onceover 3.18.0 → 3.20.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.gitattributes +2 -0
- data/.github/workflows/tests.yaml +40 -0
- data/.rubocop.yml +20 -2
- data/Gemfile +0 -13
- data/README.md +275 -113
- data/Rakefile +23 -6
- data/factsets/CentOS-8.3.2011-64.json +485 -0
- data/factsets/Debian-10.4-64.json +476 -0
- data/factsets/Debian-8.11-64.json +480 -0
- data/factsets/Debian-9.12-64.json +476 -0
- data/factsets/Ubuntu-20.04-64.json +504 -0
- data/factsets/Windows_Server-2008r2-64.json +184 -184
- data/factsets/Windows_Server-2012r2-64.json +165 -165
- data/factsets/windows-10-64.json +104 -104
- data/features/cache.feature +1 -1
- data/features/factsets.feature +33 -4
- data/features/step_definitions/cache.rb +4 -4
- data/features/step_definitions/common.rb +44 -10
- data/features/step_definitions/init.rb +2 -2
- data/features/windows.feature +5 -0
- data/features/zzz_run.feature +22 -3
- data/lib/onceover/controlrepo.rb +25 -16
- data/lib/onceover/deploy.rb +3 -1
- data/lib/onceover/group.rb +3 -1
- data/lib/onceover/node.rb +19 -2
- data/lib/onceover/rspec/formatters.rb +6 -1
- data/lib/onceover/runner.rb +5 -4
- data/lib/onceover/test.rb +3 -2
- data/lib/onceover/testconfig.rb +14 -5
- data/onceover.gemspec +5 -2
- data/spec/fixtures/controlrepos/basic/manifests_alternate/site.pp +2 -0
- data/spec/fixtures/controlrepos/caching/Puppetfile +17 -17
- data/spec/fixtures/controlrepos/caching/manifests/site.pp +1 -0
- data/spec/fixtures/controlrepos/caching/spec/factsets/Debian-10-facter-4.json +1091 -0
- data/spec/fixtures/controlrepos/caching/spec/onceover.yaml +13 -12
- data/spec/fixtures/controlrepos/custom_puppetfile/Puppetfile.custom +3 -0
- data/spec/fixtures/controlrepos/custom_puppetfile/environment.conf +7 -0
- data/spec/fixtures/controlrepos/factsets/site/role/manifests/trusted_extensions.pp +6 -0
- data/spec/fixtures/controlrepos/factsets/site/role/manifests/trusted_external.pp +6 -0
- data/spec/fixtures/controlrepos/factsets/spec/factsets/README.md +7 -0
- data/spec/fixtures/controlrepos/factsets/spec/factsets/centos7_notrusted.json +530 -0
- data/spec/fixtures/controlrepos/factsets/spec/factsets/centos7_trusted_extensions_nested.json +535 -0
- data/spec/fixtures/controlrepos/factsets/spec/factsets/centos7_trusted_extensions_top.json +533 -0
- data/spec/fixtures/controlrepos/factsets/spec/factsets/centos7_trusted_external_nested.json +537 -0
- data/spec/fixtures/controlrepos/factsets/spec/factsets/centos7_trusted_external_top.json +535 -0
- data/spec/fixtures/controlrepos/factsets/spec/factsets/centos_7_facter_4.json +706 -0
- data/spec/fixtures/controlrepos/windows/Puppetfile +6 -1
- data/spec/fixtures/controlrepos/windows/site-modules/role/manifests/choco.pp +9 -0
- data/templates/test_spec.rb.erb +5 -1
- metadata +85 -18
- data/.travis.yml +0 -19
- data/appveyor.yml +0 -38
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 2811ab38a0c86a251a20d2a95ad90781aad02860f5c914c7b8390999514ac633
|
4
|
+
data.tar.gz: 912c30b4f6269bdb34ea097bc8f8594fc53e41b7ac279fb9cb1c3c921ec53966
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 46aadcc7dff48722a888c12e1508ac055060ae7408277b5fc25ad6abdfb56996ed93c63445ddfa7d714026512a87dc8f5df73d6618c4ad7c44ab9d76fefdbec2
|
7
|
+
data.tar.gz: f0a9c6fa5c62f1f0e2b50a3a688bd476f7c6f8462dccc9c3ee4a484b1ff287172974ca24f38ff55dbbb19c839b36fc6eaf1b150c7beb1b5f8eafc84096c35f7b
|
data/.gitattributes
ADDED
@@ -0,0 +1,40 @@
|
|
1
|
+
name: Tests
|
2
|
+
on:
|
3
|
+
- push
|
4
|
+
- pull_request
|
5
|
+
jobs:
|
6
|
+
full_tests:
|
7
|
+
strategy:
|
8
|
+
fail-fast: false
|
9
|
+
matrix:
|
10
|
+
os:
|
11
|
+
- windows-2016
|
12
|
+
- ubuntu-latest
|
13
|
+
- macos-latest
|
14
|
+
puppet:
|
15
|
+
- "~> 5.0"
|
16
|
+
- "~> 6.0"
|
17
|
+
- "~> 7.0"
|
18
|
+
include:
|
19
|
+
- puppet: "~> 5.0"
|
20
|
+
ruby: 2.4
|
21
|
+
- puppet: "~> 6.0"
|
22
|
+
ruby: 2.5
|
23
|
+
- puppet: "~> 7.0"
|
24
|
+
ruby: 2.7
|
25
|
+
|
26
|
+
runs-on: ${{ matrix.os }}
|
27
|
+
steps:
|
28
|
+
- uses: actions/checkout@v2
|
29
|
+
- uses: ruby/setup-ruby@v1
|
30
|
+
with:
|
31
|
+
ruby-version: ${{ matrix.ruby }}
|
32
|
+
bundler-cache: true # runs 'bundle install' and caches installed gems automatically
|
33
|
+
env:
|
34
|
+
PUPPET_VERSION: ${{ matrix.puppet }}
|
35
|
+
- name: Set long paths on Windows
|
36
|
+
if: ${{ matrix.os == 'windows-2016' }}
|
37
|
+
run: Set-ItemProperty 'HKLM:\System\CurrentControlSet\Control\FileSystem' -Name 'LongPathsEnabled' -value 1
|
38
|
+
- env:
|
39
|
+
PUPPET_VERSION: ${{ matrix.puppet }}
|
40
|
+
run: bundle exec rake full_tests
|
data/.rubocop.yml
CHANGED
@@ -1,4 +1,6 @@
|
|
1
1
|
AllCops:
|
2
|
+
TargetRubyVersion: 2.4 # this should match the oldest version in .github/workflows/tests.yaml's matrix
|
3
|
+
NewCops: enable
|
2
4
|
Include:
|
3
5
|
- "lib/**/*.rb"
|
4
6
|
- "ext/**/*.rb"
|
@@ -10,6 +12,21 @@ AllCops:
|
|
10
12
|
- "tasks/**/*"
|
11
13
|
- "vendor/**/*"
|
12
14
|
|
15
|
+
# Turning off some failing checks until it is determined which one is breaking things
|
16
|
+
Style/AccessorGrouping:
|
17
|
+
Enabled: false
|
18
|
+
Style/CaseLikeIf:
|
19
|
+
Enabled: false
|
20
|
+
Style/GlobalStdStream:
|
21
|
+
Enabled: false
|
22
|
+
Style/RedundantRegexpCharacterClass:
|
23
|
+
Enabled: false
|
24
|
+
Style/SoleNestedConditional:
|
25
|
+
Enabled: false
|
26
|
+
Style/StringConcatenation:
|
27
|
+
Enabled: false
|
28
|
+
# end turning things off for debugging
|
29
|
+
|
13
30
|
Layout/ConditionPosition:
|
14
31
|
Enabled: true
|
15
32
|
|
@@ -19,7 +36,7 @@ Lint/ElseLayout:
|
|
19
36
|
Lint/UnreachableCode:
|
20
37
|
Enabled: true
|
21
38
|
|
22
|
-
Lint/
|
39
|
+
Lint/BinaryOperatorWithIdenticalOperands:
|
23
40
|
Enabled: true
|
24
41
|
|
25
42
|
# MAYBE useful - no return inside ensure block.
|
@@ -650,7 +667,8 @@ Style/ZeroLengthPredicate:
|
|
650
667
|
|
651
668
|
Bundler/OrderedGems:
|
652
669
|
Enabled: false
|
653
|
-
|
670
|
+
|
671
|
+
# Enforce LF line endings, even when on Windows
|
654
672
|
Layout/EndOfLine:
|
655
673
|
EnforcedStyle: lf
|
656
674
|
|
data/Gemfile
CHANGED
@@ -17,16 +17,3 @@ end
|
|
17
17
|
if File.exist?(File.join(Dir.home, '.gemfile'))
|
18
18
|
eval(File.read(File.join(Dir.home, '.gemfile')), binding)
|
19
19
|
end
|
20
|
-
|
21
|
-
if ENV['APPVEYOR'] == 'True'
|
22
|
-
# R10k needs to be pinned to this until the next release after 3.1.1
|
23
|
-
# in order to not have symlinks and therefor work on windows
|
24
|
-
gem 'r10k', git: 'https://github.com/puppetlabs/r10k.git'
|
25
|
-
end
|
26
|
-
|
27
|
-
group :development do
|
28
|
-
gem 'cucumber', '~> 2.0'
|
29
|
-
gem 'pry', '~> 0.10.0'
|
30
|
-
gem 'rubocop', '~> 0.82.0'
|
31
|
-
gem 'rubygems-tasks', '~> 0.2.0'
|
32
|
-
end
|
data/README.md
CHANGED
@@ -2,21 +2,23 @@
|
|
2
2
|
|
3
3
|
*The gateway drug to automated infrastructure testing with Puppet*
|
4
4
|
|
5
|
-
Onceover is a tool to automatically run basic tests on an entire Puppet
|
5
|
+
Onceover is a tool to automatically run basic tests on an entire Puppet control repository.
|
6
6
|
|
7
|
-
|
7
|
+
It includes automatic parsing of the `Puppetfile`, `environment.conf` and others in order to stop silly mistakes ever reaching your Puppet Master!
|
8
|
+
|
9
|
+
**New in v3.19.1: I've reversed the decision to have onceover use `site.pp` in the same way Puppet does. From now on your `manifest` setting in `environment.conf` will be ignored and your `site.pp` will only be used if you explicitly set the `manifest` option in the CLI or config file.**
|
10
|
+
|
11
|
+
[![Build Status](https://travis-ci.com/dylanratcliffe/onceover.svg?branch=master)](https://travis-ci.com/dylanratcliffe/onceover) [![Build status](https://ci.appveyor.com/api/projects/status/2ys2ggkgln69hmyf/branch/master?svg=true)](https://ci.appveyor.com/project/dylanratcliffe/onceover/branch/master)
|
8
12
|
|
9
13
|
## Table of Contents
|
10
14
|
|
11
15
|
- [Overview](#overview)
|
12
16
|
- [Quick Start](#quick-start)
|
13
|
-
- [
|
14
|
-
- [Config files](#config-files)
|
17
|
+
- [Configuration](#configuration)
|
15
18
|
- [onceover.yaml](#onceoveryaml)
|
16
|
-
- [
|
17
|
-
- [Hiera
|
18
|
-
- [
|
19
|
-
- [r10k Config](#r10k-config)
|
19
|
+
- [Factsets](#factsets)
|
20
|
+
- [Hiera](#hiera)
|
21
|
+
- [Puppetfile](#puppetfile)
|
20
22
|
- [Spec testing](#spec-testing)
|
21
23
|
- [Adding your own spec tests](#adding-your-own-spec-tests)
|
22
24
|
- [Using Workarounds](#using-workarounds)
|
@@ -32,120 +34,220 @@ Onceover is a tool to automatically run basic tests on an entire Puppet controlr
|
|
32
34
|
- [Rake tasks](#rake-tasks)
|
33
35
|
- [generate_fixtures](#generate_fixtures)
|
34
36
|
|
37
|
+
## Overview
|
38
|
+
|
39
|
+
This gem provides a toolset for testing _Puppet control repository_ (ie. Repos used with r10k).
|
40
|
+
|
41
|
+
The main purpose of this project is to provide a set of tools to help smooth out the process of setting up and running `rspec-puppet` tests for a controlrepo.
|
42
|
+
|
43
|
+
Due to the fact that controlrepos are fairly standardised in nature it seemed ridiculous that you would need to set up the same testing framework that we would normally use within a module for a controlrepo. This is because at this level we are normally just running very basic tests that cover a lot of code. It would also mean that we would need to essentially duplicated our `Puppetfile` into a `.fixtures.yml` file, along with a few other things.
|
44
|
+
|
45
|
+
This toolset requires some [configuration](#configuration) before it can be used so definitely read that section before getting started.
|
46
|
+
|
35
47
|
## Quick Start
|
36
48
|
|
37
|
-
**Note:** This assumes you are inside the root of your
|
49
|
+
**Note:** This assumes you are inside the root of your control-repo.
|
38
50
|
|
39
|
-
|
51
|
+
1. Add `onceover` to your `Gemfile`:
|
40
52
|
|
41
|
-
|
53
|
+
```ruby
|
54
|
+
gem 'onceover'
|
55
|
+
```
|
42
56
|
|
43
|
-
|
57
|
+
1. Run _Bundler_ to install `onceover`
|
44
58
|
|
45
|
-
|
59
|
+
```shell
|
60
|
+
bundle install
|
61
|
+
```
|
46
62
|
|
47
|
-
|
63
|
+
1. Set up your configuration
|
48
64
|
|
49
|
-
|
65
|
+
```shell
|
66
|
+
bundle exec onceover init
|
67
|
+
```
|
68
|
+
1. Run your spec tests!
|
50
69
|
|
51
|
-
|
70
|
+
```shell
|
71
|
+
bundle exec onceover run spec
|
72
|
+
```
|
52
73
|
|
53
|
-
|
54
|
-
gem 'onceover'
|
55
|
-
```
|
74
|
+
## Configuration
|
56
75
|
|
57
|
-
|
76
|
+
This project uses one main config file to determine what Puppet classes we should be testing and how: [onceover.yaml](#onceoveryaml).
|
58
77
|
|
59
|
-
|
78
|
+
As `onceover` tests Puppet classes, it need sets of facts to compile the Puppet code against, these are stored in [factsets](#factsets).
|
60
79
|
|
61
|
-
|
80
|
+
### onceover.yaml
|
62
81
|
|
63
|
-
|
82
|
+
Usually located at `spec/onceover.yaml`, this path could be overrided with environment variable: `ONCEOVER_YAML`.
|
64
83
|
|
65
|
-
|
84
|
+
Hopefully this config file will be fairly self explanatory once you see it, but basically this is the place where we define what classes we want to test and the [factsets](#factsets) that we want to test them against.
|
66
85
|
|
67
|
-
|
86
|
+
#### Main settings
|
68
87
|
|
69
|
-
|
88
|
+
- `classes`
|
70
89
|
|
71
|
-
|
90
|
+
A list (array) of classes that we want to test
|
72
91
|
|
73
|
-
|
92
|
+
Classes are specified as string or **regular expressions**.
|
93
|
+
The recommended setting to have a good coverage is `/^role::/` if you use [roles and profiles method](https://puppet.com/docs/pe/latest/the_roles_and_profiles_method.html) and if you dont, you [should](https://puppet.com/docs/pe/2019.8/the_roles_and_profiles_method.html).
|
74
94
|
|
75
|
-
|
95
|
+
- `nodes`
|
76
96
|
|
77
|
-
|
97
|
+
A list (array) of nodes that we want to test against.
|
78
98
|
|
79
|
-
|
99
|
+
The nodes that we list here map directly to a [factset](#factsets), e.g. `Debian-7.8-64`
|
80
100
|
|
81
|
-
|
101
|
+
- `node_groups`
|
82
102
|
|
83
|
-
|
103
|
+
An hash of named node groups.
|
84
104
|
|
85
|
-
|
105
|
+
We can create groups by simply specifying an array of nodes to be in the group, or use the subtractive [include/exclude syntax](#includeexclude-syntax).
|
86
106
|
|
87
|
-
|
107
|
+
**Note:** A _node group_ named `all_nodes` is automatically created by `onceover`.
|
88
108
|
|
89
|
-
|
109
|
+
**Important:** The names used for the actual `class_groups` and `node_groups` must be unique.
|
90
110
|
|
91
|
-
|
111
|
+
- `class_groups`
|
92
112
|
|
93
|
-
|
113
|
+
An hash of named class groups.
|
94
114
|
|
95
|
-
|
115
|
+
We can create groups by simply specifying an array of classes (string or regexp) to be in the group, or use the subtractive [include/exclude syntax](#includeexclude-syntax).
|
96
116
|
|
97
|
-
**
|
117
|
+
**Note:** A _class group_ named `all_classes` is automatically created by `onceover`.
|
98
118
|
|
99
|
-
**
|
119
|
+
**Important:** The names used for the actual `class_groups` and `node_groups` must be unique.
|
100
120
|
|
101
|
-
|
121
|
+
- `test_matrix`
|
102
122
|
|
103
|
-
|
123
|
+
An array of hashes with the following format:
|
104
124
|
|
105
|
-
```yaml
|
106
|
-
|
107
|
-
|
108
|
-
|
109
|
-
|
110
|
-
```
|
125
|
+
```yaml
|
126
|
+
- {nodes_to_test}: # The name of a node or node group
|
127
|
+
classes: '{classes_to_test}' # the name of a class or
|
128
|
+
tests: '{all_tests|acceptance|spec}' # acceptance deprecated/broken, set to spec
|
129
|
+
{valid_option}: {value} # See below
|
130
|
+
```
|
111
131
|
|
112
|
-
|
132
|
+
Valid options:
|
113
133
|
|
114
|
-
|
134
|
+
- `tags`
|
115
135
|
|
116
|
-
|
136
|
+
Default: `nil`
|
117
137
|
|
118
|
-
|
138
|
+
One or many tags that tests in this group should be tagged with.
|
139
|
+
This allows you to run only certain tests using the `--tags` command line parameter.
|
119
140
|
|
120
|
-
|
141
|
+
#### Advanced settings
|
121
142
|
|
122
|
-
|
123
|
-
before:
|
124
|
-
- "Puppet::Util::Platform.stubs(:'windows?').returns(node_facts['kernel'] == 'windows')"
|
143
|
+
- `functions`
|
125
144
|
|
126
|
-
|
127
|
-
|
128
|
-
|
145
|
+
Default: `nil`
|
146
|
+
|
147
|
+
In this section we can add functions that we want to mock when running spec tests.
|
148
|
+
|
149
|
+
Each function takes the `return` arguments, e.g.
|
150
|
+
|
151
|
+
```yaml
|
152
|
+
functions:
|
153
|
+
puppetdb_query:
|
154
|
+
returns: []
|
155
|
+
```
|
156
|
+
|
157
|
+
- `before`
|
158
|
+
|
159
|
+
Default: `nil`
|
160
|
+
|
161
|
+
A block to run **before** each spec test.
|
162
|
+
|
163
|
+
For example, this can be used when the functions to stub are conditional, the following stub function `x` if the OS is windows, stub function `y` if the fact `java_installed` is true.
|
164
|
+
|
165
|
+
**Note**: The facts are available through the `node_facts` hash and the trusted facts as `trusted_facts`.
|
166
|
+
|
167
|
+
Example:
|
168
|
+
```yaml
|
169
|
+
before:
|
170
|
+
- "Puppet::Util::Platform.stubs(:'windows?').returns(node_facts['kernel'] == 'windows')"
|
171
|
+
```
|
172
|
+
|
173
|
+
- `after`
|
174
|
+
|
175
|
+
Default: `nil`
|
129
176
|
|
130
|
-
|
177
|
+
A block to run **after** each spec test.
|
178
|
+
|
179
|
+
**Note**: The facts are available through the `node_facts` hash and the trusted facts as `trusted_facts`.
|
180
|
+
|
181
|
+
Exmaple:
|
182
|
+
```yaml
|
183
|
+
after:
|
184
|
+
- "puts 'Test finished running'"
|
185
|
+
```
|
186
|
+
|
187
|
+
- `include_spec_files`
|
188
|
+
|
189
|
+
Default: `[**/*]`
|
190
|
+
|
191
|
+
Glob to select additionnal files to be run during `onceover` spec tests.
|
192
|
+
|
193
|
+
Default is to select all files located in the repo spec directory, usually `spec/`.
|
194
|
+
If you have some RSpec tests that depend on a different RSpec configuration than `onceover` or want, for example, to have a different job in your CI to run your own unit tests, you can use this option to select which spec files to run during `onceover` spec tests.
|
195
|
+
|
196
|
+
- `opts`
|
197
|
+
|
198
|
+
Default: `{}`
|
199
|
+
|
200
|
+
This setting overrides defaults for the `Onceover::Controlrepo` class' `opts` hash.
|
201
|
+
|
202
|
+
Example:
|
203
|
+
```yaml
|
204
|
+
opts:
|
205
|
+
:facts_dirs: # Remember: `opts` keys are symbols!
|
206
|
+
- 'spec/factsets' # Limit factsets to files in this repository
|
207
|
+
:debug: true # Set the `logger.level` to debug
|
208
|
+
:profile_regex: '^(profile|site)::' # Profiles include a legacy module named `site::`
|
209
|
+
:facts_files: # Factset filenames use the extension`.facts` instead of `.json`
|
210
|
+
- 'spec/factsets/*.facts'
|
211
|
+
:manifest: 'manifests/site.pp' # Manifest to use while compiling (nil by default)
|
212
|
+
```
|
213
|
+
|
214
|
+
#### Include/Exclude syntax
|
215
|
+
|
216
|
+
This can be used with either `node_groups` or `class_groups` and allows us to save some time by using existing groups to create new ones e.g.
|
131
217
|
|
132
218
|
```yaml
|
133
|
-
|
134
|
-
:
|
135
|
-
-
|
136
|
-
|
219
|
+
node_groups:
|
220
|
+
windows_nodes: # This has to be defined first
|
221
|
+
- sevrer2008r2
|
222
|
+
- server2012r2
|
223
|
+
non_windows:
|
224
|
+
include: 'all_nodes' # Start with all nodes
|
225
|
+
exclude: 'windows_nodes' # Then remove the windows ones from that list
|
137
226
|
```
|
138
227
|
|
228
|
+
It's important to note that in order to reference a group using the *include/exclude* syntax is has to have been defined already i.e. it has to come above the group that references it
|
229
|
+
|
230
|
+
#### Examples
|
231
|
+
|
232
|
+
##### Minimal
|
233
|
+
|
139
234
|
```yaml
|
140
|
-
|
141
|
-
|
142
|
-
|
235
|
+
classes:
|
236
|
+
- /^role::/
|
237
|
+
|
238
|
+
nodes:
|
239
|
+
- Debian-10-amd64
|
143
240
|
|
144
|
-
|
145
|
-
:
|
146
|
-
|
241
|
+
test_matrix:
|
242
|
+
- all_nodes:
|
243
|
+
classes: 'all_classes'
|
244
|
+
tests: 'spec'
|
147
245
|
```
|
148
246
|
|
247
|
+
##### Advanced
|
248
|
+
|
249
|
+
In the example below we have referred to `centos6a` and `centos7b` in all of our tests as they are in `all_nodes`, `non_windows_servers` and `centos_severs`. However we have *left the more specific references to last*. This is because entries in the test_matrix will override entries above them if applicable. Meaning that we are still only testing each class on the two Centos servers once (Because the gem does de-duplication before running the tests), but also making sure we run `roles::frontend_webserver` twice before checking for idempotency.
|
250
|
+
|
149
251
|
A full example:
|
150
252
|
|
151
253
|
```yaml
|
@@ -155,7 +257,7 @@ classes:
|
|
155
257
|
- 'roles::load_balancer'
|
156
258
|
- 'roles::syd_f5_load_balancer'
|
157
259
|
- 'roles::windows_server'
|
158
|
-
- '/^role/'
|
260
|
+
- '/^role/' # Note that this regex format requires `/`
|
159
261
|
|
160
262
|
nodes:
|
161
263
|
- centos6a
|
@@ -209,65 +311,93 @@ functions:
|
|
209
311
|
opts:
|
210
312
|
:facts_dirs:
|
211
313
|
- spec/factsets
|
314
|
+
:profile_regex: '^(profile|site)::' # Note that this regex _doesn't_ use `/`
|
212
315
|
```
|
213
316
|
|
214
|
-
|
317
|
+
### Factsets
|
215
318
|
|
216
|
-
|
217
|
-
node_groups:
|
218
|
-
windows_nodes: # This has to be defined first
|
219
|
-
- sevrer2008r2
|
220
|
-
- server2012r2
|
221
|
-
non_windows:
|
222
|
-
include: 'all_nodes' # Start with all nodes
|
223
|
-
exclude: 'windows_nodes' # Then remove the windows ones from that list
|
224
|
-
```
|
319
|
+
Factsets are used by the onceover gem to generate spec tests, which compile a given class against a certain set of facts.
|
225
320
|
|
226
|
-
|
321
|
+
This gem comes with a few pre-canned factsets, these are listed under the `nodes` sections of `onceover.yaml` when you run `onceover init`.
|
227
322
|
|
228
|
-
|
323
|
+
You can, and its a good pratice, add your own factsets by putting them in `spec/factsets/*.json`.
|
229
324
|
|
230
|
-
|
325
|
+
To generate these factsets all we need to do is log onto a real machine that has puppet installed and run:
|
231
326
|
|
232
|
-
|
327
|
+
```shell
|
328
|
+
puppet facts > fact_set_name.json
|
329
|
+
```
|
233
330
|
|
234
|
-
|
331
|
+
Its recommended to run this on each of the types of nodes that you run in your infrastructure to have good coverage.
|
235
332
|
|
236
|
-
|
333
|
+
If you are using [Trusted Facts](#trusted-facts) or [Trusted External Data](#trusted-external-data) and can use the [PE client tools](https://puppet.com/docs/pe/latest/installing_pe_client_tools.html) you can generate a factset which contains this information by running:
|
237
334
|
|
238
|
-
|
239
|
-
|
335
|
+
```shell
|
336
|
+
puppet facts --terminus puppetdb > fact_set_name.json
|
337
|
+
```
|
240
338
|
|
241
|
-
|
339
|
+
or
|
340
|
+
|
341
|
+
```shell
|
342
|
+
puppet facts --terminus puppetdb <node certname> > fact_set_name.json
|
343
|
+
```
|
242
344
|
|
243
|
-
|
345
|
+
Factsets are named based on their filename, i.e. `myfactset` in `onceover.yaml` refers `spec/factsets/myfactset.json`
|
244
346
|
|
245
|
-
|
347
|
+
#### Trusted Facts
|
348
|
+
|
349
|
+
You can add trusted facts to the factsets by creating a new section called trusted:
|
246
350
|
|
247
|
-
|
351
|
+
```json
|
352
|
+
{
|
353
|
+
"name": "node.puppetlabs.net",
|
354
|
+
"trusted": {
|
355
|
+
"pp_role": "agent",
|
356
|
+
"pp_datacenter": "puppet",
|
357
|
+
},
|
358
|
+
"values": {
|
359
|
+
"aio_agent_build": "1.10.4",
|
360
|
+
"aio_agent_version": "1.10.4",
|
361
|
+
"architecture": "x86_64",
|
362
|
+
```
|
248
363
|
|
249
|
-
`
|
364
|
+
Notice that the `extensions` part is implied. The first fact in that example translates to `$trusted['extensions']['pp_role']` in Puppet code.
|
250
365
|
|
251
|
-
|
366
|
+
Alternatively, if you generated your factset using the PE client tools your trusted facts will be nested under the **values** hash. For example:
|
252
367
|
|
253
|
-
|
368
|
+
```json
|
369
|
+
{
|
370
|
+
"name": "node.puppetlabs.net",
|
371
|
+
"values": {
|
372
|
+
"aio_agent_build": "1.10.4",
|
373
|
+
"aio_agent_version": "1.10.4",
|
374
|
+
"architecture": "x86_64",
|
375
|
+
"trusted": {
|
376
|
+
"extensions": {
|
377
|
+
"pp_role": "agent",
|
378
|
+
"pp_datacenter": "puppet"
|
379
|
+
}
|
380
|
+
}
|
381
|
+
```
|
254
382
|
|
255
|
-
|
383
|
+
In this case, you're all set and onceover will auto-magically pick those up for you.
|
256
384
|
|
257
|
-
`
|
385
|
+
**Note**: The top level `trusted` hash takes precidence over the `trusted[extensions]` hash nested under `values`. Meaning that if you have any specified at the top level, any nested ones will not be considered. So pick **ONE** method and stick with that.
|
258
386
|
|
259
|
-
|
387
|
+
#### Trusted External Data
|
260
388
|
|
261
|
-
|
389
|
+
**Note:** This feature requires `rspec-puppet` >= 2.8.0.
|
262
390
|
|
263
|
-
You can add trusted
|
391
|
+
You can add trusted external data to the factsets by creating a new section called trusted_external:
|
264
392
|
|
265
393
|
```json
|
266
394
|
{
|
267
395
|
"name": "node.puppetlabs.net",
|
268
|
-
"
|
269
|
-
"
|
270
|
-
|
396
|
+
"trusted_external": {
|
397
|
+
"example_forager": {
|
398
|
+
"globalRegion": "EMEA",
|
399
|
+
"serverOwner": "John Doe"
|
400
|
+
}
|
271
401
|
},
|
272
402
|
"values": {
|
273
403
|
"aio_agent_build": "1.10.4",
|
@@ -275,15 +405,42 @@ You can add trusted facts to the factsets by creating a new section called trust
|
|
275
405
|
"architecture": "x86_64",
|
276
406
|
```
|
277
407
|
|
278
|
-
Notice that the `
|
408
|
+
Notice that the `external` part is implied, though the foragers name will still need to be provided. The first fact in that example translates to `$trusted['external']['example_forager']['globalRegion']` in Puppet code.
|
409
|
+
|
410
|
+
Alternatively, if you generated your factset using the PE client tools your trusted external data will be nested under the **values** hash. For example:
|
411
|
+
|
412
|
+
```json
|
413
|
+
{
|
414
|
+
"name": "node.puppetlabs.net",
|
415
|
+
"values": {
|
416
|
+
"aio_agent_build": "1.10.4",
|
417
|
+
"aio_agent_version": "1.10.4",
|
418
|
+
"architecture": "x86_64",
|
419
|
+
"trusted": {
|
420
|
+
"external": {
|
421
|
+
"example_forager": {
|
422
|
+
"globalRegion": "EMEA",
|
423
|
+
"serverOwner": "John Doe"
|
424
|
+
}
|
425
|
+
}
|
426
|
+
}
|
427
|
+
```
|
428
|
+
|
429
|
+
In this case, you're all set and onceover will auto-magically pick those up for you.
|
430
|
+
|
431
|
+
**Note**: The top level `trusted_external` hash takes precidence over the `trusted[external]` hash nested under `values`. Meaning that if you have any specified at the top level, any nested ones will not be considered. So pick **ONE** method and stick with that.
|
279
432
|
|
280
|
-
### Hiera
|
433
|
+
### Hiera
|
281
434
|
|
282
|
-
If you have hiera data inside your controlrepo (or somewhere else)
|
435
|
+
If you have hiera data inside your controlrepo (or somewhere else) `onceover` can be configured to use it.
|
436
|
+
It is however worth noting the `hiera.yaml` file that you currently use may not be applicable for testing right away.
|
437
|
+
For example; if you are using `hiera-eyaml` I recommend creating a `hiera.yaml` purely for testing that simply uses the `yaml` backend, meaning that you don't need to provide the private keys to the testing machines.
|
283
438
|
|
284
|
-
It is also worth noting that any hiera hierarchies that are based on custom facts will not work unless those facts are part of your factsets.
|
439
|
+
It is also worth noting that any hiera hierarchies that are based on custom facts will not work unless those facts are part of your factsets.
|
440
|
+
Trusted facts will also not work at all as the catalogs are being compiled without the node's certificate.
|
441
|
+
In these instances it may be worth creating a hierarchy level that simply includes dummy data for testing purposes in order to avoid hiera lookup errors.
|
285
442
|
|
286
|
-
###
|
443
|
+
### Puppetfile
|
287
444
|
|
288
445
|
Organisations often reference modules from their own git servers in the `Puppetfile`, like this:
|
289
446
|
|
@@ -293,7 +450,9 @@ mod "puppetlabs-apache",
|
|
293
450
|
:tag => "v5.4.0"
|
294
451
|
```
|
295
452
|
|
296
|
-
Under the hood,
|
453
|
+
Under the hood, `onceover` uses `r10k` to download the modules in your `Puppetfile`.
|
454
|
+
If you get errors downloading modules from `git`, its because `r10k`'s call to your underlying `git` command has failed.
|
455
|
+
`onceover` tells you the command that `r10k` tried to run, so if you get an error like this:
|
297
456
|
|
298
457
|
```
|
299
458
|
INFO -> Updating module /Users/dylan/control-repo/.onceover/etc/puppetlabs/code/environments
|
@@ -328,7 +487,7 @@ Warning: Permanently added 'git.megacorp.com,123.456.789.101' (RSA) to the list
|
|
328
487
|
|
329
488
|
The other way to resolve this would have been to install the `ssh_askpass` program, but this can spam the screen with modal dialogs on some platforms.
|
330
489
|
|
331
|
-
#### r10k
|
490
|
+
#### r10k configuration
|
332
491
|
|
333
492
|
If you have custom r10k config that you want to use, place the `r10k.yaml` file in one of the following locations:
|
334
493
|
|
@@ -507,10 +666,12 @@ require 'spec_helper'
|
|
507
666
|
require 'onceover/controlrepo'
|
508
667
|
require 'helpers/shared_examples'
|
509
668
|
|
510
|
-
Onceover::Controlrepo.new.spec_tests do |class_name,node_name,facts,pre_conditions|
|
669
|
+
Onceover::Controlrepo.new.spec_tests do |class_name, node_name, facts, trusted_facts, trusted_external_data, pre_conditions|
|
511
670
|
describe class_name do
|
512
671
|
context "on #{node_name}" do
|
513
672
|
let(:facts) { facts }
|
673
|
+
let(:trusted_facts) { trusted_facts }
|
674
|
+
let(:trusted_external_data) { trusted_external_data }
|
514
675
|
let(:pre_condition) { pre_conditions }
|
515
676
|
|
516
677
|
it_behaves_like 'soe'
|
@@ -710,4 +871,5 @@ Cheers to all of those who helped out:
|
|
710
871
|
- @smortex
|
711
872
|
- @16c7x
|
712
873
|
- @neomilium
|
874
|
+
- @chlawren
|
713
875
|
|