onceover 3.21.0 → 3.22.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (139) hide show
  1. checksums.yaml +4 -4
  2. data/.devcontainer/devcontainer.json +4 -6
  3. data/.github/workflows/release.yaml +24 -0
  4. data/Gemfile +3 -0
  5. data/README.md +45 -1
  6. data/Rakefile +1 -0
  7. data/cucumber.yml +1 -0
  8. data/features/step_definitions/run.rb +4 -0
  9. data/features/zzz_run.feature +1 -8
  10. data/lib/onceover/beaker/spec_helper.rb +8 -8
  11. data/lib/onceover/controlrepo.rb +3 -3
  12. data/lib/onceover/deploy.rb +1 -1
  13. data/lib/onceover/rspec/formatters.rb +2 -4
  14. data/lib/onceover/runner.rb +1 -1
  15. data/lib/onceover/test.rb +1 -1
  16. data/onceover.gemspec +6 -13
  17. data/spec/fixtures/controlrepos/puppet_controlrepo/.atom-build.json +9 -0
  18. data/spec/fixtures/controlrepos/puppet_controlrepo/.gitignore +5 -0
  19. data/spec/fixtures/controlrepos/puppet_controlrepo/.ruby-version +1 -0
  20. data/spec/fixtures/controlrepos/puppet_controlrepo/.travis.yml +13 -0
  21. data/spec/fixtures/controlrepos/puppet_controlrepo/Gemfile +22 -0
  22. data/spec/fixtures/controlrepos/puppet_controlrepo/Jenkinsfile +50 -0
  23. data/spec/fixtures/controlrepos/puppet_controlrepo/Puppetfile +102 -0
  24. data/spec/fixtures/controlrepos/puppet_controlrepo/README.md +4 -0
  25. data/spec/fixtures/controlrepos/puppet_controlrepo/Rakefile +6 -0
  26. data/spec/fixtures/controlrepos/puppet_controlrepo/data/common.yaml +558 -0
  27. data/spec/fixtures/controlrepos/puppet_controlrepo/data/datacenter/melbourne.yaml +12 -0
  28. data/spec/fixtures/controlrepos/puppet_controlrepo/data/datacenter/singapore.yaml +12 -0
  29. data/spec/fixtures/controlrepos/puppet_controlrepo/data/environments/development.yaml +3 -0
  30. data/spec/fixtures/controlrepos/puppet_controlrepo/data/environments/production.yaml +3 -0
  31. data/spec/fixtures/controlrepos/puppet_controlrepo/data/size/vol.large.yaml +27 -0
  32. data/spec/fixtures/controlrepos/puppet_controlrepo/environment.conf +3 -0
  33. data/spec/fixtures/controlrepos/puppet_controlrepo/hiera.yaml +25 -0
  34. data/spec/fixtures/controlrepos/puppet_controlrepo/manifests/site.pp +11 -0
  35. data/spec/fixtures/controlrepos/puppet_controlrepo/scripts/code_manager_config_version.rb +19 -0
  36. data/spec/fixtures/controlrepos/puppet_controlrepo/scripts/config_version.rb +25 -0
  37. data/spec/fixtures/controlrepos/puppet_controlrepo/scripts/config_version.sh +12 -0
  38. data/spec/fixtures/controlrepos/puppet_controlrepo/scripts/count_changed_classes.rb +26 -0
  39. data/spec/fixtures/controlrepos/puppet_controlrepo/scripts/get_changed_classes.rb +26 -0
  40. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/console/functions/user/token.pp +10 -0
  41. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/console/manifests/init.pp +14 -0
  42. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/console/manifests/user.pp +35 -0
  43. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/deployments/lib/puppet/functions/deployments/generate.rb +15 -0
  44. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/deployments/plans/signed_deployment.pp +126 -0
  45. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/facts.d/test.sh +2 -0
  46. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/files/artifactory/config_descriptor.xml +265 -0
  47. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/files/autosign.sh +23 -0
  48. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/files/hudson.tasks.Shell.xml +4 -0
  49. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/files/motd +4 -0
  50. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/files/polar_clock/index.html +198 -0
  51. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/apt.pp +9 -0
  52. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/aws_nodes.pp +54 -0
  53. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/base/aws.pp +9 -0
  54. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/base/rhel.pp +50 -0
  55. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/base/windows/hardening.pp +57 -0
  56. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/base/windows.pp +52 -0
  57. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/base.pp +79 -0
  58. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/cd4pe/artifactory.pp +64 -0
  59. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/cd4pe/connection.pp +95 -0
  60. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/cd4pe/haproxy.pp +65 -0
  61. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/cd4pe/replicated.pp +53 -0
  62. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/compile/balancer.pp +28 -0
  63. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/compile/master.pp +19 -0
  64. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/dns/host_record.pp +16 -0
  65. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/dns/server.pp +66 -0
  66. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/docker.pp +5 -0
  67. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/eyeunify/base.pp +43 -0
  68. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/eyeunify/core/database_connection.pp +42 -0
  69. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/eyeunify/core.pp +72 -0
  70. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/eyeunify/ctrl.pp +57 -0
  71. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/eyeunify/database.pp +32 -0
  72. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/eyeunify/exec.pp +11 -0
  73. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/file_sync/client.pp +165 -0
  74. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/file_sync/master_patch.pp +37 -0
  75. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/grafana/dashboard.pp +17 -0
  76. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/haproxy.pp +43 -0
  77. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/init.pp +3 -0
  78. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/jenkins/plugins.pp +87 -0
  79. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/jenkins.pp +65 -0
  80. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/jira/aio.pp +39 -0
  81. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/jira/app.pp +27 -0
  82. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/jira/db.pp +25 -0
  83. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/metrics/collectd/compile.pp +82 -0
  84. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/metrics/collectd.pp +28 -0
  85. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/metrics/dashboard.pp +28 -0
  86. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/mysql_server.pp +7 -0
  87. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/nginx.pp +24 -0
  88. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/polar_clock.pp +55 -0
  89. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/puppetmaster/api_auth.pp +82 -0
  90. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/puppetmaster/autosign.pp +33 -0
  91. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/puppetmaster/aws.pp +58 -0
  92. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/puppetmaster/tuning.pp +139 -0
  93. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/puppetmaster.pp +139 -0
  94. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/rvm.pp +13 -0
  95. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/sumologic.pp +11 -0
  96. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/sunburst/windows.pp +104 -0
  97. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/vagrant.pp +25 -0
  98. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/windows/webserver.pp +27 -0
  99. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/templates/cd4pe/connection_script.sh.epp +110 -0
  100. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/templates/controlrepo_deploy_jenkins_job.xml.epp +51 -0
  101. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/templates/dashboard.json.epp +403 -0
  102. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/templates/jenkins_secret_text.json.epp +1 -0
  103. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/templates/onceover_jenkins_job.xml.epp +51 -0
  104. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/templates/userdata.epp +17 -0
  105. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/role/manifests/cd4pe.pp +29 -0
  106. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/role/manifests/clock.pp +16 -0
  107. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/role/manifests/compile/balancer.pp +5 -0
  108. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/role/manifests/compile/master.pp +5 -0
  109. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/role/manifests/eyeunify/aio.pp +10 -0
  110. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/role/manifests/eyeunify/controller.pp +10 -0
  111. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/role/manifests/eyeunify/database.pp +7 -0
  112. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/role/manifests/eyeunify/exec.pp +6 -0
  113. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/role/manifests/init.pp +3 -0
  114. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/role/manifests/lb.pp +14 -0
  115. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/role/manifests/metrics.pp +5 -0
  116. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/role/manifests/mysql.pp +13 -0
  117. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/role/manifests/windows/base.pp +5 -0
  118. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/role/manifests/windows/webserver.pp +6 -0
  119. data/spec/fixtures/controlrepos/puppet_controlrepo/spec/.gitignore +5 -0
  120. data/spec/fixtures/controlrepos/puppet_controlrepo/spec/acceptance/nodesets/onceover-nodes.yml +94 -0
  121. data/spec/fixtures/controlrepos/puppet_controlrepo/spec/classes/test_spec.rb +8 -0
  122. data/spec/fixtures/controlrepos/puppet_controlrepo/spec/factsets/CentOS-7.0-64-master-2017.3.2.json +531 -0
  123. data/spec/fixtures/controlrepos/puppet_controlrepo/spec/factsets/CentOS-7.0-64-master.json +429 -0
  124. data/spec/fixtures/controlrepos/puppet_controlrepo/spec/factsets/CentOS-7.0-64.json +353 -0
  125. data/spec/fixtures/controlrepos/puppet_controlrepo/spec/factsets/Windows_Server-2008r2-64.json +184 -0
  126. data/spec/fixtures/controlrepos/puppet_controlrepo/spec/factsets/Windows_Server-2012r2-64.json +165 -0
  127. data/spec/fixtures/controlrepos/puppet_controlrepo/spec/hiera.yaml +18 -0
  128. data/spec/fixtures/controlrepos/puppet_controlrepo/spec/matchers/file_matchers.rb +16 -0
  129. data/spec/fixtures/controlrepos/puppet_controlrepo/spec/onceover.yaml +54 -0
  130. data/spec/fixtures/controlrepos/puppet_controlrepo/spec/pre_conditions/site.pp +150 -0
  131. data/spec/fixtures/controlrepos/puppet_controlrepo/spec/r10k.yaml +2 -0
  132. data/spec/fixtures/controlrepos/puppet_controlrepo/spec/shared_examples/helper.rb +91 -0
  133. data/spec/fixtures/controlrepos/puppet_controlrepo/spec/unit/00_parse_spec.rb +76 -0
  134. data/spec/fixtures/controlrepos/puppet_controlrepo/spec/unit/01_linting_spec_example.rb +69 -0
  135. data/spec/fixtures/controlrepos/puppet_controlrepo/spec/unit/03_puppetfile_spec_example.rb +35 -0
  136. data/templates/spec_helper.rb.erb +0 -2
  137. data/templates/test_spec.rb.erb +3 -0
  138. metadata +137 -79
  139. data/.gitmodules +0 -4
@@ -0,0 +1,198 @@
1
+ <!DOCTYPE html>
2
+ <meta charset="utf-8">
3
+ <style>
4
+ body {
5
+ background: #222;
6
+ margin: auto;
7
+ width: 960px;
8
+ }
9
+
10
+ .field-track,
11
+ .field-arm {
12
+ fill: none;
13
+ stroke: #000;
14
+ stroke-width: 1.5px;
15
+ }
16
+
17
+ .field-tick {
18
+ transition: opacity 750ms linear;
19
+ }
20
+
21
+ .field-tick:not(.field-tick--active) circle,
22
+ .field-tick:not(.field-tick--active):first-of-type text {
23
+ fill: #222 !important;
24
+ }
25
+
26
+ .field-tick:not(.field-tick--active):first-of-type circle {
27
+ fill: #000 !important;
28
+ }
29
+
30
+ .field-tick--disabled {
31
+ opacity: 0;
32
+ }
33
+
34
+ .field-tick circle,
35
+ .field-tick text {
36
+ transition: fill 250ms linear;
37
+ transition-delay: 400ms;
38
+ }
39
+
40
+ .field-tick text {
41
+ font: 700 14px "Helvetica Neue";
42
+ text-anchor: middle;
43
+ }
44
+ </style>
45
+ <svg width="960" height="960"></svg>
46
+ <script src="//d3js.org/d3.v4.0.0-alpha.28.min.js"></script>
47
+ <script>
48
+ var svg = d3.select("svg"),
49
+ width = +svg.attr("width"),
50
+ height = +svg.attr("height"),
51
+ radius = Math.min(width, height) / 1.9,
52
+ armRadius = radius / 22,
53
+ dotRadius = armRadius - 6;
54
+
55
+ var duration = 750,
56
+ now = new Date(Date.now() + 2 * duration);
57
+
58
+ var pi = Math.PI,
59
+ tau = pi * 2;
60
+
61
+ var fields = [{
62
+ radius: 0.2 * radius,
63
+ interval: d3.timeYear,
64
+ subinterval: d3.timeMonth,
65
+ format: d3.timeFormat("%b")
66
+ }, {
67
+ radius: 0.3 * radius,
68
+ interval: d3.timeMonth,
69
+ subinterval: d3.timeDay,
70
+ format: d3.timeFormat("%d")
71
+ }, {
72
+ radius: 0.4 * radius,
73
+ interval: d3.timeWeek,
74
+ subinterval: d3.timeDay,
75
+ format: d3.timeFormat("%a")
76
+ }, {
77
+ radius: 0.6 * radius,
78
+ interval: d3.timeDay,
79
+ subinterval: d3.timeHour,
80
+ format: d3.timeFormat("%H")
81
+ }, {
82
+ radius: 0.7 * radius,
83
+ interval: d3.timeHour,
84
+ subinterval: d3.timeMinute,
85
+ format: d3.timeFormat("%M")
86
+ }, {
87
+ radius: 0.8 * radius,
88
+ interval: d3.timeMinute,
89
+ subinterval: d3.timeSecond,
90
+ format: d3.timeFormat("%S")
91
+ }];
92
+
93
+ var color = d3.scaleRainbow()
94
+ .domain([0, tau]);
95
+
96
+ var arcArm = d3.arc()
97
+ .startAngle(function(d) {
98
+ return armRadius / d.radius;
99
+ })
100
+ .endAngle(function(d) {
101
+ return -pi - armRadius / d.radius;
102
+ })
103
+ .innerRadius(function(d) {
104
+ return d.radius - armRadius;
105
+ })
106
+ .outerRadius(function(d) {
107
+ return d.radius + armRadius;
108
+ })
109
+ .cornerRadius(armRadius);
110
+
111
+ var field = svg.append("g")
112
+ .attr("transform", "translate(" + width / 2 + "," + height / 2 + ")")
113
+ .selectAll(".field")
114
+ .data(fields)
115
+ .enter().append("g")
116
+ .attr("class", "field");
117
+
118
+ field.append("circle")
119
+ .attr("class", "field-track")
120
+ .attr("r", function(d) {
121
+ return d.radius;
122
+ });
123
+
124
+ var fieldTick = field.selectAll(".field-tick")
125
+ .data(function(d) {
126
+ var date = d.interval(new Date(2000, 0, 1));
127
+ d.range = d.subinterval.range(date, d.interval.offset(date, 1));
128
+ return d.range.map(function(t) {
129
+ return {
130
+ time: t,
131
+ field: d
132
+ };
133
+ });
134
+ })
135
+ .enter().append("g")
136
+ .attr("class", "field-tick")
137
+ .attr("transform", function(d, i) {
138
+ var angle = i / d.field.range.length * tau - pi / 2;
139
+ return "translate(" + Math.cos(angle) * d.field.radius + "," + Math.sin(angle) * d.field.radius + ")";
140
+ });
141
+
142
+ fieldTick.append("circle")
143
+ .attr("r", dotRadius - 3)
144
+ .style("fill", function(d, i) {
145
+ return color(i / d.field.range.length * tau);
146
+ });
147
+
148
+ fieldTick.append("text")
149
+ .attr("dy", "0.35em")
150
+ .text(function(d) {
151
+ return d.field.format(d.time).slice(0, 2);
152
+ });
153
+
154
+ var fieldArm = field.append("path")
155
+ .attr("class", "field-arm")
156
+ .attr("transform", "rotate(0)")
157
+ .attr("d", function(d) {
158
+ return arcArm(d) +
159
+ "M0," + (dotRadius - d.radius) +
160
+ "a" + dotRadius + "," + dotRadius + " 0 0,1 0," + -dotRadius * 2 +
161
+ "a" + dotRadius + "," + dotRadius + " 0 0,1 0," + dotRadius * 2;
162
+ });
163
+
164
+ (function tick() {
165
+ var now = new Date,
166
+ then = new Date(+now + duration),
167
+ next = d3.timeSecond.offset(d3.timeSecond(then), 1),
168
+ delay = next - duration - now;
169
+
170
+ // Skip ahead a second if there’s not time for this transition.
171
+ if (delay < duration) delay += 1000, then = next;
172
+
173
+ fieldArm.transition()
174
+ .duration(duration)
175
+ .each(function(d) {
176
+ var start = d.interval(then);
177
+ d.activeLength = d.subinterval.count(start, d.interval.offset(start, 1));
178
+ d.activeIndex = d.subinterval.count(start, then);
179
+ d.angle = d.activeIndex / d.range.length * tau;
180
+ })
181
+ .attr("transform", function(d) {
182
+ return "rotate(" + d.angle / pi * 180 + ")";
183
+ })
184
+ .style("fill", function(d) {
185
+ return color(d.angle);
186
+ });
187
+
188
+ fieldTick
189
+ .classed("field-tick--disabled", function(d, i) {
190
+ return i >= d.field.activeLength;
191
+ })
192
+ .classed("field-tick--active", function(d, i) {
193
+ return i === d.field.activeIndex;
194
+ });
195
+
196
+ setTimeout(tick, delay);
197
+ })();
198
+ </script>
@@ -0,0 +1,9 @@
1
+ class profile::apt {
2
+ class { 'apt':
3
+ update => {
4
+ frequency => 'daily',
5
+ },
6
+ }
7
+
8
+ Class['apt'] -> Package <| |>
9
+ }
@@ -0,0 +1,54 @@
1
+ #
2
+ class profile::aws_nodes {
3
+ ec2_instance { 'agent-1':
4
+ ensure => 'running',
5
+ availability_zone => 'ap-southeast-2a',
6
+ block_devices => [
7
+ {
8
+ 'delete_on_termination' => true,
9
+ 'device_name' => '/dev/sda1',
10
+ 'volume_size' => 10,
11
+ }
12
+ ],
13
+ ebs_optimized => false,
14
+ image_id => 'ami-e0c19f83',
15
+ instance_type => 't2.micro',
16
+ key_name => 'personal_aws',
17
+ monitoring => false,
18
+ region => 'ap-southeast-2',
19
+ security_groups => ['default'],
20
+ subnet => 'default-a',
21
+ user_data => epp('profile/userdata.epp',{
22
+ 'master_ip' => $::ec2_metadata['public-ipv4'],
23
+ 'master_fqdn' => $::networking['fqdn'],
24
+ 'signing_key' => gen_autosign_token('/.*\.compute\.internal/', 300),
25
+ 'role' => 'role::dbserver'
26
+ }),
27
+ }
28
+
29
+ ec2_instance { 'agent-2':
30
+ ensure => 'running',
31
+ availability_zone => 'ap-southeast-2c',
32
+ block_devices => [
33
+ {
34
+ 'delete_on_termination' => true,
35
+ 'device_name' => '/dev/sda1',
36
+ 'volume_size' => 10,
37
+ }
38
+ ],
39
+ ebs_optimized => false,
40
+ image_id => 'ami-e0c19f83',
41
+ instance_type => 't2.micro',
42
+ key_name => 'personal_aws',
43
+ monitoring => false,
44
+ region => 'ap-southeast-2',
45
+ security_groups => ['default'],
46
+ subnet => 'default-c',
47
+ user_data => epp('profile/userdata.epp',{
48
+ 'master_ip' => $::ec2_metadata['public-ipv4'],
49
+ 'master_fqdn' => $::networking['fqdn'],
50
+ 'signing_key' => gen_autosign_token('/.*\.compute\.internal/', 300),
51
+ 'role' => 'role::dbserver'
52
+ }),
53
+ }
54
+ }
@@ -0,0 +1,9 @@
1
+ class profile::base::aws {
2
+ if $::os['family'] == 'RedHat' {
3
+ yumrepo { 'rhui-REGION-rhel-server-optional':
4
+ ensure => 'present',
5
+ enabled => '1',
6
+ before => Package['ruby-devel'],
7
+ }
8
+ }
9
+ }
@@ -0,0 +1,50 @@
1
+ # == Class: profile::base::rhel
2
+ #
3
+ # Installs RedHat specific base config. This includes config from the STIG
4
+ # standard for RHEL 7
5
+ class profile::base::rhel {
6
+ # Default DNS to the Puppet master
7
+ class { 'resolv_conf':
8
+ nameservers => [$serverip, '8.8.8.8'],
9
+ }
10
+
11
+ package { 'ypserv':
12
+ ensure => absent,
13
+ tag => [
14
+ 'stig_red_hat_enterprise_linux_7',
15
+ 'V-71969',
16
+ ],
17
+ }
18
+
19
+ package { 'tftp-server':
20
+ ensure => absent,
21
+ tag => [
22
+ 'stig_red_hat_enterprise_linux_7',
23
+ 'V-72301',
24
+ ],
25
+ }
26
+
27
+ package { 'rsh-server':
28
+ ensure => absent,
29
+ tag => [
30
+ 'stig_red_hat_enterprise_linux_7',
31
+ 'V-71967',
32
+ ],
33
+ }
34
+
35
+ package { 'vsftpd':
36
+ ensure => absent,
37
+ tag => [
38
+ 'stig_red_hat_enterprise_linux_7',
39
+ 'V-72299',
40
+ ],
41
+ }
42
+
43
+ package { 'telnet-server':
44
+ ensure => absent,
45
+ tag => [
46
+ 'stig_red_hat_enterprise_linux_7',
47
+ 'V-72077',
48
+ ],
49
+ }
50
+ }
@@ -0,0 +1,57 @@
1
+ # == Class: profile::base::windows::hardening
2
+ #
3
+ class profile::base::windows::hardening (
4
+ Boolean $enable_noop = false,
5
+ ) {
6
+ noop($enable_noop)
7
+
8
+ # CIS Benchmark section 18.3.1
9
+ registry_value { 'AutoAdminLogon':
10
+ path => 'HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoAdminLogon',
11
+ data => '0',
12
+ }
13
+
14
+ # CIS Benchmark section 18.3.9
15
+ registry_value { 'ScreenSaverGracePeriod':
16
+ path => 'HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ScreenSaverGracePeriod',
17
+ data => '5',
18
+ }
19
+
20
+ # CIS Benchmark section 18.3.8
21
+ registry_value { 'SafeDllSearchMode':
22
+ path => 'HKLM\System\CurrentControlSet\Control\Session Manager\SafeDllSearchMode',
23
+ data => '1',
24
+ }
25
+
26
+ # CIS Benchmark section 18.3.12
27
+ registry_value { 'WarningLevel':
28
+ path => 'HKLM\System\CurrentControlSet\Services\Eventlog\Security\WarningLevel',
29
+ data => '90',
30
+ }
31
+
32
+ # Set detailed permissions on the app directory
33
+ acl { 'C:\app':
34
+ group => 'Administrators',
35
+ inherit_parent_permissions => false,
36
+ purge => true,
37
+ owner => 'Administrator',
38
+ permissions => [
39
+ {
40
+ 'affects' => 'self_only',
41
+ 'identity' => 'NT AUTHORITY\SYSTEM',
42
+ 'rights' => ['full']
43
+ },
44
+ {
45
+ 'affects' => 'self_only',
46
+ 'identity' => 'BUILTIN\Administrators',
47
+ 'rights' => ['full']
48
+ },
49
+ {
50
+ 'affects' => 'self_only',
51
+ 'identity' => 'BUILTIN\Users',
52
+ 'rights' => ['read', 'execute']
53
+ }
54
+ ],
55
+ require => File['C:\app'],
56
+ }
57
+ }
@@ -0,0 +1,52 @@
1
+ #
2
+ class profile::base::windows (
3
+ Boolean $enable_noop = false,
4
+ ) {
5
+ noop($enable_noop)
6
+
7
+ include ::profile::base::windows::hardening
8
+
9
+ stage { 'pre-run':
10
+ before => Stage['main'],
11
+ }
12
+
13
+ class { '::chocolatey':
14
+ stage => 'pre-run',
15
+ }
16
+
17
+ service { 'wuauserv':
18
+ ensure => 'running',
19
+ enable => true,
20
+ }
21
+
22
+ file { 'C:\app':
23
+ ensure => 'directory',
24
+ }
25
+
26
+ $packages = [
27
+ 'atom',
28
+ '7zip.install',
29
+ 'carbon',
30
+ ]
31
+
32
+ package { $packages:
33
+ ensure => 'latest',
34
+ }
35
+
36
+ package { 'putty.install':
37
+ ensure => present,
38
+ install_options => '--allow-empty-checksums',
39
+ }
40
+
41
+ package { 'powershell':
42
+ ensure => present,
43
+ install_options => '--ignore-package-exit-codes',
44
+ require => Service['wuauserv'],
45
+ notify => Reboot['immediately'],
46
+ }
47
+
48
+ reboot { 'immediately':
49
+ apply => 'immediately',
50
+ timeout => '0',
51
+ }
52
+ }
@@ -0,0 +1,79 @@
1
+ #
2
+ class profile::base {
3
+ if $::os['family'] == 'RedHat' {
4
+ stage { 'repos':
5
+ before => Stage['main'],
6
+ }
7
+
8
+ class { '::epel':
9
+ stage => 'repos',
10
+ }
11
+
12
+ include ::systemd
13
+ include ::profile::base::rhel
14
+ }
15
+
16
+ include ::gcc
17
+
18
+ profile::dns::host_record { $facts['fqdn']:
19
+ record => $facts['fqdn'],
20
+ ip => $facts['networking']['ip'],
21
+ }
22
+
23
+ $packages = [
24
+ 'tree',
25
+ 'vim',
26
+ 'git',
27
+ 'htop',
28
+ 'zlib',
29
+ 'zlib-devel',
30
+ 'jq',
31
+ 'ruby',
32
+ 'ruby-devel',
33
+ 'multitail',
34
+ 'haveged',
35
+ 'cmake',
36
+ 'tmux',
37
+ 'unzip',
38
+ ]
39
+
40
+ package { $packages:
41
+ ensure => latest,
42
+ }
43
+
44
+ class { '::selinux':
45
+ mode => 'disabled',
46
+ type => 'minimum',
47
+ notify => Reboot['after_run'],
48
+ }
49
+
50
+ reboot { 'after_run':
51
+ apply => finished,
52
+ }
53
+
54
+ # Use haveged for entropy generation
55
+ service { 'haveged':
56
+ ensure => running,
57
+ enable => true,
58
+ require => Package['haveged'],
59
+ }
60
+
61
+ # Make sure that we install git before we try to use it
62
+ Package['git'] -> Vcsrepo <| provider == 'git' |>
63
+
64
+ file { '/etc/puppetlabs/puppet/csr_attributes.yaml':
65
+ ensure => absent,
66
+ }
67
+
68
+ file { '/etc/motd':
69
+ ensure => file,
70
+ owner => 'root',
71
+ group => 'root',
72
+ mode => '0644',
73
+ source => 'puppet:///modules/profile/motd',
74
+ tag => [
75
+ 'cis_red_hat_enterprise_linux_7',
76
+ '1.7.1.1',
77
+ ],
78
+ }
79
+ }
@@ -0,0 +1,64 @@
1
+ class profile::cd4pe::artifactory (
2
+ String $artifactory_version = 'latest',
3
+ String $network_name = 'cd4pe-network',
4
+ String $bootstrap_dir = '/etc/artifactory_bootstrap',
5
+ ) {
6
+ Docker::Run {
7
+ health_check_interval => 30,
8
+ }
9
+
10
+ # Create the volume and insert bootstrap data
11
+ docker_volume { 'data_s3':
12
+ ensure => present,
13
+ }
14
+
15
+ file { $bootstrap_dir:
16
+ ensure => directory
17
+ }
18
+
19
+ file { "${bootstrap_dir}/artifactory.config.import.xml":
20
+ ensure => file,
21
+ owner => 'root',
22
+ group => 'root',
23
+ mode => '0600',
24
+ source => 'puppet:///modules/profile/artifactory/config_descriptor.xml',
25
+ }
26
+
27
+ # Start a quick alpine container to copt files around
28
+ $docker_command_prefix = "docker run --rm -v ${bootstrap_dir}:/source -v data_s3:/dest -w /source alpine"
29
+
30
+ exec { 'create /etc inside data_s3':
31
+ command => "${docker_command_prefix} mkdir -p /dest/etc",
32
+ path => $facts['path'],
33
+ refreshonly => true,
34
+ require => Docker_volume['data_s3'],
35
+ subscribe => File["${bootstrap_dir}/artifactory.config.import.xml"],
36
+ }
37
+
38
+ exec { 'move artifactory.config.import.xml into data_s3':
39
+ command => "${docker_command_prefix} cp /source/artifactory.config.import.xml /dest/etc/artifactory.config.import.xml",
40
+ path => $facts['path'],
41
+ refreshonly => true,
42
+ require => Exec['create /etc inside data_s3'],
43
+ subscribe => File["${bootstrap_dir}/artifactory.config.import.xml"],
44
+ }
45
+
46
+ exec { 'set permissions':
47
+ command => "${docker_command_prefix} chown -R 1030:1030 /dest",
48
+ path => $facts['path'],
49
+ refreshonly => true,
50
+ subscribe => File["${bootstrap_dir}/artifactory.config.import.xml"],
51
+ }
52
+
53
+ docker::image { 'docker.bintray.io/jfrog/artifactory-oss':
54
+ image_tag => $artifactory_version,
55
+ }
56
+
57
+ docker::run { 'cd4pe-artifactory':
58
+ image => "docker.bintray.io/jfrog/artifactory-oss:${artifactory_version}",
59
+ net => $network_name,
60
+ ports => ['8081:8081'],
61
+ volumes => ['data_s3:/var/opt/jfrog/artifactory'],
62
+ }
63
+
64
+ }
@@ -0,0 +1,95 @@
1
+ # # CD4PE Connection Settings
2
+ #
3
+ # Manages the connection between CD4PE and Artifactory
4
+ #
5
+ # @param license The license file, in raw format
6
+ # @param artifactory_user Username for artifactory
7
+ # @param artifactory_password Default password for artifactory
8
+ # @param artifactory_endpoint URL for Artifactory, including port
9
+ # @param cd4pe_endpoint URL for CD4PE, including port
10
+ # @param cd4pe_root_login Email to use for the root login
11
+ # @param cd4pe_root_pw Root password
12
+ # @param cd4pe_dump Dump URL
13
+ # @param cd4pe_backend Backend URL
14
+ class profile::cd4pe::connection (
15
+ Variant[String,Sensitive[String]] $license,
16
+ String $artifactory_user = 'admin',
17
+ Sensitive[String] $artifactory_password = Sensitive('password'),
18
+ String $artifactory_endpoint = "${facts['fqdn']}:8081",
19
+ String $cd4pe_endpoint = "${facts['fqdn']}:8080",
20
+ String $cd4pe_root_login = 'noreply@puppet.com',
21
+ Sensitive[String] $cd4pe_root_pw = Sensitive('puppetlabs'),
22
+ String $cd4pe_dump = "${facts['fqdn']}:7000",
23
+ String $cd4pe_backend = "${facts['fqdn']}:8000",
24
+ ) {
25
+ # Create a folder for these files
26
+ file { '/etc/cd4pe':
27
+ ensure => 'directory',
28
+ owner => 'root',
29
+ group => 'root',
30
+ mode => '0700',
31
+ }
32
+
33
+ # Drop the license file
34
+ file { '/etc/cd4pe/license.json':
35
+ ensure => 'file',
36
+ owner => 'root',
37
+ group => 'root',
38
+ mode => '0400',
39
+ content => $license,
40
+ }
41
+
42
+ file { '/etc/cd4pe/connection_script.sh':
43
+ ensure => 'file',
44
+ owner => 'root',
45
+ group => 'root',
46
+ mode => '0700',
47
+ content => epp('profile/cd4pe/connection_script.sh.epp', {
48
+ 'artifactory_user' => $artifactory_user,
49
+ 'artifactory_password' => $artifactory_password.unwrap,
50
+ 'artifactory_endpoint' => $artifactory_endpoint,
51
+ 'cd4pe_endpoint' => $cd4pe_endpoint,
52
+ 'cd4pe_root_login' => $cd4pe_root_login,
53
+ 'cd4pe_root_pw' => $cd4pe_root_pw.unwrap,
54
+ 'cd4pe_dump' => $cd4pe_dump,
55
+ 'cd4pe_backend' => $cd4pe_backend,
56
+ }),
57
+ require => File['/etc/cd4pe/license.json'],
58
+ }
59
+
60
+ # Add a wait until artifactory is ready
61
+ exec { 'artifactory_running':
62
+ command => "curl ${artifactory_endpoint}/artifactory/api/system/ping | grep OK",
63
+ path => $facts['path'],
64
+ tries => 10,
65
+ try_sleep => 5,
66
+ refreshonly => true,
67
+ subscribe => File['/etc/cd4pe/connection_script.sh'],
68
+ require => Docker::Run['cd4pe-artifactory'],
69
+ }
70
+
71
+ exec { 'cd4pe_running':
72
+ command => "curl -vvv ${cd4pe_endpoint}/root 2>&1 | grep \"302 Found\" && sleep 10",
73
+ path => $facts['path'],
74
+ tries => 10,
75
+ try_sleep => 5,
76
+ refreshonly => true,
77
+ subscribe => File['/etc/cd4pe/connection_script.sh'],
78
+ require => Docker::Run['cd4pe'],
79
+ }
80
+
81
+ exec { 'connect_instances':
82
+ command => 'bash -x /etc/cd4pe/connection_script.sh',
83
+ cwd => '/etc/cd4pe',
84
+ refreshonly => true,
85
+ logoutput => true,
86
+ path => $facts['path'],
87
+ subscribe => File['/etc/cd4pe/connection_script.sh'],
88
+ require => [
89
+ Docker::Run['cd4pe-artifactory'],
90
+ Docker::Run['cd4pe'],
91
+ Exec['artifactory_running'],
92
+ Exec['cd4pe_running'],
93
+ ],
94
+ }
95
+ }