simp-beaker-helpers 1.19.4 → 1.20.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +15 -0
- data/lib/simp/beaker_helpers.rb +69 -9
- data/lib/simp/beaker_helpers/constants.rb +5 -1
- data/lib/simp/beaker_helpers/version.rb +1 -1
- data/spec/acceptance/nodesets/default.yml +22 -5
- data/spec/acceptance/nodesets/ubuntu.yml +20 -0
- metadata +4 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 3223751413072f7e62097c273b72fa130bcc083701b418c5927bd97897a9f9c5
|
|
4
|
+
data.tar.gz: 89c0620294618b21000ff2b79504df5bbe27f199b0bd4eb17ed69ce987d12899
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 9179b27932ec80ecfddb09eb4ea2ba778c99513e31d341d7a85606f63ed85e152af7686b90f5e0a46ee11c50dd5aafe300f148069d6d4a87515fdb7e034fa8ed
|
|
7
|
+
data.tar.gz: a05d10fdcdc609bcc9e2886b19f856304b8b2386d0377ad0680c0d712a1d6fdad2619908267fc196f55dfaa5339452abc1638d428431d4ce4171689b017519d3
|
data/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,18 @@
|
|
|
1
|
+
### 1.20.0 / 2021-01-05
|
|
2
|
+
* Added:
|
|
3
|
+
* A `enable_epel_on` function that follows the instructions on the EPEL
|
|
4
|
+
website to properly enable EPEL on hosts. May be disabled using
|
|
5
|
+
`BEAKER_enable_epel=no`.
|
|
6
|
+
* An Ubuntu nodeset to make sure our default settings don't destroy other
|
|
7
|
+
Linux systems.
|
|
8
|
+
* Added has_crypto_policies method for determining if crypto policies are
|
|
9
|
+
present on the SUT
|
|
10
|
+
* Added munge_ssh_crypto_policies to allow vagrant to SSH back into systems
|
|
11
|
+
with restrictive crypto policies (usually FIPS)
|
|
12
|
+
* Fixed:
|
|
13
|
+
* Modify all crypto-policy backend files to support ssh-rsa keys
|
|
14
|
+
* Try harder when doing yum installations
|
|
15
|
+
|
|
1
16
|
### 1.19.4 / 2021-01-05
|
|
2
17
|
* Fixed:
|
|
3
18
|
* Only return a default empty string when `pfact_on` finds a `nil` value
|
data/lib/simp/beaker_helpers.rb
CHANGED
|
@@ -321,6 +321,19 @@ module Simp::BeakerHelpers
|
|
|
321
321
|
pluginsync_on(suts) if opts[:pluginsync]
|
|
322
322
|
end
|
|
323
323
|
|
|
324
|
+
def has_crypto_policies(sut)
|
|
325
|
+
file_exists_on(sut, '/etc/crypto-policies/config')
|
|
326
|
+
end
|
|
327
|
+
|
|
328
|
+
def munge_ssh_crypto_policies(sut, key_types=['ssh-rsa'])
|
|
329
|
+
if has_crypto_policies(sut)
|
|
330
|
+
on(sut, "yum update -y crypto-policies", :accept_all_exit_codes => true)
|
|
331
|
+
|
|
332
|
+
# Since we may be doing this prior to having a box flip into FIPS mode, we
|
|
333
|
+
# need to find and modify *all* of the affected policies
|
|
334
|
+
on( sut, %{sed --follow-symlinks -i 's/PubkeyAcceptedKeyTypes\\(.\\)/PubkeyAcceptedKeyTypes\\1#{key_types.join(',')},/' $( grep -L ssh-rsa $( find /etc/crypto-policies /usr/share/crypto-policies -type f -a \\( -name '*.txt' -o -name '*.config' \\) -exec grep -l PubkeyAcceptedKeyTypes {} \\; ) ) })
|
|
335
|
+
end
|
|
336
|
+
end
|
|
324
337
|
|
|
325
338
|
# Configure and reboot SUTs into FIPS mode
|
|
326
339
|
def enable_fips_mode_on( suts = hosts )
|
|
@@ -374,17 +387,14 @@ module Simp::BeakerHelpers
|
|
|
374
387
|
on(sut, module_install_cmd)
|
|
375
388
|
end
|
|
376
389
|
|
|
377
|
-
# Enable FIPS and then reboot to finish.
|
|
378
|
-
on(sut, %(puppet apply --verbose #{fips_enable_modulepath} -e "class { 'fips': enabled => true }"))
|
|
379
|
-
|
|
380
390
|
# Work around Vagrant and cipher restrictions in EL8+
|
|
381
391
|
#
|
|
382
392
|
# Hopefully, Vagrant will update the used ciphers at some point but who
|
|
383
393
|
# knows when that will be
|
|
384
|
-
|
|
385
|
-
|
|
386
|
-
|
|
387
|
-
|
|
394
|
+
munge_ssh_crypto_policies(sut)
|
|
395
|
+
|
|
396
|
+
# Enable FIPS and then reboot to finish.
|
|
397
|
+
on(sut, %(puppet apply --verbose #{fips_enable_modulepath} -e "class { 'fips': enabled => true }"))
|
|
388
398
|
|
|
389
399
|
sut.reboot
|
|
390
400
|
end
|
|
@@ -477,6 +487,45 @@ module Simp::BeakerHelpers
|
|
|
477
487
|
repo_manifest = repo_manifest + %(\n#{repo_manifest_opts.join(",\n")}) + "\n}\n"
|
|
478
488
|
end
|
|
479
489
|
|
|
490
|
+
# Enable EPEL if appropriate to do so and the system is online
|
|
491
|
+
#
|
|
492
|
+
# Can be disabled by setting BEAKER_enable_epel=no
|
|
493
|
+
def enable_epel_on(sut)
|
|
494
|
+
if ONLINE && (ENV['BEAKER_stringify_facts'] != 'no')
|
|
495
|
+
os_info = fact_on(sut, 'os')
|
|
496
|
+
os_maj_rel = os_info['release']['major']
|
|
497
|
+
|
|
498
|
+
# This is based on the official EPEL docs https://fedoraproject.org/wiki/EPEL
|
|
499
|
+
if ['RedHat', 'CentOS'].include?(os_info['name'])
|
|
500
|
+
on(
|
|
501
|
+
sut,
|
|
502
|
+
%{yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-#{os_maj_rel}.noarch.rpm},
|
|
503
|
+
:max_retries => 3,
|
|
504
|
+
:retry_interval => 10
|
|
505
|
+
)
|
|
506
|
+
|
|
507
|
+
if os_info['name'] == 'RedHat'
|
|
508
|
+
if os_maj_rel == '7'
|
|
509
|
+
on sut, %{subscription-manager repos --enable "rhel-*-optional-rpms"}
|
|
510
|
+
on sut, %{subscription-manager repos --enable "rhel-*-extras-rpms"}
|
|
511
|
+
on sut, %{subscription-manager repos --enable "rhel-ha-for-rhel-*-server-rpms"}
|
|
512
|
+
end
|
|
513
|
+
|
|
514
|
+
if os_maj_rel == '8'
|
|
515
|
+
on sut, %{subscription-manager repos --enable "codeready-builder-for-rhel-8-#{os_info['architecture']}-rpms"}
|
|
516
|
+
end
|
|
517
|
+
end
|
|
518
|
+
|
|
519
|
+
if os_info['name'] == 'CentOS'
|
|
520
|
+
if os_maj_rel == '8'
|
|
521
|
+
# 8.0 fallback
|
|
522
|
+
on sut, %{dnf config-manager --set-enabled powertools || dnf config-manager --set-enabled PowerTools}
|
|
523
|
+
end
|
|
524
|
+
end
|
|
525
|
+
end
|
|
526
|
+
end
|
|
527
|
+
end
|
|
528
|
+
|
|
480
529
|
def linux_errata( sut )
|
|
481
530
|
# We need to be able to flip between server and client without issue
|
|
482
531
|
on sut, 'puppet resource group puppet gid=52'
|
|
@@ -562,6 +611,7 @@ module Simp::BeakerHelpers
|
|
|
562
611
|
end
|
|
563
612
|
|
|
564
613
|
enable_yum_repos_on(sut)
|
|
614
|
+
enable_epel_on(sut)
|
|
565
615
|
|
|
566
616
|
# net-tools required for netstat utility being used by be_listening
|
|
567
617
|
if fact_on(sut, 'operatingsystemmajrelease') == '7'
|
|
@@ -1246,11 +1296,21 @@ done
|
|
|
1246
1296
|
# NOTE: Do *NOT* use puppet in this method since it may not be available yet
|
|
1247
1297
|
|
|
1248
1298
|
if on(sut, 'rpm -q yum-utils', :accept_all_exit_codes => true).exit_code != 0
|
|
1249
|
-
on(
|
|
1299
|
+
on(
|
|
1300
|
+
sut,
|
|
1301
|
+
'yum -y install yum-utils',
|
|
1302
|
+
:max_retries => 3,
|
|
1303
|
+
:retry_interval => 10
|
|
1304
|
+
)
|
|
1250
1305
|
end
|
|
1251
1306
|
|
|
1252
1307
|
if on(sut, 'rpm -q simp-release-community', :accept_all_exit_codes => true).exit_code != 0
|
|
1253
|
-
on(
|
|
1308
|
+
on(
|
|
1309
|
+
sut,
|
|
1310
|
+
'yum -y install "https://download.simp-project.com/simp-release-community.rpm"',
|
|
1311
|
+
:max_retries => 3,
|
|
1312
|
+
:retry_interval => 10
|
|
1313
|
+
)
|
|
1254
1314
|
end
|
|
1255
1315
|
|
|
1256
1316
|
to_disable = disable.dup
|
|
@@ -17,7 +17,11 @@ module Simp::BeakerHelpers
|
|
|
17
17
|
require 'open-uri'
|
|
18
18
|
|
|
19
19
|
begin
|
|
20
|
-
|
|
20
|
+
if URI.respond_to?(:open)
|
|
21
|
+
ONLINE = true if URI.open('http://google.com')
|
|
22
|
+
else
|
|
23
|
+
ONLINE = true if open('http://google.com')
|
|
24
|
+
end
|
|
21
25
|
rescue
|
|
22
26
|
ONLINE = false
|
|
23
27
|
end
|
|
@@ -6,21 +6,27 @@
|
|
|
6
6
|
end
|
|
7
7
|
-%>
|
|
8
8
|
HOSTS:
|
|
9
|
-
|
|
9
|
+
el7:
|
|
10
10
|
roles:
|
|
11
|
-
- server
|
|
12
|
-
- master
|
|
13
|
-
- default
|
|
14
11
|
- el7
|
|
12
|
+
- master
|
|
15
13
|
platform: el-7-x86_64
|
|
16
14
|
box: centos/7
|
|
17
15
|
hypervisor: <%= hypervisor %>
|
|
18
16
|
|
|
19
|
-
|
|
17
|
+
el8:
|
|
18
|
+
roles:
|
|
19
|
+
- el8
|
|
20
|
+
platform: el-8-x86_64
|
|
21
|
+
box: centos/8
|
|
22
|
+
hypervisor: <%= hypervisor %>
|
|
23
|
+
|
|
24
|
+
el8-0:
|
|
20
25
|
roles:
|
|
21
26
|
- el8
|
|
22
27
|
platform: el-8-x86_64
|
|
23
28
|
box: centos/8
|
|
29
|
+
box_version: "1905.1"
|
|
24
30
|
hypervisor: <%= hypervisor %>
|
|
25
31
|
|
|
26
32
|
CONFIG:
|
|
@@ -30,3 +36,14 @@ CONFIG:
|
|
|
30
36
|
<% if ENV['BEAKER_PUPPET_COLLECTION'] -%>
|
|
31
37
|
puppet_collection: <%= ENV['BEAKER_PUPPET_COLLECTION'] %>
|
|
32
38
|
<% end -%>
|
|
39
|
+
ssh:
|
|
40
|
+
keepalive: true
|
|
41
|
+
keepalive_interval: 10
|
|
42
|
+
host_key:
|
|
43
|
+
- <%= Net::SSH::Transport::Algorithms::ALGORITHMS[:host_key].join("\n#{' '*6}- ") %>
|
|
44
|
+
kex:
|
|
45
|
+
- <%= Net::SSH::Transport::Algorithms::ALGORITHMS[:kex].join("\n#{' '*6}- ") %>
|
|
46
|
+
encryption:
|
|
47
|
+
- <%= Net::SSH::Transport::Algorithms::ALGORITHMS[:encryption].join("\n#{' '*6}- ") %>
|
|
48
|
+
hmac:
|
|
49
|
+
- <%= Net::SSH::Transport::Algorithms::ALGORITHMS[:hmac].join("\n#{' '*6}- ") %>
|
|
@@ -0,0 +1,20 @@
|
|
|
1
|
+
<%
|
|
2
|
+
if ENV['BEAKER_HYPERVISOR']
|
|
3
|
+
hypervisor = ENV['BEAKER_HYPERVISOR']
|
|
4
|
+
else
|
|
5
|
+
hypervisor = 'vagrant'
|
|
6
|
+
end
|
|
7
|
+
-%>
|
|
8
|
+
HOSTS:
|
|
9
|
+
focal:
|
|
10
|
+
platform: ubuntu-20.04-x86_64
|
|
11
|
+
box: ubuntu/focal64
|
|
12
|
+
hypervisor: <%= hypervisor %>
|
|
13
|
+
|
|
14
|
+
CONFIG:
|
|
15
|
+
log_level: verbose
|
|
16
|
+
type: aio
|
|
17
|
+
vagrant_memsize: 256
|
|
18
|
+
<% if ENV['BEAKER_PUPPET_COLLECTION'] -%>
|
|
19
|
+
puppet_collection: <%= ENV['BEAKER_PUPPET_COLLECTION'] %>
|
|
20
|
+
<% end -%>
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: simp-beaker-helpers
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.20.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Chris Tessmer
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2021-01-
|
|
12
|
+
date: 2021-01-08 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: beaker
|
|
@@ -188,6 +188,7 @@ files:
|
|
|
188
188
|
- lib/simp/rake/beaker.rb
|
|
189
189
|
- simp-beaker-helpers.gemspec
|
|
190
190
|
- spec/acceptance/nodesets/default.yml
|
|
191
|
+
- spec/acceptance/nodesets/ubuntu.yml
|
|
191
192
|
- spec/acceptance/suites/default/check_puppet_version_spec.rb
|
|
192
193
|
- spec/acceptance/suites/default/enable_fips_spec.rb
|
|
193
194
|
- spec/acceptance/suites/default/fixture_modules_spec.rb
|
|
@@ -241,6 +242,7 @@ specification_version: 4
|
|
|
241
242
|
summary: beaker helper methods for SIMP
|
|
242
243
|
test_files:
|
|
243
244
|
- spec/acceptance/nodesets/default.yml
|
|
245
|
+
- spec/acceptance/nodesets/ubuntu.yml
|
|
244
246
|
- spec/acceptance/suites/default/check_puppet_version_spec.rb
|
|
245
247
|
- spec/acceptance/suites/default/enable_fips_spec.rb
|
|
246
248
|
- spec/acceptance/suites/default/fixture_modules_spec.rb
|