From 0b09e5012329de13421d41d2b7eb24af96261637 Mon Sep 17 00:00:00 2001 From: lnemsick-simp Date: Tue, 14 Jan 2020 10:41:07 -0500 Subject: [PATCH] (SIMP-7473) Add EL8 support (#100) - Via updated acceptance tests, verified that the existing configuration worked on EL8 and that EL7 interoperated with EL8. - Did not address any new rsyslog features available in EL8. - False compliance failures reported in the compliance acceptance test will be addressed by a separate ticket. SIMP-7272 #close SIMP-7273 #close SIMP-7437 #close SIMP-7384 #close SIMP-7202 #comment update simp-rsyslog --- .fixtures.yml | 3 + .gitlab-ci.yml | 60 +++++----- CHANGELOG | 2 + Gemfile | 6 +- README.md | 10 +- metadata.json | 11 +- spec/acceptance/nodesets/centos-7.yml | 61 ++++++++++ spec/acceptance/nodesets/default.yml | 24 ++-- spec/acceptance/nodesets/oel.yml | 16 +-- .../suites/default/00_default_spec.rb | 2 +- .../doubleforward/nodesets/centos-7.yml | 35 ++++++ .../suites/doubleforward/nodesets/default.yml | 12 +- .../suites/doubleforward/nodesets/oel.yml | 12 +- spec/expected/el8/remote_defaults.txt | 46 ++++++++ ...ith_peers_undef_hostname_for_logserver.txt | 52 +++++++++ ..._with_peers_undef_hostname_for_remotes.txt | 105 +++++++++++++++++ ...e_tls_with_peers_undef_ip_for_failover.txt | 72 ++++++++++++ ..._tls_with_peers_undef_ip_for_logserver.txt | 37 ++++++ ...remote_tls_with_stream_driver_settings.txt | 109 ++++++++++++++++++ spec/expected/el8/remote_with_settings.txt | 104 +++++++++++++++++ spec/spec_helper.rb | 1 + 21 files changed, 706 insertions(+), 74 deletions(-) create mode 100644 spec/acceptance/nodesets/centos-7.yml create mode 100644 spec/acceptance/suites/doubleforward/nodesets/centos-7.yml create mode 100644 spec/expected/el8/remote_defaults.txt create mode 100644 spec/expected/el8/remote_tls_with_peers_undef_hostname_for_logserver.txt create mode 100644 spec/expected/el8/remote_tls_with_peers_undef_hostname_for_remotes.txt create mode 100644 spec/expected/el8/remote_tls_with_peers_undef_ip_for_failover.txt create mode 100644 spec/expected/el8/remote_tls_with_peers_undef_ip_for_logserver.txt create mode 100644 spec/expected/el8/remote_tls_with_stream_driver_settings.txt create mode 100644 spec/expected/el8/remote_with_settings.txt diff --git a/.fixtures.yml b/.fixtures.yml index 234fff1..17d05f0 100644 --- a/.fixtures.yml +++ b/.fixtures.yml @@ -9,6 +9,9 @@ fixtures: augeasproviders_grub: https://github.com/hercules-team/augeasproviders_grub compliance_markup: https://github.com/simp/pupmod-simp-compliance_markup concat: https://github.com/simp/puppetlabs-concat + firewalld: + repo: https://github.com/simp/pupmod-voxpupuli-firewalld + ref: v4.1.0 iptables: https://github.com/simp/pupmod-simp-iptables logrotate: https://github.com/simp/pupmod-simp-logrotate pki: https://github.com/simp/pupmod-simp-pki diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 02b7341..6e2ceb3 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -69,10 +69,10 @@ variables: BEAKER_PUPPET_COLLECTION: 'puppet5' MATRIX_RUBY_VERSION: '2.4' -.pup_5_5_10: &pup_5_5_10 +.pup_5_5_16: &pup_5_5_16 image: 'ruby:2.4' variables: - PUPPET_VERSION: '5.5.10' + PUPPET_VERSION: '5.5.16' BEAKER_PUPPET_COLLECTION: 'puppet5' MATRIX_RUBY_VERSION: '2.4' @@ -149,8 +149,8 @@ pup5-unit: <<: *pup_5 <<: *unit_tests -pup5.5.10-unit: - <<: *pup_5_5_10 +pup5.5.16-unit: + <<: *pup_5_5_16 <<: *unit_tests pup6-unit: @@ -159,58 +159,58 @@ pup6-unit: # Acceptance tests # ============================================================================== -pup5.5.10: - <<: *pup_5_5_10 +pup5.5.16: + <<: *pup_5_5_16 <<: *acceptance_base script: - - 'bundle exec rake beaker:suites[default]' + - 'bundle exec rake beaker:suites[default,default]' -pup5.5.10-centos6: - <<: *pup_5_5_10 +pup5.5.16-centos7: + <<: *pup_5_5_16 <<: *acceptance_base <<: *only_with_SIMP_FULL_MATRIX script: - - 'bundle exec rake beaker:suites[default,centos-6]' + - 'bundle exec rake beaker:suites[default,centos-7]' # Until we can figure out how to make this test robust, it is not worth # wasting GitLab runner time to run this permutation. # Manually, we can see that failover is working, but all the messages # don't make it to the failover server in a timely fashion, even if # we force the rsyslog queues to be small. -#pup5.5.10-failover: -# <<: *pup_5_5_10 +#pup5.5.16-failover: +# <<: *pup_5_5_16 # <<: *acceptance_base # <<: *only_with_SIMP_FULL_MATRIX # script: -# - 'bundle exec rake beaker:suites[failover]' +# - 'bundle exec rake beaker:suites[failover,default]' -pup5.5.10-doubleforward: - <<: *pup_5_5_10 +pup5.5.16-doubleforward: + <<: *pup_5_5_16 <<: *acceptance_base script: - - 'bundle exec rake beaker:suites[doubleforward]' + - 'bundle exec rake beaker:suites[doubleforward,default]' -pup5.5.10-centos6-doubleforward: - <<: *pup_5_5_10 +pup5.5.16-centos7-doubleforward: + <<: *pup_5_5_16 <<: *acceptance_base <<: *only_with_SIMP_FULL_MATRIX script: - - 'bundle exec rake beaker:suites[doubleforward,centos-6]' + - 'bundle exec rake beaker:suites[doubleforward,centos-7]' -pup5.5.10-fips: - <<: *pup_5_5_10 +pup5.5.16-fips: + <<: *pup_5_5_16 <<: *acceptance_base script: - - 'BEAKER_fips=yes bundle exec rake beaker:suites[default]' + - 'BEAKER_fips=yes bundle exec rake beaker:suites[default,default]' -pup5.5.10-oel: - <<: *pup_5_5_10 +pup5.5.16-oel: + <<: *pup_5_5_16 <<: *acceptance_base script: - 'bundle exec rake beaker:suites[default,oel]' -pup5.5.10-oel-fips: - <<: *pup_5_5_10 +pup5.5.16-oel-fips: + <<: *pup_5_5_16 <<: *acceptance_base <<: *only_with_SIMP_FULL_MATRIX script: @@ -220,16 +220,18 @@ pup6: <<: *pup_6 <<: *acceptance_base script: - - 'bundle exec rake beaker:suites[default]' + - 'bundle exec rake beaker:suites[default,default]' pup6-fips: <<: *pup_6 <<: *acceptance_base script: - - 'BEAKER_fips=yes bundle exec rake beaker:suites[default]' + - 'BEAKER_fips=yes bundle exec rake beaker:suites[default,default]' pup6-compliance: + # See SIMP-7483 + allow_failure: true <<: *pup_6 <<: *compliance_base script: - - 'BEAKER_fips=yes bundle exec rake beaker:suites[compliance]' + - 'BEAKER_fips=yes bundle exec rake beaker:suites[compliance,default]' diff --git a/CHANGELOG b/CHANGELOG index 7453362..7962f46 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,5 @@ +* Fri Jan 10 2020 Liz Nemsick - 7.6.0-0 +- Added EL8 support * Wed Oct 16 2019 Adam Yohrling - 7.5.1-0 - Added logrotate::rule options to rsyslog::conf::logrotate class diff --git a/Gemfile b/Gemfile index 43226f2..b466a99 100644 --- a/Gemfile +++ b/Gemfile @@ -13,8 +13,8 @@ group :test do gem 'puppet-strings' gem 'puppet-lint-empty_string-check', :require => false gem 'puppet-lint-trailing_comma-check', :require => false - gem 'simp-rspec-puppet-facts', ENV.fetch('SIMP_RSPEC_PUPPET_FACTS_VERSION', '~> 2.2') - gem 'simp-rake-helpers', ENV.fetch('SIMP_RAKE_HELPERS_VERSION', '~> 5.6') + gem 'simp-rspec-puppet-facts', ENV.fetch('SIMP_RSPEC_PUPPET_FACTS_VERSION', ['>= 2.4.0', '< 3.0.0'] ) + gem 'simp-rake-helpers', ENV.fetch('SIMP_RAKE_HELPERS_VERSION', ['>= 5.9', '< 6.0']) end group :development do @@ -25,5 +25,5 @@ end group :system_tests do gem 'beaker' gem 'beaker-rspec' - gem 'simp-beaker-helpers', ENV.fetch('SIMP_BEAKER_HELPERS_VERSION', '~> 1.12') + gem 'simp-beaker-helpers', ENV.fetch('SIMP_BEAKER_HELPERS_VERSION', ['>= 1.17.0', '< 2.0.0']) end diff --git a/README.md b/README.md index c6c09bc..baa63e4 100644 --- a/README.md +++ b/README.md @@ -268,14 +268,14 @@ rsyslog::rule::remote { 'upstream': ## Reference -The full module reference can be found in the -[module docs](https://simp.github.io/pupmod-simp-rsyslog) and in the local -`docs/` directory. +Please refer to the [REFERENCE.md](./REFERENCE.md). ## Limitations -This module is only designed to work in RHEL or CentOS 6 and 7. Any other -operating systems have not been tested and results cannot be guaranteed. +SIMP Puppet modules are generally intended for use on Red Hat Enterprise +Linux and compatible distributions, such as CentOS. Please see the +[`metadata.json` file](./metadata.json) for the most up-to-date list of +supported operating systems, Puppet versions, and module dependencies. By default, `pupmod-simp-rsyslog` tries to do the right thing during a failover scenario and make sure that logs are always stored no matter what the state of diff --git a/metadata.json b/metadata.json index e6dc44c..d5c5a15 100644 --- a/metadata.json +++ b/metadata.json @@ -1,6 +1,6 @@ { "name": "simp-rsyslog", - "version": "7.5.1", + "version": "7.6.0", "author": "SIMP Team", "summary": "A puppet module to support RSyslog versions 7 and higher using new style RainerScript.", "license": "Apache-2.0", @@ -47,21 +47,24 @@ "operatingsystem": "CentOS", "operatingsystemrelease": [ "6", - "7" + "7", + "8" ] }, { "operatingsystem": "RedHat", "operatingsystemrelease": [ "6", - "7" + "7", + "8" ] }, { "operatingsystem": "OracleLinux", "operatingsystemrelease": [ "6", - "7" + "7", + "8" ] } ], diff --git a/spec/acceptance/nodesets/centos-7.yml b/spec/acceptance/nodesets/centos-7.yml new file mode 100644 index 0000000..c90c81e --- /dev/null +++ b/spec/acceptance/nodesets/centos-7.yml @@ -0,0 +1,61 @@ +<% + if ENV['BEAKER_HYPERVISOR'] + hypervisor = ENV['BEAKER_HYPERVISOR'] + else + hypervisor = 'vagrant' + end +-%> +HOSTS: + client: + roles: + - default + - master + - client + platform: el-7-x86_64 + box: centos/7 + hypervisor: <%= hypervisor %> + yum_repos: + chef-current: + baseurl: 'https://packages.chef.io/repos/yum/current/el/7/$basearch' + gpgkeys: + - https://packages.chef.io/chef.asc + server-1: + roles: + - server + platform: el-7-x86_64 + box: centos/7 + hypervisor: <%= hypervisor %> + yum_repos: + chef-current: + baseurl: 'https://packages.chef.io/repos/yum/current/el/7/$basearch' + gpgkeys: + - https://packages.chef.io/chef.asc + server-2: + roles: + - server + platform: el-8-x86_64 + box: centos/8 + hypervisor: <%= hypervisor %> + yum_repos: + chef-current: + baseurl: 'https://packages.chef.io/repos/yum/current/el/8/$basearch' + gpgkeys: + - https://packages.chef.io/chef.asc + server-3: + roles: + - failover_server + platform: el-7-x86_64 + box: centos/7 + hypervisor: <%= hypervisor %> + yum_repos: + chef-current: + baseurl: 'https://packages.chef.io/repos/yum/current/el/7/$basearch' + gpgkeys: + - https://packages.chef.io/chef.asc +CONFIG: + log_level: verbose + type: aio + vagrant_memsize: 256 +<% if ENV['BEAKER_PUPPET_COLLECTION'] -%> + puppet_collection: <%= ENV['BEAKER_PUPPET_COLLECTION'] %> +<% end -%> diff --git a/spec/acceptance/nodesets/default.yml b/spec/acceptance/nodesets/default.yml index 2a5da1b..cc19074 100644 --- a/spec/acceptance/nodesets/default.yml +++ b/spec/acceptance/nodesets/default.yml @@ -11,45 +11,45 @@ HOSTS: - default - master - client - platform: el-7-x86_64 - box: centos/7 + platform: el-8-x86_64 + box: centos/8 hypervisor: <%= hypervisor %> yum_repos: chef-current: - baseurl: 'https://packages.chef.io/repos/yum/current/el/7/$basearch' + baseurl: 'https://packages.chef.io/repos/yum/current/el/8/$basearch' gpgkeys: - https://packages.chef.io/chef.asc server-1: roles: - server - platform: el-7-x86_64 - box: centos/7 + platform: el-8-x86_64 + box: centos/8 hypervisor: <%= hypervisor %> yum_repos: chef-current: - baseurl: 'https://packages.chef.io/repos/yum/current/el/7/$basearch' + baseurl: 'https://packages.chef.io/repos/yum/current/el/8/$basearch' gpgkeys: - https://packages.chef.io/chef.asc server-2: roles: - server - platform: el-6-x86_64 - box: centos/6 + platform: el-7-x86_64 + box: centos/7 hypervisor: <%= hypervisor %> yum_repos: chef-current: - baseurl: 'https://packages.chef.io/repos/yum/current/el/6/$basearch' + baseurl: 'https://packages.chef.io/repos/yum/current/el/7/$basearch' gpgkeys: - https://packages.chef.io/chef.asc server-3: roles: - failover_server - platform: el-7-x86_64 - box: centos/7 + platform: el-8-x86_64 + box: centos/8 hypervisor: <%= hypervisor %> yum_repos: chef-current: - baseurl: 'https://packages.chef.io/repos/yum/current/el/7/$basearch' + baseurl: 'https://packages.chef.io/repos/yum/current/el/8/$basearch' gpgkeys: - https://packages.chef.io/chef.asc CONFIG: diff --git a/spec/acceptance/nodesets/oel.yml b/spec/acceptance/nodesets/oel.yml index 9a891fd..0b9ddb6 100644 --- a/spec/acceptance/nodesets/oel.yml +++ b/spec/acceptance/nodesets/oel.yml @@ -11,26 +11,26 @@ HOSTS: - default - master - client - platform: el-7-x86_64 - box: onyxpoint/oel-7-x86_64 + platform: el-8-x86_64 + box: generic/oracle8 hypervisor: <%= hypervisor %> server-1: roles: - server - platform: el-7-x86_64 - box: onyxpoint/oel-7-x86_64 + platform: el-8-x86_64 + box: generic/oracle8 hypervisor: <%= hypervisor %> server-2: roles: - server - platform: el-6-x86_64 - box: onyxpoint/oel-7-x86_64 + platform: el-7-x86_64 + box: generic/oracle7 hypervisor: <%= hypervisor %> server-3: roles: - failover_server - platform: el-7-x86_64 - box: onyxpoint/oel-7-x86_64 + platform: el-8-x86_64 + box: generic/oracle8 hypervisor: <%= hypervisor %> CONFIG: log_level: verbose diff --git a/spec/acceptance/suites/default/00_default_spec.rb b/spec/acceptance/suites/default/00_default_spec.rb index 0308d34..5850e6d 100644 --- a/spec/acceptance/suites/default/00_default_spec.rb +++ b/spec/acceptance/suites/default/00_default_spec.rb @@ -243,7 +243,7 @@ class { 'rsyslog': pki => false } it 'should see entries from the journal in /var/log/messages' do on client, "echo someeasytosearchforstring | systemd-cat -p notice -t acceptance" - on client, "grep someeasytosearchforstring /var/log/messages" + retry_on client, "grep someeasytosearchforstring /var/log/messages" end end diff --git a/spec/acceptance/suites/doubleforward/nodesets/centos-7.yml b/spec/acceptance/suites/doubleforward/nodesets/centos-7.yml new file mode 100644 index 0000000..d2dbe26 --- /dev/null +++ b/spec/acceptance/suites/doubleforward/nodesets/centos-7.yml @@ -0,0 +1,35 @@ +<% + if ENV['BEAKER_HYPERVISOR'] + hypervisor = ENV['BEAKER_HYPERVISOR'] + else + hypervisor = 'vagrant' + end +-%> +HOSTS: + client: + roles: + - default + - master + - client + platform: el-7-x86_64 + box: centos/7 + hypervisor: <%= hypervisor %> + server-1: + roles: + - server + platform: el-7-x86_64 + box: centos/7 + hypervisor: <%= hypervisor %> + server-2: + roles: + - nextserver + platform: el-7-x86_64 + box: centos/7 + hypervisor: <%= hypervisor %> +CONFIG: + log_level: verbose + type: aio + vagrant_memsize: 256 +<% if ENV['BEAKER_PUPPET_ENVIRONMENT'] -%> + puppet_environment: <%= ENV['BEAKER_PUPPET_ENVIRONMENT'] %> +<% end -%> diff --git a/spec/acceptance/suites/doubleforward/nodesets/default.yml b/spec/acceptance/suites/doubleforward/nodesets/default.yml index d2dbe26..82be92b 100644 --- a/spec/acceptance/suites/doubleforward/nodesets/default.yml +++ b/spec/acceptance/suites/doubleforward/nodesets/default.yml @@ -11,20 +11,20 @@ HOSTS: - default - master - client - platform: el-7-x86_64 - box: centos/7 + platform: el-8-x86_64 + box: centos/8 hypervisor: <%= hypervisor %> server-1: roles: - server - platform: el-7-x86_64 - box: centos/7 + platform: el-8-x86_64 + box: centos/8 hypervisor: <%= hypervisor %> server-2: roles: - nextserver - platform: el-7-x86_64 - box: centos/7 + platform: el-8-x86_64 + box: centos/8 hypervisor: <%= hypervisor %> CONFIG: log_level: verbose diff --git a/spec/acceptance/suites/doubleforward/nodesets/oel.yml b/spec/acceptance/suites/doubleforward/nodesets/oel.yml index 7933721..e4540b2 100644 --- a/spec/acceptance/suites/doubleforward/nodesets/oel.yml +++ b/spec/acceptance/suites/doubleforward/nodesets/oel.yml @@ -11,20 +11,20 @@ HOSTS: - default - master - client - platform: el-7-x86_64 - box: onyxpoint/oel-7-x86_64 + platform: el-8-x86_64 + box: generic/oracle8 hypervisor: <%= hypervisor %> server-1: roles: - server - platform: el-7-x86_64 - box: onyxpoint/oel-7-x86_64 + platform: el-8-x86_64 + box: generic/oracle8 hypervisor: <%= hypervisor %> server-2: roles: - nextserver - platform: el-7-x86_64 - box: onyxpoint/oel-7-x86_64 + platform: el-8-x86_64 + box: generic/oracle8 hypervisor: <%= hypervisor %> CONFIG: log_level: verbose diff --git a/spec/expected/el8/remote_defaults.txt b/spec/expected/el8/remote_defaults.txt new file mode 100644 index 0000000..d7b57f2 --- /dev/null +++ b/spec/expected/el8/remote_defaults.txt @@ -0,0 +1,46 @@ +ruleset( + name="ruleset_test_name" + queue.filename="test_name_disk_queue" + queue.dequeuebatchsize="16" + queue.lowwatermark="2000" + queue.discardmark="9750" + queue.discardseverity="8" + queue.syncqueuefiles="off" + queue.type="LinkedList" + queue.workerthreads="1" + queue.timeoutshutdown="0" + queue.timeoutactioncompletion="1000" + queue.timeoutenqueue="2000" + queue.timeoutworkerthreadshutdown="60000" + queue.workerthreadminimummessages="100" + queue.maxfilesize="1m" + queue.saveonshutdown="on" + queue.dequeueslowdown="0" +) { + action( + type="omfwd" + protocol="tcp" + target="1.2.3.4" + port="514" + TCP_Framing="traditional" + ZipLevel="0" + maxErrorMessages="5" + compression.mode="none" + compression.stream.flushOnTXEnd="on" + ResendLastMSGOnReconnect="on" + ) + action( + type="omfwd" + protocol="tcp" + target="5.6.7.8" + port="5678" + TCP_Framing="traditional" + ZipLevel="0" + maxErrorMessages="5" + compression.mode="none" + compression.stream.flushOnTXEnd="on" + ResendLastMSGOnReconnect="on" + ) +} + +if (test_rule) then call ruleset_test_name diff --git a/spec/expected/el8/remote_tls_with_peers_undef_hostname_for_logserver.txt b/spec/expected/el8/remote_tls_with_peers_undef_hostname_for_logserver.txt new file mode 100644 index 0000000..296da04 --- /dev/null +++ b/spec/expected/el8/remote_tls_with_peers_undef_hostname_for_logserver.txt @@ -0,0 +1,52 @@ +ruleset( + name="ruleset_test_name" + queue.filename="test_name_disk_queue" + queue.dequeuebatchsize="16" + queue.lowwatermark="2000" + queue.discardmark="9750" + queue.discardseverity="8" + queue.syncqueuefiles="off" + queue.type="LinkedList" + queue.workerthreads="1" + queue.timeoutshutdown="0" + queue.timeoutactioncompletion="1000" + queue.timeoutenqueue="2000" + queue.timeoutworkerthreadshutdown="60000" + queue.workerthreadminimummessages="100" + queue.maxfilesize="1m" + queue.saveonshutdown="on" + queue.dequeueslowdown="0" +) { + action( + type="omfwd" + protocol="tcp" + target="logserver.my.domain" + port="6514" + TCP_Framing="traditional" + ZipLevel="0" + maxErrorMessages="5" + compression.mode="none" + compression.stream.flushOnTXEnd="on" + StreamDriverMode="1" + StreamDriverAuthMode="x509/name" + StreamDriverPermittedPeers="logserver.my.domain" + ResendLastMSGOnReconnect="on" + ) + action( + type="omfwd" + protocol="tcp" + target="logserver2.other.place" + port="4444" + TCP_Framing="traditional" + ZipLevel="0" + maxErrorMessages="5" + compression.mode="none" + compression.stream.flushOnTXEnd="on" + StreamDriverMode="1" + StreamDriverAuthMode="x509/name" + StreamDriverPermittedPeers="logserver2.other.place" + ResendLastMSGOnReconnect="on" + ) +} + +if (test_rule) then call ruleset_test_name diff --git a/spec/expected/el8/remote_tls_with_peers_undef_hostname_for_remotes.txt b/spec/expected/el8/remote_tls_with_peers_undef_hostname_for_remotes.txt new file mode 100644 index 0000000..a5cabf5 --- /dev/null +++ b/spec/expected/el8/remote_tls_with_peers_undef_hostname_for_remotes.txt @@ -0,0 +1,105 @@ +ruleset( + name="ruleset_test_name" + queue.filename="test_name_disk_queue" + queue.dequeuebatchsize="16" + queue.lowwatermark="2000" + queue.discardmark="9750" + queue.discardseverity="8" + queue.syncqueuefiles="off" + queue.type="LinkedList" + queue.workerthreads="1" + queue.timeoutshutdown="0" + queue.timeoutactioncompletion="1000" + queue.timeoutenqueue="2000" + queue.timeoutworkerthreadshutdown="60000" + queue.workerthreadminimummessages="100" + queue.maxfilesize="1m" + queue.saveonshutdown="on" + queue.dequeueslowdown="0" +) { + action( + type="omfwd" + protocol="tcp" + target="logserver.my.domain" + port="6514" + TCP_Framing="traditional" + ZipLevel="0" + maxErrorMessages="5" + compression.mode="none" + compression.stream.flushOnTXEnd="on" + StreamDriverMode="1" + StreamDriverAuthMode="x509/name" + StreamDriverPermittedPeers="logserver.my.domain" + ResendLastMSGOnReconnect="on" + ) + action( + type="omfwd" + protocol="tcp" + target="logserver2.other.place" + port="4444" + TCP_Framing="traditional" + ZipLevel="0" + maxErrorMessages="5" + compression.mode="none" + compression.stream.flushOnTXEnd="on" + StreamDriverMode="1" + StreamDriverAuthMode="x509/name" + StreamDriverPermittedPeers="logserver2.other.place" + ResendLastMSGOnReconnect="on" + ) + + action( + type="omfwd" + protocol="tcp" + target="failover.my.domain" + port="6514" + TCP_Framing="traditional" + ZipLevel="0" + maxErrorMessages="5" + compression.mode="none" + compression.stream.flushOnTXEnd="on" + StreamDriverMode="1" + StreamDriverAuthMode="x509/name" + StreamDriverPermittedPeers="failover.my.domain" + ResendLastMSGOnReconnect="on" + action.resumeRetryCount="-1" + action.execOnlyWhenPreviousIsSuspended="on" + ) + + action( + type="omfwd" + protocol="tcp" + target="failover.other.place" + port="4444" +# NOTE: This must exist for the last failover host so that we can queue logs to disk when needed. + queue.filename="test_name_disk_queue_action" + queue.dequeuebatchsize="16" + queue.lowwatermark="2000" + queue.discardmark="9750" + queue.discardseverity="8" + queue.syncqueuefiles="off" + queue.type="LinkedList" + queue.workerthreads="1" + queue.timeoutshutdown="0" + queue.timeoutactioncompletion="1000" + queue.timeoutenqueue="2000" + queue.timeoutworkerthreadshutdown="60000" + queue.workerthreadminimummessages="100" + queue.maxfilesize="1m" + queue.saveonshutdown="on" + queue.dequeueslowdown="0" + TCP_Framing="traditional" + ZipLevel="0" + maxErrorMessages="5" + compression.mode="none" + compression.stream.flushOnTXEnd="on" + StreamDriverMode="1" + StreamDriverAuthMode="x509/name" + StreamDriverPermittedPeers="failover.other.place" + ResendLastMSGOnReconnect="on" + action.resumeRetryCount="-1" + action.execOnlyWhenPreviousIsSuspended="on" + ) +} + +if (test_rule) then call ruleset_test_name diff --git a/spec/expected/el8/remote_tls_with_peers_undef_ip_for_failover.txt b/spec/expected/el8/remote_tls_with_peers_undef_ip_for_failover.txt new file mode 100644 index 0000000..d120a56 --- /dev/null +++ b/spec/expected/el8/remote_tls_with_peers_undef_ip_for_failover.txt @@ -0,0 +1,72 @@ +ruleset( + name="ruleset_test_name" + queue.filename="test_name_disk_queue" + queue.dequeuebatchsize="16" + queue.lowwatermark="2000" + queue.discardmark="9750" + queue.discardseverity="8" + queue.syncqueuefiles="off" + queue.type="LinkedList" + queue.workerthreads="1" + queue.timeoutshutdown="0" + queue.timeoutactioncompletion="1000" + queue.timeoutenqueue="2000" + queue.timeoutworkerthreadshutdown="60000" + queue.workerthreadminimummessages="100" + queue.maxfilesize="1m" + queue.saveonshutdown="on" + queue.dequeueslowdown="0" +) { + action( + type="omfwd" + protocol="tcp" + target="logserver1.my.domain" + port="6514" + TCP_Framing="traditional" + ZipLevel="0" + maxErrorMessages="5" + compression.mode="none" + compression.stream.flushOnTXEnd="on" + StreamDriverMode="1" + StreamDriverAuthMode="x509/name" + StreamDriverPermittedPeers="*.example.com" + ResendLastMSGOnReconnect="on" + ) + + action( + type="omfwd" + protocol="tcp" + target="1.2.3.4" + port="6514" +# NOTE: This must exist for the last failover host so that we can queue logs to disk when needed. + queue.filename="test_name_disk_queue_action" + queue.dequeuebatchsize="16" + queue.lowwatermark="2000" + queue.discardmark="9750" + queue.discardseverity="8" + queue.syncqueuefiles="off" + queue.type="LinkedList" + queue.workerthreads="1" + queue.timeoutshutdown="0" + queue.timeoutactioncompletion="1000" + queue.timeoutenqueue="2000" + queue.timeoutworkerthreadshutdown="60000" + queue.workerthreadminimummessages="100" + queue.maxfilesize="1m" + queue.saveonshutdown="on" + queue.dequeueslowdown="0" + TCP_Framing="traditional" + ZipLevel="0" + maxErrorMessages="5" + compression.mode="none" + compression.stream.flushOnTXEnd="on" + StreamDriverMode="1" + StreamDriverAuthMode="x509/name" + StreamDriverPermittedPeers="*.example.com" + ResendLastMSGOnReconnect="on" + action.resumeRetryCount="-1" + action.execOnlyWhenPreviousIsSuspended="on" + ) +} + +if (test_rule) then call ruleset_test_name diff --git a/spec/expected/el8/remote_tls_with_peers_undef_ip_for_logserver.txt b/spec/expected/el8/remote_tls_with_peers_undef_ip_for_logserver.txt new file mode 100644 index 0000000..9131732 --- /dev/null +++ b/spec/expected/el8/remote_tls_with_peers_undef_ip_for_logserver.txt @@ -0,0 +1,37 @@ +ruleset( + name="ruleset_test_name" + queue.filename="test_name_disk_queue" + queue.dequeuebatchsize="16" + queue.lowwatermark="2000" + queue.discardmark="9750" + queue.discardseverity="8" + queue.syncqueuefiles="off" + queue.type="LinkedList" + queue.workerthreads="1" + queue.timeoutshutdown="0" + queue.timeoutactioncompletion="1000" + queue.timeoutenqueue="2000" + queue.timeoutworkerthreadshutdown="60000" + queue.workerthreadminimummessages="100" + queue.maxfilesize="1m" + queue.saveonshutdown="on" + queue.dequeueslowdown="0" +) { + action( + type="omfwd" + protocol="tcp" + target="1.2.3.4" + port="6514" + TCP_Framing="traditional" + ZipLevel="0" + maxErrorMessages="5" + compression.mode="none" + compression.stream.flushOnTXEnd="on" + StreamDriverMode="1" + StreamDriverAuthMode="x509/name" + StreamDriverPermittedPeers="*.example.com" + ResendLastMSGOnReconnect="on" + ) +} + +if (test_rule) then call ruleset_test_name diff --git a/spec/expected/el8/remote_tls_with_stream_driver_settings.txt b/spec/expected/el8/remote_tls_with_stream_driver_settings.txt new file mode 100644 index 0000000..72f9393 --- /dev/null +++ b/spec/expected/el8/remote_tls_with_stream_driver_settings.txt @@ -0,0 +1,109 @@ +ruleset( + name="ruleset_test_name" + queue.filename="test_name_disk_queue" + queue.dequeuebatchsize="16" + queue.lowwatermark="2000" + queue.discardmark="9750" + queue.discardseverity="8" + queue.syncqueuefiles="off" + queue.type="LinkedList" + queue.workerthreads="1" + queue.timeoutshutdown="0" + queue.timeoutactioncompletion="1000" + queue.timeoutenqueue="2000" + queue.timeoutworkerthreadshutdown="60000" + queue.workerthreadminimummessages="100" + queue.maxfilesize="1m" + queue.saveonshutdown="on" + queue.dequeueslowdown="0" +) { + action( + type="omfwd" + protocol="tcp" + target="logserver.my.domain" + port="6514" + TCP_Framing="traditional" + ZipLevel="0" + maxErrorMessages="5" + compression.mode="none" + compression.stream.flushOnTXEnd="on" + StreamDriver="my_stream_driver" + StreamDriverMode="2" + StreamDriverAuthMode="my_stream_driver/x509/name" + StreamDriverPermittedPeers="*.my.domain,*.other.place" + ResendLastMSGOnReconnect="on" + ) + action( + type="omfwd" + protocol="tcp" + target="logserver2.other.place" + port="4444" + TCP_Framing="traditional" + ZipLevel="0" + maxErrorMessages="5" + compression.mode="none" + compression.stream.flushOnTXEnd="on" + StreamDriver="my_stream_driver" + StreamDriverMode="2" + StreamDriverAuthMode="my_stream_driver/x509/name" + StreamDriverPermittedPeers="*.my.domain,*.other.place" + ResendLastMSGOnReconnect="on" + ) + + action( + type="omfwd" + protocol="tcp" + target="failover.my.domain" + port="6514" + TCP_Framing="traditional" + ZipLevel="0" + maxErrorMessages="5" + compression.mode="none" + compression.stream.flushOnTXEnd="on" + StreamDriver="my_stream_driver" + StreamDriverMode="2" + StreamDriverAuthMode="my_stream_driver/x509/name" + StreamDriverPermittedPeers="*.my.domain,*.other.place" + ResendLastMSGOnReconnect="on" + action.resumeRetryCount="-1" + action.execOnlyWhenPreviousIsSuspended="on" + ) + + action( + type="omfwd" + protocol="tcp" + target="failover.other.place" + port="4444" +# NOTE: This must exist for the last failover host so that we can queue logs to disk when needed. + queue.filename="test_name_disk_queue_action" + queue.dequeuebatchsize="16" + queue.lowwatermark="2000" + queue.discardmark="9750" + queue.discardseverity="8" + queue.syncqueuefiles="off" + queue.type="LinkedList" + queue.workerthreads="1" + queue.timeoutshutdown="0" + queue.timeoutactioncompletion="1000" + queue.timeoutenqueue="2000" + queue.timeoutworkerthreadshutdown="60000" + queue.workerthreadminimummessages="100" + queue.maxfilesize="1m" + queue.saveonshutdown="on" + queue.dequeueslowdown="0" + TCP_Framing="traditional" + ZipLevel="0" + maxErrorMessages="5" + compression.mode="none" + compression.stream.flushOnTXEnd="on" + StreamDriver="my_stream_driver" + StreamDriverMode="2" + StreamDriverAuthMode="my_stream_driver/x509/name" + StreamDriverPermittedPeers="*.my.domain,*.other.place" + ResendLastMSGOnReconnect="on" + action.resumeRetryCount="-1" + action.execOnlyWhenPreviousIsSuspended="on" + ) +} + +if (test_rule) then call ruleset_test_name diff --git a/spec/expected/el8/remote_with_settings.txt b/spec/expected/el8/remote_with_settings.txt new file mode 100644 index 0000000..7893e25 --- /dev/null +++ b/spec/expected/el8/remote_with_settings.txt @@ -0,0 +1,104 @@ +ruleset( + name="ruleset_test_name" + queue.filename="my_queue" + queue.size="1000" + queue.dequeuebatchsize="100" + queue.maxdiskspace="100000" + queue.highwatermark="900" + queue.lowwatermark="200" + queue.fulldelaymark="940" + queue.lightdelaymark="300" + queue.discardmark="975" + queue.discardseverity="7" + queue.checkpointinterval="2" + queue.syncqueuefiles="on" + queue.type="LinkedList" + queue.workerthreads="2" + queue.timeoutshutdown="1" + queue.timeoutactioncompletion="100" + queue.timeoutenqueue="200" + queue.timeoutworkerthreadshutdown="6000" + queue.workerthreadminimummessages="10" + queue.maxfilesize="2m" + queue.saveonshutdown="on" + queue.dequeueslowdown="0" + queue.dequeuetimebegin="1" + queue.dequeuetimeend="2" +) { + action( + type="omfwd" + template="my_template" + protocol="relp" + target="1.2.3.4" + port="514" + TCP_Framing="octet-counted" + ZipLevel="1" + maxErrorMessages="6" + compression.mode="single" + compression.stream.flushOnTXEnd="off" + RebindInterval="1" + ResendLastMSGOnReconnect="off" + ) + + action( + type="omfwd" + template="my_template" + protocol="relp" + target="5.6.7.8" + port="5678" + TCP_Framing="octet-counted" + ZipLevel="1" + maxErrorMessages="6" + compression.mode="single" + compression.stream.flushOnTXEnd="off" + RebindInterval="1" + ResendLastMSGOnReconnect="off" + action.resumeRetryCount="1" + action.execOnlyWhenPreviousIsSuspended="on" + ) + + action( + type="omfwd" + template="my_template" + protocol="relp" + target="9.10.11.12" + port="514" +# NOTE: This must exist for the last failover host so that we can queue logs to disk when needed. + queue.filename="my_queue_action" + queue.size="1000" + queue.dequeuebatchsize="100" + queue.maxdiskspace="100000" + queue.highwatermark="900" + queue.lowwatermark="200" + queue.fulldelaymark="940" + queue.lightdelaymark="300" + queue.discardmark="975" + queue.discardseverity="7" + queue.checkpointinterval="2" + queue.syncqueuefiles="on" + queue.type="LinkedList" + queue.workerthreads="2" + queue.timeoutshutdown="1" + queue.timeoutactioncompletion="100" + queue.timeoutenqueue="200" + queue.timeoutworkerthreadshutdown="6000" + queue.workerthreadminimummessages="10" + queue.maxfilesize="2m" + queue.saveonshutdown="on" + queue.dequeueslowdown="0" + queue.dequeuetimebegin="1" + queue.dequeuetimeend="2" + TCP_Framing="octet-counted" + ZipLevel="1" + maxErrorMessages="6" + compression.mode="single" + compression.stream.flushOnTXEnd="off" + RebindInterval="1" + ResendLastMSGOnReconnect="off" + action.resumeRetryCount="1" + action.execOnlyWhenPreviousIsSuspended="on" + ) + stop +} + +if (test_rule) then call ruleset_test_name diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index 5423024..c7d6ddb 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -141,6 +141,7 @@ def set_hieradata(hieradata) end # ensure the user running these tests has an accessible environmentpath + Puppet[:digest_algorithm] = 'sha256' Puppet[:environmentpath] = @spec_global_env_temp Puppet[:user] = Etc.getpwuid(Process.uid).name Puppet[:group] = Etc.getgrgid(Process.gid).name