Commit b2cce13a authored by Fabien Combernous's avatar Fabien Combernous

Resolve "use facter to get ip during acceptance"

parent d386a01c
require 'spec_helper_acceptance'
ip_master = fact_on('master', 'networking.interfaces.eth1.ip')
ip_replica = fact_on('replica', 'networking.interfaces.eth1.ip')
describe 'class freeipa' do
context 'with ipa_role master' do
hosts_as('master').each do |master|
......@@ -11,7 +14,7 @@ describe 'class freeipa' do
puppet_admin_password => 's^ecr@et.ea;R/O*=?j!.QsAu+$',
directory_services_password => 's^ecr@et.ea;R/O*=?j!.QsAu+$',
install_ipa_server => true,
ip_address => '10.10.10.35',
ip_address => '#{ip_master}',
enable_ip_address => true,
enable_hostname => true,
manage_host_entry => true,
......@@ -45,7 +48,7 @@ describe 'class freeipa' do
directory_services_password => 's^ecr@et.ea;R/O*=?j!.QsAu+$',
password_usedto_joindomain => 's^ecr@et.ea;R/O*=?j!.QsAu+$',
install_ipa_server => true,
ip_address => '10.10.10.36',
ip_address => '#{ip_replica}',
enable_ip_address => true,
enable_hostname => true,
manage_host_entry => true,
......@@ -67,6 +70,7 @@ describe 'class freeipa' do
context 'with ipa_role client' do
hosts_as('client').each do |client|
ip_client = fact_on('client', 'networking.interfaces.enp0s8.ip')
it 'applies idempotently' do
pp = <<-EOS
class {'freeipa':
......@@ -75,7 +79,7 @@ describe 'class freeipa' do
puppet_admin_password => 's^ecr@et.ea;R/O*=?j!.QsAu+$',
directory_services_password => 's^ecr@et.ea;R/O*=?j!.QsAu+$',
password_usedto_joindomain => 's^ecr@et.ea;R/O*=?j!.QsAu+$',
ip_address => '10.10.10.37',
ip_address => '#{ip_client}',
install_epel => true,
ipa_master_fqdn => 'ipa-server-1.example.lan'
}
......@@ -98,7 +102,7 @@ describe 'class freeipa' do
puppet_admin_password => 's^ecr@et.ea;R/O*=?j!.QsAu+$',
directory_services_password => 's^ecr@et.ea;R/O*=?j!.QsAu+$',
install_ipa_server => true,
ip_address => '10.10.10.35',
ip_address => '#{ip_master}',
enable_ip_address => true,
enable_hostname => true,
manage_host_entry => true,
......@@ -122,7 +126,7 @@ describe 'class freeipa' do
puppet_admin_password => 's^ecr@et.ea;R/O*=?j!.QsAu+$',
directory_services_password => 's^ecr@et.ea;R/O*=?j!.QsAu+$',
password_usedto_joindomain => 's^ecr@et.ea;R/O*=?j!.QsAu+$',
ip_address => '10.10.10.35',
ip_address => '#{ip_master}',
install_epel => true,
ipa_master_fqdn => 'ipa-server-1.example.lan'
}
......@@ -132,63 +136,4 @@ describe 'class freeipa' do
end
end
end
context 'Test ssh connnections for jsmith user with pre-defined ssh-key' do
# Install ssh key on root on master
hosts_as('master').each do |master|
it 'doest a kinit with puppet admin user' do
on(master, "echo 's^ecr@et.ea;R/O*=?j!.QsAu+$' | kinit admin")
end
it 'creates user jsmith in freeipa' do
on(master, "echo 's^ecr@et.ea;R/O*=?j!.QsAu+$' | ipa user-add jsmith --first=John --last=Smith --password")
end
it 'creates ssh key' do
on(master, "ssh-keygen -t rsa -N '' -f /root/.ssh/id_rsa")
end
it 'adds the public key in freeipa to jsmith' do
on(master, 'key=`cat /root/.ssh/id_rsa.pub`; ipa user-mod jsmith --sshpubkey="$key"')
end
# Add HBAC Rule to give all ipa users access to ipa-client-centos
it 'creates a HBAC rule for all users' do
on(master, 'ipa hbacrule-add --usercat=all --servicecat=all allGroup')
end
it 'adds centos client to allGroup rule' do
on(master, 'ipa hbacrule-add-host --hosts=ipa-client-centos allGroup')
end
# Remove allow_all HBAC
it 'deletes the allow_all default rule' do
on(master, 'ipa hbacrule-del allow_all')
end
it 'ssh on allowed host' do
pp = <<-EOS
exec { 'test ssh':
path => '/bin/',
command => 'ssh -o "StrictHostKeyChecking no" jsmith@10.10.10.37 id',
returns => "0"
}
EOS
apply_manifest_on(master, pp, catch_failures: true)
end
it 'ssh on not allowed host ' do
pp = <<-EOS
exec { 'test ssh':
path => '/bin/',
command => 'ssh -o "StrictHostKeyChecking no" jsmith@localhost id',
returns => "255"
}
EOS
apply_manifest_on(master, pp, catch_failures: true)
end
end
end
end
---
HOSTS:
ipa-server-1:
roles:
- default
- master
- centos
platform: el-8-x86_64
hypervisor: vagrant
box: centos/8
box_check_update: false
vagrant_memsize: 2048
vagrant_cpus: 2
ip: 10.10.10.35
ipa-server-2:
roles:
- replica
- centos
platform: el-8-x86_64
hypervisor: vagrant
box: centos/8
box_check_update: false
vagrant_memsize: 2048
vagrant_cpus: 2
ip: 10.10.10.36
ipa-client-centos:
roles:
- client
- client-centos7
- centos
platform: el-7-x86_64
hypervisor: vagrant
box: centos/7
box_version: 1809.01
box_check_update: false
vagrant_memsize: 1024
ip: 10.10.10.37
ipa-client-ubuntu16:
roles:
- client
- client-ubuntu16
platform: ubuntu-1604-amd64
hypervisor: vagrant
box: ubuntu/xenial64
box_version: 20181114.0.0
box_check_update: false
vagrant_memsize: 1024
ip: 10.10.10.38
CONFIG:
type: foss
loglevel: debug
......@@ -12,7 +12,6 @@ HOSTS:
box_check_update: false
vagrant_memsize: 2048
vagrant_cpus: 2
ip: 10.10.10.35
ipa-server-2:
roles:
- replica
......@@ -24,30 +23,15 @@ HOSTS:
box_check_update: false
vagrant_memsize: 2048
vagrant_cpus: 2
ip: 10.10.10.36
ipa-client-centos:
ipa-client-ubuntu18:
roles:
- client
- client-centos7
- centos
platform: el-7-x86_64
hypervisor: vagrant
box: centos/7
box_version: 1809.01
box_check_update: false
vagrant_memsize: 1024
ip: 10.10.10.37
ipa-client-ubuntu16:
roles:
- client
- client-ubuntu16
platform: ubuntu-1604-amd64
platform: ubuntu-1804-amd64
hypervisor: vagrant
box: ubuntu/xenial64
box_version: 20181114.0.0
box: ubuntu/bionic64
box_version: 20191114.0.0
box_check_update: false
vagrant_memsize: 1024
ip: 10.10.10.38
CONFIG:
type: foss
......
......@@ -10,6 +10,8 @@ run_puppet_install_helper
install_module_on(hosts)
install_module_dependencies_on(hosts)
ip_master = fact_on('master', 'networking.interfaces.eth1.ip')
RSpec.configure do |c|
c.before :suite do
# Configure all nodes in nodeset
......@@ -34,79 +36,54 @@ RSpec.configure do |c|
on host, puppet("resource exec 'git clone #{modname}' command='git clone #{giturl} /etc/puppetlabs/code/environments/production/modules/#{modname}' path=/usr/bin")
end
# Configure /etc/hosts for each node.
# WARNING : function hosts_as() return an array.
# But here we use several roles dedicated, used only once time in nodeset.
# This permit to use one different IP for each role : master, replica, client-centos7 and client-ubuntu16.
# Here master with ip address 10.10.10.35
hosts_as('master').each do |master|
pp = <<-EOS
exec { 'set master /etc/hosts':
path => '/bin/',
command => 'echo -e "127.0.0.1 ipa-server-1.example.lan ipa-server-1\n ::1 ip6-localhost ip6-loopback\n fe00::0 ip6-localnet\n ff00::0 ip6-mcastprefix\n ff02::1 ip6-allnodes\n ff02::2 ip6-allrouters\n\n 10.10.10.35 ipa-server-1.example.lan ipa-server-1\n" > /etc/hosts',
command => 'echo -e "127.0.0.1 ipa-server-1.example.lan ipa-server-1\n ::1 ip6-localhost ip6-loopback\n fe00::0 ip6-localnet\n ff00::0 ip6-mcastprefix\n ff02::1 ip6-allnodes\n ff02::2 ip6-allrouters\n\n #{ip_master} ipa-server-1.example.lan ipa-server-1\n" > /etc/hosts',
}
EOS
apply_manifest_on(master, pp, catch_failures: true, debug: true)
end
# Here replica with ip address 10.10.10.36
hosts_as('replica').each do |replica|
ip_replica = fact_on('replica', 'networking.interfaces.eth1.ip')
pp = <<-EOS
exec { 'set replica /etc/hosts':
path => '/bin/',
command => 'echo -e "127.0.0.1 ipa-server-2.example.lan ipa-server-2\n ::1 ip6-localhost ip6-loopback\n fe00::0 ip6-localnet\n ff00::0 ip6-mcastprefix\n ff02::1 ip6-allnodes\n ff02::2 ip6-allrouters\n\n 10.10.10.36 ipa-server-2.example.lan ipa-server-2\n" > /etc/hosts',
command => 'echo -e "127.0.0.1 ipa-server-2.example.lan ipa-server-2\n ::1 ip6-localhost ip6-loopback\n fe00::0 ip6-localnet\n ff00::0 ip6-mcastprefix\n ff02::1 ip6-allnodes\n ff02::2 ip6-allrouters\n\n #{ip_replica} ipa-server-2.example.lan ipa-server-2\n" > /etc/hosts',
}
class { 'resolv_conf':
nameservers => ['10.10.10.35'],
nameservers => ['#{ip_master}'],
}
host {'ipa-server-1.example.lan':
ensure => present,
ip => '10.10.10.35',
ip => '#{ip_master}',
}
EOS
apply_manifest_on(replica, pp, catch_failures: true, debug: true)
end
# Here a first client running CentOS7 with ip address 10.10.10.37
hosts_as('client-centos7').each do |clientcentos7|
pp = <<-EOS
exec { 'set client centos /etc/hosts':
path => '/bin/',
command => 'echo -e "127.0.0.1 ipa-client-centos.example.lan ipa-server-2\n ::1 ip6-localhost ip6-loopback\n fe00::0 ip6-localnet\n ff00::0 ip6-mcastprefix\n ff02::1 ip6-allnodes\n ff02::2 ip6-allrouters\n\n 10.10.10.37 ipa-client-centos.example.lan ipa-client-centos\n" > /etc/hosts',
}
EOS
apply_manifest_on(clientcentos7, pp, catch_failures: true)
end
# Here a second client running Ubuntu1604 with ip address 10.10.10.38
hosts_as('client-ubuntu16').each do |clientubuntu16|
pp = <<-EOS
exec { 'set client ubuntu /etc/hosts':
path => '/bin/',
command => 'echo -e "127.0.0.1 ipa-client-ubuntu16.example.lan ipa-server-2\n ::1 ip6-localhost ip6-loopback\n fe00::0 ip6-localnet\n ff00::0 ip6-mcastprefix\n ff02::1 ip6-allnodes\n ff02::2 ip6-allrouters\n\n 10.10.10.38 ipa-client-ubuntu16.example.lan ipa-client-ubuntu16\n" > /etc/hosts',
}
EOS
apply_manifest_on(clientubuntu16, pp, catch_failures: true)
end
# WARNING : function hosts_as() return an array. We now use hosts_as() normaly with several nodes returned.
# * all clients have role 'client' in nodeset.
# * all nodes running CentOS have role 'centos' in nodeset.
# WARNING : function hosts_as() return an array.
# We now use hosts_as() normaly with several nodes returned.
# All clients have role 'client' in nodeset.
# Configure all clients nodes.
hosts_as('client').each do |client|
ip_client = fact_on('client', 'networking.interfaces.enp0s8.ip')
pp = <<-EOS
exec { 'set client ubuntu /etc/hosts':
path => '/bin/',
command => 'echo -e "127.0.0.1 #{client}.example.lan #{client}\n ::1 ip6-localhost ip6-loopback\n fe00::0 ip6-localnet\n ff00::0 ip6-mcastprefix\n ff02::1 ip6-allnodes\n ff02::2 ip6-allrouters\n\n #{ip_client} #{client}.example.lan #{client}\n" > /etc/hosts',
}
class { 'resolv_conf':
nameservers => ['10.10.10.35'],
nameservers => ['#{ip_master}'],
}
host {'ipa-server-1.example.lan':
ensure => present,
ip => '10.10.10.35',
ip => '#{ip_master}',
}
EOS
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment