Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
What's new
10
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Open sidebar
Adullact
puppet-freeipa
Commits
b2cce13a
Commit
b2cce13a
authored
Nov 15, 2019
by
Fabien Combernous
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Resolve "use facter to get ip during acceptance"
parent
d386a01c
Changes
4
Hide whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
82 additions
and
124 deletions
+82
-124
spec/acceptance/01_freeipa_spec.rb
spec/acceptance/01_freeipa_spec.rb
+9
-64
spec/acceptance/nodesets/centos8.yml
spec/acceptance/nodesets/centos8.yml
+52
-0
spec/acceptance/nodesets/default.yml
spec/acceptance/nodesets/default.yml
+4
-20
spec/spec_helper_acceptance.rb
spec/spec_helper_acceptance.rb
+17
-40
No files found.
spec/acceptance/01_freeipa_spec.rb
View file @
b2cce13a
require
'spec_helper_acceptance'
ip_master
=
fact_on
(
'master'
,
'networking.interfaces.eth1.ip'
)
ip_replica
=
fact_on
(
'replica'
,
'networking.interfaces.eth1.ip'
)
describe
'class freeipa'
do
context
'with ipa_role master'
do
hosts_as
(
'master'
).
each
do
|
master
|
...
...
@@ -11,7 +14,7 @@ describe 'class freeipa' do
puppet_admin_password => 's^ecr@et.ea;R/O*=?j!.QsAu+$',
directory_services_password => 's^ecr@et.ea;R/O*=?j!.QsAu+$',
install_ipa_server => true,
ip_address => '
10.10.10.35
',
ip_address => '
#{
ip_master
}
',
enable_ip_address => true,
enable_hostname => true,
manage_host_entry => true,
...
...
@@ -45,7 +48,7 @@ describe 'class freeipa' do
directory_services_password => 's^ecr@et.ea;R/O*=?j!.QsAu+$',
password_usedto_joindomain => 's^ecr@et.ea;R/O*=?j!.QsAu+$',
install_ipa_server => true,
ip_address => '
10.10.10.36
',
ip_address => '
#{
ip_replica
}
',
enable_ip_address => true,
enable_hostname => true,
manage_host_entry => true,
...
...
@@ -67,6 +70,7 @@ describe 'class freeipa' do
context
'with ipa_role client'
do
hosts_as
(
'client'
).
each
do
|
client
|
ip_client
=
fact_on
(
'client'
,
'networking.interfaces.enp0s8.ip'
)
it
'applies idempotently'
do
pp
=
<<-
EOS
class {'freeipa':
...
...
@@ -75,7 +79,7 @@ describe 'class freeipa' do
puppet_admin_password => 's^ecr@et.ea;R/O*=?j!.QsAu+$',
directory_services_password => 's^ecr@et.ea;R/O*=?j!.QsAu+$',
password_usedto_joindomain => 's^ecr@et.ea;R/O*=?j!.QsAu+$',
ip_address => '
10.10.10.37
',
ip_address => '
#{
ip_client
}
',
install_epel => true,
ipa_master_fqdn => 'ipa-server-1.example.lan'
}
...
...
@@ -98,7 +102,7 @@ describe 'class freeipa' do
puppet_admin_password => 's^ecr@et.ea;R/O*=?j!.QsAu+$',
directory_services_password => 's^ecr@et.ea;R/O*=?j!.QsAu+$',
install_ipa_server => true,
ip_address => '
10.10.10.35
',
ip_address => '
#{
ip_master
}
',
enable_ip_address => true,
enable_hostname => true,
manage_host_entry => true,
...
...
@@ -122,7 +126,7 @@ describe 'class freeipa' do
puppet_admin_password => 's^ecr@et.ea;R/O*=?j!.QsAu+$',
directory_services_password => 's^ecr@et.ea;R/O*=?j!.QsAu+$',
password_usedto_joindomain => 's^ecr@et.ea;R/O*=?j!.QsAu+$',
ip_address => '
10.10.10.35
',
ip_address => '
#{
ip_master
}
',
install_epel => true,
ipa_master_fqdn => 'ipa-server-1.example.lan'
}
...
...
@@ -132,63 +136,4 @@ describe 'class freeipa' do
end
end
end
context
'Test ssh connnections for jsmith user with pre-defined ssh-key'
do
# Install ssh key on root on master
hosts_as
(
'master'
).
each
do
|
master
|
it
'doest a kinit with puppet admin user'
do
on
(
master
,
"echo 's^ecr@et.ea;R/O*=?j!.QsAu+$' | kinit admin"
)
end
it
'creates user jsmith in freeipa'
do
on
(
master
,
"echo 's^ecr@et.ea;R/O*=?j!.QsAu+$' | ipa user-add jsmith --first=John --last=Smith --password"
)
end
it
'creates ssh key'
do
on
(
master
,
"ssh-keygen -t rsa -N '' -f /root/.ssh/id_rsa"
)
end
it
'adds the public key in freeipa to jsmith'
do
on
(
master
,
'key=`cat /root/.ssh/id_rsa.pub`; ipa user-mod jsmith --sshpubkey="$key"'
)
end
# Add HBAC Rule to give all ipa users access to ipa-client-centos
it
'creates a HBAC rule for all users'
do
on
(
master
,
'ipa hbacrule-add --usercat=all --servicecat=all allGroup'
)
end
it
'adds centos client to allGroup rule'
do
on
(
master
,
'ipa hbacrule-add-host --hosts=ipa-client-centos allGroup'
)
end
# Remove allow_all HBAC
it
'deletes the allow_all default rule'
do
on
(
master
,
'ipa hbacrule-del allow_all'
)
end
it
'ssh on allowed host'
do
pp
=
<<-
EOS
exec { 'test ssh':
path => '/bin/',
command => 'ssh -o "StrictHostKeyChecking no" jsmith@10.10.10.37 id',
returns => "0"
}
EOS
apply_manifest_on
(
master
,
pp
,
catch_failures:
true
)
end
it
'ssh on not allowed host '
do
pp
=
<<-
EOS
exec { 'test ssh':
path => '/bin/',
command => 'ssh -o "StrictHostKeyChecking no" jsmith@localhost id',
returns => "255"
}
EOS
apply_manifest_on
(
master
,
pp
,
catch_failures:
true
)
end
end
end
end
spec/acceptance/nodesets/centos8.yml
0 → 100644
View file @
b2cce13a
---
HOSTS
:
ipa-server-1
:
roles
:
-
default
-
master
-
centos
platform
:
el-8-x86_64
hypervisor
:
vagrant
box
:
centos/8
box_check_update
:
false
vagrant_memsize
:
2048
vagrant_cpus
:
2
ip
:
10.10.10.35
ipa-server-2
:
roles
:
-
replica
-
centos
platform
:
el-8-x86_64
hypervisor
:
vagrant
box
:
centos/8
box_check_update
:
false
vagrant_memsize
:
2048
vagrant_cpus
:
2
ip
:
10.10.10.36
ipa-client-centos
:
roles
:
-
client
-
client-centos7
-
centos
platform
:
el-7-x86_64
hypervisor
:
vagrant
box
:
centos/7
box_version
:
1809.01
box_check_update
:
false
vagrant_memsize
:
1024
ip
:
10.10.10.37
ipa-client-ubuntu16
:
roles
:
-
client
-
client-ubuntu16
platform
:
ubuntu-1604-amd64
hypervisor
:
vagrant
box
:
ubuntu/xenial64
box_version
:
20181114.0.0
box_check_update
:
false
vagrant_memsize
:
1024
ip
:
10.10.10.38
CONFIG
:
type
:
foss
loglevel
:
debug
spec/acceptance/nodesets/default.yml
View file @
b2cce13a
...
...
@@ -12,7 +12,6 @@ HOSTS:
box_check_update
:
false
vagrant_memsize
:
2048
vagrant_cpus
:
2
ip
:
10.10.10.35
ipa-server-2
:
roles
:
-
replica
...
...
@@ -24,30 +23,15 @@ HOSTS:
box_check_update
:
false
vagrant_memsize
:
2048
vagrant_cpus
:
2
ip
:
10.10.10.36
ipa-client-centos
:
ipa-client-ubuntu18
:
roles
:
-
client
-
client-centos7
-
centos
platform
:
el-7-x86_64
hypervisor
:
vagrant
box
:
centos/7
box_version
:
1809.01
box_check_update
:
false
vagrant_memsize
:
1024
ip
:
10.10.10.37
ipa-client-ubuntu16
:
roles
:
-
client
-
client-ubuntu16
platform
:
ubuntu-1604-amd64
platform
:
ubuntu-1804-amd64
hypervisor
:
vagrant
box
:
ubuntu/
xenial
64
box_version
:
201
8
1114.0.0
box
:
ubuntu/
bionic
64
box_version
:
201
9
1114.0.0
box_check_update
:
false
vagrant_memsize
:
1024
ip
:
10.10.10.38
CONFIG
:
type
:
foss
...
...
spec/spec_helper_acceptance.rb
View file @
b2cce13a
...
...
@@ -10,6 +10,8 @@ run_puppet_install_helper
install_module_on
(
hosts
)
install_module_dependencies_on
(
hosts
)
ip_master
=
fact_on
(
'master'
,
'networking.interfaces.eth1.ip'
)
RSpec
.
configure
do
|
c
|
c
.
before
:suite
do
# Configure all nodes in nodeset
...
...
@@ -34,79 +36,54 @@ RSpec.configure do |c|
on
host
,
puppet
(
"resource exec 'git clone
#{
modname
}
' command='git clone
#{
giturl
}
/etc/puppetlabs/code/environments/production/modules/
#{
modname
}
' path=/usr/bin"
)
end
# Configure /etc/hosts for each node.
# WARNING : function hosts_as() return an array.
# But here we use several roles dedicated, used only once time in nodeset.
# This permit to use one different IP for each role : master, replica, client-centos7 and client-ubuntu16.
# Here master with ip address 10.10.10.35
hosts_as
(
'master'
).
each
do
|
master
|
pp
=
<<-
EOS
exec { 'set master /etc/hosts':
path => '/bin/',
command => 'echo -e "127.0.0.1 ipa-server-1.example.lan ipa-server-1
\n
::1 ip6-localhost ip6-loopback
\n
fe00::0 ip6-localnet
\n
ff00::0 ip6-mcastprefix
\n
ff02::1 ip6-allnodes
\n
ff02::2 ip6-allrouters
\n\n
10.10.10.35
ipa-server-1.example.lan ipa-server-1
\n
" > /etc/hosts',
command => 'echo -e "127.0.0.1 ipa-server-1.example.lan ipa-server-1
\n
::1 ip6-localhost ip6-loopback
\n
fe00::0 ip6-localnet
\n
ff00::0 ip6-mcastprefix
\n
ff02::1 ip6-allnodes
\n
ff02::2 ip6-allrouters
\n\n
#{
ip_master
}
ipa-server-1.example.lan ipa-server-1
\n
" > /etc/hosts',
}
EOS
apply_manifest_on
(
master
,
pp
,
catch_failures:
true
,
debug:
true
)
end
# Here replica with ip address 10.10.10.36
hosts_as
(
'replica'
).
each
do
|
replica
|
ip_replica
=
fact_on
(
'replica'
,
'networking.interfaces.eth1.ip'
)
pp
=
<<-
EOS
exec { 'set replica /etc/hosts':
path => '/bin/',
command => 'echo -e "127.0.0.1 ipa-server-2.example.lan ipa-server-2
\n
::1 ip6-localhost ip6-loopback
\n
fe00::0 ip6-localnet
\n
ff00::0 ip6-mcastprefix
\n
ff02::1 ip6-allnodes
\n
ff02::2 ip6-allrouters
\n\n
10.10.10.36
ipa-server-2.example.lan ipa-server-2
\n
" > /etc/hosts',
command => 'echo -e "127.0.0.1 ipa-server-2.example.lan ipa-server-2
\n
::1 ip6-localhost ip6-loopback
\n
fe00::0 ip6-localnet
\n
ff00::0 ip6-mcastprefix
\n
ff02::1 ip6-allnodes
\n
ff02::2 ip6-allrouters
\n\n
#{
ip_replica
}
ipa-server-2.example.lan ipa-server-2
\n
" > /etc/hosts',
}
class { 'resolv_conf':
nameservers => ['
10.10.10.35
'],
nameservers => ['
#{
ip_master
}
'],
}
host {'ipa-server-1.example.lan':
ensure => present,
ip => '
10.10.10.35
',
ip => '
#{
ip_master
}
',
}
EOS
apply_manifest_on
(
replica
,
pp
,
catch_failures:
true
,
debug:
true
)
end
# Here a first client running CentOS7 with ip address 10.10.10.37
hosts_as
(
'client-centos7'
).
each
do
|
clientcentos7
|
pp
=
<<-
EOS
exec { 'set client centos /etc/hosts':
path => '/bin/',
command => 'echo -e "127.0.0.1 ipa-client-centos.example.lan ipa-server-2
\n
::1 ip6-localhost ip6-loopback
\n
fe00::0 ip6-localnet
\n
ff00::0 ip6-mcastprefix
\n
ff02::1 ip6-allnodes
\n
ff02::2 ip6-allrouters
\n\n
10.10.10.37 ipa-client-centos.example.lan ipa-client-centos
\n
" > /etc/hosts',
}
EOS
apply_manifest_on
(
clientcentos7
,
pp
,
catch_failures:
true
)
end
# Here a second client running Ubuntu1604 with ip address 10.10.10.38
hosts_as
(
'client-ubuntu16'
).
each
do
|
clientubuntu16
|
pp
=
<<-
EOS
exec { 'set client ubuntu /etc/hosts':
path => '/bin/',
command => 'echo -e "127.0.0.1 ipa-client-ubuntu16.example.lan ipa-server-2
\n
::1 ip6-localhost ip6-loopback
\n
fe00::0 ip6-localnet
\n
ff00::0 ip6-mcastprefix
\n
ff02::1 ip6-allnodes
\n
ff02::2 ip6-allrouters
\n\n
10.10.10.38 ipa-client-ubuntu16.example.lan ipa-client-ubuntu16
\n
" > /etc/hosts',
}
EOS
apply_manifest_on
(
clientubuntu16
,
pp
,
catch_failures:
true
)
end
# WARNING : function hosts_as() return an array. We now use hosts_as() normaly with several nodes returned.
# * all clients have role 'client' in nodeset.
# * all nodes running CentOS have role 'centos' in nodeset.
# WARNING : function hosts_as() return an array.
# We now use hosts_as() normaly with several nodes returned.
# All clients have role 'client' in nodeset.
# Configure all clients nodes.
hosts_as
(
'client'
).
each
do
|
client
|
ip_client
=
fact_on
(
'client'
,
'networking.interfaces.enp0s8.ip'
)
pp
=
<<-
EOS
exec { 'set client ubuntu /etc/hosts':
path => '/bin/',
command => 'echo -e "127.0.0.1
#{
client
}
.example.lan
#{
client
}
\n
::1 ip6-localhost ip6-loopback
\n
fe00::0 ip6-localnet
\n
ff00::0 ip6-mcastprefix
\n
ff02::1 ip6-allnodes
\n
ff02::2 ip6-allrouters
\n\n
#{
ip_client
}
#{
client
}
.example.lan
#{
client
}
\n
" > /etc/hosts',
}
class { 'resolv_conf':
nameservers => ['
10.10.10.35
'],
nameservers => ['
#{
ip_master
}
'],
}
host {'ipa-server-1.example.lan':
ensure => present,
ip => '
10.10.10.35
',
ip => '
#{
ip_master
}
',
}
EOS
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment