Commit 7336eaa6 authored by Scott Barthelemy's avatar Scott Barthelemy Committed by Fabien Combernous

Resolve "Convert module to pdk"

parent e7e10384
.git/
.*.sw[op]
.metadata
.yardoc
.yardwarns
*.iml
/.bundle/
/.idea/
/.vagrant/
/coverage/
/bin/
/doc/
/Gemfile.local
/Gemfile.lock
/junit/
/log/
/pkg/
/spec/fixtures/manifests/
/spec/fixtures/modules/
/tmp/
/vendor/
/convert_report.txt
/update_report.txt
.DS_Store
*.swp
*.bak
*~
pkg
spec/fixtures/
.idea/
.vagrant/
Gemfile.lock
log/
---
stages:
- validate-syntax
- test-unit
- acceptance-puppet4
- acceptance-puppet5
cache:
paths:
- vendor/bundle
before_script:
- bundle -v
- bundle install --path vendor/bundle
- pdk --version
pdk_validate:
stage: 'validate-syntax'
script:
- pdk validate
tags:
- puppet-tests
pdk_test_unit:
stage: 'test-unit'
script:
- pdk test unit
tags:
- puppet-tests
acceptance_with_puppet4:
stage: 'acceptance-puppet4'
image: ruby:2.1.9
variables:
BEAKER_PUPPET_COLLECTION: 'pc1'
PUPPET_GEM_VERSION: '~> 4.10'
BEAKER_debug: 'true'
script:
- bundle exec rspec spec/acceptance
- pdk bundle exec rake beaker:default
tags:
- puppet-tests
acceptance_with_puppet5_ubuntu:
acceptance_with_puppet5:
stage: 'acceptance-puppet5'
image: ruby:2.4.4
variables:
BEAKER_PUPPET_COLLECTION: 'puppet5'
PUPPET_GEM_VERSION: '~> 5.5'
BEAKER_debug: 'true'
script:
- bundle exec rspec spec/acceptance
- pdk bundle exec rake beaker:default
tags:
- puppet-tests
.git/
.*.sw[op]
.metadata
.yardoc
.yardwarns
*.iml
/.bundle/
/.idea/
/.vagrant/
/coverage/
/bin/
/doc/
/Gemfile.local
/Gemfile.lock
/junit/
/log/
/pkg/
/spec/fixtures/manifests/
/spec/fixtures/modules/
/tmp/
/vendor/
/convert_report.txt
/update_report.txt
.DS_Store
--color
--format documentation
---
require: rubocop-rspec
AllCops:
DisplayCopNames: true
TargetRubyVersion: '2.4'
Include:
- "./**/*.rb"
Exclude:
- bin/*
- ".vendor/**/*"
- "**/Gemfile"
- "**/Rakefile"
- pkg/**/*
- spec/fixtures/**/*
- vendor/**/*
- "**/Puppetfile"
- "**/Vagrantfile"
- "**/Guardfile"
Metrics/LineLength:
Description: People have wide screens, use them.
Max: 200
RSpec/BeforeAfterAll:
Description: Beware of using after(:all) as it may cause state to leak between tests.
A necessary evil in acceptance testing.
Exclude:
- spec/acceptance/**/*.rb
RSpec/HookArgument:
Description: Prefer explicit :each argument, matching existing module's style
EnforcedStyle: each
Style/BlockDelimiters:
Description: Prefer braces for chaining. Mostly an aesthetical choice. Better to
be consistent then.
EnforcedStyle: braces_for_chaining
Style/ClassAndModuleChildren:
Description: Compact style reduces the required amount of indentation.
EnforcedStyle: compact
Style/EmptyElse:
Description: Enforce against empty else clauses, but allow `nil` for clarity.
EnforcedStyle: empty
Style/FormatString:
Description: Following the main puppet project's style, prefer the % format format.
EnforcedStyle: percent
Style/FormatStringToken:
Description: Following the main puppet project's style, prefer the simpler template
tokens over annotated ones.
EnforcedStyle: template
Style/Lambda:
Description: Prefer the keyword for easier discoverability.
EnforcedStyle: literal
Style/RegexpLiteral:
Description: Community preference. See https://github.com/voxpupuli/modulesync_config/issues/168
EnforcedStyle: percent_r
Style/TernaryParentheses:
Description: Checks for use of parentheses around ternary conditions. Enforce parentheses
on complex expressions for better readability, but seriously consider breaking
it up.
EnforcedStyle: require_parentheses_when_complex
Style/TrailingCommaInArguments:
Description: Prefer always trailing comma on multiline argument lists. This makes
diffs, and re-ordering nicer.
EnforcedStyleForMultiline: comma
Style/TrailingCommaInArrayLiteral:
Description: Prefer always trailing comma on multiline literals. This makes diffs,
and re-ordering nicer.
EnforcedStyleForMultiline: comma
Style/SymbolArray:
Description: Using percent style obscures symbolic intent of array's contents.
EnforcedStyle: brackets
RSpec/MessageSpies:
EnforcedStyle: receive
Style/Documentation:
Exclude:
- lib/puppet/parser/functions/**/*
- spec/**/*
Style/WordArray:
EnforcedStyle: brackets
Style/CollectionMethods:
Enabled: true
Style/MethodCalledOnDoEndBlock:
Enabled: true
Style/StringMethods:
Enabled: true
Layout/EndOfLine:
Enabled: false
Layout/IndentHeredoc:
Enabled: false
Metrics/AbcSize:
Enabled: false
Metrics/BlockLength:
Enabled: false
Metrics/ClassLength:
Enabled: false
Metrics/CyclomaticComplexity:
Enabled: false
Metrics/MethodLength:
Enabled: false
Metrics/ModuleLength:
Enabled: false
Metrics/ParameterLists:
Enabled: false
Metrics/PerceivedComplexity:
Enabled: false
RSpec/DescribeClass:
Enabled: false
RSpec/ExampleLength:
Enabled: false
RSpec/MessageExpectation:
Enabled: false
RSpec/MultipleExpectations:
Enabled: false
RSpec/NestedGroups:
Enabled: false
Style/AsciiComments:
Enabled: false
Style/IfUnlessModifier:
Enabled: false
Style/SymbolProc:
Enabled: false
.gitlab-ci.yml:
unmanaged: true
.travis.yml:
delete: true
.rubocop.yml:
unmanaged: true
Gemfile:
required:
':development':
- gem: 'facter'
- gem: 'hiera'
- gem: 'parallel_tests'
- gem: 'rspec-puppet'
- gem: 'puppetlabs_spec_helper'
- gem: 'beaker'
- gem: 'beaker-puppet'
- gem: 'beaker-rspec'
- gem: 'beaker-puppet_install_helper'
- gem: 'beaker-module_install_helper'
- gem: 'metadata-json-lint'
- gem: 'puppet-lint'
- gem: 'rspec'
- gem: 'rake'
- gem: 'beaker-vagrant'
- gem: 'net-telnet'
gem: 'net-telnet'
condition: "Gem::Version.new(RUBY_VERSION.dup) == Gem::Version.new('2.1.9')"
version: '< 0.2.0'
- gem: 'rubocop'
condition: "Gem::Version.new(RUBY_VERSION.dup) == Gem::Version.new('2.1.9')"
version: '< 0.58.0'
- gem: 'net-telnet'
condition: "Gem::Version.new(RUBY_VERSION.dup) == Gem::Version.new('2.4.4')"
version: '>= 0.2.0'
- gem: 'rubocop'
condition: "Gem::Version.new(RUBY_VERSION.dup) == Gem::Version.new('2.4.4')"
version: '>= 0.58.0'
rvm: 2.2
notifications:
email:
- johnpuskar@gmail.com
env:
- PUPPET_VERSION=4.3.2
--markup markdown
source 'https://rubygems.org'
source ENV['GEM_SOURCE'] || 'https://rubygems.org'
group :development do
# controlrepo is a helper tool to setup spec and integration testing inside of a
# Puppet control repository. We're not using the rake rakes, but instead
# directly invoking `rspec spec` in an effort to cut down on the amount of
# implicit, magic behavior. The controlrepo gem provides value in the form of
# an updated set of dependencies suitable for spec testing using rspec-puppet.
#
# https://github.com/jeffmccune/controlrepo_gem
gem 'controlrepo'
def location_for(place_or_version, fake_version = nil)
if place_or_version =~ %r{\A(git[:@][^#]*)#(.*)}
[fake_version, { git: Regexp.last_match(1), branch: Regexp.last_match(2), require: false }].compact
elsif place_or_version =~ %r{\Afile:\/\/(.*)}
['>= 0', { path: File.expand_path(Regexp.last_match(1)), require: false }]
else
[place_or_version, { require: false }]
end
end
group :test, :development do
gem 'facter'
gem 'hiera'
gem 'parallel_tests'
# other testing gems we want
gem 'rspec-puppet'
gem 'puppetlabs_spec_helper'
gem 'beaker-puppet'
gem 'beaker-docker'
gem 'beaker'
gem 'beaker-rspec'
gem 'beaker-puppet_install_helper'
gem 'beaker-module_install_helper'
gem 'metadata-json-lint'
gem 'puppet-lint'
gem 'rspec'
gem 'rake'
# net-telnet 0.2.0 requires Ruby version >= 2.3.0
# rubocop 0.58.0 requires Ruby version >= 2.2.0
if RUBY_VERSION == '2.1.9'
gem 'net-telnet', '< 0.2.0'
gem 'rubocop', '< 0.58.0'
elsif RUBY_VERSION == '2.4.4'
gem 'net-telnet', '>= 0.2.0'
gem 'rubocop', '>= 0.58.0'
def gem_type(place_or_version)
if place_or_version =~ %r{\Agit[:@]}
:git
elsif !place_or_version.nil? && place_or_version.start_with?('file:')
:file
else
:gem
end
end
ruby_version_segments = Gem::Version.new(RUBY_VERSION.dup).segments
minor_version = ruby_version_segments[0..1].join('.')
group :development do
gem "fast_gettext", '1.1.0', require: false if Gem::Version.new(RUBY_VERSION.dup) < Gem::Version.new('2.1.0')
gem "fast_gettext", require: false if Gem::Version.new(RUBY_VERSION.dup) >= Gem::Version.new('2.1.0')
gem "json_pure", '<= 2.0.1', require: false if Gem::Version.new(RUBY_VERSION.dup) < Gem::Version.new('2.0.0')
gem "json", '= 1.8.1', require: false if Gem::Version.new(RUBY_VERSION.dup) == Gem::Version.new('2.1.9')
gem "json", '<= 2.0.4', require: false if Gem::Version.new(RUBY_VERSION.dup) == Gem::Version.new('2.4.4')
gem "puppet-module-posix-default-r#{minor_version}", require: false, platforms: [:ruby]
gem "puppet-module-posix-dev-r#{minor_version}", require: false, platforms: [:ruby]
gem "puppet-module-win-default-r#{minor_version}", require: false, platforms: [:mswin, :mingw, :x64_mingw]
gem "puppet-module-win-dev-r#{minor_version}", require: false, platforms: [:mswin, :mingw, :x64_mingw]
gem "facter", require: false
gem "hiera", require: false
gem "parallel_tests", require: false
gem "rspec-puppet", require: false
gem "puppetlabs_spec_helper", require: false
gem "beaker", require: false
gem "beaker-puppet", require: false
gem "beaker-rspec", require: false
gem "beaker-puppet_install_helper", require: false
gem "beaker-module_install_helper", require: false
gem "metadata-json-lint", require: false
gem "puppet-lint", require: false
gem "rspec", require: false
gem "rake", require: false
gem "beaker-vagrant", require: false
gem "net-telnet", '< 0.2.0', require: false if Gem::Version.new(RUBY_VERSION.dup) == Gem::Version.new('2.1.9')
gem "rubocop", '< 0.58.0', require: false if Gem::Version.new(RUBY_VERSION.dup) == Gem::Version.new('2.1.9')
gem "net-telnet", '>= 0.2.0', require: false if Gem::Version.new(RUBY_VERSION.dup) == Gem::Version.new('2.4.4')
gem "rubocop", '>= 0.58.0', require: false if Gem::Version.new(RUBY_VERSION.dup) == Gem::Version.new('2.4.4')
end
puppet_version = ENV['PUPPET_GEM_VERSION']
puppet_type = gem_type(puppet_version)
facter_version = ENV['FACTER_GEM_VERSION']
hiera_version = ENV['HIERA_GEM_VERSION']
gems = {}
gems['puppet'] = location_for(puppet_version)
# If facter or hiera versions have been specified via the environment
# variables
gems['facter'] = location_for(facter_version) if facter_version
gems['hiera'] = location_for(hiera_version) if hiera_version
if Gem.win_platform? && puppet_version =~ %r{^(file:///|git://)}
# If we're using a Puppet gem on Windows which handles its own win32-xxx gem
# dependencies (>= 3.5.0), set the maximum versions (see PUP-6445).
gems['win32-dir'] = ['<= 0.4.9', require: false]
gems['win32-eventlog'] = ['<= 0.6.5', require: false]
gems['win32-process'] = ['<= 0.7.5', require: false]
gems['win32-security'] = ['<= 0.2.5', require: false]
gems['win32-service'] = ['0.8.8', require: false]
end
gems.each do |gem_name, gem_params|
gem gem_name, *gem_params
end
# Evaluate Gemfile.local and ~/.gemfile if they exist
extra_gemfiles = [
"#{__FILE__}.local",
File.join(Dir.home, '.gemfile'),
]
extra_gemfiles.each do |gemfile|
if File.file?(gemfile) && File.readable?(gemfile)
eval(File.read(gemfile), binding)
end
end
# vim: syntax=ruby
# freeipa Puppet module
[![Build Status](https://travis-ci.org/jpuskar/puppet-ipa.svg?branch=master)](https://travis-ci.org/jpuskar/puppet-ipa)
# Freeipa Puppet module
## Overview
This module will install and configure IPA servers, replicas, and clients. This module was forked from huit-ipa,
and refactored with a focus on simplicity and ease of use.
#### Table of Contents
The following features work great:
- Creating a domain.
- Adding IPA server replicas.
- Joining clients.
- WebUI proxy to https://localhost:8440 (for vagrant testing).
1. [Description](#description)
2. [Setup - The basics of getting started with Freeipa Puppet Module](#setup)
* [What Freeipa Puppet module affects](#what-freeipa-pupppet-module-affects)
* [Setup requirements](#setup-requirements)
3. [Usage - Configuration options and additional functionality](#usage)
4. [Limitations - OS compatibility, etc.](#limitations)
5. [Authors](#authors)
6. [License](#license)
The following features were stripped out and are currently unavailable:
- Autofs configuration.
- Sudo rule management.
- Host management (beyond simple clinet domain joins).
- Host joins via one time passwords.
- Dns zone management (beyond creating an initial zone).
## Description
This module will install and configure IPA servers, replicas, and clients. This module was forked from jpuskar/puppet-ipa, implementing few features like gitlab-ci, pdk and beaker.
## Setup
### What Freeipa Pupppet module affects
The module doesn't affect a previous installation of FreeIPA, it will fail trying.
Below are all the things affected:
- Modifiy /etc/hosts
- Install the following packages if not present: autofs, bind-dyndb-ldap, epel-release, sssd-common, sssdtools, ipa-client, ipa-server, ipa-server-dns, kstart, openldap-clients
- Modify /etc/resolv.conf
- Add to selinux port 8440
Installation of Freeipa server will obviously install a ntp server, a DNS server, a LDAP Directory, a Kerberos server, apache, Certmonger and PKI Tomcat.
### Setup Requirements
## Dependencies
This module requires [puppetlabs/stdlib](https://forge.puppetlabs.com/puppetlabs/stdlib) >= 4.13.0.
## Usage
......@@ -74,156 +86,12 @@ ipa_master_fqdn => 'ipa-server-1.vagrant.example.lan',
}
```
### Mandatory Parameters
#### `domain`
Mandatory. The name of the IPA domain to create or join.
#### `ipa_role`
Mandatory. What role the node will be. Options are 'master', 'replica', and 'client'.
#### `admin_password`
Mandatory if `ipa_role` is set as 'Master' or 'Replica'.
Password which will be assigned to the IPA account named 'admin'.
#### `directory_services_password`
Mandatory if `ipa_role` is set as 'Master'.
Password which will be passed into the ipa setup's parameter named "--ds-password".
### Optional Parameters
#### `autofs_package_name`
Name of the autofs package to install if enabled.
#### `configure_dns_server`
If true, then the parameter '--setup-dns' is passed to the IPA server installer.
Also, triggers the install of the required dns server packages.
#### `configure_ntp`
If false, then the parameter '--no-ntp' is passed to the IPA server installer.
#### `custom_dns_forwarders`
Each element in this array is prefixed with '--forwarder ' and passed to the IPA server installer.
#### `domain_join_principal`
The principal (usually username) used to join a client or replica to the IPA domain.
#### `domain_join_password`
The password for the domain_join_principal.
#### `enable_hostname`
If true, then the parameter '--hostname' is populated with the parameter 'ipa_server_fqdn'
and passed to the IPA installer.
#### `enable_ip_address`
If true, then the parameter '--ip-address' is populated with the parameter 'ip_address'
and passed to the IPA installer.
#### `fixed_primary`
If true, then the parameter '--fixed-primary' is passed to the IPA installer.
#### `idstart`
From the IPA man pages: "The starting user and group id number".
#### `install_autofs`
If true, then the autofs packages are installed.
#### `install_epel`
If true, then the epel repo is installed. The epel repo is usually required for sssd packages.
#### `install_kstart`
If true, then the kstart packages are installed.
#### `install_ldaputils`
If true, then the ldaputils packages are installed.
#### `install_sssdtools`
If true, then the sssdtools packages are installed.
#### `ipa_client_package_name`
Name of the IPA client package.
#### `ipa_server_package_name`
Name of the IPA server package.
#### `install_ipa_client`
If true, then the IPA client packages are installed if the parameter 'ipa_role' is set to 'client'.
#### `install_ipa_server`
If true, then the IPA server packages are installed if the parameter 'ipa_role' is not set to 'client'.
#### `install_sssd`
If true, then the sssd packages are installed.
#### `ip_address`
IP address to pass to the IPA installer.
#### `ipa_server_fqdn`
Actual fqdn of the IPA server or client.
#### `kstart_package_name`
Name of the kstart package.
#### `ldaputils_package_name`
Name of the ldaputils package.
#### `ipa_master_fqdn`
FQDN of the server to use for a client or replica domain join.
#### `manage_host_entry`
If true, then a host entry is created using the parameters 'ipa_server_fqdn' and 'ip_address'.
#### `mkhomedir`
If true, then the parameter '--mkhomedir' is passed to the IPA client installer.
#### `no_ui_redirect`
If true, then the parameter '--no-ui-redirect' is passed to the IPA server installer.
#### `realm`
The name of the IPA realm to create or join.
#### `sssd_package_name`
Name of the sssd package.
#### `sssdtools_package_name`
Name of the sssdtools package.
#### `webui_disable_kerberos`
If true, then /etc/httpd/conf.d/ipa.conf is written to exclude kerberos support for
incoming requests whose HTTP_HOST variable match the parameter 'webio_proxy_external_fqdn'.
This allows the IPA Web UI to work on a proxied port, while allowing IPA client access to
function as normal.
#### `webui_enable_proxy`
If true, then httpd is configured to act as a reverse proxy for the IPA Web UI. This allows
for the Web UI to be accessed from different ports and hostnames than the default.
#### `webui_force_https`
If true, then /etc/httpd/conf.d/ipa-rewrite.conf is modified to force all connections to https.
This is necessary to allow the WebUI to be accessed behind a reverse proxy when using nonstandard
ports.
#### `webui_proxy_external_fqdn`
The public or external FQDN used to access the IPA Web UI behind the reverse proxy.
#### `webui_proxy_https_port`
The HTTPS port to use for the reverse proxy. Cannot be 443.
### Parameters
A description of all the parameterrs can be found in `REFERENCE.md`.
## Limitations
This module has only been tested on Centos 7.
## Testing
A vagrantfile is provided for easy testing.
Steps to get started:
1. Install vagrant.
1. Install virtualbox.
1. Clone this repo.
1. Run `vagrant up` in a terminal window from the root of the repo.
1. Open a browser and navigate to `https://localhost:8440`.
Log in with username `admin` and password `vagrant123`.
IPA masters and replicas works only on Centos >= 7.5
## Authors
......@@ -240,16 +108,17 @@ then forked by ADULLACT (https://gitlab.adullact.net/adullact/puppet-freeipa) cu
Copyright (C) 2013 Harvard University Information Technology
Copyright (C) 2018 Association des Développeurs et Utilisateurs de Logiciels Libres
pour les Administrations et Colléctivités Territoriales.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
This diff is collapsed.
require 'rubygems'
require 'puppetlabs_spec_helper/rake_tasks'
require 'puppet-lint/tasks/puppet-lint'
PuppetLint.configuration.send('disable_80chars')
PuppetLint.configuration.ignore_paths = ["spec/**/*.pp", "pkg/**/*.pp"]
require 'puppet-syntax/tasks/puppet-syntax'
require 'puppet_blacksmith/rake_tasks' if Bundler.rubygems.find_name('puppet-blacksmith').any?
require 'github_changelog_generator/task' if Bundler.rubygems.find_name('github_changelog_generator').any?
# Forsake support for Puppet 2.6.2 for the benefit of cleaner code.
# http://puppet-lint.com/checks/class_inherits_from_params_class/
PuppetLint.configuration.send('disable_class_inherits_from_params_class')
def changelog_user
return unless Rake.application.top_level_tasks.include? "changelog"
returnVal = nil || JSON.load(File.read('metadata.json'))['author']
raise "unable to find the changelog_user in .sync.yml, or the author in metadata.json" if returnVal.nil?
puts "GitHubChangelogGenerator user:#{returnVal}"
returnVal
end
def changelog_project
return unless Rake.application.top_level_tasks.include? "changelog"
returnVal = nil || JSON.load(File.read('metadata.json'))['name']
raise "unable to find the changelog_project in .sync.yml or the name in metadata.json" if returnVal.nil?
puts "GitHubChangelogGenerator project:#{returnVal}"
returnVal
end
def changelog_future_release
return unless Rake.application.top_level_tasks.include? "changelog"
returnVal = JSON.load(File.read('metadata.json'))['version']
raise "unable to find the future_release (version) in metadata.json" if returnVal.nil?
puts "GitHubChangelogGenerator future_release:#{returnVal}"
returnVal
end
PuppetLint.configuration.send('disable_relative')
if Bundler.rubygems.find_name('github_changelog_generator').any?
GitHubChangelogGenerator::RakeTask.new :changelog do |config|
raise "Set CHANGELOG_GITHUB_TOKEN environment variable eg 'export CHANGELOG_GITHUB_TOKEN=valid_token_here'" if Rake.application.top_level_tasks.include? "changelog" and ENV['CHANGELOG_GITHUB_TOKEN'].nil?
config.user = "#{changelog_user}"
config.project = "#{changelog_project}"
config.future_release = "#{changelog_future_release}"
config.exclude_labels = ['maintenance']
config.header = "# Change log\n\nAll notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org)."
config.add_pr_wo_labels = true
config.issues = false
config.merge_prefix = "### UNCATEGORIZED PRS; GO LABEL THEM"
config.configure_sections = {
"Changed" => {
"prefix" => "### Changed",
"labels" => ["backwards-incompatible"],
},
"Added" => {
"prefix" => "### Added",
"labels" => ["feature", "enhancement"],
},
"Fixed" => {
"prefix" => "### Fixed",
"labels" => ["bugfix"],
},
}
end
else
desc 'Generate a Changelog from GitHub'
task :changelog do
raise <<EOM
The changelog tasks depends on unreleased features of the github_changelog_generator gem.
Please manually add it to your .sync.yml for now, and run `pdk update`:
---
Gemfile:
optional:
':development':
- gem: 'github_changelog_generator'
git: 'https://github.com/skywinder/github-changelog-generator'
ref: '20ee04ba1234e9e83eb2ffb5056e23d641c7a018'
condition: "Gem::Version.new(RUBY_VERSION.dup) >= Gem::Version.new('2.2.2')"