Skip to content

Commit

Permalink
Refs #6736: Updates to standard layout and basic test.
Browse files Browse the repository at this point in the history
  • Loading branch information
ehelms committed Sep 2, 2014
1 parent d3dd35c commit c562378
Show file tree
Hide file tree
Showing 24 changed files with 379 additions and 101 deletions.
7 changes: 7 additions & 0 deletions .fixtures.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
fixtures:
repositories:
stdlib: "git://github.com/puppetlabs/puppetlabs-stdlib.git"
foreman: "git://github.com/theforeman/puppet-foreman.git"
common: "git://github.com/katello/puppet-common.git"
symlinks:
certs: "#{source_dir}"
2 changes: 0 additions & 2 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -1,8 +1,6 @@
.vagrant
*.swp
*.swo
*.swm
*.swn

.bundle
vendor/
Expand Down
30 changes: 28 additions & 2 deletions .travis.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,31 @@
---
language: ruby
bundler_args: --without development
before_install: rm Gemfile.lock || true
rvm:
- 1.8.7
- 1.9.3
script:
- rake lint
- 2.0.0
- 2.1.0
script: bundle exec rake test
env:
- PUPPET_VERSION="~> 2.7.0"
- PUPPET_VERSION="~> 3.2.0"
- PUPPET_VERSION="~> 3.3.0"
- PUPPET_VERSION="~> 3.4.0"
- PUPPET_VERSION="~> 3.5.0"
- PUPPET_VERSION="~> 3.6.0"
matrix:
exclude:
- rvm: 1.9.3
env: PUPPET_VERSION="~> 2.7.0"
- rvm: 2.0.0
env: PUPPET_VERSION="~> 2.7.0"
- rvm: 2.1.0
env: PUPPET_VERSION="~> 2.7.0"
- rvm: 2.1.0
env: PUPPET_VERSION="~> 3.2.0"
- rvm: 2.1.0
env: PUPPET_VERSION="~> 3.3.0"
- rvm: 2.1.0
env: PUPPET_VERSION="~> 3.4.0"
1 change: 1 addition & 0 deletions CHANGELOG
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
2014-07-27 Release 0.1.0
87 changes: 87 additions & 0 deletions CONTRIBUTING.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,87 @@
This module has grown over time based on a range of contributions from
people using it. If you follow these contributing guidelines your patch
will likely make it into a release a little quicker.


## Contributing

1. Fork the repo.

2. Run the tests. We only take pull requests with passing tests, and
it's great to know that you have a clean slate

3. Add a test for your change. Only refactoring and documentation
changes require no new tests. If you are adding functionality
or fixing a bug, please add a test.

4. Make the test pass.

5. Open an issue here - http://projects.theforeman.org/projects/katello/issues/new

6. Ensure commit message begins with 'Fixes #<redmine_issue_number>'

5. Push to your fork andaa submit a pull request.


## Dependencies

The testing and development tools have a bunch of dependencies,
all managed by [bundler](http://bundler.io/) according to the
[Puppet support matrix](http://docs.puppetlabs.com/guides/platforms.html#ruby-versions).

By default the tests use a baseline version of Puppet.

If you have Ruby 2.x or want a specific version of Puppet,
you must set an environment variable such as:

export PUPPET_VERSION="~> 3.2.0"

Install the dependencies like so...

bundle install

## Syntax and style

The test suite will run [Puppet Lint](http://puppet-lint.com/) and
[Puppet Syntax](https://github.com/gds-operations/puppet-syntax) to
check various syntax and style things. You can run these locally with:

bundle exec rake lint
bundle exec rake syntax

## Running the unit tests

The unit test suite covers most of the code, as mentioned above please
add tests if you're adding new functionality. If you've not used
[rspec-puppet](http://rspec-puppet.com/) before then feel free to ask
about how best to test your new feature. Running the test suite is done
with:

bundle exec rake spec

Note also you can run the syntax, style and unit tests in one go with:

bundle exec rake test

## Integration tests

The unit tests just check the code runs, not that it does exactly what
we want on a real machine. For that we're using
[beaker](https://github.com/puppetlabs/beaker).

This fires up a new virtual machine (using vagrant) and runs a series of
simple tests against it after applying the module. You can run this
with:

bundle exec rake acceptance

This will run the tests on an Ubuntu 12.04 virtual machine. You can also
run the integration tests against Centos 6.5 with.

RS_SET=centos-64-x64 bundle exec rake acceptances

If you don't want to have to recreate the virtual machine every time you
can use `BEAKER_DESTROY=no` and `BEAKER_PROVISION=no`. On the first run you will
at least need `BEAKER_PROVISION` set to yes (the default). The Vagrantfile
for the created virtual machines will be in `.vagrant/beaker_vagrant_fies`.

7 changes: 7 additions & 0 deletions CONTRIBUTORS
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
Ivan Necas @iNecas
Eric D Helms @ehelms
Justin Sherrill @jlsherrill
Dustin Tsang @dustint-rh
Jason Montleon @jmontleon
Alex Wood @awood
Og Maciel @omaciel
25 changes: 17 additions & 8 deletions Gemfile
Original file line number Diff line number Diff line change
@@ -1,11 +1,20 @@
source 'https://rubygems.org'
source "https://rubygems.org"

if ENV.key?('PUPPET_VERSION')
puppetversion = "~> #{ENV['PUPPET_VERSION']}"
else
puppetversion = ['>= 2.6']
group :test do
gem "rake"
gem "puppet", ENV['PUPPET_VERSION'] || '~> 3.4.0'
gem "puppet-lint"
gem "rspec-puppet", :git => 'https://github.com/rodjek/rspec-puppet.git'
gem "puppet-syntax"
gem "puppetlabs_spec_helper"
end

gem 'rake'
gem 'puppet', puppetversion
gem 'puppet-lint', '~> 0.3.2'
group :development do
gem "travis"
gem "travis-lint"
gem "beaker"
gem "beaker-rspec"
gem "vagrant-wrapper"
gem "puppet-blacksmith"
gem "guard-rake"
end
22 changes: 22 additions & 0 deletions Modulefile
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
name 'katello-certs'
version '0.1.0'
source 'https://github.com/Katello/puppet-katello.git'
author 'katello'
license 'GPLv3+'
summary 'Handles deploying Katello+Foreman production server.'
description 'Handles deploying Katello+Foreman production server.'
project_page 'https://github.com/Katello/puppet-katello'

dependency 'puppetlabs/stdlib', '>= 4.2.0'
dependency 'puppetlabs/apache', '>= 1.0.0 < 2.0.0'
dependency 'puppetlabs/postgresql', '>= 3.0.0'
dependency 'puppetlabs/mongodb'
dependency 'theforeman/foreman', '>= 1.5.0'
dependency 'theforeman/concat_native', '>= 1.3.0'
dependency 'katello/certs', '>= 0.1.0'
dependency 'katello/katello', '>= 0.1.0'
dependency 'katello/common', '>= 0.1.0'
dependency 'katello/candlepin', '>= 0.1.0'
dependency 'katello/pulp', '>= 0.1.0'
dependency 'katello/qpid', '>= 0.1.0'
dependency 'katello/elasticsearch', '>= 0.1.0'
41 changes: 41 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
####Table of Contents

1. [Overview](#overview)
2. [Setup - The basics of getting started with certs](#setup)
* [What certs affects](#what-certs-affects)
* [Setup requirements](#setup-requirements)
* [Beginning with certs](#beginning-with-certs)
3. [Usage - Configuration options and additional functionality](#usage)
4. [Reference - An under-the-hood peek at what the module is doing and how](#reference)
5. [Limitations - OS compatibility, etc.](#limitations)
6. [Development - Guide for contributing to the module](#development)

##Overview

This module handles creating and deploying certificates based on a central CA.

##Setup

###What certs affects

* Installs and deploys a CA
* Deploys certificates generated from the CA

###Beginning with certs

The very basic steps needed for a user to get the module up and running.

If your most recent release breaks compatibility or requires particular steps for upgrading, you may wish to include an additional section here: Upgrading (For an example, see http://forge.puppetlabs.com/puppetlabs/firewall).

##Usage

##Reference

##Limitations

* EL6 (RHEL6 / CentOS 6)

##Development

See the CONTRIBUTING guide for steps on how to make a change and get it accepted upstream.

42 changes: 38 additions & 4 deletions Rakefile
Original file line number Diff line number Diff line change
@@ -1,8 +1,42 @@
require 'puppetlabs_spec_helper/rake_tasks'
require 'puppet-lint/tasks/puppet-lint'
require 'puppet-syntax/tasks/puppet-syntax'

# These two gems aren't always present, for instance
# on Travis with --without development
begin
require 'puppet_blacksmith/rake_tasks'
rescue LoadError
end

PuppetLint.configuration.log_format = '%{path}:%{linenumber}:%{KIND}: %{message}'
PuppetLint.configuration.fail_on_warnings = true
PuppetLint.configuration.send("disable_class_inherits_from_params_class")
PuppetLint.configuration.send("disable_80chars")
PuppetLint.configuration.log_format = "%{path}:%{linenumber}:%{check}:%{KIND}:%{message}"
PuppetLint.configuration.fail_on_warnings = true

# Forsake support for Puppet 2.6.2 for the benefit of cleaner code.
# http://puppet-lint.com/checks/class_parameter_defaults/
PuppetLint.configuration.send('disable_class_parameter_defaults')
# http://puppet-lint.com/checks/class_inherits_from_params_class/
PuppetLint.configuration.send('disable_class_inherits_from_params_class')
# http://puppet-lint.com/checks/autoloader_layout/
PuppetLint.configuration.send('disable_autoloader_layout')

exclude_paths = [
"pkg/**/*",
"vendor/**/*",
"spec/**/*",
]
PuppetLint.configuration.ignore_paths = exclude_paths
PuppetSyntax.exclude_paths = exclude_paths

desc "Run acceptance tests"
RSpec::Core::RakeTask.new(:acceptance) do |t|
t.pattern = 'spec/acceptance'
end

task :default => [:lint]
desc "Run syntax, lint, and spec tests."
task :test => [
:syntax,
:lint,
:spec,
]
22 changes: 11 additions & 11 deletions manifests/apache.pp
Original file line number Diff line number Diff line change
Expand Up @@ -13,14 +13,14 @@

if $::certs::server_cert {
cert { $apache_cert_name:
ensure => present,
hostname => $hostname,
generate => $generate,
deploy => $deploy,
regenerate => $regenerate,
custom_pubkey => $::certs::server_cert,
custom_privkey => $::certs::server_key,
custom_req => $::certs::server_cert_req,
ensure => present,
hostname => $hostname,
generate => $generate,
deploy => $deploy,
regenerate => $regenerate,
custom_pubkey => $::certs::server_cert,
custom_privkey => $::certs::server_key,
custom_req => $::certs::server_cert_req,
}
} else {
cert { $apache_cert_name:
Expand Down Expand Up @@ -51,9 +51,9 @@
notify => Service['httpd']
} ~>
privkey { $apache_key:
ensure => present,
key_pair => Cert[$apache_cert_name],
notify => Service['httpd']
ensure => present,
key_pair => Cert[$apache_cert_name],
notify => Service['httpd']
} ->
file { $apache_key:
owner => $::apache::user,
Expand Down
32 changes: 16 additions & 16 deletions manifests/candlepin.pp
Original file line number Diff line number Diff line change
Expand Up @@ -55,15 +55,15 @@
mode => '0440',
} ~>
exec { 'candlepin-generate-ssl-keystore':
command => "openssl pkcs12 -export -in ${ca_cert} -inkey ${ca_key} -out ${keystore} -name tomcat -CAfile ${ca_cert} -caname root -password \"file:${password_file}\" -passin \"file:${certs::ca_key_password_file}\" ",
creates => $keystore,
command => "openssl pkcs12 -export -in ${ca_cert} -inkey ${ca_key} -out ${keystore} -name tomcat -CAfile ${ca_cert} -caname root -password \"file:${password_file}\" -passin \"file:${certs::ca_key_password_file}\" ",
creates => $keystore,
} ~>
file { "/usr/share/${candlepin::tomcat}/conf/keystore":
ensure => link,
target => $keystore,
owner => 'tomcat',
group => $::certs::group,
notify => Service[$candlepin::tomcat]
ensure => link,
target => $keystore,
owner => 'tomcat',
group => $::certs::group,
notify => Service[$candlepin::tomcat]
}

Cert[$java_client_cert_name] ~>
Expand Down Expand Up @@ -91,21 +91,21 @@
require => Service['qpidd'],
} ~>
exec { 'import CA into Candlepin truststore':
command => "keytool -import -v -keystore ${amqp_truststore} -storepass ${keystore_password} -alias ${certs::default_ca_name} -file ${ca_cert} -noprompt",
creates => $amqp_truststore,
command => "keytool -import -v -keystore ${amqp_truststore} -storepass ${keystore_password} -alias ${certs::default_ca_name} -file ${ca_cert} -noprompt",
creates => $amqp_truststore,
} ~>
exec { 'import client certificate into Candlepin keystore':
# Stupid keytool doesn't allow you to import a keypair. You can only import a cert. Hence, we have to
# create the store as an PKCS12 and convert to JKS. See http://stackoverflow.com/a/8224863
command => "openssl pkcs12 -export -name amqp-client -in ${client_cert} -inkey ${client_key} -out /tmp/keystore.p12 -passout file:${password_file} && keytool -importkeystore -destkeystore ${amqp_keystore} -srckeystore /tmp/keystore.p12 -srcstoretype pkcs12 -alias amqp-client -storepass ${keystore_password} -srcstorepass ${keystore_password} -noprompt && rm /tmp/keystore.p12",
unless => "keytool -list -keystore ${amqp_keystore} -storepass ${keystore_password} -alias ${certs::default_ca_name}",
command => "openssl pkcs12 -export -name amqp-client -in ${client_cert} -inkey ${client_key} -out /tmp/keystore.p12 -passout file:${password_file} && keytool -importkeystore -destkeystore ${amqp_keystore} -srckeystore /tmp/keystore.p12 -srcstoretype pkcs12 -alias amqp-client -storepass ${keystore_password} -srcstorepass ${keystore_password} -noprompt && rm /tmp/keystore.p12",
unless => "keytool -list -keystore ${amqp_keystore} -storepass ${keystore_password} -alias ${certs::default_ca_name}",
} ~>
file { $amqp_keystore:
ensure => file,
owner => 'tomcat',
group => $::certs::group,
mode => '0640',
notify => Service[$candlepin::tomcat],
ensure => file,
owner => 'tomcat',
group => $::certs::group,
mode => '0640',
notify => Service[$candlepin::tomcat],
}
}
}
Loading

0 comments on commit c562378

Please sign in to comment.