diff --git a/acceptance/tests/config/puppet_manages_own_configuration_in_robust_manner.rb b/acceptance/tests/config/puppet_manages_own_configuration_in_robust_manner.rb index ea4694ad3..dafef1cff 100644 --- a/acceptance/tests/config/puppet_manages_own_configuration_in_robust_manner.rb +++ b/acceptance/tests/config/puppet_manages_own_configuration_in_robust_manner.rb @@ -1,80 +1,82 @@ # User story: # A new user has installed puppet either from source or from a gem, which does # not put the "puppet" user or group on the system. They run the puppet master, # which fails because of the missing user and then correct their actions. They # expect that after correcting their actions, puppet will work correctly. test_name "Puppet manages its own configuration in a robust manner" +skip_test "JVM Puppet cannot change its user while running." if @options[:is_jvm_puppet] + # when owner/group works on windows for settings, this confine should be removed. confine :except, :platform => 'windows' # when managhome roundtrips for solaris, this confine should be removed confine :except, :platform => 'solaris' # pe setup includes ownership of external directories such as the passenger # document root, which puppet itself knows nothing about confine :except, :type => 'pe' # same issue for a foss passenger run if master.is_using_passenger? skip_test 'Cannot test with passenger.' end if master.use_service_scripts? # Beaker defaults to leaving puppet running when using service scripts, # Need to shut it down so we can modify user/group and test startup failure on(master, puppet('resource', 'service', master['puppetservice'], 'ensure=stopped')) end step "Clear out yaml directory because of a bug in the indirector/yaml. (See #21145)" on master, 'rm -rf $(puppet master --configprint yamldir)' original_state = {} step "Record original state of system users" do hosts.each do |host| original_state[host] = {} original_state[host][:user] = user = host.execute('puppet config print user') original_state[host][:group] = group = host.execute('puppet config print group') original_state[host][:ug_resources] = on(host, puppet('resource', 'user', user)).stdout original_state[host][:ug_resources] += on(host, puppet('resource', 'group', group)).stdout original_state[host][:ug_resources] += "Group['#{group}'] -> User['#{user}']\n" end end teardown do # And cleaning up yaml dir again here because we are changing service # user and group ids back to the original uid and gid on master, 'rm -rf $(puppet master --configprint yamldir)' hosts.each do |host| apply_manifest_on(host, <<-ORIG) #{original_state[host][:ug_resources]} ORIG end with_puppet_running_on(master, {}) do agents.each do |agent| on agent, puppet('agent', '-t', '--server', master) end end end step "Remove system users" do hosts.each do |host| on host, puppet('resource', 'user', original_state[host][:user], 'ensure=absent') on host, puppet('resource', 'group', original_state[host][:group], 'ensure=absent') end end step "Ensure master fails to start when missing system user" do on master, puppet('master'), :acceptable_exit_codes => [74] do assert_match(/could not change to group "#{original_state[master][:group]}"/, result.output) assert_match(/Could not change to user #{original_state[master][:user]}/, result.output) end end step "Ensure master starts when making users after having previously failed startup" do with_puppet_running_on(master, :master => { :mkusers => true }) do agents.each do |agent| on agent, puppet('agent', '-t', '--server', master) end end end diff --git a/acceptance/tests/environment/can_enumerate_environments.rb b/acceptance/tests/environment/can_enumerate_environments.rb index 47bcacc6c..088e9de1b 100644 --- a/acceptance/tests/environment/can_enumerate_environments.rb +++ b/acceptance/tests/environment/can_enumerate_environments.rb @@ -1,68 +1,69 @@ test_name "Can enumerate environments via an HTTP endpoint" def master_port(agent) setting_on(agent, "agent", "masterport") end def setting_on(host, section, name) on(host, puppet("config", "print", name, "--section", section)).stdout.chomp end def full_path(host, path) if host['platform'] =~ /win/ on(host, "cygpath '#{path}'").stdout.chomp else path end end def curl_master_from(agent, path, headers = '', &block) url = "https://#{master}:#{master_port(agent)}#{path}" cert_path = full_path(agent, setting_on(agent, "agent", "hostcert")) key_path = full_path(agent, setting_on(agent, "agent", "hostprivkey")) curl_base = "curl --tlsv1 -sg --cert \"#{cert_path}\" --key \"#{key_path}\" -k -H '#{headers}'" on agent, "#{curl_base} '#{url}'", &block end -environments_dir = master.tmpdir("environments") +master_user = on(master, "puppet master --configprint user").stdout.strip +environments_dir = create_tmpdir_for_user master, "environments" apply_manifest_on(master, <<-MANIFEST) File { ensure => directory, - owner => #{master['user']}, + owner => #{master_user}, group => #{master['group']}, mode => 0770, } file { "#{environments_dir}":; "#{environments_dir}/env1":; "#{environments_dir}/env2":; } MANIFEST master_opts = { :master => { :environmentpath => environments_dir } } if master.is_pe? master_opts[:master][:basemodulepath] = master['sitemoduledir'] end with_puppet_running_on(master, master_opts) do agents.each do |agent| step "Ensure that an unauthenticated client cannot access the environments list" do on agent, "curl --tlsv1 -ksv https://#{master}:#{master_port(agent)}/v2.0/environments", :acceptable_exit_codes => [0,7] do assert_match(/< HTTP\/1\.\d 403/, stderr) end end step "Ensure that an authenticated client can retrieve the list of environments" do curl_master_from(agent, '/v2.0/environments') do data = JSON.parse(stdout) assert_equal(["env1", "env2", "production"], data["environments"].keys.sort) end end end end diff --git a/acceptance/tests/environment/cmdline_overrides_environment.rb b/acceptance/tests/environment/cmdline_overrides_environment.rb index 274ccd908..78a07413b 100644 --- a/acceptance/tests/environment/cmdline_overrides_environment.rb +++ b/acceptance/tests/environment/cmdline_overrides_environment.rb @@ -1,320 +1,322 @@ test_name "Commandline modulepath and manifest settings override environment" -testdir = master.tmpdir('cmdline_and_environment') +skip_test "CLI-master tests are not applicable" if @options[:is_jvm_puppet] + +testdir = create_tmpdir_for_user master, 'cmdline_and_environment' environmentpath = "#{testdir}/environments" modulepath = "#{testdir}/modules" manifests = "#{testdir}/manifests" sitepp = "#{manifests}/site.pp" other_manifestdir = "#{testdir}/other_manifests" other_sitepp = "#{other_manifestdir}/site.pp" other_modulepath = "#{testdir}/some_other_modulepath" cmdline_manifest = "#{testdir}/cmdline.pp" step "Prepare manifests and modules" apply_manifest_on(master, <<-MANIFEST, :catch_failures => true) File { ensure => directory, owner => #{master['user']}, group => #{master['group']}, mode => 0750, } ############################################## # A production directory environment file { "#{testdir}":; "#{environmentpath}":; "#{environmentpath}/production":; "#{environmentpath}/production/manifests":; "#{environmentpath}/production/modules":; "#{environmentpath}/production/modules/amod":; "#{environmentpath}/production/modules/amod/manifests":; } file { "#{environmentpath}/production/modules/amod/manifests/init.pp": ensure => file, mode => 0640, content => 'class amod { notify { "amod from production environment": } }' } file { "#{environmentpath}/production/manifests/production.pp": ensure => file, mode => 0640, content => ' notify { "in production.pp": } include amod ' } ############################################################## # To be set as default manifests and modulepath in puppet.conf file { "#{modulepath}":; "#{modulepath}/amod/":; "#{modulepath}/amod/manifests":; } file { "#{modulepath}/amod/manifests/init.pp": ensure => file, mode => 0640, content => 'class amod { notify { "amod from modulepath": } }' } file { "#{manifests}": } file { "#{sitepp}": ensure => file, mode => 0640, content => ' notify { "in site.pp": } include amod ' } file { "#{other_manifestdir}": } file { "#{other_sitepp}": ensure => file, mode => 0640, content => ' notify { "in other manifestdir site.pp": } include amod ' } ################################ # To be specified on commandline file { "#{other_modulepath}":; "#{other_modulepath}/amod/":; "#{other_modulepath}/amod/manifests":; } file { "#{other_modulepath}/amod/manifests/init.pp": ensure => file, mode => 0640, content => 'class amod { notify { "amod from commandline modulepath": } }' } file { "#{cmdline_manifest}": ensure => file, mode => 0640, content => ' notify { "in cmdline.pp": } include amod ' } MANIFEST def shutdown_puppet_if_running_as_a_service if master.use_service_scripts? # Beaker defaults to leaving puppet running when using service scripts, # Need to shut it down so we can start up with commandline options on(master, puppet('resource', 'service', master['puppetservice'], 'ensure=stopped')) end end teardown do if master.use_service_scripts? # Beaker defaults to leaving puppet running when using service scripts, on(master, puppet('resource', 'service', master['puppetservice'], 'ensure=running')) end end # Note: this is the semantics seen with legacy environments if commandline # manifest/modulepath are set. step "CASE 1: puppet master with --manifest and --modulepath overrides set production directory environment" do if master.is_using_passenger? step "Skipping for Passenger (PE) setup; since the equivalent of a commandline override would be adding the setting to config.ru, which seems like a very odd thing to do." else shutdown_puppet_if_running_as_a_service master_opts = { 'master' => { 'environmentpath' => environmentpath, 'manifest' => sitepp, 'modulepath' => modulepath, }, :__service_args__ => { :bypass_service_script => true, }, } master_opts_with_cmdline = master_opts.merge(:__commandline_args__ => "--manifest=#{cmdline_manifest} --modulepath=#{other_modulepath}") with_puppet_running_on master, master_opts_with_cmdline, testdir do agents.each do |agent| on(agent, puppet("agent -t --server #{master}"), :acceptable_exit_codes => [2] ) do assert_match(/in cmdline\.pp/, stdout) assert_match(/amod from commandline modulepath/, stdout) assert_no_match(/production/, stdout) end step "CASE 1a: even if environment is specified" on(agent, puppet("agent -t --server #{master} --environment production"), :acceptable_exit_codes => [2]) do assert_match(/in cmdline\.pp/, stdout) assert_match(/amod from commandline modulepath/, stdout) assert_no_match(/production/, stdout) end end end step "CASE 2: or if you set --manifestdir" do master_opts_with_cmdline = master_opts.merge(:__commandline_args__ => "--manifestdir=#{other_manifestdir} --modulepath=#{other_modulepath}") step "CASE 2: it is ignored if manifest is set in puppet.conf to something not using $manifestdir" with_puppet_running_on master, master_opts_with_cmdline, testdir do agents.each do |agent| on(agent, puppet("agent -t --server #{master}"), :acceptable_exit_codes => [2]) do assert_match(/in production\.pp/, stdout) assert_match(/amod from commandline modulepath/, stdout) end end end step "CASE 2a: but does pull in the default manifest via manifestdir if manifest is not set" master_opts_with_cmdline = master_opts.merge(:__commandline_args__ => "--manifestdir=#{other_manifestdir} --modulepath=#{other_modulepath}") master_opts_with_cmdline['master'].delete('manifest') with_puppet_running_on master, master_opts_with_cmdline, testdir do agents.each do |agent| on(agent, puppet("agent -t --server #{master}"), :acceptable_exit_codes => [2]) do assert_match(/in other manifestdir site\.pp/, stdout) assert_match(/amod from commandline modulepath/, stdout) assert_no_match(/production/, stdout) end end end end end end step "CASE 3: puppet master with manifest and modulepath set in puppet.conf is overriden by an existing and set production directory environment" do master_opts = { 'master' => { 'environmentpath' => environmentpath, 'manifest' => sitepp, 'modulepath' => modulepath, } } if master.is_pe? master_opts['master']['basemodulepath'] = master['sitemoduledir'] end with_puppet_running_on master, master_opts, testdir do agents.each do |agent| step "CASE 3: this case is unfortunate, but will be irrelevant when we remove legacyenv in 4.0" on(agent, puppet("agent -t --server #{master}"), :acceptable_exit_codes => [2] ) do assert_match(/in production\.pp/, stdout) assert_match(/amod from production environment/, stdout) end step "CASE 3a: if environment is specified" on(agent, puppet("agent -t --server #{master} --environment production"), :acceptable_exit_codes => [2]) do assert_match(/in production\.pp/, stdout) assert_match(/amod from production environment/, stdout) end end end end step "CASE 4: puppet master with default manifest, modulepath, environment, environmentpath and an existing '#{environmentpath}/production' directory environment that has not been set" do if master.is_using_passenger? step "Skipping for PE because PE requires most of the existing puppet.conf and /etc/puppetlabs/puppet configuration, and we cannot simply point to a new conf directory." else shutdown_puppet_if_running_as_a_service ssldir = on(master, puppet("master --configprint ssldir")).stdout.chomp master_opts = { :__service_args__ => { :bypass_service_script => true, }, :__commandline_args__ => "--confdir=#{testdir} --ssldir=#{ssldir}" } with_puppet_running_on master, master_opts, testdir do agents.each do |agent| step "CASE 4: #{environmentpath}/production directory environment does not take precedence because default environmentpath is ''" on(agent, puppet("agent -t --server #{master}"), :acceptable_exit_codes => [2] ) do assert_match(/in site\.pp/, stdout) assert_match(/amod from modulepath/, stdout) end on(agent, puppet("agent -t --server #{master} --environment production"), :acceptable_exit_codes => [2]) do assert_match(/in site\.pp/, stdout) assert_match(/amod from modulepath/, stdout) end end end end end step "CASE 5: puppet master with explicit dynamic environment settings and empty environmentpath" do step "CASE 5: Prepare an additional modulepath module" apply_manifest_on(master, <<-MANIFEST, :catch_failures => true) File { ensure => directory, owner => #{master['user']}, group => #{master['group']}, mode => 0750, } # A second module in another modules dir file { "#{other_modulepath}":; "#{other_modulepath}/bmod/":; "#{other_modulepath}/bmod/manifests":; } file { "#{other_modulepath}/bmod/manifests/init.pp": ensure => file, mode => 0640, content => 'class bmod { notify { "bmod from other modulepath": } }' } file { "#{environmentpath}/production/manifests/production.pp": ensure => file, mode => 0640, content => ' notify { "in production.pp": } include amod include bmod ' } MANIFEST master_opts = { 'master' => { 'manifest' => "#{environmentpath}/$environment/manifests", 'modulepath' => "#{environmentpath}/$environment/modules:#{other_modulepath}", } } if master.is_pe? master_opts['master']['modulepath'] << ":#{master['sitemoduledir']}" end with_puppet_running_on master, master_opts, testdir do agents.each do |agent| step "CASE 5: pulls in the production environment based on $environment default" on(agent, puppet("agent -t --server #{master}"), :acceptable_exit_codes => [2] ) do assert_match(/in production\.pp/, stdout) assert_match(/amod from production environment/, stdout) step "CASE 5: and sees modules located in later elements of the modulepath (which would not be seen by a directory env (PUP-2158)" assert_match(/bmod from other modulepath/, stdout) end step "CASE 5a: pulls in the production environment when explicitly set" on(agent, puppet("agent -t --server #{master} --environment production"), :acceptable_exit_codes => [2] ) do assert_match(/in production\.pp/, stdout) assert_match(/amod from production environment/, stdout) step "CASE 5a: and sees modules located in later elements of the modulepath (which would not be seen by a directory env (PUP-2158)" assert_match(/bmod from other modulepath/, stdout) end end end end diff --git a/acceptance/tests/environment/directory.rb b/acceptance/tests/environment/directory.rb index 6bfcf3090..a295a9a48 100644 --- a/acceptance/tests/environment/directory.rb +++ b/acceptance/tests/environment/directory.rb @@ -1,224 +1,224 @@ test_name "directory environments" require 'puppet/acceptance/environment_utils' extend Puppet::Acceptance::EnvironmentUtils step "setup environments" stub_forge_on(master) -testdir = master.tmpdir("confdir") -puppet_conf_backup_dir = master.tmpdir("puppet-conf-backup-dir") +testdir = create_tmpdir_for_user master, "confdir" +puppet_conf_backup_dir = create_tmpdir_for_user(master, "puppet-conf-backup-dir") apply_manifest_on(master, environment_manifest(testdir), :catch_failures => true) results = {} review = {} #################### step "[ Run Tests ]" existing_directory_scenario = "Test a specific, existing directory environment configuration" step existing_directory_scenario master_opts = { 'main' => { 'environmentpath' => '$confdir/environments', 'config_version' => '$confdir/static-version.sh', } } general = [ master_opts, testdir, puppet_conf_backup_dir, { :directory_environments => true } ] results[existing_directory_scenario] = use_an_environment("testing", "directory testing", *general) default_environment_scenario = "Test behavior of default environment" step default_environment_scenario results[default_environment_scenario] = use_an_environment(nil, "default environment", *general) non_existent_environment_scenario = "Test for an environment that does not exist" step non_existent_environment_scenario results[non_existent_environment_scenario] = use_an_environment("doesnotexist", "non existent environment", *general) with_explicit_environment_conf_scenario = "Test a specific, existing directory environment with an explicit environment.conf file" step with_explicit_environment_conf_scenario results[with_explicit_environment_conf_scenario] = use_an_environment("testing_environment_conf", "directory with environment.conf testing", *general) master_environmentpath_scenario = "Test behavior of a directory environment when environmentpath is set in the master section" step master_environmentpath_scenario master_opts = { 'master' => { 'environmentpath' => '$confdir/environments', 'config_version' => '$confdir/static-version.sh', } } results[master_environmentpath_scenario] = use_an_environment("testing", "master environmentpath", master_opts, testdir, puppet_conf_backup_dir, :directory_environments => true, :config_print => '--section=master') bad_environmentpath_scenario = "Test behavior of directory environments when environmentpath is set to a non-existent directory" step bad_environmentpath_scenario master_opts = { 'main' => { 'environmentpath' => '/doesnotexist', 'config_version' => '$confdir/static-version.sh', } } results[bad_environmentpath_scenario] = use_an_environment("testing", "bad environmentpath", master_opts, testdir, puppet_conf_backup_dir, :directory_environments => true) ######################################## step "[ Report on Environment Results ]" step "Reviewing: #{existing_directory_scenario}" existing_directory_expectations = lambda do |env| { :puppet_config => { :exit_code => 0, :matches => [%r{manifest.*#{master['puppetpath']}/environments/#{env}/manifests$}, %r{modulepath.*#{master['puppetpath']}/environments/#{env}/modules:.+}, %r{config_version = $}] }, :puppet_module_install => { :exit_code => 0, :matches => [%r{Preparing to install into #{master['puppetpath']}/environments/#{env}/modules}, %r{pmtacceptance-nginx}], }, :puppet_module_uninstall => { :exit_code => 0, :matches => [%r{Removed.*pmtacceptance-nginx.*from #{master['puppetpath']}/environments/#{env}/modules}], }, :puppet_apply => { :exit_code => 0, :matches => [%r{include directory #{env} environment testing_mod}], }, :puppet_agent => { :exit_code => 2, :matches => [%r{Applying configuration version '\d+'}, %r{in directory #{env} environment site.pp}, %r{include directory #{env} environment testing_mod}], }, } end review[existing_directory_scenario] = review_results( results[existing_directory_scenario], existing_directory_expectations.call('testing') ) step "Reviewing: #{default_environment_scenario}" default_environment_expectations = existing_directory_expectations.call('production').merge( :puppet_apply => { :exit_code => 0, :matches => [%r{include default environment testing_mod}], :notes => "The production directory environment is empty, but the inclusion of basemodulepath in the directory environment modulepath picks up the default testing_mod class in $confdir/modules" }, :puppet_agent => { :exit_code => 0, :matches => [ %r{Applying configuration version '\d+'}], :does_not_match => [%r{include.*testing_mod}, %r{Warning.*404}], :notes => "The master automatically creates an empty production env dir." } ) review[default_environment_scenario] = review_results( results[default_environment_scenario], default_environment_expectations ) step "Reviewing: #{non_existent_environment_scenario}" non_existent_environment_expectations = lambda do |env,path| { :puppet_config => { :exit_code => 1, :matches => [%r{Could not find a directory environment named '#{env}' anywhere in the path.*#{path}}], }, :puppet_module_install => { :exit_code => 1, :matches => [%r{Could not find a directory environment named '#{env}' anywhere in the path.*#{path}}], }, :puppet_module_uninstall => { :exit_code => 1, :matches => [%r{Could not find a directory environment named '#{env}' anywhere in the path.*#{path}}], }, :puppet_apply => { :exit_code => 1, :matches => [%r{Could not find a directory environment named '#{env}' anywhere in the path.*#{path}}], }, :puppet_agent => { :exit_code => 1, :matches => [%r{Warning.*404.*Could not find environment '#{env}'}, %r{Could not retrieve catalog; skipping run}], }, } end review[non_existent_environment_scenario] = review_results( results[non_existent_environment_scenario], non_existent_environment_expectations.call('doesnotexist', master['puppetpath']) ) existing_directory_with_puppet_conf_expectations = { :puppet_config => { :exit_code => 0, :matches => [%r{manifest.*#{master['puppetpath']}/environments/testing_environment_conf/nonstandard-manifests$}, %r{modulepath.*#{master['puppetpath']}/environments/testing_environment_conf/nonstandard-modules:.+}, %r{config_version = #{master['puppetpath']}/environments/testing_environment_conf/local-version.sh$}] }, :puppet_module_install => { :exit_code => 0, :matches => [%r{Preparing to install into #{master['puppetpath']}/environments/testing_environment_conf/nonstandard-modules}, %r{pmtacceptance-nginx}], }, :puppet_module_uninstall => { :exit_code => 0, :matches => [%r{Removed.*pmtacceptance-nginx.*from #{master['puppetpath']}/environments/testing_environment_conf/nonstandard-modules}], }, :puppet_apply => { :exit_code => 0, :matches => [%r{include directory testing with environment\.conf testing_mod}], }, :puppet_agent => { :exit_code => 2, :matches => [%r{Applying configuration version 'local testing_environment_conf'}, %r{in directory testing with environment\.conf site.pp}, %r{include directory testing with environment\.conf testing_mod}], }, } step "Reviewing: #{with_explicit_environment_conf_scenario}" review[with_explicit_environment_conf_scenario] = review_results( results[with_explicit_environment_conf_scenario], existing_directory_with_puppet_conf_expectations ) master_environmentpath_expectations = existing_directory_expectations.call('testing').merge( :puppet_module_install => { :exit_code => 0, :matches => [%r{Preparing to install into #{master['puppetpath']}/modules}, %r{pmtacceptance-nginx}], :expect_failure => true, :notes => "Runs in user mode and doesn't see the master environmenetpath setting.", }, :puppet_module_uninstall => { :exit_code => 0, :matches => [%r{Removed.*pmtacceptance-nginx.*from #{master['puppetpath']}/modules}], :expect_failure => true, :notes => "Runs in user mode and doesn't see the master environmenetpath setting.", }, :puppet_apply => { :exit_code => 0, :matches => [%r{include default environment testing_mod}], :expect_failure => true, :notes => "Runs in user mode and doesn't see the master environmenetpath setting.", } ) step "Reviewing: #{master_environmentpath_scenario}" review[master_environmentpath_scenario] = review_results( results[master_environmentpath_scenario], master_environmentpath_expectations ) bad_environmentpath_expectations = non_existent_environment_expectations.call('testing', '/doesnotexist') step "Reviewing: #{bad_environmentpath_scenario}" review[bad_environmentpath_scenario] = review_results( results[bad_environmentpath_scenario], bad_environmentpath_expectations ) ######################### step "[ Assert Success ]" assert_review(review) diff --git a/acceptance/tests/environment/directory_environment_with_environment_conf.rb b/acceptance/tests/environment/directory_environment_with_environment_conf.rb index e556c2d1e..cba94941e 100644 --- a/acceptance/tests/environment/directory_environment_with_environment_conf.rb +++ b/acceptance/tests/environment/directory_environment_with_environment_conf.rb @@ -1,109 +1,110 @@ test_name 'Use a directory environment from environmentpath with an environment.conf' -testdir = master.tmpdir('use-environment-conf') +testdir = create_tmpdir_for_user master, 'use-environment-conf' absolute_manifestdir = "#{testdir}/manifests" absolute_modulesdir = "#{testdir}/absolute-modules" absolute_globalsdir = "#{testdir}/global-modules" +master_user = on(master, "puppet master --configprint user").stdout.strip apply_manifest_on(master, <<-MANIFEST, :catch_failures => true) File { ensure => directory, - owner => #{master['user']}, + owner => #{master_user}, group => #{master['group']}, mode => 0770, } file { "#{testdir}":; "#{testdir}/environments":; "#{testdir}/environments/direnv":; "#{testdir}/environments/direnv/environment.conf": ensure => file, mode => 0640, content => ' manifest=#{absolute_manifestdir} modulepath=relative-modules:#{absolute_modulesdir}:$basemodulepath config_version=version_script.sh ' ; "#{testdir}/environments/direnv/relative-modules":; "#{testdir}/environments/direnv/relative-modules/relmod":; "#{testdir}/environments/direnv/relative-modules/relmod/manifests":; "#{testdir}/environments/direnv/relative-modules/relmod/manifests/init.pp": ensure => file, mode => 0640, content => 'class relmod { notify { "included relmod": } }' ; "#{testdir}/environments/direnv/version_script.sh": ensure => file, mode => 0750, content => '#!/usr/bin/env sh echo "ver123" ' ; "#{absolute_manifestdir}":; "#{absolute_manifestdir}/site.pp": ensure => file, mode => 0640, content => ' notify { "direnv site.pp": } include relmod include absmod include globalmod ' ; "#{absolute_modulesdir}":; "#{absolute_modulesdir}/absmod":; "#{absolute_modulesdir}/absmod/manifests":; "#{absolute_modulesdir}/absmod/manifests/init.pp": ensure => file, mode => 0640, content => 'class absmod { notify { "included absmod": } }' ; "#{absolute_globalsdir}":; "#{absolute_globalsdir}/globalmod":; "#{absolute_globalsdir}/globalmod/manifests":; "#{absolute_globalsdir}/globalmod/manifests/init.pp": ensure => file, mode => 0640, content => 'class globalmod { notify { "included globalmod": } }' ; } MANIFEST master_opts = { 'master' => { 'environmentpath' => "#{testdir}/environments", 'basemodulepath' => "#{absolute_globalsdir}", } } if master.is_pe? master_opts['master']['basemodulepath'] << ":#{master['sitemoduledir']}" end with_puppet_running_on master, master_opts, testdir do agents.each do |agent| on(agent, puppet("agent", "-t", "--server", master, "--environment", "direnv"), :acceptable_exit_codes => [2]) do |result| assert_match(/direnv site.pp/, result.stdout) assert_match(/included relmod/, result.stdout) assert_match(/included absmod/, result.stdout) assert_match(/included globalmod/, result.stdout) assert_match(/Applying.*ver123/, result.stdout) end end end diff --git a/acceptance/tests/environment/dynamic.rb b/acceptance/tests/environment/dynamic.rb index 060e5426a..2431c1155 100644 --- a/acceptance/tests/environment/dynamic.rb +++ b/acceptance/tests/environment/dynamic.rb @@ -1,121 +1,121 @@ test_name "dynamic environments" require 'puppet/acceptance/environment_utils' extend Puppet::Acceptance::EnvironmentUtils step "setup environments" stub_forge_on(master) -testdir = master.tmpdir("confdir") -puppet_conf_backup_dir = master.tmpdir("puppet-conf-backup-dir") +testdir = create_tmpdir_for_user master, "confdir" +puppet_conf_backup_dir = create_tmpdir_for_user(master, "puppet-conf-backup-dir") apply_manifest_on(master, environment_manifest(testdir), :catch_failures => true) results = {} review = {} #################### step "[ Run Tests ]" existing_dynamic_scenario = "Test a specific, existing dynamic environment configuration" step existing_dynamic_scenario master_opts = { 'main' => { 'manifest' => '$confdir/dynamic/$environment/manifests', 'modulepath' => '$confdir/dynamic/$environment/modules', 'config_version' => '$confdir/static-version.sh', } } results[existing_dynamic_scenario] = use_an_environment("testing", "dynamic testing", master_opts, testdir, puppet_conf_backup_dir) default_environment_scenario = "Test behavior of default environment" step default_environment_scenario results[default_environment_scenario] = use_an_environment(nil, "default environment", master_opts, testdir, puppet_conf_backup_dir) non_existent_environment_scenario = "Test for an environment that does not exist" step non_existent_environment_scenario results[non_existent_environment_scenario] = use_an_environment("doesnotexist", "non existent environment", master_opts, testdir, puppet_conf_backup_dir) ######################################## step "[ Report on Environment Results ]" confdir = master.puppet['confdir'] step "Reviewing: #{existing_dynamic_scenario}" review[existing_dynamic_scenario] = review_results(results[existing_dynamic_scenario], :puppet_config => { :exit_code => 0, :matches => [%r{manifest.*#{confdir}/dynamic/testing/manifests$}, %r{modulepath.*#{confdir}/dynamic/testing/modules$}, %r{config_version.*#{confdir}/static-version.sh$}] }, :puppet_module_install => { :exit_code => 0, :matches => [%r{Preparing to install into #{confdir}/dynamic/testing/modules}, %r{pmtacceptance-nginx}], }, :puppet_module_uninstall => { :exit_code => 0, :matches => [%r{Removed.*pmtacceptance-nginx.*from #{confdir}/dynamic/testing/modules}], }, :puppet_apply => { :exit_code => 0, :matches => [%r{include dynamic testing environment testing_mod}], }, :puppet_agent => { :exit_code => 2, :matches => [%r{Applying configuration version 'static'}, %r{in dynamic testing environment site.pp}, %r{include dynamic testing environment testing_mod}], } ) step "Reviewing: #{default_environment_scenario}" default_expectations = lambda do |env| { :puppet_config => { :exit_code => 0, :matches => [%r{manifest.*#{confdir}/dynamic/#{env}/manifests$}, %r{modulepath.*#{confdir}/dynamic/#{env}/modules$}, %r{^config_version.*#{confdir}/static-version.sh$}] }, :puppet_module_install => { :exit_code => 0, :matches => [%r{Preparing to install into #{confdir}/dynamic/#{env}/modules}, %r{pmtacceptance-nginx}], }, :puppet_module_uninstall => { :exit_code => 0, :matches => [%r{Removed.*pmtacceptance-nginx.*from #{confdir}/dynamic/#{env}/modules}], }, :puppet_apply => { :exit_code => 1, :matches => [ENV['PARSER'] == 'future' ? %r{Error:.*Could not find class ::testing_mod} : %r{Error:.*Could not find class testing_mod} ], }, :puppet_agent => { :exit_code => 0, :matches => [%r{Applying configuration version 'static'}], :does_not_match => [%r{in default environment site.pp}, %r{include default environment testing_mod}, %r{Notice: include}], }, } end review[default_environment_scenario] = review_results( results[default_environment_scenario], default_expectations.call('production') ) step "Reviewing: #{non_existent_environment_scenario}" review[non_existent_environment_scenario] = review_results( results[non_existent_environment_scenario], default_expectations.call('doesnotexist') ) ######################### step "[ Assert Success ]" assert_review(review) diff --git a/acceptance/tests/environment/dynamic_environments.rb b/acceptance/tests/environment/dynamic_environments.rb index f1994744d..6fe68688a 100644 --- a/acceptance/tests/environment/dynamic_environments.rb +++ b/acceptance/tests/environment/dynamic_environments.rb @@ -1,138 +1,138 @@ test_name "Dynamic Environments" -testdir = master.tmpdir('dynamic-environment') +testdir = create_tmpdir_for_user master, 'dynamic-environment' environmentsdir = "#{testdir}/environments" step "Prepare manifests and modules" def an_environment(envdir, env) content = <<-ENVIRONMENT #################### # #{env} environment file { "#{envdir}/#{env}":; "#{envdir}/#{env}/hiera":; "#{envdir}/#{env}/manifests":; "#{envdir}/#{env}/modules":; "#{envdir}/#{env}/modules/amod":; "#{envdir}/#{env}/modules/amod/manifests":; } file { "#{envdir}/#{env}/hiera/#{env}.yaml": ensure => file, mode => 0640, content => 'foo: foo-#{env}', } file { "#{envdir}/#{env}/hiera/common.yaml": ensure => file, mode => 0640, content => 'foo: foo-common', } file { "#{envdir}/#{env}/manifests/site.pp": ensure => file, mode => 0640, content => ' notify { "#{env}-site.pp": } notify { "hiera": message => hiera(foo), } include amod ' } file { "#{envdir}/#{env}/modules/amod/manifests/init.pp": ensure => file, mode => 0640, content => ' class amod { notify { "#{env}-amod": } } ' } ENVIRONMENT end manifest = <<-MANIFEST File { ensure => directory, owner => #{master['user']}, group => #{master['group']}, mode => 0750, } file { "#{testdir}":; "#{environmentsdir}":; } file { "#{testdir}/hiera.yaml": ensure => file, mode => 0640, content => ' --- :backends: yaml :yaml: :datadir: "#{environmentsdir}/%{environment}/hiera" :hierarchy: - "%{environment}" - common ', } #{an_environment(environmentsdir, 'production')} #{an_environment(environmentsdir, 'testing')} MANIFEST apply_manifest_on(master, manifest, :catch_failures => true) def test_on_agents(environment, default_env = false) agents.each do |agent| environment_switch = "--environment #{environment}" if !default_env on(agent, puppet("agent -t --server #{master}", environment_switch), :acceptable_exit_codes => [2] ) do assert_match(/#{environment}-site.pp/, stdout) assert_match(/foo-#{environment}/, stdout) assert_match(/#{environment}-amod/, stdout) end end end ssldir = on(master, puppet("master --configprint ssldir")).stdout.chomp common_opts = { 'modulepath' => "#{testdir}/environments/$environment/modules", 'hiera_config' => "#{testdir}/hiera.yaml", } if master.is_pe? common_opts['modulepath'] << ":#{master['sitemoduledir']}" end master_opts = { 'master' => { 'manifest' => "#{testdir}/environments/$environment/manifests/site.pp", }.merge(common_opts) } with_puppet_running_on master, master_opts, testdir do step "Agent run with default environment" test_on_agents('production', true) end master_opts = { 'master' => { 'manifest' => "#{testdir}/environments/$environment/manifests/site.pp", }.merge(common_opts) } with_puppet_running_on master, master_opts, testdir do step "Agent run with testing environment" test_on_agents('testing') step "And then agent run with another environment but the same master process" test_on_agents('production') end master_opts = { 'master' => { 'manifestdir' => "#{testdir}/environments/$environment/manifests", }.merge(common_opts) } with_puppet_running_on master, master_opts, testdir do step "Agent run with testing environment and manifestdir set instead of manifest" test_on_agents('testing') end diff --git a/acceptance/tests/environment/static.rb b/acceptance/tests/environment/static.rb index e3b1481df..d37823bd5 100644 --- a/acceptance/tests/environment/static.rb +++ b/acceptance/tests/environment/static.rb @@ -1,115 +1,115 @@ test_name "legacy environments" require 'puppet/acceptance/environment_utils' extend Puppet::Acceptance::EnvironmentUtils step "setup environments" stub_forge_on(master) -testdir = master.tmpdir("confdir") -puppet_conf_backup_dir = master.tmpdir("puppet-conf-backup-dir") +testdir = create_tmpdir_for_user master, "confdir" +puppet_conf_backup_dir = create_tmpdir_for_user(master, "puppet-conf-backup-dir") apply_manifest_on(master, environment_manifest(testdir), :catch_failures => true) results = {} review = {} #################### step "[ Run Tests ]" existing_legacy_scenario = "Test a specific, existing legacy environment configuration" step existing_legacy_scenario master_opts = { 'testing' => { 'manifest' => "$confdir/testing-manifests", 'modulepath' => "$confdir/testing-modules", 'config_version' => "$confdir/static-version.sh", }, } results[existing_legacy_scenario] = use_an_environment("testing", "legacy testing", master_opts, testdir, puppet_conf_backup_dir) default_environment_scenario = "Test behavior of default environment" step default_environment_scenario results[default_environment_scenario] = use_an_environment(nil, "default environment", master_opts, testdir, puppet_conf_backup_dir) non_existent_environment_scenario = "Test for an environment that does not exist" step non_existent_environment_scenario results[non_existent_environment_scenario] = use_an_environment("doesnotexist", "non existent environment", master_opts, testdir, puppet_conf_backup_dir) ######################################## step "[ Report on Environment Results ]" confdir = master.puppet['confdir'] step "Reviewing: #{existing_legacy_scenario}" review[existing_legacy_scenario] = review_results(results[existing_legacy_scenario], :puppet_config => { :exit_code => 0, :matches => [%r{manifest.*#{confdir}/testing-manifests$}, %r{modulepath.*#{confdir}/testing-modules$}, %r{config_version.*#{confdir}/static-version.sh$}] }, :puppet_module_install => { :exit_code => 0, :matches => [%r{Preparing to install into #{confdir}/testing-modules}, %r{pmtacceptance-nginx}], }, :puppet_module_uninstall => { :exit_code => 0, :matches => [%r{Removed.*pmtacceptance-nginx.*from #{confdir}/testing-modules}], }, :puppet_apply => { :exit_code => 0, :matches => [%r{include legacy testing environment testing_mod}], }, :puppet_agent => { :exit_code => 2, :matches => [%r{Applying configuration version 'static'}, %r{in legacy testing environment site.pp}, %r{include legacy testing environment testing_mod}], } ) step "Reviewing: #{default_environment_scenario}" default_expectations = { :puppet_config => { :exit_code => 0, :matches => [%r{manifest.*#{confdir}/manifests/site.pp$}, %r{modulepath.*#{confdir}/modules:.*}, %r{^config_version\s+=\s*$}] }, :puppet_module_install => { :exit_code => 0, :matches => [%r{Preparing to install into #{confdir}/modules}, %r{pmtacceptance-nginx}], }, :puppet_module_uninstall => { :exit_code => 0, :matches => [%r{Removed.*pmtacceptance-nginx.*from #{confdir}/modules}], }, :puppet_apply => { :exit_code => 0, :matches => [%r{include default environment testing_mod}], }, :puppet_agent => { :exit_code => 2, :matches => [%r{Applying configuration version '\d+'}, %r{in default environment site.pp}, %r{include default environment testing_mod}], }, } review[default_environment_scenario] = review_results( results[default_environment_scenario], default_expectations ) step "Reviewing: #{non_existent_environment_scenario}" review[non_existent_environment_scenario] = review_results( results[non_existent_environment_scenario], default_expectations ) ######################### step "[ Assert Success ]" assert_review(review) diff --git a/acceptance/tests/environment/use_agent_environment_when_enc_doesnt_specify.rb b/acceptance/tests/environment/use_agent_environment_when_enc_doesnt_specify.rb index 098cf1cc8..310f9fb2b 100644 --- a/acceptance/tests/environment/use_agent_environment_when_enc_doesnt_specify.rb +++ b/acceptance/tests/environment/use_agent_environment_when_enc_doesnt_specify.rb @@ -1,40 +1,40 @@ test_name "Agent should use agent environment if there is an enc that does not specify the environment" -testdir = master.tmpdir('use_agent_env') +testdir = create_tmpdir_for_user master, 'use_agent_env' create_remote_file master, "#{testdir}/enc.rb", < { 'node_terminus' => 'exec', 'external_nodes' => "#{testdir}/enc.rb", 'manifest' => "#{testdir}/site.pp" }, 'production' => { 'manifest' => "#{testdir}/different.pp" }, 'more_different' => { 'manifest' => "#{testdir}/more_different.pp" } } on master, "chown -R #{master['user']}:#{master['group']} #{testdir}" on master, "chmod -R g+rwX #{testdir}" with_puppet_running_on master, master_opts, testdir do agents.each do |agent| run_agent_on(agent, "--no-daemonize --onetime --server #{master} --verbose --environment more_different") assert_match(/more_different_string/, stdout, "Did not find more_different_string from \"more_different\" environment") end end diff --git a/acceptance/tests/environment/use_agent_environment_when_no_enc.rb b/acceptance/tests/environment/use_agent_environment_when_no_enc.rb index 2f9ce9397..9c850bbe1 100644 --- a/acceptance/tests/environment/use_agent_environment_when_no_enc.rb +++ b/acceptance/tests/environment/use_agent_environment_when_no_enc.rb @@ -1,29 +1,29 @@ test_name "Agent should use agent environment if there is no enc-specified environment" -testdir = master.tmpdir('use_agent_env') +testdir = create_tmpdir_for_user master, 'use_agent_env' create_remote_file(master, "#{testdir}/different.pp", 'notify { "production environment": }') create_remote_file(master, "#{testdir}/more_different.pp", 'notify { "more_different_string": }') on master, "chown -R #{master['user']}:#{master['group']} #{testdir}" on master, "chmod -R g+rwX #{testdir}" master_opts = { 'main' => { 'manifest' => "#{testdir}/site.pp" }, 'production' => { 'manifest' => "#{testdir}/different.pp" }, 'more_different' => { 'manifest' => "#{testdir}/more_different.pp" } } with_puppet_running_on master, master_opts, testdir do agents.each do |agent| run_agent_on(agent, "--no-daemonize --onetime --server #{master} --verbose --environment more_different") assert_match(/more_different_string/, stdout, "Did not find more_different_string from \"more_different\" environment") end end diff --git a/acceptance/tests/environment/use_enc_environment.rb b/acceptance/tests/environment/use_enc_environment.rb index c6d62e13e..5c182570b 100644 --- a/acceptance/tests/environment/use_enc_environment.rb +++ b/acceptance/tests/environment/use_enc_environment.rb @@ -1,36 +1,36 @@ test_name "Agent should environment given by ENC" -testdir = master.tmpdir('use_enc_env') +testdir = create_tmpdir_for_user master, 'use_enc_env' create_remote_file master, "#{testdir}/enc.rb", < { 'node_terminus' => 'exec', 'external_nodes' => "#{testdir}/enc.rb", 'manifest' => "#{testdir}/site.pp" }, 'special' => { 'manifest' => "#{testdir}/different.pp" } } create_remote_file(master, "#{testdir}/different.pp", 'notify { "expected_string": }') on master, "chown -R #{master['user']}:#{master['group']} #{testdir}" on master, "chmod -R g+rwX #{testdir}" with_puppet_running_on master, master_opts, testdir do agents.each do |agent| run_agent_on(agent, "--no-daemonize --onetime --server #{master} --verbose") assert_match(/expected_string/, stdout, "Did not find expected_string from \"special\" environment") end end diff --git a/acceptance/tests/environment/use_enc_environment_for_files.rb b/acceptance/tests/environment/use_enc_environment_for_files.rb index 357d1a8ff..fcd160b42 100644 --- a/acceptance/tests/environment/use_enc_environment_for_files.rb +++ b/acceptance/tests/environment/use_enc_environment_for_files.rb @@ -1,63 +1,63 @@ test_name "Agent should use environment given by ENC for fetching remote files" -testdir = master.tmpdir('respect_enc_test') +testdir = create_tmpdir_for_user master, 'respect_enc_test' create_remote_file master, "#{testdir}/enc.rb", < { 'node_terminus' => 'exec', 'external_nodes' => "#{testdir}/enc.rb", 'filetimeout' => 1 }, 'special' => { 'modulepath' => "#{testdir}/special", 'manifest' => "#{testdir}/different.pp" } } if master.is_pe? master_opts['special']['modulepath'] << ":#{master['sitemoduledir']}" end with_puppet_running_on master, master_opts, testdir do agents.each do |agent| - atmp = agent.tmpdir('respect_enc_test') + atmp = create_tmpdir_for_user agent, 'respect_enc_test' logger.debug "agent: #{agent} \tagent.tmpdir => #{atmp}" create_remote_file master, "#{testdir}/different.pp", < "puppet:///modules/amod/testy", } notify { "mytemp is ${::mytemp}": } END on master, "chmod 644 #{testdir}/different.pp" sleep 2 # Make sure the master has time to reload the file run_agent_on(agent, "--no-daemonize --onetime --server #{master} --verbose --trace") on agent, "cat #{atmp}/special_testy" do |result| assert_match(/special_environment/, result.stdout, "The file from environment 'special' was not found") end on agent, "rm -rf #{atmp}" end end diff --git a/acceptance/tests/environment/use_enc_environment_for_pluginsync.rb b/acceptance/tests/environment/use_enc_environment_for_pluginsync.rb index 72a12ed33..bfebc0b8e 100644 --- a/acceptance/tests/environment/use_enc_environment_for_pluginsync.rb +++ b/acceptance/tests/environment/use_enc_environment_for_pluginsync.rb @@ -1,43 +1,43 @@ test_name "Agent should use environment given by ENC for pluginsync" -testdir = master.tmpdir('respect_enc_test') +testdir = create_tmpdir_for_user master, 'respect_enc_test' create_remote_file master, "#{testdir}/enc.rb", < { 'node_terminus' => 'exec', 'external_nodes' => "#{testdir}/enc.rb" }, 'special' => { 'modulepath' => "#{testdir}/special" } } if master.is_pe? master_opts['special']['modulepath'] << ":#{master['sitemoduledir']}" end on master, "mkdir -p #{testdir}/modules" # Create a plugin file on the master on master, "mkdir -p #{testdir}/special/amod/lib/puppet" create_remote_file(master, "#{testdir}/special/amod/lib/puppet/foo.rb", "#special_version") on master, "chown -R #{master['user']}:#{master['group']} #{testdir}" on master, "chmod -R g+rwX #{testdir}" with_puppet_running_on master, master_opts, testdir do agents.each do |agent| run_agent_on(agent, "--no-daemonize --onetime --server #{master}") on agent, "cat \"#{agent.puppet['vardir']}/lib/puppet/foo.rb\"" assert_match(/#special_version/, stdout, "The plugin from environment 'special' was not synced") on agent, "rm -rf \"#{agent.puppet['vardir']}/lib\"" end end diff --git a/acceptance/tests/environment/use_environment_from_environmentpath.rb b/acceptance/tests/environment/use_environment_from_environmentpath.rb index c3dd576c4..ab54fcccf 100644 --- a/acceptance/tests/environment/use_environment_from_environmentpath.rb +++ b/acceptance/tests/environment/use_environment_from_environmentpath.rb @@ -1,188 +1,189 @@ test_name "Use environments from the environmentpath" -testdir = master.tmpdir('use_environmentpath') +testdir = create_tmpdir_for_user master, 'use_environmentpath' def generate_environment(path_to_env, environment) env_content = <<-EOS "#{path_to_env}/#{environment}":; "#{path_to_env}/#{environment}/manifests":; "#{path_to_env}/#{environment}/modules":; EOS end def generate_module_content(module_name, options = {}) base_path = options[:base_path] environment = options[:environment] env_path = options[:env_path] path_to_module = [base_path, env_path, environment, "modules"].compact.join("/") module_info = "module-#{module_name}" module_info << "-from-#{environment}" if environment module_content = <<-EOS "#{path_to_module}/#{module_name}":; "#{path_to_module}/#{module_name}/manifests":; "#{path_to_module}/#{module_name}/files":; "#{path_to_module}/#{module_name}/templates":; "#{path_to_module}/#{module_name}/lib":; "#{path_to_module}/#{module_name}/lib/facter":; "#{path_to_module}/#{module_name}/manifests/init.pp": ensure => file, mode => 0640, content => 'class #{module_name} { notify { "template-#{module_name}": message => template("#{module_name}/our_template.erb") } file { "$agent_file_location/file-#{module_info}": source => "puppet:///modules/#{module_name}/data" } }' ; "#{path_to_module}/#{module_name}/lib/facter/environment_fact_#{module_name}.rb": ensure => file, mode => 0640, content => "Facter.add(:environment_fact_#{module_name}) { setcode { 'environment fact from #{module_info}' } }" ; "#{path_to_module}/#{module_name}/files/data": ensure => file, mode => 0640, content => "data file from #{module_info}" ; "#{path_to_module}/#{module_name}/templates/our_template.erb": ensure => file, mode => 0640, content => "<%= @environment_fact_#{module_name} %>" ; EOS end def generate_site_manifest(path_to_manifest, *modules_to_include) manifest_content = <<-EOS "#{path_to_manifest}/site.pp": ensure => file, mode => 0640, content => "#{modules_to_include.map { |m| "include #{m}" }.join("\n")}" ; EOS end +master_user = on(master, "puppet master --configprint user").stdout.strip apply_manifest_on(master, <<-MANIFEST, :catch_failures => true) File { ensure => directory, - owner => #{master['user']}, + owner => #{master_user}, group => #{master['group']}, mode => 0770, } file { "#{testdir}":; "#{testdir}/base":; "#{testdir}/additional":; "#{testdir}/modules":; #{generate_environment("#{testdir}/base", "shadowed")} #{generate_environment("#{testdir}/base", "onlybase")} #{generate_environment("#{testdir}/additional", "shadowed")} #{generate_module_content("atmp", :base_path => testdir, :env_path => 'base', :environment => 'shadowed')} #{generate_site_manifest("#{testdir}/base/shadowed/manifests", "atmp", "globalmod")} #{generate_module_content("atmp", :base_path => testdir, :env_path => 'base', :environment => 'onlybase')} #{generate_site_manifest("#{testdir}/base/onlybase/manifests", "atmp", "globalmod")} #{generate_module_content("atmp", :base_path => testdir, :env_path => 'additional', :environment => 'shadowed')} #{generate_site_manifest("#{testdir}/additional/shadowed/manifests", "atmp", "globalmod")} # And one global module (--modulepath setting) #{generate_module_content("globalmod", :base_path => testdir)} "#{testdir}/additional/production":; "#{testdir}/additional/production/manifests":; #{generate_site_manifest("#{testdir}/additional/production/manifests", "globalmod")} } MANIFEST def run_with_environment(agent, environment, options = {}) expected_exit_code = options[:expected_exit_code] || 2 expected_strings = options[:expected_strings] step "running an agent in environment '#{environment}'" - atmp = agent.tmpdir("use_environmentpath_#{environment}") + atmp = create_tmpdir_for_user agent, "use_environmentpath_#{environment}" agent_config = [ "-t", "--server", master, ] agent_config << '--environment' << environment if environment # This to test how the agent behaves when using the directory environment # loaders (which will not load an environment if it does not exist) agent_config << "--environmentpath='$confdir/environments'" if agent != master agent_config << { 'ENV' => { "FACTER_agent_file_location" => atmp }, } on(agent, puppet("agent", *agent_config), :acceptable_exit_codes => [expected_exit_code]) do |result| yield atmp, result end on agent, "rm -rf #{atmp}" end master_opts = { 'master' => { 'environmentpath' => "#{testdir}/additional:#{testdir}/base", 'basemodulepath' => "#{testdir}/modules", } } if master.is_pe? master_opts['master']['basemodulepath'] << ":#{master['sitemoduledir']}" end with_puppet_running_on master, master_opts, testdir do agents.each do |agent| run_with_environment(agent, "shadowed") do |tmpdir,catalog_result| ["module-atmp-from-shadowed", "module-globalmod"].each do |expected| assert_match(/environment fact from #{expected}/, catalog_result.stdout) end ["module-atmp-from-shadowed", "module-globalmod"].each do |expected| on agent, "cat #{tmpdir}/file-#{expected}" do |file_result| assert_match(/data file from #{expected}/, file_result.stdout) end end end run_with_environment(agent, "onlybase") do |tmpdir,catalog_result| ["module-atmp-from-onlybase", "module-globalmod"].each do |expected| assert_match(/environment fact from #{expected}/, catalog_result.stdout) end ["module-atmp-from-onlybase", "module-globalmod"].each do |expected| on agent, "cat #{tmpdir}/file-#{expected}" do |file_result| assert_match(/data file from #{expected}/, file_result.stdout) end end end if master.is_pe? step("This test cannot run if the production environment directory does not exist, because the fallback production environment puppet creates has an empty modulepath and PE cannot run without it's basemodulepath in /opt. PUP-2519, which implicitly creates the production environment directory should allow this to run again") else run_with_environment(agent, nil, :expected_exit_code => 2) do |tmpdir, catalog_result| assert_no_match(/module-atmp/, catalog_result.stdout, "module-atmp was included despite no environment being loaded") assert_match(/environment fact from module-globalmod/, catalog_result.stdout) on agent, "cat #{tmpdir}/file-module-globalmod" do |file_result| assert_match(/data file from module-globalmod/, file_result.stdout) end end end end end diff --git a/acceptance/tests/external_ca_support/apache_external_root_ca.rb b/acceptance/tests/external_ca_support/apache_external_root_ca.rb index 029479aba..39bd194c1 100644 --- a/acceptance/tests/external_ca_support/apache_external_root_ca.rb +++ b/acceptance/tests/external_ca_support/apache_external_root_ca.rb @@ -1,201 +1,203 @@ begin require 'puppet_x/acceptance/external_cert_fixtures' rescue LoadError $LOAD_PATH.unshift(File.expand_path('../../../lib', __FILE__)) require 'puppet_x/acceptance/external_cert_fixtures' end # This test only runs on EL-6 master roles. confine :to, :platform => 'el-6' confine :except, :type => 'pe' +skip_test "Test not supported on jvm" if @options[:is_jvm_puppet] + if master.use_service_scripts? # Beaker defaults to leaving puppet running when using service scripts, # Need to shut it down so we can start up our apache instance on(master, puppet('resource', 'service', master['puppetservice'], 'ensure=stopped')) teardown do # And ensure that it is up again after everything is done on(master, puppet('resource', 'service', master['puppetservice'], 'ensure=running')) end end # Verify that a trivial manifest can be run to completion. # Supported Setup: Single, Root CA # - Agent and Master SSL cert issued by the Root CA # - Revocation disabled on the agent `certificate_revocation = false` # - CA disabled on the master `ca = false` # # SUPPORT NOTES # # * If the x509 alt names extension is used when issuing SSL server certificates # for the Puppet master, then the client SSL certificate issued by an external # CA must posses the DNS common name in the alternate name field. This is # due to a bug in Ruby. If the CN is not duplicated in the Alt Names, then # the following error will appear on the agent with MRI 1.8.7: # # Warning: Server hostname 'master1.example.org' did not match server # certificate; expected one of master1.example.org, DNS:puppet, # DNS:master-ca.example.org # # See: https://bugs.ruby-lang.org/issues/6493 test_name "Puppet agent works with Apache, both configured with externally issued certificates from independent intermediate CA's" step "Copy certificates and configuration files to the master..." fixture_dir = File.expand_path('../fixtures', __FILE__) testdir = master.tmpdir('apache_external_root_ca') fixtures = PuppetX::Acceptance::ExternalCertFixtures.new(fixture_dir, testdir) # We need this variable in scope. disable_and_reenable_selinux = nil # Register our cleanup steps early in a teardown so that they will happen even # if execution aborts part way. teardown do step "Cleanup Apache (httpd) and /etc/hosts" # Restore /etc/hosts on master, "cp -p '#{testdir}/hosts' /etc/hosts" # stop the service before moving files around on master, "/etc/init.d/httpd stop" on master, "mv --force /etc/httpd/conf/httpd.conf{,.external_ca_test}" on master, "mv --force /etc/httpd/conf/httpd.conf{.orig,}" if disable_and_reenable_selinux step "Restore the original state of SELinux" on master, "setenforce 1" end end # Read all of the CA certificates. # Copy all of the x.509 fixture data over to the master. create_remote_file master, "#{testdir}/ca_root.crt", fixtures.root_ca_cert create_remote_file master, "#{testdir}/ca_agent.crt", fixtures.agent_ca_cert create_remote_file master, "#{testdir}/ca_master.crt", fixtures.master_ca_cert create_remote_file master, "#{testdir}/ca_master.crl", fixtures.master_ca_crl create_remote_file master, "#{testdir}/ca_master_bundle.crt", "#{fixtures.master_ca_cert}\n#{fixtures.root_ca_cert}\n" create_remote_file master, "#{testdir}/ca_agent_bundle.crt", "#{fixtures.agent_ca_cert}\n#{fixtures.root_ca_cert}\n" create_remote_file master, "#{testdir}/agent.crt", fixtures.agent_cert create_remote_file master, "#{testdir}/agent.key", fixtures.agent_key create_remote_file master, "#{testdir}/agent_email.crt", fixtures.agent_email_cert create_remote_file master, "#{testdir}/agent_email.key", fixtures.agent_email_key create_remote_file master, "#{testdir}/master.crt", fixtures.master_cert create_remote_file master, "#{testdir}/master.key", fixtures.master_key create_remote_file master, "#{testdir}/master_rogue.crt", fixtures.master_cert_rogue create_remote_file master, "#{testdir}/master_rogue.key", fixtures.master_key_rogue ## # Now create the master and agent puppet.conf # # We need to create the public directory for Passenger and the modules # directory to avoid `Error: Could not evaluate: Could not retrieve information # from environment production source(s) puppet://master1.example.org/plugins` on master, "mkdir -p #{testdir}/etc/{master/{public,modules/empty/lib},agent}" # Backup /etc/hosts on master, "cp -p /etc/hosts '#{testdir}/hosts'" # Make master1.example.org resolve if it doesn't already. on master, "grep -q -x '#{fixtures.host_entry}' /etc/hosts || echo '#{fixtures.host_entry}' >> /etc/hosts" create_remote_file master, "#{testdir}/etc/agent/puppet.conf", fixtures.agent_conf create_remote_file master, "#{testdir}/etc/agent/puppet.conf.crl", fixtures.agent_conf_crl create_remote_file master, "#{testdir}/etc/agent/puppet.conf.email", fixtures.agent_conf_email create_remote_file master, "#{testdir}/etc/master/puppet.conf", fixtures.master_conf # auth.conf to allow *.example.com access to the rest API create_remote_file master, "#{testdir}/etc/master/auth.conf", fixtures.auth_conf create_remote_file master, "#{testdir}/etc/master/config.ru", fixtures.config_ru step "Set filesystem permissions and ownership for the master" # These permissions are required for Passenger to start Puppet as puppet on master, "chown -R puppet:puppet #{testdir}/etc/master" # These permissions are just for testing, end users should protect their # private keys. on master, "chmod -R a+rX #{testdir}" agent_cmd_prefix = "--confdir #{testdir}/etc/agent --vardir #{testdir}/etc/agent/var" step "Configure EPEL" epel_release_path = "http://mirror.us.leaseweb.net/epel/6/i386/epel-release-6-8.noarch.rpm" on master, "rpm -q epel-release || (yum -y install #{epel_release_path} && yum -y upgrade epel-release)" step "Configure Apache and Passenger" packages = [ 'httpd', 'mod_ssl', 'mod_passenger', 'rubygem-passenger', 'policycoreutils-python' ] packages.each do |pkg| on master, "rpm -q #{pkg} || (yum -y install #{pkg})" end create_remote_file master, "#{testdir}/etc/httpd.conf", fixtures.httpd_conf on master, 'test -f /etc/httpd/conf/httpd.conf.orig || cp -p /etc/httpd/conf/httpd.conf{,.orig}' on master, "cat #{testdir}/etc/httpd.conf > /etc/httpd/conf/httpd.conf" step "Make SELinux and Apache play nicely together..." on master, "sestatus" do if stdout.match(/Current mode:.*enforcing/) disable_and_reenable_selinux = true else disable_and_reenable_selinux = false end end if disable_and_reenable_selinux on master, "setenforce 0" end step "Start the Apache httpd service..." on master, 'service httpd restart' # Move the agent SSL cert and key into place. # The filename must match the configured certname, otherwise Puppet will try # and generate a new certificate and key step "Configure the agent with the externally issued certificates" on master, "mkdir -p #{testdir}/etc/agent/ssl/{public_keys,certs,certificate_requests,private_keys,private}" create_remote_file master, "#{testdir}/etc/agent/ssl/certs/#{fixtures.agent_name}.pem", fixtures.agent_cert create_remote_file master, "#{testdir}/etc/agent/ssl/private_keys/#{fixtures.agent_name}.pem", fixtures.agent_key # Now, try and run the agent on the master against itself. step "Successfully run the puppet agent on the master" on master, puppet_agent("#{agent_cmd_prefix} --test"), :acceptable_exit_codes => (0..255) do assert_no_match /Creating a new SSL key/, stdout assert_no_match /\Wfailed\W/i, stderr assert_no_match /\Wfailed\W/i, stdout assert_no_match /\Werror\W/i, stderr assert_no_match /\Werror\W/i, stdout # Assert the exit code so we get a "Failed test" instead of an "Errored test" assert exit_code == 0 end step "Agent refuses to connect to a rogue master" on master, puppet_agent("#{agent_cmd_prefix} --ssl_client_ca_auth=#{testdir}/ca_master.crt --masterport=8141 --test"), :acceptable_exit_codes => (0..255) do assert_no_match /Creating a new SSL key/, stdout assert_match /certificate verify failed/i, stderr assert_match /The server presented a SSL certificate chain which does not include a CA listed in the ssl_client_ca_auth file/i, stderr assert exit_code == 1 end step "Master accepts client cert with email address in subject" on master, "cp #{testdir}/etc/agent/puppet.conf{,.no_email}" on master, "cp #{testdir}/etc/agent/puppet.conf{.email,}" on master, puppet_agent("#{agent_cmd_prefix} --test"), :acceptable_exit_codes => (0..255) do assert_no_match /\Wfailed\W/i, stdout assert_no_match /\Wfailed\W/i, stderr assert_no_match /\Werror\W/i, stdout assert_no_match /\Werror\W/i, stderr # Assert the exit code so we get a "Failed test" instead of an "Errored test" assert exit_code == 0 end step "Agent refuses to connect to revoked master" on master, "cp #{testdir}/etc/agent/puppet.conf{,.no_crl}" on master, "cp #{testdir}/etc/agent/puppet.conf{.crl,}" revoke_opts = "--hostcrl #{testdir}/ca_master.crl" on master, puppet_agent("#{agent_cmd_prefix} #{revoke_opts} --test"), :acceptable_exit_codes => (0..255) do assert_match /certificate revoked.*?example.org/, stderr assert exit_code == 1 end step "Finished testing External Certificates" diff --git a/acceptance/tests/helpful_error_message_when_hostname_not_match_server_certificate.rb b/acceptance/tests/helpful_error_message_when_hostname_not_match_server_certificate.rb index 11394598f..115e69e2c 100644 --- a/acceptance/tests/helpful_error_message_when_hostname_not_match_server_certificate.rb +++ b/acceptance/tests/helpful_error_message_when_hostname_not_match_server_certificate.rb @@ -1,17 +1,18 @@ test_name "generate a helpful error message when hostname doesn't match server certificate" +skip_test "Certs need to be signed with DNS Alt names." if @options[:is_jvm_puppet] skip_test( 'Changing certnames of the master will break PE/Passenger installations' ) if master.is_using_passenger? # Start the master with a certname not matching its hostname master_opts = { 'master' => { 'certname' => 'foobar_not_my_hostname', 'dns_alt_names' => 'one_cert,two_cert,red_cert,blue_cert' } } with_puppet_running_on master, master_opts do run_agent_on(agents, "--test --server #{master}", :acceptable_exit_codes => (1..255)) do msg = "Server hostname '#{master}' did not match server certificate; expected one of foobar_not_my_hostname, DNS:blue_cert, DNS:foobar_not_my_hostname, DNS:one_cert, DNS:red_cert, DNS:two_cert" assert_match(msg, stderr) end end diff --git a/acceptance/tests/reports/submission.rb b/acceptance/tests/reports/submission.rb index 96e7afafe..8036f2c32 100644 --- a/acceptance/tests/reports/submission.rb +++ b/acceptance/tests/reports/submission.rb @@ -1,55 +1,54 @@ test_name "Report submission" if master.is_pe? require "time" def query_last_report_time_on(agent) time_query_script = <<-EOS require "net/http" require "json" puppetdb_url = URI("http://localhost:8080/v3/reports") puppetdb_url.query = URI.escape(%Q{query=["=","certname","#{agent}"]}) result = Net::HTTP.get(puppetdb_url) json = JSON.load(result) puts json.first["receive-time"] EOS puppetdb = hosts.detect { |h| h['roles'].include?('database') } on(puppetdb, "#{master[:puppetbindir]}/ruby -e '#{time_query_script}'").output.chomp end last_times = {} agents.each do |agent| last_times[agent] = query_last_report_time_on(agent) end with_puppet_running_on(master, {}) do agents.each do |agent| on(agent, puppet('agent', "-t --server #{master}")) current_time = Time.parse(query_last_report_time_on(agent)) last_time = Time.parse(last_times[agent]) assert(current_time > last_time, "Most recent report time #{current_time} is not newer than last report time #{last_time}") end end else - testdir = master.tmpdir('report_submission') - on(master, "chown puppet:puppet #{testdir}") + testdir = create_tmpdir_for_user master, 'report_submission' teardown do on master, "rm -rf #{testdir}" end with_puppet_running_on(master, :main => { :reportdir => testdir, :reports => 'store' }) do agents.each do |agent| on(agent, puppet('agent', "-t --server #{master}")) on master, "grep -q #{agent} #{testdir}/*/*" end end end diff --git a/acceptance/tests/security/cve-2013-3567_yaml_deserialization_again.rb b/acceptance/tests/security/cve-2013-3567_yaml_deserialization_again.rb index e14fd1612..ebdfa32a0 100644 --- a/acceptance/tests/security/cve-2013-3567_yaml_deserialization_again.rb +++ b/acceptance/tests/security/cve-2013-3567_yaml_deserialization_again.rb @@ -1,40 +1,40 @@ test_name "CVE-2013-3567 Arbitrary YAML Deserialization" -reportdir = master.tmpdir('yaml_deserialization') +reportdir = create_tmpdir_for_user master, 'yaml_deserialization' dangerous_yaml = "--- !ruby/object:Puppet::Transaction::Report { metrics: { resources: !ruby/object:ERB { src: 'exit 0' } }, logs: [], resource_statuses: [], host: '$(puppet master --configprint certname)' }" submit_bad_yaml = [ "curl --tlsv1 -k -X PUT", "--cacert $(puppet master --configprint cacert)", "--cert $(puppet master --configprint hostcert)", "--key $(puppet master --configprint hostprivkey)", "-H 'Content-Type: text/yaml'", "-d \"#{dangerous_yaml}\"", "\"https://#{master}:8140/production/report/$(puppet master --configprint certname)\"" ].join(' ') master_opts = { 'master' => { 'reportdir' => reportdir, 'reports' => 'store', } } # In PE, the master is running as non-root. We need to set the # reportdir permissions correctly for it. on master, "chmod 750 #{reportdir}" if options.is_pe? on master, "chown pe-puppet:pe-puppet #{reportdir}" elsif master.is_using_passenger? on master, "chown puppet:puppet #{reportdir}" end with_puppet_running_on(master, master_opts) do on master, submit_bad_yaml on master, "cat #{reportdir}/$(puppet master --configprint certname)/*" do assert_no_match(/ERB/, stdout, "Improperly propagated ERB object from input into puppet code") end end on master, "rm -rf #{reportdir}" diff --git a/acceptance/tests/ssl/certificate_extensions.rb b/acceptance/tests/ssl/certificate_extensions.rb index 5b8c49f62..1f7832aa2 100644 --- a/acceptance/tests/ssl/certificate_extensions.rb +++ b/acceptance/tests/ssl/certificate_extensions.rb @@ -1,74 +1,75 @@ require 'puppet/acceptance/common_utils' require 'puppet/acceptance/temp_file_utils' extend Puppet::Acceptance::CAUtils extend Puppet::Acceptance::TempFileUtils initialize_temp_dirs test_name "certificate extensions available as trusted data" do + teardown do reset_agent_ssl end hostname = master.execute('facter hostname') fqdn = master.execute('facter fqdn') site_pp = get_test_file_path(master, "site.pp") master_config = { 'master' => { 'autosign' => '/bin/true', 'dns_alt_names' => "puppet,#{hostname},#{fqdn}", 'manifest' => site_pp, 'trusted_node_data' => true, } } csr_attributes = YAML.dump({ 'extension_requests' => { # registered puppet extensions 'pp_uuid' => 'b5e63090-5167-11e3-8f96-0800200c9a66', 'pp_instance_id' => 'i-3fkva', # private (arbitrary) extensions '1.3.6.1.4.1.34380.1.2.1' => 'db-server', # node role '1.3.6.1.4.1.34380.1.2.2' => 'webops' # node group } }) create_test_file(master, "site.pp", <<-SITE) file { "$test_dir/trusted.yaml": ensure => file, content => inline_template("<%= YAML.dump(@trusted) %>") } SITE reset_agent_ssl(false) with_puppet_running_on(master, master_config) do agents.each do |agent| next if agent == master agent_csr_attributes = get_test_file_path(agent, "csr_attributes.yaml") create_remote_file(agent, agent_csr_attributes, csr_attributes) on(agent, puppet("agent", "--test", "--server", master, "--waitforcert", 0, "--csr_attributes", agent_csr_attributes, "--certname #{agent}-extensions", 'ENV' => { "FACTER_test_dir" => get_test_file_path(agent, "") }), :acceptable_exit_codes => [0, 2]) trusted_data = YAML.load(on(agent, "cat #{get_test_file_path(agent, 'trusted.yaml')}").stdout) assert_equal({ 'authenticated' => 'remote', 'certname' => "#{agent}-extensions", 'extensions' => { 'pp_uuid' => 'b5e63090-5167-11e3-8f96-0800200c9a66', 'pp_instance_id' => 'i-3fkva', '1.3.6.1.4.1.34380.1.2.1' => 'db-server', '1.3.6.1.4.1.34380.1.2.2' => 'webops' } }, trusted_data) end end end diff --git a/acceptance/tests/ticket_7117_broke_env_criteria_authconf.rb b/acceptance/tests/ticket_7117_broke_env_criteria_authconf.rb index 7f5f8c4d4..a94165076 100644 --- a/acceptance/tests/ticket_7117_broke_env_criteria_authconf.rb +++ b/acceptance/tests/ticket_7117_broke_env_criteria_authconf.rb @@ -1,37 +1,38 @@ # Windows doesn't suppoert Facter fqdn properly confine :except, :platform => 'windows' test_name "#7117 Broke the environment criteria in auth.conf" -testdir = master.tmpdir('env_in_auth_conf') + +testdir = create_tmpdir_for_user master, 'env_in_auth_conf' # add to auth.conf add_2_authconf = %q{ path / environment override auth any allow * } step "Create a temp auth.conf" create_remote_file master, "#{testdir}/auth.conf", add_2_authconf on master, "chmod 644 #{testdir}/auth.conf" on master, "chmod 777 #{testdir}" with_puppet_running_on master, {'master' => {'rest_authconfig' => "#{testdir}/auth.conf"}}, testdir do agents.each do |agent| # Run test on Agents step "Run agent to upload facts" on agent, puppet_agent("--test --server #{master}") certname = master.is_pe? ? agent.to_s : on(agent, facter('fqdn')).stdout.chomp step "Fetch agent facts from Puppet Master" on(agent, "curl --tlsv1 -k -H \"Accept: yaml\" https://#{master}:8140/override/facts/#{certname}") do assert_match(/--- !ruby\/object:Puppet::Node::Facts/, stdout, "Agent Facts not returned for #{agent}") end end end