onceover 3.21.0 → 3.22.0

data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/file_sync/client.pp

@@ -0,0 +1,165 @@
+# Sets up file sync on an arbitrary host
+# --------------------------------------
+# 
+# This class installs the pe-puppetserver service in a customised configuration
+# which means that it only runs the file sync client service, no jrubies, no file
+# server etc. This can be installed on any hosts that for whatever reason need an
+# up-to-date copy of the Puppet code without having to create a new mechanism to
+# keep it in sync
+#
+# @param puppetserver_conf_dir Directory where config files are written
+# @param enable_gc_logging Whether garbage collection should be logged
+# @param code_dir Where to sync the code
+# @param java_args Java arguments for the pe-puppetserver process
+#
+class profile::file_sync::client (
+  $puppetserver_conf_dir = '/etc/puppetlabs/puppetserver/conf.d',
+  $enable_gc_logging     = true,
+  $code_dir              = '/etc/puppetlabs/code',
+  $java_args             = {
+    'Xmx' => '256m',
+    'Xms' => '256m',
+  },
+) {
+  # Set defaults that all settings are for puppetserver
+  Puppet_enterprise::Trapperkeeper::Bootstrap_cfg {
+    container => 'puppetserver',
+  }
+
+  # Install all packages required
+  Package <| tag == 'pe-master-packages' |>
+
+  # Ensure that the pe-puppetserver service is managed
+  puppet_enterprise::trapperkeeper::pe_service { 'puppetserver': }
+
+  # Remove all config files after install to get rid of default stuff
+  exec { 'remove default config':
+    command     => "rm -rf ${puppetserver_conf_dir}/*",
+    path        => $facts['path'],
+    refreshonly => true,
+    subscribe   => Package['pe-puppetserver'],
+  }
+
+  # Ensure that all hocon settings come after the exec
+  Exec['remove default config'] -> Pe_hocon_setting <| |>
+
+  # Create config files that were delete and are now unmanaged
+  $new_config_files = [
+    "${puppetserver_conf_dir}/metrics.conf",
+    "${puppetserver_conf_dir}/webserver.conf",
+    "${puppetserver_conf_dir}/global.conf",
+  ]
+
+  file { $new_config_files:
+    ensure  => file,
+    owner   => 'root',
+    group   => 'root',
+    mode    => '0644',
+    require => Package['pe-puppetserver'],
+  }
+
+  # Set the metrics server ID
+  pe_hocon_setting { 'metrics.server-id':
+    setting => 'metrics.server-id',
+    path    => "${puppetserver_conf_dir}/metrics.conf",
+    value   => $facts['hostname'],
+    notify  => Service['pe-puppetserver'],
+  }
+
+  # Set log config location
+  pe_hocon_setting { 'global.logging-config':
+    setting => 'global.logging-config',
+    path    => "${puppetserver_conf_dir}/global.conf",
+    value   => '/etc/puppetlabs/puppetserver/logback.xml',
+    notify  => Service['pe-puppetserver'],
+  }
+
+  # Ensure that the /status endpoint exists
+  pe_hocon_setting { 'web-router-service.status-service':
+    path    => "${puppetserver_conf_dir}/web-routes.conf",
+    setting => 'web-router-service."puppetlabs.trapperkeeper.services.status.status-service/status-service"',
+    value   => '/status',
+    notify  => Service['pe-puppetserver'],
+  }
+
+  # Set the authorization version as this is required
+  pe_hocon_setting { 'authorization.version':
+    setting => 'authorization.version',
+    path    => '/etc/puppetlabs/puppetserver/conf.d/auth.conf',
+    value   => 1,
+    notify  => Service['pe-puppetserver'],
+  }
+
+  # Set a gem home so that gems can be listed
+  pe_hocon_setting { 'jruby-puppet.gem-home':
+    setting => 'jruby-puppet.gem-home',
+    path    => "${puppetserver_conf_dir}/pe-puppet-server.conf",
+    value   => '/opt/puppetlabs/server/data/puppetserver/jruby-gems',
+    notify  => Service['pe-puppetserver'],
+  }
+
+  # Removed the versioned code service as this brings in all of the puppetserver dependencies
+  Puppet_enterprise::Trapperkeeper::Bootstrap_cfg <| title == 'file-sync-versioned-code-service' |> {
+    ensure => 'absent',
+  }
+
+  # Create all services in bootstrap.cfg
+  puppet_enterprise::trapperkeeper::bootstrap_cfg { 'jetty9-service':
+    namespace => 'puppetlabs.trapperkeeper.services.webserver.jetty9-service',
+  }
+
+  puppet_enterprise::trapperkeeper::bootstrap_cfg { 'webrouting-service':
+    namespace => 'puppetlabs.trapperkeeper.services.webrouting.webrouting-service',
+  }
+
+  puppet_enterprise::trapperkeeper::bootstrap_cfg { 'scheduler-service':
+    namespace => 'puppetlabs.trapperkeeper.services.scheduler.scheduler-service',
+  }
+
+  puppet_enterprise::trapperkeeper::bootstrap_cfg { 'status-service':
+    namespace => 'puppetlabs.trapperkeeper.services.status.status-service',
+  }
+
+  puppet_enterprise::trapperkeeper::bootstrap_cfg { 'authorization-service':
+    namespace => 'puppetlabs.trapperkeeper.services.authorization.authorization-service',
+  }
+
+  puppet_enterprise::trapperkeeper::bootstrap_cfg { 'metrics-service':
+    namespace => 'puppetlabs.trapperkeeper.services.metrics.metrics-service',
+  }
+
+  # Set up file-sync
+  class { 'puppet_enterprise::master::file_sync':
+    puppet_master_host                        => $puppet_enterprise::puppet_master_host,
+    master_of_masters_certname                => $puppet_enterprise::puppet_master_host,
+    localcacert                               => $puppet_enterprise::params::localcacert,
+    puppetserver_jruby_puppet_master_code_dir => $code_dir,
+    puppetserver_webserver_ssl_port           => '8140',
+    storage_service_disabled                  => true,
+  }
+
+  puppet_enterprise::trapperkeeper::webserver_settings { 'puppet-server':
+    container          => 'puppetserver',
+    ssl_listen_address => '0.0.0.0',
+    ssl_listen_port    => 8140,
+    default_server     => true,
+    notify             => Service['pe-puppetserver'],
+  }
+
+  # Set the Java args
+  puppet_enterprise::trapperkeeper::java_args { 'puppetserver':
+    java_args         => $java_args,
+    enable_gc_logging => $enable_gc_logging,
+  }
+
+  # Allow users to access the status endpoint
+  pe_puppet_authorization::rule { 'puppetlabs status service':
+    path                  => '/etc/puppetlabs/puppetserver/conf.d/auth.conf',
+    match_request_path    => '/status/v1/services',
+    match_request_type    => 'path',
+    match_request_method  => 'get',
+    allow_unauthenticated => true,
+    sort_order            => 500,
+    notify                => Service['pe-puppetserver'],
+  }
+}

data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/file_sync/master_patch.pp

@@ -0,0 +1,37 @@
+# This class patches the Puppet MoMs to allow all nodes that are able to access
+# the file-sync API to also be clients
+class profile::file_sync::master_patch {
+  # This repliaces the logic from the puppet_enterprise::master::file_sync
+  # class in order add our file_sync server to the list of allowed clients. 
+  # Note that the server muct be specified using hiera with the 
+  # puppet_enterprise::master::file_sync::whitelisted_certnames key
+  $masters_in_puppetdb = map(
+    puppetdb_query(['from', 'resources',
+                    ['extract', ['certname'],
+                      ['and', ['=', 'type', 'Class'],
+                      ['=', 'title', 'Puppet_enterprise::Profile::Master'],
+                      ['=', ['node','active'], true]]]])) |$master| { $master['certname'] }
+  $file_sync_clients_in_puppetdb = map(
+    puppetdb_query(['from', 'resources',
+                    ['extract', ['certname'],
+                      ['and', ['=', 'type', 'Class'],
+                      ['=', 'title', 'Profile::File_sync::Client'],
+                      ['=', ['node','active'], true]]]])) |$master| { $master['certname'] }
+  $whitelisted_certnames = lookup('puppet_enterprise::master::file_sync::whitelisted_certnames', {'default_value' => []})
+  $list                  = $whitelisted_certnames + $file_sync_clients_in_puppetdb + $masters_in_puppetdb
+  $authorized_certs      = pe_union([$facts['certname']], $list)
+  $certs_authorized_to_communicate_with_file_sync = pe_sort(delete_undef_values(pe_unique($authorized_certs)))
+
+
+  Pe_hocon_setting <| title == 'file-sync.client-certnames' |> {
+    value => $certs_authorized_to_communicate_with_file_sync,
+  }
+
+  Pe_puppet_authorization::Rule <| title == 'puppetlabs file sync api' |> {
+    allow => $certs_authorized_to_communicate_with_file_sync,
+  }
+
+  Pe_puppet_authorization::Rule <| title == 'puppetlabs file sync repo' |> {
+    allow => $certs_authorized_to_communicate_with_file_sync,
+  }
+}

data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/grafana/dashboard.pp

@@ -0,0 +1,17 @@
+define profile::grafana::dashboard (
+  $metrics_server_id,
+) {
+  # Swap dots for underscores as grafana deasn't like dots
+  $safe_title = regsubst($title,'\.','_','G')
+
+  file { "/opt/grafana/app/dashboards/${safe_title}.json":
+    ensure  => file,
+    owner   => 'root',
+    group   => 'root',
+    mode    => '0664',
+    content => epp('profile/dashboard.json.epp',{
+      'title'             => $title,
+      'metrics_server_id' => $metrics_server_id,
+      }),
+  }
+}

data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/haproxy.pp

@@ -0,0 +1,43 @@
+# == Class: profile::haproxy
+#
+# Hosts stats at :9090 puppet:puppet
+#
+# @param listening_pools A hash of listening pools
+class profile::haproxy (
+  Hash $listening_pools = {}
+) {
+  include ::haproxy
+
+  # Disbale firewall for load balancers
+  service { 'firewalld':
+    ensure => 'stopped',
+    enable => false,
+  }
+
+  $listening_pools.each |$name, $params| {
+    haproxy::listen { $name:
+      ipaddress => '0.0.0.0',
+      *         => $params,
+    }
+  }
+
+  ini_setting { 'runinterval':
+    ensure  => present,
+    path    => '/etc/puppetlabs/puppet/puppet.conf',
+    section => 'agent',
+    setting => 'runinterval',
+    value   => '60',
+  }
+
+  haproxy::listen { 'stats':
+    ipaddress => '0.0.0.0',
+    ports     => '9090',
+    options   => {
+      'mode'  => 'http',
+      'stats' => [
+        'uri /',
+        'auth puppet:puppet',
+      ],
+    },
+  }
+}

data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/init.pp

@@ -0,0 +1,3 @@
+class profile {
+  # Never actually use this class, this is just a placeholder for the time being
+}

data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/jenkins/plugins.pp

@@ -0,0 +1,87 @@
+# Plugins with the correct version
+class profile::jenkins::plugins {
+  $plugins = {
+    'pipeline-milestone-step'          => '1.3.1',
+    'pipeline-rest-api'                => '2.8',
+    'handlebars'                       => '1.1.1',
+    'momentjs'                         => '1.1.1',
+    'pipeline-stage-view'              => '2.8',
+    'pipeline-build-step'              => '2.5.1',
+    'workflow-aggregator'              => '2.5',
+    'pipeline-model-api'               => '1.1.8',
+    'bouncycastle-api'                 => '2.16.1',
+    'favorite'                         => '2.3.0',
+    'jackson2-api'                     => '2.7.3',
+    'github-api'                       => '1.86',
+    'workflow-step-api'                => '2.12',
+    'workflow-scm-step'                => '2.6',
+    'pubsub-light'                     => '1.11',
+    'docker-workflow'                  => '1.12',
+    'ssh-credentials'                  => '1.13',
+    'blueocean-config'                 => '1.1.4',
+    'git-client'                       => '2.4.6',
+    'scm-api'                          => '2.1.1',
+    'display-url-api'                  => '2.0',
+    'mailer'                           => '1.20',
+    'junit'                            => '1.20',
+    'script-security'                  => '1.29.1',
+    'workflow-basic-steps'             => '2.6',
+    'matrix-project'                   => '1.11',
+    'git'                              => '3.3.2',
+    'token-macro'                      => '2.1',
+    'pipeline-model-definition'        => '1.1.8',
+    'plain-credentials'                => '1.4',
+    'sse-gateway'                      => '1.15',
+    'github'                           => '1.27.0',
+    'github-branch-source'             => '2.0.8',
+    'blueocean-events'                 => '1.1.4',
+    'ace-editor'                       => '1.1',
+    'jquery-detached'                  => '1.2.1',
+    'blueocean-i18n'                   => '1.1.4',
+    'workflow-api'                     => '2.18',
+    'variant'                          => '1.1',
+    'workflow-support'                 => '2.14',
+    'workflow-cps'                     => '2.36.1',
+    'pipeline-input-step'              => '2.7',
+    'metrics'                          => '3.1.2.10',
+    'pipeline-stage-step'              => '2.2',
+    'workflow-job'                     => '2.12.1',
+    'credentials-binding'              => '1.12',
+    'pipeline-graph-analysis'          => '1.4',
+    'blueocean-commons'                => '1.1.4',
+    'blueocean-web'                    => '1.1.4',
+    'blueocean-rest'                   => '1.1.4',
+    'cloudbees-folder'                 => '6.0.4',
+    'branch-api'                       => '2.0.10',
+    'blueocean-jwt'                    => '1.1.4',
+    'workflow-multibranch'             => '2.16',
+    'blueocean-pipeline-scm-api'       => '1.1.4',
+    'docker-commons'                   => '1.8',
+    'pipeline-model-extensions'        => '1.1.8',
+    'git-server'                       => '1.7',
+    'durable-task'                     => '1.14',
+    'workflow-cps-global-lib'          => '2.8',
+    'blueocean'                        => '1.1.4',
+    'icon-shim'                        => '2.0.3',
+    'authentication-tokens'            => '1.3',
+    'workflow-durable-task-step'       => '2.12',
+    'pipeline-stage-tags-metadata'     => '1.1.8',
+    'pipeline-model-declarative-agent' => '1.1.1',
+    'blueocean-rest-impl'              => '1.1.4',
+    'blueocean-pipeline-api-impl'      => '1.1.4',
+    'blueocean-github-pipeline'        => '1.1.4',
+    'blueocean-git-pipeline'           => '1.1.4',
+    'blueocean-personalization'        => '1.1.4',
+    'blueocean-display-url'            => '2.0',
+    'blueocean-pipeline-editor'        => '0.2.0',
+    'blueocean-autofavorite'           => '1.0.0',
+    'blueocean-dashboard'              => '1.1.4',
+    'puppet-enterprise-pipeline'       => '1.3.1',
+  }
+
+  $plugins.each |$name,$version| {
+    jenkins::plugin { $name:
+      version => $version,
+    }
+  }
+}

data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/jenkins.pp

@@ -0,0 +1,65 @@
+class profile::jenkins {
+  class { '::jenkins':
+    version            => '2.60.1',
+    service_enable     => false,
+    configure_firewall => true,
+    executors          => $::processors['count'],
+  }
+
+  include ::profile::jenkins::plugins
+
+  jenkins::job { 'Onceover':
+    config  => epp('profile/onceover_jenkins_job.xml'),
+    require => Package['jenkins'],
+  }
+
+  jenkins::job { 'Controlrepo Test and Deploy':
+    config  => epp('profile/controlrepo_deploy_jenkins_job.xml'),
+    require => Package['jenkins'],
+  }
+
+  include ::profile::base
+
+  include ::profile::nginx
+
+  # Include a reverse proxy in front
+  nginx::resource::server { $::hostname:
+    listen_port    => 80,
+    listen_options => 'default_server',
+    proxy          => 'http://localhost:8080',
+  }
+
+  # Set Jenkins' default shell to bash
+  file { 'jenkins_default_shell':
+    ensure  => file,
+    path    => '/var/lib/jenkins/hudson.tasks.Shell.xml',
+    source  => 'puppet:///modules/profile/hudson.tasks.Shell.xml',
+    notify  => Service['jenkins'],
+    require => Package['jenkins'],
+  }
+
+  # Create a user in the Puppet console for Jenkins
+  @@console::user { 'jenkins':
+    password     => fqdn_rand_string(20, '', 'jenkins'),
+    display_name => 'Jenkins',
+    roles        => ['Developers'],
+  }
+
+  # Create the details for the Puppet token
+  $token = console::user::token('jenkins')
+  $secret_json = epp('profile/jenkins_secret_text.json.epp',{
+    'id'          => 'PE-Deploy-Token',
+    'description' => 'Puppet Enterprise Token',
+    'secret'      => $token,
+  })
+  $secret_json_escaped = shell_escape($secret_json)
+
+  # If the token has been generated then create it
+  # if $token {
+  #   jenkins_credentials { 'PE-Deploy-Token':
+  #     impl        => 'StringCredentialsImpl',
+  #     secret      => $token,
+  #     description => 'Puppet Enterprise Token',
+  #   }
+  # }
+}

data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/jira/aio.pp

@@ -0,0 +1,39 @@
+# Installs jira and postgres and the JRE
+class profile::jira::aio {
+  file { '/opt/jira':
+    ensure => 'directory',
+    before => Class['jira'],
+  }
+
+  class { 'postgresql::globals':
+    manage_package_repo => true,
+    version             => '9.3',
+  }
+
+  class { 'postgresql::server':
+    require => Class['postgresql::globals']
+  }
+
+  class { 'java':
+    distribution => 'jre',
+  }
+
+  service { 'iptables':
+    ensure => 'stopped',
+  }
+
+  class { 'jira':
+    javahome => '/usr',
+    db       => 'postgresql',
+    dbuser   => 'jiraadm',
+    dbserver => 'localhost',
+    require  => [Class['java'],Postgresql::Server::Db['jira']],
+  }
+
+  postgresql::server::db { 'jira':
+    user     => 'jiraadm',
+    password => postgresql_password('jiraadm', 'mypassword'),
+    require  => Class['postgresql::server'],
+  }
+
+}

data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/jira/app.pp

@@ -0,0 +1,27 @@
+class profile::jira::app {
+  $db_server = hiera('profile::jira::db_server')
+  $db_user = hiera('profile::jira::db_user')
+  $db_password = hiera('profile::jira::db_password')
+
+  file { '/opt/jira':
+    ensure => 'directory',
+    before => Class['jira'],
+  }
+
+  class { 'java':
+    distribution => 'jre',
+  }
+
+  service { 'iptables':
+    ensure => 'stopped',
+  }
+
+  class { 'jira':
+    javahome   => '/usr',
+    db         => 'postgresql',
+    dbuser     => $db_user,
+    dbserver   => $db_server,
+    dbpassword => $db_password,
+    require    => Class['java'],
+  }
+}

data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/jira/db.pp

@@ -0,0 +1,25 @@
+class profile::jira::db {
+  $db_user = hiera('profile::jira::db_user')
+  $db_password = hiera('profile::jira::db_password')
+
+  class { 'postgresql::globals':
+    manage_package_repo => true,
+    version             => '9.3',
+  }
+
+  class { 'postgresql::server':
+    listen_addresses        => '*',
+    ip_mask_allow_all_users => '0.0.0.0/0',
+    require                 => Class['postgresql::globals']
+  }
+
+  service { 'iptables':
+    ensure => 'stopped',
+  }
+
+  postgresql::server::db { 'jira':
+    user     => $db_user,
+    password => postgresql_password($db_user, $db_password),
+    require  => Class['postgresql::server'],
+  }
+}

data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/metrics/collectd/compile.pp

@@ -0,0 +1,82 @@
+class profile::metrics::collectd::compile {
+  # This class is for compiling collectd from source, but is redundant
+  # if you can get at the package
+
+  $collectd_version = '5.5.0'
+  $collectd_dir = '/etc/collectd'
+
+  $dependencies = [
+    'libatasmart-devel',
+    'libcurl-devel',
+    'libdbi-devel',
+    'libesmtp-devel',
+    'ganglia-devel',
+    'libgcrypt-devel',
+    'hal-devel',
+    'hiredis-devel',
+    'iptables-devel',
+    'java-1.8.0-openjdk-devel',
+    'openldap-devel',
+    'lvm2-devel',
+    'libmemcached-devel',
+    'libmnl-devel',
+    'libmodbus-devel',
+    'mysql-devel',
+    'net-snmp-devel',
+    'libnotify-devel',
+    'OpenIPMI-devel',
+    'liboping-devel',
+    'libpcap-devel',
+    'perl-devel',
+    'perl-ExtUtils-Embed',
+    'postgresql-devel',
+    'librabbitmq-devel',
+    'rrdtool-devel',
+    'lm_sensors-devel',
+    'libstatgrab-devel',
+    'libudev-devel',
+    'nut-devel',
+    'varnish-libs-devel',
+    'libvirt-devel',
+    'libxml2-devel',
+    'yajl-devel',
+    'protobuf-c-devel',
+    'python-devel',
+    'libtool-ltdl-devel',
+  ]
+
+  require ::gcc
+
+  package { $dependencies:
+    ensure => present,
+  }
+
+  file { $collectd_dir:
+    ensure => directory,
+    owner  => 'root',
+    group  => 'root',
+    mode   => '0644',
+  }
+
+  staging::deploy { "collectd-${collectd_version}.tar.bz2":
+    target  => $collectd_dir,
+    source  => "http://collectd.org/files/collectd-${collectd_version}.tar.bz2",
+    require => File[$collectd_dir],
+  }
+
+  exec { 'configure_collectd':
+    command => 'configure',
+    cwd     => "${collectd_dir}/collectd-${collectd_version}",
+    path    => "${::path}:${collectd_dir}/collectd-${collectd_version}",
+    creates => "${collectd_dir}/collectd-${collectd_version}/config.status",
+    require => Staging::Deploy["collectd-${collectd_version}.tar.bz2"],
+  }
+
+  exec { 'install_collectd':
+    command => 'make all install',
+    path    => "${::path}:${collectd_dir}/collectd-${collectd_version}",
+    creates => '/opt/collectd',
+    require => [Exec['configure_collectd'],Package[$dependencies]],
+  }
+
+}

data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/metrics/collectd.pp

@@ -0,0 +1,28 @@
+class profile::metrics::collectd {
+
+  class { '::collectd':
+    purge_config => true,
+    interval     => 5,
+  }
+
+  include ::collectd::plugin::cpu
+  #include ::collectd::plugin::disk
+  include ::collectd::plugin::memory
+  include ::collectd::plugin::interface
+  include ::collectd::plugin::df
+
+  $monitoring_node = lookup({
+    'name'          => 'puppet_enterprise::profile::master::metrics_graphite_host',
+    'default_value' => false,
+  })
+
+  if $monitoring_node {
+    collectd::plugin::write_graphite::carbon {'my_graphite':
+      graphitehost   => $monitoring_node,
+      graphiteport   => 2003,
+      graphiteprefix => '',
+      protocol       => 'tcp',
+    }
+  }
+
+}

data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/metrics/dashboard.pp

@@ -0,0 +1,28 @@
+# Creates the metrics dashboard
+class profile::metrics::dashboard (
+  Array $master_list = [$server_facts['servername']],
+) {
+  class { 'puppet_metrics_dashboard':
+    add_dashboard_examples => true,
+    consume_graphite       => true,
+    influxdb_database_name => ["graphite"],
+    master_list            => $master_list,
+    overwrite_dashboards   => false,
+  }
+
+  include nginx
+
+  nginx::resource::server { $facts['fqdn']:
+    listen_port => 80,
+    ssl         => true,
+    ssl_cert    => "/etc/puppetlabs/puppet/ssl/certs/${facts['fqdn']}.pem",
+    ssl_key     => "/etc/puppetlabs/puppet/ssl/private_keys/${facts['fqdn']}.pem",
+    proxy       => 'http://localhost:3000',
+  }
+
+  # Remove the default config file
+  file { '/etc/nginx/conf.d/default.conf':
+    ensure => absent,
+    notify => Service['nginx'],
+  }
+}

data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/mysql_server.pp

@@ -0,0 +1,7 @@
+class profile::mysql_server {
+  include mysql::server
+
+  unless $::kernel == 'linux' {
+    fail('The profile::mysql_server profile cannot be used on non-linux systems')
+  }
+}