onceover 3.21.0 → 3.22.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.devcontainer/devcontainer.json +4 -6
- data/.github/workflows/release.yaml +24 -0
- data/Gemfile +3 -0
- data/README.md +45 -1
- data/Rakefile +1 -0
- data/cucumber.yml +1 -0
- data/features/step_definitions/run.rb +4 -0
- data/features/zzz_run.feature +1 -8
- data/lib/onceover/beaker/spec_helper.rb +8 -8
- data/lib/onceover/controlrepo.rb +3 -3
- data/lib/onceover/deploy.rb +1 -1
- data/lib/onceover/rspec/formatters.rb +2 -4
- data/lib/onceover/runner.rb +1 -1
- data/lib/onceover/test.rb +1 -1
- data/onceover.gemspec +6 -13
- data/spec/fixtures/controlrepos/puppet_controlrepo/.atom-build.json +9 -0
- data/spec/fixtures/controlrepos/puppet_controlrepo/.gitignore +5 -0
- data/spec/fixtures/controlrepos/puppet_controlrepo/.ruby-version +1 -0
- data/spec/fixtures/controlrepos/puppet_controlrepo/.travis.yml +13 -0
- data/spec/fixtures/controlrepos/puppet_controlrepo/Gemfile +22 -0
- data/spec/fixtures/controlrepos/puppet_controlrepo/Jenkinsfile +50 -0
- data/spec/fixtures/controlrepos/puppet_controlrepo/Puppetfile +102 -0
- data/spec/fixtures/controlrepos/puppet_controlrepo/README.md +4 -0
- data/spec/fixtures/controlrepos/puppet_controlrepo/Rakefile +6 -0
- data/spec/fixtures/controlrepos/puppet_controlrepo/data/common.yaml +558 -0
- data/spec/fixtures/controlrepos/puppet_controlrepo/data/datacenter/melbourne.yaml +12 -0
- data/spec/fixtures/controlrepos/puppet_controlrepo/data/datacenter/singapore.yaml +12 -0
- data/spec/fixtures/controlrepos/puppet_controlrepo/data/environments/development.yaml +3 -0
- data/spec/fixtures/controlrepos/puppet_controlrepo/data/environments/production.yaml +3 -0
- data/spec/fixtures/controlrepos/puppet_controlrepo/data/size/vol.large.yaml +27 -0
- data/spec/fixtures/controlrepos/puppet_controlrepo/environment.conf +3 -0
- data/spec/fixtures/controlrepos/puppet_controlrepo/hiera.yaml +25 -0
- data/spec/fixtures/controlrepos/puppet_controlrepo/manifests/site.pp +11 -0
- data/spec/fixtures/controlrepos/puppet_controlrepo/scripts/code_manager_config_version.rb +19 -0
- data/spec/fixtures/controlrepos/puppet_controlrepo/scripts/config_version.rb +25 -0
- data/spec/fixtures/controlrepos/puppet_controlrepo/scripts/config_version.sh +12 -0
- data/spec/fixtures/controlrepos/puppet_controlrepo/scripts/count_changed_classes.rb +26 -0
- data/spec/fixtures/controlrepos/puppet_controlrepo/scripts/get_changed_classes.rb +26 -0
- data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/console/functions/user/token.pp +10 -0
- data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/console/manifests/init.pp +14 -0
- data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/console/manifests/user.pp +35 -0
- data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/deployments/lib/puppet/functions/deployments/generate.rb +15 -0
- data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/deployments/plans/signed_deployment.pp +126 -0
- data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/facts.d/test.sh +2 -0
- data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/files/artifactory/config_descriptor.xml +265 -0
- data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/files/autosign.sh +23 -0
- data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/files/hudson.tasks.Shell.xml +4 -0
- data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/files/motd +4 -0
- data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/files/polar_clock/index.html +198 -0
- data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/apt.pp +9 -0
- data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/aws_nodes.pp +54 -0
- data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/base/aws.pp +9 -0
- data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/base/rhel.pp +50 -0
- data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/base/windows/hardening.pp +57 -0
- data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/base/windows.pp +52 -0
- data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/base.pp +79 -0
- data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/cd4pe/artifactory.pp +64 -0
- data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/cd4pe/connection.pp +95 -0
- data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/cd4pe/haproxy.pp +65 -0
- data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/cd4pe/replicated.pp +53 -0
- data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/compile/balancer.pp +28 -0
- data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/compile/master.pp +19 -0
- data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/dns/host_record.pp +16 -0
- data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/dns/server.pp +66 -0
- data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/docker.pp +5 -0
- data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/eyeunify/base.pp +43 -0
- data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/eyeunify/core/database_connection.pp +42 -0
- data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/eyeunify/core.pp +72 -0
- data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/eyeunify/ctrl.pp +57 -0
- data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/eyeunify/database.pp +32 -0
- data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/eyeunify/exec.pp +11 -0
- data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/file_sync/client.pp +165 -0
- data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/file_sync/master_patch.pp +37 -0
- data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/grafana/dashboard.pp +17 -0
- data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/haproxy.pp +43 -0
- data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/init.pp +3 -0
- data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/jenkins/plugins.pp +87 -0
- data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/jenkins.pp +65 -0
- data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/jira/aio.pp +39 -0
- data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/jira/app.pp +27 -0
- data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/jira/db.pp +25 -0
- data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/metrics/collectd/compile.pp +82 -0
- data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/metrics/collectd.pp +28 -0
- data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/metrics/dashboard.pp +28 -0
- data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/mysql_server.pp +7 -0
- data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/nginx.pp +24 -0
- data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/polar_clock.pp +55 -0
- data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/puppetmaster/api_auth.pp +82 -0
- data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/puppetmaster/autosign.pp +33 -0
- data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/puppetmaster/aws.pp +58 -0
- data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/puppetmaster/tuning.pp +139 -0
- data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/puppetmaster.pp +139 -0
- data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/rvm.pp +13 -0
- data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/sumologic.pp +11 -0
- data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/sunburst/windows.pp +104 -0
- data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/vagrant.pp +25 -0
- data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/windows/webserver.pp +27 -0
- data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/templates/cd4pe/connection_script.sh.epp +110 -0
- data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/templates/controlrepo_deploy_jenkins_job.xml.epp +51 -0
- data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/templates/dashboard.json.epp +403 -0
- data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/templates/jenkins_secret_text.json.epp +1 -0
- data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/templates/onceover_jenkins_job.xml.epp +51 -0
- data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/templates/userdata.epp +17 -0
- data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/role/manifests/cd4pe.pp +29 -0
- data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/role/manifests/clock.pp +16 -0
- data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/role/manifests/compile/balancer.pp +5 -0
- data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/role/manifests/compile/master.pp +5 -0
- data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/role/manifests/eyeunify/aio.pp +10 -0
- data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/role/manifests/eyeunify/controller.pp +10 -0
- data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/role/manifests/eyeunify/database.pp +7 -0
- data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/role/manifests/eyeunify/exec.pp +6 -0
- data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/role/manifests/init.pp +3 -0
- data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/role/manifests/lb.pp +14 -0
- data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/role/manifests/metrics.pp +5 -0
- data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/role/manifests/mysql.pp +13 -0
- data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/role/manifests/windows/base.pp +5 -0
- data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/role/manifests/windows/webserver.pp +6 -0
- data/spec/fixtures/controlrepos/puppet_controlrepo/spec/.gitignore +5 -0
- data/spec/fixtures/controlrepos/puppet_controlrepo/spec/acceptance/nodesets/onceover-nodes.yml +94 -0
- data/spec/fixtures/controlrepos/puppet_controlrepo/spec/classes/test_spec.rb +8 -0
- data/spec/fixtures/controlrepos/puppet_controlrepo/spec/factsets/CentOS-7.0-64-master-2017.3.2.json +531 -0
- data/spec/fixtures/controlrepos/puppet_controlrepo/spec/factsets/CentOS-7.0-64-master.json +429 -0
- data/spec/fixtures/controlrepos/puppet_controlrepo/spec/factsets/CentOS-7.0-64.json +353 -0
- data/spec/fixtures/controlrepos/puppet_controlrepo/spec/factsets/Windows_Server-2008r2-64.json +184 -0
- data/spec/fixtures/controlrepos/puppet_controlrepo/spec/factsets/Windows_Server-2012r2-64.json +165 -0
- data/spec/fixtures/controlrepos/puppet_controlrepo/spec/hiera.yaml +18 -0
- data/spec/fixtures/controlrepos/puppet_controlrepo/spec/matchers/file_matchers.rb +16 -0
- data/spec/fixtures/controlrepos/puppet_controlrepo/spec/onceover.yaml +54 -0
- data/spec/fixtures/controlrepos/puppet_controlrepo/spec/pre_conditions/site.pp +150 -0
- data/spec/fixtures/controlrepos/puppet_controlrepo/spec/r10k.yaml +2 -0
- data/spec/fixtures/controlrepos/puppet_controlrepo/spec/shared_examples/helper.rb +91 -0
- data/spec/fixtures/controlrepos/puppet_controlrepo/spec/unit/00_parse_spec.rb +76 -0
- data/spec/fixtures/controlrepos/puppet_controlrepo/spec/unit/01_linting_spec_example.rb +69 -0
- data/spec/fixtures/controlrepos/puppet_controlrepo/spec/unit/03_puppetfile_spec_example.rb +35 -0
- data/templates/spec_helper.rb.erb +0 -2
- data/templates/test_spec.rb.erb +3 -0
- metadata +137 -79
- data/.gitmodules +0 -4
data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/cd4pe/haproxy.pp
ADDED
|
@@ -0,0 +1,65 @@
|
|
|
1
|
+
# Creates a load balancer for CD4PE
|
|
2
|
+
#
|
|
3
|
+
# This will result in the following services going into DNS:
|
|
4
|
+
#
|
|
5
|
+
# * cd4pe.puppet.local
|
|
6
|
+
# * cd4pe-webhooks.puppet.local
|
|
7
|
+
# * k8s-api.puppet.local
|
|
8
|
+
# * k8s-console.puppet.local
|
|
9
|
+
# * k8s-registry.puppet.local
|
|
10
|
+
#
|
|
11
|
+
class profile::cd4pe::haproxy {
|
|
12
|
+
require profile::haproxy
|
|
13
|
+
|
|
14
|
+
Haproxy::Listen {
|
|
15
|
+
ipaddress => $facts['networking']['ip'],
|
|
16
|
+
}
|
|
17
|
+
|
|
18
|
+
# For each of these endpoints we create a listener and a dns name
|
|
19
|
+
# e.g. {name}.{domain}
|
|
20
|
+
$endpoints = [
|
|
21
|
+
{
|
|
22
|
+
'name' => 'cd4pe',
|
|
23
|
+
'port' => '443',
|
|
24
|
+
},
|
|
25
|
+
{
|
|
26
|
+
'name' => 'cd4pe-webhooks',
|
|
27
|
+
'port' => '443',
|
|
28
|
+
},
|
|
29
|
+
{
|
|
30
|
+
'name' => 'k8s-api',
|
|
31
|
+
'port' => '6443',
|
|
32
|
+
},
|
|
33
|
+
{
|
|
34
|
+
'name' => 'kots-console',
|
|
35
|
+
'port' => '8800',
|
|
36
|
+
},
|
|
37
|
+
{
|
|
38
|
+
'name' => 'k8s-registry',
|
|
39
|
+
'port' => '443',
|
|
40
|
+
},
|
|
41
|
+
]
|
|
42
|
+
|
|
43
|
+
$endpoints.each |$details| {
|
|
44
|
+
# Each endpoint gets a DNS name and a listener
|
|
45
|
+
$dns_name = "${details['name']}.puppet.local"
|
|
46
|
+
$ip = $facts['networking']['ip']
|
|
47
|
+
|
|
48
|
+
# Create the listener
|
|
49
|
+
haproxy::listen { $details['name']:
|
|
50
|
+
ipaddress => $ip,
|
|
51
|
+
collect_exported => true,
|
|
52
|
+
ports => $details['port'],
|
|
53
|
+
}
|
|
54
|
+
|
|
55
|
+
@@resource_record { $dns_name:
|
|
56
|
+
ensure => present,
|
|
57
|
+
record => $dns_name,
|
|
58
|
+
type => 'A',
|
|
59
|
+
zone => 'puppet.local',
|
|
60
|
+
data => [
|
|
61
|
+
$ip,
|
|
62
|
+
],
|
|
63
|
+
}
|
|
64
|
+
}
|
|
65
|
+
}
|
|
@@ -0,0 +1,53 @@
|
|
|
1
|
+
# Manages CD4PE servers
|
|
2
|
+
#
|
|
3
|
+
# This profile doesn't actually install CD4PE 4.0 since there isn't a nice
|
|
4
|
+
# way top do that yet with Puppet. Instead it exports the load balancer
|
|
5
|
+
# endpoints and also sets up the network so that CD4PE can definitely talk
|
|
6
|
+
# to itself via the load balancer
|
|
7
|
+
#
|
|
8
|
+
# @param dns_name The DNS name that the kubernetes cluster has been configured to use for when people access CD4PE. This will be put into a host entry pointing at the load balancer IP
|
|
9
|
+
# @param kubernetes_dns_name The DNS name of the kyubernetes API
|
|
10
|
+
class profile::cd4pe::replicated () {
|
|
11
|
+
# Create HAProxy endpoints
|
|
12
|
+
# Balance the CD4PE ports
|
|
13
|
+
@@haproxy::balancermember { "${facts['fqdn']}-cd4pe":
|
|
14
|
+
listening_service => 'cd4pe',
|
|
15
|
+
ports => '443',
|
|
16
|
+
server_names => $facts['fqdn'],
|
|
17
|
+
ipaddresses => $facts['networking']['ip'],
|
|
18
|
+
options => 'check',
|
|
19
|
+
}
|
|
20
|
+
|
|
21
|
+
@@haproxy::balancermember { "${facts['fqdn']}-cd4pe-webhooks":
|
|
22
|
+
listening_service => 'cd4pe-webhooks',
|
|
23
|
+
ports => '443',
|
|
24
|
+
server_names => $facts['fqdn'],
|
|
25
|
+
ipaddresses => $facts['networking']['ip'],
|
|
26
|
+
options => 'check',
|
|
27
|
+
}
|
|
28
|
+
|
|
29
|
+
# Balance the Kubernetes ports too
|
|
30
|
+
@@haproxy::balancermember { "${facts['fqdn']}-k8s-api":
|
|
31
|
+
listening_service => 'k8s-api',
|
|
32
|
+
ports => '6443',
|
|
33
|
+
server_names => $facts['fqdn'],
|
|
34
|
+
ipaddresses => $facts['networking']['ip'],
|
|
35
|
+
options => 'check',
|
|
36
|
+
}
|
|
37
|
+
|
|
38
|
+
@@haproxy::balancermember { "${facts['fqdn']}-kots-console":
|
|
39
|
+
listening_service => 'kots-console',
|
|
40
|
+
ports => '8800',
|
|
41
|
+
server_names => $facts['fqdn'],
|
|
42
|
+
ipaddresses => $facts['networking']['ip'],
|
|
43
|
+
options => 'check',
|
|
44
|
+
}
|
|
45
|
+
|
|
46
|
+
@@haproxy::balancermember { "${facts['fqdn']}-k8s-registry":
|
|
47
|
+
listening_service => 'k8s-registry',
|
|
48
|
+
ports => '443',
|
|
49
|
+
server_names => $facts['fqdn'],
|
|
50
|
+
ipaddresses => $facts['networking']['ip'],
|
|
51
|
+
options => 'check',
|
|
52
|
+
}
|
|
53
|
+
}
|
|
@@ -0,0 +1,28 @@
|
|
|
1
|
+
class profile::compile::balancer (
|
|
2
|
+
$listening_pool = 'puppet00',
|
|
3
|
+
) {
|
|
4
|
+
class { '::haproxy':
|
|
5
|
+
global_options => {
|
|
6
|
+
'user' => 'root',
|
|
7
|
+
'group' => 'root',
|
|
8
|
+
},
|
|
9
|
+
}
|
|
10
|
+
|
|
11
|
+
haproxy::listen { "${listening_pool}-8140":
|
|
12
|
+
collect_exported => true,
|
|
13
|
+
ipaddress => $::ipaddress,
|
|
14
|
+
ports => '8140',
|
|
15
|
+
}
|
|
16
|
+
|
|
17
|
+
haproxy::listen { "${listening_pool}-8142":
|
|
18
|
+
collect_exported => true,
|
|
19
|
+
ipaddress => $::ipaddress,
|
|
20
|
+
ports => '8142',
|
|
21
|
+
options => {
|
|
22
|
+
'timeout' => [
|
|
23
|
+
'tunnel 15m',
|
|
24
|
+
],
|
|
25
|
+
'balance' => 'leastconn',
|
|
26
|
+
},
|
|
27
|
+
}
|
|
28
|
+
}
|
data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/compile/master.pp
ADDED
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
class profile::compile::master (
|
|
2
|
+
String $listening_pool = 'puppet00',
|
|
3
|
+
) {
|
|
4
|
+
@@haproxy::balancermember { "${::fqdn}-8140":
|
|
5
|
+
listening_service => "${listening_pool}-8140",
|
|
6
|
+
server_names => $::fqdn,
|
|
7
|
+
ipaddresses => $::networking['ip'],
|
|
8
|
+
ports => '8140',
|
|
9
|
+
options => 'check',
|
|
10
|
+
}
|
|
11
|
+
|
|
12
|
+
@@haproxy::balancermember { "${::fqdn}-8142":
|
|
13
|
+
listening_service => "${listening_pool}-8142",
|
|
14
|
+
server_names => $::fqdn,
|
|
15
|
+
ipaddresses => $::networking['ip'],
|
|
16
|
+
ports => '8142',
|
|
17
|
+
options => 'check',
|
|
18
|
+
}
|
|
19
|
+
}
|
data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/dns/host_record.pp
ADDED
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
# Set a DNS record for yourself
|
|
2
|
+
define profile::dns::host_record (
|
|
3
|
+
String $record = $facts['fqdn'],
|
|
4
|
+
String $zone = $facts['domain'],
|
|
5
|
+
String $ip = $facts['networking']['ip'],
|
|
6
|
+
) {
|
|
7
|
+
@@resource_record { $name:
|
|
8
|
+
ensure => present,
|
|
9
|
+
record => $record,
|
|
10
|
+
type => 'A',
|
|
11
|
+
zone => $zone,
|
|
12
|
+
data => [
|
|
13
|
+
$ip,
|
|
14
|
+
],
|
|
15
|
+
}
|
|
16
|
+
}
|
data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/dns/server.pp
ADDED
|
@@ -0,0 +1,66 @@
|
|
|
1
|
+
# Manages a DNS server
|
|
2
|
+
class profile::dns::server {
|
|
3
|
+
# Use P9 forwarders if they exst. Really I should be using hiera for this...
|
|
4
|
+
$forwarders = $facts['domain'] ? {
|
|
5
|
+
'platform9.puppet.net' => [
|
|
6
|
+
'192.168.0.5',
|
|
7
|
+
'192.168.0.7',
|
|
8
|
+
'192.168.0.4',
|
|
9
|
+
],
|
|
10
|
+
default => [
|
|
11
|
+
'8.8.8.8',
|
|
12
|
+
'8.8.4.4',
|
|
13
|
+
],
|
|
14
|
+
}
|
|
15
|
+
|
|
16
|
+
class { 'bind':
|
|
17
|
+
forwarders => $forwarders,
|
|
18
|
+
dnssec => false,
|
|
19
|
+
version => 'Controlled by Puppet',
|
|
20
|
+
}
|
|
21
|
+
|
|
22
|
+
# This key is just randomly generated. Not really a secret
|
|
23
|
+
$local_secret = '+0VnhFp9T+N0EcaDluU8rDdWX1/ecVPhrZQ/yse997DkfgBg57Xo2TTEdjiYBHs1v/bk8RTLi92WY+r39Aw2YQ=='
|
|
24
|
+
|
|
25
|
+
# Inject credentials
|
|
26
|
+
Resource_record <| |> {
|
|
27
|
+
keyname => 'local-update',
|
|
28
|
+
hmac => 'hmac-sha256',
|
|
29
|
+
secret => $local_secret,
|
|
30
|
+
}
|
|
31
|
+
|
|
32
|
+
bind::key { 'local-update':
|
|
33
|
+
algorithm => 'hmac-sha256',
|
|
34
|
+
secret => $local_secret,
|
|
35
|
+
}
|
|
36
|
+
|
|
37
|
+
# Create a zone for the local domain
|
|
38
|
+
bind::zone { 'puppet.local':
|
|
39
|
+
zone_type => 'master',
|
|
40
|
+
domain => 'puppet.local',
|
|
41
|
+
allow_updates => [ 'key local-update' ],
|
|
42
|
+
}
|
|
43
|
+
|
|
44
|
+
bind::view { 'local':
|
|
45
|
+
recursion => true,
|
|
46
|
+
zones => [
|
|
47
|
+
'puppet.local',
|
|
48
|
+
$facts['networking']['domain'],
|
|
49
|
+
],
|
|
50
|
+
}
|
|
51
|
+
|
|
52
|
+
# Collect exported records
|
|
53
|
+
Resource_record <<| zone == 'puppet.local' |>>
|
|
54
|
+
|
|
55
|
+
if $facts['networking']['domain'] {
|
|
56
|
+
# Create a zone for the local domain
|
|
57
|
+
bind::zone { $facts['networking']['domain']:
|
|
58
|
+
zone_type => 'master',
|
|
59
|
+
domain => $facts['networking']['domain'],
|
|
60
|
+
allow_updates => [ 'key local-update' ],
|
|
61
|
+
}
|
|
62
|
+
|
|
63
|
+
# Collect exported records
|
|
64
|
+
Resource_record <<| zone == $facts['networking']['domain'] |>>
|
|
65
|
+
}
|
|
66
|
+
}
|
data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/eyeunify/base.pp
ADDED
|
@@ -0,0 +1,43 @@
|
|
|
1
|
+
# == Class: profile::eyeunify::base
|
|
2
|
+
#
|
|
3
|
+
class profile::eyeunify::base (
|
|
4
|
+
String $xmx = '512m',
|
|
5
|
+
String $xms = '256m',
|
|
6
|
+
String $management_user = 'admin',
|
|
7
|
+
String $management_password = 'hunter2'
|
|
8
|
+
) {
|
|
9
|
+
package { 'wget':
|
|
10
|
+
ensure => present,
|
|
11
|
+
before => Class['profile::eyeunify::core::database_connection'],
|
|
12
|
+
}
|
|
13
|
+
|
|
14
|
+
class { '::java':
|
|
15
|
+
distribution => 'jre',
|
|
16
|
+
}
|
|
17
|
+
|
|
18
|
+
class { '::wildfly':
|
|
19
|
+
java_home => '/usr/lib/jvm/jre-1.8.0',
|
|
20
|
+
java_xmx => $xmx,
|
|
21
|
+
java_xms => $xms,
|
|
22
|
+
external_facts => true,
|
|
23
|
+
mgmt_user => {
|
|
24
|
+
'username' => $management_user,
|
|
25
|
+
'password' => $management_password,
|
|
26
|
+
},
|
|
27
|
+
properties => {
|
|
28
|
+
'jboss.bind.address' => '0.0.0.0',
|
|
29
|
+
'jboss.bind.address.management' => '0.0.0.0',
|
|
30
|
+
'jboss.management.http.port' => '9990',
|
|
31
|
+
'jboss.management.https.port' => '9993',
|
|
32
|
+
'jboss.http.port' => '8080',
|
|
33
|
+
'jboss.https.port' => '8443',
|
|
34
|
+
'jboss.ajp.port' => '8009',
|
|
35
|
+
},
|
|
36
|
+
}
|
|
37
|
+
|
|
38
|
+
# Create cache directory
|
|
39
|
+
file { '/var/cache/wget':
|
|
40
|
+
ensure => directory,
|
|
41
|
+
before => Class['::wildfly'],
|
|
42
|
+
}
|
|
43
|
+
}
|
|
@@ -0,0 +1,42 @@
|
|
|
1
|
+
# == Class: profile::eyeunify::core::database_connection
|
|
2
|
+
#
|
|
3
|
+
class profile::eyeunify::core::database_connection (
|
|
4
|
+
Optional[String] $database_server = undef,
|
|
5
|
+
String $database_server_query = 'facts.role = "role::eyeunify::database"',
|
|
6
|
+
String $database_name = 'eyeunify',
|
|
7
|
+
String $username = 'eyeunify',
|
|
8
|
+
String $password = 'hunter2',
|
|
9
|
+
) {
|
|
10
|
+
# Work out what the database server should be
|
|
11
|
+
if $database_server {
|
|
12
|
+
$_database_server = $database_server
|
|
13
|
+
} else {
|
|
14
|
+
$_database_server = puppetdb_query("inventory[certname] { ${database_server_query} }")[0].dig('certname')
|
|
15
|
+
}
|
|
16
|
+
|
|
17
|
+
wildfly::config::module { 'org.postgresql':
|
|
18
|
+
source => 'http://central.maven.org/maven2/org/postgresql/postgresql/9.4-1206-jdbc42/postgresql-9.4-1206-jdbc42.jar',
|
|
19
|
+
dependencies => ['javax.api', 'javax.transaction.api'],
|
|
20
|
+
require => Class['::wildfly::install'],
|
|
21
|
+
}
|
|
22
|
+
|
|
23
|
+
wildfly::datasources::driver { 'Driver postgresql':
|
|
24
|
+
driver_name => 'postgresql',
|
|
25
|
+
driver_module_name => 'org.postgresql',
|
|
26
|
+
driver_xa_datasource_class_name => 'org.postgresql.xa.PGXADataSource',
|
|
27
|
+
require => Wildfly::Config::Module['org.postgresql'],
|
|
28
|
+
}
|
|
29
|
+
|
|
30
|
+
wildfly::datasources::datasource { 'eyeUNIFY_datasource':
|
|
31
|
+
name => 'eyeUNIFY_datasource',
|
|
32
|
+
config => {
|
|
33
|
+
'driver-name' => 'postgresql',
|
|
34
|
+
'connection-url' => "jdbc:postgresql://${_database_server}/${database_name}",
|
|
35
|
+
'jndi-name' => 'java:/datasources/heliopsis',
|
|
36
|
+
'transaction-isolation' => 'TRANSACTION_SERIALIZABLE',
|
|
37
|
+
'user-name' => $username,
|
|
38
|
+
'password' => $password,
|
|
39
|
+
},
|
|
40
|
+
require => Wildfly::Datasources::Driver['Driver postgresql'],
|
|
41
|
+
}
|
|
42
|
+
}
|
data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/eyeunify/core.pp
ADDED
|
@@ -0,0 +1,72 @@
|
|
|
1
|
+
class profile::eyeunify::core (
|
|
2
|
+
String $source = 'https://eyeunify.org/wp_root/wp-content/uploads/2016/11/eyeUNIFYcore_1_2_8953ad59.zip',
|
|
3
|
+
String $admin_user = $profile::eyeunify::base::management_user,
|
|
4
|
+
String $admin_password = $profile::eyeunify::base::management_password,
|
|
5
|
+
) {
|
|
6
|
+
include ::profile::eyeunify::base
|
|
7
|
+
include ::profile::eyeunify::core::database_connection
|
|
8
|
+
|
|
9
|
+
# Create users
|
|
10
|
+
file { 'unify_users_file':
|
|
11
|
+
ensure => file,
|
|
12
|
+
path => "${wildfly::dirname}/${wildfly::mode}/configuration/unify-default-users.properties",
|
|
13
|
+
owner => $wildfly::user,
|
|
14
|
+
group => $wildfly::group,
|
|
15
|
+
mode => '0644',
|
|
16
|
+
require => Class['::wildfly::install'],
|
|
17
|
+
}
|
|
18
|
+
|
|
19
|
+
wildfly::config::user { "${admin_user}:ApplicationRealm":
|
|
20
|
+
password => $admin_password,
|
|
21
|
+
file_name => 'application-users.properties',
|
|
22
|
+
require => File['unify_users_file'],
|
|
23
|
+
}
|
|
24
|
+
|
|
25
|
+
wildfly::config::user_roles { $admin_user:
|
|
26
|
+
roles => 'administrator,operator',
|
|
27
|
+
}
|
|
28
|
+
|
|
29
|
+
wildfly::config::user { 'guest:ApplicationRealm':
|
|
30
|
+
password => 'guest',
|
|
31
|
+
file_name => 'application-users.properties',
|
|
32
|
+
require => File['unify_users_file'],
|
|
33
|
+
}
|
|
34
|
+
|
|
35
|
+
wildfly::config::user_roles { 'guest':
|
|
36
|
+
roles => 'administrator,operator',
|
|
37
|
+
}
|
|
38
|
+
|
|
39
|
+
# Create the security domain that eyeunify will use
|
|
40
|
+
wildfly::security::domain { 'unify-default':
|
|
41
|
+
login_modules => {
|
|
42
|
+
'main-login-module' => {
|
|
43
|
+
'code' => 'UsersRoles',
|
|
44
|
+
'flag' => 'required',
|
|
45
|
+
'domain' => 'unify-default',
|
|
46
|
+
'module_options' => {
|
|
47
|
+
'usersProperties' => "${wildfly::dirname}/${wildfly::mode}/configuration/application-users.properties",
|
|
48
|
+
'rolesProperties' => "${wildfly::dirname}/${wildfly::mode}/configuration/application-roles.properties",
|
|
49
|
+
},
|
|
50
|
+
},
|
|
51
|
+
},
|
|
52
|
+
}
|
|
53
|
+
|
|
54
|
+
# Actually deploy the core
|
|
55
|
+
archive { 'eyeunify_core.zip':
|
|
56
|
+
path => '/tmp/eyeunify_core.zip',
|
|
57
|
+
source => $source,
|
|
58
|
+
extract => true,
|
|
59
|
+
extract_path => '/tmp',
|
|
60
|
+
creates => '/tmp/eyeUNIFYcore_1_2_8953ad59.ear',
|
|
61
|
+
cleanup => true,
|
|
62
|
+
user => $wildfly::user,
|
|
63
|
+
group => $wildfly::user,
|
|
64
|
+
require => Package['unzip'],
|
|
65
|
+
before => Wildfly::Deployment['eyeunify_core.ear'],
|
|
66
|
+
}
|
|
67
|
+
|
|
68
|
+
wildfly::deployment { 'eyeunify_core.ear':
|
|
69
|
+
source => 'file:///tmp/eyeUNIFYcore_1_2_8953ad59.ear',
|
|
70
|
+
require => Class['profile::eyeunify::core::database_connection'],
|
|
71
|
+
}
|
|
72
|
+
}
|
data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/eyeunify/ctrl.pp
ADDED
|
@@ -0,0 +1,57 @@
|
|
|
1
|
+
# == Class: profile::eyeunify::ctrl
|
|
2
|
+
#
|
|
3
|
+
class profile::eyeunify::ctrl (
|
|
4
|
+
String $source = 'https://eyeunify.org/wp_root/wp-content/uploads/2016/11/eyeUNIFYctrl_1_2_74261798.zip',
|
|
5
|
+
) {
|
|
6
|
+
include ::profile::eyeunify::base
|
|
7
|
+
|
|
8
|
+
# Actually deploy the core
|
|
9
|
+
archive { 'eyeunify_ctrl.zip':
|
|
10
|
+
path => '/tmp/eyeunify_ctrl.zip',
|
|
11
|
+
source => $source,
|
|
12
|
+
extract => true,
|
|
13
|
+
extract_path => '/tmp',
|
|
14
|
+
creates => '/tmp/eyeUNIFYctrl_1_2_74261798.war',
|
|
15
|
+
cleanup => true,
|
|
16
|
+
user => $wildfly::user,
|
|
17
|
+
group => $wildfly::user,
|
|
18
|
+
require => Package['unzip'],
|
|
19
|
+
before => Wildfly::Deployment['eyeunify_ctrl.war'],
|
|
20
|
+
}
|
|
21
|
+
|
|
22
|
+
wildfly::deployment { 'eyeunify_ctrl.war':
|
|
23
|
+
source => 'file:///tmp/eyeUNIFYctrl_1_2_74261798.war',
|
|
24
|
+
require => Class['profile::eyeunify::core::database_connection'],
|
|
25
|
+
}
|
|
26
|
+
|
|
27
|
+
# Also add a reverse proxy
|
|
28
|
+
include ::profile::nginx
|
|
29
|
+
|
|
30
|
+
# Reverse proxy on port 80
|
|
31
|
+
nginx::resource::server { $::facts['fqdn']:
|
|
32
|
+
listen_port => 80,
|
|
33
|
+
proxy => 'http://localhost:8080',
|
|
34
|
+
}
|
|
35
|
+
|
|
36
|
+
# Allow through the firewall
|
|
37
|
+
firewall { "100 allow nginx 80":
|
|
38
|
+
proto => 'tcp',
|
|
39
|
+
dport => 80,
|
|
40
|
+
action => 'accept',
|
|
41
|
+
}
|
|
42
|
+
|
|
43
|
+
# Detect the correct IP based on what virualisation we are using
|
|
44
|
+
$ip = $facts['virtual'] ? {
|
|
45
|
+
'virtualbox' => $facts['networking']['interfaces']['enp0s8']['ip'],
|
|
46
|
+
default => $facts['networking']['ip'],
|
|
47
|
+
}
|
|
48
|
+
|
|
49
|
+
# Export balancer member in case this load balanced
|
|
50
|
+
@@haproxy::balancermember { "${facts['fqdn']}-eyeunify":
|
|
51
|
+
listening_service => 'eyeunify',
|
|
52
|
+
ports => '80',
|
|
53
|
+
server_names => $facts['fqdn'],
|
|
54
|
+
ipaddresses => $ip,
|
|
55
|
+
options => 'check',
|
|
56
|
+
}
|
|
57
|
+
}
|
|
@@ -0,0 +1,32 @@
|
|
|
1
|
+
class profile::eyeunify::database {
|
|
2
|
+
class { '::postgresql::globals':
|
|
3
|
+
manage_package_repo => true,
|
|
4
|
+
version => '9.4',
|
|
5
|
+
}
|
|
6
|
+
|
|
7
|
+
class { '::postgresql::server':
|
|
8
|
+
listen_addresses => $facts['networking']['ip'],
|
|
9
|
+
}
|
|
10
|
+
|
|
11
|
+
postgresql::server::db { 'eyeunify':
|
|
12
|
+
user => 'eyeunify',
|
|
13
|
+
password => postgresql_password('eyeunify', 'hunter2'),
|
|
14
|
+
require => Class['::postgresql::server'],
|
|
15
|
+
}
|
|
16
|
+
|
|
17
|
+
postgresql::server::pg_hba_rule { 'allow application network to access app database':
|
|
18
|
+
description => 'Open up PostgreSQL for access from app server/s',
|
|
19
|
+
type => 'host',
|
|
20
|
+
database => 'eyeunify',
|
|
21
|
+
user => 'eyeunify',
|
|
22
|
+
address => "${facts['networking']['network']}/24",
|
|
23
|
+
auth_method => 'md5',
|
|
24
|
+
}
|
|
25
|
+
|
|
26
|
+
# Allow through the firewall
|
|
27
|
+
firewall { "100 allow postgres 5432":
|
|
28
|
+
proto => 'tcp',
|
|
29
|
+
dport => 5432,
|
|
30
|
+
action => 'accept',
|
|
31
|
+
}
|
|
32
|
+
}
|