diff --git a/acceptance/tests/environment/cmdline_overrides_environment.rb b/acceptance/tests/environment/cmdline_overrides_environment.rb deleted file mode 100644 index ad3652c7f..000000000 --- a/acceptance/tests/environment/cmdline_overrides_environment.rb +++ /dev/null @@ -1,330 +0,0 @@ -test_name "Commandline modulepath and manifest settings override environment" - -skip_test "CLI-master tests are not applicable" if @options[:is_puppetserver] - -require 'puppet/acceptance/classifier_utils' -extend Puppet::Acceptance::ClassifierUtils - -classify_nodes_as_agent_specified_if_classifer_present - -testdir = create_tmpdir_for_user master, 'cmdline_and_environment' -environmentpath = "#{testdir}/environments" -modulepath = "#{testdir}/modules" -manifests = "#{testdir}/manifests" -sitepp = "#{manifests}/site.pp" -other_manifestdir = "#{testdir}/other_manifests" -other_sitepp = "#{other_manifestdir}/site.pp" -other_modulepath = "#{testdir}/some_other_modulepath" -cmdline_manifest = "#{testdir}/cmdline.pp" - -step "Prepare manifests and modules" -apply_manifest_on(master, <<-MANIFEST, :catch_failures => true) -File { - ensure => directory, - owner => #{master['user']}, - group => #{master['group']}, - mode => "0750", -} - -############################################## -# A production directory environment -file { - "#{testdir}":; - "#{environmentpath}":; - "#{environmentpath}/production":; - "#{environmentpath}/production/manifests":; - "#{environmentpath}/production/modules":; - "#{environmentpath}/production/modules/amod":; - "#{environmentpath}/production/modules/amod/manifests":; -} - -file { "#{environmentpath}/production/modules/amod/manifests/init.pp": - ensure => file, - mode => "0640", - content => 'class amod { - notify { "amod from production environment": } - }' -} - -file { "#{environmentpath}/production/manifests/production.pp": - ensure => file, - mode => "0640", - content => ' - notify { "in production.pp": } - include amod - ' -} - -############################################################## -# To be set as default manifests and modulepath in puppet.conf -file { - "#{modulepath}":; - "#{modulepath}/amod/":; - "#{modulepath}/amod/manifests":; -} - -file { "#{modulepath}/amod/manifests/init.pp": - ensure => file, - mode => "0640", - content => 'class amod { - notify { "amod from modulepath": } - }' -} - -file { "#{manifests}": } -file { "#{sitepp}": - ensure => file, - mode => "0640", - content => ' - notify { "in site.pp": } - include amod - ' -} - -file { "#{other_manifestdir}": } -file { "#{other_sitepp}": - ensure => file, - mode => "0640", - content => ' - notify { "in other manifestdir site.pp": } - include amod - ' -} - -################################ -# To be specified on commandline -file { - "#{other_modulepath}":; - "#{other_modulepath}/amod/":; - "#{other_modulepath}/amod/manifests":; -} - -file { "#{other_modulepath}/amod/manifests/init.pp": - ensure => file, - mode => "0640", - content => 'class amod { - notify { "amod from commandline modulepath": } - }' -} - -file { "#{cmdline_manifest}": - ensure => file, - mode => "0640", - content => ' - notify { "in cmdline.pp": } - include amod - ' -} -MANIFEST - -def shutdown_puppet_if_running_as_a_service - if master.use_service_scripts? - # Beaker defaults to leaving puppet running when using service scripts, - # Need to shut it down so we can start up with commandline options - on(master, puppet('resource', 'service', master['puppetservice'], 'ensure=stopped')) - end -end - -teardown do - if master.use_service_scripts? - # Beaker defaults to leaving puppet running when using service scripts, - on(master, puppet('resource', 'service', master['puppetservice'], 'ensure=running')) - end -end - -# Note: this is the semantics seen with legacy environments if commandline -# manifest/modulepath are set. -step "CASE 1: puppet master with --manifest and --modulepath overrides set production directory environment" do - if master.is_using_passenger? - step "Skipping for Passenger (PE) setup; since the equivalent of a commandline override would be adding the setting to config.ru, which seems like a very odd thing to do." - else - - shutdown_puppet_if_running_as_a_service - - master_opts = { - 'master' => { - 'environmentpath' => environmentpath, - 'manifest' => sitepp, - 'modulepath' => modulepath, - }, - :__service_args__ => { - :bypass_service_script => true, - }, - } - - master_opts_with_cmdline = master_opts.merge(:__commandline_args__ => "--manifest=#{cmdline_manifest} --modulepath=#{other_modulepath}") - with_puppet_running_on master, master_opts_with_cmdline, testdir do - agents.each do |agent| - on(agent, puppet("agent -t --server #{master}"), :acceptable_exit_codes => [2] ) do - assert_match(/in cmdline\.pp/, stdout) - assert_match(/amod from commandline modulepath/, stdout) - assert_no_match(/production/, stdout) - end - - step "CASE 1a: even if environment is specified" - on(agent, puppet("agent -t --server #{master} --environment production"), :acceptable_exit_codes => [2]) do - assert_match(/in cmdline\.pp/, stdout) - assert_match(/amod from commandline modulepath/, stdout) - assert_no_match(/production/, stdout) - end - end - end - - step "CASE 2: or if you set --manifestdir" do - master_opts_with_cmdline = master_opts.merge(:__commandline_args__ => "--manifestdir=#{other_manifestdir} --modulepath=#{other_modulepath}") - step "CASE 2: it is ignored if manifest is set in puppet.conf to something not using $manifestdir" - with_puppet_running_on master, master_opts_with_cmdline, testdir do - agents.each do |agent| - on(agent, puppet("agent -t --server #{master}"), :acceptable_exit_codes => [2]) do - assert_match(/in production\.pp/, stdout) - assert_match(/amod from commandline modulepath/, stdout) - end - end - end - - step "CASE 2a: but does pull in the default manifest via manifestdir if manifest is not set" - master_opts_with_cmdline = master_opts.merge(:__commandline_args__ => "--manifestdir=#{other_manifestdir} --modulepath=#{other_modulepath}") - master_opts_with_cmdline['master'].delete('manifest') - with_puppet_running_on master, master_opts_with_cmdline, testdir do - agents.each do |agent| - on(agent, puppet("agent -t --server #{master}"), :acceptable_exit_codes => [2]) do - assert_match(/in other manifestdir site\.pp/, stdout) - assert_match(/amod from commandline modulepath/, stdout) - assert_no_match(/production/, stdout) - end - end - end - end - end -end - -step "CASE 3: puppet master with manifest and modulepath set in puppet.conf is overriden by an existing and set production directory environment" do - master_opts = { - 'master' => { - 'environmentpath' => environmentpath, - 'manifest' => sitepp, - 'modulepath' => modulepath, - } - } - if master.is_pe? - master_opts['master']['basemodulepath'] = master['sitemoduledir'] - end - - with_puppet_running_on master, master_opts, testdir do - agents.each do |agent| - step "CASE 3: this case is unfortunate, but will be irrelevant when we remove legacyenv in 4.0" - on(agent, puppet("agent -t --server #{master}"), :acceptable_exit_codes => [2] ) do - assert_match(/in production\.pp/, stdout) - assert_match(/amod from production environment/, stdout) - end - - step "CASE 3a: if environment is specified" - on(agent, puppet("agent -t --server #{master} --environment production"), :acceptable_exit_codes => [2]) do - assert_match(/in production\.pp/, stdout) - assert_match(/amod from production environment/, stdout) - end - end - end -end - -step "CASE 4: puppet master with default manifest, modulepath, environment, environmentpath and an existing '#{environmentpath}/production' directory environment that has not been set" do - - if master.is_using_passenger? - step "Skipping for PE because PE requires most of the existing puppet.conf and /etc/puppetlabs/puppet configuration, and we cannot simply point to a new conf directory." - else - - shutdown_puppet_if_running_as_a_service - - ssldir = on(master, puppet("master --configprint ssldir")).stdout.chomp - master_opts = { - :__service_args__ => { - :bypass_service_script => true, - }, - :__commandline_args__ => "--confdir=#{testdir} --ssldir=#{ssldir}" - } - - with_puppet_running_on master, master_opts, testdir do - agents.each do |agent| - step "CASE 4: #{environmentpath}/production directory environment does not take precedence because default environmentpath is ''" - on(agent, puppet("agent -t --server #{master}"), :acceptable_exit_codes => [2] ) do - assert_match(/in site\.pp/, stdout) - assert_match(/amod from modulepath/, stdout) - end - on(agent, puppet("agent -t --server #{master} --environment production"), :acceptable_exit_codes => [2]) do - assert_match(/in site\.pp/, stdout) - assert_match(/amod from modulepath/, stdout) - end - end - end - end -end - -step "CASE 5: puppet master with explicit dynamic environment settings and empty environmentpath" do - step "CASE 5: Prepare an additional modulepath module" - apply_manifest_on(master, <<-MANIFEST, :catch_failures => true) - File { - ensure => directory, - owner => #{master['user']}, - group => #{master['group']}, - mode => "0750", - } - - # A second module in another modules dir - file { - "#{other_modulepath}":; - "#{other_modulepath}/bmod/":; - "#{other_modulepath}/bmod/manifests":; - } - - file { "#{other_modulepath}/bmod/manifests/init.pp": - ensure => file, - mode => "0640", - content => 'class bmod { - notify { "bmod from other modulepath": } - }' - } - - file { "#{environmentpath}/production/manifests/production.pp": - ensure => file, - mode => "0640", - content => ' - notify { "in production.pp": } - include amod - include bmod - ' - } - MANIFEST - - master_opts = { - 'main' => { - 'environmentpath' => '', - }, - 'master' => { - 'manifest' => "#{environmentpath}/$environment/manifests", - 'modulepath' => "#{environmentpath}/$environment/modules:#{other_modulepath}", - } - } - if master.is_pe? - master_opts['master']['modulepath'] << ":#{master['sitemoduledir']}" - end - - with_puppet_running_on master, master_opts, testdir do - agents.each do |agent| - step "CASE 5: pulls in the production environment based on $environment default" - on(agent, puppet("agent -t --server #{master}"), :acceptable_exit_codes => [2] ) do - assert_match(/in production\.pp/, stdout) - assert_match(/amod from production environment/, stdout) - step "CASE 5: and sees modules located in later elements of the modulepath (which would not be seen by a directory env (PUP-2158)" - assert_match(/bmod from other modulepath/, stdout) - end - - step "CASE 5a: pulls in the production environment when explicitly set" - on(agent, puppet("agent -t --server #{master} --environment production"), :acceptable_exit_codes => [2] ) do - assert_match(/in production\.pp/, stdout) - assert_match(/amod from production environment/, stdout) - step "CASE 5a: and sees modules located in later elements of the modulepath (which would not be seen by a directory env (PUP-2158)" - assert_match(/bmod from other modulepath/, stdout) - end - end - end -end diff --git a/acceptance/tests/environment/dynamic.rb b/acceptance/tests/environment/dynamic.rb deleted file mode 100644 index 46b89db16..000000000 --- a/acceptance/tests/environment/dynamic.rb +++ /dev/null @@ -1,131 +0,0 @@ -test_name "dynamic environments" -require 'puppet/acceptance/environment_utils' -extend Puppet::Acceptance::EnvironmentUtils -require 'puppet/acceptance/classifier_utils' -extend Puppet::Acceptance::ClassifierUtils - -hosts.each do |host| - skip_test "skip tests requiring forge certs on solaris and aix" if host['platform'] =~ /solaris/ -end - -classify_nodes_as_agent_specified_if_classifer_present - -step "setup environments" - -stub_forge_on(master) - -testdir = create_tmpdir_for_user master, "confdir" -puppet_conf_backup_dir = create_tmpdir_for_user(master, "puppet-conf-backup-dir") - -apply_manifest_on(master, environment_manifest(testdir), :catch_failures => true) - -results = {} -review = {} - -#################### -step "[ Run Tests ]" - -existing_dynamic_scenario = "Test a specific, existing dynamic environment configuration" -step existing_dynamic_scenario -master_opts = { - 'main' => { - 'environmentpath' => '', - 'manifest' => '$confdir/dynamic/$environment/manifests', - 'modulepath' => '$confdir/dynamic/$environment/modules', - 'config_version' => '$confdir/static-version.sh', - } -} -if master.is_pe? - master_opts['main']['modulepath'] << ":#{master['sitemoduledir']}" -end - -results[existing_dynamic_scenario] = use_an_environment("testing", "dynamic testing", master_opts, testdir, puppet_conf_backup_dir) - -default_environment_scenario = "Test behavior of default environment" -step default_environment_scenario -results[default_environment_scenario] = use_an_environment(nil, "default environment", master_opts, testdir, puppet_conf_backup_dir) - -non_existent_environment_scenario = "Test for an environment that does not exist" -step non_existent_environment_scenario -results[non_existent_environment_scenario] = use_an_environment("doesnotexist", "non existent environment", master_opts, testdir, puppet_conf_backup_dir) - -######################################## -step "[ Report on Environment Results ]" - -confdir = master.puppet['confdir'] - -step "Reviewing: #{existing_dynamic_scenario}" -review[existing_dynamic_scenario] = review_results(results[existing_dynamic_scenario], - :puppet_config => { - :exit_code => 0, - :matches => [%r{manifest.*#{confdir}/dynamic/testing/manifests$}, - %r{modulepath.*#{confdir}/dynamic/testing/modules(?::#{master['sitemoduledir']})?$}, - %r{config_version.*#{confdir}/static-version.sh$}] - }, - :puppet_module_install => { - :exit_code => 0, - :matches => [%r{Preparing to install into #{confdir}/dynamic/testing/modules}, - %r{pmtacceptance-nginx}], - }, - :puppet_module_uninstall => { - :exit_code => 0, - :matches => [%r{Removed.*pmtacceptance-nginx.*from #{confdir}/dynamic/testing/modules}], - }, - :puppet_apply => { - :exit_code => 0, - :matches => [%r{include dynamic testing environment testing_mod}], - }, - :puppet_agent => { - :exit_code => 2, - :matches => [%r{Applying configuration version 'static'}, - %r{in dynamic testing environment site.pp}, - %r{include dynamic testing environment testing_mod}], - } -) - -step "Reviewing: #{default_environment_scenario}" -default_expectations = lambda do |env| - { - :puppet_config => { - :exit_code => 0, - :matches => [%r{manifest.*#{confdir}/dynamic/#{env}/manifests$}, - %r{modulepath.*#{confdir}/dynamic/#{env}/modules(?::#{master['sitemoduledir']})?$}, - %r{^config_version.*#{confdir}/static-version.sh$}] - }, - :puppet_module_install => { - :exit_code => 0, - :matches => [%r{Preparing to install into #{confdir}/dynamic/#{env}/modules}, - %r{pmtacceptance-nginx}], - }, - :puppet_module_uninstall => { - :exit_code => 0, - :matches => [%r{Removed.*pmtacceptance-nginx.*from #{confdir}/dynamic/#{env}/modules}], - }, - :puppet_apply => { - :exit_code => 1, - :matches => [%r{Error:.*Could not find class ::testing_mod}], - }, - :puppet_agent => { - :exit_code => 0, - :matches => [%r{Applying configuration version 'static'}], - :does_not_match => [%r{in default environment site.pp}, - %r{include default environment testing_mod}, - %r{Notice: include}], - }, - } -end -review[default_environment_scenario] = review_results( - results[default_environment_scenario], - default_expectations.call('production') -) - -step "Reviewing: #{non_existent_environment_scenario}" -review[non_existent_environment_scenario] = review_results( - results[non_existent_environment_scenario], - default_expectations.call('doesnotexist') -) - -######################### -step "[ Assert Success ]" - -assert_review(review) diff --git a/acceptance/tests/environment/dynamic_environments.rb b/acceptance/tests/environment/dynamic_environments.rb deleted file mode 100644 index 7d9e43697..000000000 --- a/acceptance/tests/environment/dynamic_environments.rb +++ /dev/null @@ -1,143 +0,0 @@ -test_name "Dynamic Environments" -require 'puppet/acceptance/classifier_utils' -extend Puppet::Acceptance::ClassifierUtils - -classify_nodes_as_agent_specified_if_classifer_present - -testdir = create_tmpdir_for_user master, 'dynamic-environment' -environmentsdir = "#{testdir}/environments" - -step "Prepare manifests and modules" -def an_environment(envdir, env) - content = <<-ENVIRONMENT - -#################### -# #{env} environment -file { - "#{envdir}/#{env}":; - "#{envdir}/#{env}/hiera":; - "#{envdir}/#{env}/manifests":; - "#{envdir}/#{env}/modules":; - "#{envdir}/#{env}/modules/amod":; - "#{envdir}/#{env}/modules/amod/manifests":; -} - -file { "#{envdir}/#{env}/hiera/#{env}.yaml": - ensure => file, - mode => "0640", - content => 'foo: foo-#{env}', -} -file { "#{envdir}/#{env}/hiera/common.yaml": - ensure => file, - mode => "0640", - content => 'foo: foo-common', -} -file { "#{envdir}/#{env}/manifests/site.pp": - ensure => file, - mode => "0640", - content => ' - notify { "#{env}-site.pp": } - notify { "hiera": - message => hiera(foo), - } - include amod - ' -} -file { "#{envdir}/#{env}/modules/amod/manifests/init.pp": - ensure => file, - mode => "0640", - content => ' - class amod { - notify { "#{env}-amod": } - } - ' -} - ENVIRONMENT -end - -manifest = <<-MANIFEST -File { - ensure => directory, - owner => #{master['user']}, - group => #{master['group']}, - mode => "0750", -} - -file { - "#{testdir}":; - "#{environmentsdir}":; -} - -file { "#{testdir}/hiera.yaml": - ensure => file, - mode => "0640", - content => ' ---- -:backends: yaml -:yaml: - :datadir: "#{environmentsdir}/%{environment}/hiera" -:hierarchy: - - "%{environment}" - - common - ', -} - -#{an_environment(environmentsdir, 'production')} -#{an_environment(environmentsdir, 'testing')} -MANIFEST - -apply_manifest_on(master, manifest, :catch_failures => true) - -def test_on_agents(environment, default_env = false) - agents.each do |agent| - environment_switch = "--environment #{environment}" if !default_env - on(agent, puppet("agent -t --server #{master}", environment_switch), :acceptable_exit_codes => [2] ) do - assert_match(/#{environment}-site.pp/, stdout) - assert_match(/foo-#{environment}/, stdout) - assert_match(/#{environment}-amod/, stdout) - end - end -end - -ssldir = on(master, puppet("master --configprint ssldir")).stdout.chomp - -common_opts = { - 'environmentpath' => '', - 'modulepath' => "#{testdir}/environments/$environment/modules", - 'hiera_config' => "#{testdir}/hiera.yaml", -} -if master.is_pe? - common_opts['modulepath'] << ":#{master['sitemoduledir']}" -end - -master_opts = { - 'main' => { - 'manifest' => "#{testdir}/environments/$environment/manifests/site.pp", - }.merge(common_opts) -} -with_puppet_running_on master, master_opts, testdir do - step "Agent run with default environment" - test_on_agents('production', true) -end - -master_opts = { - 'main' => { - 'manifest' => "#{testdir}/environments/$environment/manifests/site.pp", - }.merge(common_opts) -} -with_puppet_running_on master, master_opts, testdir do - step "Agent run with testing environment" - test_on_agents('testing') - step "And then agent run with another environment but the same master process" - test_on_agents('production') -end - -master_opts = { - 'main' => { - 'manifestdir' => "#{testdir}/environments/$environment/manifests", - }.merge(common_opts) -} -with_puppet_running_on master, master_opts, testdir do - step "Agent run with testing environment and manifestdir set instead of manifest" - test_on_agents('testing') -end diff --git a/acceptance/tests/environment/environment_scenario-bad.rb b/acceptance/tests/environment/environment_scenario-bad.rb index 1d4b8f5fc..a96c9f660 100644 --- a/acceptance/tests/environment/environment_scenario-bad.rb +++ b/acceptance/tests/environment/environment_scenario-bad.rb @@ -1,55 +1,54 @@ test_name "Test behavior of directory environments when environmentpath is set to a non-existent directory" require 'puppet/acceptance/environment_utils' extend Puppet::Acceptance::EnvironmentUtils require 'puppet/acceptance/classifier_utils' extend Puppet::Acceptance::ClassifierUtils classify_nodes_as_agent_specified_if_classifer_present step "setup environments" stub_forge_on(master) testdir = create_tmpdir_for_user master, "confdir" puppet_conf_backup_dir = create_tmpdir_for_user(master, "puppet-conf-backup-dir") apply_manifest_on(master, environment_manifest(testdir), :catch_failures => true) step "Test" master_opts = { 'main' => { 'environmentpath' => '/doesnotexist', - 'config_version' => '$confdir/static-version.sh', } } general = [ master_opts, testdir, puppet_conf_backup_dir, { :directory_environments => true } ] env = 'doesnotexist' path = master['puppetpath'] results = use_an_environment("testing", "bad environmentpath", master_opts, testdir, puppet_conf_backup_dir, :directory_environments => true) expectations = { :puppet_config => { :exit_code => 1, :matches => [%r{Could not find a directory environment named '#{env}' anywhere in the path.*#{path}}], }, :puppet_module_install => { :exit_code => 1, :matches => [%r{Could not find a directory environment named '#{env}' anywhere in the path.*#{path}}], }, :puppet_module_uninstall => { :exit_code => 1, :matches => [%r{Could not find a directory environment named '#{env}' anywhere in the path.*#{path}}], }, :puppet_apply => { :exit_code => 1, :matches => [%r{Could not find a directory environment named '#{env}' anywhere in the path.*#{path}}], }, :puppet_agent => { :exit_code => 1, :matches => [%r{Warning.*404.*Could not find environment '#{env}'}, %r{Could not retrieve catalog; skipping run}], }, } review_results(results,expectations) diff --git a/acceptance/tests/environment/environment_scenario-default.rb b/acceptance/tests/environment/environment_scenario-default.rb index f5c968738..6df7b82f9 100644 --- a/acceptance/tests/environment/environment_scenario-default.rb +++ b/acceptance/tests/environment/environment_scenario-default.rb @@ -1,60 +1,59 @@ test_name "Test behavior of default environment" require 'puppet/acceptance/environment_utils' extend Puppet::Acceptance::EnvironmentUtils require 'puppet/acceptance/classifier_utils' extend Puppet::Acceptance::ClassifierUtils classify_nodes_as_agent_specified_if_classifer_present step "setup environments" stub_forge_on(master) testdir = create_tmpdir_for_user master, "confdir" puppet_conf_backup_dir = create_tmpdir_for_user(master, "puppet-conf-backup-dir") apply_manifest_on(master, environment_manifest(testdir), :catch_failures => true) step "Test" master_opts = { 'main' => { 'environmentpath' => '$confdir/environments', - 'config_version' => '$confdir/static-version.sh', } } general = [ master_opts, testdir, puppet_conf_backup_dir, { :directory_environments => true } ] env = nil results = use_an_environment(env, "default environment", *general) expectations = { :puppet_config => { :exit_code => 0, :matches => [%r{manifest.*#{master['puppetpath']}/environments/#{env}/manifests$}, %r{modulepath.*#{master['puppetpath']}/environments/#{env}/modules:.+}, %r{config_version = $}] }, :puppet_module_install => { :exit_code => 0, :matches => [%r{Preparing to install into #{master['puppetpath']}/environments/#{env}/modules}, %r{pmtacceptance-nginx}], }, :puppet_module_uninstall => { :exit_code => 0, :matches => [%r{Removed.*pmtacceptance-nginx.*from #{master['puppetpath']}/environments/#{env}/modules}], }, :puppet_apply => { :exit_code => 0, :matches => [%r{include default environment testing_mod}], :notes => "The production directory environment is empty, but the inclusion of basemodulepath in the directory environment modulepath picks up the default testing_mod class in $confdir/modules" }, :puppet_agent => { :exit_code => 0, :matches => [ %r{Applying configuration version '\d+'}], :does_not_match => [%r{include.*testing_mod}, %r{Warning.*404}], :notes => "The master automatically creates an empty production env dir." } } review_results(results,expectations) diff --git a/acceptance/tests/environment/environment_scenario-existing.rb b/acceptance/tests/environment/environment_scenario-existing.rb index de1cb88ed..2c2e5a649 100644 --- a/acceptance/tests/environment/environment_scenario-existing.rb +++ b/acceptance/tests/environment/environment_scenario-existing.rb @@ -1,59 +1,58 @@ test_name "Test a specific, existing directory environment configuration" require 'puppet/acceptance/environment_utils' extend Puppet::Acceptance::EnvironmentUtils require 'puppet/acceptance/classifier_utils' extend Puppet::Acceptance::ClassifierUtils classify_nodes_as_agent_specified_if_classifer_present step "setup environments" stub_forge_on(master) testdir = create_tmpdir_for_user master, "confdir" puppet_conf_backup_dir = create_tmpdir_for_user(master, "puppet-conf-backup-dir") apply_manifest_on(master, environment_manifest(testdir), :catch_failures => true) step "Test" master_opts = { 'main' => { 'environmentpath' => '$confdir/environments', - 'config_version' => '$confdir/static-version.sh', } } general = [ master_opts, testdir, puppet_conf_backup_dir, { :directory_environments => true } ] env = 'testing' results = use_an_environment(env, "directory testing", *general) expectations = { :puppet_config => { :exit_code => 0, :matches => [%r{manifest.*#{master['puppetpath']}/environments/#{env}/manifests$}, %r{modulepath.*#{master['puppetpath']}/environments/#{env}/modules:.+}, %r{config_version = $}] }, :puppet_module_install => { :exit_code => 0, :matches => [%r{Preparing to install into #{master['puppetpath']}/environments/#{env}/modules}, %r{pmtacceptance-nginx}], }, :puppet_module_uninstall => { :exit_code => 0, :matches => [%r{Removed.*pmtacceptance-nginx.*from #{master['puppetpath']}/environments/#{env}/modules}], }, :puppet_apply => { :exit_code => 0, :matches => [%r{include directory #{env} environment testing_mod}], }, :puppet_agent => { :exit_code => 2, :matches => [%r{Applying configuration version '\d+'}, %r{in directory #{env} environment site.pp}, %r{include directory #{env} environment testing_mod}], }, } review_results(results, expectations) diff --git a/acceptance/tests/environment/environment_scenario-master_environmentpath.rb b/acceptance/tests/environment/environment_scenario-master_environmentpath.rb index aace209aa..1b407905c 100644 --- a/acceptance/tests/environment/environment_scenario-master_environmentpath.rb +++ b/acceptance/tests/environment/environment_scenario-master_environmentpath.rb @@ -1,66 +1,65 @@ test_name "Test behavior of a directory environment when environmentpath is set in the master section" require 'puppet/acceptance/environment_utils' extend Puppet::Acceptance::EnvironmentUtils require 'puppet/acceptance/classifier_utils' extend Puppet::Acceptance::ClassifierUtils classify_nodes_as_agent_specified_if_classifer_present step "setup environments" stub_forge_on(master) testdir = create_tmpdir_for_user master, "confdir" puppet_conf_backup_dir = create_tmpdir_for_user(master, "puppet-conf-backup-dir") apply_manifest_on(master, environment_manifest(testdir), :catch_failures => true) step "Test" master_opts = { 'main' => { 'environmentpath' => '', }, 'master' => { 'environmentpath' => '$confdir/environments', - 'config_version' => '$confdir/static-version.sh', } } env = 'testing' results = use_an_environment("testing", "master environmentpath", master_opts, testdir, puppet_conf_backup_dir, :directory_environments => true, :config_print => '--section=master') expectations = { :puppet_config => { :exit_code => 0, :matches => [%r{manifest.*#{master['puppetpath']}/environments/#{env}/manifests$}, %r{modulepath.*#{master['puppetpath']}/environments/#{env}/modules:.+}, %r{config_version = $}] }, :puppet_module_install => { :exit_code => 0, :matches => [%r{Preparing to install into #{master['puppetpath']}/modules}, %r{pmtacceptance-nginx}], :expect_failure => true, :notes => "Runs in user mode and doesn't see the master environmenetpath setting.", }, :puppet_module_uninstall => { :exit_code => 0, :matches => [%r{Removed.*pmtacceptance-nginx.*from #{master['puppetpath']}/modules}], :expect_failure => true, :notes => "Runs in user mode and doesn't see the master environmenetpath setting.", }, :puppet_apply => { :exit_code => 0, :matches => [%r{include default environment testing_mod}], :expect_failure => true, :notes => "Runs in user mode and doesn't see the master environmenetpath setting.", }, :puppet_agent => { :exit_code => 2, :matches => [%r{Applying configuration version '\d+'}, %r{in directory #{env} environment site.pp}, %r{include directory #{env} environment testing_mod}], }, } review_results(results,expectations) diff --git a/acceptance/tests/environment/environment_scenario-non_existent.rb b/acceptance/tests/environment/environment_scenario-non_existent.rb index 609dcaa50..f57cf5d0e 100644 --- a/acceptance/tests/environment/environment_scenario-non_existent.rb +++ b/acceptance/tests/environment/environment_scenario-non_existent.rb @@ -1,55 +1,54 @@ test_name "Test for an environment that does not exist" require 'puppet/acceptance/environment_utils' extend Puppet::Acceptance::EnvironmentUtils require 'puppet/acceptance/classifier_utils' extend Puppet::Acceptance::ClassifierUtils classify_nodes_as_agent_specified_if_classifer_present step "setup environments" stub_forge_on(master) testdir = create_tmpdir_for_user master, "confdir" puppet_conf_backup_dir = create_tmpdir_for_user(master, "puppet-conf-backup-dir") apply_manifest_on(master, environment_manifest(testdir), :catch_failures => true) step "Test" master_opts = { 'main' => { 'environmentpath' => '$confdir/environments', - 'config_version' => '$confdir/static-version.sh', } } general = [ master_opts, testdir, puppet_conf_backup_dir, { :directory_environments => true } ] env = 'doesnotexist' path = master['puppetpath'] results = use_an_environment(env, "non existent environment", *general) expectations = { :puppet_config => { :exit_code => 1, :matches => [%r{Could not find a directory environment named '#{env}' anywhere in the path.*#{path}}], }, :puppet_module_install => { :exit_code => 1, :matches => [%r{Could not find a directory environment named '#{env}' anywhere in the path.*#{path}}], }, :puppet_module_uninstall => { :exit_code => 1, :matches => [%r{Could not find a directory environment named '#{env}' anywhere in the path.*#{path}}], }, :puppet_apply => { :exit_code => 1, :matches => [%r{Could not find a directory environment named '#{env}' anywhere in the path.*#{path}}], }, :puppet_agent => { :exit_code => 1, :matches => [%r{Warning.*404.*Could not find environment '#{env}'}, %r{Could not retrieve catalog; skipping run}], } } review_results(results,expectations) diff --git a/acceptance/tests/environment/environment_scenario-with_explicit_environment_conf.rb b/acceptance/tests/environment/environment_scenario-with_explicit_environment_conf.rb index 79038939b..86ab591bf 100644 --- a/acceptance/tests/environment/environment_scenario-with_explicit_environment_conf.rb +++ b/acceptance/tests/environment/environment_scenario-with_explicit_environment_conf.rb @@ -1,57 +1,56 @@ test_name "Test a specific, existing directory environment with an explicit environment.conf file" require 'puppet/acceptance/environment_utils' extend Puppet::Acceptance::EnvironmentUtils require 'puppet/acceptance/classifier_utils' extend Puppet::Acceptance::ClassifierUtils classify_nodes_as_agent_specified_if_classifer_present step "setup environments" stub_forge_on(master) testdir = create_tmpdir_for_user master, "confdir" puppet_conf_backup_dir = create_tmpdir_for_user(master, "puppet-conf-backup-dir") apply_manifest_on(master, environment_manifest(testdir), :catch_failures => true) step "Test" master_opts = { 'main' => { 'environmentpath' => '$confdir/environments', - 'config_version' => '$confdir/static-version.sh', } } general = [ master_opts, testdir, puppet_conf_backup_dir, { :directory_environments => true } ] results = use_an_environment("testing_environment_conf", "directory with environment.conf testing", *general) expectations = { :puppet_config => { :exit_code => 0, :matches => [%r{manifest.*#{master['puppetpath']}/environments/testing_environment_conf/nonstandard-manifests$}, %r{modulepath.*#{master['puppetpath']}/environments/testing_environment_conf/nonstandard-modules:.+}, %r{config_version = #{master['puppetpath']}/environments/testing_environment_conf/local-version.sh$}] }, :puppet_module_install => { :exit_code => 0, :matches => [%r{Preparing to install into #{master['puppetpath']}/environments/testing_environment_conf/nonstandard-modules}, %r{pmtacceptance-nginx}], }, :puppet_module_uninstall => { :exit_code => 0, :matches => [%r{Removed.*pmtacceptance-nginx.*from #{master['puppetpath']}/environments/testing_environment_conf/nonstandard-modules}], }, :puppet_apply => { :exit_code => 0, :matches => [%r{include directory testing with environment\.conf testing_mod}], }, :puppet_agent => { :exit_code => 2, :matches => [%r{Applying configuration version 'local testing_environment_conf'}, %r{in directory testing with environment\.conf site.pp}, %r{include directory testing with environment\.conf testing_mod}], }, } review_results(results,expectations) diff --git a/acceptance/tests/environment/static.rb b/acceptance/tests/environment/static.rb deleted file mode 100644 index 288b97602..000000000 --- a/acceptance/tests/environment/static.rb +++ /dev/null @@ -1,130 +0,0 @@ -test_name "legacy environments" -require 'puppet/acceptance/environment_utils' -extend Puppet::Acceptance::EnvironmentUtils -require 'puppet/acceptance/classifier_utils' -extend Puppet::Acceptance::ClassifierUtils - -hosts.each do |host| - skip_test "skip tests requiring forge certs on solaris and aix" if host['platform'] =~ /solaris/ -end - -classify_nodes_as_agent_specified_if_classifer_present - -step "setup environments" - -stub_forge_on(master) - -testdir = create_tmpdir_for_user master, "confdir" -puppet_conf_backup_dir = create_tmpdir_for_user(master, "puppet-conf-backup-dir") - -apply_manifest_on(master, environment_manifest(testdir), :catch_failures => true) - -results = {} -review = {} - -#################### -step "[ Run Tests ]" - -existing_legacy_scenario = "Test a specific, existing legacy environment configuration" -step existing_legacy_scenario -master_opts = { - 'main' => { - 'environmentpath' => '', - }, - 'testing' => { - 'manifest' => "$confdir/testing-manifests", - 'modulepath' => "$confdir/testing-modules", - 'config_version' => "$confdir/static-version.sh", - }, -} -if master.is_pe? - master_opts['testing']['modulepath'] << ":#{master['sitemoduledir']}" -end - -results[existing_legacy_scenario] = use_an_environment("testing", "legacy testing", master_opts, testdir, puppet_conf_backup_dir) - -default_environment_scenario = "Test behavior of default environment" -step default_environment_scenario -results[default_environment_scenario] = use_an_environment(nil, "default environment", master_opts, testdir, puppet_conf_backup_dir) - -non_existent_environment_scenario = "Test for an environment that does not exist" -step non_existent_environment_scenario -results[non_existent_environment_scenario] = use_an_environment("doesnotexist", "non existent environment", master_opts, testdir, puppet_conf_backup_dir) - -######################################## -step "[ Report on Environment Results ]" - -confdir = master.puppet['confdir'] - -step "Reviewing: #{existing_legacy_scenario}" -review[existing_legacy_scenario] = review_results(results[existing_legacy_scenario], - :puppet_config => { - :exit_code => 0, - :matches => [%r{manifest.*#{confdir}/testing-manifests$}, - %r{modulepath.*#{confdir}/testing-modules(?::#{master['sitemoduledir']})?$}, - %r{config_version.*#{confdir}/static-version.sh$}] - }, - :puppet_module_install => { - :exit_code => 0, - :matches => [%r{Preparing to install into #{confdir}/testing-modules}, - %r{pmtacceptance-nginx}], - }, - :puppet_module_uninstall => { - :exit_code => 0, - :matches => [%r{Removed.*pmtacceptance-nginx.*from #{confdir}/testing-modules}], - }, - :puppet_apply => { - :exit_code => 0, - :matches => [%r{include legacy testing environment testing_mod}], - }, - :puppet_agent => { - :exit_code => 2, - :matches => [%r{Applying configuration version 'static'}, - %r{in legacy testing environment site.pp}, - %r{include legacy testing environment testing_mod}], - } -) - -step "Reviewing: #{default_environment_scenario}" -default_expectations = { - :puppet_config => { - :exit_code => 0, - :matches => [%r{manifest.*#{confdir}/manifests/site.pp$}, - %r{modulepath.*#{confdir}/modules:.*}, - %r{^config_version\s+=\s*$}] - }, - :puppet_module_install => { - :exit_code => 0, - :matches => [%r{Preparing to install into #{confdir}/modules}, - %r{pmtacceptance-nginx}], - }, - :puppet_module_uninstall => { - :exit_code => 0, - :matches => [%r{Removed.*pmtacceptance-nginx.*from #{confdir}/modules}], - }, - :puppet_apply => { - :exit_code => 0, - :matches => [%r{include default environment testing_mod}], - }, - :puppet_agent => { - :exit_code => 2, - :matches => [%r{Applying configuration version '\d+'}, - %r{in default environment site.pp}, - %r{include default environment testing_mod}], - }, -} -review[default_environment_scenario] = review_results( - results[default_environment_scenario], - default_expectations -) - -step "Reviewing: #{non_existent_environment_scenario}" -review[non_existent_environment_scenario] = review_results( - results[non_existent_environment_scenario], - default_expectations -) - -######################### -step "[ Assert Success ]" - -assert_review(review) diff --git a/acceptance/tests/external_ca_support/fixtures/certchain.sh b/acceptance/tests/external_ca_support/fixtures/certchain.sh index b104db175..ac73e7a06 100755 --- a/acceptance/tests/external_ca_support/fixtures/certchain.sh +++ b/acceptance/tests/external_ca_support/fixtures/certchain.sh @@ -1,553 +1,554 @@ #! /bin/bash ## NOTE: ## This script requires the following in /etc/hosts: ## 127.0.0.2 puppet master1.example.org # This will fail with a stock puppet 3.1.1, but will succeed if all of the # certificate subjects contain only the "CN" portion, and no O, OU, or # emailAddress. # basic config to describe the environment # B="/tmp/certchain" B="$(mktemp -d -t certchain.XXXXXXXX)" HTTPS_PORT=8443 OPENSSL=$(which openssl) # utility method to dedent a heredoc dedent() { python -c 'import sys, textwrap; print textwrap.dedent(sys.stdin.read())' } # invoke openssl openssl() { echo "----" echo "running" ${OPENSSL} ${@} echo " in $PWD" ${OPENSSL} "${@}" } show_cert() { local cert="$1" # openssl x509 -in "${cert}" -noout -text -nameopt RFC2253 openssl x509 -in "${cert}" -noout -text } hash_cert() { local cert="$1" local certdir="${B}/certdir" local h=$(${OPENSSL} x509 -hash -noout -in ${cert}) mkdir -p "${certdir}" ln -s "$cert" "${certdir}/${h}.0" } show_crl() { local crl="$1" openssl crl -in "${crl}" -noout -text } hash_crl() { local crl="$1" local certdir="${B}/certdir" local h=$(${OPENSSL} crl -hash -noout -in ${crl}) mkdir -p "${certdir}" ln -s "$crl" "${certdir}/${h}.r0" } # clean out any messes this script has made clean_up() { stop_apache rm -rf "$B" } stop_apache() { local pid pidfile="${B}/apache/httpd.pid" while true; do pid=$(cat "${pidfile}" 2>/dev/null || true) [ -z "$pid" ] && break # break if the pid is gone kill "$pid" || break # break if the kill fails (process is gone) sleep 0.1 done } # perform basic setup: make directories, etc. set_up() { mkdir -p "$B" } # create CA certificates: # # * $B/root_ca # * $B/master{1..2}_ca # # with each containing: # # * openssl.conf -- suitable for signing certificates # * ca-$name.key -- PEM format certificate key, with no password # * ca-$name.crt -- PEM format certificate create_ca_certs() { local name cn dir subj ca_config for name in root agent-ca master-ca; do dir="${B}/${name}" mkdir -p "${dir}" ( cd "${dir}" # if this is the root cert, make a self-signed cert if [ "$name" = "root" ]; then subj="/CN=Root CA/OU=Server Operations/O=Example Org, LLC" openssl req -new -newkey rsa:2048 -days 7300 -nodes -x509 \ -subj "${subj}" -keyout "ca-${name}.key" -out "ca-${name}.crt" else # make a new key for the CA openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -out "ca-${name}.key" # build a CSR out of it dedent > openssl.tmp << OPENSSL_TMP [req] prompt = no distinguished_name = dn_config [dn_config] commonName = Intermediate CA (${name}) emailAddress = test@example.org organizationalUnitName = Server Operations organizationName = Example Org, LLC OPENSSL_TMP openssl req -config openssl.tmp -new -key "ca-${name}.key" -out "ca-${name}.csr" rm openssl.tmp # sign it with the root CA openssl ca -config ../root/openssl.conf -in "ca-${name}.csr" -notext -out "ca-${name}.crt" -batch # clean up the now-redundant csr rm "ca-${name}.csr" fi # set up the CA config; this uses the same file for all, but with different options # for the root and master CAs [ "$name" = "root" ] && ca_config=root_ca_config || ca_config=master_ca_config dedent > openssl.conf << OPENSSL_CONF SAN = DNS:puppet [ca] default_ca = ${ca_config} # Root CA [root_ca_config] certificate = ${dir}/ca-${name}.crt private_key = ${dir}/ca-${name}.key database = ${dir}/inventory.txt new_certs_dir = ${dir}/certs serial = ${dir}/serial default_crl_days = 7300 default_days = 7300 default_md = sha1 policy = root_ca_policy x509_extensions = root_ca_exts [root_ca_policy] commonName = supplied emailAddress = supplied organizationName = supplied organizationalUnitName = supplied [root_ca_exts] authorityKeyIdentifier = keyid,issuer:always basicConstraints = critical,CA:true keyUsage = keyCertSign, cRLSign # Master CA [master_ca_config] certificate = ${dir}/ca-${name}.crt private_key = ${dir}/ca-${name}.key database = ${dir}/inventory.txt new_certs_dir = ${dir}/certs serial = ${dir}/serial default_crl_days = 7300 default_days = 7300 default_md = sha1 policy = master_ca_policy x509_extensions = master_ca_exts # Master CA (Email) [master_ca_email_config] certificate = ${dir}/ca-${name}.crt private_key = ${dir}/ca-${name}.key database = ${dir}/inventory.txt new_certs_dir = ${dir}/certs serial = ${dir}/serial default_crl_days = 7300 default_days = 7300 default_md = sha1 email_in_dn = yes policy = master_ca_email_policy x509_extensions = master_ca_exts [master_ca_policy] commonName = supplied [master_ca_email_policy] commonName = supplied emailAddress = supplied # default extensions for clients [master_ca_exts] authorityKeyIdentifier = keyid,issuer:always basicConstraints = critical,CA:false keyUsage = keyEncipherment, digitalSignature extendedKeyUsage = serverAuth, clientAuth [master_ssl_exts] authorityKeyIdentifier = keyid,issuer:always basicConstraints = critical,CA:false keyUsage = keyEncipherment, digitalSignature extendedKeyUsage = serverAuth, clientAuth subjectAltName = \$ENV::SAN # extensions for the master certificate (specifically adding subjectAltName) [master_self_ca_exts] authorityKeyIdentifier = keyid,issuer:always basicConstraints = critical,CA:false keyUsage = keyEncipherment, digitalSignature extendedKeyUsage = serverAuth, clientAuth # include the master's fqdn here, as well as in the CN, to work # around https://bugs.ruby-lang.org/issues/6493 # NOTE: Alt Names should be set in the request, so they know # their FQDN # subjectAltName = DNS:puppet,DNS:${name}.example.org OPENSSL_CONF touch inventory.txt mkdir certs echo 01 > serial show_cert "${dir}/ca-${name}.crt" hash_cert "${dir}/ca-${name}.crt" # generate an empty CRL for this CA openssl ca -config "${dir}/openssl.conf" -gencrl -out "${dir}/ca-${name}.crl" show_crl "${dir}/ca-${name}.crl" hash_crl "${dir}/ca-${name}.crl" ) done } # revoke leaf cert for $1 issued by master CA $2 revoke_leaf_cert() { local fqdn="$1" local ca="${2:-agent-ca}" local dir="${B}/${ca}" # revoke the cert and regenerate the crl openssl ca -config "${dir}/openssl.conf" -revoke "${B}/leaves/${fqdn}.issued_by.${ca}.crt" openssl ca -config "${dir}/openssl.conf" -gencrl -out "${dir}/ca-${ca}.crl" show_crl "${dir}/ca-${ca}.crl" # kill -HUP $(< "${B}/apache/httpd.pid") } # revoke CA cert for $1 revoke_ca_cert() { local master="$1" local dir="${B}/root" # revoke the cert and regenerate the crl openssl ca -config "${dir}/openssl.conf" -revoke "${B}/${master}/ca-${master}.crt" openssl ca -config "${dir}/openssl.conf" -gencrl -out "${dir}/ca-root.crl" show_crl "${dir}/ca-root.crl" kill -HUP $(< "${B}/apache/httpd.pid") } # create a "leaf" certificate for the given fqdn, signed by the given ca name. # $fqdn.issued_by.${ca}.{key,crt} will be placed in "${B}/leaves" create_leaf_cert() { local fqdn="$1" ca="$2" exts="$3" local masterdir="${B}/${ca}" local dir="${B}/leaves" local fname="${fqdn}.issued_by.${ca}" [ -n "$exts" ] && exts="-extensions $exts" mkdir -p "${dir}" ( cd "${dir}" openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -out "${fname}.key" openssl req -subj "/CN=${fqdn}" -new -key "${fname}.key" -out "${fname}.csr" CN="${fqdn}" SAN="DNS:${fqdn}, DNS:${fqdn%%.*}, DNS:puppet, DNS:puppetmaster" \ openssl ca -config "${B}/${ca}/openssl.conf" -in "${fname}.csr" -notext \ -out "${fname}.crt" -batch $exts ) show_cert "${dir}/${fname}.crt" } # Note, we can parameterize SubjectAltNames using environment variables. create_leaf_certs() { create_leaf_cert master1.example.org master-ca master_ssl_exts create_leaf_cert master2.example.org master-ca master_ssl_exts create_leaf_cert agent1.example.org agent-ca create_leaf_cert agent2.example.org agent-ca create_leaf_cert agent3.example.org agent-ca create_leaf_cert master1.example.org agent-ca master_ssl_exts # rogue # create_leaf_cert master1.example.org root master_ssl_exts # rogue create_leaf_cert agent1.example.org master-ca # rogue # create_leaf_cert agent1.example.org root # rogue } # create a "leaf" certificate for the given fqdn, signed by the given ca name, # with an email address in the subject. # $fqdn.issued_by.${ca}.{key,crt} will be placed in "${B}/leaves" create_leaf_email_cert() { local fqdn="$1" ca="$2" exts="$3" local masterdir="${B}/${ca}" local dir="${B}/leaves" local fname="${fqdn}.issued_by.${ca}" mkdir -p "${dir}" ( cd "${dir}" openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -out "${fname}.key" openssl req -subj "/CN=${fqdn}/emailAddress=test@example.com" -new -key "${fname}.key" -out "${fname}.csr" openssl ca -config "${B}/${ca}/openssl.conf" -name master_ca_email_config \ -in "${fname}.csr" -notext -out "${fname}.crt" -batch $exts_arg ) show_cert "${dir}/${fname}.crt" } create_leaf_email_certs() { create_leaf_email_cert master-email1.example.org master-ca master_self_ca_exts create_leaf_email_cert master-email2.example.org master-ca master_self_ca_exts create_leaf_email_cert agent-email1.example.org agent-ca create_leaf_email_cert agent-email2.example.org agent-ca create_leaf_email_cert agent-email3.example.org agent-ca } set_up_apache() { local apachedir="${B}/apache" mkdir -p "${apachedir}/puppetmaster/public" echo 'passed'> "${apachedir}/puppetmaster/public/test.txt" dedent > "${apachedir}/httpd.conf" < Require all granted RackAutoDetect On RackBaseURI / HTTPD_CONF } set_up_puppetmaster() { local apachedir="${B}/apache" local masterdir="${B}/puppetmaster" - mkdir -p "${masterdir}/conf" "${masterdir}/var" "${masterdir}/manifests" + local confdir="${masterdir}/conf" + local environmentdir="${confdir}/environments/production" + mkdir -p "${confdir}" "${masterdir}/var" "${environmentdir}/manifests" dedent > "${apachedir}/puppetmaster/config.ru" < "${masterdir}/conf/puppet.conf" < "${masterdir}/manifests/site.pp" < "${environmentdir}/manifests/site.pp" < "yes I was" } } SITE_PP } start_apache() { local apachedir="${B}/apache" if ! httpd -f "${apachedir}/httpd.conf"; then [ -f "${apachedir}/error_log" ] && tail "${apachedir}/error_log" false fi } check_apache() { # verify the SSL config with openssl. Note that s_client exits with 0 # no matter what, so this greps the output for an OK status. Also note # that this only checks that the validation of the server certs is OK, since # client validation is optional in the httpd config. echo $'GET /test.txt HTTP/1.0\n' | \ openssl s_client -connect "127.0.0.1:${HTTPS_PORT}" -verify 2 \ -cert "${B}/leaves/client2a.example.org.crt" \ -key "${B}/leaves/client2a.example.org.key" \ -CAfile "${B}/root/ca-root.crt" \ | tee "${B}/verify.out" cat "${B}/apache/error_log" grep -q "Verify return code: 0 (ok)" "${B}/verify.out" } check_puppetmaster() { # this is insecure, because otherwise curl will check that 127.0.0.1 == # master1.example.org and fail; validation of the server certs is done # above in check_apache, so this is fine. curl -vks --fail \ --header 'Accept: yaml' \ --cert "${B}/leaves/client2a.example.org.crt" \ --key "${B}/leaves/client2a.example.org.key" \ "https://127.0.0.1:${HTTPS_PORT}/production/catalog/client2a.example.org" >/dev/null echo } # set up the agent with the given fqdn set_up_agent() { local fqdn="$1" local agentdir="${B}/agent" mkdir -p "${agentdir}/conf" "${agentdir}/var" mkdir -p "${agentdir}/conf/ssl/private_keys" "${agentdir}/conf/ssl/certs" dedent > "${agentdir}/conf/puppet.conf" <