simp-beaker-helpers 1.23.1 → 1.24.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 662fa0921ca0879ff169a372722db43cab01b6084d7fb8bd0c22b9727499d44d
-  data.tar.gz: 7fdcc1bb9a1e7384fe8e7edcb6336f3b30e5045719ac2250c67666efddffe0ad
+  metadata.gz: 4403e18b35abbd1622d13e0fac49c4c22a20bf6b80b142b9db9fb5743a96bdf0
+  data.tar.gz: a490a356a2e18cda7611213d53e0202a3790377e722cd23d56228766d93351a5
 SHA512:
-  metadata.gz: 046ed4502f9257b59afa940d925f40f80ad3d5d4e9bb600904625382e4e437493313230a6109d105f4e1471f77537f8fbcfb176297fa71ca1d6bf979d0ccf565
-  data.tar.gz: f0d190e6abf5474bca2b4764658cfeb3af61298b13c4ad3b1cd8649417d4ecb67814eb88e6f266ee261fcbd35b77e47ee71b0ee1c7a72a59f4428e9fc5b73920
+  metadata.gz: 9d9ab525dd5345fac7fb7c66fb8aab2c8449b6fce2e5812518a4341d8bdbd5a208e5a31c5b12fc912e664f1f4dbb11fb41419576eddd1fe09844f4aaa8af4cf2
+  data.tar.gz: 26a688025f283009ba338823369e26a2d65db16db212592ab9fe3432f3c1892b251ec176c1c0faa6a5f7abab727c4d2d25994c8af316a199027279a4ffec02d1

data/.github/workflows/pr_acceptance.yml

@@ -5,7 +5,7 @@ on:
     branches:
       # A test branch for seeing if your tests will pass in your personal fork
       - test_me_github
-  pull_request_target:
+  pull_request:
     types: [opened, reopened, synchronize]
 
 jobs:
@@ -18,8 +18,10 @@ jobs:
           - 2.6
       fail-fast: false
     steps:
-      - uses: actions/checkout@v2
-      - uses: ruby/setup-ruby@v1
+      - name: checkout repo
+        uses: actions/checkout@v2
+      - name: setup ruby
+        uses: ruby/setup-ruby@v1
         with:
           ruby-version: ${{ matrix.ruby }}
       - name: ensure entropy
@@ -27,45 +29,27 @@ jobs:
           sudo apt-get update -y
           sudo apt-get install -y rng-tools
           sudo systemctl start rng-tools
-      - name: install podman
+      - name: install docker
         run: |
           set -x
-          sudo apt-get remove -y podman docker-ce docker docker-engine docker.io containerd runc ||:
-          curl -L https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_$( lsb_release -rs )/Release.key | sudo apt-key add -
-          echo  "deb https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_$( lsb_release -rs )/ /" | sudo tee /etc/apt/sources.list.d/podman.list /dev/null
+          sudo apt-get remove -y podman ||:
+          sudo apt-get install -y docker-ce docker docker-engine docker.io containerd runc ||:
           sudo apt-get update
-          sudo apt-get install -y podman
           sudo apt autoremove -y
-          sudo systemctl start podman
+          sudo systemctl start docker
       - name: install bundler
         run: |
           gem install bundler
           bundle update
-      - name: beaker default
-        env:
-          DOCKER_HOST: unix:///var/run/podman/podman.sock
-          CONTAINER_HOST: unix:///var/run/podman/podman.sock
+      - name: beaker
         run: |
-          sudo chmod -R ugo+rwX /var/run/podman
           bundle exec rake beaker:suites[default,docker]
       - name: beaker puppet_collections
-        env:
-          DOCKER_HOST: unix:///var/run/podman/podman.sock
-          CONTAINER_HOST: unix:///var/run/podman/podman.sock
         run: |
-          sudo chmod -R ugo+rwX /var/run/podman
           bundle exec rake beaker:suites[puppet_collections,docker]
       - name: beaker ssg
-        env:
-          DOCKER_HOST: unix:///var/run/podman/podman.sock
-          CONTAINER_HOST: unix:///var/run/podman/podman.sock
         run: |
-          sudo chmod -R ugo+rwX /var/run/podman
           bundle exec rake beaker:suites[ssg,docker]
       - name: beaker inspec
-        env:
-          DOCKER_HOST: unix:///var/run/podman/podman.sock
-          CONTAINER_HOST: unix:///var/run/podman/podman.sock
         run: |
-          sudo chmod -R ugo+rwX /var/run/podman
           bundle exec rake beaker:suites[inspec,docker]

data/.github/workflows/pr_glci.yml

@@ -63,7 +63,7 @@ jobs:
   # we restrict ourselves to sending data elsewhere.
   glci-syntax:
     name: '.gitlab-ci.yml Syntax'
-    runs-on: ubuntu-16.04
+    runs-on: ubuntu-latest
     outputs:
       valid: ${{ steps.validate-glci-file.outputs.valid }}
     steps:
@@ -174,7 +174,7 @@ jobs:
 ###  examine_contexts:
 ###    name: 'Examine Context contents'
 ###    if: always()
-###    runs-on: ubuntu-16.04
+###    runs-on: ubuntu-latest
 ###    needs: [ glci-syntax, contributor-permissions ]
 ###    steps:
 ###      - name: Dump contexts

data/.github/workflows/pr_glci_cleanup.yml

@@ -93,7 +93,7 @@ jobs:
 ###  examine_contexts:
 ###    name: 'Examine Context contents'
 ###    if: always()
-###    runs-on: ubuntu-16.04
+###    runs-on: ubuntu-latest
 ###    steps:
 ###      - name: Dump contexts
 ###        env:

data/.github/workflows/pr_tests.yml

@@ -0,0 +1,90 @@
+# Run Puppet checks and test matrix on Pull Requests
+# ------------------------------------------------------------------------------
+#             NOTICE: **This file is maintained with puppetsync**
+#
+# This file is updated automatically as part of a puppet module baseline.
+#
+# The next baseline sync will overwrite any local changes to this file!
+#
+# ==============================================================================
+#
+# The testing matrix considers ruby/puppet versions supported by SIMP and PE:
+# ------------------------------------------------------------------------------
+# Release       Puppet   Ruby    EOL
+# SIMP 6.4      5.5      2.40    TBD
+# PE 2018.1     5.5      2.40    2021-01 (LTS overlap)
+# PE 2019.8     6.18     2.5     2022-12 (LTS)
+#
+# https://puppet.com/docs/pe/2018.1/component_versions_in_recent_pe_releases.html
+# https://puppet.com/misc/puppet-enterprise-lifecycle
+# https://puppet.com/docs/pe/2018.1/overview/getting_support_for_pe.html
+# ==============================================================================
+#
+# https://docs.github.com/en/actions/reference/events-that-trigger-workflows
+#
+
+name: PR Tests
+on:
+  push:
+    branches:
+      # A test branch for seeing if your tests will pass in your personal fork
+      - test_me_github
+  pull_request:
+    types: [opened, reopened, synchronize]
+
+env:
+  PUPPET_VERSION: '~> 6'
+
+jobs:
+  ruby-style:
+    if: false # TODO Modules will need: rubocop in Gemfile, .rubocop.yml
+    name: 'Ruby Style (experimental)'
+    runs-on: ubuntu-18.04
+    continue-on-error: true
+    steps:
+      - uses: actions/checkout@v2
+      - name: "Install Ruby ${{matrix.puppet.ruby_version}}"
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: 2.5
+          bundler-cache: true
+      - run: |
+          bundle show
+          bundle exec rake rubocop
+
+  spec-tests:
+    name: 'Spec'
+    runs-on: ubuntu-18.04
+    strategy:
+      matrix:
+        puppet:
+          - label: 'Puppet 6.18 [SIMP 6.5/PE 2019.8]'
+            puppet_version: '~> 6.18.0'
+            ruby_version: '2.5'
+          - label: 'Puppet 5.5 [SIMP 6.4/PE 2018.1]'
+            puppet_version: '~> 5.5.22'
+            ruby_version: '2.4'
+          - label: 'Puppet 7.x'
+            puppet_version: '~> 7.0'
+            ruby_version: '2.7'
+    env:
+      PUPPET_VERSION: '${{matrix.puppet.puppet_version}}'
+    steps:
+      - uses: actions/checkout@v2
+      - name: 'Install Ruby ${{matrix.puppet.ruby_version}}'
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: ${{matrix.puppet.ruby_version}}
+          bundler-cache: true
+      - run: 'command -v rpm || if command -v apt-get; then sudo apt-get update; sudo apt-get install -y rpm; fi ||:'
+      - run: 'bundle exec rake spec'
+
+#  dump_contexts:
+#    name: 'Examine Context contents'
+#    runs-on: ubuntu-16.04
+#    steps:
+#      - name: Dump contexts
+#        env:
+#          GITHUB_CONTEXT: ${{ toJson(github) }}
+#        run: echo "$GITHUB_CONTEXT"
+#

data/.github/workflows/tag_deploy_rubygem.yml

@@ -1,4 +1,4 @@
-# Build & Deploy RubyGem & GitHub release when a SemVer tag is pushed
+# When SemVer tag is pushed: create GitHub release & publish gem to rubygems.org
 #
 # This workflow's jobs are only triggered in repos under the `simp` organization
 # ------------------------------------------------------------------------------

data/.gitlab-ci.yml

@@ -273,10 +273,6 @@ variables:
 # Unit Tests
 #-----------------------------------------------------------------------
 
-pup5.x-unit:
-  <<: *pup_5_x
-  <<: *unit_tests
-
 pup6.x-unit:
   <<: *pup_6_x
   <<: *unit_tests
@@ -292,12 +288,6 @@ pup7.x-unit:
 #=======================================================================
 # Packaging test
 
-pup5.x-pkg:
-  <<: *pup_5_x
-  <<: *unit_tests
-  script:
-    'bundle exec rake pkg:gem'
-
 pup6.x-pkg:
   <<: *pup_6_x
   <<: *unit_tests
@@ -312,6 +302,18 @@ pup7.x-pkg:
 
 #=======================================================================
 # Acceptance tests
+
+# Verify a suite fails when an explicitly-specified nodeset does not exist.
+# It is significantly quicker to test here (where rvm is already installed
+# and the bundle is configured with this version of simp-beaker-helpers)
+# than in an acceptance test with a build user.
+default-bad-nodeset:
+  <<: *pup_6_x
+  <<: *acceptance_base
+  script:
+    - 'RESULT=`bundle exec rake beaker:suites[default,oops] 1>/dev/null; echo $?`; (test $RESULT == "1")'
+    - echo 'beaker:suites correctly failed with unknown nodeset'
+
 default:
   <<: *pup_6_x
   <<: *acceptance_base
@@ -348,6 +350,12 @@ puppet7_collections:
   script:
     - bundle exec rake beaker:suites[puppet_collections]
 
+oel_ssg:
+  <<: *pup_6_x
+  <<: *acceptance_base
+  script:
+    - bundle exec rake beaker:suites[ssg,oel]
+
 windows:
   <<: *pup_6_x
   <<: *acceptance_base

data/CHANGELOG.md

@@ -1,3 +1,35 @@
+### 1.24.0 / 2021-10-05
+* Fixed:
+  * Pinned the version of inspec to 4.39.0 since 4.41 broke tag processing
+  * Only call `activate_interfaces` once per test run instead of at each context
+    which saves quite a bit of time during testing
+  * SSG tag selection logic
+  * Use `sed -ci` which works with docker volume mounts
+* Added:
+  * Modified the `activate_interfaces` method to use the `networking` fact if
+    available which shaves quite a bit of time off of each test run
+
+### 1.23.4 / 2021-07-07
+* Fixed:
+  * Ensure that the openscap-scanner package is installed during SSG runs
+* Added:
+  * A function to fetch the available SSG profiles on a target system
+* Changed:
+  * Added OEL nodeset
+
+### 1.23.3 / 2021-06-30
+* Fixed:
+  * Removed the Streams kernel update for EL 8.3 since it now causes issues
+  * Use `pfact_on` to select the interface facts to fix Puppet 7 issues
+
+### 1.23.2 / 2021-05-29
+* Fixed:
+  * Fail an acceptance test when an explicitly-specified nodeset for an
+    acceptance test suite does not exist and the suite is configured
+    to fail fast (default behavior).
+  * The usual way of registering RHEL systems had to be changed to activate
+    immediately when called to function properly.
+
 ### 1.23.1 / 2021-05-19
 * Fixed:
   * The SSG default branch is now the latest numeric tag instead of the one

data/Gemfile

@@ -45,7 +45,7 @@ group :system_tests do
   gem 'beaker-windows'
   gem 'net-ssh'
   gem 'puppet', ENV.fetch('PUPPET_VERSION', '~> 6.0')
-  gem 'puppetlabs_spec_helper'
+  gem 'puppetlabs_spec_helper', '~> 3.0'
   gem 'rubocop'
   gem 'rubocop-rspec'
 end

data/files/pki/make.sh

@@ -73,7 +73,7 @@ for hosts in $*; do
       done
     done
 
-    sed -i "s/# subjectAltName = #ALTNAMES#/subjectAltName = ${altnames}/" "working/${hname}.cnf"
+    sed -ci "s/# subjectAltName = #ALTNAMES#/subjectAltName = ${altnames}/" "working/${hname}.cnf"
   fi
 
   echo "-- running openssl req"

data/lib/simp/beaker_helpers/inspec.rb

@@ -34,7 +34,9 @@ module Simp::BeakerHelpers
     #   The name of the profile against which to run
     #
     def initialize(sut, profile)
-      @inspec_version = ENV['BEAKER_inspec_version'] || 'latest'
+      # The 4.41 release is currently broken
+      # @inspec_version = ENV['BEAKER_inspec_version'] || 'latest'
+      @inspec_version = ENV['BEAKER_inspec_version'] || '4.39.0'
 
       @sut = sut
 

data/lib/simp/beaker_helpers/ssg.rb

@@ -19,10 +19,11 @@ module Simp::BeakerHelpers
       GIT_BRANCH = ENV['BEAKER_ssg_branch']
     end
 
-    EL_PACKAGES = [
+    EL7_PACKAGES = [
       'PyYAML',
       'cmake',
       'git',
+      'openscap-scanner',
       'openscap-python',
       'openscap-utils',
       'python-jinja2',
@@ -35,16 +36,18 @@ module Simp::BeakerHelpers
       'make',
       'openscap-python3',
       'openscap-utils',
+      'openscap-scanner',
       'python3',
       'python3-jinja2',
       'python3-lxml',
-      'python3-pyyaml'
+      'python3-pyyaml',
+      'libarchive'
     ]
 
     OS_INFO = {
       'RedHat' => {
         '6' => {
-          'required_packages' => EL_PACKAGES,
+          'required_packages' => EL7_PACKAGES,
           'ssg' => {
             'profile_target' => 'rhel6',
             'build_target'   => 'rhel6',
@@ -52,7 +55,7 @@ module Simp::BeakerHelpers
           }
         },
         '7' => {
-          'required_packages' => EL_PACKAGES,
+          'required_packages' => EL7_PACKAGES,
           'ssg' => {
             'profile_target' => 'rhel7',
             'build_target'   => 'rhel7',
@@ -70,7 +73,7 @@ module Simp::BeakerHelpers
       },
       'CentOS' => {
         '6' => {
-          'required_packages' => EL_PACKAGES,
+          'required_packages' => EL7_PACKAGES,
           'ssg' => {
             'profile_target' => 'rhel6',
             'build_target'   => 'centos6',
@@ -78,7 +81,7 @@ module Simp::BeakerHelpers
           }
         },
         '7' => {
-          'required_packages' => EL_PACKAGES,
+          'required_packages' => EL7_PACKAGES,
           'ssg' => {
             'profile_target' => 'centos7',
             'build_target'   => 'centos7',
@@ -94,14 +97,25 @@ module Simp::BeakerHelpers
           }
         }
       },
+      'Rocky' => {
+        '8' => {
+          'required_packages' => EL8_PACKAGES,
+          'ssg' => {
+            'profile_target' => 'centos8',
+            'build_target'   => 'centos8',
+            'datastream'     => 'ssg-centos8-ds.xml'
+          }
+        }
+      },
       'OracleLinux' => {
         '7' => {
-          'required_packages' => EL_PACKAGES,
+          'required_packages' => EL7_PACKAGES,
           'ssg' => {
             'profile_target' => 'ol7',
             'build_target'   => 'ol7',
             'datastream'     => 'ssg-ol7-ds.xml'
           },
+        },
         '8' => {
           'required_packages' => EL8_PACKAGES,
           'ssg' => {
@@ -110,7 +124,6 @@ module Simp::BeakerHelpers
             'datastream'     => 'ssg-ol8-ds.xml'
           }
         }
-        }
       }
     }
 
@@ -124,8 +137,8 @@ module Simp::BeakerHelpers
     def initialize(sut)
       @sut = sut
 
-      @os = fact_on(@sut, 'operatingsystem')
-      @os_rel = fact_on(@sut, 'operatingsystemmajrelease')
+      @os = pfact_on(@sut, 'os.name')
+      @os_rel = pfact_on(@sut, 'os.release.major')
 
       sut.mkdir_p('scap_working_dir')
 
@@ -136,7 +149,7 @@ module Simp::BeakerHelpers
       end
 
       OS_INFO[@os][@os_rel]['required_packages'].each do |pkg|
-        @sut.install_package(pkg)
+        install_latest_package_on(@sut, pkg)
       end
 
       @output_dir = File.absolute_path('sec_results/ssg')
@@ -147,7 +160,6 @@ module Simp::BeakerHelpers
 
       @result_file = "#{@sut.hostname}-ssg-#{Time.now.to_i}"
 
-
       get_ssg_datastream
     end
 
@@ -155,6 +167,15 @@ module Simp::BeakerHelpers
       OS_INFO[@os][@os_rel]['ssg']['profile_target']
     end
 
+    def get_profiles
+      cmd = "cd #{@scap_working_dir}; oscap info --profiles"
+      on(@sut, "#{cmd} #{OS_INFO[@os][@os_rel]['ssg']['datastream']}")
+        .stdout
+        .strip
+        .lines
+        .map{|x| x.split(':').first}
+    end
+
     def remediate(profile)
       evaluate(profile, true)
     end
@@ -166,7 +187,7 @@ module Simp::BeakerHelpers
         cmd += ' --remediate'
       end
 
-      cmd += %( --fetch-remote-resources --profile #{profile} --results #{@result_file}.xml --report #{@result_file}.html #{OS_INFO[@os][@os_rel]['ssg']['datastream']})
+      cmd += %( --profile #{profile} --results #{@result_file}.xml --report #{@result_file}.html #{OS_INFO[@os][@os_rel]['ssg']['datastream']})
 
       # We accept all exit codes here because there have occasionally been
       # failures in the SSG content and we're not testing that.
@@ -386,7 +407,7 @@ module Simp::BeakerHelpers
         else
           tags = on(@sut, %(cd scap-content; git tag -l)).output
           target_tag = tags.lines.map(&:strip)
-            .select{|x| x.start_with?(/v\d+\./)}
+            .select{|x| x.match?(/^v(\d+\.)+\d+$/)}
             .sort.last
 
           on(@sut, %(cd scap-content; git checkout #{target_tag}))
@@ -398,7 +419,7 @@ module Simp::BeakerHelpers
         #
         # This isn't 100% correct but it's "good enough" for an automated CI
         # environment to tell us if something is critically out of alignment.
-        on(@sut, %(cd scap-content/build-scripts; sed -i 's/ssg.build_derivatives.profile_handling/#ssg.build_derivatives.profile_handling/g' enable_derivatives.py))
+        on(@sut, %(cd scap-content/build-scripts; sed -ci 's/ssg.build_derivatives.profile_handling/#ssg.build_derivatives.profile_handling/g' enable_derivatives.py))
 
         on(@sut, %(cd scap-content/build; cmake ../; make -j4 #{OS_INFO[@os][@os_rel]['ssg']['build_target']}-content && cp *ds.xml #{@scap_working_dir}))
       end

data/lib/simp/beaker_helpers/version.rb

@@ -1,5 +1,5 @@
 module Simp; end
 
 module Simp::BeakerHelpers
-  VERSION = '1.23.1'
+  VERSION = '1.24.0'
 end

data/lib/simp/beaker_helpers.rb

@@ -248,7 +248,7 @@ module Simp::BeakerHelpers
       rescue StandardError
         # If *anything* fails, we need to fall back to `puppet facts`
 
-        facts_json = on(sut, 'puppet facts find garbage_xxx', :silent => true).stdout
+        facts_json = retry_on(sut, 'puppet facts find garbage_xxx', :silent => true, :max_retries => 4).stdout
         facts = JSON.parse(facts_json)['values']
       end
 
@@ -483,7 +483,7 @@ module Simp::BeakerHelpers
       #      that doesn't break vagrant access and is appropriate for
       #      typical module tests.)
       fips_ssh_ciphers = [ 'aes256-ctr','aes192-ctr','aes128-ctr']
-      on(sut, %(sed -i '/Ciphers /d' /etc/ssh/sshd_config))
+      on(sut, %(sed -ci '/Ciphers /d' /etc/ssh/sshd_config))
       on(sut, %(echo 'Ciphers #{fips_ssh_ciphers.join(',')}' >> /etc/ssh/sshd_config))
 
       fips_enable_modulepath = ''
@@ -672,6 +672,9 @@ module Simp::BeakerHelpers
   def linux_errata( suts )
     parallel = (ENV['BEAKER_SIMP_parallel'] == 'yes')
     block_on(suts, :run_in_parallel => parallel) do |sut|
+      # Set the locale if not set
+      sut.set_env_var('LANG', 'en_US.UTF-8') unless sut.get_env_var('LANG')
+
       # We need to be able to flip between server and client without issue
       on sut, 'puppet resource group puppet gid=52'
       on sut, 'puppet resource user puppet comment="Puppet" gid="52" uid="52" home="/var/lib/puppet" managehome=true'
@@ -685,7 +688,7 @@ module Simp::BeakerHelpers
       if current_domain.empty?
         new_fqdn = hostname + '.beaker.test'
 
-        on(sut, "sed -i 's/#{hostname}.*/#{new_fqdn} #{hostname}/' /etc/hosts")
+        on(sut, "sed -ci 's/#{hostname}.*/#{new_fqdn} #{hostname}/' /etc/hosts")
         on(sut, "echo '#{new_fqdn}' > /etc/hostname", :accept_all_exit_codes => true)
         on(sut, "hostname #{new_fqdn}", :accept_all_exit_codes => true)
 
@@ -747,11 +750,9 @@ module Simp::BeakerHelpers
       if os_info['family'] == 'RedHat'
         # OS-specific items
         if os_info['name'] == 'RedHat'
-          RSpec.configure do |c|
-            c.before(:all) do
-              rhel_rhsm_subscribe(sut)
-            end
+          rhel_rhsm_subscribe(sut)
 
+          RSpec.configure do |c|
             c.after(:all) do
               rhel_rhsm_unsubscribe(sut)
             end
@@ -770,15 +771,6 @@ module Simp::BeakerHelpers
             apply_manifest_on(sut, pp, :catch_failures => false)
           end
 
-          unless sut[:hypervisor] == 'docker'
-            if (os_info['name'] == 'CentOS') && (os_info['release']['major'].to_i >= 8)
-              if os_info['release']['minor'].to_i == 3
-                update_package_from_centos_stream(sut, 'kernel')
-                sut.reboot
-              end
-            end
-          end
-
           # Clean up YUM prior to starting our test runs.
           on(sut, 'yum clean all')
         end
@@ -961,21 +953,31 @@ module Simp::BeakerHelpers
       host_entry[fqdn] << host.name if (host[:hypervisor] == 'docker')
 
       # Ensure that all interfaces are active prior to collecting data
-      activate_interfaces(host) unless ENV['BEAKER_no_fix_interfaces']
+      activate_interfaces(host)
 
-      # Gather the IP Addresses for the host to embed in the cert
-      interfaces = fact_on(host, 'interfaces').strip.split(',')
-      interfaces.each do |interface|
-        ipaddress = fact_on(host, "ipaddress_#{interface}")
+      networking_fact = pfact_on(host, 'networking')
+      if networking_fact && networking_fact['interfaces']
+        networking_fact['interfaces'].each do |iface, data|
+          next unless data['ip']
+          next if data['ip'].start_with?('127.')
 
-        next if ipaddress.nil? || ipaddress.empty? || ipaddress.start_with?('127.')
+          host_entry[fqdn] << data['ip'].strip
+        end
+      else
+        # Gather the IP Addresses for the host to embed in the cert
+        interfaces = fact_on(host, 'interfaces').strip.split(',')
+        interfaces.each do |interface|
+          ipaddress = fact_on(host, "ipaddress_#{interface}")
 
-        host_entry[fqdn] << ipaddress.strip
+          next if ipaddress.nil? || ipaddress.empty? || ipaddress.start_with?('127.')
 
-        unless host_entry[fqdn].empty?
-          suts_network_info[fqdn] = host_entry[fqdn].sort.uniq
+          host_entry[fqdn] << ipaddress.strip
         end
       end
+
+      unless host_entry[fqdn].empty?
+        suts_network_info[fqdn] = host_entry[fqdn].sort.uniq
+      end
     end
 
     # Get all of the repeated SUT IP addresses:
@@ -1080,7 +1082,6 @@ module Simp::BeakerHelpers
     on ca_sut, "chgrp -R puppet #{host_keydist_dir}"
   end
 
-
   # Activate all network interfaces on the target system
   #
   # This is generally needed if the upstream vendor does not activate all
@@ -1088,6 +1089,8 @@ module Simp::BeakerHelpers
   #
   # Can be passed any number of hosts either singly or as an Array
   def activate_interfaces(hosts)
+    return if ENV['BEAKER_no_fix_interfaces']
+
     parallel = (ENV['BEAKER_SIMP_parallel'] == 'yes')
     block_on(hosts, :run_in_parallel => parallel) do |host|
       if host[:platform] =~ /windows/
@@ -1095,14 +1098,22 @@ module Simp::BeakerHelpers
         next
       end
 
-      interfaces_fact = retry_on(host,'facter interfaces', verbose: true).stdout
+      networking_fact = pfact_on(host, 'networking')
+      if networking_fact && networking_fact['interfaces']
+        networking_fact['interfaces'].each do |iface, data|
+          next if ( ( data['ip'] && !data['ip'].empty? ) || ( data['ip6'] && !data['ip6'].empty? ) )
+          on(host, "ifup #{iface}", :accept_all_exit_codes => true)
+        end
+      else
+        interfaces_fact = pfact_on(host, 'interfaces')
 
-      interfaces = interfaces_fact.strip.split(',')
-      interfaces.delete_if { |x| x =~ /^lo/ }
+        interfaces = interfaces_fact.strip.split(',')
+        interfaces.delete_if { |x| x =~ /^lo/ }
 
-      interfaces.each do |iface|
-        if fact_on(host, "ipaddress_#{iface}").strip.empty?
-          on(host, "ifup #{iface}", :accept_all_exit_codes => true)
+        interfaces.each do |iface|
+          if pfact_on(host, "ipaddress_#{iface}")
+            on(host, "ifup #{iface}", :accept_all_exit_codes => true)
+          end
         end
       end
     end
@@ -1119,12 +1130,9 @@ module Simp::BeakerHelpers
   RSpec.configure do |c|
     c.before(:all) do
       @temp_hieradata_dirs = @temp_hieradata_dirs || []
-    end
 
-    # We can't guarantee that the upstream vendor isn't disabling interfaces so
-    # we need to turn them on at each context run
-    c.before(:context) do
-      activate_interfaces(hosts) unless ENV['BEAKER_no_fix_interfaces']
+      # We can't guarantee that the upstream vendor isn't disabling interfaces
+      activate_interfaces(hosts)
     end
 
     c.after(:all) do

data/lib/simp/rake/beaker.rb

@@ -226,8 +226,14 @@ module Simp::Rake
 
             nodesets.each do |nodeset_yml|
               unless File.file?(nodeset_yml)
-                $stdout.puts("=== Suite #{name} Nodeset '#{File.basename(nodeset_yml, '.yml')}' Not Found, Skipping ===")
-                next
+                # Get here if user has specified a non-existent nodeset or the
+                # implied `default` nodeset does not exist.
+                if suite_config['fail_fast']
+                  fail("*** Suite #{name} Nodeset '#{File.basename(nodeset_yml, '.yml')}' Not Found ***")
+                else
+                  $stdout.puts("=== Suite #{name} Nodeset '#{File.basename(nodeset_yml, '.yml')}' Not Found, Skipping ===")
+                  next
+                end
               end
 
               ENV['BEAKER_setfile'] = nodeset_yml

data/spec/acceptance/nodesets/default.yml

@@ -18,7 +18,7 @@ HOSTS:
     roles:
       - el8
     platform: el-8-x86_64
-    box: centos/8
+    box: generic/centos8
     hypervisor: <%= hypervisor %>
 
   el8-0:
@@ -32,7 +32,8 @@ HOSTS:
 CONFIG:
   log_level: verbose
   type: aio
-  vagrant_memsize: 256
+  vagrant_memsize: 512
+  vagrant_cpus: 2
 <% if ENV['BEAKER_PUPPET_COLLECTION'] -%>
   puppet_collection: <%= ENV['BEAKER_PUPPET_COLLECTION'] %>
 <% end -%>

data/spec/acceptance/nodesets/oel.yml

@@ -0,0 +1,42 @@
+<%
+  if ENV['BEAKER_HYPERVISOR']
+    hypervisor = ENV['BEAKER_HYPERVISOR']
+  else
+    hypervisor = 'vagrant'
+  end
+-%>
+HOSTS:
+  oel7:
+    roles:
+      - el7
+      - master
+    platform: el-7-x86_64
+    box: generic/oracle7
+    hypervisor: <%= hypervisor %>
+
+  oel8:
+    roles:
+      - el8
+    platform: el-8-x86_64
+    box: generic/oracle8
+    hypervisor: <%= hypervisor %>
+
+CONFIG:
+  log_level: verbose
+  type: aio
+  vagrant_memsize: 1024
+  vagrant_cpus: 2
+<% if ENV['BEAKER_PUPPET_COLLECTION'] -%>
+  puppet_collection: <%= ENV['BEAKER_PUPPET_COLLECTION'] %>
+<% end -%>
+  ssh:
+    keepalive: true
+    keepalive_interval: 10
+    host_key:
+      - <%= Net::SSH::Transport::Algorithms::ALGORITHMS[:host_key].join("\n#{' '*6}- ") %>
+    kex:
+      - <%= Net::SSH::Transport::Algorithms::ALGORITHMS[:kex].join("\n#{' '*6}- ") %>
+    encryption:
+      - <%= Net::SSH::Transport::Algorithms::ALGORITHMS[:encryption].join("\n#{' '*6}- ") %>
+    hmac:
+      - <%= Net::SSH::Transport::Algorithms::ALGORITHMS[:hmac].join("\n#{' '*6}- ") %>

data/spec/acceptance/nodesets/ubuntu.yml

@@ -14,7 +14,7 @@ HOSTS:
 CONFIG:
   log_level: verbose
   type: aio
-  vagrant_memsize: 256
+  vagrant_memsize: 512
 <% if ENV['BEAKER_PUPPET_COLLECTION'] -%>
   puppet_collection: <%= ENV['BEAKER_PUPPET_COLLECTION'] %>
 <% end -%>

data/spec/acceptance/suites/default/enable_fips_spec.rb

@@ -9,13 +9,15 @@ hosts.each do |host|
         end
 
         it 'has fips enabled' do
-          stdout = on(host, 'cat /proc/sys/crypto/fips_enabled').stdout.strip
-          expect(stdout).to eq('1')
+          if host[:hypervisor] == 'docker'
+            skip('Not supported on docker')
+          else
+            expect(fips_enabled(host)).to be true
+          end
         end
       else
         it 'has fips disabled' do
-          stdout = on(host, 'cat /proc/sys/crypto/fips_enabled').stdout.strip
-          expect(stdout).to eq('0')
+          expect(fips_enabled(host)).to be false
         end
       end
     end

data/spec/acceptance/suites/fips_from_fixtures/00_default_spec.rb

@@ -66,8 +66,7 @@ describe 'FIPS pre-installed' do
         if host[:hypervisor] == 'docker'
           skip('Not supported on docker')
         else
-          stdout = on(host, 'cat /proc/sys/crypto/fips_enabled').stdout.strip
-          expect(stdout).to eq('1')
+          expect(fips_enabled(host)).to be true
         end
       end
     end

data/spec/acceptance/suites/puppet_collections/00_default_spec.rb

@@ -13,7 +13,7 @@ end
 hosts.each do |host|
   describe 'make sure puppet version is valid' do
     context "on #{host}" do
-      client_puppet_version = on(host, 'puppet --version').output.strip
+      client_puppet_version = on(host, 'puppet --version').output.lines.last.strip
 
       it "should be running puppet version #{target_version}" do
         expect(Gem::Version.new(client_puppet_version)).to be >= Gem::Version.new(target_version)

data/spec/acceptance/suites/ssg/00_default_spec.rb

@@ -1,8 +1,8 @@
 require 'spec_helper_acceptance'
 
-test_name 'SSG STIG Validation'
+test_name 'SSG Functionality Validation'
 
-describe 'run the SSG against the STIG profile' do
+describe 'run the SSG against an SCAP profile' do
 
   hosts.each do |host|
     context "on #{host}" do
@@ -14,8 +14,15 @@ describe 'run the SSG against the STIG profile' do
       end
 
       it 'should run the SSG' do
-        profile = 'xccdf_org.ssgproject.content_profile_stig'
+        profiles = @ssg.get_profiles
 
+        profile = profiles.find{|x| x =~ /_stig/} ||
+          profiles.find{|x| x =~ /_cui/} ||
+          profiles.find{|x| x =~ /_ospp/} ||
+          profiles.find{|x| x =~ /_standard/} ||
+          profiles.last
+
+        expect(profile).not_to be_nil
         @ssg.evaluate(profile)
       end
 

data/spec/lib/simp/beaker_helpers_spec.rb

@@ -113,10 +113,8 @@ describe 'Simp::BeakerHelpers' do
       end
       pipe_in.close
 
-      expected_version = pipe_out.gets
-      expected_major_version = expected_version.split('.').first
+      expected_major_version = pipe_out.gets.split('.').first
 
-      expect( @helper.get_puppet_install_info[:puppet_install_version] ).to match(expected_version)
       expect( @helper.get_puppet_install_info[:puppet_collection] ).to eq("puppet#{expected_major_version}")
       expect( @helper.get_puppet_install_info[:puppet_install_type] ).to eq('agent')
     end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: simp-beaker-helpers
 version: !ruby/object:Gem::Version
-  version: 1.23.1
+  version: 1.24.0
 platform: ruby
 authors:
 - Chris Tessmer
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-05-25 00:00:00.000000000 Z
+date: 2021-10-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: beaker
@@ -194,6 +194,7 @@ files:
 - ".github/workflows/pr_glci.yml"
 - ".github/workflows/pr_glci_cleanup.yml"
 - ".github/workflows/pr_glci_manual.yml"
+- ".github/workflows/pr_tests.yml"
 - ".github/workflows/tag_deploy_rubygem.yml"
 - ".gitignore"
 - ".gitlab-ci.yml"
@@ -220,6 +221,7 @@ files:
 - simp-beaker-helpers.gemspec
 - spec/acceptance/nodesets/default.yml
 - spec/acceptance/nodesets/docker.yml
+- spec/acceptance/nodesets/oel.yml
 - spec/acceptance/nodesets/ubuntu.yml
 - spec/acceptance/suites/default/check_puppet_version_spec.rb
 - spec/acceptance/suites/default/enable_fips_spec.rb