theforeman · jturel · Feb 23, 2026 · Feb 23, 2026 · ehelms · Feb 23, 2026
diff --git a/examples/basic_candlepin.pp b/examples/basic_candlepin.pp
@@ -58,5 +58,4 @@
   truststore_password => $truststore_password,
   java_package        => 'java-17-openjdk',
   java_home           => '/usr/lib/jvm/jre-17',
-  artemis_client_dn   => Deferred('pick', ['', 'CN=ActiveMQ Artemis Deferred, OU=Artemis, O=ActiveMQ, L=AMQ, ST=AMQ, C=AMQ']),
 }
diff --git a/files/tomcat/cert-roles.properties b/files/tomcat/cert-roles.properties
diff --git a/files/tomcat/jaas.conf b/files/tomcat/jaas.conf
diff --git a/files/tomcat/login.config b/files/tomcat/login.config
diff --git a/manifests/artemis.pp b/manifests/artemis.pp
@@ -6,12 +6,6 @@
 
   $broker_context = {
     'module_name'         => $module_name,
-    'artemis_host'        => $candlepin::artemis_host,
-    'artemis_port'        => $candlepin::artemis_port,
-    'keystore_file'       => $candlepin::keystore_file,
-    'keystore_password'   => $candlepin::_keystore_password,
-    'truststore_file'     => $candlepin::truststore_file,
-    'truststore_password' => $candlepin::_truststore_password,
   }
 
   file { $candlepin::broker_config_file:
@@ -23,41 +17,18 @@
   }
 
   file { "${candlepin::tomcat_conf}/login.config":
-    ensure  => file,
-    content => file('candlepin/tomcat/login.config'),
-    mode    => '0640',
-    owner   => $candlepin::user,
-    group   => $candlepin::group,
+    ensure => 'absent',
   }
 
   file { "${candlepin::tomcat_conf}/cert-users.properties":
-    ensure  => file,
-    content => Deferred('inline_epp', ["katelloUser=<%= \$artemis_client_dn %>\n", { 'artemis_client_dn' => $candlepin::artemis_client_dn }]),
-    mode    => '0640',
-    owner   => $candlepin::user,
-    group   => $candlepin::group,
+    ensure => 'absent',
   }
 
   file { "${candlepin::tomcat_conf}/cert-roles.properties":
-    ensure  => file,
-    content => file('candlepin/tomcat/cert-roles.properties'),
-    mode    => '0640',
-    owner   => $candlepin::user,
-    group   => $candlepin::group,
+    ensure => 'absent',
   }
 
   file { "${candlepin::tomcat_conf}/conf.d/jaas.conf":
-    ensure  => file,
-    content => file('candlepin/tomcat/jaas.conf'),
-    mode    => '0640',
-    owner   => $candlepin::user,
-    group   => $candlepin::group,
-  }
-
-  if $facts['os']['selinux']['enabled'] {
-    selboolean { 'candlepin_can_bind_activemq_port':
-      value      => 'on',
-      persistent => true,
-    }
+    ensure => 'absent',
   }
 }
diff --git a/manifests/init.pp b/manifests/init.pp
@@ -67,10 +67,10 @@
 #   Keystore type
 #
 # @param truststore_file
-#   Truststore file to use for Tomcat and Artemis
+#   Truststore file to use for Tomcat
 #
 # @param truststore_password
-#   Password for truststore being used with Tomcat and Artemis
+#   Password for truststore being used with Tomcat
 #
 # @param ca_key
 #   CA key file to use
@@ -149,15 +149,6 @@
 # @param expired_pools_schedule
 #   Quartz schedule notation for how often to run the ExpiredPoolsJob
 #
-# @param artemis_port
-#   Port to expose Artemis on
-#
-# @param artemis_host
-#   Host address to have Artemis listen on; defaults to localhost
-#
-# @param artemis_client_dn
-#   Full DN for the client certificate used to talk to Artemis
-#
 # @param broker_config_file
 #   Config file for Artemis
 #
@@ -230,9 +221,6 @@
   Boolean $security_manager = false,
   Optional[Integer[0]] $shutdown_wait = undef,
   String $expired_pools_schedule = '0 0 0 * * ?',
-  Stdlib::Host $artemis_host = 'localhost',
-  Stdlib::Port $artemis_port = 61613,
-  Variant[Deferred, String] $artemis_client_dn = 'CN=ActiveMQ Artemis Client, OU=Artemis, O=ActiveMQ, L=AMQ, ST=AMQ, C=AMQ',
   Stdlib::Absolutepath $broker_config_file = '/etc/candlepin/broker.xml',
   String $user = 'tomcat',
   String $group = 'tomcat',

diff --git a/spec/acceptance/basic_candlepin_spec.rb b/spec/acceptance/basic_candlepin_spec.rb
@@ -1,7 +1,5 @@
 require 'spec_helper_acceptance'
 
-#TODO: Add Artemis listening test https://projects.theforeman.org/issues/29561
-
 describe 'candlepin works' do
   include_examples 'the example', 'basic_candlepin.pp'
 
@@ -28,12 +26,4 @@
     # Test that the least cipher strength is "strong" or "A"
     its(:stdout) { should match(/least strength: (A|strong)/) }
   end
-
-  describe file("/etc/tomcat/cert-users.properties") do
-    it { should be_file }
-    it { should be_mode 640 }
-    it { should be_owned_by 'tomcat' }
-    it { should be_grouped_into 'tomcat' }
-    its(:content) { should eq("katelloUser=CN=ActiveMQ Artemis Deferred, OU=Artemis, O=ActiveMQ, L=AMQ, ST=AMQ, C=AMQ\n") }
-  end
 end
diff --git a/spec/classes/candlepin_spec.rb b/spec/classes/candlepin_spec.rb
@@ -52,19 +52,6 @@
           ])
         end
 
-        it { is_expected.to contain_file('/etc/tomcat/login.config') }
-        it { is_expected.to contain_file('/etc/tomcat/cert-roles.properties') }
-        it { is_expected.to contain_file('/etc/tomcat/conf.d/jaas.conf') }
-        it do
-          is_expected.to contain_file('/etc/tomcat/cert-users.properties').
-            with_content("katelloUser=CN=ActiveMQ Artemis Client, OU=Artemis, O=ActiveMQ, L=AMQ, ST=AMQ, C=AMQ\n")
-        end
-
-        it do
-          is_expected.to contain_file('/etc/candlepin/broker.xml').
-            with_content(/^            <acceptor name="stomp">tcp:\/\/localhost:61613\?protocols=STOMP;useEpoll=false;sslEnabled=true;trustStorePath=\/etc\/candlepin\/certs\/truststore;trustStorePassword=;keyStorePath=\/etc\/candlepin\/certs\/keystore;keyStorePassword=;needClientAuth=true<\/acceptor>/)
-        end
-
         # database
         it { is_expected.not_to contain_class('candlepin::database::mysql') }
         it { is_expected.to contain_class('candlepin::database::postgresql') }
@@ -122,11 +109,6 @@
           is_expected.to contain_concat_fragment('General Config').
             with_content(sensitive(/^candlepin.ca_key_password=MY_CA_KEY_PASSWORD$/))
         end
-        it do
-          is_expected.to contain_file('/etc/candlepin/broker.xml').
-            with_content(sensitive(/;keyStorePassword=MY_KEYSTORE_PASSWORD;/)).
-            with_content(sensitive(/;trustStorePassword=MY_TRUSTSTORE_PASSWORD;/))
-        end
         it do
           is_expected.to contain_file('/etc/tomcat/server.xml').
             with_content(sensitive(/^ *keystorePass="MY_KEYSTORE_PASSWORD"$/))
@@ -230,7 +212,6 @@
           let(:facts) { override_facts(super(), os: {selinux: {enabled: true}}) }
 
           it { is_expected.to compile.with_all_deps }
-          it { is_expected.to contain_selboolean('candlepin_can_bind_activemq_port').that_requires('Package[candlepin-selinux]') }
 
           if facts[:os]['release']['major'] == '8'
             it { is_expected.to contain_package('candlepin-selinux').that_requires('Package[pki-core]') }
@@ -241,7 +222,6 @@
           let(:facts) { override_facts(super(), os: {selinux: {enabled: false}}) }
 
           it { is_expected.to compile.with_all_deps }
-          it { is_expected.not_to contain_selboolean('candlepin_can_bind_activemq_port') }
           it { is_expected.not_to contain_package('candlepin-selinux') }
         end
       end

diff --git a/spec/setup_acceptance_node.pp b/spec/setup_acceptance_node.pp
@@ -22,18 +22,6 @@
     ensure  => installed,
     require => Yumrepo['candlepin'],
   }
-
-  # Workaround for https://github.com/theforeman/puppet-candlepin/issues/185#issuecomment-822284497
-  $tomcat_conf_files = [
-    '/etc/tomcat/login.config',
-    '/etc/tomcat/cert-users.properties',
-    '/etc/tomcat/cert-roles.properties',
-    '/etc/tomcat/conf.d/jaas.conf'
-  ]
-  file { $tomcat_conf_files:
-    ensure   => file,
-    require  => Package['candlepin-selinux'],
-  }
 }
 
 # Used to test which TLS versions are enabled

diff --git a/templates/broker.xml.epp b/templates/broker.xml.epp
@@ -1,11 +1,5 @@
 <%- |
   String[1] $module_name,
-  Stdlib::Host $artemis_host,
-  Stdlib::Port $artemis_port,
-  Stdlib::Absolutepath $keystore_file,
-  Optional[Sensitive[String]] $keystore_password,
-  Stdlib::Absolutepath $truststore_file,
-  Optional[Sensitive[String]] $truststore_password,
 | -%>
 <?xml version='1.0' encoding="UTF-8"?>
 <!--
@@ -24,28 +18,9 @@
 
         <acceptors>
             <acceptor name="in-vm">vm://0</acceptor>
-            <acceptor name="stomp">tcp://<%= $artemis_host %>:<%= $artemis_port %>?protocols=STOMP;useEpoll=false;sslEnabled=true;trustStorePath=<%= $truststore_file %>;trustStorePassword=<%= $truststore_password %>;keyStorePath=<%= $keystore_file %>;keyStorePassword=<%= $keystore_password %>;needClientAuth=true</acceptor>
         </acceptors>
 
-        <security-enabled>true</security-enabled>
-
-        <security-settings>
-            <security-setting match="katello.candlepin.#">
-                <permission type="consume" roles="candlepinEventsConsumer"/>
-            </security-setting>
-            <security-setting match="#">
-                <permission type="createAddress" roles="invm-role"/>
-                <permission type="deleteAddress" roles="invm-role"/>
-                <permission type="createDurableQueue" roles="invm-role"/>
-                <permission type="deleteDurableQueue" roles="invm-role"/>
-                <permission type="createNonDurableQueue" roles="invm-role"/>
-                <permission type="deleteNonDurableQueue" roles="invm-role"/>
-                <permission type="send" roles="invm-role"/>
-                <permission type="consume" roles="invm-role"/>
-                <permission type="browse" roles="invm-role"/>
-                <permission type="manage" roles="invm-role"/>
-            </security-setting>
-        </security-settings>
+	<security-enabled>false</security-enabled>
 
         <!-- Silence warnings on server startup -->
         <cluster-user></cluster-user>
@@ -72,12 +47,6 @@
                 </multicast>
             </address>
 
-            <address name="katello.candlepin">
-                <multicast>
-                  <queue name="katello_candlepin_event_monitor.candlepin_events" max-consumers="1" />
-                </multicast>
-            </address>
-
             <address name="job">
                 <anycast>
                     <queue name="jobs"/>
@@ -106,17 +75,6 @@
                 <max-delivery-attempts>0</max-delivery-attempts>
             </address-setting>
 
-            <address-setting match="katello.candlepin">
-                <auto-create-queues>false</auto-create-queues>
-                <max-size-bytes>10485760</max-size-bytes>
-
-                <!-- By default, Artemis will page messages when the queue address is full. -->
-                <page-size-bytes>1048576</page-size-bytes>
-
-                <redelivery-delay>0</redelivery-delay>
-                <max-delivery-attempts>1</max-delivery-attempts>
-            </address-setting>
-
             <address-setting match="job">
                 <max-size-bytes>10485760</max-size-bytes>
 
@@ -136,17 +94,5 @@
                 <max-delivery-attempts>0</max-delivery-attempts>
             </address-setting>
         </address-settings>
-
-        <diverts>
-            <divert name="katello_divert">
-                <exclusive>false</exclusive>
-                <address>event.default</address>
-                <filter string="
-                    (EVENT_TARGET='POOL' and EVENT_TYPE='CREATED') OR
-                    (EVENT_TARGET='POOL' and EVENT_TYPE='DELETED')
-                "/>
-                <forwarding-address>katello.candlepin</forwarding-address>
-            </divert>
-        </diverts>
     </core>
 </configuration>