From 4061d98b3355552e2ff3e7bd017b08ca31f3665a Mon Sep 17 00:00:00 2001 From: Ryan Rotter Date: Tue, 7 May 2024 09:18:36 -0400 Subject: [PATCH] Revert "upgrade puppet modules" --- .fixtures.yml | 53 ++++++++-------- manifests/exposed_port.pp | 2 +- manifests/firewall_allow.pp | 2 +- manifests/profile/dns/smartconnect.pp | 2 +- manifests/profile/dns/standard.pp | 5 +- manifests/profile/fulcrum/nginx.pp | 2 +- manifests/profile/haproxy.pp | 4 +- manifests/profile/hathitrust/rsync.pp | 2 +- manifests/profile/hathitrust/secure_rsync.pp | 2 +- manifests/profile/kubernetes/dns_server.pp | 2 +- manifests/profile/kubernetes/haproxy.pp | 2 +- manifests/profile/kubernetes/kubelet.pp | 2 +- manifests/profile/kubernetes/router.pp | 2 +- manifests/profile/letsencrypt.pp | 2 +- manifests/profile/networking/firewall.pp | 20 +++---- .../networking/firewall/http_datacenters.pp | 2 +- manifests/profile/prometheus.pp | 10 ++-- manifests/profile/prometheus/exporter/node.pp | 2 +- manifests/resolv_conf.pp | 17 ------ manifests/role/webhost/htvm/test.pp | 2 +- manifests/unison/client.pp | 2 +- metadata.json | 53 ++++++++-------- spec/classes/profile/dns/smartconnect_spec.rb | 16 +---- spec/classes/profile/dns/standard_spec.rb | 13 +--- .../profile/kubernetes/dns_server_spec.rb | 2 +- .../profile/kubernetes/haproxy_spec.rb | 4 +- .../profile/kubernetes/kubelet_spec.rb | 2 +- .../classes/profile/kubernetes/router_spec.rb | 2 +- .../profile/networking/firewall_spec.rb | 24 ++++---- .../profile/prometheus/exporter/node_spec.rb | 2 +- spec/classes/profile/prometheus_spec.rb | 6 +- spec/classes/resolv_conf_spec.rb | 60 ------------------- spec/defines/cert_spec.rb | 2 +- spec/defines/exposed_port_spec.rb | 2 +- spec/defines/firewall_allow_spec.rb | 4 +- templates/resolv_conf/resolv.conf.erb | 8 --- 36 files changed, 118 insertions(+), 221 deletions(-) delete mode 100644 manifests/resolv_conf.pp delete mode 100644 spec/classes/resolv_conf_spec.rb delete mode 100644 templates/resolv_conf/resolv.conf.erb diff --git a/.fixtures.yml b/.fixtures.yml index c289566ec..992a2710f 100644 --- a/.fixtures.yml +++ b/.fixtures.yml @@ -16,29 +16,30 @@ fixtures: apache: repo: "https://github.com/mlibrary/puppetlabs-apache" forge_modules: - rbenv: {"repo": "jdowning/rbenv", "ref": "3.0.0" } - archive: {"repo": "puppet/archive", "ref": "7.1.0" } - kmod: {"repo": "puppet/kmod", "ref": "4.0.1" } - letsencrypt: {"repo": "puppet/letsencrypt", "ref": "11.0.0"} - logrotate: {"repo": "puppet/logrotate", "ref": "7.0.2" } - nginx: {"repo": "puppet/nginx", "ref": "5.0.0" } - php: {"repo": "puppet/php", "ref": "10.1.0"} - unattended_upgrades: {"repo": "puppet/unattended_upgrades", "ref": "8.1.0" } - apt: {"repo": "puppetlabs/apt", "ref": "9.4.0" } - augeas_core: {"repo": "puppetlabs/augeas_core", "ref": "1.5.0" } - concat: {"repo": "puppetlabs/concat", "ref": "9.0.2" } - cron_core: {"repo": "puppetlabs/cron_core", "ref": "1.3.0" } - docker: {"repo": "puppetlabs/docker", "ref": "9.1.0" } - firewall: {"repo": "puppetlabs/firewall", "ref": "8.0.1" } - host_core: {"repo": "puppetlabs/host_core", "ref": "1.3.0" } - inifile: {"repo": "puppetlabs/inifile", "ref": "6.1.1" } - lvm: {"repo": "puppetlabs/lvm", "ref": "2.1.0" } - mount_core: {"repo": "puppetlabs/mount_core", "ref": "1.3.0" } - mysql: {"repo": "puppetlabs/mysql", "ref": "15.0.0"} - ntp: {"repo": "puppetlabs/ntp", "ref": "10.1.0"} - postgresql: {"repo": "puppetlabs/postgresql", "ref": "10.2.0"} - puppetdb: {"repo": "puppetlabs/puppetdb", "ref": "8.0.1" } - reboot: {"repo": "puppetlabs/reboot", "ref": "5.0.0" } - sshkeys_core: {"repo": "puppetlabs/sshkeys_core", "ref": "2.5.0" } - stdlib: {"repo": "puppetlabs/stdlib", "ref": "9.6.0" } - debconf: {"repo": "stm/debconf", "ref": "6.0.0" } + rbenv: {"repo": "jdowning/rbenv", "ref": "3.0.0"} + archive: {"repo": "puppet/archive", "ref": "7.0.0"} + kmod: {"repo": "puppet/kmod", "ref": "4.0.0"} + letsencrypt: {"repo": "puppet/letsencrypt", "ref": "10.1.0"} + logrotate: {"repo": "puppet/logrotate", "ref": "7.0.1"} # 7.0.2 updates systemd, conflicts with postgres + nginx: {"repo": "puppet/nginx", "ref": "5.0.0"} + php: {"repo": "puppet/php", "ref": "9.0.0"} + apt: {"repo": "puppetlabs/apt", "ref": "9.0.0"} # 9.0.1+ breaks, needs updated stdlib + augeas_core: {"repo": "puppetlabs/augeas_core", "ref": "1.4.0"} + concat: {"repo": "puppetlabs/concat", "ref": "7.4.0"} # held back by postgres (and in turn by puppetdb v7.13) + cron_core: {"repo": "puppetlabs/cron_core", "ref": "1.2.0"} + docker: {"repo": "puppetlabs/docker", "ref": "7.0.0"} # 8.0.0 breaks + firewall: {"repo": "puppetlabs/firewall", "ref": "3.6.0"} # 5 breaks puppetdb v7.13, 6.0.0 needs stdlib 9, 7.0.0 breaks tests + host_core: {"repo": "puppetlabs/host_core", "ref": "1.2.0"} + inifile: {"repo": "puppetlabs/inifile", "ref": "5.4.1"} # held back by puppetdb v7.13 + lvm: {"repo": "puppetlabs/lvm", "ref": "2.0.3"} + mount_core: {"repo": "puppetlabs/mount_core", "ref": "1.2.0"} + mysql: {"repo": "puppetlabs/mysql", "ref": "14.0.0"} # 15.0.0 breaks + ntp: {"repo": "puppetlabs/ntp", "ref": "10.1.0"} + postgresql: {"repo": "puppetlabs/postgresql", "ref": "8.3.0"} # 9.x blocked on puppetdb v7.13, blocks Puppet 8!? + puppetdb: {"repo": "puppetlabs/puppetdb", "ref": "7.13.0"} + reboot: {"repo": "puppetlabs/reboot", "ref": "5.0.0"} + sshkeys_core: {"repo": "puppetlabs/sshkeys_core", "ref": "2.4.0"} + stdlib: {"repo": "puppetlabs/stdlib", "ref": "8.6.0"} # ?! dragons... + resolv_conf: {"repo": "saz/resolv_conf", "ref": "5.1.0"} + debconf: {"repo": "stm/debconf", "ref": "6.0.0"} + unattended_upgrades: {"repo": "puppet/unattended_upgrades", "ref": "8.0.0"} diff --git a/manifests/exposed_port.pp b/manifests/exposed_port.pp index a8953bd3d..f44414300 100644 --- a/manifests/exposed_port.pp +++ b/manifests/exposed_port.pp @@ -66,7 +66,7 @@ dport => $port, source => $cidr['block'], state => 'NEW', - jump => 'accept', + action => 'accept', } } } diff --git a/manifests/firewall_allow.pp b/manifests/firewall_allow.pp index 36361fb7f..2a66443d4 100644 --- a/manifests/firewall_allow.pp +++ b/manifests/firewall_allow.pp @@ -76,7 +76,7 @@ dport => $port, source => $cidr, state => 'NEW', - jump => 'accept', + action => 'accept', } } } diff --git a/manifests/profile/dns/smartconnect.pp b/manifests/profile/dns/smartconnect.pp index f25088cb3..51195eccb 100644 --- a/manifests/profile/dns/smartconnect.pp +++ b/manifests/profile/dns/smartconnect.pp @@ -44,7 +44,7 @@ $nameservers = $other_ns_ips } - class { 'nebula::resolv_conf': + class { 'resolv_conf': nameservers => concat(['127.0.0.1'], $nameservers), searchpath => lookup('nebula::resolv_conf::searchpath'), require => Service['bind9'] diff --git a/manifests/profile/dns/standard.pp b/manifests/profile/dns/standard.pp index 3c888d899..bbbb0c5da 100644 --- a/manifests/profile/dns/standard.pp +++ b/manifests/profile/dns/standard.pp @@ -9,5 +9,8 @@ # @example # include nebula::profile::dns::standard class nebula::profile::dns::standard { - include nebula::resolv_conf + class { 'resolv_conf': + nameservers => lookup('nebula::resolv_conf::nameservers'), + searchpath => lookup('nebula::resolv_conf::searchpath'), + } } diff --git a/manifests/profile/fulcrum/nginx.pp b/manifests/profile/fulcrum/nginx.pp index 0c6474efe..1be068c59 100644 --- a/manifests/profile/fulcrum/nginx.pp +++ b/manifests/profile/fulcrum/nginx.pp @@ -197,6 +197,6 @@ proto => 'tcp', dport => 443, state => 'NEW', - jump => 'accept', + action => 'accept', } } diff --git a/manifests/profile/haproxy.pp b/manifests/profile/haproxy.pp index 8caf26fd1..ea3d462c9 100644 --- a/manifests/profile/haproxy.pp +++ b/manifests/profile/haproxy.pp @@ -43,7 +43,7 @@ } $services.filter |$service, $params| { - 'floating_ip' in $params + $params.has_key('floating_ip') }.each |$service, $params| { @nebula::haproxy::service { $service : cert_source => $cert_source, @@ -133,7 +133,7 @@ dport => [80, 443], source => $::ipaddress, state => 'NEW', - jump => 'accept', + action => 'accept', tag => 'haproxy' } diff --git a/manifests/profile/hathitrust/rsync.pp b/manifests/profile/hathitrust/rsync.pp index 0e13e6097..7c98a6a3e 100644 --- a/manifests/profile/hathitrust/rsync.pp +++ b/manifests/profile/hathitrust/rsync.pp @@ -48,7 +48,7 @@ dport => 873, source => $user['ip'], state => 'NEW', - jump => 'accept' + action => 'accept' } } } diff --git a/manifests/profile/hathitrust/secure_rsync.pp b/manifests/profile/hathitrust/secure_rsync.pp index b2f0b8078..1fe416ba0 100644 --- a/manifests/profile/hathitrust/secure_rsync.pp +++ b/manifests/profile/hathitrust/secure_rsync.pp @@ -69,7 +69,7 @@ source => $network['block'], src_range => $network['range'], state => 'NEW', - jump => 'accept', + action => 'accept', } } } diff --git a/manifests/profile/kubernetes/dns_server.pp b/manifests/profile/kubernetes/dns_server.pp index ffc49fbac..a5f595067 100644 --- a/manifests/profile/kubernetes/dns_server.pp +++ b/manifests/profile/kubernetes/dns_server.pp @@ -76,7 +76,7 @@ dport => 53, source => $node_cidr, state => 'NEW', - jump => 'accept', + action => 'accept', ; '200 Nameserver (TCP)': diff --git a/manifests/profile/kubernetes/haproxy.pp b/manifests/profile/kubernetes/haproxy.pp index 3fbcd869c..ecdc5e4d8 100644 --- a/manifests/profile/kubernetes/haproxy.pp +++ b/manifests/profile/kubernetes/haproxy.pp @@ -52,7 +52,7 @@ default: proto => 'tcp', state => 'NEW', - jump => 'accept', + action => 'accept', ; '200 private api': diff --git a/manifests/profile/kubernetes/kubelet.pp b/manifests/profile/kubernetes/kubelet.pp index 1093b6dca..243e2c022 100644 --- a/manifests/profile/kubernetes/kubelet.pp +++ b/manifests/profile/kubernetes/kubelet.pp @@ -49,7 +49,7 @@ proto => 'tcp', source => $node_cidr, state => 'NEW', - jump => 'accept', + action => 'accept', ; '200 Cluster ssh': diff --git a/manifests/profile/kubernetes/router.pp b/manifests/profile/kubernetes/router.pp index 62a76b400..af60aec88 100644 --- a/manifests/profile/kubernetes/router.pp +++ b/manifests/profile/kubernetes/router.pp @@ -20,7 +20,7 @@ firewall { '001 Do not NAT internal requests': table => 'nat', chain => 'POSTROUTING', - jump => 'accept', + action => 'accept', proto => 'all', source => $node_cidr, destination => $node_cidr, diff --git a/manifests/profile/letsencrypt.pp b/manifests/profile/letsencrypt.pp index 74caf94cc..c6777af05 100644 --- a/manifests/profile/letsencrypt.pp +++ b/manifests/profile/letsencrypt.pp @@ -22,6 +22,6 @@ proto => 'tcp', dport => 80, state => 'NEW', - jump => 'accept', + action => 'accept', } } diff --git a/manifests/profile/networking/firewall.pp b/manifests/profile/networking/firewall.pp index a7461259c..f8cff0dd1 100644 --- a/manifests/profile/networking/firewall.pp +++ b/manifests/profile/networking/firewall.pp @@ -138,7 +138,7 @@ $firewall_defaults = { proto => 'tcp', state => 'NEW', - jump => 'accept' + action => 'accept' } create_resources(firewall,$rules,$firewall_defaults) @@ -148,18 +148,18 @@ firewall { '001 accept related established rules': proto => 'all', state => ['RELATED', 'ESTABLISHED'], - jump => 'accept', + action => 'accept', } firewall { '001 accept all to lo interface': proto => 'all', iniface => 'lo', - jump => 'accept', + action => 'accept', } firewall { '999 drop all': proto => 'all', - jump => 'drop', + action => 'drop', before => undef, } @@ -167,22 +167,22 @@ firewall { '001 accept related established rules (v6)': proto => 'all', state => ['RELATED', 'ESTABLISHED'], - jump => 'accept', - protocol => 'ip6tables', + action => 'accept', + provider => 'ip6tables', } firewall { '001 accept all to lo interface (v6)': proto => 'all', iniface => 'lo', - jump => 'accept', - protocol => 'ip6tables', + action => 'accept', + provider => 'ip6tables', } firewall { '999 drop all (v6)': proto => 'all', - jump => 'drop', + action => 'drop', before => undef, - protocol => 'ip6tables', + provider => 'ip6tables', } } diff --git a/manifests/profile/networking/firewall/http_datacenters.pp b/manifests/profile/networking/firewall/http_datacenters.pp index 005d148c4..1a3f3488c 100644 --- a/manifests/profile/networking/firewall/http_datacenters.pp +++ b/manifests/profile/networking/firewall/http_datacenters.pp @@ -16,7 +16,7 @@ proto => 'tcp', dport => [80, 443], state => 'NEW', - jump => 'accept' + action => 'accept' } $networks.flatten.each |$network| { diff --git a/manifests/profile/prometheus.pp b/manifests/profile/prometheus.pp index 9a97d3003..5269496af 100644 --- a/manifests/profile/prometheus.pp +++ b/manifests/profile/prometheus.pp @@ -153,7 +153,7 @@ dport => 9100, source => $::ipaddress, state => 'NEW', - jump => 'accept', + action => 'accept', } case $facts["mlibrary_ip_addresses"] { @@ -194,7 +194,7 @@ proto => 'tcp', source => $address, state => 'NEW', - jump => 'accept', + action => 'accept', ; "010 prometheus public node exporter ${::hostname} ${address}": @@ -215,7 +215,7 @@ proto => 'tcp', source => $address, state => 'NEW', - jump => 'accept', + action => 'accept', ; "010 prometheus private node exporter ${::hostname} ${address}": @@ -236,7 +236,7 @@ dport => 9101, source => $::ipaddress, state => 'NEW', - jump => 'accept', + action => 'accept', } @@firewall { "010 prometheus mysql exporter ${::hostname}": @@ -245,7 +245,7 @@ dport => 9104, source => $::ipaddress, state => 'NEW', - jump => 'accept', + action => 'accept', } Firewall <<| tag == "${::datacenter}_pushgateway_node" |>> diff --git a/manifests/profile/prometheus/exporter/node.pp b/manifests/profile/prometheus/exporter/node.pp index 06c23ee8e..b637f7cf8 100644 --- a/manifests/profile/prometheus/exporter/node.pp +++ b/manifests/profile/prometheus/exporter/node.pp @@ -154,7 +154,7 @@ dport => 9091, source => $address, state => 'NEW', - jump => 'accept', + action => 'accept', } } diff --git a/manifests/resolv_conf.pp b/manifests/resolv_conf.pp deleted file mode 100644 index 07025a586..000000000 --- a/manifests/resolv_conf.pp +++ /dev/null @@ -1,17 +0,0 @@ -class nebula::resolv_conf ( - Array[String] $nameservers, - Array[String] $searchpath = [], - String $mode = '0644', -){ - # replicate behavior of saz/resolv_conf for Debian based OS - package { 'resolvconf': - ensure => absent - } - - file { '/etc/resolv.conf': - owner => 'root', - group => 'root', - mode => $mode, - content => template("nebula/resolv_conf/resolv.conf.erb"), - } -} diff --git a/manifests/role/webhost/htvm/test.pp b/manifests/role/webhost/htvm/test.pp index acef2bb33..740a3a6bf 100644 --- a/manifests/role/webhost/htvm/test.pp +++ b/manifests/role/webhost/htvm/test.pp @@ -13,7 +13,7 @@ dport => [80,443], source => $network['block'], state => 'NEW', - jump => 'accept', + action => 'accept', } } diff --git a/manifests/unison/client.pp b/manifests/unison/client.pp index af0cd36db..3d23f7f7d 100644 --- a/manifests/unison/client.pp +++ b/manifests/unison/client.pp @@ -39,7 +39,7 @@ dport => [$port], source => $::ipaddress, state => 'NEW', - jump => 'accept', + action => 'accept', tag => "unison-client-${title}" } diff --git a/metadata.json b/metadata.json index 15879fb85..ae60ff530 100644 --- a/metadata.json +++ b/metadata.json @@ -7,32 +7,33 @@ "source": "https://github.com/mlibrary/nebula", "issues_url": "https://github.com/mlibrary/nebula/issues", "dependencies": [ - {"name": "jdowning/rbenv", "version_requirement": ">= 3.0.0 < 4.0.0" }, - {"name": "puppet/archive", "version_requirement": ">= 7.1.0 < 8.0.0" }, - {"name": "puppet/kmod", "version_requirement": ">= 4.0.1 < 5.0.0" }, - {"name": "puppet/letsencrypt", "version_requirement": ">= 11.0.0 < 12.0.0"}, - {"name": "puppet/logrotate", "version_requirement": ">= 7.0.2 < 8.0.0" }, - {"name": "puppet/nginx", "version_requirement": ">= 5.0.0 < 6.0.0" }, - {"name": "puppet/php", "version_requirement": ">= 10.1.0 < 11.0.0"}, - {"name": "puppet/unattended_upgrades", "version_requirement": ">= 8.1.0 < 9.0.0" }, - {"name": "puppetlabs/apt", "version_requirement": ">= 9.4.0 < 10.0.0"}, - {"name": "puppetlabs/augeas_core", "version_requirement": ">= 1.5.0 < 2.0.0" }, - {"name": "puppetlabs/concat", "version_requirement": ">= 9.0.2 < 10.0.0"}, - {"name": "puppetlabs/cron_core", "version_requirement": ">= 1.3.0 < 2.0.0" }, - {"name": "puppetlabs/docker", "version_requirement": ">= 9.1.0 < 10.0.0"}, - {"name": "puppetlabs/firewall", "version_requirement": ">= 8.0.1 < 9.0.0" }, - {"name": "puppetlabs/host_core", "version_requirement": ">= 1.3.0 < 2.0.0" }, - {"name": "puppetlabs/inifile", "version_requirement": ">= 6.1.1 < 7.0.0" }, - {"name": "puppetlabs/lvm", "version_requirement": ">= 2.1.0 < 3.0.0" }, - {"name": "puppetlabs/mount_core", "version_requirement": ">= 1.3.0 < 2.0.0" }, - {"name": "puppetlabs/mysql", "version_requirement": ">= 15.0.0 < 16.0.0"}, - {"name": "puppetlabs/ntp", "version_requirement": ">= 10.1.0 < 11.0.0"}, - {"name": "puppetlabs/postgresql", "version_requirement": ">= 10.2.0 < 11.0.0"}, - {"name": "puppetlabs/puppetdb", "version_requirement": ">= 8.0.1 < 9.0.0" }, - {"name": "puppetlabs/reboot", "version_requirement": ">= 5.0.0 < 6.0.0" }, - {"name": "puppetlabs/sshkeys_core", "version_requirement": ">= 2.5.0 < 3.0.0" }, - {"name": "puppetlabs/stdlib", "version_requirement": ">= 9.6.0 < 10.0.0"}, - {"name": "stm/debconf", "version_requirement": ">= 6.0.0 < 7.0.0" } + {"name": "jdowning/rbenv", "version_requirement": ">= 3.0.0 < 4.0.0"}, + {"name": "puppet/archive", "version_requirement": ">= 7.0.0 < 8.0.0"}, + {"name": "puppet/kmod", "version_requirement": ">= 4.0.0 < 5.0.0"}, + {"name": "puppet/letsencrypt", "version_requirement": ">= 10.1.0 < 11.0.0"}, + {"name": "puppet/logrotate", "version_requirement": "7.0.1"}, + {"name": "puppet/nginx", "version_requirement": ">= 5.0.0 < 6.0.0"}, + {"name": "puppet/php", "version_requirement": ">= 9.0.0 < 10.0.0"}, + {"name": "puppet/unattended_upgrades", "version_requirement": ">= 8.0.0 < 9.0.0"}, + {"name": "puppetlabs/apt", "version_requirement": "9.0.0"}, + {"name": "puppetlabs/augeas_core", "version_requirement": ">= 1.4.0 < 2.0.0"}, + {"name": "puppetlabs/concat", "version_requirement": ">= 7.4.0 < 8.0.0"}, + {"name": "puppetlabs/cron_core", "version_requirement": ">= 1.2.0 < 2.0.0"}, + {"name": "puppetlabs/docker", "version_requirement": ">= 7.0.0 < 8.0.0"}, + {"name": "puppetlabs/firewall", "version_requirement": "3.6.0"}, + {"name": "puppetlabs/host_core", "version_requirement": ">= 1.2.0 < 2.0.0"}, + {"name": "puppetlabs/inifile", "version_requirement": ">= 5.4.1 < 6.0.0"}, + {"name": "puppetlabs/lvm", "version_requirement": ">= 2.0.3 < 3.0.0"}, + {"name": "puppetlabs/mount_core", "version_requirement": ">= 1.2.0 < 2.0.0"}, + {"name": "puppetlabs/mysql", "version_requirement": ">= 14.0.0 < 15.0.0"}, + {"name": "puppetlabs/ntp", "version_requirement": ">= 10.1.0 < 11.0.0"}, + {"name": "puppetlabs/postgresql", "version_requirement": "8.3.0"}, + {"name": "puppetlabs/puppetdb", "version_requirement": ">= 7.13.0 < 8.0.0"}, + {"name": "puppetlabs/reboot", "version_requirement": ">= 5.0.0 < 6.0.0"}, + {"name": "puppetlabs/sshkeys_core", "version_requirement": ">= 2.4.0 < 3.0.0"}, + {"name": "puppetlabs/stdlib", "version_requirement": "8.6.0"}, + {"name": "saz/resolv_conf", "version_requirement": ">= 5.1.0 < 6.0.0"}, + {"name": "stm/debconf", "version_requirement": ">= 6.0.0 < 7.0.0"} ], "operatingsystem_support": [ { diff --git a/spec/classes/profile/dns/smartconnect_spec.rb b/spec/classes/profile/dns/smartconnect_spec.rb index 1b36c1307..51c483217 100644 --- a/spec/classes/profile/dns/smartconnect_spec.rb +++ b/spec/classes/profile/dns/smartconnect_spec.rb @@ -21,7 +21,7 @@ end it do - is_expected.to contain_class('nebula::resolv_conf').with_nameservers( + is_expected.to contain_class('resolv_conf').with_nameservers( [ '127.0.0.1', # localhost '5.5.5.5', # nebula::resolv_conf::nameservers[0] @@ -31,18 +31,6 @@ .with_require('Service[bind9]') end - it 'removes resolvconf package if present' do - is_expected.to contain_package('resolvconf').with_ensure('absent') - end - it 'contains expected resolv.conf file' do - is_expected.to contain_file('/etc/resolv.conf') - .with_content(/^#.*puppet/) - .with_content(/^search searchpath\.default\.invalid$/) - .with_content(/^nameserver 127.0.0.1$/) - .with_content(/^nameserver 5.5.5.5$/) - .with_content(/^nameserver 4.4.4.4$/) - end - [ '/etc/bind/named.conf', '/etc/bind/named.conf.local', @@ -79,7 +67,7 @@ let(:params) { { other_ns_ips: ['3.3.3.3', '2.2.2.2', '1.1.1.1'] } } it do - is_expected.to contain_class('nebula::resolv_conf').with_nameservers( + is_expected.to contain_class('resolv_conf').with_nameservers( [ '127.0.0.1', '3.3.3.3', diff --git a/spec/classes/profile/dns/standard_spec.rb b/spec/classes/profile/dns/standard_spec.rb index 41258e375..dbd8bd278 100644 --- a/spec/classes/profile/dns/standard_spec.rb +++ b/spec/classes/profile/dns/standard_spec.rb @@ -11,21 +11,10 @@ let(:facts) { os_facts } it do - is_expected.to contain_class('nebula::resolv_conf').with_nameservers( + is_expected.to contain_class('resolv_conf').with_nameservers( ['5.5.5.5', '4.4.4.4'], ).with_searchpath(['searchpath.default.invalid']) end - - it 'removes resolvconf package if present' do - is_expected.to contain_package('resolvconf').with_ensure('absent') - end - it 'contains expected resolv.conf file' do - is_expected.to contain_file('/etc/resolv.conf') - .with_content(/^#.*puppet/) - .with_content(/^search searchpath\.default\.invalid$/) - .with_content(/^nameserver 5.5.5.5$/) - .with_content(/^nameserver 4.4.4.4$/) - end end end end diff --git a/spec/classes/profile/kubernetes/dns_server_spec.rb b/spec/classes/profile/kubernetes/dns_server_spec.rb index 4de6bb098..bd5f3f910 100644 --- a/spec/classes/profile/kubernetes/dns_server_spec.rb +++ b/spec/classes/profile/kubernetes/dns_server_spec.rb @@ -36,7 +36,7 @@ .with_dport(53) .with_source('172.28.0.0/14') .with_state('NEW') - .with_jump('accept') + .with_action('accept') end end diff --git a/spec/classes/profile/kubernetes/haproxy_spec.rb b/spec/classes/profile/kubernetes/haproxy_spec.rb index 8f4ce4601..421a33eec 100644 --- a/spec/classes/profile/kubernetes/haproxy_spec.rb +++ b/spec/classes/profile/kubernetes/haproxy_spec.rb @@ -66,7 +66,7 @@ is_expected.to contain_firewall("200 public #{service}") .with_proto('tcp') .with_state('NEW') - .with_jump('accept') + .with_action('accept') .with_dport(port) .without_source end @@ -81,7 +81,7 @@ is_expected.to contain_firewall("200 private #{service}") .with_proto('tcp') .with_state('NEW') - .with_jump('accept') + .with_action('accept') .with_dport(port) .with_source('172.28.0.0/14') end diff --git a/spec/classes/profile/kubernetes/kubelet_spec.rb b/spec/classes/profile/kubernetes/kubelet_spec.rb index df6a38d62..eedb8ba36 100644 --- a/spec/classes/profile/kubernetes/kubelet_spec.rb +++ b/spec/classes/profile/kubernetes/kubelet_spec.rb @@ -102,7 +102,7 @@ .with_dport(ports) .with_source('172.28.0.0/14') .with_state('NEW') - .with_jump('accept') + .with_action('accept') end end end diff --git a/spec/classes/profile/kubernetes/router_spec.rb b/spec/classes/profile/kubernetes/router_spec.rb index 6bc82563e..330bb02b6 100644 --- a/spec/classes/profile/kubernetes/router_spec.rb +++ b/spec/classes/profile/kubernetes/router_spec.rb @@ -23,7 +23,7 @@ is_expected.to contain_firewall('001 Do not NAT internal requests') .with_table('nat') .with_chain('POSTROUTING') - .with_jump('accept') + .with_action('accept') .with_proto('all') .with_source('172.28.0.0/14') .with_destination('172.28.0.0/14') diff --git a/spec/classes/profile/networking/firewall_spec.rb b/spec/classes/profile/networking/firewall_spec.rb index 6e7b60762..f21775131 100644 --- a/spec/classes/profile/networking/firewall_spec.rb +++ b/spec/classes/profile/networking/firewall_spec.rb @@ -16,7 +16,7 @@ is_expected.to contain_firewall('001 accept related established rules').with( proto: 'all', state: %w[RELATED ESTABLISHED], - jump: 'accept', + action: 'accept', ) end @@ -24,8 +24,8 @@ is_expected.to contain_firewall('001 accept related established rules (v6)').with( proto: 'all', state: %w[RELATED ESTABLISHED], - jump: 'accept', - protocol: 'ip6tables', + action: 'accept', + provider: 'ip6tables', ) end @@ -33,7 +33,7 @@ is_expected.to contain_firewall('001 accept all to lo interface').with( proto: 'all', iniface: 'lo', - jump: 'accept', + action: 'accept', ) end @@ -41,8 +41,8 @@ is_expected.to contain_firewall('001 accept all to lo interface (v6)').with( proto: 'all', iniface: 'lo', - jump: 'accept', - protocol: 'ip6tables', + action: 'accept', + provider: 'ip6tables', ) end @@ -53,7 +53,7 @@ dport: %w[8081 8082], source: '10.2.3.4', state: 'NEW', - jump: 'accept', + action: 'accept', ) end @@ -63,7 +63,7 @@ dport: 123, source: '10.4.5.6', state: 'NEW', - jump: 'accept', + action: 'accept', ) end @@ -77,7 +77,7 @@ toports: '1234', ) is_expected.not_to contain_firewall('900 port forwarding: an advanced rule').with( - jump: 'accept', + action: 'accept', state: 'NEW', ) end @@ -85,15 +85,15 @@ it do is_expected.to contain_firewall('999 drop all').with( proto: 'all', - jump: 'drop', + action: 'drop', ) end it do is_expected.to contain_firewall('999 drop all (v6)').with( proto: 'all', - jump: 'drop', - protocol: 'ip6tables', + action: 'drop', + provider: 'ip6tables', ) end diff --git a/spec/classes/profile/prometheus/exporter/node_spec.rb b/spec/classes/profile/prometheus/exporter/node_spec.rb index 77b5848f8..91c1a78d8 100644 --- a/spec/classes/profile/prometheus/exporter/node_spec.rb +++ b/spec/classes/profile/prometheus/exporter/node_spec.rb @@ -110,7 +110,7 @@ .with_dport(9091) .with_source(facts[:ipaddress]) .with_state('NEW') - .with_jump('accept') + .with_action('accept') end context 'with both public and private mlibrary_ip_addresses' do diff --git a/spec/classes/profile/prometheus_spec.rb b/spec/classes/profile/prometheus_spec.rb index 9983c6bc9..39ed4e7e4 100644 --- a/spec/classes/profile/prometheus_spec.rb +++ b/spec/classes/profile/prometheus_spec.rb @@ -180,7 +180,7 @@ .with_dport(port) .with_source(facts[:ipaddress]) .with_state('NEW') - .with_jump('accept') + .with_action('accept') end end @@ -191,7 +191,7 @@ .with_dport(9100) .with_source(facts[:ipaddress]) .with_state('NEW') - .with_jump('accept') + .with_action('accept') end context 'with no mlibrary_ip_addresses fact' do @@ -337,7 +337,7 @@ .with_dport(port) .with_source(ip_address) .with_state('NEW') - .with_jump('accept') + .with_action('accept') end end end diff --git a/spec/classes/resolv_conf_spec.rb b/spec/classes/resolv_conf_spec.rb deleted file mode 100644 index 4ae86b25e..000000000 --- a/spec/classes/resolv_conf_spec.rb +++ /dev/null @@ -1,60 +0,0 @@ -# frozen_string_literal: true - -require 'spec_helper' - -describe 'nebula::resolv_conf' do - on_supported_os.each do |os, os_facts| - context "on #{os}" do - let(:facts) { os_facts } - - it { is_expected.to compile } - - it 'removes resolvconf package if present' do - is_expected.to contain_package('resolvconf').with_ensure('absent') - end - - it 'contains expected resolv.conf file' do - is_expected.to contain_file('/etc/resolv.conf') - .with_owner('root') - .with_group('root') - .with_mode('0644') - .with_content(/^#.*puppet/) - .with_content(/^search searchpath\.default\.invalid$/) - .with_content(/^nameserver 5.5.5.5\nnameserver 4.4.4.4$/) - end - - context 'different nameservers' do - let(:params) { { nameservers: ['3.3.3.3', '2.2.2.2', '1.1.1.1'] } } - - it do - is_expected.to contain_file('/etc/resolv.conf') - .with_content(/^#.*puppet/) - .with_content(/^search searchpath\.default\.invalid$/) - .with_content(/^nameserver 3.3.3.3\nnameserver 2.2.2.2\nnameserver 1.1.1.1$/) - end - end - - context 'searchpath set to []' do - let(:params) { { searchpath: [] } } - - it do - is_expected.to contain_file('/etc/resolv.conf') - .with_content(/^#.*puppet/) - .without_content(/^search/) - .with_content(/^nameserver 5.5.5.5\nnameserver 4.4.4.4$/) - end - end - - context 'custom file mode' do - let(:params) { { mode: '0664' } } - - it do - is_expected.to contain_file('/etc/resolv.conf') - .with_content(/^#.*puppet/) - .with_mode('0664') - end - end - - end - end -end diff --git a/spec/defines/cert_spec.rb b/spec/defines/cert_spec.rb index ea2e09a0e..061d11e53 100644 --- a/spec/defines/cert_spec.rb +++ b/spec/defines/cert_spec.rb @@ -28,7 +28,7 @@ .with_proto('tcp') .with_dport(80) .with_state('NEW') - .with_jump('accept') + .with_action('accept') end context 'and with additional_domains set to sub.example.invalid' do diff --git a/spec/defines/exposed_port_spec.rb b/spec/defines/exposed_port_spec.rb index 123d6a06d..1e0f53c3b 100644 --- a/spec/defines/exposed_port_spec.rb +++ b/spec/defines/exposed_port_spec.rb @@ -23,7 +23,7 @@ dport: 22, source: '10.0.0.0/16', state: 'NEW', - jump: 'accept', + action: 'accept', ) end diff --git a/spec/defines/firewall_allow_spec.rb b/spec/defines/firewall_allow_spec.rb index aa0594bb5..0814166e6 100644 --- a/spec/defines/firewall_allow_spec.rb +++ b/spec/defines/firewall_allow_spec.rb @@ -23,7 +23,7 @@ dport: 1234, source: '10.0.0.0/32', state: 'NEW', - jump: 'accept', + action: 'accept', ) end @@ -59,7 +59,7 @@ dport: [123, 456, 789], source: '10.255.255.255/32', state: 'NEW', - jump: 'accept', + action: 'accept', ) end end diff --git a/templates/resolv_conf/resolv.conf.erb b/templates/resolv_conf/resolv.conf.erb deleted file mode 100644 index 20513feb4..000000000 --- a/templates/resolv_conf/resolv.conf.erb +++ /dev/null @@ -1,8 +0,0 @@ -# Managed by puppet (nebula/resolv_conf/resolv.conf.erb) - -<% if !@searchpath.empty? -%> -search <%= @searchpath.join(" ") %> -<% end -%> -<% @nameservers.each do |ns| -%> -nameserver <%= ns %> -<% end -%>