diff --git a/.rubocop.yml b/.rubocop.yml index 8adfbbe..b4c4b42 100644 --- a/.rubocop.yml +++ b/.rubocop.yml @@ -1,4 +1,5 @@ AllCops: + NewCops: enable Exclude: - '**/*.erb' - 'vendor/**/*' @@ -18,15 +19,15 @@ Style/SymbolArray: Style/WordArray: Enabled: false +# There is no real reason to check for line length +Layout/LineLength: + Enabled: false + # This isn't really necessary as they limit us in how # long text can be when describing a test Metrics/BlockLength: Enabled: false -# There is no real reason to check for line length -Metrics/LineLength: - Enabled: false - # Disable MixinUsage Style/MixinUsage: Enabled: false @@ -35,4 +36,4 @@ Style/FrozenStringLiteralComment: Enabled: false Style/Documentation: - Enabled: false \ No newline at end of file + Enabled: false diff --git a/.ruby-version b/.ruby-version index 276cbf9..35d16fb 100644 --- a/.ruby-version +++ b/.ruby-version @@ -1 +1 @@ -2.3.0 +2.5.7 diff --git a/.travis.yml b/.travis.yml index 149882d..ac7aa3c 100644 --- a/.travis.yml +++ b/.travis.yml @@ -4,12 +4,8 @@ language: ruby bundler_args: --without development system_tests before_install: rm Gemfile.lock || true rvm: - - 2.3.4 + - 2.5.7 script: bundle exec rake test env: - - PUPPET_VERSION="~> 4.5.0" - - PUPPET_VERSION="~> 4.6.0" - - PUPPET_VERSION="~> 4.7.0" - - PUPPET_VERSION="~> 4.8.0" - - PUPPET_VERSION="~> 4.9.0" - - PUPPET_VERSION="~> 5.0.0" + - PUPPET_VERSION="~> 5.5" + - PUPPET_VERSION="~> 6.16" diff --git a/Gemfile b/Gemfile index d3766b4..3fec5ee 100644 --- a/Gemfile +++ b/Gemfile @@ -3,8 +3,8 @@ source ENV['GEM_SOURCE'] || 'https://rubygems.org' puppetversion = ENV.key?('PUPPET_VERSION') ? ENV['PUPPET_VERSION'] : ['>= 3.3', '< 6'] gem 'facter', '<= 2.4.6', '>= 1.7.0' gem 'puppet', puppetversion -gem 'puppet-lint', '>= 1.0.0' gem 'puppetlabs_spec_helper', '>= 1.0.0' +gem 'puppet-lint', '>= 1.0.0' gem 'rspec-puppet', '<= 2.5.0' gem 'rspec-puppet-facts', '< 1.8.0' gem 'safe_yaml', '~> 1.0.4' diff --git a/README.md b/README.md index 670d8f8..99b9f64 100644 --- a/README.md +++ b/README.md @@ -349,13 +349,15 @@ rules in a particular order. Defaults to '99' This module has been tested on: -* Debian 7 * Debian 8 -* CentOS 6 +* Debian 9 +* Debian 10 * CentOS 7 * CentOS 8 * Ubuntu 14.04 * Ubuntu 16.04 +* Ubuntu 18.04 +* Ubuntu 20.04 ## Development @@ -365,13 +367,6 @@ of saying thanks. This module is tested against the Ruby versions from Puppet's support matrix. Please make sure you have a supported version of Ruby installed. -Should you wish to clone this repository you have to make sure that you -clone it recursively. This Puppet module uses git submodules. - -``` -git clone --recursive git@github.com:sensson/puppet-csf.git -``` - If you want to contribute please: 1. Fork the repository. @@ -405,13 +400,16 @@ You can run Beaker tests with: ``` bundle exec rake spec_prep -BEAKER_destroy=onpass bundle exec rake beaker:debian7 BEAKER_destroy=onpass bundle exec rake beaker:debian8 +BEAKER_destroy=onpass bundle exec rake beaker:debian9 +BEAKER_destroy=onpass bundle exec rake beaker:debian10 BEAKER_destroy=onpass bundle exec rake beaker:centos6 BEAKER_destroy=onpass BEAKER_PUPPET_COLLECTION=puppet5 bundle exec rake beaker:centos7 BEAKER_destroy=onpass BEAKER_PUPPET_COLLECTION=puppet5 bundle exec rake beaker:centos8 BEAKER_destroy=onpass bundle exec rake beaker:ubuntu1404 BEAKER_destroy=onpass bundle exec rake beaker:ubuntu1604 +BEAKER_destroy=onpass bundle exec rake beaker:ubuntu1804 +BEAKER_destroy=onpass bundle exec rake beaker:ubuntu2004 ``` We recommend specifying BEAKER_destroy=onpass as it will keep the diff --git a/data/os/Debian.yaml b/data/os/Debian.yaml new file mode 100644 index 0000000..6cf4e25 --- /dev/null +++ b/data/os/Debian.yaml @@ -0,0 +1,10 @@ +--- + +csf::packages::required: + - perl + - iptables + +csf::packages::recommended: + - libwww-perl + - liblwp-protocol-https-perl + - libgd-graph-perl diff --git a/data/os/RedHat.yaml b/data/os/RedHat.yaml new file mode 100644 index 0000000..960e13c --- /dev/null +++ b/data/os/RedHat.yaml @@ -0,0 +1,10 @@ +--- + +csf::packages::required: + - perl + - iptables + +csf::packages::recommended: + - perl-libwww-perl + - perl-LWP-Protocol-https + - perl-GDGraph diff --git a/hiera.yaml b/hiera.yaml new file mode 100644 index 0000000..545fff3 --- /dev/null +++ b/hiera.yaml @@ -0,0 +1,21 @@ +--- +version: 5 + +defaults: # Used for any hierarchy level that omits these keys. + datadir: data # This path is relative to hiera.yaml's directory. + data_hash: yaml_data # Use the built-in YAML backend. + +hierarchy: + - name: "osfamily/major release" + paths: + # Used to distinguish between Debian and Ubuntu + - "os/%{facts.os.name}/%{facts.os.release.major}.yaml" + - "os/%{facts.os.family}/%{facts.os.release.major}.yaml" + # Used for Solaris + - "os/%{facts.os.family}/%{facts.kernelrelease}.yaml" + - name: "osfamily" + paths: + - "os/%{facts.os.name}.yaml" + - "os/%{facts.os.family}.yaml" + - name: 'common' + path: 'common.yaml' diff --git a/manifests/init.pp b/manifests/init.pp index ca8d45c..8ff221f 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -1,9 +1,10 @@ # csf class csf ( - $download_location = $::csf::params::download_location, - $service_ensure = $::csf::params::service_ensure, - $service_enable = $::csf::params::service_enable, - $docker = $::csf::params::docker, + $download_location = $::csf::params::download_location, + $service_ensure = $::csf::params::service_ensure, + $service_enable = $::csf::params::service_enable, + $docker = $::csf::params::docker, + $install_recommended_packages = $::csf::params::install_recommended_packages, ) inherits csf::params { # Install and configure CSF as required include ::csf::install diff --git a/manifests/install.pp b/manifests/install.pp index 42d91a5..3b74064 100644 --- a/manifests/install.pp +++ b/manifests/install.pp @@ -1,28 +1,27 @@ # csf::install class csf::install inherits csf { # this installs csf and reloads it - if $::operatingsystem == 'CentOS' and versioncmp($::operatingsystemmajrelease, '7') < 0 { - package { 'iptables-ipv6': - ensure => installed, - before => Exec['csf-install'], - } - } - package { 'iptables': - ensure => installed, - before => Exec['csf-install'], - } + $required_packages = lookup('csf::packages::required', Array[String]) + + ensure_packages ($required_packages, { + ensure => 'present', + }) - package { 'csf-perl': - ensure => installed, - name => 'perl', + if $::csf::install_recommended_packages { + $recommended_packages = lookup('csf::packages::recommended', Array[String]) + + ensure_packages ($recommended_packages, { + ensure => 'present', + }) } - -> exec { 'csf-install': + + exec { 'csf-install': cwd => '/tmp', command => "/usr/bin/curl -o csf.tgz ${::csf::download_location} && tar -xzf csf.tgz && cd csf && sh install.sh", creates => '/usr/sbin/csf', notify => Service['csf'], - require => Package['csf-perl'], + require => Package['perl'], } # make sure testing is disabled, we trust puppet enough diff --git a/manifests/params.pp b/manifests/params.pp index 588c841..333ecf6 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -4,4 +4,5 @@ $docker = absent $service_ensure = 'running' $service_enable = true + $install_recommended_packages = true } diff --git a/metadata.json b/metadata.json index 41788e0..ea2a164 100644 --- a/metadata.json +++ b/metadata.json @@ -9,12 +9,12 @@ "issues_url": "https://github.com/sensson/puppet-csf/issues", "tags": [ "csf", "firewall", "lfd", "configserver" ], "operatingsystem_support": [ - { "operatingsystem": "CentOS", "operatingsystemrelease": [ "6", "7", "8" ] }, - { "operatingsystem": "Ubuntu", "operatingsystemrelease": [ "14.04", "16.04" ] }, - { "operatingsystem": "Debian", "operatingsystemrelease": [ "7", "8" ] } + { "operatingsystem": "CentOS", "operatingsystemrelease": [ "7", "8" ] }, + { "operatingsystem": "Ubuntu", "operatingsystemrelease": [ "14.04", "16.04", "18.04", "20.04" ] }, + { "operatingsystem": "Debian", "operatingsystemrelease": [ "8", "9", "10" ] } ], "dependencies": [ - { "name": "puppetlabs/stdlib", "version_requirement": ">=4.3.2 < 6.0.0" }, - { "name": "puppetlabs/concat", "version_requirement": ">=1.1.1 < 6.0.0" } + { "name": "puppetlabs/stdlib", "version_requirement": ">=4.3.2 < 7.0.0" }, + { "name": "puppetlabs/concat", "version_requirement": ">=1.1.1 < 7.0.0" } ] } diff --git a/spec/classes/csf_docker_spec.rb b/spec/classes/csf_docker_spec.rb index 7a73f16..491c9d8 100644 --- a/spec/classes/csf_docker_spec.rb +++ b/spec/classes/csf_docker_spec.rb @@ -1,5 +1,5 @@ require 'spec_helper' -require_relative '../facts.rb' +require_relative '../facts' describe 'csf::docker' do context 'supported operating systems' do diff --git a/spec/classes/csf_init_spec.rb b/spec/classes/csf_init_spec.rb index b227390..8d8ef56 100644 --- a/spec/classes/csf_init_spec.rb +++ b/spec/classes/csf_init_spec.rb @@ -1,5 +1,5 @@ require 'spec_helper' -require_relative '../facts.rb' +require_relative '../facts' describe 'csf' do context 'supported operating systems' do diff --git a/spec/classes/csf_install_spec.rb b/spec/classes/csf_install_spec.rb index 488d9ef..4fdf64e 100644 --- a/spec/classes/csf_install_spec.rb +++ b/spec/classes/csf_install_spec.rb @@ -1,5 +1,5 @@ require 'spec_helper' -require_relative '../facts.rb' +require_relative '../facts' describe 'csf::install' do context 'supported operating systems' do @@ -16,18 +16,25 @@ it { is_expected.to contain_class('csf::install') } # verify packages and installation - it { is_expected.to contain_package('csf-perl') } + it { is_expected.to contain_package('perl') } it { is_expected.to contain_exec('csf-install').with('cwd' => '/tmp') } it { is_expected.to contain_exec('csf-install').with('command' => '/usr/bin/curl -o csf.tgz https://download.configserver.com/csf.tgz && tar -xzf csf.tgz && cd csf && sh install.sh') } it { is_expected.to contain_exec('csf-install').with('creates' => '/usr/sbin/csf') } it { is_expected.to contain_exec('csf-install').with('notify' => 'Service[csf]') } - it { is_expected.to contain_exec('csf-install').with('require' => 'Package[csf-perl]') } + it { is_expected.to contain_exec('csf-install').with('require' => 'Package[perl]') } - it { is_expected.to contain_package('iptables').with('ensure' => 'installed') } + it { is_expected.to contain_package('iptables').with('ensure' => 'present') } - if facts[:operatingsystem] == 'CentOS' && facts[:operatingsystemmajrelease].to_i < 7 - it { is_expected.to contain_package('iptables-ipv6').with('ensure' => 'installed') } - it { is_expected.to contain_package('iptables-ipv6').with('before' => 'Exec[csf-install]') } + if facts[:operatingsystem] == 'CentOS' + it { is_expected.to contain_package('perl-libwww-perl').with('ensure' => 'present') } + it { is_expected.to contain_package('perl-LWP-Protocol-https').with('ensure' => 'present') } + it { is_expected.to contain_package('perl-GDGraph').with('ensure' => 'present') } + end + + if facts[:operatingsystem] == 'Ubuntu' + it { is_expected.to contain_package('libwww-perl').with('ensure' => 'present') } + it { is_expected.to contain_package('liblwp-protocol-https-perl').with('ensure' => 'present') } + it { is_expected.to contain_package('libgd-graph-perl').with('ensure' => 'present') } end # check our configuration diff --git a/spec/defines/csf_config_spec.rb b/spec/defines/csf_config_spec.rb index dd5cef3..548ce4d 100644 --- a/spec/defines/csf_config_spec.rb +++ b/spec/defines/csf_config_spec.rb @@ -17,7 +17,7 @@ context 'csf::config without parameters' do it 'fails' do - expect { subject.call } .to raise_error(/Please set a value for/) + expect { subject.call }.to raise_error(/Please set a value for/) end end diff --git a/spec/defines/csf_global_spec.rb b/spec/defines/csf_global_spec.rb index de3ebb3..852e7de 100644 --- a/spec/defines/csf_global_spec.rb +++ b/spec/defines/csf_global_spec.rb @@ -39,7 +39,7 @@ end it 'fails' do - expect { subject.call } .to raise_error(/unknown value wrong/) + expect { subject.call }.to raise_error(/unknown value wrong/) end end end