simp-beaker-helpers 1.0.2 → 1.0.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +8 -8
- data/README.md +22 -2
- data/Rakefile +2 -1
- data/lib/simp/beaker_helpers.rb +62 -7
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,15 +1,15 @@
|
|
|
1
1
|
---
|
|
2
2
|
!binary "U0hBMQ==":
|
|
3
3
|
metadata.gz: !binary |-
|
|
4
|
-
|
|
4
|
+
NjU0OTNiZTBhZDljMGNmYjU5ZWY1NjZmODA1NzY1MzhiMmJlZDdhMQ==
|
|
5
5
|
data.tar.gz: !binary |-
|
|
6
|
-
|
|
6
|
+
OGRhN2E4YWRkODg3NTgyOGIwMGI4YjExZjk2NjA0Y2RlOTlhYmI3Mg==
|
|
7
7
|
SHA512:
|
|
8
8
|
metadata.gz: !binary |-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
9
|
+
NDE3YmY3NDliNDM5YmQ1MzlkMWEwMDA5ODhjNWJkYmE4MTk4NjdkNDMxMzE0
|
|
10
|
+
YzFiNmY5ZDUwYWJiOTlkOWVhZWIyZDQwZTEyMmY5OWJkNzZlYzg1N2RjMWRj
|
|
11
|
+
ODcxZTQyYjllMzM2OWMzZTYyY2UyZTk5MjAwYmQ2N2ZlYzNkNWQ=
|
|
12
12
|
data.tar.gz: !binary |-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
13
|
+
MjZlNzU1YzI4ZTkwYWYzNmI3N2IyYTNmYjIwYjcyNDIzOGU5MWEwYWIwMzNm
|
|
14
|
+
OWUzYjEzMGQ2ZGVmOTI1YWNmOGMxOGI3NGFmNGRlYzI1ZWFiNGQ5MzQ3Y2Fi
|
|
15
|
+
Y2Y5ZDBiMWFjOWQyYWE5YmI3OTJiZTAwMjgzMGQ2MzM4YmE5Y2M=
|
data/README.md
CHANGED
|
@@ -14,9 +14,14 @@ Methods to assist beaker acceptance tests for SIMP.
|
|
|
14
14
|
* [`copy_keydist_to`](#copy_keydist_to)
|
|
15
15
|
* [`set_hieradata_on`](#set_hieradata_on)
|
|
16
16
|
* [`clear_temp_hieradata`](#clear_temp_hieradata)
|
|
17
|
-
4. [
|
|
17
|
+
4. [Environment variables](#environment-variables)
|
|
18
|
+
* [`BEAKER_fips`](#beaker_fips)
|
|
19
|
+
* [`BEAKER_spec_prep`](#beaker_spec_prep)
|
|
20
|
+
* [`BEAKER_stringify_facts`](#beaker_stringify_facts)
|
|
21
|
+
* [`BEAKER_use_fixtures_dir_for_modules`](#beaker_use_fixtures_dir_for_modules)
|
|
22
|
+
5. [Examples](#examples)
|
|
18
23
|
* [Prep OS, Generate and copy PKI certs to each SUT](#prep-os-generate-and-copy-pki-certs-to-each-sut)
|
|
19
|
-
|
|
24
|
+
6. [License](#license)
|
|
20
25
|
|
|
21
26
|
## Overview
|
|
22
27
|
|
|
@@ -110,6 +115,21 @@ Clean up all temporary hiera data files; meant to be called from `after(:all)`
|
|
|
110
115
|
`clear_temp_hieradata`
|
|
111
116
|
|
|
112
117
|
|
|
118
|
+
## Environment variables
|
|
119
|
+
#### `BEAKER_fips`
|
|
120
|
+
|
|
121
|
+
SIMP acceptance tests enable [FIPS mode](https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Security_Guide/sect-Security_Guide-Federal_Standards_And_Regulations-Federal_Information_Processing_Standard.html) on all SUTs by default. Acceptance tests can be run without FIPS mode when `BEAKER_fips` is set to `no`
|
|
122
|
+
|
|
123
|
+
**NOTE:** FIPS mode is only enabled on RedHat family hosts
|
|
124
|
+
|
|
125
|
+
#### `BEAKER_spec_prep`
|
|
126
|
+
#
|
|
127
|
+
|
|
128
|
+
|
|
129
|
+
#### `BEAKER_stringify_facts`
|
|
130
|
+
#### `BEAKER_use_fixtures_dir_for_modules`
|
|
131
|
+
|
|
132
|
+
|
|
113
133
|
## Examples
|
|
114
134
|
|
|
115
135
|
### Prep OS, Generate and copy PKI certs to each SUT
|
data/Rakefile
CHANGED
|
@@ -66,7 +66,8 @@ namespace :pkg do
|
|
|
66
66
|
task :gem => :chmod do
|
|
67
67
|
Dir.chdir @rakefile_dir
|
|
68
68
|
Dir['*.gemspec'].each do |spec_file|
|
|
69
|
-
|
|
69
|
+
rpm_build = ENV.fetch('SIMP_RPM_BUILD', '1')
|
|
70
|
+
cmd = %Q{SIMP_RPM_BUILD=#{rpm_build} bundle exec gem build "#{spec_file}"}
|
|
70
71
|
sh cmd
|
|
71
72
|
FileUtils.mkdir_p 'dist'
|
|
72
73
|
FileUtils.mv Dir.glob("#{@package}*.gem"), 'dist/'
|
data/lib/simp/beaker_helpers.rb
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
module Simp; end
|
|
2
2
|
|
|
3
3
|
module Simp::BeakerHelpers
|
|
4
|
-
VERSION = '1.0.
|
|
4
|
+
VERSION = '1.0.3'
|
|
5
5
|
|
|
6
6
|
# Locates .fixture.yml in or above this directory.
|
|
7
7
|
def fixtures_yml_path
|
|
@@ -35,6 +35,7 @@ module Simp::BeakerHelpers
|
|
|
35
35
|
def ensure_fixture_modules
|
|
36
36
|
unless ENV['BEAKER_spec_prep'] == 'no'
|
|
37
37
|
puts "== checking prepped modules from .fixtures.yml"
|
|
38
|
+
puts " -- (use BEAKER_spec_prep=no to disable)"
|
|
38
39
|
missing_modules = []
|
|
39
40
|
pupmods_in_fixtures_yml.each do |pupmod|
|
|
40
41
|
mod_root = File.expand_path( "spec/fixtures/modules/#{pupmod}", File.dirname( fixtures_yml_path ))
|
|
@@ -66,6 +67,53 @@ module Simp::BeakerHelpers
|
|
|
66
67
|
end
|
|
67
68
|
|
|
68
69
|
|
|
70
|
+
# Configure and reboot SUTs into FIPS mode
|
|
71
|
+
def enable_fips_mode_on( suts = hosts )
|
|
72
|
+
puts '== configuring FIPS mode on SUTs'
|
|
73
|
+
puts ' -- (use BEAKER_fips=no to disable)'
|
|
74
|
+
suts.each do |sut|
|
|
75
|
+
puts " -- enabling FIPS on '#{sut}'"
|
|
76
|
+
if fact_on(sut, 'osfamily') == 'RedHat'
|
|
77
|
+
pp = <<-EOS
|
|
78
|
+
# This is necessary to prevent a kernel panic after rebooting into FIPS
|
|
79
|
+
# (last checked: 20150928)
|
|
80
|
+
package { ['kernel'] : ensure => 'latest' }
|
|
81
|
+
|
|
82
|
+
package { ['grubby'] : ensure => 'latest' }
|
|
83
|
+
~>
|
|
84
|
+
exec{ 'setup_fips':
|
|
85
|
+
command => '/bin/bash /root/setup_fips.sh',
|
|
86
|
+
refreshonly => true,
|
|
87
|
+
}
|
|
88
|
+
|
|
89
|
+
file{ '/root/setup_fips.sh':
|
|
90
|
+
ensure => 'file',
|
|
91
|
+
owner => 'root',
|
|
92
|
+
group => 'root',
|
|
93
|
+
mode => '0700',
|
|
94
|
+
content => "#!/bin/bash
|
|
95
|
+
|
|
96
|
+
# FIPS
|
|
97
|
+
if [ -e /sys/firmware/efi ]; then
|
|
98
|
+
BOOTDEV=`df /boot/efi | tail -1 | cut -f1 -d' '`
|
|
99
|
+
else
|
|
100
|
+
BOOTDEV=`df /boot | tail -1 | cut -f1 -d' '`
|
|
101
|
+
fi
|
|
102
|
+
# In case you need a working fallback
|
|
103
|
+
DEFAULT_KERNEL_INFO=`/sbin/grubby --default-kernel`
|
|
104
|
+
DEFAULT_INITRD=`/sbin/grubby --info=\\\${DEFAULT_KERNEL_INFO} | grep initrd | cut -f2 -d'='`
|
|
105
|
+
DEFAULT_KERNEL_TITLE=`/sbin/grubby --info=\\\${DEFAULT_KERNEL_INFO} | grep -m1 title | cut -f2 -d'='`
|
|
106
|
+
/sbin/grubby --copy-default --make-default --args=\\\"boot=\\\${BOOTDEV} fips=1\\\" --add-kernel=`/sbin/grubby --default-kernel` --initrd=\\\${DEFAULT_INITRD} --title=\\\"FIPS \\\${DEFAULT_KERNEL_TITLE}\\\"
|
|
107
|
+
",
|
|
108
|
+
notify => Exec['setup_fips']
|
|
109
|
+
}
|
|
110
|
+
EOS
|
|
111
|
+
apply_manifest_on(sut, pp, :catch_failures => false)
|
|
112
|
+
on( sut, 'shutdown -r now', { :expect_connection_failure => true } )
|
|
113
|
+
end
|
|
114
|
+
end
|
|
115
|
+
end
|
|
116
|
+
|
|
69
117
|
# Apply known OS fixes we need to run Beaker on each SUT
|
|
70
118
|
def fix_errata_on( suts = hosts )
|
|
71
119
|
# SIMP uses structured facts, therefore stringify_facts must be disabled
|
|
@@ -74,14 +122,21 @@ module Simp::BeakerHelpers
|
|
|
74
122
|
end
|
|
75
123
|
|
|
76
124
|
suts.each do |sut|
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
|
|
80
|
-
|
|
81
|
-
|
|
82
|
-
|
|
125
|
+
if fact_on(sut, 'osfamily') == 'RedHat'
|
|
126
|
+
# net-tools required for netstat utility being used by be_listening
|
|
127
|
+
if fact_on(sut, 'operatingsystemmajrelease') == '7'
|
|
128
|
+
pp = <<-EOS
|
|
129
|
+
package { 'net-tools': ensure => installed }
|
|
130
|
+
EOS
|
|
131
|
+
apply_manifest_on(sut, pp, :catch_failures => false)
|
|
132
|
+
end
|
|
83
133
|
end
|
|
84
134
|
end
|
|
135
|
+
|
|
136
|
+
# Configure and reboot SUTs into FIPS mode
|
|
137
|
+
unless ENV['BEAKER_fips'] == 'no'
|
|
138
|
+
enable_fips_mode_on(suts)
|
|
139
|
+
end
|
|
85
140
|
end
|
|
86
141
|
|
|
87
142
|
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: simp-beaker-helpers
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.0.
|
|
4
|
+
version: 1.0.3
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Chris Tessmer
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2015-09-
|
|
11
|
+
date: 2015-09-29 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: beaker
|