simp-beaker-helpers 1.18.9 → 1.20.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -1,36 +1,42 @@
1
1
  ---
2
- language: ruby
3
- cache: bundler
4
- sudo: false
5
- before_install:
6
- - rm Gemfile.lock || true
7
- bundler_args: "--without development --path .vendor"
2
+ language: shell
8
3
  notifications:
9
4
  email: false
10
- rvm:
11
- - 2.4.4
12
- env:
13
- - SIMP_SKIP_NON_SIMPOS_TESTS=1
14
- script:
15
- - bundle exec rake spec
16
- before_deploy:
17
- - bundle exec rake clobber
18
- - "export GEM_VERSION=`ruby -r ./lib/simp/beaker_helpers/version.rb -e 'puts Simp::BeakerHelpers::VERSION'`"
19
- - '[[ $TRAVIS_TAG =~ ^${GEM_VERSION}$ ]]'
20
- deploy:
21
- - provider: rubygems
22
- gemspec: simp-beaker-helpers.gemspec
23
- gem: simp-beaker-helpers
24
- api_key:
25
- secure: "AlnBx0dBSxn+S97n0h14ltKUOA+6v0bc7QZPIcwGJV9nnf1hKH3pf9La1TVknEx7XgpAcM9jusQJ7hBlqvSq8z8SFF0bZk1EgSRIKc1cuYPLiGyUM2O7+AFHyCy3iCnPvKeoQmE/BJb5O1dGnbmSbf4A0fqLxA7jiHG1j7z+cnmJB1i67wovDfl13TsOXyBfbespWBMMc0BKAw56FPs9XggAk2cNusS3hd5tqW1AZPT2/xwt+d8ngkmO96u8QcichYRFQ+w+XW4H0w935wNg/dWiskJlt7TIYVAh4Ko5s2DZKf52Tne8TugALSn0LhRatpp7sw1FTTpteCW8UqK8uwGC2hM4pZViAOv4P1YObz2IPOZPriBl+cCayJdMKnotkUJliAMnw5TLiSWKLou+S0Pdj2h3fJZWdOEwRPMzIVoJtsOHG3GdNcPL6f7iU0vP/wr6FeR3uWa+fA7NHRi2Du955O8JpogjdrW08ahcAEwhtI3A4mrA08wN09axsrwr093uDRm/5h4FHyAhExJ0YiA/6kcPpUvILcLStyHe0RQDICQMdsQo2DSbnL65w3QjFa2fML2Shf9cRwX06+ia2BxozWzFD/6p3RiRtPxphnbFiUdjYSGWcwCcUgbJx9SW04lSSxOhpyItuXgxZqiybkzstXd6riu5zwg1R8TWk34="
26
- on:
27
- tags: true
28
- rvm: 2.4.4
29
- condition: "($SKIP_PUBLISH != true)"
30
- - provider: releases
31
- api_key:
32
- secure: "I41p4aqjkrNDHJhZ5gWC4gzn7BVwEYRm5Q3PAxQRSIUDB/QTVgNqZx8YptkuIvSGpw8kIywyZg3NKdzGUO8aJJ0NlXapL7e9qQIigkYhdaCZjZFG5zIxdOFs4sVoz/6vnQT9JIcGWy7uS5xiNOulGvfEWU78+e+I9yPdT74RApve5VAVT/km5lV5ldRnwwehLnTx+volUlnOD8rwfizoVLqFTrfRfr4cVMF605UYyaiVxHF50hywFRZoAdVcMEhlLQnQXfz/ZsLMJLJm9eCpjQ989N0oX6theSLCcv7QtHcWMXydjWMcpuTfBZSFrwUVbC23uMOKTJVEWq5LMG3m2L6hP3//2gvUzGhOVLvoGuC+erboB7QoXdcoOgXY+dTZPMcPBxpArdDLWVQSLTvPs05QzpaUdRLVMC/kD1d1EudlEicgkNgNDBhBn3089nVmvKndbKLvj+23a5AQVVbs+8C0x+SJvTc9N2N+bmuH7jIJPrEvWK4xwcQa+g2M/EBv05jaEdSErlVa6B6UKCH0Lea9rpy1se9vn5OzpaaMCCJIpcpQqHDjo0PMAQXBSbqjKcBei6lR5fIFl5UO9gWP1v8PGPuCzGTBivQ92XlgV1TWXmdbJHwIuSbJx3Ali7Wp19RR4E4uHC+TPFssvgkh9ZLkORnWWS35wzzU1LkwWx0="
33
- on:
34
- tags: true
35
- rvm: 2.4.4
36
- condition: "($SKIP_PUBLISH != true)"
5
+ stages:
6
+ - name: deploy
7
+ if: 'tag IS present'
8
+
9
+ ### Testing on Travis CI is indefinitely disabled
10
+ ###
11
+ ### See:
12
+ ### * https://blog.travis-ci.com/2020-11-02-travis-ci-new-billing
13
+ ### * https://simp-project.atlassian.net/browse/SIMP-8703
14
+ jobs:
15
+ include:
16
+ - stage: deploy
17
+ script: skip
18
+ cache: bundler
19
+ before_install:
20
+ - rm Gemfile.lock || true
21
+ bundler_args: "--without development --path .vendor"
22
+ language: ruby
23
+ rvm: 2.4.5
24
+ before_deploy:
25
+ - bundle exec rake clobber
26
+ - "export GEM_VERSION=`ruby -r ./lib/simp/beaker_helpers/version.rb -e 'puts Simp::BeakerHelpers::VERSION'`"
27
+ - '[[ $TRAVIS_TAG =~ ^${GEM_VERSION}$ ]]'
28
+ deploy:
29
+ - provider: rubygems
30
+ gemspec: simp-beaker-helpers.gemspec
31
+ gem: simp-beaker-helpers
32
+ token:
33
+ secure: "AlnBx0dBSxn+S97n0h14ltKUOA+6v0bc7QZPIcwGJV9nnf1hKH3pf9La1TVknEx7XgpAcM9jusQJ7hBlqvSq8z8SFF0bZk1EgSRIKc1cuYPLiGyUM2O7+AFHyCy3iCnPvKeoQmE/BJb5O1dGnbmSbf4A0fqLxA7jiHG1j7z+cnmJB1i67wovDfl13TsOXyBfbespWBMMc0BKAw56FPs9XggAk2cNusS3hd5tqW1AZPT2/xwt+d8ngkmO96u8QcichYRFQ+w+XW4H0w935wNg/dWiskJlt7TIYVAh4Ko5s2DZKf52Tne8TugALSn0LhRatpp7sw1FTTpteCW8UqK8uwGC2hM4pZViAOv4P1YObz2IPOZPriBl+cCayJdMKnotkUJliAMnw5TLiSWKLou+S0Pdj2h3fJZWdOEwRPMzIVoJtsOHG3GdNcPL6f7iU0vP/wr6FeR3uWa+fA7NHRi2Du955O8JpogjdrW08ahcAEwhtI3A4mrA08wN09axsrwr093uDRm/5h4FHyAhExJ0YiA/6kcPpUvILcLStyHe0RQDICQMdsQo2DSbnL65w3QjFa2fML2Shf9cRwX06+ia2BxozWzFD/6p3RiRtPxphnbFiUdjYSGWcwCcUgbJx9SW04lSSxOhpyItuXgxZqiybkzstXd6riu5zwg1R8TWk34="
34
+ on:
35
+ tags: true
36
+ condition: "($SKIP_PUBLISH != true)"
37
+ - provider: releases
38
+ token:
39
+ secure: "I41p4aqjkrNDHJhZ5gWC4gzn7BVwEYRm5Q3PAxQRSIUDB/QTVgNqZx8YptkuIvSGpw8kIywyZg3NKdzGUO8aJJ0NlXapL7e9qQIigkYhdaCZjZFG5zIxdOFs4sVoz/6vnQT9JIcGWy7uS5xiNOulGvfEWU78+e+I9yPdT74RApve5VAVT/km5lV5ldRnwwehLnTx+volUlnOD8rwfizoVLqFTrfRfr4cVMF605UYyaiVxHF50hywFRZoAdVcMEhlLQnQXfz/ZsLMJLJm9eCpjQ989N0oX6theSLCcv7QtHcWMXydjWMcpuTfBZSFrwUVbC23uMOKTJVEWq5LMG3m2L6hP3//2gvUzGhOVLvoGuC+erboB7QoXdcoOgXY+dTZPMcPBxpArdDLWVQSLTvPs05QzpaUdRLVMC/kD1d1EudlEicgkNgNDBhBn3089nVmvKndbKLvj+23a5AQVVbs+8C0x+SJvTc9N2N+bmuH7jIJPrEvWK4xwcQa+g2M/EBv05jaEdSErlVa6B6UKCH0Lea9rpy1se9vn5OzpaaMCCJIpcpQqHDjo0PMAQXBSbqjKcBei6lR5fIFl5UO9gWP1v8PGPuCzGTBivQ92XlgV1TWXmdbJHwIuSbJx3Ali7Wp19RR4E4uHC+TPFssvgkh9ZLkORnWWS35wzzU1LkwWx0="
40
+ on:
41
+ tags: true
42
+ condition: "($SKIP_PUBLISH != true)"
@@ -1,3 +1,53 @@
1
+ ### 1.20.0 / 2021-01-05
2
+ * Added:
3
+ * A `enable_epel_on` function that follows the instructions on the EPEL
4
+ website to properly enable EPEL on hosts. May be disabled using
5
+ `BEAKER_enable_epel=no`.
6
+ * An Ubuntu nodeset to make sure our default settings don't destroy other
7
+ Linux systems.
8
+ * Added has_crypto_policies method for determining if crypto policies are
9
+ present on the SUT
10
+ * Added munge_ssh_crypto_policies to allow vagrant to SSH back into systems
11
+ with restrictive crypto policies (usually FIPS)
12
+ * Fixed:
13
+ * Modify all crypto-policy backend files to support ssh-rsa keys
14
+ * Try harder when doing yum installations
15
+
16
+ ### 1.19.4 / 2021-01-05
17
+ * Fixed:
18
+ * Only return a default empty string when `pfact_on` finds a `nil` value
19
+ * Added an acceptance test to validate this
20
+ * Ensure that we start with `facter -p` for `facter` < 4.0 and continue to
21
+ `puppet facts` otherwise
22
+ * Updated the Rakefile to skip symlinks in chmods which fixes the ability to
23
+ build gems
24
+
25
+ ### 1.19.3 / 2021-01-01
26
+ * Fixed:
27
+ * Ensure that `pfact_on` can handle fact dot notation
28
+ * Changed:
29
+ * Silenced some of the noisy commands that didn't provide value-add output
30
+
31
+ ### 1.19.2 / 2020-12-19
32
+ * Fixed:
33
+ * Fixed an issue with pfact_on
34
+
35
+ ### 1.19.1 / 2020-12-02
36
+ * Fixed:
37
+ * Bumped the core puppet version to 6.X
38
+ * Fixed the file_content_on method
39
+ * Removed EL 6 support from the tests since the core repos are defunct
40
+ * Started removing some of the puppet 4 tests
41
+
42
+ ### 1.19.0 / 2020-09-30
43
+ * Fixed:
44
+ * rsync handling has a better check to see if rsync actually works prior to
45
+ using it. The old method had the potential to try and use rsync even if it
46
+ no longer worked (FIPS flipped for example).
47
+ * Changed:
48
+ * Migrated from PackageCloud to the SIMP download server for updates moving
49
+ forward.
50
+
1
51
  ### 1.18.9 / 2020-08-04
2
52
  * Change windows 2012r2 VM to work around issues where the old image had
3
53
  duplicate ports trying to be opened
data/Gemfile CHANGED
@@ -44,7 +44,7 @@ group :system_tests do
44
44
  gem 'beaker-rspec'
45
45
  gem 'beaker-windows'
46
46
  gem 'net-ssh'
47
- gem 'puppet', ENV.fetch('PUPPET_VERSION', '~> 5.0')
47
+ gem 'puppet', ENV.fetch('PUPPET_VERSION', '~> 6.0')
48
48
  gem 'puppetlabs_spec_helper'
49
49
  gem 'rubocop'
50
50
  gem 'rubocop-rspec'
data/Rakefile CHANGED
@@ -30,7 +30,7 @@ task :chmod do
30
30
  gemspec = File.expand_path( "#{@package}.gemspec", @rakefile_dir ).strip
31
31
  spec = Gem::Specification::load( gemspec )
32
32
  spec.files.each do |file|
33
- FileUtils.chmod 'go=r', file
33
+ FileUtils.chmod 'go=r', file unless File.symlink?(file)
34
34
  end
35
35
  end
36
36
 
@@ -30,20 +30,44 @@ module Simp::BeakerHelpers
30
30
  ).output.strip == '1'
31
31
  end
32
32
 
33
+ def rsync_functional_on?(sut)
34
+ # We have to check if rsync *still* works otherwise
35
+ return false if (@rsync_functional == false)
36
+
37
+ require 'facter'
38
+ unless Facter::Util::Resolution.which('rsync')
39
+ @rsync_functional = false
40
+ return @rsync_functional
41
+ end
42
+
43
+ require 'tempfile'
44
+
45
+ testfile = Tempfile.new('rsync_check')
46
+ testfile.puts('test')
47
+ testfile.close
48
+
49
+ begin
50
+ rsync_to(sut, testfile.path, sut.system_temp_path)
51
+ rescue Beaker::Host::CommandFailure
52
+ @rsync_functional = false
53
+ return false
54
+ ensure
55
+ testfile.unlink
56
+ end
57
+
58
+ return true
59
+ end
60
+
33
61
  # Figure out the best method to copy files to a host and use it
34
62
  #
35
63
  # Will create the directories leading up to the target if they don't exist
36
64
  def copy_to(sut, src, dest, opts={})
37
- unless fips_enabled(sut) || @has_rsync
38
- %x{which rsync 2>/dev/null}.strip
39
-
40
- @has_rsync = !$?.nil? && $?.success?
41
- end
42
-
43
65
  sut.mkdir_p(File.dirname(dest))
44
66
 
45
67
  if sut[:hypervisor] == 'docker'
46
68
  exclude_list = []
69
+ opts[:silent] ||= true
70
+
47
71
  if opts.has_key?(:ignore) && !opts[:ignore].empty?
48
72
  opts[:ignore].each do |value|
49
73
  exclude_list << "--exclude '#{value}'"
@@ -57,7 +81,7 @@ module Simp::BeakerHelpers
57
81
  container_id = sut.host_hash[:docker_container_id]
58
82
  end
59
83
  %x(tar #{exclude_list.join(' ')} -hcf - -C "#{File.dirname(src)}" "#{File.basename(src)}" | docker exec -i "#{container_id}" tar -C "#{dest}" -xf -)
60
- elsif @has_rsync && sut.check_for_command('rsync')
84
+ elsif rsync_functional_on?(sut)
61
85
  # This makes rsync_to work like beaker and scp usually do
62
86
  exclude_hack = %(__-__' -L --exclude '__-__)
63
87
 
@@ -92,9 +116,34 @@ module Simp::BeakerHelpers
92
116
 
93
117
  # use the `puppet fact` face to look up facts on an SUT
94
118
  def pfact_on(sut, fact_name)
95
- facts_json = on(sut,'puppet facts find xxx').output
96
- facts = JSON.parse(facts_json).fetch( 'values' )
97
- facts.fetch(fact_name)
119
+ require 'ostruct'
120
+
121
+ # If puppet is not installed, there are no puppet facts to fetch
122
+ if sut.which('puppet').empty?
123
+ fact_on(sut, fact_name, :silent => true)
124
+ else
125
+ facts_json = nil
126
+ begin
127
+ cmd_output = on(sut, 'facter -p --json', :silent => true)
128
+
129
+ # Facter 4+
130
+ raise('skip facter -p') if (cmd_output.stderr =~ /no longer supported/)
131
+
132
+ facts = JSON.parse(cmd_output.stdout, object_class: OpenStruct)
133
+ rescue StandardError
134
+ # If *anything* fails, we need to fall back to `puppet facts`
135
+
136
+ facts_json = on(sut, 'puppet facts find garbage_xxx', :silent => true).stdout
137
+ facts = JSON.parse(facts_json, object_class: OpenStruct).values
138
+ end
139
+
140
+ found_fact = facts.dig(*(fact_name.split('.')))
141
+
142
+ # Fall back to the behavior in fact_on
143
+ found_fact = '' if found_fact.nil?
144
+
145
+ return found_fact
146
+ end
98
147
  end
99
148
 
100
149
  # Returns the modulepath on the SUT, as an Array
@@ -272,6 +321,19 @@ module Simp::BeakerHelpers
272
321
  pluginsync_on(suts) if opts[:pluginsync]
273
322
  end
274
323
 
324
+ def has_crypto_policies(sut)
325
+ file_exists_on(sut, '/etc/crypto-policies/config')
326
+ end
327
+
328
+ def munge_ssh_crypto_policies(sut, key_types=['ssh-rsa'])
329
+ if has_crypto_policies(sut)
330
+ on(sut, "yum update -y crypto-policies", :accept_all_exit_codes => true)
331
+
332
+ # Since we may be doing this prior to having a box flip into FIPS mode, we
333
+ # need to find and modify *all* of the affected policies
334
+ on( sut, %{sed --follow-symlinks -i 's/PubkeyAcceptedKeyTypes\\(.\\)/PubkeyAcceptedKeyTypes\\1#{key_types.join(',')},/' $( grep -L ssh-rsa $( find /etc/crypto-policies /usr/share/crypto-policies -type f -a \\( -name '*.txt' -o -name '*.config' \\) -exec grep -l PubkeyAcceptedKeyTypes {} \\; ) ) })
335
+ end
336
+ end
275
337
 
276
338
  # Configure and reboot SUTs into FIPS mode
277
339
  def enable_fips_mode_on( suts = hosts )
@@ -325,17 +387,14 @@ module Simp::BeakerHelpers
325
387
  on(sut, module_install_cmd)
326
388
  end
327
389
 
328
- # Enable FIPS and then reboot to finish.
329
- on(sut, %(puppet apply --verbose #{fips_enable_modulepath} -e "class { 'fips': enabled => true }"))
330
-
331
390
  # Work around Vagrant and cipher restrictions in EL8+
332
391
  #
333
392
  # Hopefully, Vagrant will update the used ciphers at some point but who
334
393
  # knows when that will be
335
- opensshserver_config = '/etc/crypto-policies/back-ends/opensshserver.config'
336
- if file_exists_on(sut, opensshserver_config)
337
- on(sut, "sed --follow-symlinks -i 's/PubkeyAcceptedKeyTypes=/PubkeyAcceptedKeyTypes=ssh-rsa,/' #{opensshserver_config}")
338
- end
394
+ munge_ssh_crypto_policies(sut)
395
+
396
+ # Enable FIPS and then reboot to finish.
397
+ on(sut, %(puppet apply --verbose #{fips_enable_modulepath} -e "class { 'fips': enabled => true }"))
339
398
 
340
399
  sut.reboot
341
400
  end
@@ -428,6 +487,45 @@ module Simp::BeakerHelpers
428
487
  repo_manifest = repo_manifest + %(\n#{repo_manifest_opts.join(",\n")}) + "\n}\n"
429
488
  end
430
489
 
490
+ # Enable EPEL if appropriate to do so and the system is online
491
+ #
492
+ # Can be disabled by setting BEAKER_enable_epel=no
493
+ def enable_epel_on(sut)
494
+ if ONLINE && (ENV['BEAKER_stringify_facts'] != 'no')
495
+ os_info = fact_on(sut, 'os')
496
+ os_maj_rel = os_info['release']['major']
497
+
498
+ # This is based on the official EPEL docs https://fedoraproject.org/wiki/EPEL
499
+ if ['RedHat', 'CentOS'].include?(os_info['name'])
500
+ on(
501
+ sut,
502
+ %{yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-#{os_maj_rel}.noarch.rpm},
503
+ :max_retries => 3,
504
+ :retry_interval => 10
505
+ )
506
+
507
+ if os_info['name'] == 'RedHat'
508
+ if os_maj_rel == '7'
509
+ on sut, %{subscription-manager repos --enable "rhel-*-optional-rpms"}
510
+ on sut, %{subscription-manager repos --enable "rhel-*-extras-rpms"}
511
+ on sut, %{subscription-manager repos --enable "rhel-ha-for-rhel-*-server-rpms"}
512
+ end
513
+
514
+ if os_maj_rel == '8'
515
+ on sut, %{subscription-manager repos --enable "codeready-builder-for-rhel-8-#{os_info['architecture']}-rpms"}
516
+ end
517
+ end
518
+
519
+ if os_info['name'] == 'CentOS'
520
+ if os_maj_rel == '8'
521
+ # 8.0 fallback
522
+ on sut, %{dnf config-manager --set-enabled powertools || dnf config-manager --set-enabled PowerTools}
523
+ end
524
+ end
525
+ end
526
+ end
527
+ end
528
+
431
529
  def linux_errata( sut )
432
530
  # We need to be able to flip between server and client without issue
433
531
  on sut, 'puppet resource group puppet gid=52'
@@ -513,6 +611,7 @@ module Simp::BeakerHelpers
513
611
  end
514
612
 
515
613
  enable_yum_repos_on(sut)
614
+ enable_epel_on(sut)
516
615
 
517
616
  # net-tools required for netstat utility being used by be_listening
518
617
  if fact_on(sut, 'operatingsystemmajrelease') == '7'
@@ -584,7 +683,7 @@ module Simp::BeakerHelpers
584
683
  end
585
684
 
586
685
  def sosreport(sut, dest='sosreports')
587
- sut.install_package('sos')
686
+ on(sut, 'puppet resource package sos ensure=latest')
588
687
  on(sut, 'sosreport --batch')
589
688
 
590
689
  files = on(sut, 'ls /var/tmp/sosreport* /tmp/sosreport* 2>/dev/null', :accept_all_exit_codes => true).output.lines.map(&:strip)
@@ -864,10 +963,10 @@ done
864
963
  file_content = nil
865
964
 
866
965
  if file_exists_on(sut, path)
867
- Dir.mktempdir do |dir|
868
- scp_from(host, path, dir)
966
+ Dir.mktmpdir do |dir|
967
+ scp_from(sut, path, dir)
869
968
 
870
- file_content = File.read(File.basename(path))
969
+ file_content = File.read(File.join(dir,File.basename(path)))
871
970
  end
872
971
  end
873
972
 
@@ -958,7 +1057,7 @@ done
958
1057
  # @returns [String] Path to the Hieradata directory on the target system
959
1058
  def hiera_datadir(sut)
960
1059
  # This output lets us know where Hiera is configured to look on the system
961
- puppet_lookup_info = on(sut, 'puppet lookup --explain test__simp__test').output.strip.lines
1060
+ puppet_lookup_info = on(sut, 'puppet lookup --explain test__simp__test', :silent => true).output.strip.lines
962
1061
 
963
1062
  if sut.puppet_configprint['manifest'].nil? || sut.puppet_configprint['manifest'].empty?
964
1063
  fail("No output returned from `puppet config print manifest` on #{sut}")
@@ -1170,62 +1269,83 @@ done
1170
1269
  run_puppet_install_helper(install_info[:puppet_install_type], install_info[:puppet_install_version])
1171
1270
  end
1172
1271
 
1173
- # Configure all SIMP repos on a host and enable all but those listed in the disable list
1272
+ # Configure all SIMP repos on a host and disable all repos in the disable Array
1174
1273
  #
1175
- # @param sut Host on which to configure SIMP repos
1176
- # @param disable List of SIMP repos to disable
1177
- # @raise if disable contains an invalid repo name.
1274
+ # @param sut [Beaker::Host] Host on which to configure SIMP repos
1275
+ # @param disable [Array[String]] List of repos to disable
1276
+ # @raise [StandardError] if disable contains an invalid repo name.
1178
1277
  #
1179
1278
  # Examples:
1180
1279
  # install_simp_repos( myhost ) # install all the repos an enable them.
1181
1280
  # install_simp_repos( myhost, ['simp']) # install the repos but disable the simp repo.
1182
1281
  #
1183
- # Current set of valid SIMP repo names:
1184
- # 'simp'
1185
- # 'simp_deps'
1282
+ # Valid repo names include any repository available on the system.
1186
1283
  #
1187
- def install_simp_repos(sut, disable = [] )
1188
- repos = {
1189
- 'simp' => {
1190
- :baseurl => 'https://packagecloud.io/simp-project/6_X/el/$releasever/$basearch',
1191
- :gpgkey => ['https://raw.githubusercontent.com/NationalSecurityAgency/SIMP/master/GPGKEYS/RPM-GPG-KEY-SIMP',
1192
- 'https://download.simp-project.com/simp/GPGKEYS/RPM-GPG-KEY-SIMP-6'
1193
- ],
1194
- :gpgcheck => 1,
1195
- :sslverify => 1,
1196
- :sslcacert => '/etc/pki/tls/certs/ca-bundle.crt',
1197
- :metadata_expire => 300
1198
- },
1199
- 'simp_deps' => {
1200
- :baseurl => 'https://packagecloud.io/simp-project/6_X_Dependencies/el/$releasever/$basearch',
1201
- :gpgkey => ['https://raw.githubusercontent.com/NationalSecurityAgency/SIMP/master/GPGKEYS/RPM-GPG-KEY-SIMP',
1202
- 'https://download.simp-project.com/simp/GPGKEYS/RPM-GPG-KEY-SIMP-6',
1203
- 'https://yum.puppet.com/RPM-GPG-KEY-puppetlabs',
1204
- 'https://yum.puppet.com/RPM-GPG-KEY-puppet',
1205
- 'https://apt.postgresql.org/pub/repos/yum/RPM-GPG-KEY-PGDG-96',
1206
- 'https://artifacts.elastic.co/GPG-KEY-elasticsearch',
1207
- 'https://grafanarel.s3.amazonaws.com/RPM-GPG-KEY-grafana',
1208
- 'https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-$releasever'
1209
- ],
1210
- :gpgcheck => 1,
1211
- :sslverify => 1,
1212
- :sslcacert => '/etc/pki/tls/certs/ca-bundle.crt',
1213
- :metadata_expire => 300
1214
- }
1215
- }
1216
- # Verify that the repos passed to disable are in the list of valid repos
1217
- disable.each { |d|
1218
- unless repos.has_key?(d)
1219
- raise("ERROR: install_simp_repo - disable contains invalid SIMP repo '#{d}'.")
1284
+ # For backwards compatibility purposes, the following translations are
1285
+ # automatically performed:
1286
+ #
1287
+ # * 'simp'
1288
+ # * 'simp-community-simp'
1289
+ #
1290
+ # * 'simp_deps'
1291
+ # * 'simp-community-epel'
1292
+ # * 'simp-community-postgres'
1293
+ # * 'simp-community-puppet'
1294
+ #
1295
+ def install_simp_repos(sut, disable = [])
1296
+ # NOTE: Do *NOT* use puppet in this method since it may not be available yet
1297
+
1298
+ if on(sut, 'rpm -q yum-utils', :accept_all_exit_codes => true).exit_code != 0
1299
+ on(
1300
+ sut,
1301
+ 'yum -y install yum-utils',
1302
+ :max_retries => 3,
1303
+ :retry_interval => 10
1304
+ )
1305
+ end
1306
+
1307
+ if on(sut, 'rpm -q simp-release-community', :accept_all_exit_codes => true).exit_code != 0
1308
+ on(
1309
+ sut,
1310
+ 'yum -y install "https://download.simp-project.com/simp-release-community.rpm"',
1311
+ :max_retries => 3,
1312
+ :retry_interval => 10
1313
+ )
1314
+ end
1315
+
1316
+ to_disable = disable.dup
1317
+
1318
+ unless to_disable.empty?
1319
+ if to_disable.include?('simp')
1320
+ to_disable.delete('simp')
1321
+ to_disable << 'simp-community-simp'
1220
1322
  end
1221
- }
1222
- repo_manifest = ''
1223
- repos.each { | repo, metadata|
1224
- metadata[:enabled] = disable.include?(repo) ? 0 : 1
1225
- repo_manifest << create_yum_resource(repo, metadata)
1226
- }
1227
- apply_manifest_on(sut, repo_manifest, :catch_failures => true)
1228
- end
1229
- end
1230
1323
 
1324
+ if to_disable.include?('simp_deps')
1325
+ to_disable.delete('simp_deps')
1326
+ to_disable << 'simp-community-epel'
1327
+ to_disable << 'simp-community-postgres'
1328
+ to_disable << 'simp-community-puppet'
1329
+ end
1231
1330
 
1331
+ # NOTE: This --enablerepo enables the repos for listing and is inherited
1332
+ # from YUM. This does not actually "enable" the repos, that would require
1333
+ # the "--enable" option (from yum-config-manager) :-D.
1334
+ #
1335
+ # Note: Certain versions of EL8 do not dump by default and EL7 does not
1336
+ # have the '--dump' option.
1337
+ available_repos = on(sut, %{yum-config-manager --enablerepo="*" || yum-config-manager --enablerepo="*" --dump}).stdout.lines.grep(/\A\[(.+)\]\Z/){|x| $1}
1338
+
1339
+ invalid_repos = (to_disable - available_repos)
1340
+
1341
+ # Verify that the repos passed to disable are in the list of valid repos
1342
+ unless invalid_repos.empty?
1343
+ logger.warn(%{WARN: install_simp_repo - requested repos to disable do not exist on the target system '#{invalid_repos.join("', '")}'.})
1344
+ end
1345
+
1346
+ (to_disable - invalid_repos).each do |repo|
1347
+ on(sut, %{yum-config-manager --disable "#{repo}"})
1348
+ end
1349
+ end
1350
+ end
1351
+ end