diff --git a/.fixtures.yml b/.fixtures.yml index 82e2044..36536e3 100644 --- a/.fixtures.yml +++ b/.fixtures.yml @@ -1,13 +1,14 @@ fixtures: repositories: - apache: 'https://github.com/puppetlabs/puppetlabs-apache' - concat: 'https://github.com/puppetlabs/puppetlabs-concat' - extlib: 'https://github.com/voxpupuli/puppet-extlib' - foreman: 'https://github.com/theforeman/puppet-foreman' - git: 'https://github.com/theforeman/puppet-git' + apache: 'https://github.com/puppetlabs/puppetlabs-apache.git' + concat: 'https://github.com/puppetlabs/puppetlabs-concat.git' + extlib: 'https://github.com/voxpupuli/puppet-extlib.git' + foreman: 'https://github.com/theforeman/puppet-foreman.git' + git: 'https://github.com/theforeman/puppet-git.git' + hocon: 'https://github.com/puppetlabs/puppetlabs-hocon.git' inifile: 'https://github.com/puppetlabs/puppetlabs-inifile.git' puppetdb: 'https://github.com/puppetlabs/puppetlabs-puppetdb.git' stdlib: 'https://github.com/puppetlabs/puppetlabs-stdlib.git' symlinks: puppet: "#{source_dir}" diff --git a/.sync.yml b/.sync.yml index e5b16ee..ca484a3 100644 --- a/.sync.yml +++ b/.sync.yml @@ -1,20 +1,21 @@ --- .travis.yml: beaker_sets: - docker/centos-7 - docker/centos-6 - docker/debian-8 Rakefile: param_docs_pattern: - manifests/init.pp spec/spec_helper.rb: extra_code: | def unsupported_puppetmaster_osfamily(osfamily) ['Archlinux', 'windows', 'Suse'].include?(osfamily) end spec/spec_helper_acceptance.rb: modules: - puppet-extlib - puppetlabs-apache - puppetlabs-concat + - puppetlabs-hocon - puppetlabs-stdlib diff --git a/manifests/server/puppetserver.pp b/manifests/server/puppetserver.pp index 428c349..d9a6f4d 100644 --- a/manifests/server/puppetserver.pp +++ b/manifests/server/puppetserver.pp @@ -1,266 +1,275 @@ # == Class: puppet::server::puppetserver # # Configures the puppetserver jvm configuration file using augeas. # # === Parameters: # # * `java_bin` # Path to the java executable to use # # * `config` # Path to the jvm configuration file. # This file is usually either /etc/default/puppetserver or # /etc/sysconfig/puppetserver depending on your *nix flavor. # # * `jvm_min_heap_size` # Translates into the -Xms option and is added to the JAVA_ARGS # # * `jvm_max_heap_size` # Translates into the -Xmx option and is added to the JAVA_ARGS # # * `jvm_extra_args` # Custom options to pass through to the java binary. These get added to # the end of the JAVA_ARGS variable # # * `jvm_cli_args` # Custom options to pass through to the java binary when using a # puppetserver subcommand, (eg puppetserver gem). These get used # in the JAVA_ARGS_CLI variable. # # * `server_puppetserver_dir` # Puppetserver config directory # # * `server_puppetserver_vardir` # Puppetserver var directory # # * `server_jruby_gem_home` # Puppetserver jruby gemhome # # * `server_cipher_suites` # Puppetserver array of acceptable ciphers # # * `server_ssl_protocols` # Puppetserver array of acceptable ssl protocols # # * `server_max_active_instances` # Puppetserver number of max jruby instances # # * `server_max_requests_per_instance` # Puppetserver number of max requests per jruby instance # # === Example # # @example # # # configure memory for java < 8 # class {'::puppet::server::puppetserver': # jvm_min_heap_size => '1G', # jvm_max_heap_size => '3G', # jvm_extra_args => '-XX:MaxPermSize=256m', # } # class puppet::server::puppetserver ( $config = $::puppet::server::jvm_config, $java_bin = $::puppet::server::jvm_java_bin, $jvm_extra_args = $::puppet::server::jvm_extra_args, $jvm_cli_args = $::puppet::server::jvm_cli_args, $jvm_min_heap_size = $::puppet::server::jvm_min_heap_size, $jvm_max_heap_size = $::puppet::server::jvm_max_heap_size, $server_puppetserver_dir = $::puppet::server::puppetserver_dir, $server_puppetserver_vardir = $::puppet::server::puppetserver_vardir, $server_puppetserver_rundir = $::puppet::server::puppetserver_rundir, $server_puppetserver_logdir = $::puppet::server::puppetserver_logdir, $server_jruby_gem_home = $::puppet::server::jruby_gem_home, $server_ruby_load_paths = $::puppet::server::ruby_load_paths, $server_cipher_suites = $::puppet::server::cipher_suites, $server_max_active_instances = $::puppet::server::max_active_instances, $server_max_requests_per_instance = $::puppet::server::max_requests_per_instance, $server_ssl_protocols = $::puppet::server::ssl_protocols, $server_http = $::puppet::server::http, $server_http_allow = $::puppet::server::http_allow, $server_ca = $::puppet::server::ca, $server_dir = $::puppet::server::dir, $codedir = $::puppet::server::codedir, $server_idle_timeout = $::puppet::server::idle_timeout, $server_web_idle_timeout = $::puppet::server::web_idle_timeout, $server_connect_timeout = $::puppet::server::connect_timeout, $server_ca_auth_required = $::puppet::server::ca_auth_required, $server_ca_client_whitelist = $::puppet::server::ca_client_whitelist, $server_admin_api_whitelist = $::puppet::server::admin_api_whitelist, $server_puppetserver_version = $::puppet::server::puppetserver_version, $server_use_legacy_auth_conf = $::puppet::server::use_legacy_auth_conf, $server_check_for_updates = $::puppet::server::check_for_updates, $server_environment_class_cache_enabled = $::puppet::server::environment_class_cache_enabled, $server_jruby9k = $::puppet::server::puppetserver_jruby9k, $server_metrics = $::puppet::server::puppetserver_metrics, $server_experimental = $::puppet::server::puppetserver_experimental, ) { include ::puppet::server if !(empty($server_http_allow)) { fail('setting $server_http_allow is not supported for puppetserver as it would have no effect') } $puppetserver_package = pick($::puppet::server::package, 'puppetserver') $jvm_cmd_arr = ["-Xms${jvm_min_heap_size}", "-Xmx${jvm_max_heap_size}", $jvm_extra_args] - $jvm_cmd = strip(join(flatten($jvm_cmd_arr),' ')) + $jvm_cmd = strip(join(flatten($jvm_cmd_arr), ' ')) if $::osfamily == 'FreeBSD' { augeas { 'puppet::server::puppetserver::jvm': context => '/files/etc/rc.conf', changes => [ "set puppetserver_java_opts '\"${jvm_cmd}\"'" ], } } else { if $jvm_cli_args { $changes = [ "set JAVA_ARGS '\"${jvm_cmd}\"'", "set JAVA_BIN ${java_bin}", "set JAVA_ARGS_CLI '\"${jvm_cli_args}\"'", ] } else { $changes = [ "set JAVA_ARGS '\"${jvm_cmd}\"'", "set JAVA_BIN ${java_bin}", ] } augeas { 'puppet::server::puppetserver::jvm': lens => 'Shellvars.lns', incl => $config, context => "/files${config}", changes => $changes, } if versioncmp($server_puppetserver_version, '2.4.99') == 0 { $bootstrap_paths = "${server_puppetserver_dir}/bootstrap.cfg,${server_puppetserver_dir}/services.d/,/opt/puppetlabs/server/apps/puppetserver/config/services.d/" } elsif versioncmp($server_puppetserver_version, '2.5') >= 0 { $bootstrap_paths = "${server_puppetserver_dir}/services.d/,/opt/puppetlabs/server/apps/puppetserver/config/services.d/" } else { # 2.4 $bootstrap_paths = "${server_puppetserver_dir}/bootstrap.cfg" } augeas { 'puppet::server::puppetserver::bootstrap': lens => 'Shellvars.lns', incl => $config, context => "/files${config}", changes => "set BOOTSTRAP_CONFIG '\"${bootstrap_paths}\"'", } if versioncmp($server_puppetserver_version, '5.0') >= 0 { $jruby_jar_changes = $server_jruby9k ? { true => "set JRUBY_JAR '\"/opt/puppetlabs/server/apps/puppetserver/jruby-9k.jar\"'", default => 'rm JRUBY_JAR' } augeas { 'puppet::server::puppetserver::jruby_jar': lens => 'Shellvars.lns', incl => $config, context => "/files${config}", changes => $jruby_jar_changes, } } } # 2.4.99 configures for both 2.4 and 2.5 making upgrades and new installations easier when the # precise version available isn't known if versioncmp($server_puppetserver_version, '2.4.99') >= 0 { $servicesd = "${server_puppetserver_dir}/services.d" file { $servicesd: ensure => directory, } file { "${servicesd}/ca.cfg": ensure => file, content => template('puppet/server/puppetserver/services.d/ca.cfg.erb'), } unless $::osfamily == 'FreeBSD' { file { '/opt/puppetlabs/server/apps/puppetserver/config': ensure => directory, } file { '/opt/puppetlabs/server/apps/puppetserver/config/services.d': ensure => directory, } } } if versioncmp($server_puppetserver_version, '2.5') < 0 { $bootstrapcfg = "${server_puppetserver_dir}/bootstrap.cfg" file { $bootstrapcfg: ensure => file, } $ca_enabled_ensure = $server_ca ? { true => present, default => absent, } $ca_disabled_ensure = $server_ca ? { false => present, default => absent, } file_line { 'ca_enabled': ensure => $ca_enabled_ensure, path => $bootstrapcfg, line => 'puppetlabs.services.ca.certificate-authority-service/certificate-authority-service', require => File[$bootstrapcfg], } file_line { 'ca_disabled': ensure => $ca_disabled_ensure, path => $bootstrapcfg, line => 'puppetlabs.services.ca.certificate-authority-disabled-service/certificate-authority-disabled-service', require => File[$bootstrapcfg], } if versioncmp($server_puppetserver_version, '2.3') >= 0 { $versioned_code_service_ensure = present } else { $versioned_code_service_ensure = absent } file_line { 'versioned_code_service': ensure => $versioned_code_service_ensure, path => $bootstrapcfg, line => 'puppetlabs.services.versioned-code-service.versioned-code-service/versioned-code-service', require => File[$bootstrapcfg], } } if versioncmp($server_puppetserver_version, '2.2') < 0 { $ca_conf_ensure = file } else { $ca_conf_ensure = absent } file { "${server_puppetserver_dir}/conf.d/ca.conf": ensure => $ca_conf_ensure, content => template('puppet/server/puppetserver/conf.d/ca.conf.erb'), } file { "${server_puppetserver_dir}/conf.d/puppetserver.conf": ensure => file, content => template('puppet/server/puppetserver/conf.d/puppetserver.conf.erb'), } file { "${server_puppetserver_dir}/conf.d/webserver.conf": ensure => file, content => template('puppet/server/puppetserver/conf.d/webserver.conf.erb'), } file { "${server_puppetserver_dir}/conf.d/auth.conf": ensure => file, content => template('puppet/server/puppetserver/conf.d/auth.conf.erb'), } + $product_conf = "${server_puppetserver_dir}/conf.d/product.conf" + if versioncmp($server_puppetserver_version, '2.7') >= 0 { $product_conf_ensure = file + + hocon_setting { 'server_check_for_updates': + ensure => present, + path => $product_conf, + setting => 'product.check-for-updates', + value => $server_check_for_updates, + require => File[$product_conf], + } } else { $product_conf_ensure = absent } - file { "${server_puppetserver_dir}/conf.d/product.conf": - ensure => $product_conf_ensure, - content => template('puppet/server/puppetserver/conf.d/product.conf.erb'), + file { $product_conf: + ensure => $product_conf_ensure, } } diff --git a/metadata.json b/metadata.json index 7a504ff..d9a0430 100644 --- a/metadata.json +++ b/metadata.json @@ -1,122 +1,126 @@ { "name": "theforeman-puppet", "version": "8.0.2", "author": "theforeman", "summary": "Puppet agent and server configuration", "license": "GPL-3.0+", "source": "git://github.com/theforeman/puppet-puppet", "project_page": "https://github.com/theforeman/puppet-puppet", "issues_url": "https://github.com/theforeman/puppet-puppet/issues", "description": "Module for installing the Puppet agent and Puppet server", "tags": [ "foreman", "puppet", "puppetmaster", "puppet-server" ], "dependencies": [ { "name": "puppetlabs/apache", "version_requirement": ">= 1.2.0 < 3.0.0" }, { "name": "puppetlabs/concat", "version_requirement": ">= 1.0.0 < 5.0.0" }, + { + "name": "puppetlabs/hocon", + "version_requirement": ">= 1.0.0 < 2.0.0" + }, { "name": "puppetlabs/stdlib", "version_requirement": ">= 4.13.0 < 5.0.0" }, { "name": "puppet/extlib", "version_requirement": ">= 0.11.3 < 2.0.0" } ], "requirements": [ { "name": "puppet", "version_requirement": ">= 4.6.1 < 6.0.0" } ], "operatingsystem_support": [ { "operatingsystem": "RedHat", "operatingsystemrelease": [ "6", "7" ] }, { "operatingsystem": "CentOS", "operatingsystemrelease": [ "6", "7" ] }, { "operatingsystem": "Scientific", "operatingsystemrelease": [ "6", "7" ] }, { "operatingsystem": "Fedora", "operatingsystemrelease": [ "24" ] }, { "operatingsystem": "Debian", "operatingsystemrelease": [ "7", "8" ] }, { "operatingsystem": "Ubuntu", "operatingsystemrelease": [ "12.04", "14.04", "16.04" ] }, { "operatingsystem": "FreeBSD", "operatingsystemrelease": [ "10", "11" ] }, { "operatingsystem": "DragonFly", "operatingsystemrelease": [ "3.6", "3.8", "4" ] }, { "operatingsystem": "Archlinux" }, { "operatingsystem": "SLES", "operatingsystemrelease": [ "11", "12" ] }, { "operatingsystem": "windows", "operatingsystemrelease": [ "Vista", "7", "8", "2008", "2008 R2", "2012", "2012 R2" ] } ] } diff --git a/spec/classes/puppet_server_puppetserver_spec.rb b/spec/classes/puppet_server_puppetserver_spec.rb index 8c8d642..23459ff 100644 --- a/spec/classes/puppet_server_puppetserver_spec.rb +++ b/spec/classes/puppet_server_puppetserver_spec.rb @@ -1,836 +1,844 @@ require 'spec_helper' describe 'puppet::server::puppetserver' do on_os_under_test.each do |os, facts| next if facts[:osfamily] == 'windows' next if facts[:osfamily] == 'Archlinux' context "on #{os}" do let :pre_condition do "class {'puppet': server_implementation => 'puppetserver'}" end if Puppet.version < '4.0' additional_facts = {} else additional_facts = {:rubysitedir => '/opt/puppetlabs/puppet/lib/ruby/site_ruby/2.1.0'} end let(:facts) do facts.merge(additional_facts) end let(:default_params) do { :java_bin => '/usr/bin/java', :config => '/etc/default/puppetserver', :jvm_min_heap_size => '2G', :jvm_max_heap_size => '2G', :jvm_extra_args => '', :jvm_cli_args => false, # In reality defaults to undef :server_ca_auth_required => true, :server_ca_client_whitelist => [ 'localhost', 'puppetserver123.example.com' ], :server_admin_api_whitelist => [ 'localhost', 'puppetserver123.example.com' ], :server_ruby_load_paths => [ '/some/path', ], :server_ssl_protocols => [ 'TLSv1.2', ], :server_cipher_suites => [ 'TLS_RSA_WITH_AES_256_CBC_SHA256', 'TLS_RSA_WITH_AES_256_CBC_SHA', 'TLS_RSA_WITH_AES_128_CBC_SHA256', 'TLS_RSA_WITH_AES_128_CBC_SHA', ], :server_max_active_instances => 2, :server_max_requests_per_instance => 0, :server_http => false, :server_http_allow => [], :server_ca => true, :server_puppetserver_version => '2.4.99', :server_use_legacy_auth_conf => false, :server_puppetserver_dir => '/etc/custom/puppetserver', :server_puppetserver_vardir => '/opt/puppetlabs/server/data/puppetserver', :server_puppetserver_rundir => '/var/run/puppetlabs/puppetserver', :server_puppetserver_logdir => '/var/log/puppetlabs/puppetserver', :server_jruby_gem_home => '/opt/puppetlabs/server/data/puppetserver/jruby-gems', :server_dir => '/etc/puppetlabs/puppet', :codedir => '/etc/puppetlabs/code', :server_idle_timeout => 1200000, :server_web_idle_timeout => 30000, :server_connect_timeout => 120000, :server_check_for_updates => true, :server_environment_class_cache_enabled => false, :server_jruby9k => false, :server_metrics => true, :server_experimental => true, } end describe 'with default parameters' do let(:params) do default_params.merge({ :server_puppetserver_dir => '/etc/custom/puppetserver', }) end it { should contain_file('/etc/custom/puppetserver/bootstrap.cfg') } it { should contain_file_line('ca_enabled').with_ensure('present') } it { should contain_file_line('ca_disabled'). with_ensure('absent') } it { should contain_file('/etc/custom/puppetserver/services.d').with_ensure('directory') } it { should contain_file('/etc/custom/puppetserver/services.d/ca.cfg') } if facts[:osfamily] == 'FreeBSD' it { should contain_augeas('puppet::server::puppetserver::jvm'). with_changes([ 'set puppetserver_java_opts \'"-Xms2G -Xmx2G"\'', ]). with_context('/files/etc/rc.conf'). with({}) } else it { should contain_file('/opt/puppetlabs/server/apps/puppetserver/config').with_ensure('directory') } it { should contain_file('/opt/puppetlabs/server/apps/puppetserver/config/services.d').with_ensure('directory') } it { should contain_augeas('puppet::server::puppetserver::bootstrap'). with_changes('set BOOTSTRAP_CONFIG \'"/etc/custom/puppetserver/bootstrap.cfg,/etc/custom/puppetserver/services.d/,/opt/puppetlabs/server/apps/puppetserver/config/services.d/"\'') } it { should contain_augeas('puppet::server::puppetserver::jvm'). with_changes([ 'set JAVA_ARGS \'"-Xms2G -Xmx2G"\'', 'set JAVA_BIN /usr/bin/java', ]). with_context('/files/etc/default/puppetserver'). with_incl('/etc/default/puppetserver'). with_lens('Shellvars.lns'). with({}) } end it { should contain_file('/etc/custom/puppetserver/conf.d/ca.conf') } it { should contain_file('/etc/custom/puppetserver/conf.d/puppetserver.conf') } it { should contain_file('/etc/custom/puppetserver/conf.d/webserver.conf'). with_content(/ssl-host:\s0\.0\.0\.0/). with_content(/ssl-port:\s8140/). without_content(/ host:\s/). without_content(/ port:\s8139/). with({}) } it { should contain_file('/etc/custom/puppetserver/conf.d/auth.conf'). with_content(/allow-header-cert-info: false/). with({}) } end describe 'server_puppetserver_vardir' do context 'with default parameters' do let(:params) do default_params.merge({ :server_puppetserver_dir => '/etc/custom/puppetserver', }) end it 'should have master-var-dir: /opt/puppetlabs/server/data/puppetserver' do content = catalogue.resource('file', '/etc/custom/puppetserver/conf.d/puppetserver.conf').send(:parameters)[:content] expect(content).to include(%Q[ master-var-dir: /opt/puppetlabs/server/data/puppetserver\n]) end end context 'with custom server_puppetserver_vardir' do let(:params) do default_params.merge({ :server_puppetserver_dir => '/etc/custom/puppetserver', :server_puppetserver_vardir => '/opt/custom/puppetlabs/server/data/puppetserver', }) end it 'should have master-var-dir: /opt/puppetlabs/server/data/puppetserver' do content = catalogue.resource('file', '/etc/custom/puppetserver/conf.d/puppetserver.conf').send(:parameters)[:content] expect(content).to include(%Q[ master-var-dir: /opt/custom/puppetlabs/server/data/puppetserver\n]) end end end describe 'use-legacy-auth-conf' do context 'with default parameters' do let(:params) do default_params.merge({ :server_puppetserver_dir => '/etc/custom/puppetserver', }) end it 'should have use-legacy-auth-conf: false in puppetserver.conf' do content = catalogue.resource('file', '/etc/custom/puppetserver/conf.d/puppetserver.conf').send(:parameters)[:content] expect(content).to include(%Q[ use-legacy-auth-conf: false\n]) end end context 'when use-legacy-auth-conf = true' do let(:params) do default_params.merge({ :server_use_legacy_auth_conf => true, :server_puppetserver_dir => '/etc/custom/puppetserver', }) end it 'should have use-legacy-auth-conf: true in puppetserver.conf' do content = catalogue.resource('file', '/etc/custom/puppetserver/conf.d/puppetserver.conf').send(:parameters)[:content] expect(content).to include(%Q[ use-legacy-auth-conf: true\n]) end end context 'when server_puppetserver_version < 2.2' do let(:params) do default_params.merge({ :server_puppetserver_version => '2.1.2', :server_puppetserver_dir => '/etc/custom/puppetserver', }) end it 'should not have a use-legacy-auth-conf setting in puppetserver.conf' do content = catalogue.resource('file', '/etc/custom/puppetserver/conf.d/puppetserver.conf').send(:parameters)[:content] expect(content).not_to include('use-legacy-auth-conf') end end end describe 'environment-class-cache-enabled' do context 'with default parameters' do let(:params) do default_params.merge({ :server_puppetserver_dir => '/etc/custom/puppetserver', }) end it 'should have environment-class-cache-enabled: false in puppetserver.conf' do content = catalogue.resource('file', '/etc/custom/puppetserver/conf.d/puppetserver.conf').send(:parameters)[:content] expect(content).to include(%Q[ environment-class-cache-enabled: false\n]) end end context 'when environment-class-cache-enabled = true' do let(:params) do default_params.merge({ :server_environment_class_cache_enabled => true, :server_puppetserver_dir => '/etc/custom/puppetserver', }) end it 'should have environment-class-cache-enabled: true in puppetserver.conf' do content = catalogue.resource('file', '/etc/custom/puppetserver/conf.d/puppetserver.conf').send(:parameters)[:content] expect(content).to include(%Q[ environment-class-cache-enabled: true\n]) end end context 'when server_puppetserver_version < 2.4' do let(:params) do default_params.merge({ :server_puppetserver_version => '2.2.2', :server_puppetserver_dir => '/etc/custom/puppetserver', }) end it 'should not have a environment-class-cache-enabled setting in puppetserver.conf' do content = catalogue.resource('file', '/etc/custom/puppetserver/conf.d/puppetserver.conf').send(:parameters)[:content] expect(content).not_to include('environment-class-cache-enabled') end end end describe 'server_max_requests_per_instance' do context 'with default parameters' do let(:params) do default_params.merge({ :server_puppetserver_dir => '/etc/custom/puppetserver', }) end it 'should have max-requests-per-instance: /opt/puppetlabs/server/data/puppetserver' do content = catalogue.resource('file', '/etc/custom/puppetserver/conf.d/puppetserver.conf').send(:parameters)[:content] expect(content).to include(%Q[ max-requests-per-instance: 0\n]) end end context 'custom server_max_requests_per_instance' do let(:params) do default_params.merge({ :server_max_requests_per_instance => 123456, }) end it 'should have custom max-requests-per-instance: /opt/puppetlabs/server/data/puppetserver' do content = catalogue.resource('file', '/etc/custom/puppetserver/conf.d/puppetserver.conf').send(:parameters)[:content] expect(content).to include(%Q[ max-requests-per-instance: 123456\n]) end end end describe 'versioned-code-service' do context 'when server_puppetserver_version >= 2.5' do let(:params) do default_params.merge({ :server_puppetserver_version => '2.5.0', :server_puppetserver_dir => '/etc/custom/puppetserver', }) end it { should_not contain_file_line('versioned_code_service') } end context 'when server_puppetserver_version >= 2.3 and < 2.5' do let(:params) do default_params.merge({ :server_puppetserver_version => '2.3.1', :server_puppetserver_dir => '/etc/custom/puppetserver', }) end it 'should have versioned-code-service in bootstrap.cfg' do should contain_file_line('versioned_code_service'). with_ensure('present'). with_path('/etc/custom/puppetserver/bootstrap.cfg'). with_line('puppetlabs.services.versioned-code-service.versioned-code-service/versioned-code-service'). that_requires('File[/etc/custom/puppetserver/bootstrap.cfg]') end end context 'when server_puppetserver_version < 2.3' do let(:params) do default_params.merge({ :server_puppetserver_version => '2.2.2', :server_puppetserver_dir => '/etc/custom/puppetserver', }) end it 'should not have versioned-code-service in bootstrap.cfg' do should contain_file_line('versioned_code_service'). with_ensure('absent'). with_path('/etc/custom/puppetserver/bootstrap.cfg'). with_line('puppetlabs.services.versioned-code-service.versioned-code-service/versioned-code-service'). that_requires('File[/etc/custom/puppetserver/bootstrap.cfg]') end end end describe 'bootstrap.cfg' do context 'when server_puppetserver_version >= 2.5' do let(:params) do default_params.merge({ :server_puppetserver_version => '2.5.0', :server_puppetserver_dir => '/etc/custom/puppetserver', }) end it { should_not contain_file('/etc/custom/puppetserver/bootstrap.cfg') } it { should_not contain_file_line('ca_enabled') } it { should_not contain_file_line('ca_disabled') } end context 'when server_puppetserver_version < 2.4.99' do let(:params) do default_params.merge({ :server_puppetserver_version => '2.4.98', :server_puppetserver_dir => '/etc/custom/puppetserver', }) end it { should contain_file('/etc/custom/puppetserver/bootstrap.cfg') } it { should contain_file_line('ca_enabled'). with_ensure('present'). with_path('/etc/custom/puppetserver/bootstrap.cfg'). with_line('puppetlabs.services.ca.certificate-authority-service/certificate-authority-service'). that_requires('File[/etc/custom/puppetserver/bootstrap.cfg]') } it { should contain_file_line('ca_disabled'). with_ensure('absent'). with_path('/etc/custom/puppetserver/bootstrap.cfg'). with_line('puppetlabs.services.ca.certificate-authority-disabled-service/certificate-authority-disabled-service'). that_requires('File[/etc/custom/puppetserver/bootstrap.cfg]') } unless facts[:osfamily] == 'FreeBSD' it { should contain_augeas('puppet::server::puppetserver::bootstrap'). with_changes('set BOOTSTRAP_CONFIG \'"/etc/custom/puppetserver/bootstrap.cfg"\''). with_context('/files/etc/default/puppetserver'). with_incl('/etc/default/puppetserver'). with_lens('Shellvars.lns'). with({}) } end end end describe 'ca.cfg' do context 'when server_puppetserver_version >= 2.5' do let(:params) do default_params.merge({ :server_puppetserver_version => '2.5.0', :server_puppetserver_dir => '/etc/custom/puppetserver', }) end it { should contain_file('/etc/custom/puppetserver/services.d').with_ensure('directory') } it { should contain_file('/etc/custom/puppetserver/services.d/ca.cfg'). with_content(%r{^puppetlabs.services.ca.certificate-authority-service/certificate-authority-service}). with_content(%r{^#puppetlabs.services.ca.certificate-authority-disabled-service/certificate-authority-disabled-service}) } unless facts[:osfamily] == 'FreeBSD' it { should contain_file('/opt/puppetlabs/server/apps/puppetserver/config').with_ensure('directory') } it { should contain_file('/opt/puppetlabs/server/apps/puppetserver/config/services.d').with_ensure('directory') } it { should contain_augeas('puppet::server::puppetserver::bootstrap'). with_changes('set BOOTSTRAP_CONFIG \'"/etc/custom/puppetserver/services.d/,/opt/puppetlabs/server/apps/puppetserver/config/services.d/"\''). with_context('/files/etc/default/puppetserver'). with_incl('/etc/default/puppetserver'). with_lens('Shellvars.lns'). with({}) } end end context 'when server_puppetserver_version >= 2.5 and server_ca => false' do let(:params) do default_params.merge({ :server_puppetserver_version => '2.5.0', :server_puppetserver_dir => '/etc/custom/puppetserver', :server_ca => false, }) end it { should contain_file('/etc/custom/puppetserver/services.d/ca.cfg'). with_content(%r{^#puppetlabs.services.ca.certificate-authority-service/certificate-authority-service}). with_content(%r{^puppetlabs.services.ca.certificate-authority-disabled-service/certificate-authority-disabled-service}) } end context 'when server_puppetserver_version < 2.4.99' do let(:params) do default_params.merge({ :server_puppetserver_version => '2.4.98', :server_puppetserver_dir => '/etc/custom/puppetserver', }) end it { should_not contain_file('/etc/custom/puppetserver/services.d') } it { should_not contain_file('/etc/custom/puppetserver/services.d/ca.cfg') } it { should_not contain_file('/opt/puppetlabs/server/apps/puppetserver/config') } it { should_not contain_file('/opt/puppetlabs/server/apps/puppetserver/config/services.d') } end end describe 'server_ca related settings' do context 'when server_puppetserver_version >= 2.2' do let(:params) do default_params.merge({ :server_puppetserver_version => '2.2.0', :server_puppetserver_dir => '/etc/custom/puppetserver', }) end it { should contain_file('/etc/custom/puppetserver/conf.d/auth.conf'). with_content(/^\s+path: "\/puppet-ca\/v1\/certificate_status\/"/). with_content(/^\s+name: "certificate_status"/). with_content(/^\s+path: "\/puppet-ca\/v1\/certificate_statuses\/"/). with_content(/^\s+name: "certificate_statuses"/). with_content(/^\s+path: "\/puppet-admin-api\/v1\/environment-cache"/). with_content(/^\s+name: "environment-cache"/). with_content(/^\s+path: "\/puppet-admin-api\/v1\/jruby-pool"/). with_content(/^\s+name: "jruby-pool"/). with({}) # So we can use a trailing dot on each with_content line } it { should contain_file('/etc/custom/puppetserver/conf.d/ca.conf'). with_ensure('absent'). with({}) # So we can use a trailing dot on each with_content line } it { should contain_file('/etc/custom/puppetserver/conf.d/puppetserver.conf'). without_content(/^# Settings related to the puppet-admin HTTP API$/). without_content(/^puppet-admin: \{$/). without_content(/^\s+client-whitelist: \[$/). without_content(/^\s+"localhost"\,$/). without_content(/^\s+"puppetserver123.example.com"\,$/). with({}) # So we can use a trailing dot on each with_content line } end context 'when server_puppetserver_version < 2.2' do let(:params) do default_params.merge({ :server_puppetserver_version => '2.1.1', :server_puppetserver_dir => '/etc/custom/puppetserver', }) end it { should contain_file('/etc/custom/puppetserver/conf.d/auth.conf'). without_content(/^\s+path: "\/puppet-ca\/v1\/certificate_status\/"/). without_content(/^\s+name: "certificate_status"/). without_content(/^\s+path: "\/puppet-ca\/v1\/certificate_statuses\/"/). without_content(/^\s+name: "certificate_statuses"/). without_content(/^\s+path: "\/puppet-admin-api\/v1\/environment-cache"/). without_content(/^\s+name: "environment-cache"/). without_content(/^\s+path: "\/puppet-admin-api\/v1\/jruby-pool"/). without_content(/^\s+name: "jruby-pool"/). with({}) # So we can use a trailing dot on each with_content line } it { should contain_file('/etc/custom/puppetserver/conf.d/ca.conf'). with_content(/^\s+authorization-required: true$/). with_content(/^\s+client-whitelist: \[$/). with_content(/^\s+"localhost"\,$/). with_content(/^\s+"puppetserver123.example.com"\,$/). with({}) # So we can use a trailing dot on each with_content line } it { should contain_file('/etc/custom/puppetserver/conf.d/puppetserver.conf'). with_content(/^# Settings related to the puppet-admin HTTP API$/). with_content(/^puppet-admin: \{$/). with_content(/^\s+client-whitelist: \[$/). with_content(/^\s+"localhost"\,$/). with_content(/^\s+"puppetserver123.example.com"\,$/). with({}) # So we can use a trailing dot on each with_content line } end end describe 'product.conf' do context 'when server_puppetserver_version >= 2.7' do let(:params) do - default_params.merge({ + default_params.merge( :server_puppetserver_version => '2.7.0', - :server_puppetserver_dir => '/etc/custom/puppetserver', - :server_check_for_updates => false, - }) + :server_puppetserver_dir => '/etc/custom/puppetserver', + :server_check_for_updates => false, + ) end it { should contain_file('/etc/custom/puppetserver/conf.d/product.conf'). - with_content(/^\s+check-for-updates: false/) + with_ensure('file') + } + it { + should contain_hocon_setting('server_check_for_updates'). + with_path('/etc/custom/puppetserver/conf.d/product.conf'). + with_setting('product.check-for-updates'). + with_value(false) } end context 'when server_puppetserver_version < 2.7' do let(:params) do - default_params.merge({ + default_params.merge( :server_puppetserver_version => '2.6.0', :server_puppetserver_dir => '/etc/custom/puppetserver', - }) + ) end it { should contain_file('/etc/custom/puppetserver/conf.d/product.conf'). with_ensure('absent') } + it { + should_not contain_hocon_setting('server_check_for_updates') + } end end describe 'server_metrics' do - context 'when server_puppetserver_version < 5.0 and server_metrics => true' do + context 'when server_puppetserver_version < 5.0 and server_metrics => true' do let(:params) do default_params.merge({ :server_puppetserver_version => '2.7.0', :server_puppetserver_dir => '/etc/custom/puppetserver', :server_metrics => true, }) end it { should contain_file('/etc/custom/puppetserver/conf.d/puppetserver.conf'). without_content(%r{^ metrics-enabled: (.*)$}). with_content(%r{^profiler: \{\n # enable or disable profiling for the Ruby code;\n enabled: true}) } end context 'when server_puppetserver_version < 5.0 and server_metrics => false' do let(:params) do default_params.merge({ :server_puppetserver_version => '2.7.0', :server_puppetserver_dir => '/etc/custom/puppetserver', :server_metrics => false, }) end it { should contain_file('/etc/custom/puppetserver/conf.d/puppetserver.conf'). without_content(%r{^ metrics-enabled: (.*)$}). with_content(%r{^profiler: \{\n # enable or disable profiling for the Ruby code;\n enabled: false}) } end context 'when server_puppetserver_version >= 5.0 and server_metrics => true' do let(:params) do default_params.merge({ :server_puppetserver_version => '5.0.0', :server_puppetserver_dir => '/etc/custom/puppetserver', :server_metrics => true, }) end it { should contain_file('/etc/custom/puppetserver/conf.d/puppetserver.conf'). with_content(%r{^ # Whether to enable http-client metrics; defaults to 'true'.\n metrics-enabled: true$(.*)}). with_content(%r{^profiler: \{\n # enable or disable profiling for the Ruby code;\n enabled: true}) } end context 'when server_puppetserver_version >= 5.0 and server_metrics => false' do let(:params) do default_params.merge({ :server_puppetserver_version => '5.0.0', :server_puppetserver_dir => '/etc/custom/puppetserver', :server_metrics => false, }) end it { should contain_file('/etc/custom/puppetserver/conf.d/puppetserver.conf'). with_content(%r{^ # Whether to enable http-client metrics; defaults to 'true'.\n metrics-enabled: false$}). with_content(%r{^profiler: \{\n # enable or disable profiling for the Ruby code;\n enabled: false}) } end end describe 'server_experimental' do context 'when server_puppetserver_version < 5.0 and server_experimental => true' do let(:params) do default_params.merge({ :server_puppetserver_version => '2.7.0', :server_puppetserver_dir => '/etc/custom/puppetserver', :server_experimental => true, }) end it { should contain_file('/etc/custom/puppetserver/conf.d/auth.conf'). without_content(%r{^(\ *)path: "/puppet/experimental"$}) } end context 'when server_puppetserver_version < 5.0 and server_experimental => false' do let(:params) do default_params.merge({ :server_puppetserver_version => '2.7.0', :server_puppetserver_dir => '/etc/custom/puppetserver', :server_experimental => false, }) end it { should contain_file('/etc/custom/puppetserver/conf.d/auth.conf'). without_content(%r{^(\ *)path: "/puppet/experimental"$}) } end context 'when server_puppetserver_version >= 5.0 and server_experimental => true' do let(:params) do default_params.merge({ :server_puppetserver_version => '5.0.0', :server_puppetserver_dir => '/etc/custom/puppetserver', :server_experimental => true, }) end it { should contain_file('/etc/custom/puppetserver/conf.d/auth.conf'). with_content(%r{^(\ *)path: "/puppet/experimental"$}) } end context 'when server_puppetserver_version >= 5.0 and server_experimental => false' do let(:params) do default_params.merge({ :server_puppetserver_version => '5.0.0', :server_puppetserver_dir => '/etc/custom/puppetserver', :server_experimental => false, }) end it { should contain_file('/etc/custom/puppetserver/conf.d/auth.conf'). without_content(%r{^(\ *)path: "/puppet/experimental"$}) } end end unless facts[:osfamily] == 'FreeBSD' describe 'server_jruby9k' do context 'when server_puppetserver_version < 5.0 and server_jruby9k => true' do let(:params) do default_params.merge({ :server_puppetserver_version => '2.7.0', :server_puppetserver_dir => '/etc/custom/puppetserver', :server_jruby9k => true, }) end it { should_not contain_augeas('puppet::server::puppetserver::jruby_jar') } end context 'when server_puppetserver_version < 5.0 and server_jruby9k => false' do let(:params) do default_params.merge({ :server_puppetserver_version => '2.7.0', :server_puppetserver_dir => '/etc/custom/puppetserver', :server_jruby9k => false, }) end it { should_not contain_augeas('puppet::server::puppetserver::jruby_jar') } end context 'when server_puppetserver_version >= 5.0 and server_jruby9k => true' do let(:params) do default_params.merge({ :server_puppetserver_version => '5.0.0', :server_puppetserver_dir => '/etc/custom/puppetserver', :server_jruby9k => true, }) end it { should contain_augeas('puppet::server::puppetserver::jruby_jar'). with_changes(['set JRUBY_JAR \'"/opt/puppetlabs/server/apps/puppetserver/jruby-9k.jar"\'']). with_context('/files/etc/default/puppetserver'). with_incl('/etc/default/puppetserver'). with_lens('Shellvars.lns'). with({}) } end context 'when server_puppetserver_version >= 5.0 and server_jruby9k => false' do let(:params) do default_params.merge({ :server_puppetserver_version => '5.0.0', :server_puppetserver_dir => '/etc/custom/puppetserver', :server_jruby9k => false, }) end it { should contain_augeas('puppet::server::puppetserver::jruby_jar'). with_changes(['rm JRUBY_JAR']). with_context('/files/etc/default/puppetserver'). with_incl('/etc/default/puppetserver'). with_lens('Shellvars.lns'). with({}) } end end end describe 'with extra_args parameter' do let :params do default_params.merge({ :jvm_extra_args => ['-XX:foo=bar', '-XX:bar=foo'], }) end if facts[:osfamily] == 'FreeBSD' it { should contain_augeas('puppet::server::puppetserver::jvm'). with_changes([ 'set puppetserver_java_opts \'"-Xms2G -Xmx2G -XX:foo=bar -XX:bar=foo"\'', ]). with_context('/files/etc/rc.conf'). with({}) } else it { should contain_augeas('puppet::server::puppetserver::jvm'). with_changes([ 'set JAVA_ARGS \'"-Xms2G -Xmx2G -XX:foo=bar -XX:bar=foo"\'', 'set JAVA_BIN /usr/bin/java', ]). with_context('/files/etc/default/puppetserver'). with_incl('/etc/default/puppetserver'). with_lens('Shellvars.lns'). with({}) } end end describe 'with cli_args parameter' do let :params do default_params.merge({ :jvm_cli_args => '-Djava.io.tmpdir=/var/puppettmp', }) end if facts[:osfamily] != 'FreeBSD' it { should contain_augeas('puppet::server::puppetserver::jvm'). with_changes([ 'set JAVA_ARGS \'"-Xms2G -Xmx2G"\'', 'set JAVA_BIN /usr/bin/java', 'set JAVA_ARGS_CLI \'"-Djava.io.tmpdir=/var/puppettmp"\'', ]). with_context('/files/etc/default/puppetserver'). with_incl('/etc/default/puppetserver'). with_lens('Shellvars.lns'). with({}) } end end describe 'with jvm_config file parameter' do let :params do default_params.merge({ :config => '/etc/custom/puppetserver', }) end if facts[:osfamily] == 'FreeBSD' it { should contain_augeas('puppet::server::puppetserver::jvm'). with_context('/files/etc/rc.conf'). with({}) } else it { should contain_augeas('puppet::server::puppetserver::jvm'). with_context('/files/etc/custom/puppetserver'). with_incl('/etc/custom/puppetserver'). with_lens('Shellvars.lns'). with({}) } end end describe 'with server_ip parameter given to the puppet class' do let(:params) do default_params.merge({ :server_puppetserver_dir => '/etc/custom/puppetserver', }) end let :pre_condition do "class {'puppet': server_ip => '127.0.0.1', server_implementation => 'puppetserver'}" end it 'should put the correct ip address in webserver.conf' do should contain_file('/etc/custom/puppetserver/conf.d/webserver.conf').with_content(/ssl-host:\s127\.0\.0\.1/) end end describe 'with server_certname parameter given to the puppet class' do let(:params) do default_params.merge({ :server_puppetserver_dir => '/etc/custom/puppetserver', }) end let :pre_condition do "class {'puppet': server_certname => 'puppetserver43.example.com', server_implementation => 'puppetserver', server_ssl_dir => '/etc/custom/puppet/ssl'}" end it 'should put the correct ssl key path in webserver.conf' do should contain_file('/etc/custom/puppetserver/conf.d/webserver.conf'). with_content(%r{ssl-key: /etc/custom/puppet/ssl/private_keys/puppetserver43\.example\.com\.pem}) end it 'should put the correct ssl cert path in webserver.conf' do should contain_file('/etc/custom/puppetserver/conf.d/webserver.conf'). with_content(%r{ssl-cert: /etc/custom/puppet/ssl/certs/puppetserver43\.example\.com\.pem}) end end describe 'with server_http parameter set to true for the puppet class' do let(:params) do default_params.merge({ :server_puppetserver_dir => '/etc/custom/puppetserver', }) end let :pre_condition do "class {'puppet': server_http => true, server_implementation => 'puppetserver'}" end it { should contain_file('/etc/custom/puppetserver/conf.d/webserver.conf'). with_content(/ host:\s0\.0\.0\.0/). with_content(/ port:\s8139/). with({}) } it { should contain_file('/etc/custom/puppetserver/conf.d/auth.conf'). with_content(/allow-header-cert-info: true/). with({}) } end describe 'with server_allow_header_cert_info parameter set to true for the puppet class' do let(:params) do default_params.merge({ :server_puppetserver_dir => '/etc/custom/puppetserver', }) end let :pre_condition do "class {'puppet': server_allow_header_cert_info => true, server_implementation => 'puppetserver'}" end it { should contain_file('/etc/custom/puppetserver/conf.d/auth.conf'). with_content(/allow-header-cert-info: true/). with({}) } end describe 'with server_http_allow parameter set for the puppet class' do let(:params) do default_params.merge({ :server_puppetserver_dir => '/etc/custom/puppetserver', }) end let :pre_condition do "class {'puppet': server => true, server_http => true, server_http_allow => ['1.2.3.4'], server_implementation => 'puppetserver'}" end it { should raise_error(Puppet::Error, /setting \$server_http_allow is not supported for puppetserver as it would have no effect/) } - end end end end diff --git a/spec/spec_helper_acceptance.rb b/spec/spec_helper_acceptance.rb index 17e755b..3839aad 100644 --- a/spec/spec_helper_acceptance.rb +++ b/spec/spec_helper_acceptance.rb @@ -1,42 +1,42 @@ require 'beaker-rspec/spec_helper' require 'beaker-rspec/helpers/serverspec' require 'beaker/puppet_install_helper' run_puppet_install_helper unless ENV['BEAKER_provision'] == 'no' RSpec.configure do |c| # Project root proj_root = File.expand_path(File.join(File.dirname(__FILE__), '..')) # Readable test descriptions c.formatter = :documentation # Configure all nodes in nodeset c.before :suite do # Install module and dependencies puppet_module_install(:source => proj_root, :module_name => 'puppet') hosts.each do |host| - ["puppet-extlib", "puppetlabs-apache", "puppetlabs-concat", "puppetlabs-stdlib"].each do |mod| + ['puppet-extlib', 'puppetlabs-apache', 'puppetlabs-concat', 'puppetlabs-hocon', 'puppetlabs-stdlib'].each do |mod| on host, puppet('module', 'install', mod), { :acceptable_exit_codes => [0] } end if fact_on(host, 'osfamily') == 'RedHat' # don't delete downloaded rpm for use with BEAKER_provision=no + # BEAKER_destroy=no on host, 'sed -i "s/keepcache=.*/keepcache=1/" /etc/yum.conf' # refresh check if cache needs refresh on next yum command on host, 'yum clean expire-cache' end end end end shared_examples 'a idempotent resource' do it 'applies with no errors' do apply_manifest(pp, catch_failures: true) end it 'applies a second time without changes' do apply_manifest(pp, catch_changes: true) end end diff --git a/templates/server/puppetserver/conf.d/product.conf.erb b/templates/server/puppetserver/conf.d/product.conf.erb deleted file mode 100644 index 0f72646..0000000 --- a/templates/server/puppetserver/conf.d/product.conf.erb +++ /dev/null @@ -1,4 +0,0 @@ -product: { - # automatic update checks and corresponding analytic data collection - check-for-updates: <%= @server_check_for_updates %> -}