Skip to content

Commit

Permalink
(SIMP-6212) Add function to install simp deps repo (#96)
Browse files Browse the repository at this point in the history
Added a function, install_simp_repos(), that sets up the SIMP internet
package repositories. Using this throughout acceptance tests in the
SIMP code base will allow any SIMP repo changes to be updated
in one place, should it ever change.

SIMP-6212 #comment This fix is needed for pkg-r10k tests
  • Loading branch information
jeannegreulich authored and lnemsick-simp committed Apr 11, 2019
1 parent dcaa82c commit 2ddd45d
Show file tree
Hide file tree
Showing 4 changed files with 139 additions and 31 deletions.
6 changes: 6 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,3 +1,9 @@
### 1.14.0 / 2019-04-08
* Added function, install_simp_repo, to install the simp online repos.
The repos are defined in a hash in the function. All the repos
will be configured and enabled. To disable one or more of them pass
in an array of names of the repos to disable.

### 1.13.1 / 2019-02-02
* Ensure that SUTs have an FQDN set and not just a short hostname
* Work around issue where the SSG doesn't build the STIG for CentOS any longer.
Expand Down
119 changes: 89 additions & 30 deletions lib/simp/beaker_helpers.rb
Original file line number Diff line number Diff line change
Expand Up @@ -294,7 +294,6 @@ def enable_fips_mode_on( suts = hosts )
end
end


# Collect all 'yum_repos' entries from the host nodeset.
# The acceptable format is as follows:
# yum_repos:
Expand All @@ -304,6 +303,19 @@ def enable_fips_mode_on( suts = hosts )
# - <URL to GPGKEY1>
# - <URL to GPGKEY2>
def enable_yum_repos_on( suts = hosts )
parallel = (ENV['BEAKER_SIMP_parallel'] == 'yes')
block_on(suts, :run_in_parallel => parallel) do |sut|
if sut['yum_repos']
sut['yum_repos'].each_pair do |repo, metadata|
repo_manifest = create_yum_resource( repo, metadata)

apply_manifest_on(sut, repo_manifest, :catch_failures => true)
end
end
end
end

def create_yum_resource( repo, metadata )
repo_attrs = [
:assumeyes,
:bandwidth,
Expand Down Expand Up @@ -344,38 +356,29 @@ def enable_yum_repos_on( suts = hosts )
:timeout
]

parallel = (ENV['BEAKER_SIMP_parallel'] == 'yes')
block_on(suts, :run_in_parallel => parallel) do |sut|
if sut['yum_repos']
sut['yum_repos'].each_pair do |repo, metadata|
repo_manifest = %(yumrepo { #{repo}:)

repo_manifest_opts = []

# Legacy Support
urls = !metadata[:url].nil? ? metadata[:url] : metadata[:baseurl]
if urls
repo_manifest_opts << 'baseurl => ' + '"' + Array(urls).flatten.join('\n ').gsub('$','\$') + '"'
end
repo_manifest = %(yumrepo { #{repo}:)

# Legacy Support
gpgkeys = !metadata[:gpgkeys].nil? ? metadata[:gpgkeys] : metadata[:gpgkey]
if gpgkeys
repo_manifest_opts << 'gpgkey => ' + '"' + Array(gpgkeys).flatten.join('\n ').gsub('$','\$') + '"'
end
repo_manifest_opts = []

repo_attrs.each do |attr|
if metadata[attr]
repo_manifest_opts << "#{attr} => '#{metadata[attr]}'"
end
end
# Legacy Support
urls = !metadata[:url].nil? ? metadata[:url] : metadata[:baseurl]
if urls
repo_manifest_opts << 'baseurl => ' + '"' + Array(urls).flatten.join('\n ').gsub('$','\$') + '"'
end

repo_manifest = repo_manifest + %(\n#{repo_manifest_opts.join(",\n")}) + "\n}"
# Legacy Support
gpgkeys = !metadata[:gpgkeys].nil? ? metadata[:gpgkeys] : metadata[:gpgkey]
if gpgkeys
repo_manifest_opts << 'gpgkey => ' + '"' + Array(gpgkeys).flatten.join('\n ').gsub('$','\$') + '"'
end

apply_manifest_on(sut, repo_manifest, :catch_failures => true)
repo_attrs.each do |attr|
if metadata[attr]
repo_manifest_opts << "#{attr} => '#{metadata[attr]}'"
end
end
end

repo_manifest = repo_manifest + %(\n#{repo_manifest_opts.join(",\n")}) + "\n}\n"
end

def linux_errata( sut )
Expand Down Expand Up @@ -562,7 +565,6 @@ def run_fake_pki_ca_on( ca_sut = master, suts = hosts, local_dir = '' )
end
end


# Copy a single SUT's PKI certs (with cacerts) onto an SUT.
#
# This simulates the result of pki::copy
Expand Down Expand Up @@ -656,7 +658,6 @@ def activate_interfaces(hosts)
end
end


## Inline Hiera Helpers ##
## These will be integrated into core Beaker at some point ##

Expand All @@ -681,7 +682,6 @@ def activate_interfaces(hosts)
end
end


# Writes a YAML file in the Hiera :datadir of a Beaker::Host.
#
# @note This is useless unless Hiera is configured to use the data file.
Expand Down Expand Up @@ -946,4 +946,63 @@ def install_puppet

run_puppet_install_helper(install_info[:puppet_install_type], install_info[:puppet_install_version])
end

# Configure all SIMP repos on a host and enable all but those listed in the disable list
#
# @param sut Host on which to configure SIMP repos
# @param disable List of SIMP repos to disable
# @raise if disable contains an invalid repo name.
#
# Examples:
# install_simp_repos( myhost ) # install all the repos an enable them.
# install_simp_repos( myhost, ['simp']) # install the repos but disable the simp repo.
#
# Current set of valid SIMP repo names:
# 'simp'
# 'simp_deps'
#
def install_simp_repos(sut, disable = [] )

repos = {
'simp' => {
:baseurl => 'https://packagecloud.io/simp-project/6_X/el/$releasever/$basearch',
:gpgkey => ['https://raw.githubusercontent.com/NationalSecurityAgency/SIMP/master/GPGKEYS/RPM-GPG-KEY-SIMP',
'https://download.simp-project.com/simp/GPGKEYS/RPM-GPG-KEY-SIMP-6'
],
:gpgcheck => 1,
:sslverify => 1,
:sslcacert => '/etc/pki/tls/certs/ca-bundle.crt',
:metadata_expire => 300
},
'simp_deps' => {
:baseurl => 'https://packagecloud.io/simp-project/6_X_Dependencies/el/$releasever/$basearch',
:gpgkey => ['https://raw.githubusercontent.com/NationalSecurityAgency/SIMP/master/GPGKEYS/RPM-GPG-KEY-SIMP',
'https://yum.puppet.com/RPM-GPG-KEY-puppetlabs',
'https://yum.puppet.com/RPM-GPG-KEY-puppet',
'https://apt.postgresql.org/pub/repos/yum/RPM-GPG-KEY-PGDG-96',
'https://artifacts.elastic.co/GPG-KEY-elasticsearch',
'https://grafanarel.s3.amazonaws.com/RPM-GPG-KEY-grafana',
'https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-$releasever'
],
:gpgcheck => 1,
:sslverify => 1,
:sslcacert => '/etc/pki/tls/certs/ca-bundle.crt',
:metadata_expire => 300
}
}
# Verify that the repos passed to disable are in the list of valid repos
disable.each { |d|
unless repos.has_key?(d)
raise("ERROR: install_simp_repo - disable contains invalid SIMP repo '#{d}'.")
end
}
repo_manifest = ''
repos.each { | repo, metadata|
metadata[:enabled] = disable.include?(repo) ? 0 : 1
repo_manifest << create_yum_resource(repo, metadata)
}
apply_manifest_on(sut, repo_manifest, :catch_failures => true)
end
end


2 changes: 1 addition & 1 deletion lib/simp/beaker_helpers/version.rb
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
module Simp; end

module Simp::BeakerHelpers
VERSION = '1.13.1'
VERSION = '1.14.0'
end
43 changes: 43 additions & 0 deletions spec/acceptance/suites/default/install_simp_deps_repo_spec.rb
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
require 'spec_helper_acceptance'

hosts.each do |host|
describe '#write_hieradata_to' do

it 'should install yum utils' do
host.install_package('yum-utils')
end

context 'defailt settings' do
before(:all) { install_simp_repos(host) }

it 'creates the repo' do
on host, 'test -f /etc/yum.repos.d/simp.repo'
on host, 'test -f /etc/yum.repos.d/simp_deps.repo'
end

it 'enables the correct repos' do
simp6info = on(host, '/usr/bin/yum repolist -v simp | grep ^Repo-status').stdout.strip
expect(simp6info).to match(/.*Repo-status.*enabled.*/)
simp6depsinfo = on(host, 'yum repolist -v simp_deps| grep ^Repo-status').stdout.strip
expect(simp6depsinfo).to match(/.*Repo-status.*enabled.*/)
end
end

context 'when passed a disabled list ' do
before(:all) { install_simp_repos(host, ['simp'] ) }

it 'creates the repo' do
on host, 'test -f /etc/yum.repos.d/simp.repo'
on host, 'test -f /etc/yum.repos.d/simp_deps.repo'
end

it 'enables the correct repos' do
simp6info = on(host, 'yum repolist -v simp | grep ^Repo-status').stdout.strip
expect(simp6info).to match(/.*Repo-status.*disabled.*/)
simp6depsinfo = on(host, 'yum repolist -v simp_deps| grep ^Repo-status').stdout.strip
expect(simp6depsinfo).to match(/.*Repo-status.*enabled.*/)
end
end

end
end

0 comments on commit 2ddd45d

Please sign in to comment.