Project

General

Profile

« Previous | Next » 

Revision b7eab059

Added by Michael Moll over 8 years ago

prepare support for more OSes & refactor few tests

View differences:

manifests/config.pp
user { $foreman_proxy::user:
ensure => 'present',
shell => '/bin/false',
shell => $::foreman_proxy::shell,
comment => 'Foreman Proxy account',
groups => $groups,
home => $foreman_proxy::dir,
......
}
foreman_proxy::settings_file { 'settings':
path => '/etc/foreman-proxy/settings.yml',
path => "${::foreman_proxy::etc}/foreman-proxy/settings.yml",
module => false,
}
......
if $foreman_proxy::puppetca or $foreman_proxy::puppetrun {
if $foreman_proxy::use_sudoersd {
if $foreman_proxy::manage_sudoersd {
file { '/etc/sudoers.d':
file { "${::foreman_proxy::sudoers}.d":
ensure => directory,
}
}
file { '/etc/sudoers.d/foreman-proxy':
file { "${::foreman_proxy::sudoers}.d/foreman-proxy":
ensure => file,
owner => 'root',
group => 'root',
group => 0,
mode => '0440',
content => template('foreman_proxy/sudo.erb'),
require => File['/etc/sudoers.d'],
}
} else {
augeas { 'sudo-foreman-proxy':
context => '/files/etc/sudoers',
context => "/files${::foreman_proxy::sudoers}",
changes => template('foreman_proxy/sudo_augeas.erb'),
}
}
......
file { $foreman_proxy::puppet_cache_location:
ensure => directory,
owner => $foreman_proxy::user,
group => 'root',
group => 0,
mode => '0750',
}
}
manifests/params.pp
include ::tftp::params
include ::puppet::params
case $::osfamily {
'RedHat': {
$plugin_prefix = 'rubygem-smart_proxy_'
$foreman_api_package = 'rubygem-apipie-bindings'
$dir = '/usr/share/foreman-proxy'
$etc = '/etc'
$shell = '/bin/false'
$user = 'foreman-proxy'
$puppetssh_command = '/usr/bin/puppet agent --onetime --no-usecacheonfailure'
$dhcp_config = '/etc/dhcp/dhcpd.conf'
$dhcp_leases = '/var/lib/dhcpd/dhcpd.leases'
$keyfile = '/etc/rndc.key'
$nsupdate = 'bind-utils'
$tftp_syslinux_filenames = ['/usr/share/syslinux/chain.c32',
'/usr/share/syslinux/menu.c32',
'/usr/share/syslinux/memdisk',
'/usr/share/syslinux/pxelinux.0']
}
'Debian': {
$plugin_prefix = 'ruby-smart-proxy-'
$foreman_api_package = 'ruby-apipie-bindings'
$dir = '/usr/share/foreman-proxy'
$etc = '/etc'
$shell = '/bin/false'
$user = 'foreman-proxy'
$puppetssh_command = '/usr/bin/puppet agent --onetime --no-usecacheonfailure'
$dhcp_config = '/etc/dhcp/dhcpd.conf'
$dhcp_leases = '/var/lib/dhcp/dhcpd.leases'
$keyfile = '/etc/bind/rndc.key'
$nsupdate = 'dnsutils'
if ($::operatingsystem == 'Debian') and (versioncmp($::operatingsystemrelease, '8.0') >= 0) or
($::operatingsystem == 'Ubuntu') and (versioncmp($::operatingsystemrelease, '14.10') >= 0) {
$tftp_syslinux_filenames = ['/usr/lib/PXELINUX/pxelinux.0',
'/usr/lib/syslinux/memdisk',
'/usr/lib/syslinux/modules/bios/chain.c32',
'/usr/lib/syslinux/modules/bios/ldlinux.c32',
'/usr/lib/syslinux/modules/bios/libutil.c32',
'/usr/lib/syslinux/modules/bios/menu.c32']
} else {
$tftp_syslinux_filenames = ['/usr/lib/syslinux/chain.c32',
'/usr/lib/syslinux/menu.c32',
'/usr/lib/syslinux/memdisk',
'/usr/lib/syslinux/pxelinux.0']
}
}
default: {
fail("${::hostname}: This module does not support osfamily ${::osfamily}")
}
}
# Packaging
$repo = 'stable'
$gpgcheck = true
$repo = 'stable'
$gpgcheck = true
# if set to true, no repo will be added by this module, letting you to
# set it to some custom location.
$custom_repo = false
$version = 'present'
$custom_repo = false
$version = 'present'
$plugin_version = 'installed'
# variables
$bind_host = '*'
$port = undef # deprecated in favor of $ssl_port/$http_port
$dir = '/usr/share/foreman-proxy'
$user = 'foreman-proxy'
$log = '/var/log/foreman-proxy/proxy.log'
$log_level = 'ERROR'
$port = undef # deprecated in favor of $ssl_port/$http_port
$log = '/var/log/foreman-proxy/proxy.log'
$log_level = 'ERROR'
$puppet_home = $puppet::params::vardir
# Enable listening on http
$http = false
$http = false
$http_port = '8000'
# Enable SSL, ensure proxy is added with "https://" protocol if true
$ssl = true
$ssl = true
$ssl_port = '8443'
# If CA is specified, remote Foreman host will be verified
$ssl_ca = "${puppet_home}/ssl/certs/ca.pem"
# Used to communicate to Foreman
$ssl_cert = "${puppet_home}/ssl/certs/${::fqdn}.pem"
$ssl_key = "${puppet_home}/ssl/private_keys/${::fqdn}.pem"
$ssl_key = "${puppet_home}/ssl/private_keys/${::fqdn}.pem"
$foreman_ssl_ca = undef
$foreman_ssl_ca = undef
$foreman_ssl_cert = undef
$foreman_ssl_key = undef
$foreman_ssl_key = undef
# Only hosts listed will be permitted, empty array to disable authorization
$trusted_hosts = [$::fqdn]
# Whether to manage File['/etc/sudoers.d'] or not. When reusing this module,
$sudoers = "${etc}/sudoers"
# Whether to manage File["$etc/sudoers.d"] or not. When reusing this module,
# this may be disabled to let a dedicated sudo module manage it instead.
$manage_sudoersd = true
......
$use_sudoersd = true
# puppet settings
$puppet_url = "https://${::fqdn}:8140"
$puppet_url = "https://${::fqdn}:8140"
$puppet_use_environment_api = undef
$puppet_use_cache = undef
$puppet_cache_location = '/var/cache/foreman-proxy'
# puppetca settings
$puppetca = true
$puppetca_listen_on = 'https'
$autosign_location = '/etc/puppet/autosign.conf'
$autosign_location = "${etc}/puppet/autosign.conf"
$puppetca_cmd = $puppet::params::puppetca_cmd
$puppet_group = 'puppet'
$ssldir = "${puppet_home}/ssl"
......
$puppetrun_listen_on = 'https'
$puppetrun_cmd = $puppet::params::puppetrun_cmd
$puppetrun_provider = undef
$customrun_cmd = '/bin/false'
$customrun_cmd = $shell
$customrun_args = '-ay -f -s'
$puppetssh_sudo = false
$puppetssh_command = '/usr/bin/puppet agent --onetime --no-usecacheonfailure'
$puppetssh_user = 'root'
$puppetssh_keyfile = '/etc/foreman-proxy/id_rsa'
$puppetssh_keyfile = "${etc}/foreman-proxy/id_rsa"
$puppetssh_wait = false
$puppet_user = 'root'
$salt_puppetrun_cmd = 'puppet.run'
......
$template_url = "http://${::fqdn}:${http_port}"
# TFTP settings - requires optional TFTP puppet module
$tftp = true
$tftp_listen_on = 'https'
$tftp = true
$tftp_listen_on = 'https'
$tftp_root = $tftp::params::root
$tftp_dirs = ["${tftp_root}/pxelinux.cfg","${tftp_root}/boot"]
$tftp_servername = undef
# TODO: remove these on the next major version bump
$tftp_syslinux_root = undef
$tftp_syslinux_files = undef
case $::osfamily {
'Debian': {
if ($::operatingsystem == 'Debian') and (versioncmp($::operatingsystemrelease, '8.0') >= 0) or
($::operatingsystem == 'Ubuntu') and (versioncmp($::operatingsystemrelease, '14.10') >= 0) {
$tftp_syslinux_filenames = ['/usr/lib/PXELINUX/pxelinux.0',
'/usr/lib/syslinux/memdisk',
'/usr/lib/syslinux/modules/bios/chain.c32',
'/usr/lib/syslinux/modules/bios/ldlinux.c32',
'/usr/lib/syslinux/modules/bios/libutil.c32',
'/usr/lib/syslinux/modules/bios/menu.c32']
} else {
$tftp_syslinux_filenames = ['/usr/lib/syslinux/chain.c32',
'/usr/lib/syslinux/menu.c32',
'/usr/lib/syslinux/memdisk',
'/usr/lib/syslinux/pxelinux.0']
}
}
default: {
$tftp_syslinux_filenames = ['/usr/share/syslinux/chain.c32',
'/usr/share/syslinux/menu.c32',
'/usr/share/syslinux/memdisk',
'/usr/share/syslinux/pxelinux.0']
}
}
$tftp_root = $tftp::params::root
$tftp_dirs = ["${tftp_root}/pxelinux.cfg","${tftp_root}/boot"]
$tftp_servername = undef
# DHCP settings - requires optional DHCP puppet module
$dhcp = false
$dhcp_listen_on = 'https'
......
$dhcp_key_name = undef
$dhcp_key_secret = undef
$dhcp_omapi_port = 7911
# DHCP server settings
case $::osfamily {
'Debian': {
$dhcp_vendor = 'isc'
$dhcp_config = '/etc/dhcp/dhcpd.conf'
$dhcp_leases = '/var/lib/dhcp/dhcpd.leases'
}
'RedHat': {
$dhcp_vendor = 'isc'
$dhcp_config = '/etc/dhcp/dhcpd.conf'
$dhcp_leases = '/var/lib/dhcpd/dhcpd.leases'
}
default: {
$dhcp_vendor = 'isc'
$dhcp_config = '/etc/dhcpd.conf'
$dhcp_leases = '/var/lib/dhcpd/dhcpd.leases'
}
}
$dhcp_vendor = 'isc'
# DNS settings - requires optional DNS puppet module
$dns = false
......
# localhost can resolve to ipv6 which ruby doesn't handle well
$dns_server = '127.0.0.1'
$dns_ttl = '86400'
$dns_tsig_keytab = '/etc/foreman-proxy/dns.keytab'
$dns_tsig_keytab = "${etc}/foreman-proxy/dns.keytab"
$dns_tsig_principal = "foremanproxy/${::fqdn}@${dns_realm}"
case $::osfamily {
'Debian': {
$keyfile = '/etc/bind/rndc.key'
$nsupdate = 'dnsutils'
}
default: {
$keyfile = '/etc/rndc.key'
$nsupdate = 'bind-utils'
}
}
$dns_forwarders = []
......
$realm = false
$realm_listen_on = 'https'
$realm_provider = 'freeipa'
$realm_keytab = '/etc/foreman-proxy/freeipa.keytab'
$realm_keytab = "${etc}/foreman-proxy/freeipa.keytab"
$realm_principal = 'realm-proxy@EXAMPLE.COM'
$freeipa_remove_dns = true
......
$oauth_effective_user = 'admin'
# OAuth credentials
# shares cached_data with the foreman module so they're the same
$oauth_consumer_key = cache_data('oauth_consumer_key', random_password(32))
$oauth_consumer_key = cache_data('oauth_consumer_key', random_password(32))
$oauth_consumer_secret = cache_data('oauth_consumer_secret', random_password(32))
$foreman_api_package = $::osfamily ? {
'Debian' => 'ruby-apipie-bindings',
default => 'rubygem-apipie-bindings',
}
case $::osfamily {
'RedHat': {
$plugin_prefix = 'rubygem-smart_proxy_'
}
'Debian': {
$plugin_prefix = 'ruby-smart-proxy-'
}
default: {
$plugin_prefix = 'smart_proxy_'
}
}
$puppet_use_cache = undef
$puppet_cache_location = '/var/cache/foreman-proxy'
}
manifests/plugin/chef/params.pp
# Default parameters for the Chef smart proxy plugin
class foreman_proxy::plugin::chef::params {
include ::foreman_proxy
$enabled = true
$group = undef
$listen_on = 'https'
$version = undef
$server_url = "https://${::fqdn}"
$client_name = $::fqdn
$private_key = '/etc/chef/client.pem'
$private_key = "${foreman_proxy::etc}/chef/client.pem"
$ssl_verify = true
$ssl_pem_file = undef
}
manifests/plugin/salt/params.pp
# Default parameters for the Salt smart proxy plugin
class foreman_proxy::plugin::salt::params {
$enabled = true
$listen_on = 'https'
$autosign_file = '/etc/salt/autosign.conf'
$user = 'root'
$group = undef
include ::foreman_proxy
$api = false
$api_url = 'https://localhost:8080'
$api_auth = 'pam'
$api_username = 'saltuser'
$api_password = 'saltpassword'
$enabled = true
$listen_on = 'https'
$autosign_file = "${foreman_proxy::etc}/salt/autosign.conf"
$user = 'root'
$group = undef
$api = false
$api_url = 'https://localhost:8080'
$api_auth = 'pam'
$api_username = 'saltuser'
$api_password = 'saltpassword'
}
manifests/settings_file.pp
$module = true,
$enabled = true,
$listen_on = 'https',
$path = "/etc/foreman-proxy/settings.d/${title}.yml",
$path = "${::foreman_proxy::etc}/foreman-proxy/settings.d/${title}.yml",
$owner = 'root',
$group = $::foreman_proxy::user,
$mode = '0640',
spec/classes/foreman_proxy__config__spec.rb
should contain_file('/etc/sudoers.d/foreman-proxy').with({
:ensure => 'file',
:owner => 'root',
:group => 'root',
:group => 0,
:mode => '0440',
:require => 'File[/etc/sudoers.d]',
})
verify_exact_contents(catalogue, '/etc/sudoers.d/foreman-proxy', [
spec/classes/foreman_proxy__plugin__chef__spec.rb
require 'spec_helper'
describe 'foreman_proxy::plugin::chef' do
on_supported_os.each do |os, facts|
context "on #{os}" do
context 'chef plugin is enabled' do
let :params do
{
:enabled => true
}
end
it 'should call the plugin' do
should contain_foreman_proxy__plugin('chef')
end
it 'should install configuration file' do
should contain_foreman_proxy__settings_file('chef')
should contain_file('/etc/foreman-proxy/settings.d/chef.yml').with_content(/:enabled: true/)
end
end
context 'chef plugin is disabled' do
let :params do
{
:enabled => false
}
end
it 'should call the plugin' do
should contain_foreman_proxy__plugin('chef')
end
it 'should install configuration file' do
should contain_foreman_proxy__settings_file('chef')
should contain_file('/etc/foreman-proxy/settings.d/chef.yml').with_content(/:enabled: false/)
end
end
let :facts do
on_supported_os['redhat-6-x86_64']
end
let :pre_condition do
"include foreman_proxy"
end
context 'chef plugin is enabled' do
let :params do
{
:enabled => true
}
end
it 'should call the plugin' do
should contain_foreman_proxy__plugin('chef')
end
it 'should install configuration file' do
should contain_foreman_proxy__settings_file('chef')
should contain_file('/etc/foreman-proxy/settings.d/chef.yml').with_content(/:enabled: true/)
end
end
context 'chef plugin is disabled' do
let :params do
{
:enabled => false
}
end
it 'should call the plugin' do
should contain_foreman_proxy__plugin('chef')
end
it 'should install configuration file' do
should contain_foreman_proxy__settings_file('chef')
should contain_file('/etc/foreman-proxy/settings.d/chef.yml').with_content(/:enabled: false/)
end
end
end
spec/classes/foreman_proxy__plugin__openscap_spec.rb
require 'spec_helper'
describe 'foreman_proxy::plugin::openscap' do
on_supported_os.each do |os, facts|
context "on #{os}" do
context 'openscap plugin is enabled' do
let :params do
{
:enabled => true
}
end
it 'should call the plugin' do
should contain_foreman_proxy__plugin('openscap')
end
it 'should install configuration file' do
should contain_foreman_proxy__settings_file('openscap')
content = catalogue.resource('file', '/etc/foreman-proxy/settings.d/openscap.yml').send(:parameters)[:content]
content.split("\n").reject { |c| c =~ /(^#|^$)/ }.should == [
'---',
':enabled: https',
':openscap_send_log_file: /var/log/foreman-proxy/openscap-send.log',
":spooldir: /var/spool/foreman-proxy/openscap",
]
end
end
context 'openscap plugin is disabled' do
let :params do
{
:enabled => false
}
end
it 'should call the plugin' do
should contain_foreman_proxy__plugin('openscap')
end
it 'should install configuration file' do
should contain_foreman_proxy__settings_file('openscap')
content = catalogue.resource('file', '/etc/foreman-proxy/settings.d/openscap.yml').send(:parameters)[:content]
content.split("\n").reject { |c| c =~ /(^#|^$)/ }.should == [
'---',
':enabled: false',
':openscap_send_log_file: /var/log/foreman-proxy/openscap-send.log',
":spooldir: /var/spool/foreman-proxy/openscap",
]
end
end
let :facts do
on_supported_os['redhat-6-x86_64']
end
let :pre_condition do
"include foreman_proxy"
end
context 'openscap plugin is enabled' do
let :params do
{
:enabled => true
}
end
it 'should call the plugin' do
should contain_foreman_proxy__plugin('openscap')
end
it 'should install configuration file' do
should contain_foreman_proxy__settings_file('openscap')
verify_exact_contents(catalogue, '/etc/foreman-proxy/settings.d/openscap.yml', [
'---',
':enabled: https',
':openscap_send_log_file: /var/log/foreman-proxy/openscap-send.log',
":spooldir: /var/spool/foreman-proxy/openscap",
])
end
end
context 'openscap plugin is disabled' do
let :params do
{
:enabled => false
}
end
it 'should call the plugin' do
should contain_foreman_proxy__plugin('openscap')
end
it 'should install configuration file' do
should contain_foreman_proxy__settings_file('openscap')
verify_exact_contents(catalogue, '/etc/foreman-proxy/settings.d/openscap.yml', [
'---',
':enabled: false',
':openscap_send_log_file: /var/log/foreman-proxy/openscap-send.log',
":spooldir: /var/spool/foreman-proxy/openscap",
])
end
end
end
templates/settings.yml.erb
### File managed with puppet ###
## Module: '<%= scope.to_hash['module_name'] %>'
:settings_directory: /etc/foreman-proxy/settings.d
:settings_directory: <%= scope.lookupvar("foreman_proxy::etc") -%>/foreman-proxy/settings.d
# SSL Setup
<% ssl = scope.lookupvar("foreman_proxy::real_ssl") -%>

Also available in: Unified diff