From 78f1ff00d09d0ebf8f132e70444b9bcf030b6711 Mon Sep 17 00:00:00 2001 From: Tomas Barton Date: Sun, 26 Jan 2014 09:36:35 +0100 Subject: [PATCH 01/10] replaces shared-lsb by puppetlabs/stdlib --- Modulefile | 2 +- Puppetfile | 2 +- Puppetfile.lock | 8 +++++++- README.md | 2 +- manifests/debian.pp | 4 +++- spec/classes/init_spec.rb | 24 ++++++++++++++++++++++++ spec/spec_helper.rb | 2 +- spec/spec_helper_system.rb | 1 + 8 files changed, 39 insertions(+), 6 deletions(-) create mode 100644 spec/classes/init_spec.rb diff --git a/Modulefile b/Modulefile index 5954df4..5e4f92d 100644 --- a/Modulefile +++ b/Modulefile @@ -7,4 +7,4 @@ summary 'ssh daemon configuration' description 'Manages sshd_config' project_page 'https://github.com/duritong/puppet-sshd' -#dependency 'puppetlabs/stdlib', '>= 0.1.6' \ No newline at end of file +dependency 'puppetlabs/stdlib', '>= 2.0.0' \ No newline at end of file diff --git a/Puppetfile b/Puppetfile index 113b12f..166d3b4 100644 --- a/Puppetfile +++ b/Puppetfile @@ -1,3 +1,3 @@ forge 'http://forge.puppetlabs.com' -#mod 'puppetlabs/stdlib', '>=0.1.6' \ No newline at end of file +mod 'puppetlabs/stdlib', '>=2.0.0' \ No newline at end of file diff --git a/Puppetfile.lock b/Puppetfile.lock index 51949ef..f938185 100644 --- a/Puppetfile.lock +++ b/Puppetfile.lock @@ -1,2 +1,8 @@ -DEPENDENCIES +FORGE + remote: http://forge.puppetlabs.com + specs: + puppetlabs/stdlib (4.1.0) + +DEPENDENCIES + puppetlabs/stdlib (>= 2.0.0) diff --git a/README.md b/README.md index bc85552..cafdf11 100644 --- a/README.md +++ b/README.md @@ -17,7 +17,7 @@ This module requires puppet => 2.6, and the following modules are required pre-dependencies: - shared-common: `git://labs.riseup.net/shared-common` -- shared-lsb: `git://labs.riseup.net/shared-lsb` +- [puppetlabs/stdlib](https://github.com/puppetlabs/puppetlabs-stdlib) >= 2.x ## OpenSSH Server diff --git a/manifests/debian.pp b/manifests/debian.pp index ced5db7..baacbba 100644 --- a/manifests/debian.pp +++ b/manifests/debian.pp @@ -1,7 +1,9 @@ class sshd::debian inherits sshd::linux { # the templates for Debian need lsbdistcodename - require lsb + ensure_resource('package', 'lsb-release', {'ensure' => 'present' }) + #requires stdlib >= 3.2 + #ensure_packages(['lsb-release']) Package[openssh]{ name => 'openssh-server', diff --git a/spec/classes/init_spec.rb b/spec/classes/init_spec.rb new file mode 100644 index 0000000..c1d9b6f --- /dev/null +++ b/spec/classes/init_spec.rb @@ -0,0 +1,24 @@ +require 'spec_helper' + +describe 'sshd' do + + + shared_examples "a Linux OS" do + it { should compile.with_all_deps } + it { should contain_class('sshd') } + it { should contain_class('sshd::client') } + end + + context "Debian OS" do + let :facts do + { + :operatingsystem => 'Debian', + :osfamily => 'Debian', + :lsbdistcodename => 'wheezy', + } + end + it_behaves_like "a Linux OS" + it { should contain_package('lsb-release') } + end + +end \ No newline at end of file diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index 2d83617..b4123fd 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -3,7 +3,7 @@ $LOAD_PATH.unshift File.join(dir, 'lib') require 'puppet' require 'rspec' require 'puppetlabs_spec_helper/module_spec_helper' -require 'rspec-hiera-puppet' +#require 'rspec-hiera-puppet' require 'rspec-puppet/coverage' require 'rspec/autorun' diff --git a/spec/spec_helper_system.rb b/spec/spec_helper_system.rb index 44e0337..2c6812f 100644 --- a/spec/spec_helper_system.rb +++ b/spec/spec_helper_system.rb @@ -20,5 +20,6 @@ RSpec.configure do |c| puppet_install # Install modules and dependencies puppet_module_install(:source => proj_root, :module_name => 'sshd') + shell('puppet module install puppetlabs-stdlib') end end From 035161ef168ca331bc47548af87ee872f550c33d Mon Sep 17 00:00:00 2001 From: Tomas Barton Date: Sun, 26 Jan 2014 11:19:11 +0100 Subject: [PATCH 02/10] basic init class specs --- manifests/base.pp | 1 + spec/classes/init_spec.rb | 92 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 93 insertions(+) diff --git a/manifests/base.pp b/manifests/base.pp index ef066e0..a0f1872 100644 --- a/manifests/base.pp +++ b/manifests/base.pp @@ -6,6 +6,7 @@ class sshd::base { } file { 'sshd_config': + ensure => present, path => '/etc/ssh/sshd_config', content => $sshd_config_content, notify => Service[sshd], diff --git a/spec/classes/init_spec.rb b/spec/classes/init_spec.rb index c1d9b6f..794a92e 100644 --- a/spec/classes/init_spec.rb +++ b/spec/classes/init_spec.rb @@ -7,6 +7,21 @@ describe 'sshd' do it { should compile.with_all_deps } it { should contain_class('sshd') } it { should contain_class('sshd::client') } + + it { should contain_service('sshd').with( + :ensure => 'running', + :enable => true, + :hasstatus => true, + )} + + it { should contain_file('sshd_config').with( + { + 'ensure' => 'present', + 'owner' => 'root', + 'group' => '0', + 'mode' => '0600', + } + )} end context "Debian OS" do @@ -19,6 +34,83 @@ describe 'sshd' do end it_behaves_like "a Linux OS" it { should contain_package('lsb-release') } + it { should contain_package('openssh') } + it { should contain_class('sshd::debian') } + it { should contain_service('sshd').with( + :hasrestart => true + )} + + context "Ubuntu" do + let :facts do + { + :operatingsystem => 'Ubuntu', + :lsbdistcodename => 'precise', + } + end + it_behaves_like "a Linux OS" + it { should contain_package('lsb-release') } + it { should contain_package('openssh') } + it { should contain_service('sshd').with( + :hasrestart => true + )} + end end + +# context "RedHat OS" do +# it_behaves_like "a Linux OS" do +# let :facts do +# { +# :operatingsystem => 'RedHat', +# :osfamily => 'RedHat', +# } +# end +# end +# end + + context "CentOS" do + it_behaves_like "a Linux OS" do + let :facts do + { + :operatingsystem => 'CentOS', + :osfamily => 'RedHat', + :lsbdistcodename => 'Final', + } + end + end + end + + context "Gentoo" do + let :facts do + { + :operatingsystem => 'Gentoo', + :osfamily => 'Gentoo', + } + end + it_behaves_like "a Linux OS" + it { should contain_class('sshd::gentoo') } + end + + context "OpenBSD" do + let :facts do + { + :operatingsystem => 'OpenBSD', + :osfamily => 'OpenBSD', + } + end + it_behaves_like "a Linux OS" + it { should contain_class('sshd::openbsd') } + end + +# context "FreeBSD" do +# it_behaves_like "a Linux OS" do +# let :facts do +# { +# :operatingsystem => 'FreeBSD', +# :osfamily => 'FreeBSD', +# } +# end +# end +# end + end \ No newline at end of file From e935d75f627f33c67fc70503b3a34165d221c793 Mon Sep 17 00:00:00 2001 From: Tomas Barton Date: Sun, 26 Jan 2014 11:21:47 +0100 Subject: [PATCH 03/10] removed shared-common from dependencies --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index cafdf11..0ae195e 100644 --- a/README.md +++ b/README.md @@ -16,7 +16,6 @@ class declarations in your manifest ! This module requires puppet => 2.6, and the following modules are required pre-dependencies: -- shared-common: `git://labs.riseup.net/shared-common` - [puppetlabs/stdlib](https://github.com/puppetlabs/puppetlabs-stdlib) >= 2.x ## OpenSSH Server From 550e78a4e673e89e5632c5b346952c47debbe36b Mon Sep 17 00:00:00 2001 From: Tomas Barton Date: Sun, 26 Jan 2014 11:25:11 +0100 Subject: [PATCH 04/10] ruby 1.8.7 compatibility --- spec/classes/init_spec.rb | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/spec/classes/init_spec.rb b/spec/classes/init_spec.rb index 794a92e..1bf0750 100644 --- a/spec/classes/init_spec.rb +++ b/spec/classes/init_spec.rb @@ -8,11 +8,11 @@ describe 'sshd' do it { should contain_class('sshd') } it { should contain_class('sshd::client') } - it { should contain_service('sshd').with( + it { should contain_service('sshd').with({ :ensure => 'running', :enable => true, - :hasstatus => true, - )} + :hasstatus => true + })} it { should contain_file('sshd_config').with( { @@ -50,9 +50,9 @@ describe 'sshd' do it_behaves_like "a Linux OS" it { should contain_package('lsb-release') } it { should contain_package('openssh') } - it { should contain_service('sshd').with( + it { should contain_service('sshd').with({ :hasrestart => true - )} + })} end end From 5ce0dcda9776ada2b556f7e1de31702a32a9b318 Mon Sep 17 00:00:00 2001 From: Tomas Barton Date: Sun, 26 Jan 2014 11:33:41 +0100 Subject: [PATCH 05/10] client spec --- manifests/client/base.pp | 7 ++++--- spec/classes/client_spec.rb | 42 +++++++++++++++++++++++++++++++++++++ 2 files changed, 46 insertions(+), 3 deletions(-) create mode 100644 spec/classes/client_spec.rb diff --git a/manifests/client/base.pp b/manifests/client/base.pp index 6687d65..4925c2d 100644 --- a/manifests/client/base.pp +++ b/manifests/client/base.pp @@ -1,9 +1,10 @@ class sshd::client::base { # this is needed because the gid might have changed file { '/etc/ssh/ssh_known_hosts': - mode => '0644', - owner => root, - group => 0; + ensure => present, + mode => '0644', + owner => root, + group => 0; } # Now collect all server keys diff --git a/spec/classes/client_spec.rb b/spec/classes/client_spec.rb new file mode 100644 index 0000000..bd3e35a --- /dev/null +++ b/spec/classes/client_spec.rb @@ -0,0 +1,42 @@ +require 'spec_helper' + +describe 'sshd::client' do + + shared_examples "a Linux OS" do + it { should contain_file('/etc/ssh/ssh_known_hosts').with( + { + 'ensure' => 'present', + 'owner' => 'root', + 'group' => '0', + 'mode' => '0644', + } + )} + end + + context "Debian OS" do + let :facts do + { + :operatingsystem => 'Debian', + :osfamily => 'Debian', + :lsbdistcodename => 'wheezy', + } + end + it_behaves_like "a Linux OS" + it { should contain_package('openssh-clients').with({ + 'name' => 'openssh-client' + }) } + end + + context "CentOS" do + it_behaves_like "a Linux OS" do + let :facts do + { + :operatingsystem => 'CentOS', + :osfamily => 'RedHat', + :lsbdistcodename => 'Final', + } + end + end + end + +end \ No newline at end of file From c1588ff6c304aeb1a8c8c39e3c8c957eedfac160 Mon Sep 17 00:00:00 2001 From: Tomas Barton Date: Sun, 26 Jan 2014 11:59:34 +0100 Subject: [PATCH 06/10] test changing port --- spec/classes/init_spec.rb | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/spec/classes/init_spec.rb b/spec/classes/init_spec.rb index 1bf0750..7628be0 100644 --- a/spec/classes/init_spec.rb +++ b/spec/classes/init_spec.rb @@ -2,7 +2,6 @@ require 'spec_helper' describe 'sshd' do - shared_examples "a Linux OS" do it { should compile.with_all_deps } it { should contain_class('sshd') } @@ -22,6 +21,15 @@ describe 'sshd' do 'mode' => '0600', } )} + + context 'change ssh port' do + let(:params){{ + :ports => [ 22222], + }} + it { should contain_file( + 'sshd_config' + ).with_content(/Port 22222/)} + end end context "Debian OS" do From 3fdd59f65478ba7d5e8b0f66aa5ea04ed23ec45e Mon Sep 17 00:00:00 2001 From: Tomas Barton Date: Sun, 26 Jan 2014 18:35:44 +0100 Subject: [PATCH 07/10] using fixtures.yml for linking folders --- .fixtures.yml | 3 +++ Rakefile | 10 ++-------- 2 files changed, 5 insertions(+), 8 deletions(-) create mode 100644 .fixtures.yml diff --git a/.fixtures.yml b/.fixtures.yml new file mode 100644 index 0000000..42598a6 --- /dev/null +++ b/.fixtures.yml @@ -0,0 +1,3 @@ +fixtures: + symlinks: + sshd: "#{source_dir}" \ No newline at end of file diff --git a/Rakefile b/Rakefile index a9a4da9..e321351 100644 --- a/Rakefile +++ b/Rakefile @@ -8,15 +8,9 @@ require 'rspec-system/rake_task' PuppetLint.configuration.log_format = '%{path}:%{linenumber}:%{KIND}: %{message}' PuppetLint.configuration.send("disable_80chars") -# use librarian-puppet to manage fixtures instead of .fixtures.yml -# offers more possibilities like explicit version management, forge downloads,... puppet_module='sshd' task :librarian_spec_prep do - sh "librarian-puppet install --path=spec/fixtures/modules/" - pwd = `pwd`.strip - unless File.directory?("#{pwd}/spec/fixtures/modules/#{puppet_module}") - sh "ln -s #{pwd} #{pwd}/spec/fixtures/modules/#{puppet_module}" - end + sh 'librarian-puppet install --path=spec/fixtures/modules/' end task :spec_prep => :librarian_spec_prep -task :default => [:spec, :lint] \ No newline at end of file +task :default => [:spec, :lint] From 9dc5a1db18ac634512a5509685eaf3b3a60cf6c7 Mon Sep 17 00:00:00 2001 From: Tomas Barton Date: Mon, 27 Jan 2014 00:04:33 +0100 Subject: [PATCH 08/10] removed special no-restart status for etch --- manifests/debian.pp | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/manifests/debian.pp b/manifests/debian.pp index baacbba..ff2d7b1 100644 --- a/manifests/debian.pp +++ b/manifests/debian.pp @@ -9,15 +9,10 @@ class sshd::debian inherits sshd::linux { name => 'openssh-server', } - $sshd_restartandstatus = $::lsbdistcodename ? { - etch => false, - default => true - } - Service[sshd]{ name => 'ssh', pattern => 'sshd', - hasstatus => $sshd_restartandstatus, - hasrestart => $sshd_restartandstatus, + hasstatus => true, + hasrestart => true, } } From bf16ec7bc701ea7cfda7d64319920e3b9cca4a16 Mon Sep 17 00:00:00 2001 From: Tomas Barton Date: Mon, 27 Jan 2014 00:14:34 +0100 Subject: [PATCH 09/10] removed lsb-release package --- manifests/debian.pp | 5 ----- spec/classes/init_spec.rb | 2 -- 2 files changed, 7 deletions(-) diff --git a/manifests/debian.pp b/manifests/debian.pp index ff2d7b1..d827078 100644 --- a/manifests/debian.pp +++ b/manifests/debian.pp @@ -1,10 +1,5 @@ class sshd::debian inherits sshd::linux { - # the templates for Debian need lsbdistcodename - ensure_resource('package', 'lsb-release', {'ensure' => 'present' }) - #requires stdlib >= 3.2 - #ensure_packages(['lsb-release']) - Package[openssh]{ name => 'openssh-server', } diff --git a/spec/classes/init_spec.rb b/spec/classes/init_spec.rb index 7628be0..e3003d1 100644 --- a/spec/classes/init_spec.rb +++ b/spec/classes/init_spec.rb @@ -41,7 +41,6 @@ describe 'sshd' do } end it_behaves_like "a Linux OS" - it { should contain_package('lsb-release') } it { should contain_package('openssh') } it { should contain_class('sshd::debian') } it { should contain_service('sshd').with( @@ -56,7 +55,6 @@ describe 'sshd' do } end it_behaves_like "a Linux OS" - it { should contain_package('lsb-release') } it { should contain_package('openssh') } it { should contain_service('sshd').with({ :hasrestart => true From bf425e96b1acc9c17b51600aeecd34a1d91b62e7 Mon Sep 17 00:00:00 2001 From: Tomas Barton Date: Mon, 27 Jan 2014 00:16:27 +0100 Subject: [PATCH 10/10] validate parameters --- manifests/init.pp | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/manifests/init.pp b/manifests/init.pp index 307fc8a..fb76438 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -36,6 +36,10 @@ class sshd( $shorewall_source = 'net' ) { + validate_bool($manage_shorewall) + validate_array($listen_address) + validate_array($ports) + class{'sshd::client': shared_ip => $sshd::shared_ip, ensure_version => $sshd::ensure_version,