simp-beaker-helpers 1.23.1 → 1.24.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 662fa0921ca0879ff169a372722db43cab01b6084d7fb8bd0c22b9727499d44d
4
- data.tar.gz: 7fdcc1bb9a1e7384fe8e7edcb6336f3b30e5045719ac2250c67666efddffe0ad
3
+ metadata.gz: 4403e18b35abbd1622d13e0fac49c4c22a20bf6b80b142b9db9fb5743a96bdf0
4
+ data.tar.gz: a490a356a2e18cda7611213d53e0202a3790377e722cd23d56228766d93351a5
5
5
  SHA512:
6
- metadata.gz: 046ed4502f9257b59afa940d925f40f80ad3d5d4e9bb600904625382e4e437493313230a6109d105f4e1471f77537f8fbcfb176297fa71ca1d6bf979d0ccf565
7
- data.tar.gz: f0d190e6abf5474bca2b4764658cfeb3af61298b13c4ad3b1cd8649417d4ecb67814eb88e6f266ee261fcbd35b77e47ee71b0ee1c7a72a59f4428e9fc5b73920
6
+ metadata.gz: 9d9ab525dd5345fac7fb7c66fb8aab2c8449b6fce2e5812518a4341d8bdbd5a208e5a31c5b12fc912e664f1f4dbb11fb41419576eddd1fe09844f4aaa8af4cf2
7
+ data.tar.gz: 26a688025f283009ba338823369e26a2d65db16db212592ab9fe3432f3c1892b251ec176c1c0faa6a5f7abab727c4d2d25994c8af316a199027279a4ffec02d1
@@ -5,7 +5,7 @@ on:
5
5
  branches:
6
6
  # A test branch for seeing if your tests will pass in your personal fork
7
7
  - test_me_github
8
- pull_request_target:
8
+ pull_request:
9
9
  types: [opened, reopened, synchronize]
10
10
 
11
11
  jobs:
@@ -18,8 +18,10 @@ jobs:
18
18
  - 2.6
19
19
  fail-fast: false
20
20
  steps:
21
- - uses: actions/checkout@v2
22
- - uses: ruby/setup-ruby@v1
21
+ - name: checkout repo
22
+ uses: actions/checkout@v2
23
+ - name: setup ruby
24
+ uses: ruby/setup-ruby@v1
23
25
  with:
24
26
  ruby-version: ${{ matrix.ruby }}
25
27
  - name: ensure entropy
@@ -27,45 +29,27 @@ jobs:
27
29
  sudo apt-get update -y
28
30
  sudo apt-get install -y rng-tools
29
31
  sudo systemctl start rng-tools
30
- - name: install podman
32
+ - name: install docker
31
33
  run: |
32
34
  set -x
33
- sudo apt-get remove -y podman docker-ce docker docker-engine docker.io containerd runc ||:
34
- curl -L https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_$( lsb_release -rs )/Release.key | sudo apt-key add -
35
- echo "deb https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_$( lsb_release -rs )/ /" | sudo tee /etc/apt/sources.list.d/podman.list /dev/null
35
+ sudo apt-get remove -y podman ||:
36
+ sudo apt-get install -y docker-ce docker docker-engine docker.io containerd runc ||:
36
37
  sudo apt-get update
37
- sudo apt-get install -y podman
38
38
  sudo apt autoremove -y
39
- sudo systemctl start podman
39
+ sudo systemctl start docker
40
40
  - name: install bundler
41
41
  run: |
42
42
  gem install bundler
43
43
  bundle update
44
- - name: beaker default
45
- env:
46
- DOCKER_HOST: unix:///var/run/podman/podman.sock
47
- CONTAINER_HOST: unix:///var/run/podman/podman.sock
44
+ - name: beaker
48
45
  run: |
49
- sudo chmod -R ugo+rwX /var/run/podman
50
46
  bundle exec rake beaker:suites[default,docker]
51
47
  - name: beaker puppet_collections
52
- env:
53
- DOCKER_HOST: unix:///var/run/podman/podman.sock
54
- CONTAINER_HOST: unix:///var/run/podman/podman.sock
55
48
  run: |
56
- sudo chmod -R ugo+rwX /var/run/podman
57
49
  bundle exec rake beaker:suites[puppet_collections,docker]
58
50
  - name: beaker ssg
59
- env:
60
- DOCKER_HOST: unix:///var/run/podman/podman.sock
61
- CONTAINER_HOST: unix:///var/run/podman/podman.sock
62
51
  run: |
63
- sudo chmod -R ugo+rwX /var/run/podman
64
52
  bundle exec rake beaker:suites[ssg,docker]
65
53
  - name: beaker inspec
66
- env:
67
- DOCKER_HOST: unix:///var/run/podman/podman.sock
68
- CONTAINER_HOST: unix:///var/run/podman/podman.sock
69
54
  run: |
70
- sudo chmod -R ugo+rwX /var/run/podman
71
55
  bundle exec rake beaker:suites[inspec,docker]
@@ -63,7 +63,7 @@ jobs:
63
63
  # we restrict ourselves to sending data elsewhere.
64
64
  glci-syntax:
65
65
  name: '.gitlab-ci.yml Syntax'
66
- runs-on: ubuntu-16.04
66
+ runs-on: ubuntu-latest
67
67
  outputs:
68
68
  valid: ${{ steps.validate-glci-file.outputs.valid }}
69
69
  steps:
@@ -174,7 +174,7 @@ jobs:
174
174
  ### examine_contexts:
175
175
  ### name: 'Examine Context contents'
176
176
  ### if: always()
177
- ### runs-on: ubuntu-16.04
177
+ ### runs-on: ubuntu-latest
178
178
  ### needs: [ glci-syntax, contributor-permissions ]
179
179
  ### steps:
180
180
  ### - name: Dump contexts
@@ -93,7 +93,7 @@ jobs:
93
93
  ### examine_contexts:
94
94
  ### name: 'Examine Context contents'
95
95
  ### if: always()
96
- ### runs-on: ubuntu-16.04
96
+ ### runs-on: ubuntu-latest
97
97
  ### steps:
98
98
  ### - name: Dump contexts
99
99
  ### env:
@@ -0,0 +1,90 @@
1
+ # Run Puppet checks and test matrix on Pull Requests
2
+ # ------------------------------------------------------------------------------
3
+ # NOTICE: **This file is maintained with puppetsync**
4
+ #
5
+ # This file is updated automatically as part of a puppet module baseline.
6
+ #
7
+ # The next baseline sync will overwrite any local changes to this file!
8
+ #
9
+ # ==============================================================================
10
+ #
11
+ # The testing matrix considers ruby/puppet versions supported by SIMP and PE:
12
+ # ------------------------------------------------------------------------------
13
+ # Release Puppet Ruby EOL
14
+ # SIMP 6.4 5.5 2.40 TBD
15
+ # PE 2018.1 5.5 2.40 2021-01 (LTS overlap)
16
+ # PE 2019.8 6.18 2.5 2022-12 (LTS)
17
+ #
18
+ # https://puppet.com/docs/pe/2018.1/component_versions_in_recent_pe_releases.html
19
+ # https://puppet.com/misc/puppet-enterprise-lifecycle
20
+ # https://puppet.com/docs/pe/2018.1/overview/getting_support_for_pe.html
21
+ # ==============================================================================
22
+ #
23
+ # https://docs.github.com/en/actions/reference/events-that-trigger-workflows
24
+ #
25
+
26
+ name: PR Tests
27
+ on:
28
+ push:
29
+ branches:
30
+ # A test branch for seeing if your tests will pass in your personal fork
31
+ - test_me_github
32
+ pull_request:
33
+ types: [opened, reopened, synchronize]
34
+
35
+ env:
36
+ PUPPET_VERSION: '~> 6'
37
+
38
+ jobs:
39
+ ruby-style:
40
+ if: false # TODO Modules will need: rubocop in Gemfile, .rubocop.yml
41
+ name: 'Ruby Style (experimental)'
42
+ runs-on: ubuntu-18.04
43
+ continue-on-error: true
44
+ steps:
45
+ - uses: actions/checkout@v2
46
+ - name: "Install Ruby ${{matrix.puppet.ruby_version}}"
47
+ uses: ruby/setup-ruby@v1
48
+ with:
49
+ ruby-version: 2.5
50
+ bundler-cache: true
51
+ - run: |
52
+ bundle show
53
+ bundle exec rake rubocop
54
+
55
+ spec-tests:
56
+ name: 'Spec'
57
+ runs-on: ubuntu-18.04
58
+ strategy:
59
+ matrix:
60
+ puppet:
61
+ - label: 'Puppet 6.18 [SIMP 6.5/PE 2019.8]'
62
+ puppet_version: '~> 6.18.0'
63
+ ruby_version: '2.5'
64
+ - label: 'Puppet 5.5 [SIMP 6.4/PE 2018.1]'
65
+ puppet_version: '~> 5.5.22'
66
+ ruby_version: '2.4'
67
+ - label: 'Puppet 7.x'
68
+ puppet_version: '~> 7.0'
69
+ ruby_version: '2.7'
70
+ env:
71
+ PUPPET_VERSION: '${{matrix.puppet.puppet_version}}'
72
+ steps:
73
+ - uses: actions/checkout@v2
74
+ - name: 'Install Ruby ${{matrix.puppet.ruby_version}}'
75
+ uses: ruby/setup-ruby@v1
76
+ with:
77
+ ruby-version: ${{matrix.puppet.ruby_version}}
78
+ bundler-cache: true
79
+ - run: 'command -v rpm || if command -v apt-get; then sudo apt-get update; sudo apt-get install -y rpm; fi ||:'
80
+ - run: 'bundle exec rake spec'
81
+
82
+ # dump_contexts:
83
+ # name: 'Examine Context contents'
84
+ # runs-on: ubuntu-16.04
85
+ # steps:
86
+ # - name: Dump contexts
87
+ # env:
88
+ # GITHUB_CONTEXT: ${{ toJson(github) }}
89
+ # run: echo "$GITHUB_CONTEXT"
90
+ #
@@ -1,4 +1,4 @@
1
- # Build & Deploy RubyGem & GitHub release when a SemVer tag is pushed
1
+ # When SemVer tag is pushed: create GitHub release & publish gem to rubygems.org
2
2
  #
3
3
  # This workflow's jobs are only triggered in repos under the `simp` organization
4
4
  # ------------------------------------------------------------------------------
data/.gitlab-ci.yml CHANGED
@@ -273,10 +273,6 @@ variables:
273
273
  # Unit Tests
274
274
  #-----------------------------------------------------------------------
275
275
 
276
- pup5.x-unit:
277
- <<: *pup_5_x
278
- <<: *unit_tests
279
-
280
276
  pup6.x-unit:
281
277
  <<: *pup_6_x
282
278
  <<: *unit_tests
@@ -292,12 +288,6 @@ pup7.x-unit:
292
288
  #=======================================================================
293
289
  # Packaging test
294
290
 
295
- pup5.x-pkg:
296
- <<: *pup_5_x
297
- <<: *unit_tests
298
- script:
299
- 'bundle exec rake pkg:gem'
300
-
301
291
  pup6.x-pkg:
302
292
  <<: *pup_6_x
303
293
  <<: *unit_tests
@@ -312,6 +302,18 @@ pup7.x-pkg:
312
302
 
313
303
  #=======================================================================
314
304
  # Acceptance tests
305
+
306
+ # Verify a suite fails when an explicitly-specified nodeset does not exist.
307
+ # It is significantly quicker to test here (where rvm is already installed
308
+ # and the bundle is configured with this version of simp-beaker-helpers)
309
+ # than in an acceptance test with a build user.
310
+ default-bad-nodeset:
311
+ <<: *pup_6_x
312
+ <<: *acceptance_base
313
+ script:
314
+ - 'RESULT=`bundle exec rake beaker:suites[default,oops] 1>/dev/null; echo $?`; (test $RESULT == "1")'
315
+ - echo 'beaker:suites correctly failed with unknown nodeset'
316
+
315
317
  default:
316
318
  <<: *pup_6_x
317
319
  <<: *acceptance_base
@@ -348,6 +350,12 @@ puppet7_collections:
348
350
  script:
349
351
  - bundle exec rake beaker:suites[puppet_collections]
350
352
 
353
+ oel_ssg:
354
+ <<: *pup_6_x
355
+ <<: *acceptance_base
356
+ script:
357
+ - bundle exec rake beaker:suites[ssg,oel]
358
+
351
359
  windows:
352
360
  <<: *pup_6_x
353
361
  <<: *acceptance_base
data/CHANGELOG.md CHANGED
@@ -1,3 +1,35 @@
1
+ ### 1.24.0 / 2021-10-05
2
+ * Fixed:
3
+ * Pinned the version of inspec to 4.39.0 since 4.41 broke tag processing
4
+ * Only call `activate_interfaces` once per test run instead of at each context
5
+ which saves quite a bit of time during testing
6
+ * SSG tag selection logic
7
+ * Use `sed -ci` which works with docker volume mounts
8
+ * Added:
9
+ * Modified the `activate_interfaces` method to use the `networking` fact if
10
+ available which shaves quite a bit of time off of each test run
11
+
12
+ ### 1.23.4 / 2021-07-07
13
+ * Fixed:
14
+ * Ensure that the openscap-scanner package is installed during SSG runs
15
+ * Added:
16
+ * A function to fetch the available SSG profiles on a target system
17
+ * Changed:
18
+ * Added OEL nodeset
19
+
20
+ ### 1.23.3 / 2021-06-30
21
+ * Fixed:
22
+ * Removed the Streams kernel update for EL 8.3 since it now causes issues
23
+ * Use `pfact_on` to select the interface facts to fix Puppet 7 issues
24
+
25
+ ### 1.23.2 / 2021-05-29
26
+ * Fixed:
27
+ * Fail an acceptance test when an explicitly-specified nodeset for an
28
+ acceptance test suite does not exist and the suite is configured
29
+ to fail fast (default behavior).
30
+ * The usual way of registering RHEL systems had to be changed to activate
31
+ immediately when called to function properly.
32
+
1
33
  ### 1.23.1 / 2021-05-19
2
34
  * Fixed:
3
35
  * The SSG default branch is now the latest numeric tag instead of the one
data/Gemfile CHANGED
@@ -45,7 +45,7 @@ group :system_tests do
45
45
  gem 'beaker-windows'
46
46
  gem 'net-ssh'
47
47
  gem 'puppet', ENV.fetch('PUPPET_VERSION', '~> 6.0')
48
- gem 'puppetlabs_spec_helper'
48
+ gem 'puppetlabs_spec_helper', '~> 3.0'
49
49
  gem 'rubocop'
50
50
  gem 'rubocop-rspec'
51
51
  end
data/files/pki/make.sh CHANGED
@@ -73,7 +73,7 @@ for hosts in $*; do
73
73
  done
74
74
  done
75
75
 
76
- sed -i "s/# subjectAltName = #ALTNAMES#/subjectAltName = ${altnames}/" "working/${hname}.cnf"
76
+ sed -ci "s/# subjectAltName = #ALTNAMES#/subjectAltName = ${altnames}/" "working/${hname}.cnf"
77
77
  fi
78
78
 
79
79
  echo "-- running openssl req"
@@ -34,7 +34,9 @@ module Simp::BeakerHelpers
34
34
  # The name of the profile against which to run
35
35
  #
36
36
  def initialize(sut, profile)
37
- @inspec_version = ENV['BEAKER_inspec_version'] || 'latest'
37
+ # The 4.41 release is currently broken
38
+ # @inspec_version = ENV['BEAKER_inspec_version'] || 'latest'
39
+ @inspec_version = ENV['BEAKER_inspec_version'] || '4.39.0'
38
40
 
39
41
  @sut = sut
40
42
 
@@ -19,10 +19,11 @@ module Simp::BeakerHelpers
19
19
  GIT_BRANCH = ENV['BEAKER_ssg_branch']
20
20
  end
21
21
 
22
- EL_PACKAGES = [
22
+ EL7_PACKAGES = [
23
23
  'PyYAML',
24
24
  'cmake',
25
25
  'git',
26
+ 'openscap-scanner',
26
27
  'openscap-python',
27
28
  'openscap-utils',
28
29
  'python-jinja2',
@@ -35,16 +36,18 @@ module Simp::BeakerHelpers
35
36
  'make',
36
37
  'openscap-python3',
37
38
  'openscap-utils',
39
+ 'openscap-scanner',
38
40
  'python3',
39
41
  'python3-jinja2',
40
42
  'python3-lxml',
41
- 'python3-pyyaml'
43
+ 'python3-pyyaml',
44
+ 'libarchive'
42
45
  ]
43
46
 
44
47
  OS_INFO = {
45
48
  'RedHat' => {
46
49
  '6' => {
47
- 'required_packages' => EL_PACKAGES,
50
+ 'required_packages' => EL7_PACKAGES,
48
51
  'ssg' => {
49
52
  'profile_target' => 'rhel6',
50
53
  'build_target' => 'rhel6',
@@ -52,7 +55,7 @@ module Simp::BeakerHelpers
52
55
  }
53
56
  },
54
57
  '7' => {
55
- 'required_packages' => EL_PACKAGES,
58
+ 'required_packages' => EL7_PACKAGES,
56
59
  'ssg' => {
57
60
  'profile_target' => 'rhel7',
58
61
  'build_target' => 'rhel7',
@@ -70,7 +73,7 @@ module Simp::BeakerHelpers
70
73
  },
71
74
  'CentOS' => {
72
75
  '6' => {
73
- 'required_packages' => EL_PACKAGES,
76
+ 'required_packages' => EL7_PACKAGES,
74
77
  'ssg' => {
75
78
  'profile_target' => 'rhel6',
76
79
  'build_target' => 'centos6',
@@ -78,7 +81,7 @@ module Simp::BeakerHelpers
78
81
  }
79
82
  },
80
83
  '7' => {
81
- 'required_packages' => EL_PACKAGES,
84
+ 'required_packages' => EL7_PACKAGES,
82
85
  'ssg' => {
83
86
  'profile_target' => 'centos7',
84
87
  'build_target' => 'centos7',
@@ -94,14 +97,25 @@ module Simp::BeakerHelpers
94
97
  }
95
98
  }
96
99
  },
100
+ 'Rocky' => {
101
+ '8' => {
102
+ 'required_packages' => EL8_PACKAGES,
103
+ 'ssg' => {
104
+ 'profile_target' => 'centos8',
105
+ 'build_target' => 'centos8',
106
+ 'datastream' => 'ssg-centos8-ds.xml'
107
+ }
108
+ }
109
+ },
97
110
  'OracleLinux' => {
98
111
  '7' => {
99
- 'required_packages' => EL_PACKAGES,
112
+ 'required_packages' => EL7_PACKAGES,
100
113
  'ssg' => {
101
114
  'profile_target' => 'ol7',
102
115
  'build_target' => 'ol7',
103
116
  'datastream' => 'ssg-ol7-ds.xml'
104
117
  },
118
+ },
105
119
  '8' => {
106
120
  'required_packages' => EL8_PACKAGES,
107
121
  'ssg' => {
@@ -110,7 +124,6 @@ module Simp::BeakerHelpers
110
124
  'datastream' => 'ssg-ol8-ds.xml'
111
125
  }
112
126
  }
113
- }
114
127
  }
115
128
  }
116
129
 
@@ -124,8 +137,8 @@ module Simp::BeakerHelpers
124
137
  def initialize(sut)
125
138
  @sut = sut
126
139
 
127
- @os = fact_on(@sut, 'operatingsystem')
128
- @os_rel = fact_on(@sut, 'operatingsystemmajrelease')
140
+ @os = pfact_on(@sut, 'os.name')
141
+ @os_rel = pfact_on(@sut, 'os.release.major')
129
142
 
130
143
  sut.mkdir_p('scap_working_dir')
131
144
 
@@ -136,7 +149,7 @@ module Simp::BeakerHelpers
136
149
  end
137
150
 
138
151
  OS_INFO[@os][@os_rel]['required_packages'].each do |pkg|
139
- @sut.install_package(pkg)
152
+ install_latest_package_on(@sut, pkg)
140
153
  end
141
154
 
142
155
  @output_dir = File.absolute_path('sec_results/ssg')
@@ -147,7 +160,6 @@ module Simp::BeakerHelpers
147
160
 
148
161
  @result_file = "#{@sut.hostname}-ssg-#{Time.now.to_i}"
149
162
 
150
-
151
163
  get_ssg_datastream
152
164
  end
153
165
 
@@ -155,6 +167,15 @@ module Simp::BeakerHelpers
155
167
  OS_INFO[@os][@os_rel]['ssg']['profile_target']
156
168
  end
157
169
 
170
+ def get_profiles
171
+ cmd = "cd #{@scap_working_dir}; oscap info --profiles"
172
+ on(@sut, "#{cmd} #{OS_INFO[@os][@os_rel]['ssg']['datastream']}")
173
+ .stdout
174
+ .strip
175
+ .lines
176
+ .map{|x| x.split(':').first}
177
+ end
178
+
158
179
  def remediate(profile)
159
180
  evaluate(profile, true)
160
181
  end
@@ -166,7 +187,7 @@ module Simp::BeakerHelpers
166
187
  cmd += ' --remediate'
167
188
  end
168
189
 
169
- cmd += %( --fetch-remote-resources --profile #{profile} --results #{@result_file}.xml --report #{@result_file}.html #{OS_INFO[@os][@os_rel]['ssg']['datastream']})
190
+ cmd += %( --profile #{profile} --results #{@result_file}.xml --report #{@result_file}.html #{OS_INFO[@os][@os_rel]['ssg']['datastream']})
170
191
 
171
192
  # We accept all exit codes here because there have occasionally been
172
193
  # failures in the SSG content and we're not testing that.
@@ -386,7 +407,7 @@ module Simp::BeakerHelpers
386
407
  else
387
408
  tags = on(@sut, %(cd scap-content; git tag -l)).output
388
409
  target_tag = tags.lines.map(&:strip)
389
- .select{|x| x.start_with?(/v\d+\./)}
410
+ .select{|x| x.match?(/^v(\d+\.)+\d+$/)}
390
411
  .sort.last
391
412
 
392
413
  on(@sut, %(cd scap-content; git checkout #{target_tag}))
@@ -398,7 +419,7 @@ module Simp::BeakerHelpers
398
419
  #
399
420
  # This isn't 100% correct but it's "good enough" for an automated CI
400
421
  # environment to tell us if something is critically out of alignment.
401
- on(@sut, %(cd scap-content/build-scripts; sed -i 's/ssg.build_derivatives.profile_handling/#ssg.build_derivatives.profile_handling/g' enable_derivatives.py))
422
+ on(@sut, %(cd scap-content/build-scripts; sed -ci 's/ssg.build_derivatives.profile_handling/#ssg.build_derivatives.profile_handling/g' enable_derivatives.py))
402
423
 
403
424
  on(@sut, %(cd scap-content/build; cmake ../; make -j4 #{OS_INFO[@os][@os_rel]['ssg']['build_target']}-content && cp *ds.xml #{@scap_working_dir}))
404
425
  end
@@ -1,5 +1,5 @@
1
1
  module Simp; end
2
2
 
3
3
  module Simp::BeakerHelpers
4
- VERSION = '1.23.1'
4
+ VERSION = '1.24.0'
5
5
  end
@@ -248,7 +248,7 @@ module Simp::BeakerHelpers
248
248
  rescue StandardError
249
249
  # If *anything* fails, we need to fall back to `puppet facts`
250
250
 
251
- facts_json = on(sut, 'puppet facts find garbage_xxx', :silent => true).stdout
251
+ facts_json = retry_on(sut, 'puppet facts find garbage_xxx', :silent => true, :max_retries => 4).stdout
252
252
  facts = JSON.parse(facts_json)['values']
253
253
  end
254
254
 
@@ -483,7 +483,7 @@ module Simp::BeakerHelpers
483
483
  # that doesn't break vagrant access and is appropriate for
484
484
  # typical module tests.)
485
485
  fips_ssh_ciphers = [ 'aes256-ctr','aes192-ctr','aes128-ctr']
486
- on(sut, %(sed -i '/Ciphers /d' /etc/ssh/sshd_config))
486
+ on(sut, %(sed -ci '/Ciphers /d' /etc/ssh/sshd_config))
487
487
  on(sut, %(echo 'Ciphers #{fips_ssh_ciphers.join(',')}' >> /etc/ssh/sshd_config))
488
488
 
489
489
  fips_enable_modulepath = ''
@@ -672,6 +672,9 @@ module Simp::BeakerHelpers
672
672
  def linux_errata( suts )
673
673
  parallel = (ENV['BEAKER_SIMP_parallel'] == 'yes')
674
674
  block_on(suts, :run_in_parallel => parallel) do |sut|
675
+ # Set the locale if not set
676
+ sut.set_env_var('LANG', 'en_US.UTF-8') unless sut.get_env_var('LANG')
677
+
675
678
  # We need to be able to flip between server and client without issue
676
679
  on sut, 'puppet resource group puppet gid=52'
677
680
  on sut, 'puppet resource user puppet comment="Puppet" gid="52" uid="52" home="/var/lib/puppet" managehome=true'
@@ -685,7 +688,7 @@ module Simp::BeakerHelpers
685
688
  if current_domain.empty?
686
689
  new_fqdn = hostname + '.beaker.test'
687
690
 
688
- on(sut, "sed -i 's/#{hostname}.*/#{new_fqdn} #{hostname}/' /etc/hosts")
691
+ on(sut, "sed -ci 's/#{hostname}.*/#{new_fqdn} #{hostname}/' /etc/hosts")
689
692
  on(sut, "echo '#{new_fqdn}' > /etc/hostname", :accept_all_exit_codes => true)
690
693
  on(sut, "hostname #{new_fqdn}", :accept_all_exit_codes => true)
691
694
 
@@ -747,11 +750,9 @@ module Simp::BeakerHelpers
747
750
  if os_info['family'] == 'RedHat'
748
751
  # OS-specific items
749
752
  if os_info['name'] == 'RedHat'
750
- RSpec.configure do |c|
751
- c.before(:all) do
752
- rhel_rhsm_subscribe(sut)
753
- end
753
+ rhel_rhsm_subscribe(sut)
754
754
 
755
+ RSpec.configure do |c|
755
756
  c.after(:all) do
756
757
  rhel_rhsm_unsubscribe(sut)
757
758
  end
@@ -770,15 +771,6 @@ module Simp::BeakerHelpers
770
771
  apply_manifest_on(sut, pp, :catch_failures => false)
771
772
  end
772
773
 
773
- unless sut[:hypervisor] == 'docker'
774
- if (os_info['name'] == 'CentOS') && (os_info['release']['major'].to_i >= 8)
775
- if os_info['release']['minor'].to_i == 3
776
- update_package_from_centos_stream(sut, 'kernel')
777
- sut.reboot
778
- end
779
- end
780
- end
781
-
782
774
  # Clean up YUM prior to starting our test runs.
783
775
  on(sut, 'yum clean all')
784
776
  end
@@ -961,21 +953,31 @@ module Simp::BeakerHelpers
961
953
  host_entry[fqdn] << host.name if (host[:hypervisor] == 'docker')
962
954
 
963
955
  # Ensure that all interfaces are active prior to collecting data
964
- activate_interfaces(host) unless ENV['BEAKER_no_fix_interfaces']
956
+ activate_interfaces(host)
965
957
 
966
- # Gather the IP Addresses for the host to embed in the cert
967
- interfaces = fact_on(host, 'interfaces').strip.split(',')
968
- interfaces.each do |interface|
969
- ipaddress = fact_on(host, "ipaddress_#{interface}")
958
+ networking_fact = pfact_on(host, 'networking')
959
+ if networking_fact && networking_fact['interfaces']
960
+ networking_fact['interfaces'].each do |iface, data|
961
+ next unless data['ip']
962
+ next if data['ip'].start_with?('127.')
970
963
 
971
- next if ipaddress.nil? || ipaddress.empty? || ipaddress.start_with?('127.')
964
+ host_entry[fqdn] << data['ip'].strip
965
+ end
966
+ else
967
+ # Gather the IP Addresses for the host to embed in the cert
968
+ interfaces = fact_on(host, 'interfaces').strip.split(',')
969
+ interfaces.each do |interface|
970
+ ipaddress = fact_on(host, "ipaddress_#{interface}")
972
971
 
973
- host_entry[fqdn] << ipaddress.strip
972
+ next if ipaddress.nil? || ipaddress.empty? || ipaddress.start_with?('127.')
974
973
 
975
- unless host_entry[fqdn].empty?
976
- suts_network_info[fqdn] = host_entry[fqdn].sort.uniq
974
+ host_entry[fqdn] << ipaddress.strip
977
975
  end
978
976
  end
977
+
978
+ unless host_entry[fqdn].empty?
979
+ suts_network_info[fqdn] = host_entry[fqdn].sort.uniq
980
+ end
979
981
  end
980
982
 
981
983
  # Get all of the repeated SUT IP addresses:
@@ -1080,7 +1082,6 @@ module Simp::BeakerHelpers
1080
1082
  on ca_sut, "chgrp -R puppet #{host_keydist_dir}"
1081
1083
  end
1082
1084
 
1083
-
1084
1085
  # Activate all network interfaces on the target system
1085
1086
  #
1086
1087
  # This is generally needed if the upstream vendor does not activate all
@@ -1088,6 +1089,8 @@ module Simp::BeakerHelpers
1088
1089
  #
1089
1090
  # Can be passed any number of hosts either singly or as an Array
1090
1091
  def activate_interfaces(hosts)
1092
+ return if ENV['BEAKER_no_fix_interfaces']
1093
+
1091
1094
  parallel = (ENV['BEAKER_SIMP_parallel'] == 'yes')
1092
1095
  block_on(hosts, :run_in_parallel => parallel) do |host|
1093
1096
  if host[:platform] =~ /windows/
@@ -1095,14 +1098,22 @@ module Simp::BeakerHelpers
1095
1098
  next
1096
1099
  end
1097
1100
 
1098
- interfaces_fact = retry_on(host,'facter interfaces', verbose: true).stdout
1101
+ networking_fact = pfact_on(host, 'networking')
1102
+ if networking_fact && networking_fact['interfaces']
1103
+ networking_fact['interfaces'].each do |iface, data|
1104
+ next if ( ( data['ip'] && !data['ip'].empty? ) || ( data['ip6'] && !data['ip6'].empty? ) )
1105
+ on(host, "ifup #{iface}", :accept_all_exit_codes => true)
1106
+ end
1107
+ else
1108
+ interfaces_fact = pfact_on(host, 'interfaces')
1099
1109
 
1100
- interfaces = interfaces_fact.strip.split(',')
1101
- interfaces.delete_if { |x| x =~ /^lo/ }
1110
+ interfaces = interfaces_fact.strip.split(',')
1111
+ interfaces.delete_if { |x| x =~ /^lo/ }
1102
1112
 
1103
- interfaces.each do |iface|
1104
- if fact_on(host, "ipaddress_#{iface}").strip.empty?
1105
- on(host, "ifup #{iface}", :accept_all_exit_codes => true)
1113
+ interfaces.each do |iface|
1114
+ if pfact_on(host, "ipaddress_#{iface}")
1115
+ on(host, "ifup #{iface}", :accept_all_exit_codes => true)
1116
+ end
1106
1117
  end
1107
1118
  end
1108
1119
  end
@@ -1119,12 +1130,9 @@ module Simp::BeakerHelpers
1119
1130
  RSpec.configure do |c|
1120
1131
  c.before(:all) do
1121
1132
  @temp_hieradata_dirs = @temp_hieradata_dirs || []
1122
- end
1123
1133
 
1124
- # We can't guarantee that the upstream vendor isn't disabling interfaces so
1125
- # we need to turn them on at each context run
1126
- c.before(:context) do
1127
- activate_interfaces(hosts) unless ENV['BEAKER_no_fix_interfaces']
1134
+ # We can't guarantee that the upstream vendor isn't disabling interfaces
1135
+ activate_interfaces(hosts)
1128
1136
  end
1129
1137
 
1130
1138
  c.after(:all) do
@@ -226,8 +226,14 @@ module Simp::Rake
226
226
 
227
227
  nodesets.each do |nodeset_yml|
228
228
  unless File.file?(nodeset_yml)
229
- $stdout.puts("=== Suite #{name} Nodeset '#{File.basename(nodeset_yml, '.yml')}' Not Found, Skipping ===")
230
- next
229
+ # Get here if user has specified a non-existent nodeset or the
230
+ # implied `default` nodeset does not exist.
231
+ if suite_config['fail_fast']
232
+ fail("*** Suite #{name} Nodeset '#{File.basename(nodeset_yml, '.yml')}' Not Found ***")
233
+ else
234
+ $stdout.puts("=== Suite #{name} Nodeset '#{File.basename(nodeset_yml, '.yml')}' Not Found, Skipping ===")
235
+ next
236
+ end
231
237
  end
232
238
 
233
239
  ENV['BEAKER_setfile'] = nodeset_yml
@@ -18,7 +18,7 @@ HOSTS:
18
18
  roles:
19
19
  - el8
20
20
  platform: el-8-x86_64
21
- box: centos/8
21
+ box: generic/centos8
22
22
  hypervisor: <%= hypervisor %>
23
23
 
24
24
  el8-0:
@@ -32,7 +32,8 @@ HOSTS:
32
32
  CONFIG:
33
33
  log_level: verbose
34
34
  type: aio
35
- vagrant_memsize: 256
35
+ vagrant_memsize: 512
36
+ vagrant_cpus: 2
36
37
  <% if ENV['BEAKER_PUPPET_COLLECTION'] -%>
37
38
  puppet_collection: <%= ENV['BEAKER_PUPPET_COLLECTION'] %>
38
39
  <% end -%>
@@ -0,0 +1,42 @@
1
+ <%
2
+ if ENV['BEAKER_HYPERVISOR']
3
+ hypervisor = ENV['BEAKER_HYPERVISOR']
4
+ else
5
+ hypervisor = 'vagrant'
6
+ end
7
+ -%>
8
+ HOSTS:
9
+ oel7:
10
+ roles:
11
+ - el7
12
+ - master
13
+ platform: el-7-x86_64
14
+ box: generic/oracle7
15
+ hypervisor: <%= hypervisor %>
16
+
17
+ oel8:
18
+ roles:
19
+ - el8
20
+ platform: el-8-x86_64
21
+ box: generic/oracle8
22
+ hypervisor: <%= hypervisor %>
23
+
24
+ CONFIG:
25
+ log_level: verbose
26
+ type: aio
27
+ vagrant_memsize: 1024
28
+ vagrant_cpus: 2
29
+ <% if ENV['BEAKER_PUPPET_COLLECTION'] -%>
30
+ puppet_collection: <%= ENV['BEAKER_PUPPET_COLLECTION'] %>
31
+ <% end -%>
32
+ ssh:
33
+ keepalive: true
34
+ keepalive_interval: 10
35
+ host_key:
36
+ - <%= Net::SSH::Transport::Algorithms::ALGORITHMS[:host_key].join("\n#{' '*6}- ") %>
37
+ kex:
38
+ - <%= Net::SSH::Transport::Algorithms::ALGORITHMS[:kex].join("\n#{' '*6}- ") %>
39
+ encryption:
40
+ - <%= Net::SSH::Transport::Algorithms::ALGORITHMS[:encryption].join("\n#{' '*6}- ") %>
41
+ hmac:
42
+ - <%= Net::SSH::Transport::Algorithms::ALGORITHMS[:hmac].join("\n#{' '*6}- ") %>
@@ -14,7 +14,7 @@ HOSTS:
14
14
  CONFIG:
15
15
  log_level: verbose
16
16
  type: aio
17
- vagrant_memsize: 256
17
+ vagrant_memsize: 512
18
18
  <% if ENV['BEAKER_PUPPET_COLLECTION'] -%>
19
19
  puppet_collection: <%= ENV['BEAKER_PUPPET_COLLECTION'] %>
20
20
  <% end -%>
@@ -9,13 +9,15 @@ hosts.each do |host|
9
9
  end
10
10
 
11
11
  it 'has fips enabled' do
12
- stdout = on(host, 'cat /proc/sys/crypto/fips_enabled').stdout.strip
13
- expect(stdout).to eq('1')
12
+ if host[:hypervisor] == 'docker'
13
+ skip('Not supported on docker')
14
+ else
15
+ expect(fips_enabled(host)).to be true
16
+ end
14
17
  end
15
18
  else
16
19
  it 'has fips disabled' do
17
- stdout = on(host, 'cat /proc/sys/crypto/fips_enabled').stdout.strip
18
- expect(stdout).to eq('0')
20
+ expect(fips_enabled(host)).to be false
19
21
  end
20
22
  end
21
23
  end
@@ -66,8 +66,7 @@ describe 'FIPS pre-installed' do
66
66
  if host[:hypervisor] == 'docker'
67
67
  skip('Not supported on docker')
68
68
  else
69
- stdout = on(host, 'cat /proc/sys/crypto/fips_enabled').stdout.strip
70
- expect(stdout).to eq('1')
69
+ expect(fips_enabled(host)).to be true
71
70
  end
72
71
  end
73
72
  end
@@ -13,7 +13,7 @@ end
13
13
  hosts.each do |host|
14
14
  describe 'make sure puppet version is valid' do
15
15
  context "on #{host}" do
16
- client_puppet_version = on(host, 'puppet --version').output.strip
16
+ client_puppet_version = on(host, 'puppet --version').output.lines.last.strip
17
17
 
18
18
  it "should be running puppet version #{target_version}" do
19
19
  expect(Gem::Version.new(client_puppet_version)).to be >= Gem::Version.new(target_version)
@@ -1,8 +1,8 @@
1
1
  require 'spec_helper_acceptance'
2
2
 
3
- test_name 'SSG STIG Validation'
3
+ test_name 'SSG Functionality Validation'
4
4
 
5
- describe 'run the SSG against the STIG profile' do
5
+ describe 'run the SSG against an SCAP profile' do
6
6
 
7
7
  hosts.each do |host|
8
8
  context "on #{host}" do
@@ -14,8 +14,15 @@ describe 'run the SSG against the STIG profile' do
14
14
  end
15
15
 
16
16
  it 'should run the SSG' do
17
- profile = 'xccdf_org.ssgproject.content_profile_stig'
17
+ profiles = @ssg.get_profiles
18
18
 
19
+ profile = profiles.find{|x| x =~ /_stig/} ||
20
+ profiles.find{|x| x =~ /_cui/} ||
21
+ profiles.find{|x| x =~ /_ospp/} ||
22
+ profiles.find{|x| x =~ /_standard/} ||
23
+ profiles.last
24
+
25
+ expect(profile).not_to be_nil
19
26
  @ssg.evaluate(profile)
20
27
  end
21
28
 
@@ -113,10 +113,8 @@ describe 'Simp::BeakerHelpers' do
113
113
  end
114
114
  pipe_in.close
115
115
 
116
- expected_version = pipe_out.gets
117
- expected_major_version = expected_version.split('.').first
116
+ expected_major_version = pipe_out.gets.split('.').first
118
117
 
119
- expect( @helper.get_puppet_install_info[:puppet_install_version] ).to match(expected_version)
120
118
  expect( @helper.get_puppet_install_info[:puppet_collection] ).to eq("puppet#{expected_major_version}")
121
119
  expect( @helper.get_puppet_install_info[:puppet_install_type] ).to eq('agent')
122
120
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: simp-beaker-helpers
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.23.1
4
+ version: 1.24.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Chris Tessmer
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2021-05-25 00:00:00.000000000 Z
12
+ date: 2021-10-26 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: beaker
@@ -194,6 +194,7 @@ files:
194
194
  - ".github/workflows/pr_glci.yml"
195
195
  - ".github/workflows/pr_glci_cleanup.yml"
196
196
  - ".github/workflows/pr_glci_manual.yml"
197
+ - ".github/workflows/pr_tests.yml"
197
198
  - ".github/workflows/tag_deploy_rubygem.yml"
198
199
  - ".gitignore"
199
200
  - ".gitlab-ci.yml"
@@ -220,6 +221,7 @@ files:
220
221
  - simp-beaker-helpers.gemspec
221
222
  - spec/acceptance/nodesets/default.yml
222
223
  - spec/acceptance/nodesets/docker.yml
224
+ - spec/acceptance/nodesets/oel.yml
223
225
  - spec/acceptance/nodesets/ubuntu.yml
224
226
  - spec/acceptance/suites/default/check_puppet_version_spec.rb
225
227
  - spec/acceptance/suites/default/enable_fips_spec.rb