From b8c1547bc86ef6062bb68c3abd39834fa2828eee Mon Sep 17 00:00:00 2001 From: benjamin-robertson <72488257+benjamin-robertson@users.noreply.github.com> Date: Mon, 24 Jun 2024 18:26:48 +1000 Subject: [PATCH] Version 3.0.0 (#16) * add todos * we accept this as a variable so we should respect it * remove commented out code * no passwords in the data files * Push to github * specifically specify our database * escape the password just in case * empty commit * try this syntax * empty commit * remote can't add users * remove todo * Push integration tests * export * export vars * check inventory * try running task directly * test with location * commit changes * push changes * Control snmp listen in observium * disable ipv6 * Commit run in github action * try with provision litmus * Run integration tests * Install the module too!!! * Switch to provision.yaml * Move provision yaml * Remove centos7 add ubuntu * add puppet facts * remove do * with os family * lowercase strings * Fix serverspec * added more checks * describe not descrube * Try with other " * Test again * remove sed * Test with snmp v6 listen enabled * set override * Setup vagrant images * added unit tests * test unit tests * Commit latest unit tests * fix some lint issues * added lint tests * remove old plan * Update reference.md * Add lint test * update name * Fix lint, disable ubuntu 20.04 litmus * added cron serverspec entry * Added more tests * check os release * Fix variable and cron * Updated serverspec * Test curl * test with should * with full path * Test with stdout * test with simple command * attempt with new syntax * with match * test * revert * with quotes * Restore code * Disable breaking test * added centos7 image * Added stream 9 image * Push with rhel9 enhancements * Fix escape sequence * push changes * fixed gpg content * More fixes * update code * Check for os major * Change to int * Check os release * Check for rhel9 * Verify its rhel8 before installing package * Switch from and to && * Changes to github actions * Bump ruby version * with puppet 7 and 8 * remove nightly version * Dwongrade apache * Bump deps in metadata * Fix label * Set gem version * Run new test * test again * with inline * cat githuboutput * Restore to old matrix * Fix matrix file * switch to using contain * Revert "switch to using contain" This reverts commit 6dfd8f60872540b0d273eb985bd722bb60827870. * Exception for ubuntu 2204 * try with apply * Switch to apply manifest * more chnanges * Run apply twice for 2204 * Check if hiera_config works with litmus * set values * fix syntax * Switch to firewall module for ubuntu * Update reference, drop other traffic * manage firewall * dsiable port 80 * remove default rules for testing * fix * enable icmp * fix ordering * disable fw ubuntu * Update readme and changelog * last commit * Run unit test only on PR * bump lint and unit test to use matrix * Remove check for repo owner * added password req content * Only run on PR * bump version * Readme updates --------- Co-authored-by: tyler bailey --- .fixtures.yml | 50 ++--- .github/workflows/acceptance_test.yml | 99 ++++++++++ .github/workflows/lint.yaml | 71 +++++++ .github/workflows/unit_tests.yml | 71 +++++++ .gitignore | 2 +- .pdkignore | 9 +- .rubocop.yml | 223 +++++++++++++++++++++- .vscode/extensions.json | 2 +- CHANGELOG.md | 25 +++ Gemfile | 49 ++--- README.md | 59 +++++- REFERENCE.md | 197 ++++++++++--------- Rakefile | 84 +------- data/common.yaml | 8 +- data/os/RedHat-9.yaml | 85 +++++++++ data/os/RedHat-9gpg.yaml | 171 +++++++++++++++++ hiera-rpsec.yaml | 10 + hiera.yaml | 9 +- manifests/database_init.pp | 13 +- manifests/firewall.pp | 62 ++++++ manifests/firewallufw.pp | 29 --- manifests/init.pp | 6 +- manifests/mariadb.pp | 6 +- manifests/packages.pp | 8 + manifests/snmp.pp | 1 + manifests/yum.pp | 14 ++ metadata.json | 38 ++-- provision.yaml | 8 + spec/acceptance/observium_install_spec.rb | 133 +++++++++++++ spec/classes/observium_spec.rb | 154 +++++++++++++++ spec/data/common.yaml | 6 + spec/default_facts.yml | 9 +- spec/spec_helper.rb | 8 +- spec/spec_helper_acceptance.rb | 6 + spec/spec_helper_acceptance_local.rb | 10 + test_matrix.json | 12 ++ 36 files changed, 1431 insertions(+), 316 deletions(-) create mode 100644 .github/workflows/acceptance_test.yml create mode 100644 .github/workflows/lint.yaml create mode 100644 .github/workflows/unit_tests.yml create mode 100644 data/os/RedHat-9.yaml create mode 100644 data/os/RedHat-9gpg.yaml create mode 100644 hiera-rpsec.yaml create mode 100644 manifests/firewall.pp delete mode 100644 manifests/firewallufw.pp create mode 100644 provision.yaml create mode 100644 spec/acceptance/observium_install_spec.rb create mode 100644 spec/data/common.yaml create mode 100644 spec/spec_helper_acceptance.rb create mode 100644 spec/spec_helper_acceptance_local.rb create mode 100644 test_matrix.json diff --git a/.fixtures.yml b/.fixtures.yml index 0d45dde..006b647 100644 --- a/.fixtures.yml +++ b/.fixtures.yml @@ -4,41 +4,47 @@ fixtures: forge_modules: stdlib: - repo: "puppetlabs/stdlib" - ref: "8.6.0" + repo: "puppetlabs/stdlib" # needs stdlib 9 > + ref: "9.6.0" puppetlabs-yumrepo_core: repo: "puppetlabs/yumrepo_core" - ref: "2.0.0" + ref: "2.1.0" puppet-archive: repo: "puppet/archive" - ref: "5.0.0" + ref: "7.1.0" puppetlabs-mysql: - repo: "puppetlabs/mysql" - ref: "13.3.0" + repo: "puppetlabs/mysql" # needs 15 or > + ref: "15.0.0" puppetlabs-cron_core: repo: "puppetlabs/cron_core" - ref: "1.0.5" + ref: "1.3.0" puppet-selinux: - repo: "puppet/selinux" - ref: "3.4.0" + repo: "puppet/selinux" # needs stdlib 9 > + ref: "4.1.0" # needs 4> puppetlabs-apache: repo: "puppetlabs/apache" - ref: "10.0.0" + ref: "12.1.0" puppet-snmp: - repo: "puppet/snmp" - ref: "5.1.1" + repo: "puppet/snmp" # needs systemd 2.5.1 > + ref: "7.1.0" puppet-firewalld: repo: "puppet/firewalld" - ref: "4.4.0" - domkrm-ufw: - repo: "domkrm/ufw" - ref: "1.1.4" - camptocamp-systemd: - repo: "camptocamp/systemd" - ref: "3.0.0" - puppetlabs-concat: + ref: "5.0.0" + puppetlabs-firewall: + repo: "puppetlabs/firewall" + ref: "8.0.2" + puppet-systemd: # inifile is dep + repo: "puppet/systemd" + ref: "7.0.0" + puppetlabs-concat: # needs stdlib 9 > repo: "puppetlabs/concat" - ref: "7.0.1" + ref: "9.0.2" puppetlabs-augeas_core: repo: "puppetlabs/augeas_core" - ref: "1.1.2" \ No newline at end of file + ref: "1.5.0" + repositories: + provision: https://github.com/puppetlabs/provision.git + puppet_agent: + repo: https://github.com/puppetlabs/puppetlabs-puppet_agent.git + ref: v4.19.0 + facts: https://github.com/puppetlabs/puppetlabs-facts.git \ No newline at end of file diff --git a/.github/workflows/acceptance_test.yml b/.github/workflows/acceptance_test.yml new file mode 100644 index 0000000..d396ac7 --- /dev/null +++ b/.github/workflows/acceptance_test.yml @@ -0,0 +1,99 @@ +--- +name: "Acceptance Testing" + +on: + pull_request: + branches: + - "main" + +jobs: + + setup_matrix: + name: "Setup Test Matrix" + runs-on: ubuntu-22.04 + outputs: + matrix: ${{ steps.get-matrix.outputs.matrix }} + + steps: + - name: Checkout Source + uses: actions/checkout@v3 + + - name: Activate Ruby 3.2 + uses: ruby/setup-ruby@v1 + with: + ruby-version: "3.2.3" + bundler-cache: true + + - name: Print bundle environment + run: | + echo ::group::bundler environment + bundle env + echo ::endgroup:: + + - name: Setup Integration Test Matrix + id: get-matrix + run: | + echo "matrix=$(cat test_matrix.json | tr -s '\n' ' ')" >> $GITHUB_OUTPUT + cat $GITHUB_OUTPUT + + acceptance: + name: "Acceptance tests (${{matrix.collection.agent_version}})" + needs: + - setup_matrix + if: ${{ needs.setup_matrix.outputs.matrix != '{}' }} + + runs-on: ubuntu-22.04 + strategy: + fail-fast: false + matrix: ${{fromJson(needs.setup_matrix.outputs.matrix)}} + + env: + PUPPET_GEM_VERSION: ${{matrix.collection.gem_version}} + FACTER_GEM_VERSION: 'https://github.com/puppetlabs/facter#main' # why is this set? + + steps: + - name: Checkout Source + uses: actions/checkout@v3 + + - name: Activate Ruby 3.2 + uses: ruby/setup-ruby@v1 + with: + ruby-version: "3.2.3" + bundler-cache: true + + - name: Print bundle environment + run: | + echo ::group::bundler environment + bundle env + echo ::endgroup:: + + - name: Create the fixtures directory + run: | + bundle exec rake spec_prep + + - name: check vars + run: | + export + + - name: Provision test environment + run: | + bundle exec rake 'litmus:provision_list[docker]' + FILE='spec/fixtures/litmus_inventory.yaml' + + - name: Install Agents and module + run: | + # bundle exec rake 'litmus:install_agent' + bundle exec rake 'litmus:install_agent[${{ matrix.collection.agent_version }}]' + bundle exec rake litmus:install_module + + - name: Run integration tests + run: | + bundle exec rake litmus:acceptance:parallel + + - name: Remove test environment + if: ${{ always() }} + continue-on-error: true + run: | + ls -lh ./spec/fixtures/ + cat ./spec/fixtures/litmus_inventory.yaml + bundle exec rake 'litmus:tear_down' \ No newline at end of file diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml new file mode 100644 index 0000000..c2f88dc --- /dev/null +++ b/.github/workflows/lint.yaml @@ -0,0 +1,71 @@ +--- +name: "Lint testing" + +on: + pull_request: + branches: + - "main" + +jobs: + setup_matrix: + name: "Setup Test Matrix" + runs-on: ubuntu-22.04 + outputs: + matrix: ${{ steps.get-matrix.outputs.matrix }} + + steps: + - name: Checkout Source + uses: actions/checkout@v3 + + - name: Activate Ruby 3.2 + uses: ruby/setup-ruby@v1 + with: + ruby-version: "3.2.3" + bundler-cache: true + + - name: Print bundle environment + run: | + echo ::group::bundler environment + bundle env + echo ::endgroup:: + + - name: Setup Integration Test Matrix + id: get-matrix + run: | + echo "matrix=$(cat test_matrix.json | tr -s '\n' ' ')" >> $GITHUB_OUTPUT + cat $GITHUB_OUTPUT + + lint: + name: "Lint tests (${{matrix.collection.agent_version}})" + needs: + - setup_matrix + if: ${{ needs.setup_matrix.outputs.matrix != '{}' }} + + runs-on: ubuntu-22.04 + strategy: + fail-fast: false + matrix: ${{fromJson(needs.setup_matrix.outputs.matrix)}} + + env: + PUPPET_GEM_VERSION: ${{matrix.collection.gem_version}} + FACTER_GEM_VERSION: 'https://github.com/puppetlabs/facter#main' # why is this set? + + steps: + - name: Checkout Source + uses: actions/checkout@v3 + + - name: Activate Ruby 3.2 + uses: ruby/setup-ruby@v1 + with: + ruby-version: "3.2.3" + bundler-cache: true + + - name: Print bundle environment + run: | + echo ::group::bundler environment + bundle env + echo ::endgroup:: + + - name: "Run tests" + run: | + bundle exec rake validate \ No newline at end of file diff --git a/.github/workflows/unit_tests.yml b/.github/workflows/unit_tests.yml new file mode 100644 index 0000000..2e3fea2 --- /dev/null +++ b/.github/workflows/unit_tests.yml @@ -0,0 +1,71 @@ +--- +name: "Unit Testing" + +on: + pull_request: + branches: + - "main" + +jobs: + setup_matrix: + name: "Setup Test Matrix" + runs-on: ubuntu-22.04 + outputs: + matrix: ${{ steps.get-matrix.outputs.matrix }} + + steps: + - name: Checkout Source + uses: actions/checkout@v3 + + - name: Activate Ruby 3.2 + uses: ruby/setup-ruby@v1 + with: + ruby-version: "3.2.3" + bundler-cache: true + + - name: Print bundle environment + run: | + echo ::group::bundler environment + bundle env + echo ::endgroup:: + + - name: Setup Integration Test Matrix + id: get-matrix + run: | + echo "matrix=$(cat test_matrix.json | tr -s '\n' ' ')" >> $GITHUB_OUTPUT + cat $GITHUB_OUTPUT + + Unit: + name: "Unit tests (${{matrix.collection.agent_version}})" + needs: + - setup_matrix + if: ${{ needs.setup_matrix.outputs.matrix != '{}' }} + + runs-on: ubuntu-22.04 + strategy: + fail-fast: false + matrix: ${{fromJson(needs.setup_matrix.outputs.matrix)}} + + env: + PUPPET_GEM_VERSION: ${{matrix.collection.gem_version}} + FACTER_GEM_VERSION: 'https://github.com/puppetlabs/facter#main' # why is this set? + + steps: + - name: Checkout Source + uses: actions/checkout@v3 + + - name: Activate Ruby 3.2 + uses: ruby/setup-ruby@v1 + with: + ruby-version: "3.2.3" + bundler-cache: true + + - name: Print bundle environment + run: | + echo ::group::bundler environment + bundle env + echo ::endgroup:: + + - name: "Run tests" + run: | + bundle exec rake parallel_spec \ No newline at end of file diff --git a/.gitignore b/.gitignore index 988dcbb..3f15512 100644 --- a/.gitignore +++ b/.gitignore @@ -16,7 +16,7 @@ /log/ /pkg/ /spec/fixtures/manifests/ -/spec/fixtures/modules/ +/spec/fixtures/modules/* /tmp/ /vendor/ /convert_report.txt diff --git a/.pdkignore b/.pdkignore index c538bea..862847a 100644 --- a/.pdkignore +++ b/.pdkignore @@ -16,7 +16,7 @@ /log/ /pkg/ /spec/fixtures/manifests/ -/spec/fixtures/modules/ +/spec/fixtures/modules/* /tmp/ /vendor/ /convert_report.txt @@ -26,20 +26,17 @@ .envrc /inventory.yaml /spec/fixtures/litmus_inventory.yaml -/appveyor.yml -/.editorconfig /.fixtures.yml /Gemfile /.gitattributes +/.github/ /.gitignore -/.gitlab-ci.yml /.pdkignore /.puppet-lint.rc /Rakefile /rakelib/ /.rspec -/.rubocop.yml -/.travis.yml +/..yml /.yardopts /spec/ /.vscode/ diff --git a/.rubocop.yml b/.rubocop.yml index 31e8248..21b82b9 100644 --- a/.rubocop.yml +++ b/.rubocop.yml @@ -3,8 +3,9 @@ require: - rubocop-performance - rubocop-rspec AllCops: + NewCops: enable DisplayCopNames: true - TargetRubyVersion: '2.5' + TargetRubyVersion: '2.6' Include: - "**/*.rb" Exclude: @@ -111,8 +112,14 @@ Style/MethodCalledOnDoEndBlock: Enabled: true Style/StringMethods: Enabled: true +Bundler/GemFilename: + Enabled: false Bundler/InsecureProtocolSource: Enabled: false +Capybara/CurrentPathExpectation: + Enabled: false +Capybara/VisibilityMatcher: + Enabled: false Gemspec/DuplicatedAssignment: Enabled: false Gemspec/OrderedDependencies: @@ -287,11 +294,9 @@ Performance/UriDefaultParser: Enabled: false RSpec/Be: Enabled: false -RSpec/Capybara/CurrentPathExpectation: - Enabled: false RSpec/Capybara/FeatureMethods: Enabled: false -RSpec/Capybara/VisibilityMatcher: +RSpec/ContainExactly: Enabled: false RSpec/ContextMethod: Enabled: false @@ -331,6 +336,8 @@ RSpec/LeakyConstantDeclaration: Enabled: false RSpec/LetBeforeExamples: Enabled: false +RSpec/MatchArray: + Enabled: false RSpec/MissingExampleGroupArgument: Enabled: false RSpec/MultipleExpectations: @@ -373,8 +380,6 @@ Style/AccessModifierDeclarations: Enabled: false Style/AccessorGrouping: Enabled: false -Style/AsciiComments: - Enabled: false Style/BisectedAttrAccessor: Enabled: false Style/CaseLikeIf: @@ -485,35 +490,241 @@ Style/TrailingMethodEndStatement: Enabled: false Style/UnpackFirst: Enabled: false +Capybara/MatchStyle: + Enabled: false +Capybara/NegationMatcher: + Enabled: false +Capybara/SpecificActions: + Enabled: false +Capybara/SpecificFinders: + Enabled: false +Capybara/SpecificMatcher: + Enabled: false +Gemspec/DeprecatedAttributeAssignment: + Enabled: false +Gemspec/DevelopmentDependencies: + Enabled: false +Gemspec/RequireMFA: + Enabled: false +Layout/LineContinuationLeadingSpace: + Enabled: false +Layout/LineContinuationSpacing: + Enabled: false +Layout/LineEndStringConcatenationIndentation: + Enabled: false +Layout/SpaceBeforeBrackets: + Enabled: false +Lint/AmbiguousAssignment: + Enabled: false +Lint/AmbiguousOperatorPrecedence: + Enabled: false +Lint/AmbiguousRange: + Enabled: false +Lint/ConstantOverwrittenInRescue: + Enabled: false +Lint/DeprecatedConstants: + Enabled: false Lint/DuplicateBranch: Enabled: false +Lint/DuplicateMagicComment: + Enabled: false +Lint/DuplicateMatchPattern: + Enabled: false Lint/DuplicateRegexpCharacterClassElement: Enabled: false Lint/EmptyBlock: Enabled: false Lint/EmptyClass: Enabled: false +Lint/EmptyInPattern: + Enabled: false +Lint/IncompatibleIoSelectWithFiberScheduler: + Enabled: false +Lint/LambdaWithoutLiteralBlock: + Enabled: false Lint/NoReturnInBeginEndBlocks: Enabled: false +Lint/NonAtomicFileOperation: + Enabled: false +Lint/NumberedParameterAssignment: + Enabled: false +Lint/OrAssignmentToConstant: + Enabled: false +Lint/RedundantDirGlobSort: + Enabled: false +Lint/RefinementImportMethods: + Enabled: false +Lint/RequireRangeParentheses: + Enabled: false +Lint/RequireRelativeSelfPath: + Enabled: false +Lint/SymbolConversion: + Enabled: false Lint/ToEnumArguments: Enabled: false +Lint/TripleQuotes: + Enabled: false Lint/UnexpectedBlockArity: Enabled: false Lint/UnmodifiedReduceAccumulator: Enabled: false +Lint/UselessRescue: + Enabled: false +Lint/UselessRuby2Keywords: + Enabled: false +Metrics/CollectionLiteralLength: + Enabled: false +Naming/BlockForwarding: + Enabled: false Performance/CollectionLiteralInLoop: Enabled: false +Performance/ConcurrentMonotonicTime: + Enabled: false +Performance/MapCompact: + Enabled: false +Performance/RedundantEqualityComparisonBlock: + Enabled: false +Performance/RedundantSplitRegexpArgument: + Enabled: false +Performance/StringIdentifierArgument: + Enabled: false +RSpec/BeEq: + Enabled: false +RSpec/BeNil: + Enabled: false +RSpec/ChangeByZero: + Enabled: false +RSpec/ClassCheck: + Enabled: false +RSpec/DuplicatedMetadata: + Enabled: false +RSpec/ExcessiveDocstringSpacing: + Enabled: false +RSpec/FactoryBot/ConsistentParenthesesStyle: + Enabled: false +RSpec/FactoryBot/FactoryNameStyle: + Enabled: false +RSpec/FactoryBot/SyntaxMethods: + Enabled: false +RSpec/IdenticalEqualityAssertion: + Enabled: false +RSpec/NoExpectationExample: + Enabled: false +RSpec/PendingWithoutReason: + Enabled: false +RSpec/Rails/AvoidSetupHook: + Enabled: false +RSpec/Rails/HaveHttpStatus: + Enabled: false +RSpec/Rails/InferredSpecType: + Enabled: false +RSpec/Rails/MinitestAssertions: + Enabled: false +RSpec/Rails/TravelAround: + Enabled: false +RSpec/RedundantAround: + Enabled: false +RSpec/SkipBlockInsideExample: + Enabled: false +RSpec/SortMetadata: + Enabled: false +RSpec/SubjectDeclaration: + Enabled: false +RSpec/VerifiedDoubleReference: + Enabled: false +Security/CompoundHash: + Enabled: false +Security/IoMethods: + Enabled: false Style/ArgumentsForwarding: Enabled: false +Style/ArrayIntersect: + Enabled: false Style/CollectionCompact: Enabled: false +Style/ComparableClamp: + Enabled: false +Style/ConcatArrayLiterals: + Enabled: false +Style/DataInheritance: + Enabled: false +Style/DirEmpty: + Enabled: false Style/DocumentDynamicEvalDefinition: Enabled: false +Style/EmptyHeredoc: + Enabled: false +Style/EndlessMethod: + Enabled: false +Style/EnvHome: + Enabled: false +Style/FetchEnvVar: + Enabled: false +Style/FileEmpty: + Enabled: false +Style/FileRead: + Enabled: false +Style/FileWrite: + Enabled: false +Style/HashConversion: + Enabled: false +Style/HashExcept: + Enabled: false +Style/IfWithBooleanLiteralBranches: + Enabled: false +Style/InPatternThen: + Enabled: false +Style/MagicCommentFormat: + Enabled: false +Style/MapCompactWithConditionalBlock: + Enabled: false +Style/MapToHash: + Enabled: false +Style/MapToSet: + Enabled: false +Style/MinMaxComparison: + Enabled: false +Style/MultilineInPatternThen: + Enabled: false Style/NegatedIfElseCondition: Enabled: false +Style/NestedFileDirname: + Enabled: false Style/NilLambda: Enabled: false +Style/NumberedParameters: + Enabled: false +Style/NumberedParametersLimit: + Enabled: false +Style/ObjectThen: + Enabled: false +Style/OpenStructUse: + Enabled: false +Style/OperatorMethodCall: + Enabled: false +Style/QuotedSymbols: + Enabled: false Style/RedundantArgument: Enabled: false +Style/RedundantConstantBase: + Enabled: false +Style/RedundantDoubleSplatHashBraces: + Enabled: false +Style/RedundantEach: + Enabled: false +Style/RedundantHeredocDelimiterQuotes: + Enabled: false +Style/RedundantInitialize: + Enabled: false +Style/RedundantLineContinuation: + Enabled: false +Style/RedundantSelfAssignmentBranch: + Enabled: false +Style/RedundantStringEscape: + Enabled: false +Style/SelectByRegexp: + Enabled: false +Style/StringChars: + Enabled: false Style/SwapValues: Enabled: false diff --git a/.vscode/extensions.json b/.vscode/extensions.json index 2f1e4f7..6da8d47 100644 --- a/.vscode/extensions.json +++ b/.vscode/extensions.json @@ -1,6 +1,6 @@ { "recommendations": [ "puppet.puppet-vscode", - "rebornix.Ruby" + "Shopify.ruby-lsp" ] } diff --git a/CHANGELOG.md b/CHANGELOG.md index 34729a9..5f6c51c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,31 @@ All notable changes to this project will be documented in this file. +## Release 3.0.0 + +**Upgrade warning** + +The following default parameters for passwords have been removed from the module. +- observium::db_password +- observium::rootdb_password +- observium::snmpv3_authpass +- observium::snmpv3_cryptopass +- observium::admin_password + +If you were relying on these defaults you will need to set them in your control repo hiera before upgrading to 3.0.0. Passwords and other sensitive data in your control repo should be encrypted and protected, see https://www.puppet.com/docs/puppet/8/securing-sensitive-data.html. + +**Features** + +- Added support for RHEL9 +- Added support for stdlib 9.0 or later. **Note:** the observium module itself supports stdlib 9, however its dependencies did not. When upgrading to stdlib 9 please ensure you upgrade other dependant modules. +- Incorporated security recommendations from baile320, removal of default passwords. +- Bumped module dependencies to later versions. +- Bumped PDK version to 3.2.0. +- Lint and other minor fixes. +- Added lint, unit and litmus tests within Github actions pipeline. + +Thanks to https://github.com/baile320 for their security recommendations for this release. :) + ## Release 2.0.0 **Features** diff --git a/Gemfile b/Gemfile index 4ffa786..7a9ef2e 100644 --- a/Gemfile +++ b/Gemfile @@ -14,30 +14,35 @@ def location_for(place_or_version, fake_version = nil) end group :development do - gem "json", '= 2.1.0', require: false if Gem::Requirement.create(['>= 2.5.0', '< 2.7.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) - gem "json", '= 2.3.0', require: false if Gem::Requirement.create(['>= 2.7.0', '< 3.0.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) - gem "json", '= 2.5.1', require: false if Gem::Requirement.create(['>= 3.0.0', '< 3.0.5']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) - gem "json", '= 2.6.1', require: false if Gem::Requirement.create(['>= 3.1.0', '< 3.1.3']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) - gem "json", '= 2.6.3', require: false if Gem::Requirement.create(['>= 3.2.0', '< 4.0.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) - gem "voxpupuli-puppet-lint-plugins", '~> 3.1', require: false - gem "facterdb", '~> 1.18', require: false - gem "metadata-json-lint", '>= 2.0.2', '< 4.0.0', require: false - gem "puppetlabs_spec_helper", '>= 3.0.0', '< 5.0.0', require: false - gem "rspec-puppet-facts", '~> 2.0', require: false - gem "codecov", '~> 0.2', require: false - gem "dependency_checker", '~> 0.2', require: false - gem "parallel_tests", '~> 3.4', require: false - gem "pry", '~> 0.10', require: false - gem "simplecov-console", '~> 0.5', require: false - gem "puppet-debugger", '~> 1.0', require: false - gem "rubocop", '= 1.6.1', require: false - gem "rubocop-performance", '= 1.9.1', require: false - gem "rubocop-rspec", '= 2.0.1', require: false - gem "rb-readline", '= 0.5.5', require: false, platforms: [:mswin, :mingw, :x64_mingw] + gem "json", '= 2.1.0', require: false if Gem::Requirement.create(['>= 2.5.0', '< 2.7.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) + gem "json", '= 2.3.0', require: false if Gem::Requirement.create(['>= 2.7.0', '< 3.0.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) + gem "json", '= 2.5.1', require: false if Gem::Requirement.create(['>= 3.0.0', '< 3.0.5']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) + gem "json", '= 2.6.1', require: false if Gem::Requirement.create(['>= 3.1.0', '< 3.1.3']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) + gem "json", '= 2.6.3', require: false if Gem::Requirement.create(['>= 3.2.0', '< 4.0.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) + gem "racc", '~> 1.4.0', require: false if Gem::Requirement.create(['>= 2.7.0', '< 3.0.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) + gem "deep_merge", '~> 1.0', require: false + gem "voxpupuli-puppet-lint-plugins", '~> 5.0', require: false + gem "facterdb", '~> 1.18', require: false + gem "metadata-json-lint", '~> 4.0', require: false + gem "rspec-puppet-facts", '~> 3.0', require: false + gem "dependency_checker", '~> 1.0.0', require: false + gem "parallel_tests", '= 3.12.1', require: false + gem "pry", '~> 0.10', require: false + gem "simplecov-console", '~> 0.9', require: false + gem "puppet-debugger", '~> 1.0', require: false + gem "rubocop", '~> 1.50.0', require: false + gem "rubocop-performance", '= 1.16.0', require: false + gem "rubocop-rspec", '= 2.19.0', require: false + gem "rb-readline", '= 0.5.5', require: false, platforms: [:mswin, :mingw, :x64_mingw] +end +group :development, :release_prep do + gem "puppet-strings", '~> 4.0', require: false + gem "puppetlabs_spec_helper", '~> 7.0', require: false end group :system_tests do - gem "puppet_litmus", '< 1.0.0', require: false, platforms: [:ruby] - gem "serverspec", '~> 2.41', require: false + gem "puppet_litmus", '~> 1.0', require: false, platforms: [:ruby, :x64_mingw] + gem "CFPropertyList", '< 3.0.7', require: false, platforms: [:mswin, :mingw, :x64_mingw] + gem "serverspec", '~> 2.41', require: false end puppet_version = ENV['PUPPET_GEM_VERSION'] diff --git a/README.md b/README.md index 540e378..f03fd38 100644 --- a/README.md +++ b/README.md @@ -9,6 +9,7 @@ A Puppet module which installs and configures Observium monitoring software. For 1. [Setup - The basics of getting started with observium](#setup) * [What observium affects](#what-observium-affects) * [Setup requirements](#setup-requirements) + * [Password requirements](#password-requirements) * [Beginning with observium](#beginning-with-observium) 1. [Usage - Configuration options and additional functionality](#usage) 1. [Limitations - OS compatibility, etc.](#limitations) @@ -52,16 +53,51 @@ Please ensure you meet the dependency requirements and have the following in you - puppet-snmp - puppet-firewalld - only required for RHEL and if managing firewall - puppetlabs-resource_api -- domkrm-ufw - only required for Ubuntu and if managing firewall +- puppetlabs-firewall - only required for Ubuntu and if managing firewall - puppetlabs-translate - camptocamp-systemd +### Password requirements + +Beginning with the 3.0.0 release, default passwords are no longer provided by this module. This was a insecure default as every instances of observium setup with these defaults would use the same passwords. + +With the removal of the default, users now need to specify these password when using this module. There are two methods to do this in Puppet. + +1. Via parameters through resource like declarations. (Least preferred as you cannot protect these values) +``` +class { 'observium': + db_password => 'your_password_here', + rootdb_password => 'your_password_here', + snmpv3_authpass => 'your_password_here', + snmpv3_cryptopass => 'your_password_here', + admin_password => 'very_secure', +} +``` + +2. Via environment hiera. (Preferred as we can encrypt these values) +Within environment hiera place the values like shown. +``` +--- +observium::db_password: "your_password_here" +observium::rootdb_password: "your_password_here" +observium::snmpv3_authpass: "your_password_here" +observium::snmpv3_cryptopass: "your_password_here" +observium::admin_password: "very_secure" +``` + +These values should be encrypted using the [hiera-eyaml][11] gem. See Puppet [documentation][12]. ### Beginning with observium In its most basic form you can install observium by ``` -include observium +class { 'observium': + db_password => 'your_password_here', + rootdb_password => 'your_password_here', + snmpv3_authpass => 'your_password_here', + snmpv3_cryptopass => 'your_password_here', + admin_password => 'very_secure', +} ``` ## Usage @@ -118,6 +154,7 @@ Tested with the following setups. - RHEL - 7 - 8 + - 9 - Rocky - 8 - Ubuntu @@ -134,7 +171,7 @@ RHEL 7 requires the following yum repos for installation - these will be automat - [remi-php72][7] - [remi-safe][8] -RHEL 8 require the follwing yum repos for installation - these will be automatically added if you host has internet connection. +RHEL 8 requires the following yum repos for installation - these will be automatically added if you host has internet connection. - [EPEL][4] - [OpenNMS common][5] @@ -145,6 +182,17 @@ RHEL 8 require the follwing yum repos for installation - these will be automatic ``` - [remi-safe][10] +RHEL 9 requires the following yum repos for installation - these will be automatically added if you host has internet connection. + +- [EPEL][4] +- [OpenNMS common][5] +- [OpenNMS RHEL9][13] +- [remi-modular][14] - note you will need to enable php8.2 after adding this repo +``` +/bin/dnf module -y install php:remi-8.2 +``` +- [remi-safe][14] + ## Upgrading Observium Please see [Upgrading][2] steps from Observium to upgrade. If you are managaing Observium with Puppet, @@ -175,4 +223,7 @@ If you find any issues with this module, please log them in the issues register [8]: http://cdn.remirepo.net/enterprise/7/safe/mirro [9]: https://yum.opennms.org/stable/rhel8/ [10]: https://rpms.remirepo.net/enterprise/8/ - +[11]: https://github.com/voxpupuli/hiera-eyaml +[12]: https://www.puppet.com/docs/puppet/8/securing-sensitive-data.html +[13]: https://yum.opennms.org/stable/rhel9/ +[14]: https://rpms.remirepo.net/enterprise/9/ diff --git a/REFERENCE.md b/REFERENCE.md index 7e71c0f..773c6ad 100644 --- a/REFERENCE.md +++ b/REFERENCE.md @@ -15,8 +15,8 @@ * `observium::apache`: Class: observium::apache inherits observium Configure apache server with virtual host for observium * `observium::config`: Class: observium::config Configure observium configuration files lint:ignore:140chars lint:ignore:arrow_alignment * `observium::database_init`: Class: obversium Init the observium database after install. lint:ignore:140chars +* `observium::firewall`: Class: observium::firewall Manage iptables on ubuntu * `observium::firewalld`: Class: observium::firewall Manages firewall and opens ports for observium -* `observium::firewallufw`: Class: observium::firewallufw Manage UFW on ubuntu * `observium::install`: Class: observium::install Creates folder structure for Observium, and install from tar * `observium::mariadb`: Class: observium::mariadb Install mysql or mariadb - OS dependant * `observium::packages`: Class: observium::packages Installs required packges for observium @@ -46,165 +46,172 @@ include observium The following parameters are available in the `observium` class: -* [`auth_mechanism`](#auth_mechanism) -* [`db_password`](#db_password) -* [`rootdb_password`](#rootdb_password) -* [`download_url`](#download_url) -* [`installer_name`](#installer_name) -* [`install_dir`](#install_dir) -* [`db_host`](#db_host) -* [`db_user`](#db_user) -* [`db_charset`](#db_charset) -* [`db_collate`](#db_collate) -* [`community`](#community) -* [`snmpv3_authlevel`](#snmpv3_authlevel) -* [`snmpv3_authname`](#snmpv3_authname) -* [`snmpv3_authpass`](#snmpv3_authpass) -* [`snmpv3_authalgo`](#snmpv3_authalgo) -* [`snmpv3_cryptopass`](#snmpv3_cryptopass) -* [`snmpv3_cryptoalgo`](#snmpv3_cryptoalgo) -* [`mib_locations`](#mib_locations) -* [`additional_mib_location`](#additional_mib_location) -* [`additional_snmp_conf_options`](#additional_snmp_conf_options) -* [`fping_location`](#fping_location) -* [`email_default`](#email_default) -* [`email_from`](#email_from) -* [`admin_password`](#admin_password) -* [`apache_bind_ip`](#apache_bind_ip) -* [`apache_access_log`](#apache_access_log) -* [`apache_error_log`](#apache_error_log) -* [`apache_custom_options`](#apache_custom_options) -* [`apache_auth_require`](#apache_auth_require) -* [`apache_hostname`](#apache_hostname) -* [`apache_port`](#apache_port) -* [`apache_sslport`](#apache_sslport) -* [`custom_ssl_cert`](#custom_ssl_cert) -* [`custom_ssl_key`](#custom_ssl_key) -* [`manage_repo`](#manage_repo) -* [`manage_selinux`](#manage_selinux) -* [`manage_fw`](#manage_fw) -* [`manage_snmp`](#manage_snmp) -* [`manage_mysql`](#manage_mysql) -* [`manage_apache`](#manage_apache) -* [`manage_apachephp`](#manage_apachephp) -* [`manage_ssl`](#manage_ssl) -* [`repos`](#repos) -* [`gpgkeys`](#gpgkeys) -* [`observium_additional_conf`](#observium_additional_conf) - -##### `auth_mechanism` +* [`auth_mechanism`](#-observium--auth_mechanism) +* [`db_password`](#-observium--db_password) +* [`rootdb_password`](#-observium--rootdb_password) +* [`download_url`](#-observium--download_url) +* [`installer_name`](#-observium--installer_name) +* [`install_dir`](#-observium--install_dir) +* [`db_host`](#-observium--db_host) +* [`db_user`](#-observium--db_user) +* [`db_charset`](#-observium--db_charset) +* [`db_collate`](#-observium--db_collate) +* [`community`](#-observium--community) +* [`snmpv3_authlevel`](#-observium--snmpv3_authlevel) +* [`snmpv3_authname`](#-observium--snmpv3_authname) +* [`snmpv3_authpass`](#-observium--snmpv3_authpass) +* [`snmpv3_authalgo`](#-observium--snmpv3_authalgo) +* [`snmpv3_cryptopass`](#-observium--snmpv3_cryptopass) +* [`snmpv3_cryptoalgo`](#-observium--snmpv3_cryptoalgo) +* [`snmpd_agentaddress`](#-observium--snmpd_agentaddress) +* [`mib_locations`](#-observium--mib_locations) +* [`additional_mib_location`](#-observium--additional_mib_location) +* [`additional_snmp_conf_options`](#-observium--additional_snmp_conf_options) +* [`fping_location`](#-observium--fping_location) +* [`email_default`](#-observium--email_default) +* [`email_from`](#-observium--email_from) +* [`admin_password`](#-observium--admin_password) +* [`apache_bind_ip`](#-observium--apache_bind_ip) +* [`apache_access_log`](#-observium--apache_access_log) +* [`apache_error_log`](#-observium--apache_error_log) +* [`apache_custom_options`](#-observium--apache_custom_options) +* [`apache_auth_require`](#-observium--apache_auth_require) +* [`apache_hostname`](#-observium--apache_hostname) +* [`apache_port`](#-observium--apache_port) +* [`apache_sslport`](#-observium--apache_sslport) +* [`custom_ssl_cert`](#-observium--custom_ssl_cert) +* [`custom_ssl_key`](#-observium--custom_ssl_key) +* [`manage_repo`](#-observium--manage_repo) +* [`manage_selinux`](#-observium--manage_selinux) +* [`manage_fw`](#-observium--manage_fw) +* [`manage_snmp`](#-observium--manage_snmp) +* [`manage_mysql`](#-observium--manage_mysql) +* [`manage_apache`](#-observium--manage_apache) +* [`manage_apachephp`](#-observium--manage_apachephp) +* [`manage_ssl`](#-observium--manage_ssl) +* [`repos`](#-observium--repos) +* [`gpgkeys`](#-observium--gpgkeys) +* [`observium_additional_conf`](#-observium--observium_additional_conf) + +##### `auth_mechanism` Data type: `String` Auth mechanism to use default: mysql -##### `db_password` +##### `db_password` Data type: `String` Mysql password for observium user - default 'changeme' -##### `rootdb_password` +##### `rootdb_password` Data type: `String` Mysql root password - default 'hello123' -##### `download_url` +##### `download_url` Data type: `String` Url to the installer, IE http://observium.com/, can be a file path - default 'http://www.observium.org/' -##### `installer_name` +##### `installer_name` Data type: `String` Installer name, IE observium-installer.tar - default 'observium-community-latest.tar.gz' -##### `install_dir` +##### `install_dir` Data type: `String` Install directory - default '/opt/observium' -##### `db_host` +##### `db_host` Data type: `String` Database host to use - default 'localhost' -##### `db_user` +##### `db_user` Data type: `String` Database user to use - default 'observium' -##### `db_charset` +##### `db_charset` Data type: `String` Database charset to use - default 'utf8' Ubuntu 22.04 'utf8mb3' -##### `db_collate` +##### `db_collate` Data type: `String` Database collate to use - default 'utf8_general_ci' Ubuntu 22.04 'utf8mb3_general_ci' -##### `community` +##### `community` Data type: `String` Default SNMP community to configure - default 'puppet' -##### `snmpv3_authlevel` +##### `snmpv3_authlevel` Data type: `Enum['noAuthNoPriv','authNoPriv','authPriv']` Default SNMP authlevel to use - default 'authPriv' Valid options - ['noAuthNoPriv','authNoPriv','authPriv'] -##### `snmpv3_authname` +##### `snmpv3_authname` Data type: `String` SNMP Authname SNMPv3 user - default 'observium' -##### `snmpv3_authpass` +##### `snmpv3_authpass` Data type: `String` Auth password - min 8 character -##### `snmpv3_authalgo` +##### `snmpv3_authalgo` Data type: `Enum['SHA','MD5']` Auth algorithm - defualt 'SHA' Valid options - ['SHA','MD5'] -##### `snmpv3_cryptopass` +##### `snmpv3_cryptopass` Data type: `String` Crypto pass - min 8 character -##### `snmpv3_cryptoalgo` +##### `snmpv3_cryptoalgo` Data type: `Enum['AES','DES']` Crypto algorithm - default 'AES' Valid options - ['AES','DES'] -##### `mib_locations` +##### `snmpd_agentaddress` + +Data type: `Array` + +An array of addresses, on which snmpd will listen for queries. - default ['udp:127.0.0.1:161','udp6:[::1]:161'] + +##### `mib_locations` Data type: `Array` Miblocations for observium to add to snmp.conf, default ['/opt/observium/mibs/rfc','/opt/observium/mibs/net-snmp'] -##### `additional_mib_location` +##### `additional_mib_location` Data type: `Array` @@ -212,7 +219,7 @@ Additional mib locations to add to snmp.conf. Appended to built in mib_locations Default value: `[]` -##### `additional_snmp_conf_options` +##### `additional_snmp_conf_options` Data type: `Array` @@ -220,31 +227,31 @@ Additional options to add to snmp.conf. default [] Default value: `[]` -##### `fping_location` +##### `fping_location` Data type: `String` Change if fping is in a non default locaiton - default, RHEL '/sbin/fping' Ubuntu '/usr/bin/fping' -##### `email_default` +##### `email_default` Data type: `String` Not setup yet, use additional config option to setup email default -##### `email_from` +##### `email_from` Data type: `String` Not setup yet, use additional config option to setup email from -##### `admin_password` +##### `admin_password` Data type: `String` Admin password for the default admin observium user - default 'changeme' -##### `apache_bind_ip` +##### `apache_bind_ip` Data type: `String` @@ -252,19 +259,19 @@ Bind IP address - default $facts['ipaddress'] Default value: `$facts['networking']['ip']` -##### `apache_access_log` +##### `apache_access_log` Data type: `Stdlib::Unixpath` Apache access log file - default '/opt/observium/logs/access_log' -##### `apache_error_log` +##### `apache_error_log` Data type: `Stdlib::Unixpath` Apache error log file - default '/opt/observium/logs/error_log' -##### `apache_custom_options` +##### `apache_custom_options` Data type: `Hash` @@ -279,13 +286,13 @@ observium::apache_custom_options: ``` Default value: {} -##### `apache_auth_require` +##### `apache_auth_require` Data type: `String` Apache auth require parameter - default 'all granted' -##### `apache_hostname` +##### `apache_hostname` Data type: `String` @@ -293,99 +300,99 @@ Apache hostname for observium site - default $facts['hostname'] Default value: `$facts['networking']['hostname']` -##### `apache_port` +##### `apache_port` Data type: `Stdlib::Port` Apache non SSL port - note if SSL is enabled this will have no effect - default '80' -##### `apache_sslport` +##### `apache_sslport` Data type: `Stdlib::Port` Apache SSL port - note if SSL isn't enable this will have no effect - defautl '443' -##### `custom_ssl_cert` +##### `custom_ssl_cert` Data type: `String` Path to SSL certificate, note this module will automatically create a cert in this location '/etc/ssl/observium_cert.pem' - default '/etc/ssl/observium_cert.pem' -##### `custom_ssl_key` +##### `custom_ssl_key` Data type: `String` Path to SSL certificate key, note this module will automatically create a key in this location '/etc/ssl/observium_key.pem' - default '/etc/ssl/observium_key.pem' -##### `manage_repo` +##### `manage_repo` Data type: `Boolean` Manage repo, RHEL only, - default true -##### `manage_selinux` +##### `manage_selinux` Data type: `Boolean` Manage selinux, RHEL only. This will set selinux to permissive mode as observium havn't published a selinux profile - default true -##### `manage_fw` +##### `manage_fw` Data type: `Boolean` Manage firewalld on RHEL. UFW on ubuntu. - default RHEL true, Ubuntu false -##### `manage_snmp` +##### `manage_snmp` Data type: `Boolean` Configure snmpd on the observium and add to observium - default true -##### `manage_mysql` +##### `manage_mysql` Data type: `Boolean` Install and configure mysql, - default true -##### `manage_apache` +##### `manage_apache` Data type: `Boolean` Install and configure Apache, - defalt true -##### `manage_apachephp` +##### `manage_apachephp` Data type: `Boolean` Configure Apachemod php, - default true -##### `manage_ssl` +##### `manage_ssl` Data type: `Boolean` Setup the web site as SSL. If no cert provided, a self signed one will be used. - default false -##### `repos` +##### `repos` Data type: `Optional[Hash]` Customise repoistory locations for RedHat -Default value: ``undef`` +Default value: `undef` -##### `gpgkeys` +##### `gpgkeys` Data type: `Optional[Hash]` Customise GPG keys for RedHat -Default value: ``undef`` +Default value: `undef` -##### `observium_additional_conf` +##### `observium_additional_conf` Data type: `Optional[Array]` Array of additional configurations options to add to /opt/observium/config.php -Default value: ``undef`` +Default value: `undef` diff --git a/Rakefile b/Rakefile index 0f8754e..77590fe 100644 --- a/Rakefile +++ b/Rakefile @@ -1,89 +1,9 @@ # frozen_string_literal: true require 'bundler' -require 'puppet_litmus/rake_tasks' if Bundler.rubygems.find_name('puppet_litmus').any? +require 'puppet_litmus/rake_tasks' if Gem.loaded_specs.key? 'puppet_litmus' require 'puppetlabs_spec_helper/rake_tasks' require 'puppet-syntax/tasks/puppet-syntax' -require 'puppet_blacksmith/rake_tasks' if Bundler.rubygems.find_name('puppet-blacksmith').any? -require 'github_changelog_generator/task' if Bundler.rubygems.find_name('github_changelog_generator').any? -require 'puppet-strings/tasks' if Bundler.rubygems.find_name('puppet-strings').any? - -def changelog_user - return unless Rake.application.top_level_tasks.include? "changelog" - returnVal = nil || JSON.load(File.read('metadata.json'))['author'] - raise "unable to find the changelog_user in .sync.yml, or the author in metadata.json" if returnVal.nil? - puts "GitHubChangelogGenerator user:#{returnVal}" - returnVal -end - -def changelog_project - return unless Rake.application.top_level_tasks.include? "changelog" - - returnVal = nil - returnVal ||= begin - metadata_source = JSON.load(File.read('metadata.json'))['source'] - metadata_source_match = metadata_source && metadata_source.match(%r{.*\/([^\/]*?)(?:\.git)?\Z}) - - metadata_source_match && metadata_source_match[1] - end - - raise "unable to find the changelog_project in .sync.yml or calculate it from the source in metadata.json" if returnVal.nil? - - puts "GitHubChangelogGenerator project:#{returnVal}" - returnVal -end - -def changelog_future_release - return unless Rake.application.top_level_tasks.include? "changelog" - returnVal = "v%s" % JSON.load(File.read('metadata.json'))['version'] - raise "unable to find the future_release (version) in metadata.json" if returnVal.nil? - puts "GitHubChangelogGenerator future_release:#{returnVal}" - returnVal -end +require 'puppet-strings/tasks' if Gem.loaded_specs.key? 'puppet-strings' PuppetLint.configuration.send('disable_relative') - - -if Bundler.rubygems.find_name('github_changelog_generator').any? - GitHubChangelogGenerator::RakeTask.new :changelog do |config| - raise "Set CHANGELOG_GITHUB_TOKEN environment variable eg 'export CHANGELOG_GITHUB_TOKEN=valid_token_here'" if Rake.application.top_level_tasks.include? "changelog" and ENV['CHANGELOG_GITHUB_TOKEN'].nil? - config.user = "#{changelog_user}" - config.project = "#{changelog_project}" - config.future_release = "#{changelog_future_release}" - config.exclude_labels = ['maintenance'] - config.header = "# Change log\n\nAll notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org)." - config.add_pr_wo_labels = true - config.issues = false - config.merge_prefix = "### UNCATEGORIZED PRS; LABEL THEM ON GITHUB" - config.configure_sections = { - "Changed" => { - "prefix" => "### Changed", - "labels" => ["backwards-incompatible"], - }, - "Added" => { - "prefix" => "### Added", - "labels" => ["enhancement", "feature"], - }, - "Fixed" => { - "prefix" => "### Fixed", - "labels" => ["bug", "documentation", "bugfix"], - }, - } - end -else - desc 'Generate a Changelog from GitHub' - task :changelog do - raise < 1.15' - condition: "Gem::Version.new(RUBY_VERSION.dup) >= Gem::Version.new('2.3.0')" -EOM - end -end - diff --git a/data/common.yaml b/data/common.yaml index cfac302..bb21258 100644 --- a/data/common.yaml +++ b/data/common.yaml @@ -1,7 +1,5 @@ --- observium::auth_mechanism: "mysql" -observium::db_password: "changeme" -observium::rootdb_password: "hello123" observium::download_url: "http://www.observium.org/" observium::installer_name: "observium-community-latest.tar.gz" observium::install_dir: "/opt/observium" @@ -10,10 +8,11 @@ observium::db_user: "observium" observium::community: "puppet" observium::snmpv3_authlevel: "authPriv" observium::snmpv3_authname: "observium" -observium::snmpv3_authpass: "setme1234" observium::snmpv3_authalgo: "SHA" -observium::snmpv3_cryptopass: "setme1234" observium::snmpv3_cryptoalgo: "AES" +observium::snmpd_agentaddress: + - udp:127.0.0.1:161 + - udp6:[::1]:161 # need to disable for litmus tests to pass observium::mib_locations: - /opt/observium/mibs/rfc - /opt/observium/mibs/net-snmp @@ -23,7 +22,6 @@ observium::observium_additional_conf: - '//extra lines' - '//as many as you' - '//would like' -observium::admin_password: "changeme" observium::apache_custom_options: {} observium::apache_auth_require: "all granted" observium::apache_port: 80 diff --git a/data/os/RedHat-9.yaml b/data/os/RedHat-9.yaml new file mode 100644 index 0000000..d70189d --- /dev/null +++ b/data/os/RedHat-9.yaml @@ -0,0 +1,85 @@ +--- +observium::repos: + epel: + ensure: 'present' + enabled: 1 + descr: "Extra Packages for Enterprise Linux %{facts.os.release.major} - $basearch" + # mirrorlist: "https://mirrors.fedoraproject.org/metalink?repo=epel-%{facts.os.release.major}&arch=$basearch" + metalink: "https://mirrors.fedoraproject.org/metalink?repo=epel-%{facts.os.release.major}&arch=$basearch&infra=$infra&content=$contentdir" + gpgcheck: 1 + failovermethod: 'priority' + gpgkey: "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-%{facts.os.release.major}" + target: '/etc/yum.repos.d/epel.repo' + epel-next: + ensure: 'present' + enabled: 1 + descr: "Extra Packages for Enterprise Linux %{facts.os.release.major} - Next - $basearch" + # mirrorlist: "https://mirrors.fedoraproject.org/metalink?repo=epel-%{facts.os.release.major}&arch=$basearch" + metalink: "https://mirrors.fedoraproject.org/metalink?repo=epel-next-%{facts.os.release.major}&arch=$basearch&infra=$infra&content=$contentdir" + gpgcheck: 1 + failovermethod: 'priority' + gpgkey: "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-%{facts.os.release.major}" + target: '/etc/yum.repos.d/epel-next.repo' + remi-modular: + ensure: 'present' + enabled: 1 + descr: "Remi's Modular repository for Enterprise Linux $releasever - $basearch" + mirrorlist: "http://cdn.remirepo.net/enterprise/$releasever/modular/$basearch/mirror" + gpgcheck: 1 + failovermethod: 'priority' + gpgkey: "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-remi.el%{facts.os.release.major}" + target: '/etc/yum.repos.d/epel-next.repo' + remi-safe: + ensure: 'present' + enabled: 1 + descr: "Safe Remi's RPM repository for Enterprise Linux $releasever - $basearch" + mirrorlist: "http://cdn.remirepo.net/enterprise/$releasever/safe/$basearch/mirror" + gpgcheck: 1 + gpgkey: "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-remi.el%{facts.os.release.major}" + target: '/etc/yum.repos.d/epel-next.repo' + opennms-common: + ensure: 'present' + enabled: 1 + descr: 'RPMs Common to All OpenNMS Architectures (stable)' + baseurl: 'https://yum.opennms.org/stable/common' + gpgcheck: 1 + gpgkey: 'file:///etc/yum.repos.d/opennms-repo-stable-rhel%{facts.os.release.major}.gpg' + target: '/etc/yum.repos.d/opennms-repo-stable-rhel%{facts.os.release.major}.repo' + opennms-rhel%{facts.os.release.major}: + ensure: 'present' + enabled: 1 + descr: 'RedHat Enterprise Linux %{facts.os.release.major}.x and CentOS %{facts.os.release.major}.x (stable)' + baseurl: 'https://yum.opennms.org/stable/rhel%{facts.os.release.major}' + gpgcheck: 1 + gpgkey: 'file:///etc/yum.repos.d/opennms-repo-stable-rhel%{facts.os.release.major}.gpg' + target: '/etc/yum.repos.d/opennms-repo-stable-rhel%{facts.os.release.major}.repo' + +observium::required_packages: + - 'wget' + - 'php' + - 'php-ldap' + - 'php-opcache' + - 'php-mysqlnd' + - 'php-gd' + - 'php-posix' + - 'php-pear' + - 'cronie' + - 'net-snmp-utils' + - 'fping' + - 'python3-PyMySQL' + - 'rrdtool' + - 'subversion' + - 'whois' + - 'ipmitool' + - 'graphviz' + - 'ImageMagick' + - 'php-sodium' + - 'libvirt' + - 'php-json' + # - 'python3' Not required for RHEL9 +observium::fping_location: "/sbin/fping" +observium::apache_user: "apache" +observium::apache_service: "httpd" +observium::openssl_location: "/bin/openssl" +observium::mysql_location: "/bin/mysql" +observium::apache_php_version: "8" \ No newline at end of file diff --git a/data/os/RedHat-9gpg.yaml b/data/os/RedHat-9gpg.yaml new file mode 100644 index 0000000..6a44ab5 --- /dev/null +++ b/data/os/RedHat-9gpg.yaml @@ -0,0 +1,171 @@ +--- +observium::gpgkeys: + /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-9: # https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-9 + content: | + -----BEGIN PGP PUBLIC KEY BLOCK----- + + mQINBGE3mOsBEACsU+XwJWDJVkItBaugXhXIIkb9oe+7aadELuVo0kBmc3HXt/Yp + CJW9hHEiGZ6z2jwgPqyJjZhCvcAWvgzKcvqE+9i0NItV1rzfxrBe2BtUtZmVcuE6 + 2b+SPfxQ2Hr8llaawRjt8BCFX/ZzM4/1Qk+EzlfTcEcpkMf6wdO7kD6ulBk/tbsW + DHX2lNcxszTf+XP9HXHWJlA2xBfP+Dk4gl4DnO2Y1xR0OSywE/QtvEbN5cY94ieu + n7CBy29AleMhmbnx9pw3NyxcFIAsEZHJoU4ZW9ulAJ/ogttSyAWeacW7eJGW31/Z + 39cS+I4KXJgeGRI20RmpqfH0tuT+X5Da59YpjYxkbhSK3HYBVnNPhoJFUc2j5iKy + XLgkapu1xRnEJhw05kr4LCbud0NTvfecqSqa+59kuVc+zWmfTnGTYc0PXZ6Oa3rK + 44UOmE6eAT5zd/ToleDO0VesN+EO7CXfRsm7HWGpABF5wNK3vIEF2uRr2VJMvgqS + 9eNwhJyOzoca4xFSwCkc6dACGGkV+CqhufdFBhmcAsUotSxe3zmrBjqA0B/nxIvH + DVgOAMnVCe+Lmv8T0mFgqZSJdIUdKjnOLu/GRFhjDKIak4jeMBMTYpVnU+HhMHLq + uDiZkNEvEEGhBQmZuI8J55F/a6UURnxUwT3piyi3Pmr2IFD7ahBxPzOBCQARAQAB + tCdGZWRvcmEgKGVwZWw5KSA8ZXBlbEBmZWRvcmFwcm9qZWN0Lm9yZz6JAk4EEwEI + ADgWIQT/itE0RZcQbs6BO5GKOHK/MihGfAUCYTeY6wIbDwULCQgHAgYVCgkICwIE + FgIDAQIeAQIXgAAKCRCKOHK/MihGfFX/EACBPWv20+ttYu1A5WvtHJPzwbj0U4yF + 3zTQpBglQ2UfkRpYdipTlT3Ih6j5h2VmgRPtINCc/ZE28adrWpBoeFIS2YAKOCLC + nZYtHl2nCoLq1U7FSttUGsZ/t8uGCBgnugTfnIYcmlP1jKKA6RJAclK89evDQX5n + R9ZD+Cq3CBMlttvSTCht0qQVlwycedH8iWyYgP/mF0W35BIn7NuuZwWhgR00n/VG + 4nbKPOzTWbsP45awcmivdrS74P6mL84WfkghipdmcoyVb1B8ZP4Y/Ke0RXOnLhNe + CfrXXvuW+Pvg2RTfwRDtehGQPAgXbmLmz2ZkV69RGIr54HJv84NDbqZovRTMr7gL + 9k3ciCzXCiYQgM8yAyGHV0KEhFSQ1HV7gMnt9UmxbxBE2pGU7vu3CwjYga5DpwU7 + w5wu1TmM5KgZtZvuWOTDnqDLf0cKoIbW8FeeCOn24elcj32bnQDuF9DPey1mqcvT + /yEo/Ushyz6CVYxN8DGgcy2M9JOsnmjDx02h6qgWGWDuKgb9jZrvRedpAQCeemEd + fhEs6ihqVxRFl16HxC4EVijybhAL76SsM2nbtIqW1apBQJQpXWtQwwdvgTVpdEtE + r4ArVJYX5LrswnWEQMOelugUG6S3ZjMfcyOa/O0364iY73vyVgaYK+2XtT2usMux + VL469Kj5m13T6w== + =Mjs/ + -----END PGP PUBLIC KEY BLOCK----- + /etc/pki/rpm-gpg/RPM-GPG-KEY-remi.el9: # https://rpms.remirepo.net/ + content: | + -----BEGIN PGP PUBLIC KEY BLOCK----- + + mQINBF/zKcUBEADvJpDrH7Lf8JSyAQxSO7v+q9CWf++NPVL8zBUp99cFAS5+AK8E + qbfYTohcNFExuu8fJTzZWubc2HJVqnuvxwpCtb/pvrnIIg935AAjatDqa+5Aib1q + bGIQhAy7Rb92JtGfIC7pNqcRPzpurCtIp7SwpEwGI/ScJdmVCMFXrUJnaCYgkvfm + +Z6jEp3GCr3Yzw8ewNUeXk/vb0XzlZipDdTSpVcYUjPWn7BxVFUUmscd1WFL+dgD + XHJkmtjwU/AV3JcngENMAAxzrZQljL2dveptpI/cmPmBRwMBsneG8RBSiFtSoHy9 + K/p4letvgAonP5+5rIOPSBglw7heiUfMk+iSuCignTZawgQDxAt6sRY5bDwwtpBB + 5rpPLVVm3BRysQ5aiQvZdm7xKfZmb8IoOaEi0EdKp7Txg16KsX9BGo9X4Nj9BK7Y + lrOFWIl6V3P8lajbkWictlGw69SiIF4aWyc4F7BiQd12tqCwNOi8AMmhSVhmsJbV + PVmN1xTUytD1E85lehF6XCzb2GEojbWF/l2nmNUEf4Fs9pMuoeUbTGN1GOjpQkbd + cU+FIAgOv8U7qqEqczRsHf47WlDm8gjV59+/QHPScGZH0/G8+gLmDF7sG65K5gmn + VTXQy5VOR4zK/r3o/WFlxa+fWz3guCzzG752FYHWI69fYYhdo0pkFeyJXQARAQAB + tEZSZW1pJ3MgUlBNIHJlcG9zaXRvcnkgKGh0dHBzOi8vcnBtcy5yZW1pcmVwby5u + ZXQvKSA8cmVtaUByZW1pcmVwby5uZXQ+iQJOBBMBCAA4FiEEsav3HhTJ10iX4Zio + sZUn8UePiUcFAl/zKcUCGwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQsZUn + 8UePiUeSXhAAmfIKurragDpYw07jZJEeEKjMkFrt7KKZ7Ll5CuRUy0Hzawj+ug0F + 0cKCm+NxRJSQ5Gt4HfPfbcEXPC1+VNsoMCi1/nvHJ+HDXKvf7P8qe09R4gPBesRa + Ob3CLPi0nTQIjcCRI/5NiQS9Ia5nOd47+H4dWElhJlP48UIXYZLE4Av4683m7TBM + AOQ6m9sSIsl21ktdpTTAxXYdB0+uLWbLssEAwhkFl2NOgi/Eri436eWDEsJeId1v + SCWZHVj52ROVm9yy1Me11ELndNKkos4KYR+0PjGBxsCW5Wp56lPtAY4aDQ7KTnjH + mEctsvvfPP0agbYC4YAy5wZ4P4MJS2N3TiP64sodAWmuHEf6TvkK6ObFn3QfyQ03 + pCOIRvE+57U/MUz2qc2/xDIWVwSY9bzKUnfdDidEyaUfM9f6gLbsY2QWJ2uhHul5 + gzJqkdU5cYNX+Vx3OFna99l9cwLsqQ4AX4zkJl2BQggOfsfFOYn5huXlF0fyjG5r + CLPxVqNdDRPfF/daFXt/6RrsZcANzjI9bkLxWYHDi12NJonnpouhcI5XsjgeXKmf + g6iw5/+VAGc6ATgQJmZ+7WJbuIKxBYTEE8NHhpouIzAiGP2ZfYnAhFp159IPwOCO + 0U9Aqp55JU7uJetD8zQ/muir8zYEIneizaCIiPT3GgdgpcHFg0rQbX+5Ag0EX/Mp + xQEQANlkm5nSNiuQAPO3/mbxQuPAQoVoGfPR5nv093vjQVPJ+4OAZjoXaVCxfkiI + VK1sAPv+4qUJh+SLr7LDEOWFrJo5yXImePUoMZxpx3MqzuX/Dwx62zY84m5ylRkb + hVDpnGd+zS0R/QA8l57Xw1amDdRzua18b6ldzHoEdxeQ18LzBJ2oCJ/UYD1XzQAJ + 7odWJmJMiCYBT2OKEpfEVkxV3layd8g4qGEaxrWn4ZeDyfhGoNmkGsm85DLHLctL + lcAowEVK9PKsLlGhEAYybjVj5dnep1AibbPFUQMslm/bj7JvWFc9vZ97vqvOMstm + QXpEwl9rQ5W+adEsgvAwY6dCsZJwt6pnqFiWUpGs0M0XC9InXm643zNPXPwDQmCt + d2kRSKElZD0u0zCyBtoN3ng1A/o3FDilgMUm0Mabk4+cRsmpSVHcSdKW6xizxMqp + YW5Shwc0qXQOhK+mO3CWol7dtUB+d5a/1C3UIH62ZMsWXOLzZkFHiqKuoRgaM4eA + rw5B3o/EVU5RBBaE3kM7VYa1PTCbNTQM39bT2h3DUDhWBD+gefiOgeoAhHaURHoI + YQqRnmuCxEpEEZvrLN8Le7mNveNAHli+xoxCju7t4GPT7Jfe8B3RNTz2G2zd4PA4 + q8rVvC3AbkZWrzZ+4bK3ixZN5s5E/xuohDyHTnLFzj6KugHLABEBAAGJAjYEGAEI + ACAWIQSxq/ceFMnXSJfhmKixlSfxR4+JRwUCX/MpxQIbDAAKCRCxlSfxR4+JR+pu + D/9SNtGC8m7G8xtJcGjm5gX+5qIMCaymJgXjmMQ47Hb9qb+jLCC7/esOqaSq0C4M + n3s46wm40LkC2cLKFRPrNAA88tOJA3jkmBP7sGKVBxuBF6rarEOadXcd/6NWD1la + LogqrknhGpqxAv0Wf/LW1VFgz1h32dOFhT22K5jA5xpNCTW1gTCf3yOcWdMf6g3D + nG/ciSzAdl5ZV+dLsWu0i1aqOuq9GtMp2OiiwU4KeA20+3p3bn7+WfXLK7PWLEle + fMVWEBq2LQjpCIOYuW8UVEJP0JR6zVN7MROfXHjXETIE1UEmRO3NGkbpWIh98Qn2 + vJ5wW9i3yfmE5bDkI4/Bk7yfWGZVeCyJxmg7tZx4d57WujwlZG66G5GjqaXtW3vk + ji71d8pib4I8ZlZrj/d8SAxwvsnnCAvrNp4eLYbdW/MpLXwvd64sUoll4UW872qN + bfBEhVA4QAa8P98UXs4YuIq7dhNdf3Oqzt8BsxMCRZ7WldhdVKOFBdrYS8JymWDG + zp88wcqChyLHRQw6On9jnmeXLOLx/K4mnOwMs+YpICSUWorbOZxBIV0som47MgLC + x6oQFn/9pfOD8vOmTk1c0GsMRC1embxO62TqwRtlpRpgQxeyY1VgeJPxRff5chwM + CmuPjl1YneigbUiUoEqmvPLpkXRAHY/BZcN2mm1jNWgzjQ== + =xAif + -----END PGP PUBLIC KEY BLOCK----- + /etc/yum.repos.d/opennms-repo-stable-rhel9.gpg: + content: | + -----BEGIN PGP PUBLIC KEY BLOCK----- + + mQGiBE8cWjoRBACVT11pxtPwvUeP3EbCG56IRnkUyEhdf0Daj9wGeFbY9I6nRr31 + U/YqrDDMKyGBYCBRJ3FxrzNfSfUX8WVD4FtxhAmqyC3+nTn9PqdSLbVePuuFDyba + Q/AGKclRAPSCbqR2YjZQVy3ITxiUQ8SpRE37cvSlgLOTsYpbwXpSTy02MwCgi74K + jOxF3KP2xECe7GSo9Xmul30D/jDbbmmGQ3OcrNi1inVcOk7OFyObtX5pIR+oMvBV + 6MBlexGLeNgKGjbptURnX8OqXIwVMA6dunbKOgj+5HACOkN00ead9nJ8njrvwlEL + 3WD9xT4c9CejiaykKoNn752LQFRopX1/eLMmKu5iY55GRItEeIIounYdljHaN9Ms + OzJ1A/9kPJilfG8/9nMK2U2cszZu/z13xchBtz+aLs1fvPF7ZT3zS7Fqzl1FLRZn + 5fp5W6ZCao1ZLJtykAgXmdnNkRucem5kzFqCA3+gtG++GRs7K/4G+BhbjQ8ydHwc + aklq8dnYXiOC6ffAWNrWJ20ULkWayjImm3RIAXqupi7o26J/EbQ5T3Blbk5NUyBT + aWduaW5nIEtleSAyMDEyICgxMDI0LWJpdCkgPG9wZW5ubXNAb3Blbm5tcy5vcmc+ + iGYEExECACYFAk8cWjoCGwMFCQWjmoAGCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAAK + CRBXgB9vW579Q5FNAJwOfC/jnud3i/pfTxjvHiEQA2QpjgCfe3ydUPAbPdV0m3jx + zfwq5+3WQg2IZgQTEQIAJgIbAwYLCQgHAwIEFQIIAwQWAgMBAh4BAheABQJUwANF + BQkPCaqLAAoJEFeAH29bnv1D9RwAn20L7xnR4tSygZqqKkxcC5sAFrMpAJ9DtClb + 7O1zrHthZ2UTZIPpom1KAIhgBBMRAgAgAhsDBgsJCAcDAgQVAggDBBYCAwECHgEC + F4AFAlTGpjAACgkQV4Afb1ue/UPpbQCfcuVbOndjUyNpgDF5JssmuK6vd1QAn09b + X/1mcaESjKICe0BRV7N+0bFvuQENBE8cWjoQBACzbdh9E3rBWncNoNCmp+i+sQI4 + 69+6m/vNVxUYpP79Vq4wC1Mn+JVtqUnY907Inux/gzoeedALDRNQR//mbTKzOrjA + iG98BGP7qd6kJJcXXJK1OmPxPOVvHbh2IMg1N0sGSsYHosOgEPKik/Mg8u7Angxz + 5WjJd6VgYPFLv/pgXwADBQP+P/mppqcQsSsUXEowEOHp4spVFBkZT0f4v7QAa/39 + +i0NfhoFxVG1G4rtiAFnW6ShYWkbexhKVoP7i7MZdBj8vlvP94QGtM9BxuBqIIzy + 2qIZNJ1/ISd1bHUq5D3XetV5z4WEtYmlkVs1HLpdMXrq40D5CuKWGjgmXq0CNeUE + 3bmITwQYEQIADwUCTxxaOgIbDAUJBaOagAAKCRBXgB9vW579QygTAJ9uOybiQ5w3 + 7HhNxEn+bjAAaOB4wACdH62fHMTduH4Cm+zYIoKj/hWb0aWISQQYEQIACQIbDAUC + VMamGwAKCRBXgB9vW579Q/4vAJwLgBtbY9eBETaFXFeEpBSMeqoDCwCeOUqvKV5U + OnRUAWJ91FGZtqVJUWg= + =/H8o + -----END PGP PUBLIC KEY BLOCK----- + -----BEGIN PGP PUBLIC KEY BLOCK----- + + mQINBGO2+DMBEACqqpzXnYYNuBYYbKGqrc21NmPEcl6w3/kzxfm7RpLK7Cr8DPSn + GMzpfX/iCcf1jFjhWH7fc0Yx3lYLDEEDpfIjd+ix6TucnXXIvAZyp6DtClUXYV4y + wzH49hzDuE5BxxpdkayHYj0u//jWXHHSG2PPt4nK3XQfdcx+duMVcZhP9G9EOE/N + j4J+GagICQcKW6Uen278m1/+/0KQG3LsYl9u7QVsCXJtSzdMhoMzZxoG3mwu3FLe + mRSOtCgIHTRVvczxLCGEXrwhDssrKsR95GmBvcnu1odL/TGL8r8kHz0dR/35uUlv + +4Noj1Cs05xuj8kXg4Yf8MoqyIi+nX/sOVOxQ3ZpNi1OkJ80OrYzceZgWoagdtiI + 6MlztY1uefSYE9tf8kpfGYn6mmS7BNfKl7La1HbV/fIHJGb86iwf57Mphd0NeGYZ + itlJJiYD5YuyKugUac0YerA5xTxG7cWVcstahPbIqbiakg2i8N8P9Rhq5DF/lYtP + D/v8JEJGzopR/xLCpRytxqiYvS+GVgm6P0Y63SbkyXudAVapZt2E3chMdZK9OWw9 + mvyiF7Yb9cmFbvbwkfilObIlyk4Uw8BXLTKpr66ouxYdEVT0OegXgeoIJpaIWacS + IDXSIuVRxF4vvaT0QTPrW3BhxIxib0zKgjaOJhbpqWXoYIohejNbVT/EEQARAQAB + tC5PcGVuTk1TIFNpZ25pbmcgS2V5IDIwMjMgPG9wZW5ubXNAb3Blbm5tcy5vcmc+ + iQJRBBMBCAA7FiEEcB4UX+Jig/jAc7quaXZ3JDJg0HEFAmO2+DMCGwMFCwkIBwIC + IgIGFQoJCAsCBBYCAwECHgcCF4AACgkQaXZ3JDJg0HHnqRAAhXcAa6D0EAAFyvTw + ndCKQuWkebB0H297dp28vDPUB7qx60o63Ix13Qixmn5w/8ToZw5oBp5CRPp5O9Vj + Xe4P4IA0jFCdHnW3aeaz25IjRvwwlUZfOal8L5abDtfXTypTLYzjjU/4MAcaG0LR + 9WKOzYiu9YM05AbVCJHhNvecNMBIFKxWqem4UAjVrl2D/8f/IBg44fG5SVewSK9e + oj9wJ9Z6QOoX7nJSU8mymvHXBnW7H4WFRt0LwG88rxZQMMBgvnmcIpwNLCo2GWcS + 0Z/eW+4T875Q/+rGOcFBzqEluCTRMPAQILObJXgjwDlJZEJqB7EdBWxm3i2KleBt + eRsDRxpqjWltmLgVIxFxekDouHxXIE3TOLXVGZpgXd9+WyPdWVfVBfWb/1EaBPJS + kPCbxKiDBkIR2qp9ZyOp3juicVTyeBED7JnkeQHdFidYBcyGDK2EdRyAZY51WDOy + Bnn6MEBJWWLCOPLTKJ/4LRE6oNMTf+duHKOHPmfF838tBZI6HF0KYuYVmvBhXsOt + m2XKPgxzy709z889arfc5VXocqH9kTlmXSd6fZyPvJVAoRjSTRFXZEYYCaaoPdIZ + BELlr7f4hxDSMR6HDnsbT2U2ppsqc1OU0XEB4ji9d2UQh+MJ+aWFRynhCXXnPViD + pdiQSlv6wyVdSoR6Psp+KyttqBe5Ag0EY7b4MwEQALQOOt0m770AoUmEmjL9v+8b + S8Rm3xRo7QuROQmZT7AtCT1R43KxFtoFqqiBSJJZAguhsijbtUdckwuv+K0uk2wc + H4P1Ph+j9LeqEFA8mDDJJQOX44ZKWfyry5VmOjjEj7ss6igkaw3Qj9f5mVNYKsVx + SKoevItr2hy5uIYL6YrP9ugr6w9oQz0bel6um9lfEUha/vJxFX9gLPI4Nby8npSX + T4eCfuWU6zFxD+l+EzNkyvisZ3GX5Vvd4b0+iMtcDQU8/fjAjzxyxtoGbVXdUlnT + m/kcK4vB7CHKtZG47tprR7h7p/v/nRU86yPtDK1t6ATFgh8vODHGf/a+A/ge4e+W + y1Vxfja6evw4p3OGpi3GFd7ECnH+O4WzcPkIV0dORaq6m9Al3X267AUBINH3H/Ds + RqO0UXHaIcR0NNZooG08N4QoGEErJsway/x6N5RaH56maSbmMBWUDcqvSCS1XR71 + gWDa64r+AUQGH22aHCvNglLes3QK2OmUqz9Rd7MyOAxx/PcIndNWlRMqDdpp2RyM + RVcWKDS+9joZGJOVq8xWURC+4E/SZ+xNUhGL0imIOjNzXyZAiCBk0yO6ksJY2MZA + UQ5G3q9HDUpAORYkP+4HE+AGnPCkRRFJ2JrCD4/IxZdpJaxs/1lpNImiXjF70XI7 + Ooc0+DxLcFGQHd9IuNexABEBAAGJAjYEGAEIACAWIQRwHhRf4mKD+MBzuq5pdnck + MmDQcQUCY7b4MwIbDAAKCRBpdnckMmDQcSbyD/4g8k0/LmpHlsWHV5BrSLB/dGbt + zTBSdWppH7tYnMXb9pm6Ba/Aa9mhENtNhxJHBOmMNoXt9NyLJW/r6Piz1U5Z1Hko + Y3AAXwwB0PQsE2NA+/pYvv2EJ+ZJxDqwEG7RZPFJB0g6T8iHORBCTKWQZWLGIima + La7TflytPIHAd4X0oIPKIkOjLr1p/n1+Hjwt48NXojRmplZbumHHl00+HCsCpaUJ + jBeyOkW+CxiHKdzVfY9uaTmXBqxBRxxe6lbZZ4/Ycrw0OulkTq4VQh5EUvirx78o + S3HNzqV905Wu1t9ETbCmqkgnTRXvvu4cGwo4G/dY7f7GW6XHAKWCHp17ZIXqczFh + z8ur4A4CqVD9XHL21FoKu0jWWLodQr2flSTrF34pzC8ZYSQ/q+J+lDvfEDtnAxIH + 9hJoSO/Qi7aTmdeKJvO77u9thxKW8JhlFFcpVr1n31xebq3Ygr0sflsuwROCeSQK + 5Sh5bs58KPHAwI7tT6fNf+qM02AhFPhOiVxJMjntLTDkdT8DDG9EW5g86BXO9PSO + olv1G2XIql0JySduRIYlaaENGGo0b6HEgK1CrNq513nqwsenkGyw7yPiJfBuMIzZ + jkHJnoc+/uLAqjVuEFC7gBIAJvXECWXeJvDML7axvX9vBYCen2GRS3pbtMrj9wP4 + onnZjQia9Jy1YA1G7A== + =429p + -----END PGP PUBLIC KEY BLOCK----- \ No newline at end of file diff --git a/hiera-rpsec.yaml b/hiera-rpsec.yaml new file mode 100644 index 0000000..7d0e31f --- /dev/null +++ b/hiera-rpsec.yaml @@ -0,0 +1,10 @@ +--- +version: 5 + +defaults: # Used for any hierarchy level that omits these keys. + datadir: spec/data # This path is relative to hiera.yaml's directory. + data_hash: yaml_data # Use the built-in YAML backend. + +hierarchy: + - name: 'Mock override' + path: 'common.yaml' \ No newline at end of file diff --git a/hiera.yaml b/hiera.yaml index 246beff..d99047e 100644 --- a/hiera.yaml +++ b/hiera.yaml @@ -6,17 +6,10 @@ defaults: # Used for any hierarchy level that omits these keys. data_hash: yaml_data # Use the built-in YAML backend. hierarchy: - - name: "osfamily/major release" - paths: - # Used to distinguish between Debian and Ubuntu - - "os/%{facts.os.name}/%{facts.os.release.major}.yaml" - - "os/%{facts.os.family}/%{facts.os.release.major}.yaml" - # Used for Solaris - - "os/%{facts.os.family}/%{facts.kernelrelease}.yaml" - name: "osfamily" paths: - - "os/%{facts.os.name}.yaml" - "os/%{facts.os.family}-%{facts.os.release.major}.yaml" - "os/%{facts.os.family}-%{facts.os.release.major}gpg.yaml" + - "os/%{facts.os.name}.yaml" - name: 'common' path: 'common.yaml' diff --git a/manifests/database_init.pp b/manifests/database_init.pp index 67d5657..0574f4b 100644 --- a/manifests/database_init.pp +++ b/manifests/database_init.pp @@ -13,12 +13,15 @@ # init the database if the user table is not present exec { 'init observium databse': command => '/opt/observium/discovery.php -u', - unless => "${mysql_location} -u observium --password=${observium::db_password} observium -e 'select * from users'", + unless => "${mysql_location} -u ${observium::db_user} --password='${observium::db_password}' observium -e \"select * from observium.users\"", } - exec { 'Create admin user': - command => "/opt/observium/adduser.php admin ${observium::admin_password} 10", - unless => "${mysql_location} -u observium --password=${observium::db_password} observium -e 'select * from users WHERE username LIKE \"admin\"' | grep admin", + # when auth_mechanism is 'remote', privilege level is given by observium's auth_remote_userlevel setting + unless $observium::auth_mechanism == 'remote' { + exec { 'Create admin user': + command => "/opt/observium/adduser.php admin ${observium::admin_password} 10", + unless => "${mysql_location} -u ${observium::db_user} --password='${observium::db_password}' observium -e \"select * from observium.users WHERE username LIKE 'admin'\" | grep admin", + } } # add local host to database @@ -30,7 +33,7 @@ } exec { 'Add local host as device': command => "/opt/observium/add_device.php 127.0.0.1 ${v3auth} v3 ${observium::snmpv3_authname} ${observium::snmpv3_authpass} ${observium::snmpv3_cryptopass} ${observium::snmpv3_authalgo} ${observium::snmpv3_cryptoalgo}", - unless => "${mysql_location} -u observium --password=${observium::db_password} observium -e 'select hostname from devices WHERE hostname LIKE \"127.0.0.1\"' | grep 127.0.0.1", + unless => "${mysql_location} -u ${observium::db_user} --password='${observium::db_password}' observium -e 'select hostname from devices WHERE hostname LIKE \"127.0.0.1\"' | grep 127.0.0.1", } # Perform discovery for nodes which have been added. diff --git a/manifests/firewall.pp b/manifests/firewall.pp new file mode 100644 index 0000000..3558ac2 --- /dev/null +++ b/manifests/firewall.pp @@ -0,0 +1,62 @@ +# Class: observium::firewall +# +# Manage iptables on ubuntu +# +# @api private +# +class observium::firewall { + assert_private() + Firewall { + require => undef, + } + + # Default firewall rules + firewall { '000 accept all icmp': + proto => 'icmp', + jump => 'accept', + } + -> firewall { '001 accept all to lo interface': + proto => 'all', + iniface => 'lo', + jump => 'accept', + } + -> firewall { '002 reject local traffic not on loopback interface': + iniface => '! lo', + proto => 'all', + destination => '127.0.0.1/8', + jump => 'reject', + } + -> firewall { '003 accept related established rules': + proto => 'all', + state => ['RELATED', 'ESTABLISHED'], + jump => 'accept', + } + # Add rules for apache + if $observium::manage_ssl { + firewall { "50 Allow https access ${observium::apache_sslport}": + dport => $observium::apache_sslport, + proto => 'tcp', + jump => 'accept', + } + } + else { + firewall { "50 Allow http access ${observium::apache_port}": + dport => $observium::apache_port, + proto => 'tcp', + jump => 'accept', + } + } + # Ensure ssh is open + firewall { '004 Allow inbound SSH': + dport => 22, + proto => 'tcp', + jump => 'accept', + } + + # ensure we drop all other traffic + firewall { '999 drop all': + proto => 'all', + jump => 'drop', + before => undef, + } +} diff --git a/manifests/firewallufw.pp b/manifests/firewallufw.pp deleted file mode 100644 index 9f8d4b5..0000000 --- a/manifests/firewallufw.pp +++ /dev/null @@ -1,29 +0,0 @@ -# Class: observium::firewallufw -# -# Manage UFW on ubuntu -# -# @api private -# -class observium::firewallufw { - assert_private() - - # Add rules for apache - class { 'ufw': } - if $observium::manage_ssl { - ufw::allow { "Allow https access ${observium::apache_sslport}": - port => $observium::apache_sslport, - from => '0.0.0.0/0', - } - } - else { - ufw::allow { "Allow https access ${observium::apache_port}": - port => $observium::apache_port, - from => '0.0.0.0/0', - } - } - # Ensure ssh is open - ufw::allow { 'Allow ssh access 22': - port => '22', - from => '0.0.0.0/0', - } -} diff --git a/manifests/init.pp b/manifests/init.pp index b6cb0a2..1acf92e 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -62,6 +62,9 @@ # Crypto algorithm - default 'AES' # Valid options - ['AES','DES'] # +# @param snmpd_agentaddress +# An array of addresses, on which snmpd will listen for queries. - default ['udp:127.0.0.1:161','udp6:[::1]:161'] +# # @param mib_locations # Miblocations for observium to add to snmp.conf, default ['/opt/observium/mibs/rfc','/opt/observium/mibs/net-snmp'] # @@ -174,6 +177,7 @@ Enum['SHA','MD5'] $snmpv3_authalgo, String $snmpv3_cryptopass, Enum['AES','DES'] $snmpv3_cryptoalgo, + Array $snmpd_agentaddress, Array $mib_locations, Array $additional_mib_location = [], Array $additional_snmp_conf_options = [], @@ -242,7 +246,7 @@ if $manage_fw { case $facts['os']['family'] { 'RedHat': { include observium::firewalld } - 'Debian': { include observium::firewallufw } + 'Debian': { include observium::firewall } default: {} } } diff --git a/manifests/mariadb.pp b/manifests/mariadb.pp index 3d4ba2c..259fd8a 100644 --- a/manifests/mariadb.pp +++ b/manifests/mariadb.pp @@ -6,8 +6,9 @@ # class observium::mariadb { assert_private() + # Check we are managing mysql - if observium::manage_mysql { + if $observium::manage_mysql { case $facts['os']['family'] { 'RedHat': { Class { '::mysql::server': @@ -19,9 +20,6 @@ } 'Debian': { Class { '::mysql::server': - #package_name => 'mariadb-server', - #package_ensure => 'present', - #service_name => 'mysqld', root_password => $observium::rootdb_password, override_options => { 'mysqld' => { diff --git a/manifests/packages.pp b/manifests/packages.pp index 1a62585..52a2d3b 100644 --- a/manifests/packages.pp +++ b/manifests/packages.pp @@ -33,6 +33,14 @@ creates => '/bin/python', } } + '9': { + # Running on rhel 9 + $required_packages = lookup('observium::required_packages', Array) + package { $required_packages: + ensure => 'installed', + require => Class['observium::yum'], + } + } default: { fail('Unsupported operating system, bailing out!!') } } } diff --git a/manifests/snmp.pp b/manifests/snmp.pp index 800072b..16b138f 100644 --- a/manifests/snmp.pp +++ b/manifests/snmp.pp @@ -29,6 +29,7 @@ # Setup SNMP class with snmpv3 user class { 'snmp': snmpd_config => ["rouser ${observium::snmpv3_authname} ${observium::snmpv3_authlevel}"], + agentaddress => $observium::snmpd_agentaddress, service_config_dir_group => $ubuntu2004user, service_config_dir_owner => $ubuntu2004user, varnetsnmp_owner => $ubuntu2004user, diff --git a/manifests/yum.pp b/manifests/yum.pp index 88df859..975d4bf 100644 --- a/manifests/yum.pp +++ b/manifests/yum.pp @@ -41,6 +41,20 @@ unless => '/bin/dnf module list php | grep "remi-7.2 \\[e\\]"', } } + '9': { + $observium::repos.each | String $reponame, Hash $repoinfo | { + yumrepo { $reponame: + * => $repoinfo, + before => Exec['Set remi-8.2 as default php provider'], + } + } + + # Set remi-8.2 module as default php provider RHEL 9 only + exec { 'Set remi-8.2 as default php provider': + command => '/bin/dnf module reset php -y | /bin/dnf module -y install php:remi-8.2', + unless => '/bin/dnf module list php | grep "remi-8.2 \\[e\\]"', + } + } default: { fail('Unsupported operating system, bailing out!!') } } } diff --git a/metadata.json b/metadata.json index 5f15432..5b10227 100644 --- a/metadata.json +++ b/metadata.json @@ -1,6 +1,6 @@ { "name": "benjaminrobertson-observium", - "version": "2.0.0", + "version": "3.0.0", "author": "benjaminrobertson", "summary": "Configures and installs Observium for Redhat and Ubuntu", "license": "Apache-2.0", @@ -8,11 +8,11 @@ "dependencies": [ { "name": "puppetlabs/stdlib", - "version_requirement": ">= 6.0.0 < 9.0.0" + "version_requirement": ">= 9.0.0 < 10.0.0" }, { "name": "puppet/archive", - "version_requirement": ">6.0.0 < 8.0.0" + "version_requirement": ">7.0.0 < 8.0.0" }, { "name": "puppetlabs/yumrepo_core", @@ -20,7 +20,7 @@ }, { "name": "puppetlabs/mysql", - "version_requirement": ">=13.0.0 < 15.0.0" + "version_requirement": ">=15.0.0 < 16.0.0" }, { "name": "puppetlabs/cron_core", @@ -28,35 +28,35 @@ }, { "name": "puppet/selinux", - "version_requirement": ">=3.0.0 < 4.0.0" + "version_requirement": ">=4.0.0 < 5.0.0" }, { "name": "puppetlabs/apache", - "version_requirement": ">=8.1.0 < 11.0.0" + "version_requirement": ">=10.1.0 < 13.0.0" }, { "name": "puppet/snmp", - "version_requirement": ">=5.0.0 < 7.0.0" + "version_requirement": ">=7.0.0 < 8.0.0" }, { "name": "puppet/firewalld", - "version_requirement": ">=4.1.1 < 5.0.0" + "version_requirement": ">=5.0.0 < 6.0.0" }, { - "name": "domkrm/ufw", - "version_requirement": ">=1.1.1 < 2.0.0" + "name": "puppetlabs/firewall", + "version_requirement": ">=6.0.0 < 9.0.0" }, { "name": "puppet/systemd", - "version_requirement": ">=4.0.0 < 6.0.0" + "version_requirement": ">=5.1.0 < 8.0.0" }, { "name": "puppetlabs/inifile", - "version_requirement": ">=5.0.0 < 7.0.0" + "version_requirement": ">=6.1.0 < 7.0.0" }, { "name": "puppetlabs/concat", - "version_requirement": ">=7.0.0 < 9.0.0" + "version_requirement": ">=9.0.0 < 10.0.0" } ], "operatingsystem_support": [ @@ -64,14 +64,16 @@ "operatingsystem": "CentOS", "operatingsystemrelease": [ "7", - "8" + "8", + "9" ] }, { "operatingsystem": "RedHat", "operatingsystemrelease": [ "7", - "8" + "8", + "9" ] }, { @@ -88,7 +90,7 @@ "version_requirement": ">= 7.0.0 < 9.0.0" } ], - "pdk-version": "2.6.1", - "template-url": "pdk-default#2.7.1", - "template-ref": "tags/2.7.1-0-g9a16c87" + "pdk-version": "3.2.0", + "template-url": "pdk-default#3.2.0", + "template-ref": "tags/3.2.0-0-gb257ef1" } diff --git a/provision.yaml b/provision.yaml new file mode 100644 index 0000000..3fde78e --- /dev/null +++ b/provision.yaml @@ -0,0 +1,8 @@ +--- +docker: + provisioner: docker + images: ['litmusimage/centos:stream8', 'litmusimage/ubuntu:22.04', 'litmusimage/centos:stream9'] + # removed 'litmusimage/ubuntu:20.04' as it failed in github action pipeline +vagrant: + provisioner: vagrant + images: ['centos/stream8', 'generic/ubuntu2204', 'generic/ubuntu2004'] \ No newline at end of file diff --git a/spec/acceptance/observium_install_spec.rb b/spec/acceptance/observium_install_spec.rb new file mode 100644 index 0000000..e457b6f --- /dev/null +++ b/spec/acceptance/observium_install_spec.rb @@ -0,0 +1,133 @@ +# frozen_string_literal: true + +require 'spec_helper_acceptance' +require 'rspec-puppet-facts' + +describe 'Installation', if: ['centos', 'redhat', 'ubuntu'].include?(os[:family]) do + before(:all) do + if os[:family] == 'redhat' && os[:release] == '8' + install_packge('crontabs') + install_packge('curl') + elsif os[:family] == 'ubuntu' + install_packge('cron') + install_packge('curl') + end + end + + # let(:hiera_config) { 'hiera-rpsec.yaml' } # litmus doesn't seem to respect this. + + let(:pp) do + <<-MANIFEST + class { 'observium': + snmpd_agentaddress => ['udp:127.0.0.1:161'], + db_password => changeme, + rootdb_password => hello123, + snmpv3_authpass => setme1234, + snmpv3_cryptopass => setme1234, + admin_password => changeme + } + MANIFEST + end + + # confirm we are not on 22.04. Ubuntu takes two run to complete setup. + if os[:release] != '22.04' + it 'applies idempotently' do + idempotent_apply(pp) + end + else + it 'applies' do + # run manifest twice for 2204 + apply_manifest(pp) + apply_manifest(pp) + end + end + + describe file('/opt/observium/config.php') do + it { is_expected.to be_file } + it { is_expected.to contain "$config['install_dir'] = \"/opt/observium\"" } + it { is_expected.to contain "$config['db_host'] = 'localhost';" } + end + + describe port(80) do + it { is_expected.to be_listening } + end + + # describe command('/usr/bin/curl http://127.0.0.1 -I') do # for some reason this isn't working as expected. Disabling test. + # its(:exit_status) { is_expected.to eq 0 } + # its(:stdout) { is_expected.to contain 'HTTP/1.1 200 OK' } + # end + + describe cron do + it { is_expected.to have_entry('33 */6 * * * /opt/observium/discovery.php -h all >> /dev/null 2>&1').with_user('root') } + end + + describe cron do + it { is_expected.to have_entry('*/5 * * * * /opt/observium/discovery.php -h new >> /dev/null 2>&1').with_user('root') } + end + + describe cron do + it { is_expected.to have_entry('*/5 * * * * /opt/observium/poller-wrapper.py >> /dev/null 2>&1').with_user('root') } + end + + describe cron do + it { is_expected.to have_entry('13 5 * * * /opt/observium/housekeeping.php -ysel').with_user('root') } + end + + describe cron do + it { is_expected.to have_entry('47 4 * * * /opt/observium/housekeeping.php -yrptb').with_user('root') } + end + + # Red hat specifc checks + if os[:family] == 'redhat' + + describe service('httpd') do + it { is_expected.to be_running } + end + + describe service('snmpd') do + it { is_expected.to be_running } + end + + describe package('python3-PyMySQL') do + it { is_expected.to be_installed } + end + + describe yumrepo('opennms-common') do + it { is_expected.to exist } + end + + describe yumrepo('epel') do + it { is_expected.to exist } + end + + elsif os[:family] == 'ubuntu' + + describe service('apache2') do + it { is_expected.to be_running } + end + + describe service('snmpd') do + it { is_expected.to be_running } + end + + if os[:release] == '22.04' + describe package('imagemagick') do + it { is_expected.to be_installed } + end + + describe package('php8.1-ldap') do + it { is_expected.to be_installed } + end + end + + if os[:release] == '20.04' + describe package('php7.4-json') do + it { is_expected.to be_installed } + end + + describe package('php7.4-ldap') do + it { is_expected.to be_installed } + end + end + end +end diff --git a/spec/classes/observium_spec.rb b/spec/classes/observium_spec.rb index 326418e..ce01020 100644 --- a/spec/classes/observium_spec.rb +++ b/spec/classes/observium_spec.rb @@ -3,11 +3,165 @@ require 'spec_helper' describe 'observium' do + let(:hiera_config) { 'hiera-rpsec.yaml' } + on_supported_os.each do |os, os_facts| context "on #{os}" do let(:facts) { os_facts } it { is_expected.to compile } + + it { is_expected.to contain_cron('discovery all devices').with_command('/opt/observium/discovery.php -h all >> /dev/null 2>&1').with_user('root') } + it { is_expected.to contain_cron('discovery newly added devices').with_command('/opt/observium/discovery.php -h new >> /dev/null 2>&1').with_user('root') } + it { is_expected.to contain_cron('multithreaded pooler wrapper').with_command('/opt/observium/poller-wrapper.py >> /dev/null 2>&1').with_user('root') } + it { is_expected.to contain_cron('daily housekeeping for syslog, eventlog and alert log').with_command('/opt/observium/housekeeping.php -ysel').with_user('root') } + it { is_expected.to contain_cron('housekeeping script daily for rrds, ports, orphaned entries in the database and performance data').with_user('root') } + + it { is_expected.to contain_snmp__snmpv3_user('observium') } + it { is_expected.to contain_mysql__db('observium') } + + it { is_expected.to contain_package('rrdtool') } + + it { is_expected.to contain_file('/opt/observium').with_ensure('directory') } + it { is_expected.to contain_file('/opt/observium/rrd').with_ensure('directory') } + it { is_expected.to contain_file('/opt/observium/config.php').with_ensure('file') } + + it { is_expected.to contain_archive('observium-community-latest.tar.gz') } + + it { is_expected.to contain_exec('Create TLS cert').with_refreshonly(true) } + end + end + + context 'on rhel7' do + let(:facts) do + { + 'os' => { + 'family' => 'RedHat', + 'name' => 'RedHat', + 'release' => { + 'major' => '7', + }, + 'selinux' => { + 'enabled' => true, + 'current_mode' => 'enforcing', + }, + } + } + end + + it { is_expected.to contain_service('httpd') } + end + + context 'on rhel8' do + let(:facts) do + { + 'os' => { + 'family' => 'RedHat', + 'name' => 'RedHat', + 'release' => { + 'major' => '8', + }, + 'selinux' => { + 'enabled' => true, + 'current_mode' => 'enforcing', + }, + } + } end + + it { is_expected.to contain_service('httpd') } + it { is_expected.to contain_package('python3-PyMySQL') } + it { is_expected.to contain_package('php-json') } + end + + context 'on rhel9' do + let(:facts) do + { + 'os' => { + 'family' => 'RedHat', + 'name' => 'RedHat', + 'release' => { + 'major' => '9', + }, + 'selinux' => { + 'enabled' => true, + 'current_mode' => 'enforcing', + }, + } + } + end + + it { is_expected.to contain_service('httpd') } + it { is_expected.to contain_package('python3-PyMySQL') } + it { is_expected.to contain_package('php-json') } + end + + context 'on ubuntu 18.04' do + let(:facts) do + { + 'os' => { + 'family' => 'Debian', + 'name' => 'Debian', + 'release' => { + 'major' => '18.04', + 'full' => '18.04', + }, + 'selinux' => { + 'enabled' => true, + 'current_mode' => 'enforcing', + }, + } + } + end + + # it { is_expected.to contain_service('apache2') } + it { is_expected.to contain_package('php-pear') } + it { is_expected.to contain_package('php7.2-mysql') } + end + + context 'on ubuntu 20.04' do + let(:facts) do + { + 'os' => { + 'family' => 'Debian', + 'name' => 'Debian', + 'release' => { + 'major' => '20.04', + 'full' => '20.04', + }, + 'selinux' => { + 'enabled' => true, + 'current_mode' => 'enforcing', + }, + } + } + end + + # it { is_expected.to contain_service('apache2') } + it { is_expected.to contain_package('php7.4-ldap') } + it { is_expected.to contain_package('php7.4-json') } + end + + context 'on ubuntu 22.04' do + let(:facts) do + { + 'os' => { + 'family' => 'Debian', + 'name' => 'Debian', + 'release' => { + 'major' => '22.04', + 'full' => '22.04', + }, + 'selinux' => { + 'enabled' => true, + 'current_mode' => 'enforcing', + }, + } + } + end + + # it { is_expected.to contain_service('apache2') } + it { is_expected.to contain_package('php8.1-ldap') } + it { is_expected.to contain_package('imagemagick') } end end diff --git a/spec/data/common.yaml b/spec/data/common.yaml new file mode 100644 index 0000000..c600c9f --- /dev/null +++ b/spec/data/common.yaml @@ -0,0 +1,6 @@ +--- +observium::db_password: "changeme" +observium::rootdb_password: "hello123" +observium::snmpv3_authpass: "setme1234" +observium::snmpv3_cryptopass: "setme1234" +observium::admin_password: "changeme" \ No newline at end of file diff --git a/spec/default_facts.yml b/spec/default_facts.yml index f777abf..f15af20 100644 --- a/spec/default_facts.yml +++ b/spec/default_facts.yml @@ -2,7 +2,8 @@ # # Facts specified here will override the values provided by rspec-puppet-facts. --- -ipaddress: "172.16.254.254" -ipaddress6: "FE80:0000:0000:0000:AAAA:AAAA:AAAA" -is_pe: false -macaddress: "AA:AA:AA:AA:AA:AA" +networking: + ip: "172.16.254.254" + ip6: "FE80:0000:0000:0000:AAAA:AAAA:AAAA" + mac: "AA:AA:AA:AA:AA:AA" +is_pe: false \ No newline at end of file diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index 9b1fa6f..ae7c1f6 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -25,15 +25,16 @@ next unless File.exist?(f) && File.readable?(f) && File.size?(f) begin - default_facts.merge!(YAML.safe_load(File.read(f), [], [], true)) - rescue => e + require 'deep_merge' + default_facts.deep_merge!(YAML.safe_load(File.read(f), permitted_classes: [], permitted_symbols: [], aliases: true)) + rescue StandardError => e RSpec.configuration.reporter.message "WARNING: Unable to load #{f}: #{e}" end end # read default_facts and merge them over what is provided by facterdb default_facts.each do |fact, value| - add_custom_fact fact, value + add_custom_fact fact, value, merge_facts: true end RSpec.configure do |c| @@ -46,6 +47,7 @@ end c.filter_run_excluding(bolt: true) unless ENV['GEM_BOLT'] c.after(:suite) do + RSpec::Puppet::Coverage.report!(0) end # Filter backtrace noise diff --git a/spec/spec_helper_acceptance.rb b/spec/spec_helper_acceptance.rb new file mode 100644 index 0000000..73a0238 --- /dev/null +++ b/spec/spec_helper_acceptance.rb @@ -0,0 +1,6 @@ +# frozen_string_literal: true + +require 'puppet_litmus' +PuppetLitmus.configure! + +require 'spec_helper_acceptance_local' if File.file?(File.join(File.dirname(__FILE__), 'spec_helper_acceptance_local.rb')) diff --git a/spec/spec_helper_acceptance_local.rb b/spec/spec_helper_acceptance_local.rb new file mode 100644 index 0000000..883163a --- /dev/null +++ b/spec/spec_helper_acceptance_local.rb @@ -0,0 +1,10 @@ +include PuppetLitmus + +def install_packge(package) + if os[:family] == 'redhat' + run_shell("yum -y install #{package}") + elsif os[:family] == 'ubuntu' + run_shell('apt update') + run_shell("apt -y install #{package}") + end +end diff --git a/test_matrix.json b/test_matrix.json new file mode 100644 index 0000000..3df0627 --- /dev/null +++ b/test_matrix.json @@ -0,0 +1,12 @@ +{ + "collection": [ + { + "agent_version": "puppet7", + "gem_version": "~> 7.31" + }, + { + "agent_version": "puppet8", + "gem_version": "~> 8.7" + } + ] +}