From 5184737a23b820caae19128cb14dd5e6c493ec46 Mon Sep 17 00:00:00 2001 From: lnemsick-simp Date: Thu, 24 May 2018 09:53:19 -0400 Subject: [PATCH] (SIMP-4929) Add network service deps to rsyslog.service (#67) Add a systemd rsyslog.service override file that fixes a service ordering problem present with older versions of rsyslog. The override ensures the network.target and network-online.target units are added to the 'Wants' and 'After' lists for the rsyslog.service. NOTE: This module now uses camptocamp-systemd, which, per its metadata.json, **requires** puppet >= 4.10.10. As such, puppet 4.7, 4.8, and 4.9 testing has been removed from GitLab and TravisCI configuration. SIMP-4929 #close --- .fixtures.yml | 2 + .gitlab-ci.yml | 409 ++++++++++-------- .travis.yml | 12 - CHANGELOG | 8 +- Gemfile | 8 +- manifests/config.pp | 36 +- metadata.json | 5 +- .../suites/default/00_default_spec.rb | 17 + spec/classes/init_spec.rb | 97 +++-- 9 files changed, 363 insertions(+), 231 deletions(-) diff --git a/.fixtures.yml b/.fixtures.yml index ec56eec..db9fda7 100644 --- a/.fixtures.yml +++ b/.fixtures.yml @@ -26,6 +26,8 @@ fixtures: repo: https://github.com/simp/puppetlabs-stdlib stunnel: repo: https://github.com/simp/pupmod-simp-stunnel + systemd: + repo: https://github.com/simp/puppet-systemd tcpwrappers: repo: https://github.com/simp/pupmod-simp-tcpwrappers symlinks: diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 5b37445..14fb9a5 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,207 +1,268 @@ -# The testing matrix considers ruby/puppet versions supported by SIMP and PE: -# -# https://puppet.com/docs/pe/2017.3/overview/component_versions_in_recent_pe_releases.html -# https://puppet.com/misc/puppet-enterprise-lifecycle -# https://puppet.com/docs/pe/2017.3/overview/getting_support_for_pe.html#standard-releases-and-long-term-support-releases -# ------------------------------------------------------------------------------ -# release pup ruby eol -# PE 2016.4 4.7 2.1.9 2018-10 (LTS) -# SIMP6.0.0 4.8 2.1.9 TBD -# PE 2017.2 4.10 2.1.9 2018-02-21 -# PE 2017.3 5.3 2.4.1 2018-07 -# PE 2018.1 ??? ????? ????-?? (LTS) --- -.cache_bundler: &cache_bundler - cache: - untracked: true - # An attempt at caching between runs (ala Travis CI) - key: "${CI_PROJECT_NAMESPACE}__bundler" - paths: - - '.vendor' - - 'vendor' - -.setup_bundler_env: &setup_bundler_env - before_script: - - '(find .vendor | wc -l) || :' - - bundle check || gem install bundler --no-rdoc --no-ri - - rm -f Gemfile.lock - - rm -rf pkg/ - - bundle install --no-binstubs --jobs $(nproc) --path=.vendor "${FLAGS[@]}" - -.validation_checks: &validation_checks - script: - - bundle exec rake syntax - - bundle exec rake check:dot_underscore - - bundle exec rake check:test_file - - bundle exec rake pkg:check_version - - bundle exec rake pkg:compare_latest_tag - - bundle exec rake lint - - bundle exec rake clean - - bundle exec puppet module build - -.spec_tests: &spec_tests - script: - - bundle exec rake spec +#======================================================================= +# Global stuff stages: - - validation - - unit - - acceptance - - deploy - -# Puppet 4.7 for PE 2016.4 LTS Support (EOL: 2018-10-21) -# See: https://puppet.com/misc/puppet-enterprise-lifecycle -# -------------------------------------- -pup4.7-validation: - stage: validation - tags: - - docker - image: ruby:2.1 - variables: - PUPPET_VERSION: '~> 4.7.0' - <<: *cache_bundler - <<: *setup_bundler_env - <<: *validation_checks + - 'sanity' + - 'lint' + - 'unit' + - 'acceptance' + - 'deployment' -pup4.7-unit: - stage: unit - tags: - - docker - image: ruby:2.1 - variables: - PUPPET_VERSION: '~> 4.7.0' - <<: *cache_bundler - <<: *setup_bundler_env - <<: *spec_tests +# Default versions are set only as fallbacks for jobs that don't care which +# version they use. Versions should be explicitly set in any job with specific +# version requirements, even if they match these defaults. +image: 'ruby:2.1' +variables: + PUPPET_VERSION: '~> 4.10.0' + BUNDLER_VERSION: '' # Unset this in case it's defined on the runner + BUNDLER_EXTRA_ARGS: '--without development system_tests' + MODULE_NAME: "$(ruby -r json -e 'JSON.load(File.read('metadata.json'))['name']')" + MODULE_VERSION: "$(ruby -r json -e 'JSON.load(File.read('metadata.json'))['version']')" + GEM_HOME: '${CI_PROJECT_DIR}/vendor/ruby' # Isolate the Ruby Gems environment + GEM_PATH: '$GEM_HOME' +before_script: + - 'PATH="${GEM_HOME}/bin:${PATH}"; export PATH' + - '[ "$BUNDLER_VERSION" ] && BUNDLER_VERSION_ARGS="-v $BUNDLER_VERSION"; export BUNDLER_VERSION_ARGS' + - 'ruby -v' + - 'gem environment' + - 'gem sources -u' + - 'gem install bundler --no-document $BUNDLER_VERSION_ARGS' + - 'bundle install -j "$(nproc)" --no-binstubs --path vendor $BUNDLER_EXTRA_ARGS' -# Puppet 4.8 for SIMP 6.0 + 6.1 support -# -------------------------------------- -pup4.8-validation: - stage: validation - tags: - - docker - image: ruby:2.1 - variables: - PUPPET_VERSION: '~> 4.8.0' - <<: *cache_bundler - <<: *setup_bundler_env - <<: *validation_checks +cache: + key: '${CI_COMMIT_REF_SLUG}' + paths: + - 'vendor/ruby' -pup4.8-unit: - stage: unit - tags: - - docker - image: ruby:2.1 - variables: - PUPPET_VERSION: '~> 4.8.0' - <<: *cache_bundler - <<: *setup_bundler_env - <<: *spec_tests +#======================================================================= +# Anchors +.lint_base: &lint_base + stage: 'lint' + tags: ['docker'] + script: + - 'bundle exec rake syntax' + - 'bundle exec rake lint' + cache: + policy: 'pull' + dependencies: [] + artifacts: + when: 'always' + paths: + - 'Gemfile.lock' -# Puppet 4.10 for PE 2017.2 support (EOL:2018-02-21) -# See: https://puppet.com/misc/puppet-enterprise-lifecycle -# -------------------------------------- -pup4.10-validation: - stage: validation - tags: - - docker - image: ruby:2.1 +.unit_base: &unit_base + stage: 'unit' + tags: ['docker'] variables: - PUPPET_VERSION: '~> 4.10.0' - <<: *cache_bundler - <<: *setup_bundler_env - <<: *validation_checks + STRINGIFY_FACTS: 'no' + TRUSTED_NODE_DATA: 'yes' + script: + - 'bundle exec rake spec' + cache: + policy: 'pull' + dependencies: [] + artifacts: + when: 'always' + paths: + - 'Gemfile.lock' -pup4.10-unit: - stage: unit - tags: - - docker - image: ruby:2.1 +.acceptance_base: &acceptance_base + stage: 'acceptance' + tags: ['beaker'] variables: - PUPPET_VERSION: '~> 4.10.0' - <<: *cache_bundler - <<: *setup_bundler_env - <<: *spec_tests + BUNDLER_EXTRA_ARGS: '--without development' + cache: + policy: 'pull' + dependencies: [] + artifacts: + when: 'always' + paths: + - 'Gemfile.lock' +# ---------------------------------------------------------------------- +# Version Matrix +# +# It would be too expensive, both in time and compute resources, to test +# against every last version combination, so we restrict it to a subset. +# Version sets are selected based on current support policies for major platform +# software, such as Puppet and Ruby. Namely, we use the version combinations +# bundled in Puppet Enterprise. +# +# For more information see: +# * https://puppet.com/docs/pe/latest/overview/component_versions_in_recent_pe_releases.html +# * https://puppet.com/misc/puppet-enterprise-lifecycle +# * https://puppet.com/docs/pe/latest/overview/getting_support_for_pe.html#standard-releases-and-long-term-support-releases +# +# | Release | Puppet | Ruby | End-of-Life Date | +# |-----------|--------|------|------------------| +# | PE 2016.4 | 4.7* | 2.1 | 2018-10 +# | PE 2016.5 | 4.8 | 2.1 | 2017-05 +# | SIMP 6.0 | 4.8 | 2.1 | TBD +# | PE 2017.1 | 4.9 | 2.1 | 2017-10 +# | PE 2017.2 | 4.10 | 2.1 | 2018-02 +# | SIMP 6.1 | 4.10 | 2.1 | TBD +# | PE 2017.3 | 5.3 | 2.4 | 2018-08 +# | PE 2018.1 | 5.5 | 2.4 | 2020-05 +# +# * PE 2016.4 released with Puppet 4.7.0, but upgraded to the 4.10 series +# starting with 2016.4.5. +# -# Puppet 5.3 for PE 2017.3 support (EOL: 2018-07) -# See: https://puppet.com/misc/puppet-enterprise-lifecycle -# -------------------------------------- -pup5.3-validation: - stage: validation - tags: - - docker - image: ruby:2.4 +.simp_6_1: &simp_6_1 variables: - PUPPET_VERSION: '~> 5.3.0' - <<: *cache_bundler - <<: *setup_bundler_env - <<: *validation_checks + PUPPET_VERSION: '~> 4.10.8' -pup5.3-unit: - stage: unit - tags: - - docker - image: ruby:2.4 +.pe_2017_3: &pe_2017_3 variables: - PUPPET_VERSION: '~> 5.3.0' - <<: *cache_bundler - <<: *setup_bundler_env - <<: *spec_tests - allow_failure: true + PUPPET_VERSION: '~> 5.3.2' +.pe_2018_1: &pe_2018_1 + variables: + PUPPET_VERSION: '~> 5.5.1' -# Keep an eye on the latest puppet 5 -# ---------------------------------- -pup5.latest-validation: - stage: validation - tags: - - docker - image: ruby:2.4 +.pup4_latest: &pup4_latest variables: - PUPPET_VERSION: '~> 5.0' - <<: *cache_bundler - <<: *setup_bundler_env - <<: *validation_checks - allow_failure: true + PUPPET_VERSION: '~> 4.0' -pup5.latest-unit: - stage: unit - tags: - - docker - image: ruby:2.4 +.pup5_latest: &pup5_latest variables: PUPPET_VERSION: '~> 5.0' - <<: *cache_bundler - <<: *setup_bundler_env - <<: *spec_tests - allow_failure: true +#======================================================================= +# Basic Sanity Checks +# + +# Execute simple sanity checks on the environment before proceeding to more +# resource-intensive jobs. Besides running checks, this condenses the initial +# cache generation into a single job for the later stages. The first stage, +# in particular, would otherwise suffer a heavy cache-miss penalty as its +# jobs kick off in parallel. +sanity_checks: + stage: 'sanity' + tags: ['docker'] + script: + - 'bundle exec rake check:dot_underscore' + - 'bundle exec rake check:test_file' + - 'bundle exec rake pkg:check_version' + - 'bundle exec rake pkg:compare_latest_tag' + +tag_check: + stage: 'sanity' + only: ['tags'] + tags: ['docker'] + script: '[ "$CI_COMMIT_TAG" = "$MODULE_VERSION" ] || ( echo "ERROR: Tag does not match metadata version" && exit 1 )' + + +#======================================================================= +# Lint Tests +# + +# Linting, for the most part, isn't affected by version changes in Puppet, +# so we only test against the latest version for each MAJOR release. +pup4_latest-lint: + <<: *lint_base + <<: *pup4_latest + image: 'ruby:2.1' + +pup5_latest-lint: + <<: *lint_base + <<: *pup5_latest + image: 'ruby:2.4' + +#======================================================================= +# Unit Test Matrix +# + +# ---------------------------------------------------------------------- +# Puppet 4.10 for SIMP 6.1, PE 2016.4 LTS, and 2017.2 +pup4_10-unit: + <<: *unit_base + <<: *simp_6_1 + image: 'ruby:2.1' + +# ---------------------------------------------------------------------- +# Puppet 5.3 for PE 2017.3 +pup5_3-unit: + <<: *unit_base + <<: *pe_2017_3 + image: 'ruby:2.4' + +# ---------------------------------------------------------------------- +# Puppet 5.5 for PE 2018.1 LTS +pup5_5-unit: + <<: *unit_base + <<: *pe_2018_1 + image: 'ruby:2.4' + +# ---------------------------------------------------------------------- +# Keep an eye on the latest Puppet 5.x release +pup5_latest-unit: + <<: *unit_base + <<: *pup5_latest + image: 'ruby:2.4' + -# Acceptance tests # ============================================================================== -acceptance-default: - stage: acceptance - tags: - - beaker - <<: *cache_bundler - <<: *setup_bundler_env +# Acceptance tests +# + +# Because acceptance tests are so much more expensive than other tests, this +# test matrix is even more limited. Here we stick to versions supported +# by non-EOL meta-releases of SIMP and LTS versions of Puppet Enterprise. + +# ---------------------------------------------------------------------- +# Puppet 4.10 for SIMP 6.1, PE 2016.4 LTS, and PE 2017.2 +el-pup4_10: + <<: *acceptance_base + <<: *simp_6_1 + script: + - 'bundle exec rake beaker:suites' + +el-pup4_10-fips: + <<: *acceptance_base + <<: *simp_6_1 variables: - PUPPET_VERSION: '4.10' + BEAKER_fips: 'yes' script: - - bundle exec rake beaker:suites[default] + - bundle exec rake beaker:suites -acceptance-fips-default: - stage: acceptance - tags: - - beaker - <<: *cache_bundler - <<: *setup_bundler_env +# ---------------------------------------------------------------------- +# Puppet 5.5 for PE 2018.1 LTS +el-pup5_5: + <<: *acceptance_base + <<: *pe_2018_1 + script: + - 'bundle exec rake beaker:suites' + +el-pup5_5-fips: + <<: *acceptance_base + <<: *pe_2018_1 variables: - PUPPET_VERSION: '4.10' BEAKER_fips: 'yes' script: - - bundle exec rake beaker:suites[default] + - 'bundle exec rake beaker:suites' + +#======================================================================= +# Deployment Jobs + +module_build: + only: + - 'tags' + stage: 'deployment' + tags: + - 'docker' + script: + - 'bundle exec rake clean' + - 'rm -rf pkg/' + - 'bundle exec puppet module build' + artifacts: + name: 'forge_release-${CI_COMMIT_TAG}' + when: 'on_success' + paths: + - 'pkg/${MODULE_NAME}-${MODULE_VERSION}.tar.gz' + +# vi:tabstop=2:shiftwidth=2:expandtab diff --git a/.travis.yml b/.travis.yml index de7f8ef..64d02ca 100644 --- a/.travis.yml +++ b/.travis.yml @@ -54,18 +54,6 @@ jobs: script: - bundle exec rake spec - - stage: spec - rvm: 2.1.9 - env: STRICT_VARIABLES=yes TRUSTED_NODE_DATA=yes PUPPET_VERSION="~> 4.9.2" - script: - - bundle exec rake spec - - - stage: spec - rvm: 2.1.9 - env: STRICT_VARIABLES=yes TRUSTED_NODE_DATA=yes PUPPET_VERSION="~> 4.7.0" - script: - - bundle exec rake spec - - stage: deploy rvm: 2.4.1 script: diff --git a/CHANGELOG b/CHANGELOG index 2c57e92..52bf010 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,4 +1,10 @@ -* Fri Mar 16 2018 Philippe Muller 7.1.1-0 +* Tue May 22 2018 Liz Nemsick - 7.1.2-0 +- Add a systemd rsyslog.service override file that fixes a service + ordering problem present with older versions of rsyslog. The + override ensures the network.target and network-online.target units + are added to the 'Wants' and 'After' lists for the rsyslog.service. + +* Fri Mar 16 2018 Philippe Muller - 7.1.1-0 - Fixed several cases where literal '\n' was contained in file output * Mon Jul 31 2017 Liz Nemsick - 7.1.0-0 diff --git a/Gemfile b/Gemfile index 38b87b8..54c9260 100644 --- a/Gemfile +++ b/Gemfile @@ -21,9 +21,11 @@ group :test do end group :development do - gem 'travis' - gem 'travis-lint' - gem 'travish' + install_if -> { Gem::Version.new(RUBY_VERSION) >= Gem::Version::new('2.3.0') } do + gem 'travis' + gem 'travis-lint' + gem 'travish' + end gem 'puppet-blacksmith' gem 'guard-rake' gem 'pry' diff --git a/manifests/config.pp b/manifests/config.pp index 2bf1242..5e0e39e 100644 --- a/manifests/config.pp +++ b/manifests/config.pp @@ -1,7 +1,11 @@ # **NOTE: THIS IS A [PRIVATE](https://github.com/puppetlabs/puppetlabs-stdlib#assert_private) CLASS** # -# Setup RSyslog configuration. Creates /etc/rsyslog.conf and includes -# all SIMP config subdirectories in /etc/rsyslog.simp.d. +# Setup RSyslog configuration. +# - When the host uses systemd, creates a rsyslog.service override file +# that fixes a service ordering problem present with older versions +# of rsyslog. +# - Creates /etc/rsyslog.conf and includes all SIMP config subdirectories +# in /etc/rsyslog.simp.d. # # **NOTE** Any undocumented parameters map directly to their counterparts in # the Rsyslog configuration files. @@ -176,6 +180,9 @@ # * This will place the configuration files **after** the global # configuration but **before** the SIMP applied configurations. # +# @param systemd_override_file +# The basename of the systemd override file for the rsyslog service +# class rsyslog::config ( String $umask = '0027', String $localhostname = $facts['fqdn'], @@ -238,7 +245,8 @@ Boolean $disable_remote_dns = false, Boolean $enable_default_rules = true, Boolean $read_journald = $::rsyslog::read_journald, - Boolean $include_rsyslog_d = false + Boolean $include_rsyslog_d = false, + String $systemd_override_file = 'unit.conf' ) { assert_private() @@ -367,4 +375,26 @@ item => 'max_open_files', value => $ulimit_max_open_files } + + if member($facts['init_systems'], 'systemd') { + # Even though the problem this override file addresses was fixed + # after CentOS 7.4, its presence causes no problems with the later + # versions, because the Wants and After lists are de-duped. + $_override = @(OVERRIDE) + # This file is managed by Puppet. + + [unit] + + Wants=network.target network-online.target + After=network.target network-online.target + | OVERRIDE + + systemd::dropin_file { $systemd_override_file: + unit => 'rsyslog.service', + content => $_override + } + + # make sure service gets restarted after systemctl daemon-reload + Class['systemd::systemctl::daemon_reload'] ~> Class['rsyslog::service'] + } } diff --git a/metadata.json b/metadata.json index 89d4792..1aa0f01 100644 --- a/metadata.json +++ b/metadata.json @@ -1,6 +1,6 @@ { "name": "simp-rsyslog", - "version": "7.1.1", + "version": "7.1.2", "author": "SIMP Team", "summary": "A puppet module to support RSyslog versions 7 and higher using new style RainerScript.", "license": "Apache-2.0", @@ -14,6 +14,9 @@ "syslog" ], "dependencies": [ + { "name": "camptocamp/systemd", + "version_requirement": ">= 1.1.1 < 2.0.0" + }, { "name": "puppetlabs/stdlib", "version_requirement": ">= 4.13.1 < 5.0.0" diff --git a/spec/acceptance/suites/default/00_default_spec.rb b/spec/acceptance/suites/default/00_default_spec.rb index 2a45133..7726258 100644 --- a/spec/acceptance/suites/default/00_default_spec.rb +++ b/spec/acceptance/suites/default/00_default_spec.rb @@ -102,6 +102,23 @@ class { 'rsyslog': pki => false } it { is_expected.to be_running } end + + it 'should ensure rsyslog.service starts after network.target and network-online.target' do + # client uses systemd + # following 3 lines for debug + on client, 'rpm -q rsyslog' + on client, 'cat /usr/lib/systemd/system/rsyslog.service' + on client, 'systemctl show rsyslog.service' + + on client, 'cat /etc/systemd/system/rsyslog.service.d/unit.conf' + + [ 'Wants', 'After' ].each do |req| + result = on(client, "systemctl show rsyslog.service | grep ^#{req}=").stdout + expect(result).to match /network.target/ + expect(result).to match /network-online.target/ + end + end + it 'should collect iptables log messages in /var/log/iptables.log' do # kern facility messages cannot be created by a user via logger, # because the facility is automatically changed to user. So, the diff --git a/spec/classes/init_spec.rb b/spec/classes/init_spec.rb index 5e7127d..2f486fb 100644 --- a/spec/classes/init_spec.rb +++ b/spec/classes/init_spec.rb @@ -20,39 +20,72 @@ end context 'supported operating systems' do - on_supported_os.each do |os, facts| + on_supported_os.each do |os, os_facts| context "on #{os}" do let(:facts) do - facts + os_facts end - rsyslog_package_name = 'rsyslog' + context 'default parameters' do + rsyslog_package_name = 'rsyslog' - if ['RedHat','CentOS'].include?(facts[:operatingsystem]) - if facts[:operatingsystemmajrelease] == '6' - rsyslog_package_name = 'rsyslog7' + if ['RedHat','CentOS'].include?(os_facts[:operatingsystem]) + if os_facts[:operatingsystemmajrelease] == '6' + rsyslog_package_name = 'rsyslog7' + end + end + + let(:params) {{ }} + it_behaves_like 'a structured module' + it { is_expected.to contain_class('rsyslog').with_trusted_nets(['127.0.0.1/32']) } + it { is_expected.to contain_class('rsyslog').with_service_name('rsyslog') } + it { is_expected.to contain_class('rsyslog').with_package_name(rsyslog_package_name) } + it { is_expected.to contain_class('rsyslog').with_tls_package_name("#{rsyslog_package_name}-gnutls") } + it { is_expected.to contain_package("#{rsyslog_package_name}.x86_64").with_ensure('latest') } + it { is_expected.to contain_package("#{rsyslog_package_name}.i386").with_ensure('absent') } + + if os_facts[:operatingsystemmajrelease] == '6' + it { + is_expected.to contain_rsyslog__rule('00_simp_pre_logging/global.conf') + .without_content(/ModLoad imjournal/) + } + else + it { + is_expected.to contain_rsyslog__rule('00_simp_pre_logging/global.conf') + .with_content(/ModLoad imjournal/) + } end - end - let(:params) {{ }} - it_behaves_like 'a structured module' - it { is_expected.to contain_class('rsyslog').with_trusted_nets(['127.0.0.1/32']) } - it { is_expected.to contain_class('rsyslog').with_service_name('rsyslog') } - it { is_expected.to contain_class('rsyslog').with_package_name(rsyslog_package_name) } - it { is_expected.to contain_class('rsyslog').with_tls_package_name("#{rsyslog_package_name}-gnutls") } - it { is_expected.to contain_package("#{rsyslog_package_name}.x86_64").with_ensure('latest') } - it { is_expected.to contain_package("#{rsyslog_package_name}.i386").with_ensure('absent') } + if os_facts[:init_systems].include?('systemd') + it do + expected = < 'rsyslog.service', + :content => expected + } ) + + is_expected.to contain_class('systemd::systemctl::daemon_reload').that_comes_before('Class[rsyslog::service]') + end + + end + + it 'no file resources should have a literal \n' do + expect( + catalogue.resources.select { |resource| + resource.type == 'File' && + resource[:content] && + resource[:content].include?('\n') + } + ).to be_empty + end end context 'rsyslog class with logrotate enabled' do @@ -63,8 +96,8 @@ it { is_expected.to contain_class('rsyslog::config::logrotate') } it { is_expected.to contain_logrotate__rule('syslog')} - if ['RedHat','CentOS'].include?(facts[:operatingsystem]) - if facts[:operatingsystemmajrelease].to_s < '7' + if ['RedHat','CentOS'].include?(os_facts[:operatingsystem]) + if os_facts[:operatingsystemmajrelease].to_s < '7' it { should create_file('/etc/logrotate.d/syslog').with_content(/#{file_content_6}/)} else it { should create_file('/etc/logrotate.d/syslog').with_content(/#{file_content_7}/)} @@ -72,16 +105,6 @@ end end - it 'no file resources should have a literal \n' do - expect( - catalogue.resources.select { |resource| - resource.type == 'File' && - resource[:content] && - resource[:content].include?('\n') - } - ).to be_empty - end - context 'rsyslog class with pki = simp' do let(:params) {{ :pki => 'simp'