diff --git a/acceptance/setup/git/pre-suite/010_TestSetup.rb b/acceptance/setup/git/pre-suite/010_TestSetup.rb index ed995335a..c9833d5c9 100644 --- a/acceptance/setup/git/pre-suite/010_TestSetup.rb +++ b/acceptance/setup/git/pre-suite/010_TestSetup.rb @@ -1,53 +1,58 @@ begin require 'beaker/dsl/install_utils' end test_name "Install packages and repositories on target machines..." do extend Beaker::DSL::InstallUtils SourcePath = Beaker::DSL::InstallUtils::SourcePath GitURI = Beaker::DSL::InstallUtils::GitURI GitHubSig = Beaker::DSL::InstallUtils::GitHubSig tmp_repositories = [] options[:install].each do |uri| raise(ArgumentError, "#{uri} is not recognized.") unless(uri =~ GitURI) tmp_repositories << extract_repo_info_from(uri) end repositories = order_packages(tmp_repositories) versions = {} hosts.each_with_index do |host, index| on host, "echo #{GitHubSig} >> $HOME/.ssh/known_hosts" repositories.each do |repository| step "Install #{repository[:name]}" if repository[:path] =~ /^file:\/\/(.+)$/ on host, "test -d #{SourcePath} || mkdir -p #{SourcePath}" source_dir = $1 checkout_dir = "#{SourcePath}/#{repository[:name]}" on host, "rm -f #{checkout_dir}" # just the symlink, do not rm -rf ! on host, "ln -s #{source_dir} #{checkout_dir}" on host, "cd #{checkout_dir} && if [ -f install.rb ]; then ruby ./install.rb ; else true; fi" else install_from_git host, SourcePath, repository end if index == 1 versions[repository[:name]] = find_git_repo_versions(host, SourcePath, repository) end end end - step "Agents: create basic puppet.conf" do - agents.each do |agent| - puppetconf = File.join(agent['puppetpath'], 'puppet.conf') - - on agent, "echo '[agent]' > #{puppetconf} && " + - "echo server=#{master} >> #{puppetconf}" + step "Hosts: create basic puppet.conf" do + hosts.each do |host| + on host, "mkdir -p #{host['puppetpath']}" + puppetconf = File.join(host['puppetpath'], 'puppet.conf') + + if host['roles'].include?('agent') + on host, "echo '[agent]' > #{puppetconf} && " + + "echo server=#{master} >> #{puppetconf}" + else + on host, "touch #{puppetconf}" + end end end end diff --git a/acceptance/tests/security/cve-2013-1654_sslv2_downgrade_master.rb b/acceptance/tests/security/cve-2013-1654_sslv2_downgrade_master.rb index 13f045a12..09baf5df8 100644 --- a/acceptance/tests/security/cve-2013-1654_sslv2_downgrade_master.rb +++ b/acceptance/tests/security/cve-2013-1654_sslv2_downgrade_master.rb @@ -1,38 +1,41 @@ test_name "CVE 2013-1654 SSL2 Downgrade of Master connection" do def suitable?(host) ruby = host['puppetbindir'] ? "#{host['puppetbindir']}/ruby" : 'ruby' cmd = < (0..255).to_a ) res.exit_code == 0 end suitable_agent = agents.select {|agent| suitable_agent?( agent ) }.first + if suitable_agent.nil? + skip_test "No agents are suitable to test the master" + end if suitable?( master ) with_puppet_running_on( master, {} ) do certfile = on(suitable_agent, puppet_agent("--configprint hostcert")).stdout.chomp keyfile = on(suitable_agent, puppet_agent("--configprint hostprivkey")).stdout.chomp cafile = on(suitable_agent, puppet_agent("--configprint localcacert")).stdout.chomp openssl_call = "openssl s_client -connect #{master}:8140 " + "-cert \"#{certfile}\" -key \"#{keyfile}\" " + "-CAfile \"#{cafile}\" -ssl2 -msg < /dev/null" on(suitable_agent, openssl_call, :acceptable_exit_codes => (0..255)) do |test| assert_match /CLIENT-HELLO/, test.stdout assert_no_match /SERVER-HELLO/, test.stdout end end else logger.debug( "Not testing master as SSLv2 isn't available to it" ) end end diff --git a/acceptance/tests/ticket_3360_allow_duplicate_csr_with_option_set.rb b/acceptance/tests/ticket_3360_allow_duplicate_csr_with_option_set.rb index 54d69177e..ae5550c05 100644 --- a/acceptance/tests/ticket_3360_allow_duplicate_csr_with_option_set.rb +++ b/acceptance/tests/ticket_3360_allow_duplicate_csr_with_option_set.rb @@ -1,60 +1,50 @@ test_name "#3360: Allow duplicate CSR when allow_duplicate_certs is on" agent_hostnames = agents.map {|a| a.to_s} with_puppet_running_on master, {'master' => {'allow_duplicate_certs' => true}} do agents.each do |agent| - if agent['platform'].include?('windows') - Log.warn("Pending: Windows does not support facter fqdn") - next - end - step "Generate a certificate request for the agent" fqdn = on(agent, facter("fqdn")).stdout.strip - on agent, "puppet certificate generate #{fqdn} --ca-location remote --server #{master}" + on agent, puppet("certificate generate #{fqdn} --ca-location remote --server #{master}") end step "Collect the original certs" on master, puppet_cert("--sign --all") original_certs = on master, puppet_cert("--list --all") old_certs = {} original_certs.stdout.each_line do |line| if line =~ /^\+ (\S+) \((.+)\)$/ old_certs[$1] = $2 puts "old cert: #{$1} #{$2}" end end agents.each do |agent| - if agent['platform'].include?('windows') - Log.warn("Pending: Windows does not support facter fqdn") - next - end - fqdn = on(agent, facter("fqdn")).stdout.strip step "Make another request with the same certname" - on agent, "puppet certificate generate #{fqdn} --ca-location remote --server #{master}" + on agent, puppet("certificate generate #{fqdn} --ca-location remote --server #{master}") end step "Collect the new certs" on master, puppet_cert("--sign --all") new_cert_list = on master, puppet_cert("--list --all") new_certs = {} new_cert_list.stdout.each_line do |line| if line =~ /^\+ (\S+) \((.+)\)$/ new_certs[$1] = $2 puts "new cert: #{$1} #{$2}" end end step "Verify the certs have changed" # using the agent name as the key may cause errors; # agent name from cfg file is likely to have short name # where certs might be signed with long names. old_certs.each_key { |key| next if key.include? master # skip the masters cert, only care about agents assert_not_equal(old_certs[key], new_certs[key], "Expected #{key} to have a changed key") } end