diff --git a/spec/acceptance/01_freeipa_spec.rb b/spec/acceptance/01_freeipa_spec.rb index ff033c4aabef96abf9986724f43893881de27607..06f84fbb50e007c53552accd82603c74095a0e61 100644 --- a/spec/acceptance/01_freeipa_spec.rb +++ b/spec/acceptance/01_freeipa_spec.rb @@ -1,5 +1,8 @@ require 'spec_helper_acceptance' +ip_master = fact_on('master', 'networking.interfaces.eth1.ip') +ip_replica = fact_on('replica', 'networking.interfaces.eth1.ip') + describe 'class freeipa' do context 'with ipa_role master' do hosts_as('master').each do |master| @@ -11,7 +14,7 @@ describe 'class freeipa' do puppet_admin_password => 's^ecr@et.ea;R/O*=?j!.QsAu+$', directory_services_password => 's^ecr@et.ea;R/O*=?j!.QsAu+$', install_ipa_server => true, - ip_address => '10.10.10.35', + ip_address => '#{ip_master}', enable_ip_address => true, enable_hostname => true, manage_host_entry => true, @@ -45,7 +48,7 @@ describe 'class freeipa' do directory_services_password => 's^ecr@et.ea;R/O*=?j!.QsAu+$', password_usedto_joindomain => 's^ecr@et.ea;R/O*=?j!.QsAu+$', install_ipa_server => true, - ip_address => '10.10.10.36', + ip_address => '#{ip_replica}', enable_ip_address => true, enable_hostname => true, manage_host_entry => true, @@ -67,6 +70,7 @@ describe 'class freeipa' do context 'with ipa_role client' do hosts_as('client').each do |client| + ip_client = fact_on('client', 'networking.interfaces.enp0s8.ip') it 'applies idempotently' do pp = <<-EOS class {'freeipa': @@ -75,7 +79,7 @@ describe 'class freeipa' do puppet_admin_password => 's^ecr@et.ea;R/O*=?j!.QsAu+$', directory_services_password => 's^ecr@et.ea;R/O*=?j!.QsAu+$', password_usedto_joindomain => 's^ecr@et.ea;R/O*=?j!.QsAu+$', - ip_address => '10.10.10.37', + ip_address => '#{ip_client}', install_epel => true, ipa_master_fqdn => 'ipa-server-1.example.lan' } @@ -98,7 +102,7 @@ describe 'class freeipa' do puppet_admin_password => 's^ecr@et.ea;R/O*=?j!.QsAu+$', directory_services_password => 's^ecr@et.ea;R/O*=?j!.QsAu+$', install_ipa_server => true, - ip_address => '10.10.10.35', + ip_address => '#{ip_master}', enable_ip_address => true, enable_hostname => true, manage_host_entry => true, @@ -122,7 +126,7 @@ describe 'class freeipa' do puppet_admin_password => 's^ecr@et.ea;R/O*=?j!.QsAu+$', directory_services_password => 's^ecr@et.ea;R/O*=?j!.QsAu+$', password_usedto_joindomain => 's^ecr@et.ea;R/O*=?j!.QsAu+$', - ip_address => '10.10.10.35', + ip_address => '#{ip_master}', install_epel => true, ipa_master_fqdn => 'ipa-server-1.example.lan' } @@ -132,63 +136,4 @@ describe 'class freeipa' do end end end - - context 'Test ssh connnections for jsmith user with pre-defined ssh-key' do - # Install ssh key on root on master - hosts_as('master').each do |master| - it 'doest a kinit with puppet admin user' do - on(master, "echo 's^ecr@et.ea;R/O*=?j!.QsAu+$' | kinit admin") - end - - it 'creates user jsmith in freeipa' do - on(master, "echo 's^ecr@et.ea;R/O*=?j!.QsAu+$' | ipa user-add jsmith --first=John --last=Smith --password") - end - - it 'creates ssh key' do - on(master, "ssh-keygen -t rsa -N '' -f /root/.ssh/id_rsa") - end - - it 'adds the public key in freeipa to jsmith' do - on(master, 'key=`cat /root/.ssh/id_rsa.pub`; ipa user-mod jsmith --sshpubkey="$key"') - end - - # Add HBAC Rule to give all ipa users access to ipa-client-centos - it 'creates a HBAC rule for all users' do - on(master, 'ipa hbacrule-add --usercat=all --servicecat=all allGroup') - end - - it 'adds centos client to allGroup rule' do - on(master, 'ipa hbacrule-add-host --hosts=ipa-client-centos allGroup') - end - - # Remove allow_all HBAC - it 'deletes the allow_all default rule' do - on(master, 'ipa hbacrule-del allow_all') - end - - it 'ssh on allowed host' do - pp = <<-EOS - exec { 'test ssh': - path => '/bin/', - command => 'ssh -o "StrictHostKeyChecking no" jsmith@10.10.10.37 id', - returns => "0" - } - EOS - - apply_manifest_on(master, pp, catch_failures: true) - end - - it 'ssh on not allowed host ' do - pp = <<-EOS - exec { 'test ssh': - path => '/bin/', - command => 'ssh -o "StrictHostKeyChecking no" jsmith@localhost id', - returns => "255" - } - EOS - - apply_manifest_on(master, pp, catch_failures: true) - end - end - end end diff --git a/spec/acceptance/nodesets/centos8.yml b/spec/acceptance/nodesets/centos8.yml new file mode 100644 index 0000000000000000000000000000000000000000..6f6a6c88a1e8a9578a509ae7aa5b0c500804e3bd --- /dev/null +++ b/spec/acceptance/nodesets/centos8.yml @@ -0,0 +1,52 @@ +--- +HOSTS: + ipa-server-1: + roles: + - default + - master + - centos + platform: el-8-x86_64 + hypervisor: vagrant + box: centos/8 + box_check_update: false + vagrant_memsize: 2048 + vagrant_cpus: 2 + ip: 10.10.10.35 + ipa-server-2: + roles: + - replica + - centos + platform: el-8-x86_64 + hypervisor: vagrant + box: centos/8 + box_check_update: false + vagrant_memsize: 2048 + vagrant_cpus: 2 + ip: 10.10.10.36 + ipa-client-centos: + roles: + - client + - client-centos7 + - centos + platform: el-7-x86_64 + hypervisor: vagrant + box: centos/7 + box_version: 1809.01 + box_check_update: false + vagrant_memsize: 1024 + ip: 10.10.10.37 + ipa-client-ubuntu16: + roles: + - client + - client-ubuntu16 + platform: ubuntu-1604-amd64 + hypervisor: vagrant + box: ubuntu/xenial64 + box_version: 20181114.0.0 + box_check_update: false + vagrant_memsize: 1024 + ip: 10.10.10.38 + +CONFIG: + type: foss + loglevel: debug diff --git a/spec/acceptance/nodesets/default.yml b/spec/acceptance/nodesets/default.yml index 8e8ea65d06ab864fa6a0cc7be7df7a023dc7c801..4f4417ff32429b5a6a32a2318dcb8c0281492a17 100644 --- a/spec/acceptance/nodesets/default.yml +++ b/spec/acceptance/nodesets/default.yml @@ -12,7 +12,6 @@ HOSTS: box_check_update: false vagrant_memsize: 2048 vagrant_cpus: 2 - ip: 10.10.10.35 ipa-server-2: roles: - replica @@ -24,30 +23,15 @@ HOSTS: box_check_update: false vagrant_memsize: 2048 vagrant_cpus: 2 - ip: 10.10.10.36 - ipa-client-centos: + ipa-client-ubuntu18: roles: - client - - client-centos7 - - centos - platform: el-7-x86_64 - hypervisor: vagrant - box: centos/7 - box_version: 1809.01 - box_check_update: false - vagrant_memsize: 1024 - ip: 10.10.10.37 - ipa-client-ubuntu16: - roles: - - client - - client-ubuntu16 - platform: ubuntu-1604-amd64 + platform: ubuntu-1804-amd64 hypervisor: vagrant - box: ubuntu/xenial64 - box_version: 20181114.0.0 + box: ubuntu/bionic64 + box_version: 20191114.0.0 box_check_update: false vagrant_memsize: 1024 - ip: 10.10.10.38 CONFIG: type: foss diff --git a/spec/spec_helper_acceptance.rb b/spec/spec_helper_acceptance.rb index 4948b9a0e3c63505f2cbdbf37eadd073b101bd5e..106a299e395a4538e28858a149e445cc19cddf71 100644 --- a/spec/spec_helper_acceptance.rb +++ b/spec/spec_helper_acceptance.rb @@ -10,6 +10,8 @@ run_puppet_install_helper install_module_on(hosts) install_module_dependencies_on(hosts) +ip_master = fact_on('master', 'networking.interfaces.eth1.ip') + RSpec.configure do |c| c.before :suite do # Configure all nodes in nodeset @@ -34,79 +36,54 @@ RSpec.configure do |c| on host, puppet("resource exec 'git clone #{modname}' command='git clone #{giturl} /etc/puppetlabs/code/environments/production/modules/#{modname}' path=/usr/bin") end - # Configure /etc/hosts for each node. - # WARNING : function hosts_as() return an array. - # But here we use several roles dedicated, used only once time in nodeset. - # This permit to use one different IP for each role : master, replica, client-centos7 and client-ubuntu16. - - # Here master with ip address 10.10.10.35 hosts_as('master').each do |master| pp = <<-EOS exec { 'set master /etc/hosts': path => '/bin/', - command => 'echo -e "127.0.0.1 ipa-server-1.example.lan ipa-server-1\n ::1 ip6-localhost ip6-loopback\n fe00::0 ip6-localnet\n ff00::0 ip6-mcastprefix\n ff02::1 ip6-allnodes\n ff02::2 ip6-allrouters\n\n 10.10.10.35 ipa-server-1.example.lan ipa-server-1\n" > /etc/hosts', + command => 'echo -e "127.0.0.1 ipa-server-1.example.lan ipa-server-1\n ::1 ip6-localhost ip6-loopback\n fe00::0 ip6-localnet\n ff00::0 ip6-mcastprefix\n ff02::1 ip6-allnodes\n ff02::2 ip6-allrouters\n\n #{ip_master} ipa-server-1.example.lan ipa-server-1\n" > /etc/hosts', } EOS apply_manifest_on(master, pp, catch_failures: true, debug: true) end - # Here replica with ip address 10.10.10.36 hosts_as('replica').each do |replica| + ip_replica = fact_on('replica', 'networking.interfaces.eth1.ip') pp = <<-EOS exec { 'set replica /etc/hosts': path => '/bin/', - command => 'echo -e "127.0.0.1 ipa-server-2.example.lan ipa-server-2\n ::1 ip6-localhost ip6-loopback\n fe00::0 ip6-localnet\n ff00::0 ip6-mcastprefix\n ff02::1 ip6-allnodes\n ff02::2 ip6-allrouters\n\n 10.10.10.36 ipa-server-2.example.lan ipa-server-2\n" > /etc/hosts', + command => 'echo -e "127.0.0.1 ipa-server-2.example.lan ipa-server-2\n ::1 ip6-localhost ip6-loopback\n fe00::0 ip6-localnet\n ff00::0 ip6-mcastprefix\n ff02::1 ip6-allnodes\n ff02::2 ip6-allrouters\n\n #{ip_replica} ipa-server-2.example.lan ipa-server-2\n" > /etc/hosts', } class { 'resolv_conf': - nameservers => ['10.10.10.35'], + nameservers => ['#{ip_master}'], } host {'ipa-server-1.example.lan': ensure => present, - ip => '10.10.10.35', + ip => '#{ip_master}', } EOS apply_manifest_on(replica, pp, catch_failures: true, debug: true) end - # Here a first client running CentOS7 with ip address 10.10.10.37 - hosts_as('client-centos7').each do |clientcentos7| - pp = <<-EOS - exec { 'set client centos /etc/hosts': - path => '/bin/', - command => 'echo -e "127.0.0.1 ipa-client-centos.example.lan ipa-server-2\n ::1 ip6-localhost ip6-loopback\n fe00::0 ip6-localnet\n ff00::0 ip6-mcastprefix\n ff02::1 ip6-allnodes\n ff02::2 ip6-allrouters\n\n 10.10.10.37 ipa-client-centos.example.lan ipa-client-centos\n" > /etc/hosts', - } - EOS - - apply_manifest_on(clientcentos7, pp, catch_failures: true) - end - - # Here a second client running Ubuntu1604 with ip address 10.10.10.38 - hosts_as('client-ubuntu16').each do |clientubuntu16| - pp = <<-EOS - exec { 'set client ubuntu /etc/hosts': - path => '/bin/', - command => 'echo -e "127.0.0.1 ipa-client-ubuntu16.example.lan ipa-server-2\n ::1 ip6-localhost ip6-loopback\n fe00::0 ip6-localnet\n ff00::0 ip6-mcastprefix\n ff02::1 ip6-allnodes\n ff02::2 ip6-allrouters\n\n 10.10.10.38 ipa-client-ubuntu16.example.lan ipa-client-ubuntu16\n" > /etc/hosts', - } - EOS - - apply_manifest_on(clientubuntu16, pp, catch_failures: true) - end - - # WARNING : function hosts_as() return an array. We now use hosts_as() normaly with several nodes returned. - # * all clients have role 'client' in nodeset. - # * all nodes running CentOS have role 'centos' in nodeset. + # WARNING : function hosts_as() return an array. + # We now use hosts_as() normaly with several nodes returned. + # All clients have role 'client' in nodeset. # Configure all clients nodes. hosts_as('client').each do |client| + ip_client = fact_on('client', 'networking.interfaces.enp0s8.ip') pp = <<-EOS + exec { 'set client ubuntu /etc/hosts': + path => '/bin/', + command => 'echo -e "127.0.0.1 #{client}.example.lan #{client}\n ::1 ip6-localhost ip6-loopback\n fe00::0 ip6-localnet\n ff00::0 ip6-mcastprefix\n ff02::1 ip6-allnodes\n ff02::2 ip6-allrouters\n\n #{ip_client} #{client}.example.lan #{client}\n" > /etc/hosts', + } class { 'resolv_conf': - nameservers => ['10.10.10.35'], + nameservers => ['#{ip_master}'], } host {'ipa-server-1.example.lan': ensure => present, - ip => '10.10.10.35', + ip => '#{ip_master}', } EOS