beaker-puppet 1.3.0 → 1.4.0
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 7e8e07f8616629904fa0d1a0dafb32f81c9c3c68
|
|
4
|
+
data.tar.gz: 027a86d8fa7512e09769d3c3baadc70d6a52664b
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 5350380ad4d9901b7a18b7174e9e7ca04494d46ad5148605a349f72016a1bec17a15a56cf75a47a02fe31c26ea024584cb171792585d64a5bb0ec4863c0ca54b
|
|
7
|
+
data.tar.gz: a30b47610782db0029b33f8514271ca8af9e07785d3436f4bcd0681e0b162a2440e3700d52110b293557052a78c2fc72b0e494620fd778d72abd708845c0aaaa
|
|
@@ -14,7 +14,7 @@ module Beaker
|
|
|
14
14
|
# the file specified by path. The returned mode is an integer
|
|
15
15
|
# value containing only the file mode, excluding the type, e.g
|
|
16
16
|
# S_IFDIR 0040000
|
|
17
|
-
def
|
|
17
|
+
def beaker_stat(host, path)
|
|
18
18
|
ruby = ruby_command(host)
|
|
19
19
|
owner = on(host, "#{ruby} -e 'require \"etc\"; puts (Etc.getpwuid(File.stat(\"#{path}\").uid).name)'").stdout.chomp
|
|
20
20
|
group = on(host, "#{ruby} -e 'require \"etc\"; puts (Etc.getgrgid(File.stat(\"#{path}\").gid).name)'").stdout.chomp
|
|
@@ -24,7 +24,7 @@ module Beaker
|
|
|
24
24
|
end
|
|
25
25
|
|
|
26
26
|
def assert_ownership_permissions(host, location, expected_user, expected_group, expected_permissions)
|
|
27
|
-
permissions =
|
|
27
|
+
permissions = beaker_stat(host, location)
|
|
28
28
|
assert_equal(expected_user, permissions[0], "Owner #{permissions[0]} does not match expected #{expected_user}")
|
|
29
29
|
assert_equal(expected_group, permissions[1], "Group #{permissions[1]} does not match expected #{expected_group}")
|
|
30
30
|
assert_equal(expected_permissions, permissions[2], "Permissions #{permissions[2]} does not match expected #{expected_permissions}")
|
|
@@ -180,10 +180,15 @@ module Beaker
|
|
|
180
180
|
end
|
|
181
181
|
end
|
|
182
182
|
|
|
183
|
-
puppetserver_opts = {
|
|
184
|
-
"
|
|
185
|
-
|
|
186
|
-
|
|
183
|
+
puppetserver_opts = {
|
|
184
|
+
"jruby-puppet" => {
|
|
185
|
+
"master-conf-dir" => confdir,
|
|
186
|
+
"master-var-dir" => vardir,
|
|
187
|
+
},
|
|
188
|
+
"certificate-authority" => {
|
|
189
|
+
"allow-subject-alt-names" => true
|
|
190
|
+
}
|
|
191
|
+
}
|
|
187
192
|
|
|
188
193
|
puppetserver_conf = File.join("#{host['puppetserver-confdir']}", "puppetserver.conf")
|
|
189
194
|
modify_tk_config(host, puppetserver_conf, puppetserver_opts)
|
|
@@ -817,29 +822,37 @@ module Beaker
|
|
|
817
822
|
# @param [Host, Array<Host>, String, Symbol] host One or more hosts, or a role (String or Symbol)
|
|
818
823
|
# that identifies one or more hosts to validate certificate signing.
|
|
819
824
|
# No argument, or an empty array means no validation of success
|
|
820
|
-
# for specific hosts will be performed.
|
|
821
|
-
# 'cert --sign --all --allow-dns-alt-names' even for a single host.
|
|
822
|
-
#
|
|
825
|
+
# for specific hosts will be performed.
|
|
823
826
|
# @return nil
|
|
824
827
|
# @raise [FailTest] if process times out
|
|
825
828
|
def sign_certificate_for(host = [])
|
|
826
829
|
hostnames = []
|
|
827
830
|
hosts = host.is_a?(Array) ? host : [host]
|
|
831
|
+
puppet_version = on(master, puppet('--version'))
|
|
828
832
|
hosts.each{ |current_host|
|
|
829
833
|
if [master, dashboard, database].include? current_host
|
|
830
|
-
|
|
831
834
|
on current_host, puppet( 'agent -t' ), :acceptable_exit_codes => [0,1,2]
|
|
832
|
-
on master, puppet( "cert --allow-dns-alt-names sign #{current_host}" ), :acceptable_exit_codes => [0,24]
|
|
833
835
|
|
|
836
|
+
if version_is_less(puppet_version, '5.99')
|
|
837
|
+
on master, puppet("cert --allow-dns-alt-names sign #{current_host}" ), :acceptable_exit_codes => [0,24]
|
|
838
|
+
else
|
|
839
|
+
on master, "puppetserver ca sign --certname #{current_host}"
|
|
840
|
+
end
|
|
834
841
|
else
|
|
835
842
|
hostnames << Regexp.escape( current_host.node_name )
|
|
836
843
|
end
|
|
837
844
|
}
|
|
845
|
+
|
|
838
846
|
if hostnames.size < 1
|
|
839
|
-
|
|
847
|
+
if version_is_less(puppet_version, '5.99')
|
|
848
|
+
on master, puppet("cert --sign --all --allow-dns-alt-names"),
|
|
840
849
|
:acceptable_exit_codes => [0,24]
|
|
850
|
+
else
|
|
851
|
+
on master, 'puppetserver ca sign --all', :acceptable_exit_codes => [0, 24]
|
|
852
|
+
end
|
|
841
853
|
return
|
|
842
854
|
end
|
|
855
|
+
|
|
843
856
|
while hostnames.size > 0
|
|
844
857
|
last_sleep = 0
|
|
845
858
|
next_sleep = 1
|
|
@@ -848,11 +861,21 @@ module Beaker
|
|
|
848
861
|
fail_test("Failed to sign cert for #{hostnames}")
|
|
849
862
|
hostnames.clear
|
|
850
863
|
end
|
|
851
|
-
|
|
852
|
-
|
|
853
|
-
|
|
854
|
-
|
|
855
|
-
|
|
864
|
+
|
|
865
|
+
if version_is_less(puppet_version, '5.99')
|
|
866
|
+
on master, puppet("cert --sign --all --allow-dns-alt-names"), :acceptable_exit_codes => [0,24]
|
|
867
|
+
out = on(master, puppet("cert --list --all")).stdout
|
|
868
|
+
if hostnames.all? { |hostname| out =~ /\+ "?#{hostname}"?/ }
|
|
869
|
+
hostnames.clear
|
|
870
|
+
break
|
|
871
|
+
end
|
|
872
|
+
else
|
|
873
|
+
on master, 'puppetserver ca sign --all', :acceptable_exit_codes => [0, 24]
|
|
874
|
+
out = on(master, 'puppetserver ca list --all').stdout
|
|
875
|
+
unless out =~ /.*Requested.*/
|
|
876
|
+
hostnames.clear
|
|
877
|
+
break
|
|
878
|
+
end
|
|
856
879
|
end
|
|
857
880
|
|
|
858
881
|
sleep next_sleep
|
|
@@ -2,6 +2,7 @@ test_name "Validate Sign Cert" do
|
|
|
2
2
|
skip_test 'not testing with puppetserver' unless @options['is_puppetserver']
|
|
3
3
|
hostname = on(master, 'facter hostname').stdout.strip
|
|
4
4
|
fqdn = on(master, 'facter fqdn').stdout.strip
|
|
5
|
+
puppet_version = on(master, puppet("--version")).stdout
|
|
5
6
|
|
|
6
7
|
if master.use_service_scripts?
|
|
7
8
|
step "Ensure puppet is stopped"
|
|
@@ -24,7 +25,11 @@ test_name "Validate Sign Cert" do
|
|
|
24
25
|
:dns_alt_names => "puppet,#{hostname},#{fqdn}",
|
|
25
26
|
},
|
|
26
27
|
}
|
|
27
|
-
|
|
28
|
+
|
|
29
|
+
# In Puppet 6, we want to be using an intermediate CA
|
|
30
|
+
unless version_is_less(puppet_version, "5.99")
|
|
31
|
+
on master, 'puppetserver ca setup'
|
|
32
|
+
end
|
|
28
33
|
with_puppet_running_on(master, master_opts) do
|
|
29
34
|
agents.each do |agent|
|
|
30
35
|
next if agent == master
|
|
@@ -35,7 +40,11 @@ test_name "Validate Sign Cert" do
|
|
|
35
40
|
|
|
36
41
|
# Sign all waiting agent certs
|
|
37
42
|
step "Server: sign all agent certs"
|
|
38
|
-
|
|
43
|
+
if version_is_less(puppet_version, "5.99")
|
|
44
|
+
on master, puppet("cert sign --all"), :acceptable_exit_codes => [0, 24]
|
|
45
|
+
else
|
|
46
|
+
on master, 'puppetserver ca sign --all', :acceptable_exit_codes => [0, 24]
|
|
47
|
+
end
|
|
39
48
|
|
|
40
49
|
step "Agents: Run agent --test second time to obtain signed cert"
|
|
41
50
|
on agents, puppet("agent --test --server #{master}"), :acceptable_exit_codes => [0,2]
|
|
@@ -648,7 +648,7 @@ describe ClassMixedWithDSLHelpers do
|
|
|
648
648
|
end
|
|
649
649
|
end
|
|
650
650
|
|
|
651
|
-
it 'signs certs' do
|
|
651
|
+
it 'signs certs with `puppetserver ca` in Puppet 6' do
|
|
652
652
|
allow( subject ).to receive( :sleep ).and_return( true )
|
|
653
653
|
|
|
654
654
|
result.stdout = "+ \"#{agent}\""
|
|
@@ -657,8 +657,25 @@ describe ClassMixedWithDSLHelpers do
|
|
|
657
657
|
arg
|
|
658
658
|
end
|
|
659
659
|
|
|
660
|
-
expect( subject ).to receive( :on ).with( master,
|
|
661
|
-
expect( subject ).to receive( :on ).with( master,
|
|
660
|
+
expect( subject ).to receive( :on ).with( master, '--version').once.and_return("6.0.0")
|
|
661
|
+
expect( subject ).to receive( :on ).with( master, 'puppetserver ca sign --all', :acceptable_exit_codes => [0, 24]).once
|
|
662
|
+
expect( subject ).to receive( :on ).with( master, 'puppetserver ca list --all').once.and_return( result )
|
|
663
|
+
|
|
664
|
+
subject.sign_certificate_for( agent )
|
|
665
|
+
end
|
|
666
|
+
|
|
667
|
+
it 'signs certs with `puppet cert` in Puppet 5' do
|
|
668
|
+
allow( subject ).to receive( :sleep ).and_return( true )
|
|
669
|
+
|
|
670
|
+
result.stdout = "+ \"#{agent}\""
|
|
671
|
+
|
|
672
|
+
allow( subject ).to receive( :puppet ) do |arg|
|
|
673
|
+
arg
|
|
674
|
+
end
|
|
675
|
+
|
|
676
|
+
expect( subject ).to receive( :on ).with( master, '--version').once.and_return("5.0.0")
|
|
677
|
+
expect( subject ).to receive( :on ).with( master, 'cert --sign --all --allow-dns-alt-names', :acceptable_exit_codes => [0, 24]).once
|
|
678
|
+
expect( subject ).to receive( :on ).with( master, 'cert --list --all').once.and_return( result )
|
|
662
679
|
|
|
663
680
|
subject.sign_certificate_for( agent )
|
|
664
681
|
end
|
|
@@ -666,15 +683,16 @@ describe ClassMixedWithDSLHelpers do
|
|
|
666
683
|
it 'retries 11 times before quitting' do
|
|
667
684
|
allow( subject ).to receive( :sleep ).and_return( true )
|
|
668
685
|
|
|
669
|
-
result.stdout = " \"#{agent}\""
|
|
686
|
+
result.stdout = "Requested Certificates: \"#{agent}\""
|
|
670
687
|
allow( subject ).to receive( :hosts ).and_return( hosts )
|
|
671
688
|
|
|
672
689
|
allow( subject ).to receive( :puppet ) do |arg|
|
|
673
690
|
arg
|
|
674
691
|
end
|
|
675
692
|
|
|
676
|
-
expect( subject ).to receive( :on ).with( master, "
|
|
677
|
-
expect( subject ).to receive( :on ).with( master,
|
|
693
|
+
expect( subject ).to receive( :on ).with( master, "--version").once.and_return("6.0.0")
|
|
694
|
+
expect( subject ).to receive( :on ).with( master, 'puppetserver ca sign --all', :acceptable_exit_codes => [0, 24]).exactly( 11 ).times
|
|
695
|
+
expect( subject ).to receive( :on ).with( master, 'puppetserver ca list --all').exactly( 11 ).times.and_return( result )
|
|
678
696
|
expect( subject ).to receive( :fail_test ).once
|
|
679
697
|
|
|
680
698
|
subject.sign_certificate_for( agent )
|
|
@@ -690,9 +708,10 @@ describe ClassMixedWithDSLHelpers do
|
|
|
690
708
|
arg
|
|
691
709
|
end
|
|
692
710
|
expect( subject ).to receive( :on ).with( master, "agent -t", :acceptable_exit_codes => [0, 1, 2]).once
|
|
693
|
-
expect( subject ).to receive( :on ).with( master, "
|
|
694
|
-
expect( subject ).to receive( :on ).with( master, "
|
|
695
|
-
expect( subject ).to receive( :on ).with( master, "
|
|
711
|
+
expect( subject ).to receive( :on ).with( master, "--version").once.and_return("6.0.0")
|
|
712
|
+
expect( subject ).to receive( :on ).with( master, "puppetserver ca sign --certname master").once
|
|
713
|
+
expect( subject ).to receive( :on ).with( master, "puppetserver ca sign --all", :acceptable_exit_codes => [0, 24]).once
|
|
714
|
+
expect( subject ).to receive( :on ).with( master, "puppetserver ca list --all").once.and_return( result )
|
|
696
715
|
|
|
697
716
|
subject.sign_certificate_for( [master, agent, custom] )
|
|
698
717
|
end
|
|
@@ -794,15 +813,27 @@ describe ClassMixedWithDSLHelpers do
|
|
|
794
813
|
let(:conf_opts) { {:__commandline_args__ => command_line_args,
|
|
795
814
|
:is_puppetserver => true}}
|
|
796
815
|
|
|
797
|
-
let(:default_puppetserver_opts) {
|
|
798
|
-
"
|
|
799
|
-
|
|
800
|
-
|
|
801
|
-
|
|
802
|
-
|
|
803
|
-
|
|
804
|
-
|
|
805
|
-
|
|
816
|
+
let(:default_puppetserver_opts) {
|
|
817
|
+
{ "jruby-puppet" => {
|
|
818
|
+
"master-conf-dir" => default_confdir,
|
|
819
|
+
"master-var-dir" => default_vardir,
|
|
820
|
+
},
|
|
821
|
+
"certificate-authority" => {
|
|
822
|
+
"allow-subject-alt-names" => true,
|
|
823
|
+
}
|
|
824
|
+
}
|
|
825
|
+
}
|
|
826
|
+
|
|
827
|
+
let(:custom_puppetserver_opts) {
|
|
828
|
+
{ "jruby-puppet" => {
|
|
829
|
+
"master-conf-dir" => custom_confdir,
|
|
830
|
+
"master-var-dir" => custom_vardir,
|
|
831
|
+
},
|
|
832
|
+
"certificate-authority" => {
|
|
833
|
+
"allow-subject-alt-names" => true,
|
|
834
|
+
}
|
|
835
|
+
}
|
|
836
|
+
}
|
|
806
837
|
|
|
807
838
|
let(:puppetserver_conf) { "/etc/puppetserver/conf.d/puppetserver.conf" }
|
|
808
839
|
let(:logger) { double }
|
|
@@ -823,8 +854,8 @@ describe ClassMixedWithDSLHelpers do
|
|
|
823
854
|
|
|
824
855
|
before do
|
|
825
856
|
stub_post_setup
|
|
826
|
-
allow( subject ).to receive(
|
|
827
|
-
allow( subject ).to receive(
|
|
857
|
+
allow( subject ).to receive(:options).and_return({:is_puppetserver => true})
|
|
858
|
+
allow( subject ).to receive(:modify_tk_config)
|
|
828
859
|
allow( subject ).to receive(:puppet_config).with(host, 'confdir', anything).and_return(default_confdir)
|
|
829
860
|
allow( subject ).to receive(:puppet_config).with(host, 'vardir', anything).and_return(default_vardir)
|
|
830
861
|
allow( subject ).to receive(:puppet_config).with(host, 'config', anything).and_return("#{default_confdir}/puppet.conf")
|
|
@@ -834,7 +865,7 @@ describe ClassMixedWithDSLHelpers do
|
|
|
834
865
|
it 'checks the option for the host object' do
|
|
835
866
|
allow( subject ).to receive( :options) .and_return( {:is_puppetserver => false})
|
|
836
867
|
host[:is_puppetserver] = true
|
|
837
|
-
expect(
|
|
868
|
+
expect(subject).to receive(:modify_tk_config)
|
|
838
869
|
subject.with_puppet_running_on(host, conf_opts)
|
|
839
870
|
end
|
|
840
871
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: beaker-puppet
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.4.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Puppet
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2018-09-
|
|
11
|
+
date: 2018-09-13 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rspec
|