simp-beaker-helpers 1.0.2 → 1.0.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +8 -8
- data/README.md +22 -2
- data/Rakefile +2 -1
- data/lib/simp/beaker_helpers.rb +62 -7
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,15 +1,15 @@
|
|
|
1
1
|
---
|
|
2
2
|
!binary "U0hBMQ==":
|
|
3
3
|
metadata.gz: !binary |-
|
|
4
|
-
|
|
4
|
+
NjU0OTNiZTBhZDljMGNmYjU5ZWY1NjZmODA1NzY1MzhiMmJlZDdhMQ==
|
|
5
5
|
data.tar.gz: !binary |-
|
|
6
|
-
|
|
6
|
+
OGRhN2E4YWRkODg3NTgyOGIwMGI4YjExZjk2NjA0Y2RlOTlhYmI3Mg==
|
|
7
7
|
SHA512:
|
|
8
8
|
metadata.gz: !binary |-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
9
|
+
NDE3YmY3NDliNDM5YmQ1MzlkMWEwMDA5ODhjNWJkYmE4MTk4NjdkNDMxMzE0
|
|
10
|
+
YzFiNmY5ZDUwYWJiOTlkOWVhZWIyZDQwZTEyMmY5OWJkNzZlYzg1N2RjMWRj
|
|
11
|
+
ODcxZTQyYjllMzM2OWMzZTYyY2UyZTk5MjAwYmQ2N2ZlYzNkNWQ=
|
|
12
12
|
data.tar.gz: !binary |-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
13
|
+
MjZlNzU1YzI4ZTkwYWYzNmI3N2IyYTNmYjIwYjcyNDIzOGU5MWEwYWIwMzNm
|
|
14
|
+
OWUzYjEzMGQ2ZGVmOTI1YWNmOGMxOGI3NGFmNGRlYzI1ZWFiNGQ5MzQ3Y2Fi
|
|
15
|
+
Y2Y5ZDBiMWFjOWQyYWE5YmI3OTJiZTAwMjgzMGQ2MzM4YmE5Y2M=
|
data/README.md
CHANGED
|
@@ -14,9 +14,14 @@ Methods to assist beaker acceptance tests for SIMP.
|
|
|
14
14
|
* [`copy_keydist_to`](#copy_keydist_to)
|
|
15
15
|
* [`set_hieradata_on`](#set_hieradata_on)
|
|
16
16
|
* [`clear_temp_hieradata`](#clear_temp_hieradata)
|
|
17
|
-
4. [
|
|
17
|
+
4. [Environment variables](#environment-variables)
|
|
18
|
+
* [`BEAKER_fips`](#beaker_fips)
|
|
19
|
+
* [`BEAKER_spec_prep`](#beaker_spec_prep)
|
|
20
|
+
* [`BEAKER_stringify_facts`](#beaker_stringify_facts)
|
|
21
|
+
* [`BEAKER_use_fixtures_dir_for_modules`](#beaker_use_fixtures_dir_for_modules)
|
|
22
|
+
5. [Examples](#examples)
|
|
18
23
|
* [Prep OS, Generate and copy PKI certs to each SUT](#prep-os-generate-and-copy-pki-certs-to-each-sut)
|
|
19
|
-
|
|
24
|
+
6. [License](#license)
|
|
20
25
|
|
|
21
26
|
## Overview
|
|
22
27
|
|
|
@@ -110,6 +115,21 @@ Clean up all temporary hiera data files; meant to be called from `after(:all)`
|
|
|
110
115
|
`clear_temp_hieradata`
|
|
111
116
|
|
|
112
117
|
|
|
118
|
+
## Environment variables
|
|
119
|
+
#### `BEAKER_fips`
|
|
120
|
+
|
|
121
|
+
SIMP acceptance tests enable [FIPS mode](https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Security_Guide/sect-Security_Guide-Federal_Standards_And_Regulations-Federal_Information_Processing_Standard.html) on all SUTs by default. Acceptance tests can be run without FIPS mode when `BEAKER_fips` is set to `no`
|
|
122
|
+
|
|
123
|
+
**NOTE:** FIPS mode is only enabled on RedHat family hosts
|
|
124
|
+
|
|
125
|
+
#### `BEAKER_spec_prep`
|
|
126
|
+
#
|
|
127
|
+
|
|
128
|
+
|
|
129
|
+
#### `BEAKER_stringify_facts`
|
|
130
|
+
#### `BEAKER_use_fixtures_dir_for_modules`
|
|
131
|
+
|
|
132
|
+
|
|
113
133
|
## Examples
|
|
114
134
|
|
|
115
135
|
### Prep OS, Generate and copy PKI certs to each SUT
|
data/Rakefile
CHANGED
|
@@ -66,7 +66,8 @@ namespace :pkg do
|
|
|
66
66
|
task :gem => :chmod do
|
|
67
67
|
Dir.chdir @rakefile_dir
|
|
68
68
|
Dir['*.gemspec'].each do |spec_file|
|
|
69
|
-
|
|
69
|
+
rpm_build = ENV.fetch('SIMP_RPM_BUILD', '1')
|
|
70
|
+
cmd = %Q{SIMP_RPM_BUILD=#{rpm_build} bundle exec gem build "#{spec_file}"}
|
|
70
71
|
sh cmd
|
|
71
72
|
FileUtils.mkdir_p 'dist'
|
|
72
73
|
FileUtils.mv Dir.glob("#{@package}*.gem"), 'dist/'
|
data/lib/simp/beaker_helpers.rb
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
module Simp; end
|
|
2
2
|
|
|
3
3
|
module Simp::BeakerHelpers
|
|
4
|
-
VERSION = '1.0.
|
|
4
|
+
VERSION = '1.0.3'
|
|
5
5
|
|
|
6
6
|
# Locates .fixture.yml in or above this directory.
|
|
7
7
|
def fixtures_yml_path
|
|
@@ -35,6 +35,7 @@ module Simp::BeakerHelpers
|
|
|
35
35
|
def ensure_fixture_modules
|
|
36
36
|
unless ENV['BEAKER_spec_prep'] == 'no'
|
|
37
37
|
puts "== checking prepped modules from .fixtures.yml"
|
|
38
|
+
puts " -- (use BEAKER_spec_prep=no to disable)"
|
|
38
39
|
missing_modules = []
|
|
39
40
|
pupmods_in_fixtures_yml.each do |pupmod|
|
|
40
41
|
mod_root = File.expand_path( "spec/fixtures/modules/#{pupmod}", File.dirname( fixtures_yml_path ))
|
|
@@ -66,6 +67,53 @@ module Simp::BeakerHelpers
|
|
|
66
67
|
end
|
|
67
68
|
|
|
68
69
|
|
|
70
|
+
# Configure and reboot SUTs into FIPS mode
|
|
71
|
+
def enable_fips_mode_on( suts = hosts )
|
|
72
|
+
puts '== configuring FIPS mode on SUTs'
|
|
73
|
+
puts ' -- (use BEAKER_fips=no to disable)'
|
|
74
|
+
suts.each do |sut|
|
|
75
|
+
puts " -- enabling FIPS on '#{sut}'"
|
|
76
|
+
if fact_on(sut, 'osfamily') == 'RedHat'
|
|
77
|
+
pp = <<-EOS
|
|
78
|
+
# This is necessary to prevent a kernel panic after rebooting into FIPS
|
|
79
|
+
# (last checked: 20150928)
|
|
80
|
+
package { ['kernel'] : ensure => 'latest' }
|
|
81
|
+
|
|
82
|
+
package { ['grubby'] : ensure => 'latest' }
|
|
83
|
+
~>
|
|
84
|
+
exec{ 'setup_fips':
|
|
85
|
+
command => '/bin/bash /root/setup_fips.sh',
|
|
86
|
+
refreshonly => true,
|
|
87
|
+
}
|
|
88
|
+
|
|
89
|
+
file{ '/root/setup_fips.sh':
|
|
90
|
+
ensure => 'file',
|
|
91
|
+
owner => 'root',
|
|
92
|
+
group => 'root',
|
|
93
|
+
mode => '0700',
|
|
94
|
+
content => "#!/bin/bash
|
|
95
|
+
|
|
96
|
+
# FIPS
|
|
97
|
+
if [ -e /sys/firmware/efi ]; then
|
|
98
|
+
BOOTDEV=`df /boot/efi | tail -1 | cut -f1 -d' '`
|
|
99
|
+
else
|
|
100
|
+
BOOTDEV=`df /boot | tail -1 | cut -f1 -d' '`
|
|
101
|
+
fi
|
|
102
|
+
# In case you need a working fallback
|
|
103
|
+
DEFAULT_KERNEL_INFO=`/sbin/grubby --default-kernel`
|
|
104
|
+
DEFAULT_INITRD=`/sbin/grubby --info=\\\${DEFAULT_KERNEL_INFO} | grep initrd | cut -f2 -d'='`
|
|
105
|
+
DEFAULT_KERNEL_TITLE=`/sbin/grubby --info=\\\${DEFAULT_KERNEL_INFO} | grep -m1 title | cut -f2 -d'='`
|
|
106
|
+
/sbin/grubby --copy-default --make-default --args=\\\"boot=\\\${BOOTDEV} fips=1\\\" --add-kernel=`/sbin/grubby --default-kernel` --initrd=\\\${DEFAULT_INITRD} --title=\\\"FIPS \\\${DEFAULT_KERNEL_TITLE}\\\"
|
|
107
|
+
",
|
|
108
|
+
notify => Exec['setup_fips']
|
|
109
|
+
}
|
|
110
|
+
EOS
|
|
111
|
+
apply_manifest_on(sut, pp, :catch_failures => false)
|
|
112
|
+
on( sut, 'shutdown -r now', { :expect_connection_failure => true } )
|
|
113
|
+
end
|
|
114
|
+
end
|
|
115
|
+
end
|
|
116
|
+
|
|
69
117
|
# Apply known OS fixes we need to run Beaker on each SUT
|
|
70
118
|
def fix_errata_on( suts = hosts )
|
|
71
119
|
# SIMP uses structured facts, therefore stringify_facts must be disabled
|
|
@@ -74,14 +122,21 @@ module Simp::BeakerHelpers
|
|
|
74
122
|
end
|
|
75
123
|
|
|
76
124
|
suts.each do |sut|
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
|
|
80
|
-
|
|
81
|
-
|
|
82
|
-
|
|
125
|
+
if fact_on(sut, 'osfamily') == 'RedHat'
|
|
126
|
+
# net-tools required for netstat utility being used by be_listening
|
|
127
|
+
if fact_on(sut, 'operatingsystemmajrelease') == '7'
|
|
128
|
+
pp = <<-EOS
|
|
129
|
+
package { 'net-tools': ensure => installed }
|
|
130
|
+
EOS
|
|
131
|
+
apply_manifest_on(sut, pp, :catch_failures => false)
|
|
132
|
+
end
|
|
83
133
|
end
|
|
84
134
|
end
|
|
135
|
+
|
|
136
|
+
# Configure and reboot SUTs into FIPS mode
|
|
137
|
+
unless ENV['BEAKER_fips'] == 'no'
|
|
138
|
+
enable_fips_mode_on(suts)
|
|
139
|
+
end
|
|
85
140
|
end
|
|
86
141
|
|
|
87
142
|
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: simp-beaker-helpers
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.0.
|
|
4
|
+
version: 1.0.3
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Chris Tessmer
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2015-09-
|
|
11
|
+
date: 2015-09-29 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: beaker
|