httpboot feature for proxy

[arvind4501]

Why are you introducing these changes? (Problem description, related links)

Add httpboot feature to foreman proxy

What are the changes introduced in this pull request?

• httpboot feature for foreman proxy

How to test this pull request

Steps to reproduce:

Checklist

• Tests added/updated (if applicable)
• Documentation updated (if applicable)

[ehelms]

Seems redundant given the variable name.

[ehelms]

I am testing out some review logic through AI, and how the output comes out:

Task Logic

• src/roles/foreman_proxy/tasks/feature/httpboot.yaml — The volume mount is conditional on the directory existing at deploy time, but the settings file (written unconditionally by the parent feature.yaml) always sets :root_dir to that path. If /var/lib/tftpboot is absent, the proxy will be configured with a path that isn't mounted into the container, causing silent failure. TLDR: what happens if tftp isn't present on the host and this feature is enabled?

Tests

• tests/foreman_proxy_test.py — Only adds presence/absence assertions in test_foreman_proxy_features. There are no dedicated @pytest.mark.feature('httpboot') tests verifying the feature's settings (e.g., root_dir) are surfaced correctly via /v2/features, unlike bmc which has test_bmc_capabilities and test_bmc_default_provider. The PR checklist box for tests is left unchecked.

[arvind4501]

src/roles/foreman_proxy/tasks/feature/httpboot.yaml — The volume mount is conditional on the directory existing at deploy time, but the settings file (written unconditionally by the parent feature.yaml) always sets :root_dir to that path. If /var/lib/tftpboot is absent, the proxy will be configured with a path that isn't mounted into the container, causing silent failure. TLDR: what happens if tftp isn't present on the host and this feature is enabled?

Yes, thats a concern, the issue was that without tftp feature(which creates the /var/lib/tftp dir), the /var/lib/tftp was not created on host and that caused issue while mounting a missing directory into container. and forced me to only mount if directory exists.
Having said that when i tried it with foreman-installler, i see simliar pattern, that httpboot has a default path as /var/lib/tftp and when we enable it it just configure that default path here and does not care if tftp is enabled or not.

TLDR: what happens if tftp isn't present on the host and this feature is enabled?

As of today, by default httpboot enablement will add :root_dir: /var/lib/tftpboot in config, that makes me think should we make httpboot feature require tftp as dependency, when i look at theforeman/smart-proxy@db33bc6 , it was removed as dependency.
one option is to create /var/lib/tftpboot directory when we enable httpboot, but then that would conflict with tftp feature.

tests/foreman_proxy_test.py — Only adds presence/absence assertions in test_foreman_proxy_features. There are no dedicated @pytest.mark.feature('httpboot') tests verifying the feature's settings (e.g., root_dir) are surfaced correctly via /v2/features, unlike bmc which has test_bmc_capabilities and test_bmc_default_provider. The PR checklist box for tests is left unchecked.

thats on my radar, to add such tests, i show we expose couple of setting(https://github.com/theforeman/smart-proxy/blob/develop/modules/httpboot/httpboot_plugin.rb#L15-L16) but not capabilities, so for http support i started #520

[arvind4501]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

Walkthrough

This PR adds HTTPBoot feature support to the foreman_proxy role. The feature is declared in the feature registry and maps to the httpboot plugin. Default configuration introduces foreman_proxy_httpboot_root_dir set to /var/lib/tftpboot. An Ansible task conditionally mounts this directory into the Foreman Proxy container via systemd drop-in configuration when the directory exists. A Jinja2 settings template exposes the enabled flag and root directory as configurable options. Tests verify that the HTTPBoot feature appears in API responses when enabled and is omitted when disabled.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Possibly related PRs

• theforeman/foremanctl#515: Refactors the /v2/features response handling and parsing in tests/foreman_proxy_test.py, which is directly related to the test assertions added for HTTPBoot feature inclusion in this PR.

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly summarizes the main change: adding an httpboot feature to the foreman proxy, which aligns with the changeset.
Description check	✅ Passed	The description is related to the changeset, stating the purpose is to add httpboot feature to foreman proxy and listing httpboot feature changes.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

tests/foreman_proxy_test.py (1)

32-35: ⚡ Quick win

Add a dedicated HTTPBoot /v2/features settings assertion.

This only checks feature listing. Please add a feature-scoped test (like BMC tests) to validate proxy_v2_features['httpboot']['settings']['root_dir'] matches foreman_proxy_httpboot_root_dir, so config/render/mount regressions are caught.

Example test addition

+@pytest.mark.feature('httpboot')
+def test_httpboot_settings(proxy_v2_features):
+    assert 'httpboot' in proxy_v2_features
+    settings = proxy_v2_features['httpboot'].get('settings', {})
+    assert settings.get('root_dir') == '/var/lib/tftpboot'

As per coding guidelines `tests/*_test.py` should use testinfra's server fixture for infrastructure testing.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@tests/foreman_proxy_test.py` around lines 32 - 35, Add a dedicated assertion
that validates the HTTPBoot settings root_dir using the testinfra server
fixture: when 'httpboot' is in enabled_features, assert that
proxy_v2_features['httpboot']['settings']['root_dir'] equals
foreman_proxy_httpboot_root_dir (and keep the existing presence check of
"httpboot" in features); when not enabled, assert that 'httpboot' is not present
in proxy_v2_features. Place this in tests/foreman_proxy_test.py alongside the
existing enabled_features/features checks and use the testinfra server fixture
to access proxy_v2_features/foreman_proxy_httpboot_root_dir so
config/render/mount regressions are caught.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@src/roles/foreman_proxy/tasks/feature/httpboot.yaml`:
- Around line 7-17: Add a deterministic guard before the "Mount httpboot root
directory" task: insert a new task named like "Fail if httpboot root dir
missing" that uses ansible.builtin.fail with a clear message and triggers when
not _foreman_proxy_httpboot_root_dir.stat.exists; keep the existing mount task
unchanged (it can remain conditional on
_foreman_proxy_httpboot_root_dir.stat.exists) so the playbook will fail fast
instead of allowing the httpboot template (settings.d/httpboot.yml.j2) to
advertise a non-existent foreman_proxy_httpboot_root_dir.

---

Nitpick comments:
In `@tests/foreman_proxy_test.py`:
- Around line 32-35: Add a dedicated assertion that validates the HTTPBoot
settings root_dir using the testinfra server fixture: when 'httpboot' is in
enabled_features, assert that
proxy_v2_features['httpboot']['settings']['root_dir'] equals
foreman_proxy_httpboot_root_dir (and keep the existing presence check of
"httpboot" in features); when not enabled, assert that 'httpboot' is not present
in proxy_v2_features. Place this in tests/foreman_proxy_test.py alongside the
existing enabled_features/features checks and use the testinfra server fixture
to access proxy_v2_features/foreman_proxy_httpboot_root_dir so
config/render/mount regressions are caught.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: a2c9788c-4e60-44e7-aafd-490222f894fc

📥 Commits

Reviewing files that changed from the base of the PR and between 8561643 and 0aa69d7.

📒 Files selected for processing (5)

• src/features.yaml
• src/roles/foreman_proxy/defaults/main.yaml
• src/roles/foreman_proxy/tasks/feature/httpboot.yaml
• src/roles/foreman_proxy/templates/settings.d/httpboot.yml.j2
• tests/foreman_proxy_test.py

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Avoid enabling HTTPBoot with an unmounted root_dir.

When the directory is absent, this task skips the mount but the feature config still advertises :root_dir (from src/roles/foreman_proxy/templates/settings.d/httpboot.yml.j2), so HTTPBoot can be enabled in a broken state. Make this deterministic: either create the directory before mounting or fail explicitly if it does not exist.

Suggested fix (fail fast)

 - name: Check if httpboot root directory exists
   ansible.builtin.stat:
     path: "{{ foreman_proxy_httpboot_root_dir }}"
   register: _foreman_proxy_httpboot_root_dir

+- name: Validate httpboot root directory exists when feature is enabled
+  ansible.builtin.fail:
+    msg: "HTTPBoot root directory '{{ foreman_proxy_httpboot_root_dir }}' does not exist on host."
+  when: not _foreman_proxy_httpboot_root_dir.stat.exists
+
 - name: Mount httpboot root directory
   ansible.builtin.copy:
     dest: /etc/containers/systemd/foreman-proxy.container.d/httpboot-volume.conf
     content: |
       [Container]
       Volume={{ foreman_proxy_httpboot_root_dir }}:{{ foreman_proxy_httpboot_root_dir }}:z
@@
-  when: _foreman_proxy_httpboot_root_dir.stat.exists
   notify:
     - Restart Foreman Proxy
     - Refresh Foreman Proxy

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/roles/foreman_proxy/tasks/feature/httpboot.yaml` around lines 7 - 17, Add
a deterministic guard before the "Mount httpboot root directory" task: insert a
new task named like "Fail if httpboot root dir missing" that uses
ansible.builtin.fail with a clear message and triggers when not
_foreman_proxy_httpboot_root_dir.stat.exists; keep the existing mount task
unchanged (it can remain conditional on
_foreman_proxy_httpboot_root_dir.stat.exists) so the playbook will fail fast
instead of allowing the httpboot template (settings.d/httpboot.yml.j2) to
advertise a non-existent foreman_proxy_httpboot_root_dir.

[arvind4501]

I like fail explicitly if it does not exist rather creating it as tftp feature will create that

[coderabbitai]

@arvind4501, agreed — keeping the responsibility clear (tftp creates the dir, httpboot only uses it) is the right design. Here is the updated task file reflecting the fail-fast approach:

---
- name: Check if httpboot root directory exists
  ansible.builtin.stat:
    path: "{{ foreman_proxy_httpboot_root_dir }}"
  register: _foreman_proxy_httpboot_root_dir

- name: Fail if httpboot root directory does not exist
  ansible.builtin.fail:
    msg: >-
      HTTPBoot root directory '{{ foreman_proxy_httpboot_root_dir }}' does not
      exist on the host. Enable the tftp feature first, or create the directory
      manually, before enabling httpboot.
  when: not _foreman_proxy_httpboot_root_dir.stat.exists

- name: Mount httpboot root directory
  ansible.builtin.copy:
    dest: /etc/containers/systemd/foreman-proxy.container.d/httpboot-volume.conf
    content: |
      [Container]
      Volume={{ foreman_proxy_httpboot_root_dir }}:{{ foreman_proxy_httpboot_root_dir }}:z
    mode: '0644'
    owner: root
    group: root
  notify:
    - Restart Foreman Proxy
    - Refresh Foreman Proxy

Key changes from the draft:

• The fail task fires when the directory is absent, giving a clear error message pointing to the dependency on the tftp feature.
• The when: _foreman_proxy_httpboot_root_dir.stat.exists guard is removed from the mount task — it's now redundant because the play will already have aborted before reaching it.