diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index ac42dc2..e0d7148 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -1,136 +1,137 @@ name: CI on: push: branches: - main - master pull_request: jobs: unit: runs-on: ubuntu-latest continue-on-error: ${{ matrix.allow_failure }} strategy: fail-fast: false matrix: include: - ruby: 2.5.7 puppet: 6 fixtures: .fixtures.yml allow_failure: false - ruby: 2.7.0 puppet: 7 fixtures: .fixtures.yml allow_failure: false - ruby: 2.5.7 puppet: 6 fixtures: .fixtures-latest.yml allow_failure: true - ruby: 2.7.0 puppet: 7 fixtures: .fixtures-latest.yml allow_failure: true env: BUNDLE_WITHOUT: system_tests:release PUPPET_GEM_VERSION: "~> ${{ matrix.puppet }}.0" FACTER_GEM_VERSION: "< 4.0" FIXTURES_YML: ${{ matrix.fixtures }} name: Puppet ${{ matrix.puppet }} (Ruby ${{ matrix.ruby }} fixtures=${{ matrix.fixtures }}) steps: - uses: actions/checkout@v2 - name: Setup ruby uses: ruby/setup-ruby@v1 with: ruby-version: ${{ matrix.ruby }} bundler-cache: true bundler: '2.1.0' - name: Validate run: bundle exec rake check:symlinks check:git_ignore check:dot_underscore check:test_file rubocop syntax lint metadata_lint - name: Run tests run: bundle exec rake parallel_spec acceptance: runs-on: ubuntu-latest strategy: fail-fast: false matrix: set: - "centos-7" - "centos-8" - "debian-9" - "debian-10" - "ubuntu-1804" + - "ubuntu-2004" puppet: - "puppet6" - "puppet7" keycloak_version: - "8.0.1" - "12.0.1" keycloak_full: - "no" keycloak_domain_mode_cluster: - "no" include: - set: "centos-7" puppet: "puppet6" keycloak_version: "8.0.1" keycloak_full: "yes" - set: "centos-7" puppet: "puppet6" keycloak_version: "12.0.1" keycloak_full: "yes" - set: "centos-7" puppet: "puppet7" keycloak_version: "8.0.1" keycloak_full: "yes" - set: "centos-7" puppet: "puppet7" keycloak_version: "12.0.1" keycloak_full: "yes" - set: "centos-7-domain-mode-cluster" puppet: "puppet6" keycloak_version: "8.0.1" keycloak_domain_mode_cluster: "yes" - set: "centos-7-domain-mode-cluster" puppet: "puppet6" keycloak_version: "12.0.1" keycloak_domain_mode_cluster: "yes" - set: "centos-7-domain-mode-cluster" puppet: "puppet7" keycloak_version: "8.0.1" keycloak_domain_mode_cluster: "yes" - set: "centos-7-domain-mode-cluster" puppet: "puppet7" keycloak_version: "12.0.1" keycloak_domain_mode_cluster: "yes" env: BUNDLE_WITHOUT: development:release BEAKER_debug: true name: ${{ matrix.puppet }} ${{ matrix.set }} (keycloak=${{ matrix.keycloak_version }} full=${{ matrix.keycloak_full }}) steps: - name: Enable IPv6 on docker run: | echo '{"ipv6":true,"fixed-cidr-v6":"2001:db8:1::/64"}' | sudo tee /etc/docker/daemon.json sudo service docker restart # https://github.com/actions/virtual-environments/issues/181#issuecomment-610874237 - name: apparmor run: | set -x sudo apt-get remove mysql-server --purge sudo apt-get install apparmor-profiles sudo apparmor_parser -R /etc/apparmor.d/usr.sbin.mysqld - uses: actions/checkout@v2 - name: Setup ruby uses: ruby/setup-ruby@v1 with: ruby-version: '2.7' bundler-cache: true bundler: '2.1.0' - name: Run tests run: bundle exec rake beaker env: BEAKER_PUPPET_COLLECTION: ${{ matrix.puppet }} BEAKER_set: ${{ matrix.set }} BEAKER_keycloak_version: ${{ matrix.keycloak_version }} BEAKER_keycloak_full: ${{ matrix.keycloak_full }} BEAKER_keycloak_domain_mode_cluster: ${{ matrix.keycloak_domain_mode_cluster }} diff --git a/.sync.yml b/.sync.yml index e6d05c6..f6050df 100644 --- a/.sync.yml +++ b/.sync.yml @@ -1,83 +1,84 @@ --- .github/workflows/ci.yaml: unit_name: Puppet ${{ matrix.puppet }} (Ruby ${{ matrix.ruby }} fixtures=${{ matrix.fixtures }}) unit_includes: - ruby: '2.5.7' puppet: '6' fixtures: .fixtures-latest.yml allow_failure: true - ruby: '2.7.0' puppet: '7' fixtures: .fixtures-latest.yml allow_failure: true acceptance_name: '${{ matrix.puppet }} ${{ matrix.set }} (keycloak=${{ matrix.keycloak_version }} full=${{ matrix.keycloak_full }})' acceptance_matrix: set: - centos-7 - centos-8 - debian-9 - debian-10 - ubuntu-1804 + - ubuntu-2004 puppet: - puppet6 - puppet7 keycloak_version: - '8.0.1' - '12.0.1' keycloak_full: ['no'] keycloak_domain_mode_cluster: ['no'] acceptance_includes: - set: centos-7 puppet: puppet6 keycloak_version: 8.0.1 keycloak_full: 'yes' - set: centos-7 puppet: puppet6 keycloak_version: 12.0.1 keycloak_full: 'yes' - set: centos-7 puppet: puppet7 keycloak_version: 8.0.1 keycloak_full: 'yes' - set: centos-7 puppet: puppet7 keycloak_version: 12.0.1 keycloak_full: 'yes' - set: centos-7-domain-mode-cluster puppet: puppet6 keycloak_version: 8.0.1 keycloak_domain_mode_cluster: 'yes' - set: centos-7-domain-mode-cluster puppet: puppet6 keycloak_version: 12.0.1 keycloak_domain_mode_cluster: 'yes' - set: centos-7-domain-mode-cluster puppet: puppet7 keycloak_version: 8.0.1 keycloak_domain_mode_cluster: 'yes' - set: centos-7-domain-mode-cluster puppet: puppet7 keycloak_version: 12.0.1 keycloak_domain_mode_cluster: 'yes' .gitignore: paths: - /vagrant/.vagrant/ - /vagrant/*.log .gitlab-ci.yml: delete: true appveyor.yml: delete: true spec/acceptance/nodesets/centos-6.yml: delete: true spec/acceptance/nodesets/debian-8.yml: delete: true spec/acceptance/nodesets/debian-10.yml: packages: - iproute2 spec/acceptance/nodesets/ubuntu-1404.yml: delete: true spec/acceptance/nodesets/ubuntu-1604.yml: delete: true spec/acceptance/nodesets/ubuntu-1804.yml: packages: - iproute2 diff --git a/README.md b/README.md index 17f27e6..6753c41 100644 --- a/README.md +++ b/README.md @@ -1,544 +1,546 @@ # puppet-module-keycloak [![Puppet Forge](http://img.shields.io/puppetforge/v/treydock/keycloak.svg)](https://forge.puppetlabs.com/treydock/keycloak) [![CI Status](https://github.com/treydock/puppet-module-keycloak/workflows/CI/badge.svg?branch=master)](https://github.com/treydock/puppet-module-keycloak/actions?query=workflow%3ACI) #### Table of Contents 1. [Overview](#overview) * [Supported Versions of Keycloak](#supported-versions-of-keycloak) 2. [Usage - Configuration options](#usage) * [Keycloak](#keycloak) * [Deploy SPI](#deploy-spi) * [keycloak_realm](#keycloak_realm) * [keycloak_ldap_user_provider](#keycloak_ldap_user_provider) * [keycloak_ldap_mapper](#keycloak_ldap_mapper) * [keycloak_sssd_user_provider](#keycloak_sssd_user_provider) * [keycloak_client](#keycloak_client) * [keycloak::client_scope::oidc](#keycloakclient_scopeoidc) * [keycloak::client_scope::saml](#keycloakclient_scopesaml) * [keycloak_client_scope](#keycloak_client_scope) * [keycloak_protocol_mapper](#keycloak_protocol_mapper) * [keycloak_client_protocol_mapper](#keycloak_client_protocol_mapper) * [keycloak_identity_provider](#keycloak_identity_provider) * [Keycloak Flows](#keycloak-flows) * [keycloak_api](#keycloak_api) * [keycloak_required_action](#keycloak_required_action) 3. [Reference - Parameter and detailed reference to all options](#reference) 4. [Limitations - OS compatibility, etc.](#limitations) ## Overview The keycloak module allows easy installation and management of Keycloak. ### Supported Versions of Keycloak Currently this module supports Keycloak version 8.x to 12.x. | Keycloak Version | Keycloak Puppet module versions | | ---------------- | ------------------------------- | | 3.x | 2.x | | 4.x - 6.x | 3.x | | 6.x - 8.x | 4.x - 5.x | | 8.x - 12.x | 6.x | ## Usage ### keycloak Install Keycloak using default `h2` database storage. ```puppet class { 'keycloak': } ``` Install a specific version of Keycloak. ```puppet class { 'keycloak': version => '6.0.1', datasource_driver => 'mysql', } ``` Upgrading Keycloak version works by changing `version` parameter as long as the `datasource_driver` is not the default of `h2`. An upgrade involves installing the new version without touching the old version, updating the symlink which defaults to `/opt/keycloak`, applying all changes to new version and then restarting the `keycloak` service. If the previous `version` was `6.0.1` using the following will upgrade to `7.0.0`: ```puppet class { 'keycloak': version => '7.0.0', datasource_driver => 'mysql', } ``` Install keycloak and use a local MySQL server for database storage ```puppet include mysql::server class { 'keycloak': datasource_driver => 'mysql', datasource_host => 'localhost', datasource_port => 3306, datasource_dbname => 'keycloak', datasource_username => 'keycloak', datasource_password => 'foobar', } ``` The following example can be used to configure keycloak with a local PostgreSQL server. ```puppet include postgresql::server class { 'keycloak': datasource_driver => 'postgresql', datasource_host => 'localhost', datasource_port => 5432, datasource_dbname => 'keycloak', datasource_username => 'keycloak', datasource_password => 'foobar', } ``` Configure keycloak to use a remote Oracle database. The parameter `datasource_jar_source` is always required with Oracle database. The jar is downloaded to the keycloak module dir and renamed to `datasource_jar_filename` or `'ojdbc8.jar'` as default value. With a special database configuration it may be more suitable to give the complete database url `'jdbc:oracle:thin:@[...]'` using the parameter `database_url` instead of `database_host`, `database_port` and `database_dbname`. The default value with Oracle database for `database_host` is `'localhost'` and the default value for `database_port` is here `1521`. ```puppet class { 'keycloak': datasource_driver => 'oracle', datasource_host => 'oracleserver.mydomain.de', datasource_port => 1521, datasource_dbname => 'keycloak', datasource_username => 'keycloak', datasource_password => 'foobar', datasource_jar_source => 'https://oracle.com/path/to/driver.jar', datasource_jar_filename => 'ojdbc8.jar', } ``` Configure a SSL certificate truststore and add a LDAP server's certificate to the truststore. ```puppet class { 'keycloak': truststore => true, truststore_password => 'supersecret', truststore_hostname_verification_policy => 'STRICT', } keycloak::truststore::host { 'ldap1.example.com': certificate => '/etc/openldap/certs/0a00000.0', } ``` Setup Keycloak to proxy through Apache HTTPS. ```puppet class { 'keycloak': proxy_https => true } apache::vhost { 'idp.example.com': servername => 'idp.example.com', port => '443', ssl => true, manage_docroot => false, docroot => '/var/www/html', proxy_preserve_host => true, proxy_pass => [ {'path' => '/', 'url' => 'http://localhost:8080/'} ], request_headers => [ 'set X-Forwarded-Proto "https"', 'set X-Forwarded-Port "443"' ], ssl_cert => '/etc/pki/tls/certs/idp.example.com/crt', ssl_key => '/etc/pki/tls/private/idp.example.com.key', } ``` Setup a domain master. (This needs a shared database, here '1.2.3.4'). ```puppet class { '::keycloak': operating_mode => 'domain', role => 'master', wildfly_user => 'wildfly, wildfly_user_password => 'changeme, manage_datasource => false, datasource_driver => 'postgresql', datasource_host => '1.2.3.4, datasource_dbname => 'keycloak, datasource_username => 'keycloak, datasource_password => 'changeme, admin_user => 'admin, admin_user_password => 'changeme, } ``` Setup a domain slave. (This needs a shared database, here '1.2.3.4'). ```puppet class { '::keycloak': operating_mode => 'domain', role => 'slave', wildfly_user => 'wildfly, wildfly_user_password => 'changeme, manage_datasource => false, datasource_driver => 'postgresql', datasource_host => '1.2.3.4, datasource_dbname => 'keycloak, datasource_username => 'keycloak, datasource_password => 'changeme, admin_user => 'admin, admin_user_password => 'changeme, } ``` **NOTE:** The wilfdly user and password need to match those in domain master. These are required for authentication in a cluster. Setup a host for theme development so that theme changes don't require a service restart, not recommended for production. ```puppet class { 'keycloak': theme_static_max_age => -1, theme_cache_themes => false, theme_cache_templates => false, } ``` Run Keycloak using standalone clustered mode (multicast): ```puppet class { 'keycloak': operating_mode => 'clustered', } ``` Run Keycloak using standalone clustered mode (JDBC_PING): > [JDBC_PING](http://jgroups.org/manual/#_jdbc_ping) uses port **7600** to ensure cluster members are discoverable by each other. This module **does NOT manage firewall changes**. ```puppet class { 'keycloak': operating_mode => 'clustered', datasource_driver => 'postgresql', enable_jdbc_ping => true, jboss_bind_private_address => $facts['networking']['ip'], jboss_bind_public_address => $facts['networking']['ip'], } # your puppet code to open port 7600 # ... # ... ``` ### Deploy SPI A simple example of deploying a custom SPI from a URL: ```puppet keycloak::spi_deployment { 'duo-spi': ensure => 'present', deployed_name => 'keycloak-duo-spi-jar-with-dependencies.jar', source => 'https://example.com/files/keycloak-duo-spi-jar-with-dependencies.jar', } ``` The `source` can be a URL or a file path like `/tmp/foo.jar` or prefixed with `file://` or `puppet://` The following example will deploy a custom SPI then check the Keycloak API for the resource to exist. This is useful to ensure SPI is loaded into Keycloak before attempting to add custom resources. ```puppet keycloak::spi_deployment { 'duo-spi': deployed_name => 'keycloak-duo-spi-jar-with-dependencies.jar', source => 'https://example.com/files/keycloak-duo-spi-jar-with-dependencies.jar', test_url => 'authentication/authenticator-providers', test_key => 'id', test_value => 'duo-mfa-authenticator', test_realm => 'test', before => Keycloak_flow_execution['duo-mfa-authenticator under form-browser-with-duo on test'], } ``` ### keycloak_realm Define a Keycloak realm that uses username and not email for login and to use a local branded theme. ```puppet keycloak_realm { 'test': ensure => 'present', remember_me => true, login_with_email_allowed => false, login_theme => 'my_theme', } ``` **NOTE:** If the flow properties such as `browser_flow` are changed from their defaults then this value will not be set when a realm is first created. The value will also not be updated if the flow does not exist. For new realms you will have to run Puppet twice in order to create the flows then update the realm setting. ### keycloak\_ldap\_user_provider Define a LDAP user provider so that authentication can be performed against LDAP. The example below uses two LDAP servers, disables importing of users and assumes the SSL certificates are trusted and do not require being in the truststore. ```puppet keycloak_ldap_user_provider { 'LDAP on test': ensure => 'present', users_dn => 'ou=People,dc=example,dc=com', connection_url => 'ldaps://ldap1.example.com:636 ldaps://ldap2.example.com:636', import_enabled => false, use_truststore_spi => 'never', } ``` **NOTE** The `Id` for the above resource would be `LDAP-test` where the format is `${resource_name}-${realm}`. If you're using FreeIPA you can use a defined resource that wraps keycloak\_ldap\_user\_provider: ```puppet keycloak::freeipa_user_provider { 'ipa.example.org': ensure => 'present', realm => 'EXAMPLE.ORG', bind_dn => 'uid=ldapproxy,cn=sysaccounts,cn=etc,dc=example,dc=org', bind_credential => 'secret', users_dn => 'cn=users,cn=accounts,dc=example,dc=org', priority => 10, } ``` ### keycloak\_ldap_mapper Use the LDAP attribute 'gecos' as the full name attribute. ```puppet keycloak_ldap_mapper { 'full name for LDAP-test on test: ensure => 'present', resource_name => 'full name', type => 'full-name-ldap-mapper', ldap_attribute => 'gecos', } ``` If you're using FreeIPA you can use a defined resource that adds all the required attribute mappings automatically: ```puppet keycloak::freeipa_ldap_mappers { 'ipa.example.org': realm => 'EXAMPLE.ORG', groups_dn => 'cn=groups,cn=accounts,dc=example,dc=org', roles_dn => 'cn=groups,cn=accounts,dc=example,dc=org' } ``` ### keycloak\_sssd\_user\_provider Define SSSD user provider. **NOTE** This type requires that SSSD be properly configured and Keycloak service restarted after SSSD ifp service is setup. Also requires `keycloak` class be called with `with_sssd_support` set to `true`. ```puppet keycloak_sssd_user_provider { 'SSSD on test': ensure => 'present', } ``` ### keycloak_client Register a client. ```puppet keycloak_client { 'www.example.com': ensure => 'present', realm => 'test', redirect_uris => [ "https://www.example.com/oidc", "https://www.example.com", ], client_template => 'oidc-clients', secret => 'supersecret', } ``` ### keycloak::client_scope::oidc Defined type that can be used to define both `keycloak_client_scope` and `keycloak_protocol_mapper` resources for OpenID Connect. ```puppet keycloak::client_scope::oidc { 'oidc-clients': realm => 'test', } ``` ### keycloak::client_scope::saml Defined type that can be used to define both `keycloak_client_scope` and `keycloak_protocol_mapper` resources for SAML. ```puppet keycloak::client_scope::saml { 'saml-clients': realm => 'test', } ``` ### keycloak\_client_scope Define a Client Scope of `email` for realm `test` in Keycloak: ```puppet keycloak_client_scope { 'email on test': protocol => 'openid-connect', } ``` ### keycloak\_protocol_mapper Associate a Protocol Mapper to a given Client Scope. The name in the following example will add the `email` protocol mapper to client scope `oidc-email` in the realm `test`. ```puppet keycloak_protocol_mapper { "email for oidc-email on test": claim_name => 'email', user_attribute => 'email', } ``` ### keycloak\_client\_protocol\_mapper Add `email` protocol mapper to `test.example.com` client in realm `test` ```puppet keycloak_client_protocol_mapper { "email for test.example.com on test": claim_name => 'email', user_attribute => 'email', } ``` ### keycloak\_identity\_provider Add `cilogon` identity provider to `test` realm ```puppet keycloak_identity_provider { 'cilogon on test': ensure => 'present', display_name => 'CILogon', provider_id => 'oidc', first_broker_login_flow_alias => 'browser', client_id => 'cilogon:/client_id/foobar', client_secret => 'supersecret', user_info_url => 'https://cilogon.org/oauth2/userinfo', token_url => 'https://cilogon.org/oauth2/token', authorization_url => 'https://cilogon.org/authorize', } ``` ### Keycloak Flows The following is an example of deploying a custom Flow. The name for the top level flow is `$alias on $realm` The name for an execution is `$provider under $flow on $realm`. The name for the flow under a top level flow is `$alias under $flow_alias on $realm`. ```puppet keycloak_flow { 'browser-with-duo on test': ensure => 'present', } keycloak_flow_execution { 'auth-cookie under browser-with-duo on test': ensure => 'present', configurable => false, display_name => 'Cookie', index => 0, requirement => 'ALTERNATIVE', } keycloak_flow_execution { 'identity-provider-redirector under browser-with-duo on test': ensure => 'present', configurable => true, display_name => 'Identity Provider Redirector', index => 1, requirement => 'ALTERNATIVE', } keycloak_flow { 'form-browser-with-duo under browser-with-duo on test': ensure => 'present', index => 2, requirement => 'ALTERNATIVE', top_level => false, } keycloak_flow_execution { 'auth-username-password-form under form-browser-with-duo on test': ensure => 'present', configurable => false, display_name => 'Username Password Form', index => 0, requirement => 'REQUIRED', } keycloak_flow_execution { 'duo-mfa-authenticator under form-browser-with-duo on test': ensure => 'present', configurable => true, display_name => 'Duo MFA', alias => 'Duo', config => { "duomfa.akey" => "foo-akey", "duomfa.apihost" => "api-foo.duosecurity.com", "duomfa.skey" => "secret", "duomfa.ikey" => "foo-ikey", "duomfa.groups" => "duo" }, requirement => 'REQUIRED', index => 1, } ``` ### keycloak\_api The keycloak_api type can be used to define how this module's types access the Keycloak API if this module is only used for the types/providers and the module's `kcadm-wrapper.sh` is not installed. ```puppet keycloak_api { 'keycloak' install_dir => '/opt/keycloak', server => 'http://localhost:8080/auth', realm => 'master', user => 'admin', password => 'changeme', } ``` The path for `install_dir` will be joined with `bin/kcadm.sh` to produce the full path to `kcadm.sh`. ### keycloak\_required\_action The keycloak_required_action type can be used to define actions a user must perform during the authentication process. A user will not be able to complete the authentication process until these actions are complete. For instance, change a one-time password, accept T&C, etc. The name for an action is `$alias on $realm`. **Important**: actions from puppet config and from a server are matched based on a combination of alias and realm, so edition of aliases is not supported. ```puppet # Minimal example keycloak_required_action { 'VERIFY_EMAIL on master': ensure => present, provider_id => 'webauthn-register', } # Full example keycloak_required_action { 'webauthn-register on master': ensure => present, provider_id => 'webauthn-register', display_name => 'Webauthn Register', default => true, enabled => true, priority => 1, config => { 'something' => 'true', # keep in mind that keycloak only supports strings for both keys and values 'smth else' => '1', }, } ``` ## Reference [http://treydock.github.io/puppet-module-keycloak/](http://treydock.github.io/puppet-module-keycloak/) ## Limitations This module has been tested on: -* CentOS 7 x86_64 -* RedHat 7 x86_64 +* RedHat/CentOS 7 x86_64 +* RedHat/CentOS 8 x86_64 * Debian 9 x86_64 +* Debian 10 x86_64 * Ubuntu 18.04 x86_64 +* Ubuntu 20.04 x86_64 diff --git a/metadata.json b/metadata.json index b2b469b..e44a9a3 100644 --- a/metadata.json +++ b/metadata.json @@ -1,93 +1,94 @@ { "name": "treydock-keycloak", "version": "6.26.0", "author": "treydock", "summary": "Keycloak Puppet module", "license": "Apache-2.0", "source": "https://github.com/treydock/puppet-module-keycloak", "project_page": "https://github.com/treydock/puppet-module-keycloak", "issues_url": "https://github.com/treydock/puppet-module-keycloak/issues", "dependencies": [ { "name": "puppetlabs/stdlib", "version_requirement": ">= 4.25.0 <7.0.0" }, { "name": "puppetlabs/mysql", "version_requirement": ">= 10.2.0 <11.0.0" }, { "name": "puppetlabs/postgresql", "version_requirement": ">= 6.4.0 <7.0.0" }, { "name": "puppetlabs/java", "version_requirement": ">= 5.0.0 <7.0.0" }, { "name": "puppetlabs/java_ks", "version_requirement": ">= 1.0.0 <4.0.0" }, { "name": "puppetlabs/augeas_core", "version_requirement": ">= 1.0.0 <4.0.0" }, { "name": "puppetlabs/yumrepo_core", "version_requirement": ">= 1.0.0 <2.0.0" }, { "name": "puppet/archive", "version_requirement": ">= 0.5.1 <5.0.0" }, { "name": "camptocamp/systemd", "version_requirement": ">= 0.4.0 <3.0.0" } ], "operatingsystem_support": [ { "operatingsystem": "RedHat", "operatingsystemrelease": [ "7", "8" ] }, { "operatingsystem": "CentOS", "operatingsystemrelease": [ "7", "8" ] }, { "operatingsystem": "Scientific", "operatingsystemrelease": [ "7", "8" ] }, { "operatingsystem": "Debian", "operatingsystemrelease": [ "9", "10" ] }, { "operatingsystem": "Ubuntu", "operatingsystemrelease": [ - "18.04" + "18.04", + "20.04" ] } ], "requirements": [ { "name": "puppet", "version_requirement": ">= 6.0.0 < 8.0.0" } ], "pdk-version": "1.17.0", "template-url": "https://github.com/treydock/pdk-templates.git#master", "template-ref": "heads/master-0-gc21ae9d" } diff --git a/spec/acceptance/nodesets/ubuntu-2004.yml b/spec/acceptance/nodesets/ubuntu-2004.yml new file mode 100644 index 0000000..5ea5eee --- /dev/null +++ b/spec/acceptance/nodesets/ubuntu-2004.yml @@ -0,0 +1,25 @@ +HOSTS: + ubuntu2004: + roles: + - agent + platform: ubuntu-20.04-amd64 + hypervisor : docker + image: ubuntu:20.04 + docker_preserve_image: true + docker_cmd: '["/sbin/init"]' + docker_image_commands: + - "rm -f /etc/dpkg/dpkg.cfg.d/excludes" + - 'apt-get install -y wget net-tools locales apt-transport-https ca-certificates' + - 'locale-gen en_US.UTF-8' + docker_env: + - LANG=en_US.UTF-8 + - LANGUAGE=en_US.UTF-8 + - LC_ALL=en_US.UTF-8 + docker_container_name: 'keycloak-ubuntu2004' +CONFIG: + log_level: debug + type: foss +ssh: + password: root + auth_methods: ["password"] +