From d5632280a7d2faeb4ea4297677b97e69cab0f548 Mon Sep 17 00:00:00 2001 From: David Danzilio Date: Mon, 21 Apr 2014 22:39:15 -0600 Subject: [PATCH 1/6] Reformatted dns::key and wrote tests for it --- manifests/key.pp | 52 +++++++++++++++++------------------ spec/defines/dns__key_spec.rb | 20 ++++++++++++++ 2 files changed, 46 insertions(+), 26 deletions(-) create mode 100644 spec/defines/dns__key_spec.rb diff --git a/manifests/key.pp b/manifests/key.pp index 4afa62ce..5d652a78 100644 --- a/manifests/key.pp +++ b/manifests/key.pp @@ -1,29 +1,33 @@ define dns::key { - file {"/tmp/${name}-secret.sh": - ensure => file, + file { "/tmp/${name}-secret.sh": + ensure => file, mode => '0777', content => template('dns/secret.erb'), - notify => Exec["dnssec-keygen-${name}"], + notify => Exec["dnssec-keygen-${name}"], } - - exec {"dnssec-keygen-${name}": + exec { "dnssec-keygen-${name}": command => "/usr/sbin/dnssec-keygen -a HMAC-MD5 -r /dev/urandom -b 128 -n USER ${name}", cwd => '/etc/bind/bind.keys.d', - require => [Package['dnssec-tools','bind9'],File['/etc/bind/bind.keys.d']], + require => [ + Package['dnssec-tools','bind9'], + File['/etc/bind/bind.keys.d'] + ], refreshonly => true, - notify => Exec["get-secret-from-${name}"], + notify => Exec["get-secret-from-${name}"], } - exec {"get-secret-from-${name}": - command => "/tmp/${name}-secret.sh", + exec { "get-secret-from-${name}": + command => "/tmp/${name}-secret.sh", cwd => '/etc/bind/bind.keys.d', creates => "/etc/bind/bind.keys.d/${name}.secret", - require => [Exec["dnssec-keygen-${name}"],File['/etc/bind/bind.keys.d',"/tmp/${name}-secret.sh"]], + require => [ + Exec["dnssec-keygen-${name}"], + File['/etc/bind/bind.keys.d',"/tmp/${name}-secret.sh"]], refreshonly => true, } - + file { "/etc/bind/bind.keys.d/${name}.secret": require => Exec["get-secret-from-${name}"], } @@ -36,32 +40,28 @@ notify => Class['dns::server::service'] } - concat::fragment { "${name}.key-header": + Concat::Fragment { ensure => present, target => "/etc/bind/bind.keys.d/${name}.key", + require => [ + Exec["get-secret-from-${name}"], + File["/etc/bind/bind.keys.d/${name}.secret"] + ], + } + + concat::fragment { "${name}.key-header": order => 1, content => template('dns/key.erb'), - require => [Exec["get-secret-from-${name}"], File["/etc/bind/bind.keys.d/${name}.secret"]], } + concat::fragment { "${name}.key-secret": - ensure => present, - target => "/etc/bind/bind.keys.d/${name}.key", order => 2, -# content => template("/etc/bind/bind.keys.d/${name}.secret"), source => "/etc/bind/bind.keys.d/${name}.secret", - require => [ Exec[ "get-secret-from-${name}" ], File["/etc/bind/bind.keys.d/${name}.secret"]], } + concat::fragment { "${name}.key-footer": - ensure => present, - target => "/etc/bind/bind.keys.d/${name}.key", order => 3, - content => '}:', - require => [Exec["get-secret-from-${name}"], File["/etc/bind/bind.keys.d/${name}.secret"]], + content => '}:', } - #concat::fragment{"named.conf.local.${name}.key": - # ensure => present, - # target => '/etc/bind/named.conf.local', - # content => templates - #} } diff --git a/spec/defines/dns__key_spec.rb b/spec/defines/dns__key_spec.rb new file mode 100644 index 00000000..cd06544c --- /dev/null +++ b/spec/defines/dns__key_spec.rb @@ -0,0 +1,20 @@ +require 'spec_helper' + +describe 'dns::key' do + let(:title) { 'rspec-key' } + let(:facts) { { :concat_basedir => '/tmp' } } + + it { should contain_file('/tmp/rspec-key-secret.sh').with_notify('Exec[dnssec-keygen-rspec-key]') } + it { should contain_exec('dnssec-keygen-rspec-key').with_command(/USER rspec-key$/) } + it { should contain_exec('get-secret-from-rspec-key').with_command('/tmp/rspec-key-secret.sh') } + it { should contain_exec('get-secret-from-rspec-key').with_creates('/etc/bind/bind.keys.d/rspec-key.secret') } + it { should contain_exec('get-secret-from-rspec-key').with_require(['Exec[dnssec-keygen-rspec-key]', 'File[/etc/bind/bind.keys.d]', 'File[/tmp/rspec-key-secret.sh]']) } + it { should contain_file('/etc/bind/bind.keys.d/rspec-key.secret').with_require('Exec[get-secret-from-rspec-key]') } + it { should contain_concat('/etc/bind/bind.keys.d/rspec-key.key') } + ['rspec-key.key-header', 'rspec-key.key-secret', 'rspec-key.key-footer'].each do |fragment| + it { should contain_concat__fragment(fragment).with_ensure('present') } + it { should contain_concat__fragment(fragment).with_target('/etc/bind/bind.keys.d/rspec-key.key') } + it { should contain_concat__fragment(fragment).with_require(['Exec[get-secret-from-rspec-key]', 'File[/etc/bind/bind.keys.d/rspec-key.secret]']) } + end + it { should contain_concat__fragment('rspec-key.key-secret').with_source('/etc/bind/bind.keys.d/rspec-key.secret') } +end From a40f6b5f0f4745540ee8e07492352cd72fc7e3d6 Mon Sep 17 00:00:00 2001 From: David Danzilio Date: Mon, 21 Apr 2014 22:47:14 -0600 Subject: [PATCH 2/6] Updating Gemfile and Rakefile --- .gitignore | 7 ++-- Gemfile | 20 +++++----- Gemfile.lock | 107 ++++++--------------------------------------------- Rakefile | 26 +++++++++---- 4 files changed, 44 insertions(+), 116 deletions(-) diff --git a/.gitignore b/.gitignore index aa26be2c..0a1c1b5b 100644 --- a/.gitignore +++ b/.gitignore @@ -1,6 +1,7 @@ -.DS_Store -pkg/ +vendor/ +.bundle .*.sw? +pkg spec/fixtures -Gemfile.lock .rspec_system +.vagrant diff --git a/Gemfile b/Gemfile index 9f61eeab..aa968f5c 100644 --- a/Gemfile +++ b/Gemfile @@ -1,12 +1,10 @@ -source 'https://rubygems.org' +source "https://rubygems.org" -gem 'rake' -gem 'puppet-lint' -gem 'rspec-puppet' -gem 'rspec-system-puppet' -gem 'puppetlabs_spec_helper' -gem 'travis' -gem 'travis-lint' -gem 'puppet-syntax' -gem 'puppet', ENV['PUPPET_VERSION'] || '~> 3.2.0' -gem 'vagrant-wrapper' +group :test do + gem "rake" + gem "puppet", ENV['PUPPET_VERSION'] || '~> 3.4.0' + gem "puppet-lint" + gem "rspec-puppet", '~> 1.0.0' + gem "puppet-syntax" + gem "puppetlabs_spec_helper" +end diff --git a/Gemfile.lock b/Gemfile.lock index 3d5b3c42..ff2c8506 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,54 +1,15 @@ GEM remote: https://rubygems.org/ specs: - addressable (2.3.5) - backports (3.3.3) - builder (3.2.2) - coderay (1.0.9) - diff-lcs (1.2.4) - ethon (0.6.0) - ffi (>= 1.3.0) - mime-types (~> 1.18) - facter (1.7.2) - faraday (0.8.8) - multipart-post (~> 1.2.0) - faraday_middleware (0.9.0) - faraday (>= 0.7.4, < 0.9) - ffi (1.9.0) - gh (0.11.3) - addressable - backports - faraday (~> 0.8) - multi_json (~> 1.0) - net-http-persistent (>= 2.7) - net-http-pipeline - hashr (0.0.22) - hiera (1.2.1) + diff-lcs (1.2.5) + facter (1.7.5) + hiera (1.3.2) json_pure - highline (1.6.19) - json_pure (1.8.0) - kwalify (0.7.2) - launchy (2.3.0) - addressable (~> 2.3) + json_pure (1.8.1) metaclass (0.0.1) - method_source (0.8.2) - mime-types (1.24) mocha (0.14.0) metaclass (~> 0.0.1) - multi_json (1.7.9) - multipart-post (1.2.0) - net-http-persistent (2.9) - net-http-pipeline (1.0.1) - net-scp (1.1.2) - net-ssh (>= 2.6.5) - net-ssh (2.6.8) - netrc (0.7.7) - nokogiri (1.5.10) - pry (0.9.12.2) - coderay (~> 1.0.5) - method_source (~> 0.8) - slop (~> 3.4) - puppet (3.2.4) + puppet (3.4.3) facter (~> 1.6) hiera (~> 1.0) rgen (~> 0.6.5) @@ -61,70 +22,26 @@ GEM rake rspec (>= 2.9.0) rspec-puppet (>= 0.1.1) - pusher-client (0.3.1) - ruby-hmac (~> 0.4.0) - websocket (~> 1.0.0) rake (10.1.0) - rbvmomi (1.6.0) - builder - nokogiri (>= 1.4.1) - trollop - rgen (0.6.5) + rgen (0.6.6) rspec (2.14.1) rspec-core (~> 2.14.0) rspec-expectations (~> 2.14.0) rspec-mocks (~> 2.14.0) - rspec-core (2.14.5) - rspec-expectations (2.14.2) + rspec-core (2.14.8) + rspec-expectations (2.14.5) diff-lcs (>= 1.1.3, < 2.0) - rspec-mocks (2.14.3) - rspec-puppet (0.1.6) + rspec-mocks (2.14.6) + rspec-puppet (1.0.1) rspec - rspec-system (2.2.0) - kwalify (~> 0.7.2) - net-scp (~> 1.1) - net-ssh (~> 2.6) - nokogiri (~> 1.5.9) - rbvmomi (~> 1.6) - rspec (~> 2.13) - systemu (~> 2.5) - rspec-system-puppet (2.1.0) - rspec-system (~> 2.0) - ruby-hmac (0.4.0) - slop (3.4.6) - systemu (2.5.2) - travis (1.5.1) - backports - faraday (~> 0.8.7) - faraday_middleware (~> 0.9) - gh - highline (~> 1.6) - launchy (~> 2.1) - netrc (~> 0.7) - pry (~> 0.9) - pusher-client (~> 0.3, >= 0.3.1) - typhoeus (~> 0.5) - websocket-native (~> 1.0) - travis-lint (1.7.0) - hashr (~> 0.0.22) - trollop (2.0) - typhoeus (0.6.4) - ethon (~> 0.6.0) - vagrant-wrapper (1.2.1.1) - websocket (1.0.7) - websocket-native (1.0.0) PLATFORMS ruby DEPENDENCIES - puppet (~> 3.2.0) + puppet (~> 3.4.0) puppet-lint puppet-syntax puppetlabs_spec_helper rake - rspec-puppet - rspec-system-puppet - travis - travis-lint - vagrant-wrapper + rspec-puppet (~> 1.0.0) diff --git a/Rakefile b/Rakefile index 1dac73f1..623b0b39 100644 --- a/Rakefile +++ b/Rakefile @@ -1,8 +1,15 @@ require 'puppetlabs_spec_helper/rake_tasks' require 'puppet-lint/tasks/puppet-lint' require 'puppet-syntax/tasks/puppet-syntax' -require 'rspec-system/rake_task' +# These two gems aren't always present, for instance +# on Travis with --without development +begin + require 'puppet_blacksmith/rake_tasks' +rescue LoadError +end + +PuppetLint.configuration.send("disable_80chars") PuppetLint.configuration.log_format = "%{path}:%{linenumber}:%{check}:%{KIND}:%{message}" PuppetLint.configuration.fail_on_warnings = true @@ -13,16 +20,21 @@ PuppetLint.configuration.send('disable_class_parameter_defaults') PuppetLint.configuration.send('disable_class_inherits_from_params_class') exclude_paths = [ - "pkg/**/*", - "vendor/**/*", - "spec/**/*", + "pkg/**/*", + "vendor/**/*", + "spec/**/*", ] PuppetLint.configuration.ignore_paths = exclude_paths PuppetSyntax.exclude_paths = exclude_paths +desc "Run acceptance tests" +RSpec::Core::RakeTask.new(:acceptance) do |t| + t.pattern = 'spec/acceptance' +end + desc "Run syntax, lint, and spec tests." task :test => [ - :syntax, - :lint, - :spec, + :syntax, + :lint, + :spec, ] From 863bf3f356b94ae4e05c2596709e63c61cebfad4 Mon Sep 17 00:00:00 2001 From: David Danzilio Date: Mon, 21 Apr 2014 22:51:44 -0600 Subject: [PATCH 3/6] Updating travis.yml --- .travis.yml | 42 ++++++++++++++++++++++++------------------ 1 file changed, 24 insertions(+), 18 deletions(-) diff --git a/.travis.yml b/.travis.yml index ddf3092c..d29175c5 100644 --- a/.travis.yml +++ b/.travis.yml @@ -5,24 +5,30 @@ rvm: - 1.8.7 - 1.9.3 - 2.0.0 -script: bundle exec rake spec - + - 2.1.0 +script: bundle exec rake test env: - matrix: - - PUPPET_GEM_VERSION="~> 2.7.0" - - PUPPET_GEM_VERSION="~> 3.0.0" - - PUPPET_GEM_VERSION="~> 3.1.0" - - PUPPET_GEM_VERSION="~> 3.2.0" - + - PUPPET_VERSION="~> 2.7.0" + - PUPPET_VERSION="~> 3.1.0" + - PUPPET_VERSION="~> 3.2.0" + - PUPPET_VERSION="~> 3.3.0" + - PUPPET_VERSION="~> 3.4.0" + - PUPPET_VERSION="~> 3.5.0" matrix: exclude: - - rvm: 1.9.3 - env: PUPPET_GEM_VERSION="~> 2.7.0" - - rvm: 2.0.0 - env: PUPPET_GEM_VERSION="~> 2.7.0" - - rvm: 2.0.0 - env: PUPPET_GEM_VERSION="~> 3.0.0" - - rvm: 2.0.0 - env: PUPPET_GEM_VERSION="~> 3.1.0" - - rvm: 1.8.7 - env: PUPPET_GEM_VERSION="~> 3.2.0" + - rvm: 1.9.3 + env: PUPPET_VERSION="~> 2.7.0" + - rvm: 2.0.0 + env: PUPPET_VERSION="~> 2.7.0" + - rvm: 2.0.0 + env: PUPPET_VERSION="~> 3.1.0" + - rvm: 2.1.0 + env: PUPPET_VERSION="~> 2.7.0" + - rvm: 2.1.0 + env: PUPPET_VERSION="~> 3.1.0" + - rvm: 2.1.0 + env: PUPPET_VERSION="~> 3.2.0" + - rvm: 2.1.0 + env: PUPPET_VERSION="~> 3.3.0" + - rvm: 2.1.0 + env: PUPPET_VERSION="~> 3.4.0" From 1e80f69873e5de08ecf0b853b8977f590e034c94 Mon Sep 17 00:00:00 2001 From: David Danzilio Date: Mon, 21 Apr 2014 23:14:41 -0600 Subject: [PATCH 4/6] Lint fixes --- manifests/member.pp | 2 +- manifests/server/config.pp | 13 +++++++++++-- manifests/server/install.pp | 4 +++- manifests/server/options.pp | 2 +- manifests/server/params.pp | 16 ++++++++-------- manifests/server/service.pp | 4 +++- 6 files changed, 27 insertions(+), 14 deletions(-) diff --git a/manifests/member.pp b/manifests/member.pp index b57c9743..0ee65b46 100644 --- a/manifests/member.pp +++ b/manifests/member.pp @@ -6,7 +6,7 @@ } } -define member ($domain, $hostname, $ipaddress) { +define dns::member ($domain, $hostname, $ipaddress) { dns::record::a { $hostname: zone => $domain, data => $ipaddress, diff --git a/manifests/server/config.pp b/manifests/server/config.pp index 48a77b82..140828e6 100644 --- a/manifests/server/config.pp +++ b/manifests/server/config.pp @@ -1,4 +1,8 @@ -class dns::server::config inherits dns::server::params { +class dns::server::config ( + $cfg_dir = $dns::server::params::cfg_dir, + $owner = $dns::server::params::owner, + $group = $dns::server::params::group, +) inherits dns::server::params { file { $cfg_dir: ensure => directory, @@ -6,12 +10,14 @@ group => $group, mode => '0755', } + file { "${cfg_dir}/zones": ensure => directory, owner => $owner, group => $group, mode => '0755', } + file { "${cfg_dir}/bind.keys.d/": ensure => directory, owner => $owner, @@ -24,7 +30,10 @@ owner => $owner, group => $group, mode => '0644', - require => [File['/etc/bind'], Class['dns::server::install']], + require => [ + File['/etc/bind'], + Class['dns::server::install'] + ], notify => Class['dns::server::service'], } diff --git a/manifests/server/install.pp b/manifests/server/install.pp index cab03fb7..e749fb0d 100644 --- a/manifests/server/install.pp +++ b/manifests/server/install.pp @@ -1,4 +1,6 @@ -class dns::server::install inherits dns::server::params { +class dns::server::install ( + $necessary_packages = $dns::server::params::necessary_packages +) inherits dns::server::params { package { $necessary_packages : ensure => latest, diff --git a/manifests/server/options.pp b/manifests/server/options.pp index 0074f8d8..dc374d69 100644 --- a/manifests/server/options.pp +++ b/manifests/server/options.pp @@ -6,7 +6,7 @@ # $forwarders: # Array of forwarders IP addresses. Default: empty # $group: -# Group of the file. Default: bind +# Group of the file. Default: bind # $owner: # Owner of the file. Default: bind # diff --git a/manifests/server/params.pp b/manifests/server/params.pp index 5e95d03c..5701b29d 100644 --- a/manifests/server/params.pp +++ b/manifests/server/params.pp @@ -1,14 +1,14 @@ class dns::server::params { - case $osfamily { + case $::osfamily { 'Debian': { - $cfg_dir = '/etc/bind' - $group = 'bind' - $owner = 'bind' - $package = 'bind9' - $service = 'bind9' - $necessary_packages = [ 'bind9', 'dnssec-tools'] + $cfg_dir = '/etc/bind' + $group = 'bind' + $owner = 'bind' + $package = 'bind9' + $service = 'bind9' + $necessary_packages = [ 'bind9', 'dnssec-tools'] } - default: { + default: { fail("dns::server is incompatible with this osfamily: ${::osfamily}") } } diff --git a/manifests/server/service.pp b/manifests/server/service.pp index 14e58053..9028a0b3 100644 --- a/manifests/server/service.pp +++ b/manifests/server/service.pp @@ -1,4 +1,6 @@ -class dns::server::service inherits dns::server::params { +class dns::server::service ( + $service = $dns::server::params::service +) inherits dns::server::params { service { $service: ensure => running, From 1aafd9d373864759c3b1111add0708c880d7b45f Mon Sep 17 00:00:00 2001 From: David Danzilio Date: Mon, 21 Apr 2014 23:17:45 -0600 Subject: [PATCH 5/6] This will break the member class, but I'm not entirely clear on its function, this would require a semver bump --- manifests/member.pp | 8 -------- 1 file changed, 8 deletions(-) diff --git a/manifests/member.pp b/manifests/member.pp index 0ee65b46..f68e371b 100644 --- a/manifests/member.pp +++ b/manifests/member.pp @@ -1,11 +1,3 @@ -class dns::member { - @@member { $::fqdn: - domain => $::domain, - hostname => $::hostname, - ipaddress => $::ipaddress - } -} - define dns::member ($domain, $hostname, $ipaddress) { dns::record::a { $hostname: zone => $domain, From 40183487477fe03f81b74a70db787da69100266f Mon Sep 17 00:00:00 2001 From: David Danzilio Date: Mon, 21 Apr 2014 23:26:23 -0600 Subject: [PATCH 6/6] Don't be such a hardass about warnings --- Rakefile | 1 - 1 file changed, 1 deletion(-) diff --git a/Rakefile b/Rakefile index 623b0b39..ed16c6c3 100644 --- a/Rakefile +++ b/Rakefile @@ -11,7 +11,6 @@ end PuppetLint.configuration.send("disable_80chars") PuppetLint.configuration.log_format = "%{path}:%{linenumber}:%{check}:%{KIND}:%{message}" -PuppetLint.configuration.fail_on_warnings = true # Forsake support for Puppet 2.6.2 for the benefit of cleaner code. # http://puppet-lint.com/checks/class_parameter_defaults/