beaker-pe 2.11.15 → 2.11.18
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/workflows/snyk_merge.yaml +30 -0
- data/CODEOWNERS +1 -1
- data/lib/beaker-pe/install/pe_utils.rb +66 -4
- data/lib/beaker-pe/version.rb +1 -1
- data/spec/beaker-pe/install/pe_utils_spec.rb +4 -4
- metadata +4 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 1d1413bb33ad2872c13f73139d7c84890259cc831db06d0d34b93e98f3f86416
|
|
4
|
+
data.tar.gz: 945f17cf188d4a0eaf282da3db6e0a851397fcd177d74fc43c184a3e5418e9e6
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: f9214eb375767886803d62479a46a86d5dcce7531be74124bac6a3c3f352ab3e59fe67c2b22b77dc6414d959e02562c24eee88f7c208bfea996d1123f9367513
|
|
7
|
+
data.tar.gz: ca87fd01f4350efc2b5bf7438215b443ee06f2215ed2edbddf6d31f691bbdc22bf7ac85a3a55f31fa6351d58bffc9c250a8b7242220af82173b01e5f3d2dbc96
|
|
@@ -0,0 +1,30 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: Snyk Scan
|
|
3
|
+
on: push
|
|
4
|
+
|
|
5
|
+
# Note: if your workflow involves working from branches
|
|
6
|
+
# on the puppetlabs repos directly rather from a fork
|
|
7
|
+
# you will probably want to use the below for events to
|
|
8
|
+
# reduce the reporting noise.
|
|
9
|
+
# on:
|
|
10
|
+
# push:
|
|
11
|
+
# branches:
|
|
12
|
+
# - main
|
|
13
|
+
|
|
14
|
+
jobs:
|
|
15
|
+
security:
|
|
16
|
+
runs-on: ubuntu-latest
|
|
17
|
+
steps:
|
|
18
|
+
- uses: actions/checkout@master
|
|
19
|
+
- name: setup ruby
|
|
20
|
+
uses: ruby/setup-ruby@v1
|
|
21
|
+
with:
|
|
22
|
+
ruby-version: 2.7
|
|
23
|
+
- name: create lock
|
|
24
|
+
run: bundle lock
|
|
25
|
+
- name: Run Snyk to check for vulnerabilities
|
|
26
|
+
uses: snyk/actions/ruby@master
|
|
27
|
+
env:
|
|
28
|
+
SNYK_TOKEN: ${{ secrets.SNYK_FOSS_KEY }}
|
|
29
|
+
with:
|
|
30
|
+
command: monitor
|
data/CODEOWNERS
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
#This Repository is maintained by both the beaker, installer, and Night's Watch teams, depending on the location of the changes
|
|
2
|
-
* @puppetlabs/
|
|
2
|
+
* @puppetlabs/dio
|
|
3
3
|
/lib/beaker-pe/install @puppetlabs/installer-and-management
|
|
4
4
|
/lib/beaker-pe/pe-client-tools @puppetlabs/night-s-watch
|
|
5
5
|
/spec/beaker-pe/install @puppetlabs/installer-and-management
|
|
@@ -209,7 +209,7 @@ module Beaker
|
|
|
209
209
|
protocol_to_use = '[System.Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12'
|
|
210
210
|
end
|
|
211
211
|
|
|
212
|
-
cmd = %Q{powershell -c "cd #{host['working_dir']};#{protocol_to_use};#{cert_validator};\\$webClient = New-Object System.Net.WebClient;\\$webClient.DownloadFile('https://#{downloadhost}:8140/packages/current/install.ps1', '#{host['working_dir']}/install.ps1');#{host['working_dir']}/install.ps1 -verbose #{frictionless_install_opts.join(' ')}"}
|
|
212
|
+
cmd = %Q{powershell -NoProfile -NonInteractive -NoLogo -ExecutionPolicy Bypass -c "cd #{host['working_dir']};#{protocol_to_use};#{cert_validator};\\$webClient = New-Object System.Net.WebClient;\\$webClient.DownloadFile('https://#{downloadhost}:8140/packages/current/install.ps1', '#{host['working_dir']}/install.ps1');#{host['working_dir']}/install.ps1 -verbose #{frictionless_install_opts.join(' ')}"}
|
|
213
213
|
else
|
|
214
214
|
curl_opts = %w{-O}
|
|
215
215
|
if version_is_less(pe_version, '2019.1.0') || require_tlsv1?(host)
|
|
@@ -884,6 +884,7 @@ module Beaker
|
|
|
884
884
|
end
|
|
885
885
|
|
|
886
886
|
install_hosts.each do |host|
|
|
887
|
+
solaris_key_chain_fix
|
|
887
888
|
|
|
888
889
|
if agent_only_check_needed && hosts_agent_only.include?(host) || install_via_msi?(host)
|
|
889
890
|
host['type'] = 'aio'
|
|
@@ -1332,6 +1333,60 @@ module Beaker
|
|
|
1332
1333
|
answers
|
|
1333
1334
|
end
|
|
1334
1335
|
|
|
1336
|
+
# If installing older versions of solaris, make sure the DigiCert cert is added to the keychain
|
|
1337
|
+
def solaris_key_chain_fix
|
|
1338
|
+
digicert = <<-EOM
|
|
1339
|
+
-----BEGIN CERTIFICATE-----
|
|
1340
|
+
MIIFkDCCA3igAwIBAgIQBZsbV56OITLiOQe9p3d1XDANBgkqhkiG9w0BAQwFADBi
|
|
1341
|
+
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
|
|
1342
|
+
d3cuZGlnaWNlcnQuY29tMSEwHwYDVQQDExhEaWdpQ2VydCBUcnVzdGVkIFJvb3Qg
|
|
1343
|
+
RzQwHhcNMTMwODAxMTIwMDAwWhcNMzgwMTE1MTIwMDAwWjBiMQswCQYDVQQGEwJV
|
|
1344
|
+
UzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQu
|
|
1345
|
+
Y29tMSEwHwYDVQQDExhEaWdpQ2VydCBUcnVzdGVkIFJvb3QgRzQwggIiMA0GCSqG
|
|
1346
|
+
SIb3DQEBAQUAA4ICDwAwggIKAoICAQC/5pBzaN675F1KPDAiMGkz7MKnJS7JIT3y
|
|
1347
|
+
ithZwuEppz1Yq3aaza57G4QNxDAf8xukOBbrVsaXbR2rsnnyyhHS5F/WBTxSD1If
|
|
1348
|
+
xp4VpX6+n6lXFllVcq9ok3DCsrp1mWpzMpTREEQQLt+C8weE5nQ7bXHiLQwb7iDV
|
|
1349
|
+
ySAdYyktzuxeTsiT+CFhmzTrBcZe7FsavOvJz82sNEBfsXpm7nfISKhmV1efVFiO
|
|
1350
|
+
DCu3T6cw2Vbuyntd463JT17lNecxy9qTXtyOj4DatpGYQJB5w3jHtrHEtWoYOAMQ
|
|
1351
|
+
jdjUN6QuBX2I9YI+EJFwq1WCQTLX2wRzKm6RAXwhTNS8rhsDdV14Ztk6MUSaM0C/
|
|
1352
|
+
CNdaSaTC5qmgZ92kJ7yhTzm1EVgX9yRcRo9k98FpiHaYdj1ZXUJ2h4mXaXpI8OCi
|
|
1353
|
+
EhtmmnTK3kse5w5jrubU75KSOp493ADkRSWJtppEGSt+wJS00mFt6zPZxd9LBADM
|
|
1354
|
+
fRyVw4/3IbKyEbe7f/LVjHAsQWCqsWMYRJUadmJ+9oCw++hkpjPRiQfhvbfmQ6QY
|
|
1355
|
+
uKZ3AeEPlAwhHbJUKSWJbOUOUlFHdL4mrLZBdd56rF+NP8m800ERElvlEFDrMcXK
|
|
1356
|
+
chYiCd98THU/Y+whX8QgUWtvsauGi0/C1kVfnSD8oR7FwI+isX4KJpn15GkvmB0t
|
|
1357
|
+
9dmpsh3lGwIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB
|
|
1358
|
+
hjAdBgNVHQ4EFgQU7NfjgtJxXWRM3y5nP+e6mK4cD08wDQYJKoZIhvcNAQEMBQAD
|
|
1359
|
+
ggIBALth2X2pbL4XxJEbw6GiAI3jZGgPVs93rnD5/ZpKmbnJeFwMDF/k5hQpVgs2
|
|
1360
|
+
SV1EY+CtnJYYZhsjDT156W1r1lT40jzBQ0CuHVD1UvyQO7uYmWlrx8GnqGikJ9yd
|
|
1361
|
+
+SeuMIW59mdNOj6PWTkiU0TryF0Dyu1Qen1iIQqAyHNm0aAFYF/opbSnr6j3bTWc
|
|
1362
|
+
fFqK1qI4mfN4i/RN0iAL3gTujJtHgXINwBQy7zBZLq7gcfJW5GqXb5JQbZaNaHqa
|
|
1363
|
+
sjYUegbyJLkJEVDXCLG4iXqEI2FCKeWjzaIgQdfRnGTZ6iahixTXTBmyUEFxPT9N
|
|
1364
|
+
cCOGDErcgdLMMpSEDQgJlxxPwO5rIHQw0uA5NBCFIRUBCOhVMt5xSdkoF1BN5r5N
|
|
1365
|
+
0XWs0Mr7QbhDparTwwVETyw2m+L64kW4I1NsBm9nVX9GtUw/bihaeSbSpKhil9Ie
|
|
1366
|
+
4u1Ki7wb/UdKDd9nZn6yW0HQO+T0O/QEY+nvwlQAUaCKKsnOeMzV6ocEGLPOr0mI
|
|
1367
|
+
r/OSmbaz5mEP0oUA51Aa5BuVnRmhuZyxm7EAHu/QD09CbMkKvO5D+jpxpchNJqU1
|
|
1368
|
+
/YldvIViHTLSoCtU7ZpXwdv6EM8Zt4tKG48BtieVU+i2iW1bvGjUI+iLUaJW+fCm
|
|
1369
|
+
gKDWHrO8Dw9TdSmq6hN35N6MgSGtBxBHEa2HPQfRdbzP82Z+
|
|
1370
|
+
-----END CERTIFICATE-----
|
|
1371
|
+
EOM
|
|
1372
|
+
hosts.each do |host|
|
|
1373
|
+
if host.platform=~ /solaris-11(\.2)?-(i386|sparc)/
|
|
1374
|
+
create_remote_file(host, "DigiCertTrustedRootG4.crt.pem", digicert)
|
|
1375
|
+
on(host, 'chmod a+r /root/DigiCertTrustedRootG4.crt.pem')
|
|
1376
|
+
on(host, 'cp -p /root/DigiCertTrustedRootG4.crt.pem /etc/certs/CA/')
|
|
1377
|
+
on(host, 'rm /root/DigiCertTrustedRootG4.crt.pem')
|
|
1378
|
+
on(host, '/usr/sbin/svcadm restart /system/ca-certificates')
|
|
1379
|
+
timeout = 60
|
|
1380
|
+
counter = 0
|
|
1381
|
+
while on(host, 'svcs -x ca-certificates').output !~ /State: online/ do
|
|
1382
|
+
raise 'ca-certificates services failed start up' if counter > timeout
|
|
1383
|
+
sleep 5
|
|
1384
|
+
counter = counter + 5
|
|
1385
|
+
end
|
|
1386
|
+
end
|
|
1387
|
+
end
|
|
1388
|
+
end
|
|
1389
|
+
|
|
1335
1390
|
# Builds the agent_only and not_agent_only arrays needed for installation.
|
|
1336
1391
|
#
|
|
1337
1392
|
# @param [Array<Host>] hosts hosts to split up into the arrays
|
|
@@ -2016,6 +2071,7 @@ module Beaker
|
|
|
2016
2071
|
# @param [Array] agent only nodes from Beaker hosts
|
|
2017
2072
|
# @param [Hash] opts The Beaker options hash
|
|
2018
2073
|
def install_agents_only_on(agent_nodes, opts)
|
|
2074
|
+
solaris_key_chain_fix
|
|
2019
2075
|
unless agent_nodes.empty?
|
|
2020
2076
|
configure_type_defaults_on(agent_nodes)
|
|
2021
2077
|
|
|
@@ -2029,9 +2085,15 @@ module Beaker
|
|
|
2029
2085
|
end
|
|
2030
2086
|
end
|
|
2031
2087
|
|
|
2032
|
-
|
|
2033
|
-
|
|
2034
|
-
|
|
2088
|
+
# pe_postgres node needs new gpg key
|
|
2089
|
+
if hosts.any? {|host| host['roles'].include?('pe_postgres')}
|
|
2090
|
+
gpg_key_overwrite(pe_postgres, 'pe_repo')
|
|
2091
|
+
end
|
|
2092
|
+
|
|
2093
|
+
# pe_repo needs updated with gpg key if sles/ubuntu/debian agent will be used
|
|
2094
|
+
if hosts.any? {|host| host['platform'] =~ /(sles)|(ubuntu)|(debian)/}
|
|
2095
|
+
gpg_key_overwrite(master, 'pe_repo')
|
|
2096
|
+
end
|
|
2035
2097
|
|
|
2036
2098
|
step "Install agents" do
|
|
2037
2099
|
block_on(agent_nodes, {:run_in_parallel => true}) do |host|
|
data/lib/beaker-pe/version.rb
CHANGED
|
@@ -272,7 +272,7 @@ describe ClassMixedWithDSLInstallUtils do
|
|
|
272
272
|
it 'generates a PS1 frictionless install command for windows' do
|
|
273
273
|
host['platform'] = 'windows-2012-64'
|
|
274
274
|
protocol = ''
|
|
275
|
-
expecting = "powershell -c \"" +
|
|
275
|
+
expecting = "powershell -NoProfile -NonInteractive -NoLogo -ExecutionPolicy Bypass -c \"" +
|
|
276
276
|
[
|
|
277
277
|
"cd /tmp",
|
|
278
278
|
"#{protocol}",
|
|
@@ -290,7 +290,7 @@ describe ClassMixedWithDSLInstallUtils do
|
|
|
290
290
|
host['puppetpath'] = '/PuppetLabs/puppet/etc'
|
|
291
291
|
host['use_puppet_ca_cert'] = true
|
|
292
292
|
protocol = ''
|
|
293
|
-
expecting = "powershell -c \"" +
|
|
293
|
+
expecting = "powershell -NoProfile -NonInteractive -NoLogo -ExecutionPolicy Bypass -c \"" +
|
|
294
294
|
[
|
|
295
295
|
"cd /tmp",
|
|
296
296
|
"#{protocol}",
|
|
@@ -311,7 +311,7 @@ describe ClassMixedWithDSLInstallUtils do
|
|
|
311
311
|
it 'generates a PS1 frictionless install command for windows with Tls12 protocol' do
|
|
312
312
|
host['platform'] = 'windows-20012-64'
|
|
313
313
|
protocol = '[System.Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12'
|
|
314
|
-
expecting = "powershell -c \"" +
|
|
314
|
+
expecting = "powershell -NoProfile -NonInteractive -NoLogo -ExecutionPolicy Bypass -c \"" +
|
|
315
315
|
[
|
|
316
316
|
"cd /tmp",
|
|
317
317
|
"#{protocol}",
|
|
@@ -327,7 +327,7 @@ describe ClassMixedWithDSLInstallUtils do
|
|
|
327
327
|
it 'generates a PS1 frictionless install command for windows-2008 without Tls12 protocol' do
|
|
328
328
|
host['platform'] = 'windows-2008-64'
|
|
329
329
|
protocol = ''
|
|
330
|
-
expecting = "powershell -c \"" +
|
|
330
|
+
expecting = "powershell -NoProfile -NonInteractive -NoLogo -ExecutionPolicy Bypass -c \"" +
|
|
331
331
|
[
|
|
332
332
|
"cd /tmp",
|
|
333
333
|
"#{protocol}",
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: beaker-pe
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.11.
|
|
4
|
+
version: 2.11.18
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Puppetlabs
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2022-07-27 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rspec
|
|
@@ -249,6 +249,7 @@ extensions: []
|
|
|
249
249
|
extra_rdoc_files: []
|
|
250
250
|
files:
|
|
251
251
|
- ".github/dependabot.yml"
|
|
252
|
+
- ".github/workflows/snyk_merge.yaml"
|
|
252
253
|
- ".gitignore"
|
|
253
254
|
- ".rspec"
|
|
254
255
|
- ".simplecov"
|
|
@@ -307,7 +308,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
307
308
|
- !ruby/object:Gem::Version
|
|
308
309
|
version: '0'
|
|
309
310
|
requirements: []
|
|
310
|
-
rubygems_version: 3.0.
|
|
311
|
+
rubygems_version: 3.0.9
|
|
311
312
|
signing_key:
|
|
312
313
|
specification_version: 4
|
|
313
314
|
summary: Beaker PE DSL Helpers!
|