diff --git a/manifests/application.pp b/manifests/application.pp new file mode 100644 index 00000000..c12fda4b --- /dev/null +++ b/manifests/application.pp @@ -0,0 +1,76 @@ +# Install and configure the katello application itself +class katello::application ( + Array[String] $package_names = $::katello::package_names, + Boolean $enable_ostree = $::katello::enable_ostree, + String $rubygem_katello_ostree = $::katello::rubygem_katello_ostree, + Optional[Enum['SSLv23', 'TLSv1', '']] $cdn_ssl_version = $::katello::cdn_ssl_version, + String $deployment_url = $::katello::deployment_url, + String $post_sync_token = $::katello::post_sync_token, + Stdlib::Httpsurl $candlepin_url = $::katello::candlepin_url, + String $oauth_key = $::katello::oauth_key, + String $oauth_secret = $::katello::oauth_secret, + Stdlib::Httpsurl $pulp_url = $::katello::pulp_url, + String $qpid_url = $::katello::qpid_url, + String $candlepin_event_queue = $::katello::candlepin_event_queue, + Optional[String] $proxy_host = $::katello::proxy_url, + Optional[Integer[0, 65535]] $proxy_port = $::katello::proxy_port, + Optional[String] $proxy_username = $::katello::proxy_username, + Optional[String] $proxy_password = $::katello::proxy_password, +) { + include ::certs + include ::certs::apache + include ::certs::foreman + include ::certs::pulp_client + + $candlepin_ca_cert = $::certs::ca_cert + $pulp_ca_cert = $::certs::katello_server_ca_cert + + foreman_config_entry { 'pulp_client_cert': + value => $::certs::pulp_client::client_cert, + ignore_missing => false, + require => [Class['certs::pulp_client'], Foreman::Rake['db:seed']], + } + + foreman_config_entry { 'pulp_client_key': + value => $::certs::pulp_client::client_key, + ignore_missing => false, + require => [Class['certs::pulp_client'], Foreman::Rake['db:seed']], + } + + # We used to override permissions here so this matches it back to the packaging + file { '/usr/share/foreman/bundler.d/katello.rb': + ensure => file, + owner => 'root', + group => 'root', + mode => '0644', + } + + include ::foreman + include ::foreman::plugin::tasks + + Class['certs', 'certs::ca', 'certs::apache'] ~> Class['apache::service'] + + # Katello database seeding needs candlepin + package { $package_names: + ensure => installed, + } -> + file { "${::foreman::plugin_config_dir}/katello.yaml": + ensure => file, + owner => 'root', + group => $::foreman::group, + mode => '0640', + content => template('katello/katello.yaml.erb'), + notify => [Class['foreman::service', 'foreman::plugin::tasks'], Foreman::Rake['db:seed']], + } + + if $enable_ostree { + package { $rubygem_katello_ostree: + ensure => installed, + notify => [Class['foreman::service', 'foreman::plugin::tasks'], Foreman::Rake['apipie:cache:index']], + } + } + + foreman::config::passenger::fragment{ 'katello': + ssl_content => file('katello/katello-apache-ssl.conf'), + } +} diff --git a/manifests/candlepin.pp b/manifests/candlepin.pp new file mode 100644 index 00000000..dc2d2483 --- /dev/null +++ b/manifests/candlepin.pp @@ -0,0 +1,54 @@ +# Katello configuration for candlepin +class katello::candlepin ( + Variant[Array[String], String] $user_groups = $::katello::user_groups, + String $oauth_key = $::katello::oauth_key, + String $oauth_secret = $::katello::oauth_secret, + String $deployment_url = $::katello::deployment_url, + String $db_host = $::katello::candlepin_db_host, + Optional[Integer[0, 65535]] $db_port = $::katello::candlepin_db_port, + String $db_name = $::katello::candlepin_db_name, + String $db_user = $::katello::candlepin_db_user, + String $db_password = $::katello::candlepin_db_password, + Boolean $db_ssl = $::katello::candlepin_db_ssl, + Boolean $db_ssl_verify = $::katello::candlepin_db_ssl_verify, + Boolean $manage_db = $::katello::candlepin_manage_db, + String $qpid_hostname = $::katello::qpid_hostname, +) { + include ::certs + include ::certs::qpid + include ::certs::candlepin + include ::katello::qpid_client + + class { '::candlepin': + user_groups => $user_groups, + oauth_key => $oauth_key, + oauth_secret => $oauth_secret, + deployment_url => $deployment_url, + ca_key => $::certs::ca_key, + ca_cert => $::certs::ca_cert_stripped, + keystore_password => $::certs::candlepin::keystore_password, + truststore_password => $::certs::candlepin::keystore_password, + enable_basic_auth => false, + consumer_system_name_pattern => '.+', + adapter_module => 'org.candlepin.katello.KatelloModule', + amq_enable => true, + amqp_keystore_password => $::certs::candlepin::keystore_password, + amqp_truststore_password => $::certs::candlepin::keystore_password, + amqp_keystore => $::certs::candlepin::amqp_keystore, + amqp_truststore => $::certs::candlepin::amqp_truststore, + qpid_hostname => $qpid_hostname, + qpid_ssl_cert => $::certs::qpid::client_cert, + qpid_ssl_key => $::certs::qpid::client_key, + db_host => $db_host, + db_port => $db_port, + db_name => $db_name, + db_user => $db_user, + db_password => $db_password, + db_ssl => $db_ssl, + db_ssl_verify => $db_ssl_verify, + manage_db => $manage_db, + subscribe => Class['certs', 'certs::qpid', 'certs::candlepin'], + } + + contain ::candlepin +} diff --git a/manifests/config.pp b/manifests/config.pp deleted file mode 100644 index 58478aad..00000000 --- a/manifests/config.pp +++ /dev/null @@ -1,48 +0,0 @@ -# Katello Config -class katello::config { - - class { '::katello::config::pulp_client': } - - file { '/usr/share/foreman/bundler.d/katello.rb': - ensure => file, - owner => 'root', - group => 'root', - mode => '0644', - } - - file { "${katello::config_dir}/katello.yaml": - ensure => file, - content => template('katello/katello.yaml.erb'), - owner => 'root', - group => 'root', - mode => '0644', - before => [Class['foreman::database'], Exec['foreman-rake-db:migrate']], - notify => [Service['foreman-tasks'], Class['foreman::service']], - } - - foreman::config::passenger::fragment{ 'katello': - ssl_content => file('katello/katello-apache-ssl.conf'), - } - - foreman::config::passenger::fragment{ 'pulp': - content => file('katello/pulp-apache.conf'), - ssl_content => file('katello/pulp-apache-ssl.conf'), - } - - # NB: we define this here to avoid a dependency cycle. It is not a problem if - # this dir exists before the pulp RPMs are installed. - file { '/var/lib/pulp': - ensure => directory, - owner => 'apache', - group => 'apache', - mode => '0755', - } - - file { $katello::repo_export_dir: - ensure => directory, - owner => $katello::user, - group => $katello::group, - mode => '0755', - } - -} diff --git a/manifests/config/pulp_client.pp b/manifests/config/pulp_client.pp deleted file mode 100644 index 7c3f5429..00000000 --- a/manifests/config/pulp_client.pp +++ /dev/null @@ -1,18 +0,0 @@ -#Katello Pulp Client config -class katello::config::pulp_client { - - class { '::certs::pulp_client': } - - foreman_config_entry { 'pulp_client_cert': - value => $::certs::pulp_client::client_cert, - ignore_missing => false, - require => [Class['::certs::pulp_client'], Exec['foreman-rake-db:seed']], - } - - foreman_config_entry { 'pulp_client_key': - value => $::certs::pulp_client::client_key, - ignore_missing => false, - require => [Class['::certs::pulp_client'], Exec['foreman-rake-db:seed']], - } -} - diff --git a/manifests/init.pp b/manifests/init.pp index 75439fc0..ba67bc9d 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -33,10 +33,6 @@ # $post_sync_token:: The shared secret for pulp notifying katello about # completed syncs # -# $log_dir:: Location for Katello log files to be placed -# -# $config_dir:: Location for Katello config files -# # $cdn_ssl_version:: SSL version used to communicate with the CDN # # $num_pulp_workers:: Number of pulp workers to use @@ -85,8 +81,6 @@ Integer[0, 1000] $qpid_wcache_page_size = $::katello::params::qpid_wcache_page_size, Integer[1] $num_pulp_workers = $::katello::params::num_pulp_workers, Optional[Integer] $max_tasks_per_pulp_worker = $::katello::params::max_tasks_per_pulp_worker, - Stdlib::Absolutepath $log_dir = $::katello::params::log_dir, - Stdlib::Absolutepath $config_dir = $::katello::params::config_dir, Optional[Stdlib::HTTPUrl] $proxy_url = $::katello::params::proxy_url, Optional[Integer[0, 65535]] $proxy_port = $::katello::params::proxy_port, Optional[String] $proxy_username = $::katello::params::proxy_username, @@ -113,102 +107,14 @@ Boolean $candlepin_db_ssl_verify = $::katello::params::candlepin_db_ssl_verify, Boolean $candlepin_manage_db = $::katello::params::candlepin_manage_db, ) inherits katello::params { - $candlepin_ca_cert = $::certs::ca_cert - $pulp_ca_cert = $::certs::katello_server_ca_cert - - Class['certs'] ~> - class { '::certs::apache': } ~> - class { '::katello::repo': } ~> - class { '::katello::install': } ~> - class { '::katello::config': } ~> - class { '::certs::qpid': } ~> - class { '::qpid': - ssl => true, - ssl_cert_db => $::certs::nss_db_dir, - ssl_cert_password_file => $::certs::qpid::nss_db_password_file, - ssl_cert_name => 'broker', - interface => 'lo', - wcache_page_size => $qpid_wcache_page_size, - } ~> - class { '::certs::candlepin': } ~> - class { '::candlepin': - user_groups => $katello::user_groups, - oauth_key => $katello::oauth_key, - oauth_secret => $katello::oauth_secret, - deployment_url => $katello::deployment_url, - ca_key => $certs::ca_key, - ca_cert => $certs::ca_cert_stripped, - keystore_password => $::certs::candlepin::keystore_password, - truststore_password => $::certs::candlepin::keystore_password, - enable_basic_auth => false, - consumer_system_name_pattern => '.+', - adapter_module => 'org.candlepin.katello.KatelloModule', - amq_enable => true, - amqp_keystore_password => $::certs::candlepin::keystore_password, - amqp_truststore_password => $::certs::candlepin::keystore_password, - amqp_keystore => $::certs::candlepin::amqp_keystore, - amqp_truststore => $::certs::candlepin::amqp_truststore, - qpid_ssl_cert => $::certs::qpid::client_cert, - qpid_ssl_key => $::certs::qpid::client_key, - db_host => $candlepin_db_host, - db_port => $candlepin_db_port, - db_name => $candlepin_db_name, - db_user => $candlepin_db_user, - db_password => $candlepin_db_password, - db_ssl => $candlepin_db_ssl, - db_ssl_verify => $candlepin_db_ssl_verify, - manage_db => $candlepin_manage_db, - } ~> - class { '::certs::qpid_client': } ~> - class { '::pulp': - oauth_enabled => true, - oauth_key => $katello::oauth_key, - oauth_secret => $katello::oauth_secret, - messaging_url => 'ssl://localhost:5671', - messaging_ca_cert => $::certs::ca_cert, - messaging_client_cert => $certs::qpid_client::messaging_client_cert, - messaging_transport => 'qpid', - messaging_auth_enabled => false, - broker_url => 'qpid://localhost:5671', - broker_use_ssl => true, - consumers_crl => $candlepin::crl_file, - proxy_url => $proxy_url, - proxy_port => $proxy_port, - proxy_username => $proxy_username, - proxy_password => $proxy_password, - yum_max_speed => $pulp_max_speed, - manage_broker => false, - manage_httpd => false, - manage_plugins_httpd => true, - manage_squid => true, - enable_rpm => true, - enable_puppet => true, - enable_docker => true, - enable_ostree => $enable_ostree, - num_workers => $num_pulp_workers, - max_tasks_per_child => $max_tasks_per_pulp_worker, - enable_parent_node => false, - repo_auth => true, - puppet_wsgi_processes => 1, - enable_katello => true, - } ~> - class { '::qpid::client': - ssl => true, - ssl_cert_name => 'broker', - ssl_cert_db => $certs::nss_db_dir, - ssl_cert_password_file => $certs::qpid::nss_db_password_file, - } ~> - class { '::katello::qpid': - client_cert => $certs::qpid::client_cert, - client_key => $certs::qpid::client_key, - } - - class { '::certs::foreman': } - - Exec['cpinit'] -> Exec['foreman-rake-db:seed'] - Class['certs::candlepin'] ~> Service['tomcat'] - Class['certs::qpid'] ~> Service['qpidd'] - Class['certs::ca'] ~> Service['httpd'] + include ::katello::repo + include ::katello::candlepin + include ::katello::qpid + include ::katello::pulp + Class['katello::repo'] -> Class['katello::pulp'] + include ::katello::application + Class['katello::repo'] -> Class['katello::application'] + Class['katello::candlepin'] -> Class['katello::application'] User<|title == apache|>{groups +> $user_groups} } diff --git a/manifests/install.pp b/manifests/install.pp deleted file mode 100644 index 4e0b01ac..00000000 --- a/manifests/install.pp +++ /dev/null @@ -1,13 +0,0 @@ -# Katello Install -class katello::install { - package { $katello::package_names: - ensure => installed, - } - - if $katello::enable_ostree { - package { $katello::rubygem_katello_ostree: - ensure => installed, - notify => [Service['foreman-tasks', 'httpd'], Exec['foreman-rake-apipie:cache:index']], - } - } -} diff --git a/manifests/params.pp b/manifests/params.pp index 736fb123..7011ff60 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -45,8 +45,6 @@ $user = 'foreman' $group = 'foreman' $user_groups = ['foreman'] - $config_dir = '/etc/foreman/plugins' - $log_dir = '/var/log/foreman/plugins' $repo_export_dir = '/var/lib/pulp/katello-export' # OAUTH settings @@ -63,7 +61,8 @@ # database reinitialization flag $reset_data = 'NONE' - $qpid_url = 'amqp:ssl:localhost:5671' + $qpid_hostname = 'localhost' + $qpid_url = "amqp:ssl:${qpid_hostname}:5671" $candlepin_event_queue = 'katello_event_queue' $candlepin_qpid_exchange = 'event' $enable_ostree = false diff --git a/manifests/pulp.pp b/manifests/pulp.pp new file mode 100644 index 00000000..7bb47b0e --- /dev/null +++ b/manifests/pulp.pp @@ -0,0 +1,80 @@ +# Katello configuration for pulp +class katello::pulp ( + String $oauth_key = $::katello::oauth_key, + String $oauth_secret = $::katello::oauth_secret, + Optional[String] $proxy_url = $::katello::proxy_url, + Optional[Integer[0, 65535]] $proxy_port = $::katello::proxy_port, + Optional[String] $proxy_username = $::katello::proxy_username, + Optional[String] $proxy_password = $::katello::proxy_password, + Optional[String] $yum_max_speed = $::katello::pulp_max_speed, + Boolean $enable_ostree = $::katello::enable_ostree, + Integer[1] $num_workers = $::katello::num_pulp_workers, + Optional[Integer] $max_tasks_per_child = $::katello::max_tasks_per_pulp_worker, + String $messaging_url = "ssl://${::katello::qpid_hostname}:5671", + String $broker_url = "qpid://${::katello::qpid_hostname}:5671", + Stdlib::Absolutepath $repo_export_dir = $::katello::repo_export_dir, + String $repo_export_dir_owner = $::katello::user, + String $repo_export_dir_group = $::katello::group, +) { + include ::certs + include ::certs::qpid_client + # Because we re-use the CRL file + include ::katello::candlepin + + class { '::pulp': + oauth_enabled => true, + oauth_key => $oauth_key, + oauth_secret => $oauth_secret, + messaging_url => $messaging_url, + messaging_ca_cert => $::certs::ca_cert, + messaging_client_cert => $::certs::qpid_client::messaging_client_cert, + messaging_transport => 'qpid', + messaging_auth_enabled => false, + broker_url => $broker_url, + broker_use_ssl => true, + consumers_crl => $::candlepin::crl_file, + proxy_url => $proxy_url, + proxy_port => $proxy_port, + proxy_username => $proxy_username, + proxy_password => $proxy_password, + yum_max_speed => $yum_max_speed, + manage_broker => false, + manage_httpd => false, + manage_plugins_httpd => true, + manage_squid => true, + enable_rpm => true, + enable_puppet => true, + enable_docker => true, + enable_ostree => $enable_ostree, + num_workers => $num_workers, + max_tasks_per_child => $max_tasks_per_child, + enable_parent_node => false, + repo_auth => true, + puppet_wsgi_processes => 1, + enable_katello => true, + subscribe => Class['certs', 'certs::qpid_client'], + } + + contain ::pulp + + foreman::config::passenger::fragment { 'pulp': + content => file('katello/pulp-apache.conf'), + ssl_content => file('katello/pulp-apache-ssl.conf'), + } + + # NB: we define this here to avoid a dependency cycle. It is not a problem if + # this dir exists before the pulp RPMs are installed. + file { '/var/lib/pulp': + ensure => directory, + owner => 'apache', + group => 'apache', + mode => '0755', + } + + file { $repo_export_dir: + ensure => directory, + owner => $repo_export_dir_owner, + group => $repo_export_dir_group, + mode => '0755', + } +} diff --git a/manifests/qpid.pp b/manifests/qpid.pp index 650c7ab8..9c69403e 100644 --- a/manifests/qpid.pp +++ b/manifests/qpid.pp @@ -1,34 +1,43 @@ # Katello qpid Config class katello::qpid ( - $client_cert, - $client_key, - $katello_user = $::katello::user, - $candlepin_event_queue = $::katello::candlepin_event_queue, - $candlepin_qpid_exchange = $::katello::candlepin_qpid_exchange, -){ - if $katello_user == undef { - fail('katello_user not defined') - } else { - Group['qpidd'] -> - User<|title == $katello_user|>{groups +> 'qpidd'} + String $katello_user = $::katello::user, + String $candlepin_event_queue = $::katello::candlepin_event_queue, + String $candlepin_qpid_exchange = $::katello::candlepin_qpid_exchange, + Integer[0, 5000] $wcache_page_size = $::katello::qpid_wcache_page_size, + String $interface = 'lo', +) { + include ::certs + include ::certs::qpid + + class { '::qpid': + ssl => true, + ssl_cert_db => $::certs::nss_db_dir, + ssl_cert_password_file => $::certs::qpid::nss_db_password_file, + ssl_cert_name => 'broker', + interface => $interface, + wcache_page_size => $wcache_page_size, + subscribe => Class['certs', 'certs::qpid'], } - qpid::config_cmd {'delete katello entitlements queue if bound to *.*': + contain ::qpid + + User<|title == $katello_user|>{groups +> 'qpidd'} + + qpid::config_cmd { 'delete katello entitlements queue if bound to *.*': command => "del queue ${candlepin_event_queue} --force", onlyif => "list binding | grep ${candlepin_event_queue} | grep '*.*'", - ssl_cert => $client_cert, - ssl_key => $client_key, - } -> - qpid::config_cmd { 'create katello entitlements queue': - command => "add queue ${candlepin_event_queue} --durable", - unless => "queues ${candlepin_event_queue}", - ssl_cert => $client_cert, - ssl_key => $client_key, + ssl_cert => $::certs::qpid::client_cert, + ssl_key => $::certs::qpid::client_key, } -> + qpid::config::queue { $candlepin_event_queue: + ssl_cert => $::certs::qpid::client_cert, + ssl_key => $::certs::qpid::client_key, + } + qpid::config::bind { ['entitlement.created', 'entitlement.deleted', 'pool.created', 'pool.deleted', 'compliance.created']: queue => $candlepin_event_queue, exchange => $candlepin_qpid_exchange, - ssl_cert => $client_cert, - ssl_key => $client_key, + ssl_cert => $::certs::qpid::client_cert, + ssl_key => $::certs::qpid::client_key, } } diff --git a/manifests/qpid_client.pp b/manifests/qpid_client.pp new file mode 100644 index 00000000..3dd3544e --- /dev/null +++ b/manifests/qpid_client.pp @@ -0,0 +1,15 @@ +# Install and configure a qpid client +class katello::qpid_client { + include ::certs + include ::certs::qpid + + class { '::qpid::client': + ssl => true, + ssl_cert_name => 'broker', + ssl_cert_db => $::certs::nss_db_dir, + ssl_cert_password_file => $::certs::qpid::nss_db_password_file, + require => Class['certs', 'certs::qpid'], + } + + contain ::qpid::client +} diff --git a/manifests/repo.pp b/manifests/repo.pp index e4b8f1c7..12bc4487 100644 --- a/manifests/repo.pp +++ b/manifests/repo.pp @@ -1,9 +1,9 @@ class katello::repo ( - $manage_repo = $::katello::manage_repo, - $repo_version = $::katello::repo_version, - $dist = $::katello::repo_yumcode, - $gpgcheck = $::katello::repo_gpgcheck, - $gpgkey = $::katello::repo_gpgkey, + Boolean $manage_repo = $::katello::manage_repo, + String $repo_version = $::katello::repo_version, + String $dist = $::katello::repo_yumcode, + Boolean $gpgcheck = $::katello::repo_gpgcheck, + Optional[String] $gpgkey = $::katello::repo_gpgkey, ) { if $manage_repo { yumrepo { 'katello': diff --git a/spec/classes/katello_application_spec.rb b/spec/classes/katello_application_spec.rb new file mode 100644 index 00000000..49429379 --- /dev/null +++ b/spec/classes/katello_application_spec.rb @@ -0,0 +1,213 @@ +require 'spec_helper' + +describe 'katello::application' do + on_os_under_test.each do |os, facts| + context "on #{os}" do + let(:facts) { facts } + + let(:base_params) do + { + :package_names => ['tfm-rubygem-katello'], + :enable_ostree => false, + :rubygem_katello_ostree => 'tfm-rubygem-katello_ostree', + :cdn_ssl_version => '', + :deployment_url => '/katello', + :post_sync_token => 'test_token', + :candlepin_url => 'https://foo.example.com:8443/candlepin', + :oauth_key => 'katello', + :oauth_secret => 'secret', + :pulp_url => 'https://foo.example.com/pulp/api/v2/', + :qpid_url => 'amqp:ssl:localhost:5671', + :candlepin_event_queue => 'katello_event_queue', + :proxy_host => '', + :proxy_port => 8080, + :proxy_username => nil, + :proxy_password => nil, + } + end + + context 'with explicit parameters' do + context 'with base_params' do + let (:params) { base_params } + + it { is_expected.to compile.with_all_deps } + it { is_expected.not_to contain_package('tfm-rubygem-katello_ostree') } + it { is_expected.to create_package('tfm-rubygem-katello') } + it { is_expected.to create_file('/usr/share/foreman/bundler.d/katello.rb') } + + it do + is_expected.to create_foreman_config_entry('pulp_client_cert') + .with_value('/etc/pki/katello/certs/pulp-client.crt') + .that_requires(['Class[Certs::Pulp_client]', 'Foreman::Rake[db:seed]']) + end + + it do + is_expected.to create_foreman_config_entry('pulp_client_key') + .with_value('/etc/pki/katello/private/pulp-client.key') + .that_requires(['Class[Certs::Pulp_client]', 'Foreman::Rake[db:seed]']) + end + + it do + is_expected.to contain_service('httpd') + .that_subscribes_to(['Class[Certs::Apache]', 'Class[Certs::Ca]']) + end + + it do + is_expected.to contain_file('/etc/foreman/plugins/katello.yaml') + .that_notifies(['Class[Foreman::Plugin::Tasks]', 'Class[Foreman::Service]', 'Exec[foreman-rake-db:seed]', 'Exec[restart_foreman]']) + end + + it do + is_expected.to create_foreman__config__passenger__fragment('katello') + .without_content() + .with_ssl_content(%r{^$}) + end + + it 'should generate correct katello.yaml' do + verify_exact_contents(catalogue, '/etc/foreman/plugins/katello.yaml', [ + ':katello:', + ' :rest_client_timeout: 3600', + ' :post_sync_url: https://foo.example.com/katello/api/v2/repositories/sync_complete?token=test_token', + ' :candlepin:', + ' :url: https://foo.example.com:8443/candlepin', + ' :oauth_key: katello', + ' :oauth_secret: secret', + ' :ca_cert_file: /etc/pki/katello/certs/katello-default-ca.crt', + ' :pulp:', + ' :url: https://foo.example.com/pulp/api/v2/', + ' :oauth_key: katello', + ' :oauth_secret: secret', + ' :ca_cert_file: /etc/pki/katello/certs/katello-server-ca.crt', + ' :qpid:', + ' :url: amqp:ssl:localhost:5671', + ' :subscriptions_queue_address: katello_event_queue' + ]) + end + end + + context 'with enable_ostree => true' do + let :params do + base_params.merge(:enable_ostree => true) + end + + it { is_expected.to compile.with_all_deps } + + it do + is_expected.to contain_package('tfm-rubygem-katello_ostree') + .with_ensure('installed') + .that_notifies(['Class[Foreman::Service]', 'Class[Foreman::Plugin::Tasks]', 'Exec[foreman-rake-apipie:cache:index]']) + end + end + + context 'with cdn_ssl_version' do + let :params do + base_params.merge(:cdn_ssl_version => 'TLSv1') + end + + it { is_expected.to compile.with_all_deps } + + it 'should generate correct katello.yaml' do + verify_exact_contents(catalogue, '/etc/foreman/plugins/katello.yaml', [ + ':katello:', + ' :cdn_ssl_version: TLSv1', + ' :rest_client_timeout: 3600', + ' :post_sync_url: https://foo.example.com/katello/api/v2/repositories/sync_complete?token=test_token', + ' :candlepin:', + ' :url: https://foo.example.com:8443/candlepin', + ' :oauth_key: katello', + ' :oauth_secret: secret', + ' :ca_cert_file: /etc/pki/katello/certs/katello-default-ca.crt', + ' :pulp:', + ' :url: https://foo.example.com/pulp/api/v2/', + ' :oauth_key: katello', + ' :oauth_secret: secret', + ' :ca_cert_file: /etc/pki/katello/certs/katello-server-ca.crt', + ' :qpid:', + ' :url: amqp:ssl:localhost:5671', + ' :subscriptions_queue_address: katello_event_queue' + ]) + end + end + + context 'when http proxy parameters are specified' do + let(:params) do + base_params.merge( + :proxy_host => 'http://myproxy.org', + :proxy_port => 8888, + :proxy_username => 'admin', + :proxy_password => 'secret_password', + ) + end + + it 'should generate correct katello.yaml' do + verify_exact_contents(catalogue, '/etc/foreman/plugins/katello.yaml', [ + ':katello:', + ' :rest_client_timeout: 3600', + ' :post_sync_url: https://foo.example.com/katello/api/v2/repositories/sync_complete?token=test_token', + ' :candlepin:', + ' :url: https://foo.example.com:8443/candlepin', + ' :oauth_key: katello', + ' :oauth_secret: secret', + ' :ca_cert_file: /etc/pki/katello/certs/katello-default-ca.crt', + ' :pulp:', + ' :url: https://foo.example.com/pulp/api/v2/', + ' :oauth_key: katello', + ' :oauth_secret: secret', + ' :ca_cert_file: /etc/pki/katello/certs/katello-server-ca.crt', + ' :qpid:', + ' :url: amqp:ssl:localhost:5671', + ' :subscriptions_queue_address: katello_event_queue', + ' :cdn_proxy:', + ' :host: http://myproxy.org', + ' :port: 8888', + ' :user: admin', + ' :password: secret_password' + ]) + end + end + end + + context 'with inherited parameters' do + let :pre_condition do + <<-EOS + class {'::katello': + oauth_secret => 'secret', + post_sync_token => 'test_token', + } + EOS + end + + it { is_expected.to compile.with_all_deps } + it { is_expected.not_to contain_package('tfm-rubygem-katello_ostree') } + it { is_expected.to create_package('tfm-rubygem-katello') } + it { is_expected.to create_package('katello') } + it do + is_expected.to contain_package('tfm-rubygem-katello') + .that_requires('Exec[cpinit]') + end + + it 'should generate correct katello.yaml' do + verify_exact_contents(catalogue, '/etc/foreman/plugins/katello.yaml', [ + ':katello:', + ' :rest_client_timeout: 3600', + ' :post_sync_url: https://foo.example.com/katello/api/v2/repositories/sync_complete?token=test_token', + ' :candlepin:', + ' :url: https://foo.example.com:8443/candlepin', + ' :oauth_key: katello', + ' :oauth_secret: secret', + ' :ca_cert_file: /etc/pki/katello/certs/katello-default-ca.crt', + ' :pulp:', + ' :url: https://foo.example.com/pulp/api/v2/', + ' :oauth_key: katello', + ' :oauth_secret: secret', + ' :ca_cert_file: /etc/pki/katello/certs/katello-server-ca.crt', + ' :qpid:', + ' :url: amqp:ssl:localhost:5671', + ' :subscriptions_queue_address: katello_event_queue' + ]) + end + end + + end + end +end diff --git a/spec/classes/katello_candlepin_spec.rb b/spec/classes/katello_candlepin_spec.rb new file mode 100644 index 00000000..8dd8993e --- /dev/null +++ b/spec/classes/katello_candlepin_spec.rb @@ -0,0 +1,47 @@ +require 'spec_helper' + +describe 'katello::candlepin' do + on_os_under_test.each do |os, facts| + context "on #{os}" do + let (:facts) { facts } + + context 'with explicit parameters' do + let(:params) do + { + :user_groups => ['foreman'], + :oauth_key => 'katello', + :oauth_secret => 'secret', + :deployment_url => '/katello', + :db_host => 'localhost', + :db_port => 5432, + :db_name => 'candlepin', + :db_user => 'candlepin', + :db_password => 'secret', + :db_ssl => false, + :db_ssl_verify => true, + :manage_db => true, + :qpid_hostname => 'localhost', + } + end + + it { is_expected.to compile.with_all_deps } + it { is_expected.to contain_class('certs::qpid') } + it { is_expected.to contain_class('certs::candlepin').that_notifies('Service[tomcat]') } + it { is_expected.to contain_class('katello::qpid_client') } + it { is_expected.to contain_class('candlepin') } + end + + context 'with inherited parameters' do + let :pre_condition do + 'include ::katello' + end + + it { is_expected.to compile.with_all_deps } + it { is_expected.to contain_class('certs::qpid') } + it { is_expected.to contain_class('certs::candlepin').that_notifies('Service[tomcat]') } + it { is_expected.to contain_class('katello::qpid_client') } + it { is_expected.to contain_class('candlepin') } + end + end + end +end diff --git a/spec/classes/katello_config_spec.rb b/spec/classes/katello_config_spec.rb deleted file mode 100644 index 9c17bee1..00000000 --- a/spec/classes/katello_config_spec.rb +++ /dev/null @@ -1,93 +0,0 @@ -require 'spec_helper' - -describe 'katello::config' do - on_os_under_test.each do |os, facts| - let(:facts) { facts } - - context 'default config settings' do - let(:pre_condition) do - [ - 'include foreman', - 'include foreman::plugin::tasks', - 'include certs', - 'class {"katello":' \ - 'post_sync_token => test_token,' \ - 'oauth_secret => secret' \ - '}' - ] - end - - it 'should NOT set the cdn-ssl-version' do - should_not contain_file('/etc/foreman/plugins/katello.yaml'). - with_content(/cdn_ssl_version/) - end - - it 'should generate correct katello.yaml' do - should contain_file('/etc/foreman/plugins/katello.yaml') - verify_exact_contents(catalogue, '/etc/foreman/plugins/katello.yaml', [ - ':katello:', - ' :rest_client_timeout: 3600', - ' :post_sync_url: https://foo.example.com/katello/api/v2/repositories/sync_complete?token=test_token', - ' :candlepin:', - ' :url: https://foo.example.com:8443/candlepin', - ' :oauth_key: katello', - ' :oauth_secret: secret', - ' :ca_cert_file: /etc/pki/katello/certs/katello-default-ca.crt', - ' :pulp:', - ' :url: https://foo.example.com/pulp/api/v2/', - ' :oauth_key: katello', - ' :oauth_secret: secret', - ' :ca_cert_file: /etc/pki/katello/certs/katello-server-ca.crt', - ' :qpid:', - ' :url: amqp:ssl:localhost:5671', - ' :subscriptions_queue_address: katello_event_queue' - ]) - end - end - - context 'when http proxy parameters are specified' do - let(:pre_condition) do - [ - 'include foreman', - 'include foreman::plugin::tasks', - 'include certs', - 'class {"katello":' \ - 'post_sync_token => "test_token",' \ - 'oauth_secret => "secret",' \ - 'proxy_url => "http://myproxy.org",' \ - 'proxy_port => 8888,' \ - 'proxy_username => "admin",' \ - 'proxy_password => "secret_password"' \ - '}' - ] - end - - it 'should generate correct katello.yaml' do - should contain_file('/etc/foreman/plugins/katello.yaml') - verify_exact_contents(catalogue, '/etc/foreman/plugins/katello.yaml', [ - ':katello:', - ' :rest_client_timeout: 3600', - ' :post_sync_url: https://foo.example.com/katello/api/v2/repositories/sync_complete?token=test_token', - ' :candlepin:', - ' :url: https://foo.example.com:8443/candlepin', - ' :oauth_key: katello', - ' :oauth_secret: secret', - ' :ca_cert_file: /etc/pki/katello/certs/katello-default-ca.crt', - ' :pulp:', - ' :url: https://foo.example.com/pulp/api/v2/', - ' :oauth_key: katello', - ' :oauth_secret: secret', - ' :ca_cert_file: /etc/pki/katello/certs/katello-server-ca.crt', - ' :qpid:', - ' :url: amqp:ssl:localhost:5671', - ' :subscriptions_queue_address: katello_event_queue', - ' :cdn_proxy:', - ' :host: http://myproxy.org', - ' :port: 8888', - ' :user: admin', - ' :password: secret_password' - ]) - end - end - end -end diff --git a/spec/classes/katello_install_spec.rb b/spec/classes/katello_install_spec.rb deleted file mode 100644 index 5609869b..00000000 --- a/spec/classes/katello_install_spec.rb +++ /dev/null @@ -1,37 +0,0 @@ -require 'spec_helper' - -describe 'katello::install' do - on_os_under_test.each do |os, facts| - context "on #{os}" do - let(:facts) { facts } - - describe 'with enable_ostree == false' do - let(:pre_condition) do - ['include foreman', - 'include foreman::plugin::tasks', - 'include certs', - "class {'katello': - enable_ostree => false, - }" - ] - end - - it { should_not contain_package("tfm-rubygem-katello_ostree")} - end - - describe 'with enable_ostree == true' do - let(:pre_condition) do - ['include foreman', - 'include foreman::plugin::tasks', - 'include certs', - "class {'katello': - enable_ostree => true, - }" - ] - end - it { should contain_package("tfm-rubygem-katello_ostree").with_ensure('installed'). - with_notify(["Service[foreman-tasks]", "Service[httpd]", "Exec[foreman-rake-apipie:cache:index]"]) } - end - end - end -end diff --git a/spec/classes/katello_pulp_spec.rb b/spec/classes/katello_pulp_spec.rb new file mode 100644 index 00000000..08dd4946 --- /dev/null +++ b/spec/classes/katello_pulp_spec.rb @@ -0,0 +1,78 @@ +require 'spec_helper' + +describe 'katello::pulp' do + on_os_under_test.each do |os, facts| + context "on #{os}" do + let :facts do + facts + end + + context 'with inherited parameters' do + let :pre_condition do + <<-EOS + class { '::katello': + oauth_secret => 'secret', + num_pulp_workers => 1, + } + EOS + end + + it { is_expected.to compile.with_all_deps } + it { is_expected.to contain_class('certs') } + it { is_expected.to contain_class('certs::qpid_client') } + it { is_expected.to contain_class('katello::candlepin') } + + it do + is_expected.to create_class('pulp') + .with_oauth_enabled(true) + .with_oauth_key('katello') + .with_oauth_secret('secret') + .with_messaging_url('ssl://localhost:5671') + .with_messaging_ca_cert('/etc/pki/katello/certs/katello-default-ca.crt') + .with_messaging_client_cert('/etc/pki/katello/qpid_client_striped.crt') + .with_messaging_transport('qpid') + .with_messaging_auth_enabled(false) + .with_broker_url('qpid://localhost:5671') + .with_broker_use_ssl(true) + .with_consumers_crl('/var/lib/candlepin/candlepin-crl.crl') + .with_proxy_url(nil) + .with_proxy_port(nil) + .with_proxy_username(nil) + .with_proxy_password(nil) + .with_yum_max_speed(nil) + .with_manage_broker(false) + .with_manage_httpd(false) + .with_manage_plugins_httpd(true) + .with_manage_squid(true) + .with_enable_rpm(true) + .with_enable_puppet(true) + .with_enable_docker(true) + .with_enable_ostree(false) + .with_num_workers(1) + .with_max_tasks_per_child(2) + .with_enable_parent_node(false) + .with_repo_auth(true) + .with_puppet_wsgi_processes(1) + .with_enable_katello(true) + .that_subscribes_to('Class[Certs::Qpid_client]') + end + + it do + is_expected.to create_foreman__config__passenger__fragment('pulp') + .with_content(%r{^$}) + .with_ssl_content(%r{^$}) + end + + it { is_expected.to create_file('/var/lib/pulp') } + + it do + is_expected.to create_file('/var/lib/pulp/katello-export') + .with_ensure('directory') + .with_owner('foreman') + .with_group('foreman') + .with_mode('0755') + end + end + end + end +end diff --git a/spec/classes/katello_qpid_client_spec.rb b/spec/classes/katello_qpid_client_spec.rb new file mode 100644 index 00000000..7b358424 --- /dev/null +++ b/spec/classes/katello_qpid_client_spec.rb @@ -0,0 +1,21 @@ +require 'spec_helper' + +describe 'katello' do + on_os_under_test.each do |os, facts| + context "on #{os}" do + let(:facts) { facts } + + it { is_expected.to compile.with_all_deps } + it { is_expected.to contain_class('certs::qpid') } + + it do + is_expected.to create_class('qpid::client') + .with_ssl(true) + .with_ssl_cert_name('broker') + .with_ssl_cert_db('/etc/pki/katello/nssdb') + .with_ssl_cert_password_file('/etc/pki/katello/nssdb/nss_db_password-file') + .that_requires('Class[Certs::Qpid]') + end + end + end +end diff --git a/spec/classes/katello_qpid_spec.rb b/spec/classes/katello_qpid_spec.rb new file mode 100644 index 00000000..50226dae --- /dev/null +++ b/spec/classes/katello_qpid_spec.rb @@ -0,0 +1,97 @@ +require 'spec_helper' + +describe 'katello::qpid' do + on_os_under_test.each do |os, facts| + context "on #{os}" do + let :facts do + facts + end + + context 'with explicit parameters' do + let :params do + { + :katello_user => 'foreman', + :candlepin_event_queue => 'katello_event_queue', + :candlepin_qpid_exchange => 'event', + :wcache_page_size => 8, + :interface => 'eth0', + } + end + + it { is_expected.to compile.with_all_deps } + it { is_expected.to contain_class('certs') } + it { is_expected.to contain_class('certs::qpid').that_notifies(['Service[qpidd]', 'Class[qpid]']) } + it { is_expected.not_to contain_user('foreman') } + + it do + is_expected.to create_class('qpid') + .with_wcache_page_size(8) + .with_interface('eth0') + end + + it do + is_expected.to create_qpid__config_cmd('delete katello entitlements queue if bound to *.*') + .with_command('del queue katello_event_queue --force') + .with_onlyif("list binding | grep katello_event_queue | grep '*.*'") + .with_ssl_cert('/etc/pki/katello/certs/foo.example.com-qpid-broker.crt') + .with_ssl_key('/etc/pki/katello/private/foo.example.com-qpid-broker.key') + end + + it do + is_expected.to create_qpid__config__queue('katello_event_queue') + .with_ssl_cert('/etc/pki/katello/certs/foo.example.com-qpid-broker.crt') + .with_ssl_key('/etc/pki/katello/private/foo.example.com-qpid-broker.key') + end + + ['entitlement.created', 'entitlement.deleted', 'pool.created', 'pool.deleted', 'compliance.created'].each do |binding| + it do + is_expected.to create_qpid__config__bind(binding) + .with_queue('katello_event_queue') + .with_exchange('event') + .with_ssl_cert('/etc/pki/katello/certs/foo.example.com-qpid-broker.crt') + .with_ssl_key('/etc/pki/katello/private/foo.example.com-qpid-broker.key') + end + end + end + + context 'with inherited parameters' do + let :pre_condition do + 'include ::katello' + end + + it { is_expected.to compile.with_all_deps } + it { is_expected.to contain_user('foreman').with_groups(['puppet', 'qpidd']) } + it { is_expected.to contain_class('certs::qpid').that_notifies(['Service[qpidd]', 'Class[qpid]']) } + + it do + is_expected.to create_class('qpid') + .with_wcache_page_size(4) + end + + it do + is_expected.to create_qpid__config_cmd('delete katello entitlements queue if bound to *.*') + .with_command('del queue katello_event_queue --force') + .with_onlyif("list binding | grep katello_event_queue | grep '*.*'") + .with_ssl_cert('/etc/pki/katello/certs/foo.example.com-qpid-broker.crt') + .with_ssl_key('/etc/pki/katello/private/foo.example.com-qpid-broker.key') + end + + it do + is_expected.to create_qpid__config__queue('katello_event_queue') + .with_ssl_cert('/etc/pki/katello/certs/foo.example.com-qpid-broker.crt') + .with_ssl_key('/etc/pki/katello/private/foo.example.com-qpid-broker.key') + end + + ['entitlement.created', 'entitlement.deleted', 'pool.created', 'pool.deleted', 'compliance.created'].each do |binding| + it do + is_expected.to create_qpid__config__bind(binding) + .with_queue('katello_event_queue') + .with_exchange('event') + .with_ssl_cert('/etc/pki/katello/certs/foo.example.com-qpid-broker.crt') + .with_ssl_key('/etc/pki/katello/private/foo.example.com-qpid-broker.key') + end + end + end + end + end +end diff --git a/spec/classes/katello_repo_spec.rb b/spec/classes/katello_repo_spec.rb index 849e72fb..1dd43260 100644 --- a/spec/classes/katello_repo_spec.rb +++ b/spec/classes/katello_repo_spec.rb @@ -1,7 +1,8 @@ require 'spec_helper' describe 'katello::repo' do - context 'with manage_repo => false' do let :params do + context 'with manage_repo => false' do + let :params do { 'manage_repo' => false, 'repo_version' => 'latest', diff --git a/spec/classes/katello_spec.rb b/spec/classes/katello_spec.rb index a9a08233..e2078ce7 100644 --- a/spec/classes/katello_spec.rb +++ b/spec/classes/katello_spec.rb @@ -5,31 +5,15 @@ context "on #{os}" do let(:facts) { facts } - let(:pre_condition) do - ['include foreman', 'include foreman::plugin::tasks', 'include certs'] - end - - it { should contain_class('katello::install') } - it { should contain_class('katello::config') } - - it "should configure a qpid client" do - should contain_class('qpid::client'). - with(:ssl => true, - :ssl_cert_name => 'broker') - end - - context 'on setting cdn-ssl-version' do - let :params do - { - "cdn_ssl_version" => 'TLSv1' - } - end - - it 'should set up the cdn_ssl_version' do - should contain_file('/etc/foreman/plugins/katello.yaml'). - with_content(/^\s*:cdn_ssl_version:\s*TLSv1$/) - end - end + it { is_expected.to compile.with_all_deps } + it { is_expected.to contain_class('katello::repo') } + it { is_expected.to contain_class('katello::candlepin') } + it { is_expected.to contain_class('katello::application') } + it { is_expected.to contain_class('katello::pulp') } + it { is_expected.to contain_class('katello::qpid_client') } + it { is_expected.to contain_class('katello::qpid') } + + it { is_expected.to contain_package('katello').that_requires('Exec[cpinit]') } end end diff --git a/templates/katello.yaml.erb b/templates/katello.yaml.erb index 2b62d481..46a21d81 100644 --- a/templates/katello.yaml.erb +++ b/templates/katello.yaml.erb @@ -2,33 +2,33 @@ ## Module: puppet-katello :katello: - <%- unless [nil, :undefined, :undef].include?(scope['katello::cdn_ssl_version']) -%> - :cdn_ssl_version: <%= scope['katello::cdn_ssl_version']%> + <%- unless [nil, :undefined, :undef, ''].include?(@cdn_ssl_version) -%> + :cdn_ssl_version: <%= @cdn_ssl_version %> <%- end -%> :rest_client_timeout: 3600 - :post_sync_url: https://<%= @fqdn %><%= scope['katello::deployment_url'] %>/api/v2/repositories/sync_complete?token=<%= scope['katello::post_sync_token'] %> + :post_sync_url: https://<%= @fqdn %><%= @deployment_url %>/api/v2/repositories/sync_complete?token=<%= @post_sync_token %> :candlepin: - :url: <%= scope['katello::candlepin_url'] %> - :oauth_key: <%= scope['katello::oauth_key'] %> - :oauth_secret: <%= scope['katello::oauth_secret'] %> - :ca_cert_file: <%= scope['katello::candlepin_ca_cert'] %> + :url: <%= @candlepin_url %> + :oauth_key: <%= @oauth_key %> + :oauth_secret: <%= @oauth_secret %> + :ca_cert_file: <%= @candlepin_ca_cert %> :pulp: - :url: <%= scope['katello::pulp_url'] %> - :oauth_key: <%= scope['katello::oauth_key'] %> - :oauth_secret: <%= scope['katello::oauth_secret'] %> - :ca_cert_file: <%= scope['katello::pulp_ca_cert'] %> + :url: <%= @pulp_url %> + :oauth_key: <%= @oauth_key %> + :oauth_secret: <%= @oauth_secret %> + :ca_cert_file: <%= @pulp_ca_cert %> :qpid: - :url: <%= scope['katello::qpid_url'] %> - :subscriptions_queue_address: <%= scope['katello::candlepin_event_queue'] %> + :url: <%= @qpid_url %> + :subscriptions_queue_address: <%= @candlepin_event_queue %> -<%- unless [nil, :undefined, :undef].include?(scope['katello::proxy_url']) -%> +<%- unless [nil, :undefined, :undef, ''].include?(@proxy_host) -%> :cdn_proxy: - :host: <%= scope['katello::proxy_url'] %> - :port: <%= scope['katello::proxy_port'] %> - :user: <%= scope['katello::proxy_username'] %> - :password: <%= scope['katello::proxy_password'] %> + :host: <%= @proxy_host %> + :port: <%= @proxy_port %> + :user: <%= @proxy_username %> + :password: <%= @proxy_password %> <%- end -%>