simp-beaker-helpers 1.20.0 → 1.22.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.fips_fixtures +1 -0
- data/.github/workflows/pr_glci.yml +190 -0
- data/.github/workflows/pr_glci_cleanup.yml +105 -0
- data/.github/workflows/pr_glci_manual.yml +143 -0
- data/.github/workflows/tag_deploy_rubygem.yml +152 -0
- data/.gitlab-ci.yml +24 -37
- data/CHANGELOG.md +53 -0
- data/README.md +63 -5
- data/lib/simp/beaker_helpers.rb +431 -237
- data/lib/simp/beaker_helpers/version.rb +1 -1
- data/lib/simp/rake/beaker.rb +6 -0
- data/simp-beaker-helpers.gemspec +3 -0
- data/spec/acceptance/nodesets/docker.yml +36 -0
- data/spec/acceptance/suites/default/check_puppet_version_spec.rb +1 -1
- data/spec/acceptance/suites/default/fixture_modules_spec.rb +6 -0
- data/spec/acceptance/suites/default/install_simp_deps_repo_spec.rb +17 -5
- data/spec/acceptance/suites/default/nodesets +1 -1
- data/spec/acceptance/suites/fips_from_fixtures/00_default_spec.rb +1 -0
- data/spec/acceptance/suites/fips_from_fixtures/nodesets +1 -1
- data/spec/acceptance/suites/snapshot/nodesets +1 -1
- metadata +14 -8
- data/.travis.yml +0 -42
data/lib/simp/beaker_helpers.rb
CHANGED
@@ -18,6 +18,95 @@ module Simp::BeakerHelpers
|
|
18
18
|
"simp-beaker-helpers-#{t}-#{$$}-#{rand(0x100000000).to_s(36)}.tmp"
|
19
19
|
end
|
20
20
|
|
21
|
+
# Sets a single YUM option in the form that yum-config-manager/dnf
|
22
|
+
# config-manager would expect.
|
23
|
+
#
|
24
|
+
# If not prefaced with a repository, the option will be applied globally.
|
25
|
+
#
|
26
|
+
# Has no effect if yum or dnf is not present.
|
27
|
+
def set_yum_opt_on(suts, key, value)
|
28
|
+
parallel = (ENV['BEAKER_SIMP_parallel'] == 'yes')
|
29
|
+
block_on(suts, :run_in_parallel => parallel) do |sut|
|
30
|
+
repo,target = key.split('.')
|
31
|
+
|
32
|
+
unless target
|
33
|
+
key = "\\*.#{repo}"
|
34
|
+
end
|
35
|
+
|
36
|
+
command = nil
|
37
|
+
if !sut.which('dnf').empty?
|
38
|
+
install_package_unless_present_on(sut, 'dnf-plugins-core', :accept_all_exit_codes => true)
|
39
|
+
command = 'dnf config-manager'
|
40
|
+
elsif !sut.which('yum').empty?
|
41
|
+
command = 'yum-config-manager'
|
42
|
+
end
|
43
|
+
|
44
|
+
on(sut, %{#{command} --save --setopt=#{key}=#{value}}, :silent => true) if command
|
45
|
+
end
|
46
|
+
end
|
47
|
+
|
48
|
+
# Takes a hash of YUM options to set in the form that yum-config-manager/dnf
|
49
|
+
# config-manager would expect.
|
50
|
+
#
|
51
|
+
# If not prefaced with a repository, the option will be applied globally.
|
52
|
+
#
|
53
|
+
# Example:
|
54
|
+
# {
|
55
|
+
# 'skip_if_unavailable' => '1', # Applies globally
|
56
|
+
# 'foo.installonly_limit' => '5' # Applies only to the 'foo' repo
|
57
|
+
# }
|
58
|
+
def set_yum_opts_on(suts, yum_opts={})
|
59
|
+
parallel = (ENV['BEAKER_SIMP_parallel'] == 'yes')
|
60
|
+
block_on(suts, :run_in_parallel => parallel) do |sut|
|
61
|
+
yum_opts.each_pair do |k,v|
|
62
|
+
set_yum_opt_on(sut, k, v)
|
63
|
+
end
|
64
|
+
end
|
65
|
+
end
|
66
|
+
|
67
|
+
def install_package_unless_present_on(suts, package_name, package_source=nil, opts={})
|
68
|
+
default_opts = {
|
69
|
+
max_retries: 3,
|
70
|
+
retry_interval: 10
|
71
|
+
}
|
72
|
+
|
73
|
+
parallel = (ENV['BEAKER_SIMP_parallel'] == 'yes')
|
74
|
+
block_on(suts, :run_in_parallel => parallel) do |sut|
|
75
|
+
package_source = package_name unless package_source
|
76
|
+
|
77
|
+
unless sut.check_for_package(package_name)
|
78
|
+
sut.install_package(
|
79
|
+
package_source,
|
80
|
+
'',
|
81
|
+
nil,
|
82
|
+
default_opts.merge(opts)
|
83
|
+
)
|
84
|
+
end
|
85
|
+
end
|
86
|
+
end
|
87
|
+
|
88
|
+
def install_latest_package_on(suts, package_name, package_source=nil, opts={})
|
89
|
+
default_opts = {
|
90
|
+
max_retries: 3,
|
91
|
+
retry_interval: 10
|
92
|
+
}
|
93
|
+
|
94
|
+
parallel = (ENV['BEAKER_SIMP_parallel'] == 'yes')
|
95
|
+
block_on(suts, :run_in_parallel => parallel) do |sut|
|
96
|
+
package_source = package_name unless package_source
|
97
|
+
|
98
|
+
if sut.check_for_package(package_name)
|
99
|
+
sut.upgrade_package(
|
100
|
+
package_source,
|
101
|
+
'',
|
102
|
+
default_opts.merge(opts)
|
103
|
+
)
|
104
|
+
else
|
105
|
+
install_package_unless_present_on(sut, package_name, package_source, opts)
|
106
|
+
end
|
107
|
+
end
|
108
|
+
end
|
109
|
+
|
21
110
|
def is_windows?(sut)
|
22
111
|
sut[:platform] =~ /windows/i
|
23
112
|
end
|
@@ -80,7 +169,30 @@ module Simp::BeakerHelpers
|
|
80
169
|
else
|
81
170
|
container_id = sut.host_hash[:docker_container_id]
|
82
171
|
end
|
83
|
-
|
172
|
+
|
173
|
+
if ENV['BEAKER_docker_cmd']
|
174
|
+
docker_cmd = ENV['BEAKER_docker_cmd']
|
175
|
+
else
|
176
|
+
docker_cmd = 'docker'
|
177
|
+
|
178
|
+
if ::Docker.version['Components'].any?{|x| x['Name'] =~ /podman/i}
|
179
|
+
docker_cmd = 'podman'
|
180
|
+
|
181
|
+
if ENV['CONTAINER_HOST']
|
182
|
+
docker_cmd = 'podman --remote'
|
183
|
+
elsif ENV['DOCKER_HOST']
|
184
|
+
docker_cmd = "podman --remote --url=#{ENV['DOCKER_HOST']}"
|
185
|
+
end
|
186
|
+
end
|
187
|
+
end
|
188
|
+
|
189
|
+
unless directory_exists_on(sut, dest)
|
190
|
+
dest = File.dirname(dest)
|
191
|
+
sut.mkdir_p(dest)
|
192
|
+
end
|
193
|
+
|
194
|
+
%x(tar #{exclude_list.join(' ')} -hcf - -C "#{File.dirname(src)}" "#{File.basename(src)}" | #{docker_cmd} exec -i "#{container_id}" tar -C "#{dest}" -xf -)
|
195
|
+
|
84
196
|
elsif rsync_functional_on?(sut)
|
85
197
|
# This makes rsync_to work like beaker and scp usually do
|
86
198
|
exclude_hack = %(__-__' -L --exclude '__-__)
|
@@ -116,34 +228,34 @@ module Simp::BeakerHelpers
|
|
116
228
|
|
117
229
|
# use the `puppet fact` face to look up facts on an SUT
|
118
230
|
def pfact_on(sut, fact_name)
|
119
|
-
|
120
|
-
|
231
|
+
found_fact = nil
|
121
232
|
# If puppet is not installed, there are no puppet facts to fetch
|
122
233
|
if sut.which('puppet').empty?
|
123
|
-
fact_on(sut, fact_name
|
234
|
+
found_fact = fact_on(sut, fact_name)
|
124
235
|
else
|
125
236
|
facts_json = nil
|
126
237
|
begin
|
127
238
|
cmd_output = on(sut, 'facter -p --json', :silent => true)
|
128
|
-
|
129
239
|
# Facter 4+
|
130
240
|
raise('skip facter -p') if (cmd_output.stderr =~ /no longer supported/)
|
131
241
|
|
132
|
-
facts = JSON.parse(cmd_output.stdout
|
242
|
+
facts = JSON.parse(cmd_output.stdout)
|
133
243
|
rescue StandardError
|
134
244
|
# If *anything* fails, we need to fall back to `puppet facts`
|
135
245
|
|
136
246
|
facts_json = on(sut, 'puppet facts find garbage_xxx', :silent => true).stdout
|
137
|
-
facts = JSON.parse(facts_json
|
247
|
+
facts = JSON.parse(facts_json)['values']
|
138
248
|
end
|
139
249
|
|
140
250
|
found_fact = facts.dig(*(fact_name.split('.')))
|
141
251
|
|
142
|
-
#
|
143
|
-
|
144
|
-
|
145
|
-
return found_fact
|
252
|
+
# If we did not find a fact, we should use the upstream function since
|
253
|
+
# puppet may be installed via a gem or through some other means.
|
254
|
+
found_fact = fact_on(sut, fact_name) if found_fact.nil?
|
146
255
|
end
|
256
|
+
|
257
|
+
# Ensure that Hashes return as Hash objects
|
258
|
+
found_fact.is_a?(OpenStruct) ? found_fact.marshal_dump : found_fact
|
147
259
|
end
|
148
260
|
|
149
261
|
# Returns the modulepath on the SUT, as an Array
|
@@ -325,13 +437,16 @@ module Simp::BeakerHelpers
|
|
325
437
|
file_exists_on(sut, '/etc/crypto-policies/config')
|
326
438
|
end
|
327
439
|
|
328
|
-
def munge_ssh_crypto_policies(
|
329
|
-
|
330
|
-
|
440
|
+
def munge_ssh_crypto_policies(suts, key_types=['ssh-rsa'])
|
441
|
+
parallel = (ENV['BEAKER_SIMP_parallel'] == 'yes')
|
442
|
+
block_on(suts, :run_in_parallel => parallel) do |sut|
|
443
|
+
if has_crypto_policies(sut)
|
444
|
+
install_latest_package_on(sut, 'crypto-policies', nil, :accept_all_exit_codes => true)
|
331
445
|
|
332
|
-
|
333
|
-
|
334
|
-
|
446
|
+
# Since we may be doing this prior to having a box flip into FIPS mode, we
|
447
|
+
# need to find and modify *all* of the affected policies
|
448
|
+
on( sut, %{sed --follow-symlinks -i 's/\\(HostKeyAlgorithms\\|PubkeyAcceptedKeyTypes\\)\\(.\\)/\\1\\2#{key_types.join(',')},/g' $( grep -L ssh-rsa $( find /etc/crypto-policies /usr/share/crypto-policies -type f -a \\( -name '*.txt' -o -name '*.config' \\) -exec grep -l PubkeyAcceptedKeyTypes {} \\; ) ) })
|
449
|
+
end
|
335
450
|
end
|
336
451
|
end
|
337
452
|
|
@@ -341,7 +456,10 @@ module Simp::BeakerHelpers
|
|
341
456
|
puts ' -- (use BEAKER_fips=no to disable)'
|
342
457
|
parallel = (ENV['BEAKER_SIMP_parallel'] == 'yes')
|
343
458
|
|
459
|
+
parallel = (ENV['BEAKER_SIMP_parallel'] == 'yes')
|
344
460
|
block_on(suts, :run_in_parallel => parallel) do |sut|
|
461
|
+
next if sut[:hypervisor] == 'docker'
|
462
|
+
|
345
463
|
if is_windows?(sut)
|
346
464
|
puts " -- SKIPPING #{sut} because it is windows"
|
347
465
|
next
|
@@ -378,13 +496,16 @@ module Simp::BeakerHelpers
|
|
378
496
|
|
379
497
|
fips_enable_modulepath = '--modulepath=/root/.beaker_fips/modules'
|
380
498
|
|
381
|
-
|
499
|
+
modules_to_install = {
|
500
|
+
'simp-fips' => ENV['BEAKER_fips_module_version'],
|
501
|
+
'simp-crypto_policy' => nil
|
502
|
+
}
|
382
503
|
|
383
|
-
|
384
|
-
module_install_cmd
|
504
|
+
modules_to_install.each_pair do |to_install, version|
|
505
|
+
module_install_cmd = "puppet module install #{to_install} --target-dir=/root/.beaker_fips/modules"
|
506
|
+
module_install_cmd += " --version #{version}" if version
|
507
|
+
on(sut, module_install_cmd)
|
385
508
|
end
|
386
|
-
|
387
|
-
on(sut, module_install_cmd)
|
388
509
|
end
|
389
510
|
|
390
511
|
# Work around Vagrant and cipher restrictions in EL8+
|
@@ -490,139 +611,173 @@ module Simp::BeakerHelpers
|
|
490
611
|
# Enable EPEL if appropriate to do so and the system is online
|
491
612
|
#
|
492
613
|
# Can be disabled by setting BEAKER_enable_epel=no
|
493
|
-
def enable_epel_on(
|
494
|
-
|
495
|
-
|
496
|
-
|
497
|
-
|
498
|
-
|
499
|
-
|
500
|
-
on
|
501
|
-
|
502
|
-
|
503
|
-
|
504
|
-
|
505
|
-
|
614
|
+
def enable_epel_on(suts)
|
615
|
+
parallel = (ENV['BEAKER_SIMP_parallel'] == 'yes')
|
616
|
+
block_on(suts, :run_in_parallel => parallel) do |sut|
|
617
|
+
if ONLINE
|
618
|
+
os_info = fact_on(sut, 'os')
|
619
|
+
os_maj_rel = os_info['release']['major']
|
620
|
+
|
621
|
+
# This is based on the official EPEL docs https://fedoraproject.org/wiki/EPEL
|
622
|
+
case os_info['name']
|
623
|
+
when 'RedHat','CentOS'
|
624
|
+
install_latest_package_on(
|
625
|
+
sut,
|
626
|
+
'epel-release',
|
627
|
+
"https://dl.fedoraproject.org/pub/epel/epel-release-latest-#{os_maj_rel}.noarch.rpm",
|
628
|
+
)
|
629
|
+
|
630
|
+
if os_info['name'] == 'RedHat'
|
631
|
+
if os_maj_rel == '7'
|
632
|
+
on sut, %{subscription-manager repos --enable "rhel-*-optional-rpms"}
|
633
|
+
on sut, %{subscription-manager repos --enable "rhel-*-extras-rpms"}
|
634
|
+
on sut, %{subscription-manager repos --enable "rhel-ha-for-rhel-*-server-rpms"}
|
635
|
+
end
|
506
636
|
|
507
|
-
|
508
|
-
|
509
|
-
|
510
|
-
on sut, %{subscription-manager repos --enable "rhel-*-extras-rpms"}
|
511
|
-
on sut, %{subscription-manager repos --enable "rhel-ha-for-rhel-*-server-rpms"}
|
637
|
+
if os_maj_rel == '8'
|
638
|
+
on sut, %{subscription-manager repos --enable "codeready-builder-for-rhel-8-#{os_info['architecture']}-rpms"}
|
639
|
+
end
|
512
640
|
end
|
513
641
|
|
514
|
-
if
|
515
|
-
|
642
|
+
if os_info['name'] == 'CentOS'
|
643
|
+
if os_maj_rel == '8'
|
644
|
+
# 8.0 fallback
|
645
|
+
install_latest_package_on(sut, 'dnf-plugins-core')
|
646
|
+
on sut, %{dnf config-manager --set-enabled powertools || dnf config-manager --set-enabled PowerTools}
|
647
|
+
end
|
516
648
|
end
|
649
|
+
when 'OracleLinux'
|
650
|
+
package_name = "oracle-epel-release-el#{os_maj_rel}"
|
651
|
+
install_latest_package_on(sut,package_name)
|
517
652
|
end
|
518
653
|
|
519
|
-
if os_info['name'] == 'CentOS'
|
520
|
-
if os_maj_rel == '8'
|
521
|
-
# 8.0 fallback
|
522
|
-
on sut, %{dnf config-manager --set-enabled powertools || dnf config-manager --set-enabled PowerTools}
|
523
|
-
end
|
524
|
-
end
|
525
654
|
end
|
526
655
|
end
|
527
656
|
end
|
528
657
|
|
529
|
-
def
|
530
|
-
|
531
|
-
|
532
|
-
|
658
|
+
def update_package_from_centos_stream(suts, package_name)
|
659
|
+
parallel = (ENV['BEAKER_SIMP_parallel'] == 'yes')
|
660
|
+
block_on(suts, :run_in_parallel => parallel) do |sut|
|
661
|
+
sut.install_package('centos-release-stream') unless sut.check_for_package('centos-release-stream')
|
662
|
+
install_latest_package_on(sut, package_name)
|
663
|
+
sut.uninstall_package('centos-release-stream')
|
664
|
+
end
|
665
|
+
end
|
533
666
|
|
534
|
-
|
535
|
-
|
536
|
-
|
667
|
+
def linux_errata( suts )
|
668
|
+
parallel = (ENV['BEAKER_SIMP_parallel'] == 'yes')
|
669
|
+
block_on(suts, :run_in_parallel => parallel) do |sut|
|
670
|
+
# We need to be able to flip between server and client without issue
|
671
|
+
on sut, 'puppet resource group puppet gid=52'
|
672
|
+
on sut, 'puppet resource user puppet comment="Puppet" gid="52" uid="52" home="/var/lib/puppet" managehome=true'
|
537
673
|
|
538
|
-
|
539
|
-
new_fqdn = hostname + '.beaker.test'
|
674
|
+
os_info = fact_on(sut, 'os')
|
540
675
|
|
541
|
-
|
542
|
-
|
543
|
-
|
676
|
+
# Make sure we have a domain on our host
|
677
|
+
current_domain = fact_on(sut, 'domain').strip
|
678
|
+
hostname = fact_on(sut, 'hostname').strip
|
544
679
|
|
545
|
-
if
|
546
|
-
|
547
|
-
on(sut, "echo 'HOSTNAME=#{new_fqdn}' >> /etc/sysconfig/network")
|
548
|
-
end
|
549
|
-
end
|
680
|
+
if current_domain.empty?
|
681
|
+
new_fqdn = hostname + '.beaker.test'
|
550
682
|
|
551
|
-
|
552
|
-
|
553
|
-
|
683
|
+
on(sut, "sed -i 's/#{hostname}.*/#{new_fqdn} #{hostname}/' /etc/hosts")
|
684
|
+
on(sut, "echo '#{new_fqdn}' > /etc/hostname", :accept_all_exit_codes => true)
|
685
|
+
on(sut, "hostname #{new_fqdn}", :accept_all_exit_codes => true)
|
554
686
|
|
555
|
-
|
556
|
-
|
557
|
-
|
558
|
-
# flip to the SIMP SSH module.
|
559
|
-
on(sut, 'mkdir -p /etc/ssh/local_keys')
|
560
|
-
on(sut, 'chown -R root:root /etc/ssh/local_keys')
|
561
|
-
on(sut, 'chmod 755 /etc/ssh/local_keys')
|
562
|
-
|
563
|
-
user_info = on(sut, 'getent passwd').stdout.lines
|
564
|
-
|
565
|
-
# Hash of user => home_dir
|
566
|
-
# Exclude silly directories
|
567
|
-
# * /
|
568
|
-
# * /dev/*
|
569
|
-
# * /s?bin
|
570
|
-
# * /proc
|
571
|
-
user_info = Hash[
|
572
|
-
user_info.map do |u|
|
573
|
-
u.strip!
|
574
|
-
u = u.split(':')
|
575
|
-
u[5] =~ %r{^(/|/dev/.*|/s?bin/?.*|/proc/?.*)$} ? [nil] : [u[0], u[5]]
|
687
|
+
if sut.file_exist?('/etc/sysconfig/network')
|
688
|
+
on(sut, "sed -s '/HOSTNAME=/d' /etc/sysconfig/network")
|
689
|
+
on(sut, "echo 'HOSTNAME=#{new_fqdn}' >> /etc/sysconfig/network")
|
576
690
|
end
|
577
|
-
|
691
|
+
end
|
692
|
+
|
693
|
+
if fact_on(sut, 'domain').strip.empty?
|
694
|
+
fail("Error: hosts must have an FQDN, got domain='#{current_domain}'")
|
695
|
+
end
|
578
696
|
|
579
|
-
|
580
|
-
|
581
|
-
|
697
|
+
# This may not exist in docker so just skip the whole thing
|
698
|
+
if sut.file_exist?('/etc/ssh')
|
699
|
+
# SIMP uses a central ssh key location so we prep that spot in case we
|
700
|
+
# flip to the SIMP SSH module.
|
701
|
+
on(sut, 'mkdir -p /etc/ssh/local_keys')
|
702
|
+
on(sut, 'chown -R root:root /etc/ssh/local_keys')
|
703
|
+
on(sut, 'chmod 755 /etc/ssh/local_keys')
|
704
|
+
|
705
|
+
user_info = on(sut, 'getent passwd').stdout.lines
|
706
|
+
|
707
|
+
# Hash of user => home_dir
|
708
|
+
# Exclude silly directories
|
709
|
+
# * /
|
710
|
+
# * /dev/*
|
711
|
+
# * /s?bin
|
712
|
+
# * /proc
|
713
|
+
user_info = Hash[
|
714
|
+
user_info.map do |u|
|
715
|
+
u.strip!
|
716
|
+
u = u.split(':')
|
717
|
+
u[5] =~ %r{^(/|/dev/.*|/s?bin/?.*|/proc/?.*)$} ? [nil] : [u[0], u[5]]
|
718
|
+
end
|
719
|
+
]
|
582
720
|
|
583
|
-
|
721
|
+
user_info.keys.each do |user|
|
722
|
+
src_file = "#{user_info[user]}/.ssh/authorized_keys"
|
723
|
+
tgt_file = "/etc/ssh/local_keys/#{user}"
|
724
|
+
|
725
|
+
on(sut, %{if [ -f "#{src_file}" ]; then cp -a -f "#{src_file}" "#{tgt_file}" && chmod 644 "#{tgt_file}"; fi}, :silent => true)
|
726
|
+
end
|
584
727
|
end
|
585
|
-
end
|
586
728
|
|
587
|
-
|
588
|
-
|
589
|
-
|
590
|
-
|
729
|
+
# SIMP uses structured facts, therefore stringify_facts must be disabled
|
730
|
+
unless ENV['BEAKER_stringify_facts'] == 'yes'
|
731
|
+
on sut, 'puppet config set stringify_facts false'
|
732
|
+
end
|
591
733
|
|
592
|
-
|
593
|
-
|
594
|
-
|
595
|
-
|
596
|
-
|
597
|
-
|
598
|
-
|
734
|
+
# Occasionally we run across something similar to BKR-561, so to ensure we
|
735
|
+
# at least have the host defaults:
|
736
|
+
#
|
737
|
+
# :hieradatadir is used as a canary here; it isn't the only missing key
|
738
|
+
unless sut.host_hash.key? :hieradatadir
|
739
|
+
configure_type_defaults_on(sut)
|
740
|
+
end
|
599
741
|
|
600
|
-
|
601
|
-
|
602
|
-
|
603
|
-
|
604
|
-
|
605
|
-
|
742
|
+
if os_info['family'] == 'RedHat'
|
743
|
+
# OS-specific items
|
744
|
+
if os_info['name'] == 'RedHat'
|
745
|
+
RSpec.configure do |c|
|
746
|
+
c.before(:all) do
|
747
|
+
rhel_rhsm_subscribe(sut)
|
748
|
+
end
|
606
749
|
|
607
|
-
|
608
|
-
|
750
|
+
c.after(:all) do
|
751
|
+
rhel_rhsm_unsubscribe(sut)
|
752
|
+
end
|
609
753
|
end
|
610
754
|
end
|
611
|
-
end
|
612
755
|
|
613
|
-
|
614
|
-
|
756
|
+
if ['CentOS','RedHat','OracleLinux'].include?(os_info['name'])
|
757
|
+
enable_yum_repos_on(sut)
|
758
|
+
enable_epel_on(sut)
|
615
759
|
|
616
|
-
|
617
|
-
|
618
|
-
|
619
|
-
|
620
|
-
|
621
|
-
|
622
|
-
|
760
|
+
# net-tools required for netstat utility being used by be_listening
|
761
|
+
if os_info['release']['major'].to_i >= 7
|
762
|
+
pp = <<-EOS
|
763
|
+
package { 'net-tools': ensure => installed }
|
764
|
+
EOS
|
765
|
+
apply_manifest_on(sut, pp, :catch_failures => false)
|
766
|
+
end
|
767
|
+
|
768
|
+
unless sut[:hypervisor] == 'docker'
|
769
|
+
if (os_info['name'] == 'CentOS') && (os_info['release']['major'].to_i >= 8)
|
770
|
+
if os_info['release']['minor'].to_i == 3
|
771
|
+
update_package_from_centos_stream(sut, 'kernel')
|
772
|
+
sut.reboot
|
773
|
+
end
|
774
|
+
end
|
775
|
+
end
|
623
776
|
|
624
|
-
|
625
|
-
|
777
|
+
# Clean up YUM prior to starting our test runs.
|
778
|
+
on(sut, 'yum clean all')
|
779
|
+
end
|
780
|
+
end
|
626
781
|
end
|
627
782
|
end
|
628
783
|
|
@@ -630,85 +785,100 @@ module Simp::BeakerHelpers
|
|
630
785
|
#
|
631
786
|
# Must set BEAKER_RHSM_USER and BEAKER_RHSM_PASS environment variables or pass them in as
|
632
787
|
# parameters
|
633
|
-
def rhel_rhsm_subscribe(
|
788
|
+
def rhel_rhsm_subscribe(suts, *opts)
|
634
789
|
require 'securerandom'
|
635
790
|
|
636
|
-
|
637
|
-
|
638
|
-
|
639
|
-
|
640
|
-
|
641
|
-
|
642
|
-
|
643
|
-
'
|
644
|
-
|
645
|
-
|
646
|
-
|
647
|
-
|
648
|
-
|
649
|
-
|
650
|
-
'
|
651
|
-
|
791
|
+
parallel = (ENV['BEAKER_SIMP_parallel'] == 'yes')
|
792
|
+
block_on(suts, :run_in_parallel => parallel) do |sut|
|
793
|
+
rhsm_opts = {
|
794
|
+
:username => ENV['BEAKER_RHSM_USER'],
|
795
|
+
:password => ENV['BEAKER_RHSM_PASS'],
|
796
|
+
:system_name => "#{sut}_beaker_#{Time.now.to_i}_#{SecureRandom.uuid}",
|
797
|
+
:repo_list => {
|
798
|
+
'7' => [
|
799
|
+
'rhel-7-server-extras-rpms',
|
800
|
+
'rhel-7-server-optional-rpms',
|
801
|
+
'rhel-7-server-rh-common-rpms',
|
802
|
+
'rhel-7-server-rpms',
|
803
|
+
'rhel-7-server-supplementary-rpms'
|
804
|
+
],
|
805
|
+
'8' => [
|
806
|
+
'rhel-8-for-x86_64-baseos-rpms',
|
807
|
+
'rhel-8-for-x86_64-supplementary-rpms'
|
808
|
+
]
|
809
|
+
}
|
652
810
|
}
|
653
|
-
}
|
654
811
|
|
655
|
-
|
656
|
-
|
657
|
-
|
812
|
+
if opts && opts.is_a?(Hash)
|
813
|
+
rhsm_opts.merge!(opts)
|
814
|
+
end
|
658
815
|
|
659
|
-
|
660
|
-
|
816
|
+
os = fact_on(sut, 'operatingsystem').strip
|
817
|
+
os_release = fact_on(sut, 'operatingsystemmajrelease').strip
|
661
818
|
|
662
|
-
|
663
|
-
|
664
|
-
|
665
|
-
|
819
|
+
if os == 'RedHat'
|
820
|
+
unless rhsm_opts[:username] && rhsm_opts[:password]
|
821
|
+
fail("You must set BEAKER_RHSM_USER and BEAKER_RHSM_PASS environment variables to register RHEL systems")
|
822
|
+
end
|
666
823
|
|
667
|
-
|
668
|
-
|
669
|
-
|
670
|
-
|
671
|
-
|
824
|
+
sub_status = on(sut, 'subscription-manager status', :accept_all_exit_codes => true)
|
825
|
+
unless sub_status.exit_code == 0
|
826
|
+
logger.info("Registering #{sut} via subscription-manager")
|
827
|
+
on(sut, %{subscription-manager register --auto-attach --name='#{rhsm_opts[:system_name]}' --username='#{rhsm_opts[:username]}' --password='#{rhsm_opts[:password]}'}, :silent => true)
|
828
|
+
end
|
672
829
|
|
673
|
-
|
674
|
-
|
675
|
-
|
676
|
-
|
677
|
-
|
830
|
+
if rhsm_opts[:repo_list][os_release]
|
831
|
+
rhel_repo_enable(sut, rhsm_opts[:repo_list][os_release])
|
832
|
+
else
|
833
|
+
logger.warn("simp-beaker-helpers:#{__method__} => Default repos for RHEL '#{os_release}' not found")
|
834
|
+
end
|
678
835
|
|
679
|
-
|
680
|
-
|
681
|
-
|
836
|
+
# Ensure that all users can access the entitlements since we don't know
|
837
|
+
# who we'll be running jobs as (often not root)
|
838
|
+
on(sut, 'chmod -R ugo+rX /etc/pki/entitlement', :accept_all_exit_codes => true)
|
839
|
+
end
|
682
840
|
end
|
683
841
|
end
|
684
842
|
|
685
|
-
def sosreport(
|
686
|
-
|
687
|
-
|
843
|
+
def sosreport(suts, dest='sosreports')
|
844
|
+
parallel = (ENV['BEAKER_SIMP_parallel'] == 'yes')
|
845
|
+
block_on(suts, :run_in_parallel => parallel) do |sut|
|
846
|
+
install_latest_package_on(sut, 'sos')
|
847
|
+
on(sut, 'sosreport --batch')
|
688
848
|
|
689
|
-
|
849
|
+
files = on(sut, 'ls /var/tmp/sosreport* /tmp/sosreport* 2>/dev/null', :accept_all_exit_codes => true).output.lines.map(&:strip)
|
690
850
|
|
691
|
-
|
851
|
+
FileUtils.mkdir_p(dest)
|
692
852
|
|
693
|
-
|
694
|
-
|
853
|
+
files.each do |file|
|
854
|
+
scp_from(sut, file, File.absolute_path(dest))
|
855
|
+
end
|
695
856
|
end
|
696
857
|
end
|
697
858
|
|
698
|
-
def rhel_repo_enable(
|
699
|
-
|
700
|
-
|
859
|
+
def rhel_repo_enable(suts, repos)
|
860
|
+
parallel = (ENV['BEAKER_SIMP_parallel'] == 'yes')
|
861
|
+
block_on(suts, :run_in_parallel => parallel) do |sut|
|
862
|
+
Array(repos).each do |repo|
|
863
|
+
on(sut, %{subscription-manager repos --enable #{repo}})
|
864
|
+
end
|
701
865
|
end
|
702
866
|
end
|
703
867
|
|
704
|
-
def rhel_repo_disable(
|
705
|
-
|
706
|
-
|
868
|
+
def rhel_repo_disable(suts, repos)
|
869
|
+
parallel = (ENV['BEAKER_SIMP_parallel'] == 'yes')
|
870
|
+
block_on(suts, :run_in_parallel => parallel) do |sut|
|
871
|
+
Array(repos).each do |repo|
|
872
|
+
on(sut, %{subscription-manager repos --disable #{repo}}, :accept_all_exit_codes => true)
|
873
|
+
end
|
707
874
|
end
|
708
875
|
end
|
709
876
|
|
710
|
-
def rhel_rhsm_unsubscribe(
|
711
|
-
|
877
|
+
def rhel_rhsm_unsubscribe(suts)
|
878
|
+
parallel = (ENV['BEAKER_SIMP_parallel'] == 'yes')
|
879
|
+
block_on(suts, :run_in_parallel => parallel) do |sut|
|
880
|
+
on(sut, %{subscription-manager unregister}, :accept_all_exit_codes => true)
|
881
|
+
end
|
712
882
|
end
|
713
883
|
|
714
884
|
# Apply known OS fixes we need to run Beaker on each SUT
|
@@ -782,6 +952,9 @@ module Simp::BeakerHelpers
|
|
782
952
|
|
783
953
|
host_entry = { fqdn => [] }
|
784
954
|
|
955
|
+
# Add the short name because containers can't change the hostname
|
956
|
+
host_entry[fqdn] << host.name if (host[:hypervisor] == 'docker')
|
957
|
+
|
785
958
|
# Ensure that all interfaces are active prior to collecting data
|
786
959
|
activate_interfaces(host) unless ENV['BEAKER_no_fix_interfaces']
|
787
960
|
|
@@ -795,7 +968,7 @@ module Simp::BeakerHelpers
|
|
795
968
|
host_entry[fqdn] << ipaddress.strip
|
796
969
|
|
797
970
|
unless host_entry[fqdn].empty?
|
798
|
-
suts_network_info[fqdn] = host_entry[fqdn]
|
971
|
+
suts_network_info[fqdn] = host_entry[fqdn].sort.uniq
|
799
972
|
end
|
800
973
|
end
|
801
974
|
end
|
@@ -824,6 +997,7 @@ module Simp::BeakerHelpers
|
|
824
997
|
end
|
825
998
|
|
826
999
|
copy_to(ca_sut, pki_hosts_file, host_dir)
|
1000
|
+
|
827
1001
|
# generate certs
|
828
1002
|
on(ca_sut, "cd #{host_dir}; cat #{host_dir}/pki.hosts | xargs bash make.sh")
|
829
1003
|
end
|
@@ -858,8 +1032,8 @@ module Simp::BeakerHelpers
|
|
858
1032
|
sut.mkdir_p("#{sut_pki_dir}/public")
|
859
1033
|
sut.mkdir_p("#{sut_pki_dir}/private")
|
860
1034
|
sut.mkdir_p("#{sut_pki_dir}/cacerts")
|
861
|
-
copy_to(sut, "#{local_host_pki_tree}/#{fqdn}.pem",
|
862
|
-
copy_to(sut, "#{local_host_pki_tree}/#{fqdn}.pub",
|
1035
|
+
copy_to(sut, "#{local_host_pki_tree}/#{fqdn}.pem", "#{sut_pki_dir}/private/")
|
1036
|
+
copy_to(sut, "#{local_host_pki_tree}/#{fqdn}.pub", "#{sut_pki_dir}/public/")
|
863
1037
|
|
864
1038
|
copy_to(sut, local_cacert, "#{sut_pki_dir}/cacerts/simp_auto_ca.pem")
|
865
1039
|
|
@@ -869,18 +1043,19 @@ module Simp::BeakerHelpers
|
|
869
1043
|
# Need to hash all of the CA certificates so that apps can use them
|
870
1044
|
# properly! This must happen on the host itself since it needs to match
|
871
1045
|
# the native hashing algorithms.
|
872
|
-
hash_cmd =
|
873
|
-
|
874
|
-
|
875
|
-
|
876
|
-
|
877
|
-
|
878
|
-
|
879
|
-
|
880
|
-
|
881
|
-
|
882
|
-
|
883
|
-
|
1046
|
+
hash_cmd = <<~EOM.strip
|
1047
|
+
PATH=/opt/puppetlabs/puppet/bin:$PATH; \
|
1048
|
+
cd #{sut_pki_dir}/cacerts; \
|
1049
|
+
for x in *; do \
|
1050
|
+
if [ ! -h "$x" ]; then \
|
1051
|
+
`openssl x509 -in $x >/dev/null 2>&1`; \
|
1052
|
+
if [ $? -eq 0 ]; then \
|
1053
|
+
hash=`openssl x509 -in $x -hash | head -1`; \
|
1054
|
+
ln -sf $x $hash.0; \
|
1055
|
+
fi; \
|
1056
|
+
fi; \
|
1057
|
+
done
|
1058
|
+
EOM
|
884
1059
|
|
885
1060
|
on(sut, hash_cmd)
|
886
1061
|
end
|
@@ -1292,60 +1467,79 @@ done
|
|
1292
1467
|
# * 'simp-community-postgres'
|
1293
1468
|
# * 'simp-community-puppet'
|
1294
1469
|
#
|
1295
|
-
|
1470
|
+
#
|
1471
|
+
# Environment Variables:
|
1472
|
+
# * BEAKER_SIMP_install_repos
|
1473
|
+
# * 'no' => disable the capability
|
1474
|
+
# * BEAKER_SIMP_disable_repos
|
1475
|
+
# * Comma delimited list of active yum repo names to disable
|
1476
|
+
def install_simp_repos(suts, disable = [])
|
1296
1477
|
# NOTE: Do *NOT* use puppet in this method since it may not be available yet
|
1297
1478
|
|
1298
|
-
if
|
1299
|
-
on(
|
1300
|
-
sut,
|
1301
|
-
'yum -y install yum-utils',
|
1302
|
-
:max_retries => 3,
|
1303
|
-
:retry_interval => 10
|
1304
|
-
)
|
1305
|
-
end
|
1479
|
+
return if (ENV.fetch('SIMP_install_repos', 'yes') == 'no')
|
1306
1480
|
|
1307
|
-
|
1308
|
-
|
1481
|
+
parallel = (ENV['BEAKER_SIMP_parallel'] == 'yes')
|
1482
|
+
block_on(suts, :run_in_parallel => parallel) do |sut|
|
1483
|
+
install_package_unless_present_on(sut, 'yum-utils')
|
1484
|
+
|
1485
|
+
install_package_unless_present_on(
|
1309
1486
|
sut,
|
1310
|
-
'
|
1311
|
-
|
1312
|
-
:retry_interval => 10
|
1487
|
+
'simp-release-community',
|
1488
|
+
"https://download.simp-project.com/simp-release-community.rpm",
|
1313
1489
|
)
|
1314
|
-
end
|
1315
1490
|
|
1316
|
-
|
1491
|
+
to_disable = disable.dup
|
1492
|
+
to_disable += ENV.fetch('BEAKER_SIMP_disable_repos', '').split(',').map(&:strip)
|
1317
1493
|
|
1318
|
-
|
1319
|
-
|
1320
|
-
|
1321
|
-
|
1322
|
-
|
1494
|
+
unless to_disable.empty?
|
1495
|
+
if to_disable.include?('simp')
|
1496
|
+
to_disable.delete('simp')
|
1497
|
+
to_disable << 'simp-community-simp'
|
1498
|
+
end
|
1323
1499
|
|
1324
|
-
|
1325
|
-
|
1326
|
-
|
1327
|
-
|
1328
|
-
|
1329
|
-
|
1500
|
+
if to_disable.include?('simp_deps')
|
1501
|
+
to_disable.delete('simp_deps')
|
1502
|
+
to_disable << 'simp-community-epel'
|
1503
|
+
to_disable << 'simp-community-postgres'
|
1504
|
+
to_disable << 'simp-community-puppet'
|
1505
|
+
end
|
1330
1506
|
|
1331
|
-
|
1332
|
-
|
1333
|
-
|
1334
|
-
|
1335
|
-
|
1336
|
-
|
1337
|
-
|
1507
|
+
# NOTE: This --enablerepo enables the repos for listing and is inherited
|
1508
|
+
# from YUM. This does not actually "enable" the repos, that would require
|
1509
|
+
# the "--enable" option (from yum-config-manager) :-D.
|
1510
|
+
#
|
1511
|
+
# Note: Certain versions of EL8 do not dump by default and EL7 does not
|
1512
|
+
# have the '--dump' option.
|
1513
|
+
available_repos = on(sut, %{yum-config-manager --enablerepo="*" || yum-config-manager --enablerepo="*" --dump}).stdout.lines.grep(/\A\[(.+)\]\Z/){|x| $1}
|
1338
1514
|
|
1339
|
-
|
1515
|
+
invalid_repos = (to_disable - available_repos)
|
1340
1516
|
|
1341
|
-
|
1342
|
-
|
1343
|
-
|
1344
|
-
|
1517
|
+
# Verify that the repos passed to disable are in the list of valid repos
|
1518
|
+
unless invalid_repos.empty?
|
1519
|
+
logger.warn(%{WARN: install_simp_repo - requested repos to disable do not exist on the target system '#{invalid_repos.join("', '")}'.})
|
1520
|
+
end
|
1345
1521
|
|
1346
|
-
|
1347
|
-
|
1522
|
+
(to_disable - invalid_repos).each do |repo|
|
1523
|
+
on(sut, %{yum-config-manager --disable "#{repo}"})
|
1524
|
+
end
|
1348
1525
|
end
|
1349
1526
|
end
|
1527
|
+
|
1528
|
+
set_yum_opts_on(suts, {'simp*.skip_if_unavailable' => '1' })
|
1529
|
+
end
|
1530
|
+
|
1531
|
+
# Set the release and release type of the SIMP yum repos
|
1532
|
+
#
|
1533
|
+
# Environment variables may be used to set either one
|
1534
|
+
# * BEAKER_SIMP_repo_release => The actual release (version number)
|
1535
|
+
# * BEAKER_SIMP_repo_release_type => The type of release (stable, unstable, rolling, etc...)
|
1536
|
+
def set_simp_repo_release(sut, simp_release_type='stable', simp_release='6')
|
1537
|
+
simp_release = ENV.fetch('BEAKER_SIMP_repo_release', simp_release)
|
1538
|
+
simp_release_type = ENV.fetch('BEAKER_SIMP_repo_release_type', simp_release_type)
|
1539
|
+
|
1540
|
+
simp_release_type = 'releases' if (simp_release_type == 'stable')
|
1541
|
+
|
1542
|
+
create_remote_file(sut, '/etc/yum/vars/simprelease', simp_release)
|
1543
|
+
create_remote_file(sut, '/etc/yum/vars/simpreleasetype', simp_release_type)
|
1350
1544
|
end
|
1351
1545
|
end
|