(SIMP-4009) Add support for OEL and Puppet 5 (simp#66)

* (SIMP-4009) Add support for OEL and Puppet 5
michael-riddle · Jul 13, 2018 · 96799b3 · 96799b3
1 parent 571dcc7
commit 96799b3
Show file tree

Hide file tree

Showing 11 changed files with 413 additions and 230 deletions.
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
diff --git a/.travis.yml b/.travis.yml
@@ -25,9 +25,6 @@ before_install:
   - rm -f Gemfile.lock
 
 jobs:
-  allow_failures:
-    - env: STRICT_VARIABLES=yes TRUSTED_NODE_DATA=yes PUPPET_VERSION="~> 5.0"
-
   include:
     - stage: check
       rvm: 2.4.1

diff --git a/CHANGELOG b/CHANGELOG
@@ -1,3 +1,7 @@
+* Fri Jul 13 2018 Trevor Vaughan <[email protected]> - 7.2.0-0
+- Add support for Puppet5 and OEL
+- Update acceptance tests to use environment variables
+
 * Thu Jun 28 2018 Nick Miller <[email protected]> - 7.1.3-0
 - Update docs
 - Update ci assets

diff --git a/manifests/params.pp b/manifests/params.pp
@@ -16,7 +16,7 @@
 #
 class rsyslog::params {
   $service_name       = 'rsyslog'
-  if ($facts['os']['name'] in ['RedHat','CentOS']) and ($facts['os']['release']['major'] == '6') {
+  if ($facts['os']['name'] in ['RedHat','CentOS','OracleLinux']) and ($facts['os']['release']['major'] == '6') {
     $package_name  = 'rsyslog7'
     $read_journald = false
   }

diff --git a/manifests/server/selinux.pp b/manifests/server/selinux.pp
@@ -10,7 +10,7 @@
 class rsyslog::server::selinux {
   assert_private()
 
-  if ($facts['os']['name'] in ['RedHat','CentOS']) and ($facts['os']['release']['major'] > '6') {
+  if ($facts['os']['name'] in ['RedHat','CentOS','OracleLinux']) and ($facts['os']['release']['major'] > '6') {
     if $facts['selinux_current_mode'] and $facts['selinux_current_mode'] != 'disabled' {
       selboolean { 'nis_enabled':
         persistent => true,

diff --git a/metadata.json b/metadata.json
@@ -1,6 +1,6 @@
 {
   "name": "simp-rsyslog",
-  "version": "7.1.3",
+  "version": "7.2.0",
   "author": "SIMP Team",
   "summary": "A puppet module to support RSyslog versions 7 and higher using new style RainerScript.",
   "license": "Apache-2.0",
@@ -56,12 +56,19 @@
         "6",
         "7"
       ]
+    },
+    {
+      "operatingsystem": "OracleLinux",
+      "operatingsystemrelease": [
+        "6",
+        "7"
+      ]
     }
   ],
   "requirements": [
     {
       "name": "puppet",
-      "version_requirement": ">= 4.7.0 < 5.0.0"
+      "version_requirement": ">= 4.7.0 < 6.0.0"
     }
   ]
 }
diff --git a/spec/acceptance/nodesets/default.yml b/spec/acceptance/nodesets/default.yml
@@ -1,3 +1,10 @@
+<%
+  if ENV['BEAKER_HYPERVISOR']
+    hypervisor = ENV['BEAKER_HYPERVISOR']
+  else
+    hypervisor = 'vagrant'
+  end
+-%>
 HOSTS:
   client:
     roles:
@@ -6,26 +13,29 @@ HOSTS:
       - client
     platform:   el-7-x86_64
     box:        centos/7
-    hypervisor: vagrant
+    hypervisor: <%= hypervisor %>
   server-1:
     roles:
       - server
     platform:   el-7-x86_64
     box:        centos/7
-    hypervisor: vagrant
+    hypervisor: <%= hypervisor %>
   server-2:
     roles:
       - server
     platform:   el-6-x86_64
     box:        centos/6
-    hypervisor: vagrant
+    hypervisor: <%= hypervisor %>
   server-3:
     roles:
       - failover_server
     platform:   el-7-x86_64
     box:        centos/7
-    hypervisor: vagrant
+    hypervisor: <%= hypervisor %>
 CONFIG:
   log_level:       verbose
   type:            aio
   vagrant_memsize: 256
+<% if ENV['BEAKER_PUPPET_ENVIRONMENT'] -%>
+  puppet_environment: <%= ENV['BEAKER_PUPPET_ENVIRONMENT'] %>
+<% end -%>
diff --git a/spec/acceptance/nodesets/oel.yml b/spec/acceptance/nodesets/oel.yml
@@ -0,0 +1,41 @@
+<%
+  if ENV['BEAKER_HYPERVISOR']
+    hypervisor = ENV['BEAKER_HYPERVISOR']
+  else
+    hypervisor = 'vagrant'
+  end
+-%>
+HOSTS:
+  client:
+    roles:
+      - default
+      - master
+      - client
+    platform:   el-7-x86_64
+    box:        elastic/oel-7-x86_64
+    hypervisor: <%= hypervisor %>
+  server-1:
+    roles:
+      - server
+    platform:   el-7-x86_64
+    box:        elastic/oel-7-x86_64
+    hypervisor: <%= hypervisor %>
+  server-2:
+    roles:
+      - server
+    platform:   el-6-x86_64
+    box:        elastic/oel-6-x86_64
+    hypervisor: <%= hypervisor %>
+  server-3:
+    roles:
+      - failover_server
+    platform:   el-7-x86_64
+    box:        elastic/oel-7-x86_64
+    hypervisor: <%= hypervisor %>
+CONFIG:
+  log_level:       verbose
+  type:            aio
+  vagrant_memsize: 256
+<% if ENV['BEAKER_PUPPET_ENVIRONMENT'] -%>
+  puppet_environment: <%= ENV['BEAKER_PUPPET_ENVIRONMENT'] %>
+<% end -%>
diff --git a/spec/acceptance/suites/default/00_default_spec.rb b/spec/acceptance/suites/default/00_default_spec.rb
@@ -27,6 +27,14 @@
   let(:client){ only_host_with_role( hosts, 'client' ) }
   let(:manifest) {
     <<-EOS
+      # Turns off firewalld in EL7
+      include 'iptables'
+
+      iptables::listen::tcp_stateful { 'ssh':
+        dports       => 22,
+        trusted_nets => ['any'],
+      }
+
       class { 'rsyslog': pki  => false }
     EOS
   }
@@ -120,6 +128,23 @@ class { 'rsyslog': pki  => false }
     end
 
     it 'should collect iptables log messages in /var/log/iptables.log' do
+      # Trigger an iptables block event for the logs
+      require 'socket'
+      require 'timeout'
+
+      begin
+        Timeout::timeout(5) do
+          begin
+            s = TCPSocket.new(client.ip, 44)
+            sleep(1)
+            s.close
+          rescue Errno::ECONNREFUSED, Errno::EHOSTUNREACH
+            # This should be rejected
+          end
+        end
+      rescue Timeout::Error
+      end
+
       # kern facility messages cannot be created by a user via logger,
       # because the facility is automatically changed to user. So, the
       # only way to test this is to cause an actual iptables drop.

diff --git a/spec/acceptance/suites/default/01_client_server_no_tls_spec.rb b/spec/acceptance/suites/default/01_client_server_no_tls_spec.rb
@@ -4,21 +4,6 @@
 
 describe 'rsyslog client -> 1 server without TLS' do
 
-  before(:context) do
-    hosts.each do |host|
-      interfaces = fact_on(host, 'interfaces').strip.split(',')
-      interfaces.delete_if do |x|
-        x =~ /^lo/
-      end
-
-      interfaces.each do |iface|
-        if fact_on(host, "ipaddress_#{iface}").strip.empty?
-          on(host, "ifup #{iface}", :accept_all_exit_codes => true)
-        end
-      end
-    end
-  end
-
   let(:client){ only_host_with_role( hosts, 'client' ) }
   let(:server){ hosts_with_role( hosts, 'server' ).first }
   let(:client_fqdn){ fact_on( client, 'fqdn' ) }

diff --git a/spec/classes/init_spec.rb b/spec/classes/init_spec.rb
@@ -29,10 +29,8 @@
         context 'default parameters' do
           rsyslog_package_name = 'rsyslog'
 
-          if ['RedHat','CentOS'].include?(os_facts[:operatingsystem])
-            if os_facts[:operatingsystemmajrelease] == '6'
-              rsyslog_package_name = 'rsyslog7'
-            end
+          if os_facts[:operatingsystemmajrelease] == '6'
+            rsyslog_package_name = 'rsyslog7'
           end
 
           let(:params) {{ }}
@@ -96,12 +94,10 @@
           it { is_expected.to contain_class('rsyslog::config::logrotate') }
           it { is_expected.to contain_logrotate__rule('syslog')}
 
-          if ['RedHat','CentOS'].include?(os_facts[:operatingsystem])
-            if os_facts[:operatingsystemmajrelease].to_s < '7'
-              it { should create_file('/etc/logrotate.d/syslog').with_content(/#{file_content_6}/)}
-            else
-              it { should create_file('/etc/logrotate.d/syslog').with_content(/#{file_content_7}/)}
-            end
+          if os_facts[:operatingsystemmajrelease].to_s < '7'
+            it { should create_file('/etc/logrotate.simp.d/syslog').with_content(/#{file_content_6}/)}
+          else
+            it { should create_file('/etc/logrotate.simp.d/syslog').with_content(/#{file_content_7}/)}
           end
         end