beaker-pe 2.11.14 → 2.11.17
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/workflows/snyk_merge.yaml +30 -0
- data/CODEOWNERS +1 -1
- data/lib/beaker-pe/install/pe_utils.rb +68 -4
- data/lib/beaker-pe/version.rb +1 -1
- metadata +4 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: c2f1158ec22a1984b9cc1169e67201c868534857f11c243ae59a1d337e2abfb5
|
|
4
|
+
data.tar.gz: abc9ef3725fe4a305a3edbb503a5c48d28934b2539ac1c2cf32a95538059589f
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 2700a7024284981d6697b97c40b9885ae76616a310ad080eb22e108c9115da6ffd4205071524044023e15bc3cc3ceecc06d2025df5de061c26168a529dfbf2ce
|
|
7
|
+
data.tar.gz: 782e10c4809d2f81438f06fc653dd94d420f1c6f34a9a00e9cce1c4ad453ba521e79a49574111fbd3585083e7461c97f2c3476f707b4f84388c5285bc1a940b2
|
|
@@ -0,0 +1,30 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: Snyk Scan
|
|
3
|
+
on: push
|
|
4
|
+
|
|
5
|
+
# Note: if your workflow involves working from branches
|
|
6
|
+
# on the puppetlabs repos directly rather from a fork
|
|
7
|
+
# you will probably want to use the below for events to
|
|
8
|
+
# reduce the reporting noise.
|
|
9
|
+
# on:
|
|
10
|
+
# push:
|
|
11
|
+
# branches:
|
|
12
|
+
# - main
|
|
13
|
+
|
|
14
|
+
jobs:
|
|
15
|
+
security:
|
|
16
|
+
runs-on: ubuntu-latest
|
|
17
|
+
steps:
|
|
18
|
+
- uses: actions/checkout@master
|
|
19
|
+
- name: setup ruby
|
|
20
|
+
uses: ruby/setup-ruby@v1
|
|
21
|
+
with:
|
|
22
|
+
ruby-version: 2.7
|
|
23
|
+
- name: create lock
|
|
24
|
+
run: bundle lock
|
|
25
|
+
- name: Run Snyk to check for vulnerabilities
|
|
26
|
+
uses: snyk/actions/ruby@master
|
|
27
|
+
env:
|
|
28
|
+
SNYK_TOKEN: ${{ secrets.SNYK_FOSS_KEY }}
|
|
29
|
+
with:
|
|
30
|
+
command: monitor
|
data/CODEOWNERS
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
#This Repository is maintained by both the beaker, installer, and Night's Watch teams, depending on the location of the changes
|
|
2
|
-
* @puppetlabs/
|
|
2
|
+
* @puppetlabs/dio
|
|
3
3
|
/lib/beaker-pe/install @puppetlabs/installer-and-management
|
|
4
4
|
/lib/beaker-pe/pe-client-tools @puppetlabs/night-s-watch
|
|
5
5
|
/spec/beaker-pe/install @puppetlabs/installer-and-management
|
|
@@ -422,12 +422,12 @@ module Beaker
|
|
|
422
422
|
end
|
|
423
423
|
|
|
424
424
|
if (host['roles'].include?('master') || host['roles'].include?('pe_postgres')) && version_is_less(host[:pe_ver], '2019.8.5') && hosts.any? {|agent| agent['platform'] =~ /(debian)|(ubuntu)|(sles)/}
|
|
425
|
-
on(
|
|
426
|
-
on(
|
|
425
|
+
on(host, "rm -f #{path_to_gpg_key}")
|
|
426
|
+
on(host, "curl #{gpg_url} --output #{path_to_gpg_key}")
|
|
427
427
|
if location == 'pe_repo'
|
|
428
428
|
gpg_key_overwrite(host, 'pe_repo_env')
|
|
429
429
|
elsif location == 'pe_repo_env'
|
|
430
|
-
on
|
|
430
|
+
on host, puppet('agent -t'), :acceptable_exit_codes => [0,2]
|
|
431
431
|
end
|
|
432
432
|
end
|
|
433
433
|
end
|
|
@@ -884,6 +884,7 @@ module Beaker
|
|
|
884
884
|
end
|
|
885
885
|
|
|
886
886
|
install_hosts.each do |host|
|
|
887
|
+
solaris_key_chain_fix
|
|
887
888
|
|
|
888
889
|
if agent_only_check_needed && hosts_agent_only.include?(host) || install_via_msi?(host)
|
|
889
890
|
host['type'] = 'aio'
|
|
@@ -1332,6 +1333,60 @@ module Beaker
|
|
|
1332
1333
|
answers
|
|
1333
1334
|
end
|
|
1334
1335
|
|
|
1336
|
+
# If installing older versions of solaris, make sure the DigiCert cert is added to the keychain
|
|
1337
|
+
def solaris_key_chain_fix
|
|
1338
|
+
digicert = <<-EOM
|
|
1339
|
+
-----BEGIN CERTIFICATE-----
|
|
1340
|
+
MIIFkDCCA3igAwIBAgIQBZsbV56OITLiOQe9p3d1XDANBgkqhkiG9w0BAQwFADBi
|
|
1341
|
+
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
|
|
1342
|
+
d3cuZGlnaWNlcnQuY29tMSEwHwYDVQQDExhEaWdpQ2VydCBUcnVzdGVkIFJvb3Qg
|
|
1343
|
+
RzQwHhcNMTMwODAxMTIwMDAwWhcNMzgwMTE1MTIwMDAwWjBiMQswCQYDVQQGEwJV
|
|
1344
|
+
UzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQu
|
|
1345
|
+
Y29tMSEwHwYDVQQDExhEaWdpQ2VydCBUcnVzdGVkIFJvb3QgRzQwggIiMA0GCSqG
|
|
1346
|
+
SIb3DQEBAQUAA4ICDwAwggIKAoICAQC/5pBzaN675F1KPDAiMGkz7MKnJS7JIT3y
|
|
1347
|
+
ithZwuEppz1Yq3aaza57G4QNxDAf8xukOBbrVsaXbR2rsnnyyhHS5F/WBTxSD1If
|
|
1348
|
+
xp4VpX6+n6lXFllVcq9ok3DCsrp1mWpzMpTREEQQLt+C8weE5nQ7bXHiLQwb7iDV
|
|
1349
|
+
ySAdYyktzuxeTsiT+CFhmzTrBcZe7FsavOvJz82sNEBfsXpm7nfISKhmV1efVFiO
|
|
1350
|
+
DCu3T6cw2Vbuyntd463JT17lNecxy9qTXtyOj4DatpGYQJB5w3jHtrHEtWoYOAMQ
|
|
1351
|
+
jdjUN6QuBX2I9YI+EJFwq1WCQTLX2wRzKm6RAXwhTNS8rhsDdV14Ztk6MUSaM0C/
|
|
1352
|
+
CNdaSaTC5qmgZ92kJ7yhTzm1EVgX9yRcRo9k98FpiHaYdj1ZXUJ2h4mXaXpI8OCi
|
|
1353
|
+
EhtmmnTK3kse5w5jrubU75KSOp493ADkRSWJtppEGSt+wJS00mFt6zPZxd9LBADM
|
|
1354
|
+
fRyVw4/3IbKyEbe7f/LVjHAsQWCqsWMYRJUadmJ+9oCw++hkpjPRiQfhvbfmQ6QY
|
|
1355
|
+
uKZ3AeEPlAwhHbJUKSWJbOUOUlFHdL4mrLZBdd56rF+NP8m800ERElvlEFDrMcXK
|
|
1356
|
+
chYiCd98THU/Y+whX8QgUWtvsauGi0/C1kVfnSD8oR7FwI+isX4KJpn15GkvmB0t
|
|
1357
|
+
9dmpsh3lGwIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB
|
|
1358
|
+
hjAdBgNVHQ4EFgQU7NfjgtJxXWRM3y5nP+e6mK4cD08wDQYJKoZIhvcNAQEMBQAD
|
|
1359
|
+
ggIBALth2X2pbL4XxJEbw6GiAI3jZGgPVs93rnD5/ZpKmbnJeFwMDF/k5hQpVgs2
|
|
1360
|
+
SV1EY+CtnJYYZhsjDT156W1r1lT40jzBQ0CuHVD1UvyQO7uYmWlrx8GnqGikJ9yd
|
|
1361
|
+
+SeuMIW59mdNOj6PWTkiU0TryF0Dyu1Qen1iIQqAyHNm0aAFYF/opbSnr6j3bTWc
|
|
1362
|
+
fFqK1qI4mfN4i/RN0iAL3gTujJtHgXINwBQy7zBZLq7gcfJW5GqXb5JQbZaNaHqa
|
|
1363
|
+
sjYUegbyJLkJEVDXCLG4iXqEI2FCKeWjzaIgQdfRnGTZ6iahixTXTBmyUEFxPT9N
|
|
1364
|
+
cCOGDErcgdLMMpSEDQgJlxxPwO5rIHQw0uA5NBCFIRUBCOhVMt5xSdkoF1BN5r5N
|
|
1365
|
+
0XWs0Mr7QbhDparTwwVETyw2m+L64kW4I1NsBm9nVX9GtUw/bihaeSbSpKhil9Ie
|
|
1366
|
+
4u1Ki7wb/UdKDd9nZn6yW0HQO+T0O/QEY+nvwlQAUaCKKsnOeMzV6ocEGLPOr0mI
|
|
1367
|
+
r/OSmbaz5mEP0oUA51Aa5BuVnRmhuZyxm7EAHu/QD09CbMkKvO5D+jpxpchNJqU1
|
|
1368
|
+
/YldvIViHTLSoCtU7ZpXwdv6EM8Zt4tKG48BtieVU+i2iW1bvGjUI+iLUaJW+fCm
|
|
1369
|
+
gKDWHrO8Dw9TdSmq6hN35N6MgSGtBxBHEa2HPQfRdbzP82Z+
|
|
1370
|
+
-----END CERTIFICATE-----
|
|
1371
|
+
EOM
|
|
1372
|
+
hosts.each do |host|
|
|
1373
|
+
if host.platform=~ /solaris-11(\.2)?-(i386|sparc)/
|
|
1374
|
+
create_remote_file(host, "DigiCertTrustedRootG4.crt.pem", digicert)
|
|
1375
|
+
on(host, 'chmod a+r /root/DigiCertTrustedRootG4.crt.pem')
|
|
1376
|
+
on(host, 'cp -p /root/DigiCertTrustedRootG4.crt.pem /etc/certs/CA/')
|
|
1377
|
+
on(host, 'rm /root/DigiCertTrustedRootG4.crt.pem')
|
|
1378
|
+
on(host, '/usr/sbin/svcadm restart /system/ca-certificates')
|
|
1379
|
+
timeout = 60
|
|
1380
|
+
counter = 0
|
|
1381
|
+
while on(host, 'svcs -x ca-certificates').output !~ /State: online/ do
|
|
1382
|
+
raise 'ca-certificates services failed start up' if counter > timeout
|
|
1383
|
+
sleep 5
|
|
1384
|
+
counter = counter + 5
|
|
1385
|
+
end
|
|
1386
|
+
end
|
|
1387
|
+
end
|
|
1388
|
+
end
|
|
1389
|
+
|
|
1335
1390
|
# Builds the agent_only and not_agent_only arrays needed for installation.
|
|
1336
1391
|
#
|
|
1337
1392
|
# @param [Array<Host>] hosts hosts to split up into the arrays
|
|
@@ -2016,6 +2071,7 @@ module Beaker
|
|
|
2016
2071
|
# @param [Array] agent only nodes from Beaker hosts
|
|
2017
2072
|
# @param [Hash] opts The Beaker options hash
|
|
2018
2073
|
def install_agents_only_on(agent_nodes, opts)
|
|
2074
|
+
solaris_key_chain_fix
|
|
2019
2075
|
unless agent_nodes.empty?
|
|
2020
2076
|
configure_type_defaults_on(agent_nodes)
|
|
2021
2077
|
|
|
@@ -2029,7 +2085,15 @@ module Beaker
|
|
|
2029
2085
|
end
|
|
2030
2086
|
end
|
|
2031
2087
|
|
|
2032
|
-
|
|
2088
|
+
# pe_postgres node needs new gpg key
|
|
2089
|
+
if hosts.any? {|host| host['roles'].include?('pe_postgres')}
|
|
2090
|
+
gpg_key_overwrite(pe_postgres, 'pe_repo')
|
|
2091
|
+
end
|
|
2092
|
+
|
|
2093
|
+
# pe_repo needs updated with gpg key if sles/ubuntu/debian agent will be used
|
|
2094
|
+
if hosts.any? {|host| host['platform'] =~ /(sles)|(ubuntu)|(debian)/}
|
|
2095
|
+
gpg_key_overwrite(master, 'pe_repo')
|
|
2096
|
+
end
|
|
2033
2097
|
|
|
2034
2098
|
step "Install agents" do
|
|
2035
2099
|
block_on(agent_nodes, {:run_in_parallel => true}) do |host|
|
data/lib/beaker-pe/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: beaker-pe
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.11.
|
|
4
|
+
version: 2.11.17
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Puppetlabs
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2022-03-16 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rspec
|
|
@@ -249,6 +249,7 @@ extensions: []
|
|
|
249
249
|
extra_rdoc_files: []
|
|
250
250
|
files:
|
|
251
251
|
- ".github/dependabot.yml"
|
|
252
|
+
- ".github/workflows/snyk_merge.yaml"
|
|
252
253
|
- ".gitignore"
|
|
253
254
|
- ".rspec"
|
|
254
255
|
- ".simplecov"
|
|
@@ -307,7 +308,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
307
308
|
- !ruby/object:Gem::Version
|
|
308
309
|
version: '0'
|
|
309
310
|
requirements: []
|
|
310
|
-
rubygems_version: 3.0.
|
|
311
|
+
rubygems_version: 3.0.9
|
|
311
312
|
signing_key:
|
|
312
313
|
specification_version: 4
|
|
313
314
|
summary: Beaker PE DSL Helpers!
|