] }}"


I think here we need to tie this into our features. For example, see

foremanctl/src/vars/flavors/katello.yml

Line 5 in 06add80

- content/ansible

And you can look down at line 32 in this file to see it being referenced.

@evgeni -- did we have an intent to define "meta" features within the features.yaml? e.g. content/* features

Updated to use enabled_features instead of pulp_enabled_plugins and added content/python to the katello flavor, following the same pattern as content/ansible.

so far we have not yet

ehelms · 2026-05-04T16:42:13Z

Design looks good -- this could use some tests and consider if documentation would benefit from an update.

pavanshekar · 2026-05-04T19:00:41Z

I added a test in tests/httpd_test.py::test_https_pypi_endpoint that verifies the Apache route proxies correctly to Pulp.

For documentation, since this follows the existing content/* pattern and katello.yml already shows what's included, I didn't add any. Happy to document something specific if you think it would be helpful!

evgeni

none of the comments are blocking, so ack

pavanshekar · 2026-05-13T13:21:45Z

Rebased to resolve merge conflicts with master.

evgeni · 2026-05-13T13:54:08Z

Ah yes, and now the newly added ruff check complains. Sorry.

pavanshekar · 2026-05-13T14:03:37Z

Ah yes, and now the newly added ruff check complains. Sorry.

Added required blank lines for ruff check.

pr-processor Bot added the Not yet reviewed label Apr 20, 2026

ehelms reviewed Apr 21, 2026

View reviewed changes

pr-processor Bot removed the Not yet reviewed label Apr 21, 2026

pavanshekar force-pushed the add-pypi-support branch from 0371840 to d7b6b8b Compare April 21, 2026 15:24

ehelms reviewed Apr 21, 2026

View reviewed changes

pavanshekar force-pushed the add-pypi-support branch from d7b6b8b to be8c44d Compare April 28, 2026 14:29

ehelms reviewed Apr 28, 2026

View reviewed changes

pavanshekar requested a review from evgeni May 4, 2026 11:39

pavanshekar force-pushed the add-pypi-support branch from be8c44d to 4d7bbf8 Compare May 4, 2026 15:15

pavanshekar force-pushed the add-pypi-support branch from 4d7bbf8 to 41a105e Compare May 4, 2026 19:00

pavanshekar requested a review from ehelms May 8, 2026 15:31

pavanshekar force-pushed the add-pypi-support branch from 41a105e to a454fb8 Compare May 11, 2026 20:04

ianballou reviewed May 11, 2026

View reviewed changes

Comment thread tests/httpd_test.py Outdated

pavanshekar force-pushed the add-pypi-support branch from a454fb8 to fc1a4d0 Compare May 12, 2026 11:48

evgeni reviewed May 12, 2026

View reviewed changes

Comment thread tests/httpd_test.py Outdated

evgeni reviewed May 12, 2026

View reviewed changes

Comment thread src/vars/base.yaml Outdated

evgeni approved these changes May 12, 2026

View reviewed changes

pavanshekar force-pushed the add-pypi-support branch 2 times, most recently from 4674866 to 8c0333e Compare May 12, 2026 14:43

evgeni approved these changes May 13, 2026

View reviewed changes

pavanshekar force-pushed the add-pypi-support branch from 8c0333e to 802d935 Compare May 13, 2026 13:21

Add apache config support for /pypi

67e8b2f

pavanshekar force-pushed the add-pypi-support branch from 802d935 to 67e8b2f Compare May 13, 2026 14:01

ehelms approved these changes May 14, 2026

View reviewed changes

ehelms merged commit 3817c63 into theforeman:master May 14, 2026
13 checks passed

Conversation

pavanshekar commented Apr 20, 2026

Why are you introducing these changes? (Problem description, related links)

What are the changes introduced in this pull request?

How to test this pull request

Checklist

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

evgeni Apr 28, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

ehelms commented May 4, 2026

Uh oh!

pavanshekar commented May 4, 2026

Uh oh!

Uh oh!

Uh oh!

Uh oh!

evgeni left a comment

Choose a reason for hiding this comment

Uh oh!

pavanshekar commented May 13, 2026

Uh oh!

evgeni commented May 13, 2026

Uh oh!

pavanshekar commented May 13, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

evgeni Apr 28, 2026 •

edited

Loading