BREAKING Switch default to Globus v5, support v5.4

Switch default Globus version to v5, only support v5.4
Drop RedHat/CentOS 6 support
Add RedHat/CentOS 8 support
Update module dependencies

.github/workflows/ci.yaml

@@ -51,6 +51,7 @@ jobs:
       matrix:
         set:
           - "centos-7"
+          - "centos-8"
         puppet:
           - "puppet5"
           - "puppet6"

.sync.yml

@@ -3,14 +3,16 @@
   acceptance_matrix:
     set:
       - centos-7
-      - ---centos-8
+      - centos-8
     puppet:
       - puppet5
       - puppet6
 .gitlab-ci.yml:
   delete: true
 appveyor.yml:
   delete: true
+spec/acceptance/nodesets/centos-6.yml:
+  delete: true
 spec/acceptance/nodesets/debian-8.yml:
   delete: true
 spec/acceptance/nodesets/debian-9.yml:

README.md

@@ -7,133 +7,163 @@
 
 This module manages Globus Connect Server.
 
+### Supported Versions of Globus
+
+Currently this module supports Globus 4.x and 5.4.
+
+| Globus Version | Globus Puppet module versions |
+| -------------- | ----------------------------- |
+| 4.x            | 3.x                           |
+| 4.x & 5.3      | 4.x                           |
+| 4.x & 5.4      | 5.x                           |
+
+
+### Upgrading to module version 5.x
+
+Going from a version of this module prior to 5.0.0 to 5.x and using Globus v5 requires manual upgrade be performed.
+
+See [Globus v5.4 Migration Guide](https://docs.globus.org/globus-connect-server/v5.4/migration-guide/) for details.
+
+For sites using Globus v4 it's necessary to set `globus::version` to `4` in order to continue using Globus v4 as the default version was changed.
+
+For sites using Globus v5.3 and upgrading this module 5.x, it's expected you are also upgrading to Globus v5.4. The parameters completely changed for Globus v5 support so see the examples below for changes needed and required parameters.
+
 ## Usage
 
-### Globus v5
+### Globus v5.4
+
+The steps performed by this module are to install Globus and run the `globus endpoint setup` and `globus node setup` commands.
 
-In order to use Globus v5 you must define `version` parameter as `5`. You must register the host with Globus in order to get the values for `globus_client_id` and `globus_client_secret`.
+The following is the minimum parameters that must be passed to setup Globus v5.4.
 
-    class { 'globus':
-      version              => '5',
-      package_name         => 'globus-connect-server53',
-      globus_client_id     => 'REPLACE-client-id-from-globus',
-      globus_client_secret => 'REPLACE-client-secret-from-globus',
-    }
+```puppet
+class { 'globus':
+  display_name  => 'REPLACE My Site Globus',
+  client_id     => 'REPLACE-client-id-from-globus',
+  client_secret => 'REPLACE-client-id-from-globus',
+  owner         => 'REPLACE-user@example.com',
+}
+```
 
 ### Globus v4
 
 Install and configure a Globus IO endpoint that uses OAuth.  This example assumes host cert/key will not be provided by Globus.
 
-    class { 'globus':
-      include_id_server => false,
-      globus_user => 'myusername',
-      globus_password => 'password',
-      endpoint_name => 'myorg',
-      endpoint_public => true,
-      myproxy_server => 'myproxy.example.com:7512',
-      oauth_server => 'myproxy.example.com',
-      security_identity_method => 'OAuth',
-      security_fetch_credentials_from_relay => false,
-      security_certificate_file => '/etc/grid-security/hostcert.pem',
-      security_key_file => '/etc/grid-security/hostkey.pem',
-      gridftp_server => $::fqdn,
-      gridftp_restrict_paths => ['RW~','N~/.*','RW/project'],
-      # Example of extra settings
-      extra_gridftp_settings => [
-        'log_level ALL',
-        'log_single /var/log/gridftp-auth.log',
-        'log_transfer /var/log/gridftp-transfer.log',
-      ],
-    }
+```puppet
+class { 'globus':
+  include_id_server => false,
+  globus_user => 'myusername',
+  globus_password => 'password',
+  endpoint_name => 'myorg',
+  endpoint_public => true,
+  myproxy_server => 'myproxy.example.com:7512',
+  oauth_server => 'myproxy.example.com',
+  security_identity_method => 'OAuth',
+  security_fetch_credentials_from_relay => false,
+  security_certificate_file => '/etc/grid-security/hostcert.pem',
+  security_key_file => '/etc/grid-security/hostkey.pem',
+  gridftp_server => $::fqdn,
+  gridftp_restrict_paths => ['RW~','N~/.*','RW/project'],
+  # Example of extra settings
+  extra_gridftp_settings => [
+    'log_level ALL',
+    'log_single /var/log/gridftp-auth.log',
+    'log_transfer /var/log/gridftp-transfer.log',
+  ],
+}
+```
 
 This is an example of setting up a system that acts as both MyProxy and OAuth host.  This example assumes the host cert/key are not provided by Globus.
 
-    class { 'globus':
-      include_io_server => false,
-      include_id_server => true,
-      include_oauth_server => true,
-      globus_user => 'myusername',
-      globus_password => 'password',
-      endpoint_name => 'myorg',
-      endpoint_public => true,
-      myproxy_server => 'myproxy.example.com:7512',
-      oauth_server => 'myproxy.example.com',
-      security_identity_method => 'OAuth',
-      security_fetch_credentials_from_relay => false,
-      security_certificate_file => '/etc/grid-security/hostcert.pem',
-      security_key_file => '/etc/grid-security/hostkey.pem',
-    }
+```puppet
+  class { 'globus':
+    include_io_server => false,
+    include_id_server => true,
+    include_oauth_server => true,
+    globus_user => 'myusername',
+    globus_password => 'password',
+    endpoint_name => 'myorg',
+    endpoint_public => true,
+    myproxy_server => 'myproxy.example.com:7512',
+    oauth_server => 'myproxy.example.com',
+    security_identity_method => 'OAuth',
+    security_fetch_credentials_from_relay => false,
+    security_certificate_file => '/etc/grid-security/hostcert.pem',
+    security_key_file => '/etc/grid-security/hostkey.pem',
+  }
+```
 
 Below is an example of setting up the IO server to use CILogon.
 
-    class { 'globus':
-      include_id_server => false,
-      globus_user => 'myusername',
-      globus_password => 'password',
-      endpoint_name => 'myorg',
-      endpoint_public => true,
-      myproxy_server => 'myproxy.example.com:7512',
-      oauth_server => 'myproxy.example.com',
-      security_identity_method => 'CILogon',
-      security_cilogon_identity_provider => 'My Org',
-      security_fetch_credentials_from_relay => false,
-      security_certificate_file => '/etc/grid-security/hostcert.pem',
-      security_key_file => '/etc/grid-security/hostkey.pem',
-      gridftp_server => $::fqdn,
-      gridftp_restrict_paths => ['RW~','N~/.*','RW/project'],
-      # Example of extra settings
-      extra_gridftp_settings => [
-        'log_level ALL',
-        'log_single /var/log/gridftp-auth.log',
-        'log_transfer /var/log/gridftp-transfer.log',
-      ],
-    }
+```puppet
+  class { 'globus':
+    include_id_server => false,
+    globus_user => 'myusername',
+    globus_password => 'password',
+    endpoint_name => 'myorg',
+    endpoint_public => true,
+    myproxy_server => 'myproxy.example.com:7512',
+    oauth_server => 'myproxy.example.com',
+    security_identity_method => 'CILogon',
+    security_cilogon_identity_provider => 'My Org',
+    security_fetch_credentials_from_relay => false,
+    security_certificate_file => '/etc/grid-security/hostcert.pem',
+    security_key_file => '/etc/grid-security/hostkey.pem',
+    gridftp_server => $::fqdn,
+    gridftp_restrict_paths => ['RW~','N~/.*','RW/project'],
+    # Example of extra settings
+    extra_gridftp_settings => [
+      'log_level ALL',
+      'log_single /var/log/gridftp-auth.log',
+      'log_transfer /var/log/gridftp-transfer.log',
+    ],
+  }
+```
 
 Below is an example of what would be required to setup Globus GridFTP to also work with OSG GridFTP.  This example has not been verified since OSG 3.3.  OSG module referenced: https://github.com/treydock/puppet-osg
 
-    include ::osg
-    include ::osg::gridftp
-    class { '::globus':
-      manage_service => false,
-      include_id_server => false,
-      remove_cilogon_cron => true,
-      extra_gridftp_settings => [
-        'log_level ALL'
-        'log_single /var/log/gridftp-auth.log'
-        'log_transfer /var/log/gridftp.log'
-        '$LLGT_LOG_IDENT "gridftp-server-llgt"'
-        '$LCMAPS_DB_FILE "/etc/lcmaps.db"'
-        '$LCMAPS_POLICY_NAME "authorize_only"'
-        '$LLGT_LIFT_PRIVILEGED_PROTECTION "1"'
-        '$LCMAPS_DEBUG_LEVEL "2"'
-        '$FTPNOSORT 1'
-      ],
-      first_gridftp_callback => '|globus_mapping liblcas_lcmaps_gt4_mapping.so lcmaps_callout',
-    }
-
-    # Add globus repo before installing OSG GridFTP
-    Yumrepo['Globus-Toolkit'] -> Package['osg-gridftp']
-    # Apply OSG GridFTP before Globus
-    Package['osg-gridftp'] -> Class['::globus::install']
+```puppet
+  include ::osg
+  include ::osg::gridftp
+  class { '::globus':
+    manage_service => false,
+    include_id_server => false,
+    remove_cilogon_cron => true,
+    extra_gridftp_settings => [
+      'log_level ALL'
+      'log_single /var/log/gridftp-auth.log'
+      'log_transfer /var/log/gridftp.log'
+      '$LLGT_LOG_IDENT "gridftp-server-llgt"'
+      '$LCMAPS_DB_FILE "/etc/lcmaps.db"'
+      '$LCMAPS_POLICY_NAME "authorize_only"'
+      '$LLGT_LIFT_PRIVILEGED_PROTECTION "1"'
+      '$LCMAPS_DEBUG_LEVEL "2"'
+      '$FTPNOSORT 1'
+    ],
+    first_gridftp_callback => '|globus_mapping liblcas_lcmaps_gt4_mapping.so lcmaps_callout',
+  }
+  
+  # Add globus repo before installing OSG GridFTP
+  Yumrepo['Globus-Toolkit'] -> Package['osg-gridftp']
+  # Apply OSG GridFTP before Globus
+  Package['osg-gridftp'] -> Class['::globus::install']
+```
 
 ### Globus CLI
 
 To install the Globus CLI to `/opt/globus-cli` and create symlink for executable at `/usr/bin/globus`:
 
-```
+```puppet
 include globus::cli
 ```
 
 ### Globus SDK
 
 To install the Globus SDK to `/opt/globus-sdk`:
 
-```
+```puppet
 include globus::sdk
 ```
-
-### Globus SDK
-
 ## Reference
 
 [http://treydock.github.io/puppet-module-globus/](http://treydock.github.io/puppet-module-globus/)
@@ -142,30 +172,5 @@ include globus::sdk
 
 Tested using
 
-* CentOS 6
-* RedHat 7
-
-## Development
-
-### Testing
-
-Testing requires the following dependencies:
-
-* rake
-* bundler
-
-Install gem dependencies
-
-    bundle install
-
-Run unit tests
-
-    bundle exec rake test
-
-If you have Vagrant >= 1.2.0 installed you can run system tests
-
-    bundle exec rake beaker
-
-## Further Information
-
-*
+* RedHat/CentOS 7
+* RedHat/CentOS 8

lib/puppet/functions/globus/endpoint_setup_args.rb

@@ -0,0 +1,21 @@
+Puppet::Functions.create_function(:'globus::endpoint_setup_args') do
+  dispatch :args do
+    param 'Hash', :values
+  end
+  def args(values)
+    flags = []
+    flags << "'#{values['display_name']}'"
+    flags << "--client-id #{values['client_id']}"
+    flags << "--owner '#{values['owner']}'"
+    flags << "--deployment-key #{values['deployment_key']}"
+    flags << "--organization '#{values['organization']}'" unless values['organization'].nil?
+    flags << "--keywords '#{values['keywords'].join(',')}'" unless values['keywords'].nil?
+    flags << "--department '#{values['department']}'" unless values['department'].nil?
+    flags << "--contact-email '#{values['contact_email']}'" unless values['contact_email'].nil?
+    flags << "--contact-info '#{values['contact_info']}'" unless values['contact_info'].nil?
+    flags << "--info-link '#{values['info_link']}'" unless values['info_link'].nil?
+    flags << "--description '#{values['description']}'" unless values['description'].nil?
+    flags << '--private' unless values['public']
+    flags.join(' ')
+  end
+end

lib/puppet/functions/globus/node_setup_args.rb

@@ -0,0 +1,16 @@
+Puppet::Functions.create_function(:'globus::node_setup_args') do
+  dispatch :args do
+    param 'Hash', :values
+  end
+  def args(values)
+    flags = []
+    flags << "--client-id #{values['client_id']}"
+    flags << "--deployment-key #{values['deployment_key']}"
+    flags << "--incoming-port-range #{values['incoming_port_range'].join(',')}" unless values['incoming_port_range'].nil?
+    flags << "--outgoing-port-range #{values['outgoing_port_range'].join(',')}" unless values['outgoing_port_range'].nil?
+    flags << "--ip-address #{values['ip_address']}" unless values['ip_address'].nil?
+    flags << "--export-node #{values['export_node']}" unless values['export_node'].nil?
+    flags << "--import-node #{values['import_node']}" unless values['import_node'].nil?
+    flags.join(' ')
+  end
+end