kitchen-puppet 1.45.3 → 1.46.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/kitchen-puppet.gemspec +1 -1
- data/lib/kitchen-puppet/version.rb +1 -1
- data/lib/kitchen/provisioner/puppet_apply.rb +61 -0
- data/provisioner_options.md +15 -4
- metadata +3 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: ef7e2c88b2f9768c5f94b3dda97a0c01ca6eee9b
|
4
|
+
data.tar.gz: 12fef1171a39194defd3d86904516ca2b7ff0bbf
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 6199b18e4a75c6e463902972c72906e89a166a05e53bfcd44cc7f3bd582823aec26ffb031576a81e53cc0e3b4079a29d5afdb8b262da43379357eb25db4faf5b
|
7
|
+
data.tar.gz: 093dbd817731157fe9852e78653c7af8af44fc0163312fddb9fb6b02c8d0a11e4c068d229c72bad815fd0f325dda19a1261a9ca37ad8a277df0cb444a1ecf443
|
data/kitchen-puppet.gemspec
CHANGED
@@ -29,7 +29,7 @@ Puppet Provisioner for Test Kitchen
|
|
29
29
|
|
30
30
|
== FEATURES:
|
31
31
|
|
32
|
-
Supports puppet apply, puppet agent, hiera, hiera-eyaml, custom facts, librarian-puppet, puppet collections (v4)
|
32
|
+
Supports puppet apply, puppet agent, hiera, hiera-eyaml, hiera-eyaml-gpg, custom facts, librarian-puppet, puppet collections (v4)
|
33
33
|
|
34
34
|
EOF
|
35
35
|
end
|
@@ -153,6 +153,12 @@ module Kitchen
|
|
153
153
|
default_config :hiera_eyaml, false
|
154
154
|
default_config :hiera_eyaml_key_remote_path, '/etc/puppet/secure/keys'
|
155
155
|
|
156
|
+
default_config :hiera_eyaml_gpg, false
|
157
|
+
default_config :hiera_eyaml_gpg_recipients, false
|
158
|
+
default_config :hiera_eyaml_gpg_secring, false
|
159
|
+
default_config :hiera_eyaml_gpg_pubring, false
|
160
|
+
default_config :hiera_eyaml_gpg_remote_path, '/home/vagrant/.gnupg'
|
161
|
+
|
156
162
|
default_config :hiera_eyaml_key_path do |provisioner|
|
157
163
|
provisioner.calculate_path('hiera_keys')
|
158
164
|
end
|
@@ -199,6 +205,7 @@ module Kitchen
|
|
199
205
|
#{install_hiera}
|
200
206
|
fi
|
201
207
|
#{install_eyaml}
|
208
|
+
#{install_eyaml_gpg}
|
202
209
|
#{install_deep_merge}
|
203
210
|
#{install_busser}
|
204
211
|
#{custom_install_command}
|
@@ -213,6 +220,7 @@ module Kitchen
|
|
213
220
|
#{install_puppet_yum_repo}
|
214
221
|
fi
|
215
222
|
#{install_eyaml}
|
223
|
+
#{install_eyaml_gpg}
|
216
224
|
#{install_deep_merge}
|
217
225
|
#{install_busser}
|
218
226
|
#{custom_install_command}
|
@@ -260,6 +268,7 @@ module Kitchen
|
|
260
268
|
fi
|
261
269
|
fi
|
262
270
|
#{install_eyaml}
|
271
|
+
#{install_eyaml_gpg}
|
263
272
|
#{install_deep_merge}
|
264
273
|
#{install_busser}
|
265
274
|
#{custom_install_command}
|
@@ -287,6 +296,7 @@ module Kitchen
|
|
287
296
|
#{sudo_env('apt-get')} -y install puppet-agent#{puppet_debian_version}
|
288
297
|
fi
|
289
298
|
#{install_eyaml("#{config[:puppet_coll_remote_path]}/puppet/bin/gem")}
|
299
|
+
#{install_eyaml_gpg("#{config[:puppet_coll_remote_path]}/puppet/bin/gem")}
|
290
300
|
#{install_deep_merge}
|
291
301
|
#{install_busser}
|
292
302
|
#{custom_install_command}
|
@@ -302,6 +312,7 @@ module Kitchen
|
|
302
312
|
#{sudo_env('yum')} -y install puppet-agent#{puppet_redhat_version}
|
303
313
|
fi
|
304
314
|
#{install_eyaml("#{config[:puppet_coll_remote_path]}/puppet/bin/gem")}
|
315
|
+
#{install_eyaml_gpg("#{config[:puppet_coll_remote_path]}/puppet/bin/gem")}
|
305
316
|
#{install_deep_merge}
|
306
317
|
#{install_busser}
|
307
318
|
#{custom_install_command}
|
@@ -345,6 +356,7 @@ module Kitchen
|
|
345
356
|
fi
|
346
357
|
fi
|
347
358
|
#{install_eyaml("#{config[:puppet_coll_remote_path]}/puppet/bin/gem")}
|
359
|
+
#{install_eyaml_gpg("#{config[:puppet_coll_remote_path]}/puppet/bin/gem")}
|
348
360
|
#{install_deep_merge}
|
349
361
|
#{install_busser}
|
350
362
|
#{custom_install_command}
|
@@ -375,6 +387,20 @@ module Kitchen
|
|
375
387
|
INSTALL
|
376
388
|
end
|
377
389
|
|
390
|
+
def install_eyaml_gpg(gem_cmd = 'gem')
|
391
|
+
return unless config[:hiera_eyaml_gpg]
|
392
|
+
<<-INSTALL
|
393
|
+
# A backend for Hiera that provides per-value asymmetric encryption of sensitive data
|
394
|
+
if [[ $(#{sudo(gem_cmd)} list hiera-eyaml-gpg -i) == 'false' ]]; then
|
395
|
+
echo '-----> Installing hiera-eyaml-gpg to provide encryption of hiera data'
|
396
|
+
#{sudo(gem_cmd)} install #{gem_proxy_parm} --no-ri --no-rdoc highline -v 1.6.21
|
397
|
+
#{sudo(gem_cmd)} install #{gem_proxy_parm} --no-ri --no-rdoc hiera-eyaml
|
398
|
+
#{sudo(gem_cmd)} install #{gem_proxy_parm} --no-ri --no-rdoc hiera-eyaml-gpg
|
399
|
+
#{sudo(gem_cmd)} install #{gem_proxy_parm} --no-ri --no-rdoc ruby_gpg
|
400
|
+
fi
|
401
|
+
INSTALL
|
402
|
+
end
|
403
|
+
|
378
404
|
def install_busser
|
379
405
|
return unless config[:require_chef_for_busser]
|
380
406
|
info("Install busser on #{puppet_platform}")
|
@@ -601,6 +627,21 @@ module Kitchen
|
|
601
627
|
].join(' ')
|
602
628
|
end
|
603
629
|
|
630
|
+
if hiera_eyaml_gpg
|
631
|
+
commands << [
|
632
|
+
sudo('mkdir -p'), hiera_eyaml_gpg_remote_path
|
633
|
+
].join(' ')
|
634
|
+
commands << [
|
635
|
+
sudo('cp -r'), File.join(config[:root_path], hiera_eyaml_gpg_recipients), hiera_eyaml_gpg_remote_path
|
636
|
+
].join(' ')
|
637
|
+
commands << [
|
638
|
+
sudo('cp -r'), File.join(config[:root_path], hiera_eyaml_gpg_secring), hiera_eyaml_gpg_remote_path
|
639
|
+
].join(' ')
|
640
|
+
commands << [
|
641
|
+
sudo('cp -r'), File.join(config[:root_path], hiera_eyaml_gpg_pubring), hiera_eyaml_gpg_remote_path
|
642
|
+
].join(' ')
|
643
|
+
end
|
644
|
+
|
604
645
|
if puppet_environment
|
605
646
|
commands << [
|
606
647
|
sudo('ln -s '), config[:root_path], File.join(puppet_dir, config[:puppet_environment])
|
@@ -742,6 +783,26 @@ module Kitchen
|
|
742
783
|
config[:hiera_eyaml]
|
743
784
|
end
|
744
785
|
|
786
|
+
def hiera_eyaml_gpg
|
787
|
+
config[:hiera_eyaml_gpg]
|
788
|
+
end
|
789
|
+
|
790
|
+
def hiera_eyaml_gpg_recipients
|
791
|
+
config[:hiera_eyaml_gpg_recipients]
|
792
|
+
end
|
793
|
+
|
794
|
+
def hiera_eyaml_gpg_secring
|
795
|
+
config[:hiera_eyaml_gpg_secring]
|
796
|
+
end
|
797
|
+
|
798
|
+
def hiera_eyaml_gpg_pubring
|
799
|
+
config[:hiera_eyaml_gpg_pubring]
|
800
|
+
end
|
801
|
+
|
802
|
+
def hiera_eyaml_gpg_remote_path
|
803
|
+
config[:hiera_eyaml_gpg_remote_path]
|
804
|
+
end
|
805
|
+
|
745
806
|
def hiera_eyaml_key_path
|
746
807
|
config[:hiera_eyaml_key_path]
|
747
808
|
end
|
data/provisioner_options.md
CHANGED
@@ -43,6 +43,10 @@ hiera_data_path | | puppet repo hiera data directory
|
|
43
43
|
hiera_data_remote_path | "/var/lib/hiera" | Hiera data directory on server
|
44
44
|
hiera_deep_merge | false | install the deep_merge gem to support hiera deep merge mode
|
45
45
|
hiera_eyaml | false | use hiera-eyaml to encrypt hiera data
|
46
|
+
hiera_eyaml_gpg | false | use GPG encryption backend for hiera-eyaml
|
47
|
+
hiera_eyaml_gpg_recipients | false | recipients eg ehiera/hiera-eyaml-gpg.recipients
|
48
|
+
hiera_eyaml_gpg_secring | false | eg hiera/secring.gpg
|
49
|
+
hiera_eyaml_gpg_pubring | false | eg hiera/pubring.gpg
|
46
50
|
hiera_eyaml_key_remote_path | "/etc/puppet/secure/keys" | directory of hiera-eyaml keys on server
|
47
51
|
hiera_eyaml_key_path | "hiera_keys" | directory of hiera-eyaml keys on workstation
|
48
52
|
hiera_package | 'hiera-puppet' | Only used if `install_hiera` is set
|
@@ -56,7 +60,7 @@ install_hiera | false | Installs `hiera-puppet` package. Not needed for puppet >
|
|
56
60
|
librarian_puppet_ssl_file | nil | ssl certificate file for librarian-puppet
|
57
61
|
manifest | 'site.pp' | manifest for puppet apply to run
|
58
62
|
manifests_path | | puppet repo manifests directory
|
59
|
-
max_retries| 1 | maximum number of retry attempts of converge command
|
63
|
+
max_retries| 1 | maximum number of retry attempts of converge command
|
60
64
|
modules_path | | puppet repo manifests directory. Can be multiple directories separated by colons and then they will be merged
|
61
65
|
platform | platform_name kitchen.yml parameter | OS platform of server
|
62
66
|
puppet_apply_command | nil | Overwrite the puppet apply command. Needs "sudo -E puppet apply" as a prefix.
|
@@ -93,7 +97,7 @@ require_puppet_repo | true | Set if using a puppet install from yum or apt repo
|
|
93
97
|
resolve_with_librarian_puppet | true | Use librarian_puppet to resolve modules if a Puppetfile is found
|
94
98
|
retry_on_exit_code| [] | Array of exit codes to retry converge command against
|
95
99
|
update_package_repos| true| update OS repository metadata
|
96
|
-
wait_for_retry| 30 | number of seconds to wait before retrying converge command
|
100
|
+
wait_for_retry| 30 | number of seconds to wait before retrying converge command
|
97
101
|
|
98
102
|
## Puppet Apply Configuring Provisioner Options
|
99
103
|
|
@@ -176,6 +180,13 @@ no idea why Puppet versioned their repository with a trailing
|
|
176
180
|
"-1puppetlabs1", but there it is.
|
177
181
|
|
178
182
|
|
183
|
+
### eyaml
|
184
|
+
|
185
|
+
See https://puppet.com/blog/encrypt-your-data-using-hiera-eyaml
|
186
|
+
|
187
|
+
See https://blog.benroberts.net/2014/12/setting-up-hiera-eyaml-gpg for using GPG backend allowing secrets to be protected using asymmetric keys.
|
188
|
+
|
189
|
+
|
179
190
|
# Puppet Agent Provisioner Options
|
180
191
|
|
181
192
|
key | default value | Notes
|
@@ -296,11 +307,11 @@ Beware: kitchen-shell-verifier is not yet merged into test-kitchen upstream so u
|
|
296
307
|
|
297
308
|
## Checking puppet apply success (with puppet_detailed_exitcodes)
|
298
309
|
|
299
|
-
If you do not enable puppet_detailed_exitcodes, the provisioner only failes if the manifest can not be compiled. If the manifest contains errors (some manifests can not be executed) puppet will return exit 0 and thus the provisioner will be successfull, altought your catalog has not been fully applied. Probably this is not what you want.
|
310
|
+
If you do not enable puppet_detailed_exitcodes, the provisioner only failes if the manifest can not be compiled. If the manifest contains errors (some manifests can not be executed) puppet will return exit 0 and thus the provisioner will be successfull, altought your catalog has not been fully applied. Probably this is not what you want.
|
300
311
|
|
301
312
|
When you enable `puppet_detailed_exitcodes`, you can specify the error conditions to check for with `puppet_whitelist_exit_code` also, otherwise the provisioner will fail altought everything is fine (and changes have been made).
|
302
313
|
|
303
|
-
Puppet will return with one of the following codes (see https://docs.puppet.com/puppet/latest/man/agent.html) when `puppet_detailed_exitcodes` is true:
|
314
|
+
Puppet will return with one of the following codes (see https://docs.puppet.com/puppet/latest/man/agent.html) when `puppet_detailed_exitcodes` is true:
|
304
315
|
|
305
316
|
* 0: The run succeeded with no changes or failures; the system was already in the desired state.
|
306
317
|
* 1: The run failed, or wasn't attempted due to another run already in progress.
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: kitchen-puppet
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.46.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Neill Turner
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2016-12-
|
11
|
+
date: 2016-12-29 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: test-kitchen
|
@@ -45,7 +45,7 @@ description: |+
|
|
45
45
|
|
46
46
|
== FEATURES:
|
47
47
|
|
48
|
-
Supports puppet apply, puppet agent, hiera, hiera-eyaml, custom facts, librarian-puppet, puppet collections (v4)
|
48
|
+
Supports puppet apply, puppet agent, hiera, hiera-eyaml, hiera-eyaml-gpg, custom facts, librarian-puppet, puppet collections (v4)
|
49
49
|
|
50
50
|
email:
|
51
51
|
- neillwturner@gmail.com
|