From 259843b435f182de66a7d54fc052fa93ec5e0394 Mon Sep 17 00:00:00 2001 From: Nick Maludy Date: Sat, 22 Sep 2018 21:36:09 -0400 Subject: [PATCH 1/6] Added support for RabbitMQ auth along with additional config options --- CHANGELOG.md | 18 ++++++- lib/puppet/functions/st2/urlencode.rb | 11 +++++ manifests/init.pp | 7 ++- manifests/params.pp | 9 ++-- manifests/profile/mistral.pp | 28 +++++++++-- manifests/profile/rabbitmq.pp | 47 ++++++++++++------- manifests/profile/server.pp | 21 ++++++++- .../stackstorm/controls/rabbitmq_test.rb | 15 ++++++ .../stackstorm/controls/st2_test.rb | 2 + 9 files changed, 131 insertions(+), 27 deletions(-) create mode 100644 lib/puppet/functions/st2/urlencode.rb diff --git a/CHANGELOG.md b/CHANGELOG.md index 06bc0ead..185db2e1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -30,7 +30,23 @@ - Fixed bug where the default nginx splash page was not being removed on RHEL/CentOS installs. (Bugfix) Contributed by @nmaludy - + +- Added authentication for RabbitMQ, by default. + The authentication options are available in the `::st2` class: + - `rabbitmq_username` : Username for the new RabbitMQ user (default: `st2admin`) + - `rabbitmq_password` : Password for the new RabbitMQ user (default: `Ch@ngMe`) + When upgrading to this new version, this will force a restart of all StackStorm + and Mistral services as the new password is applied. (Feature) + Contributed by @nmaludy + +- Added support for additional RabbitMQ configuration options: + - `rabbitmq_hostname` : Hostname of the RabbitMQ server (default: `127.0.0.1`) + - `rabbitmq_port` : Port to connect to the RabbitMQ server (default: `5672`) + - `rabbitmq_bind_ip` : IP address to bind the RabbitMQ server to (default: `127.0.0.1`) + - `rabbitmq_vhost` : Virtual Host for the StackStorm content on RabbitMQ (default: `/`) + (Feature) + Contributed by @nmaludy + ## 1.1.0 (Sep 07, 2018) - DEPRECATION WARNING - Dropped support for Puppet 3. (Enhancement) diff --git a/lib/puppet/functions/st2/urlencode.rb b/lib/puppet/functions/st2/urlencode.rb new file mode 100644 index 00000000..d40f8d48 --- /dev/null +++ b/lib/puppet/functions/st2/urlencode.rb @@ -0,0 +1,11 @@ +require 'cgi' + +Puppet::Functions.create_function(:'st2::urlencode') do + dispatch :urlencode do + param 'String', :url + end + + def urlencode(url) + CGI.escape(url) + end +end diff --git a/manifests/init.pp b/manifests/init.pp index 11d0605e..feaac561 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -169,6 +169,12 @@ $datastore_keys_dir = $::st2::params::datstore_keys_dir, $datastore_key_path = "${::st2::params::datstore_keys_dir}/datastore_key.json", $nginx_manage_repo = true, + $rabbitmq_username = $::st2::params::rabbitmq_username, + $rabbitmq_password = $::st2::params::rabbitmq_password, + $rabbitmq_hostname = $::st2::params::rabbitmq_hostname, + $rabbitmq_port = $::st2::params::rabbitmq_port, + $rabbitmq_bind_ip = $::st2::params::rabbitmq_bind_ip, + $rabbitmq_vhost = $::st2::params::rabbitmq_vhost, $timersengine_enabled = $::st2::params::st2timersengine_enabled, $timersengine_timezone = $::st2::params::st2timersengine_timezone, $chatops_adapter = $::st2::params::chatops_adapter, @@ -186,7 +192,6 @@ $nodejs_version = undef, $nodejs_manage_repo = true, ) inherits st2::params { - ######################################## ## Control commands exec {'/usr/bin/st2ctl reload --register-all': diff --git a/manifests/params.pp b/manifests/params.pp index 43e7f6a7..1292ae19 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -147,9 +147,12 @@ $mongodb_st2_roles = ['readWrite'] ## RabbitMQ - $rabbitmq_port = 25672 - $rabbitmq_protocol = 'tcp' - $rabbitmq_selinux_type = 'amqp_port_t' + $rabbitmq_username = $admin_username + $rabbitmq_password = $admin_password + $rabbitmq_hostname = '127.0.0.1' + $rabbitmq_port = 5672 + $rabbitmq_bind_ip = '127.0.0.1' + $rabbitmq_vhost = '/' ## chatops default config $st2_chatops_dir = '/opt/stackstorm/chatops' diff --git a/manifests/profile/mistral.pp b/manifests/profile/mistral.pp index d497d529..2590acfc 100644 --- a/manifests/profile/mistral.pp +++ b/manifests/profile/mistral.pp @@ -28,11 +28,16 @@ # } # class st2::profile::mistral( - $version = $st2::version, - $db_server = '127.0.0.1', - $db_name = 'mistral', - $db_username = 'mistral', - $db_password = $st2::db_password, + $version = $st2::version, + $db_server = '127.0.0.1', + $db_name = 'mistral', + $db_username = 'mistral', + $db_password = $st2::db_password, + $rabbitmq_username = $::st2::rabbitmq_username, + $rabbitmq_password = $::st2::rabbitmq_password, + $rabbitmq_hostname = $::st2::rabbitmq_hostname, + $rabbitmq_port = $::st2::rabbitmq_port, + $rabbitmq_vhost = $::st2::rabbitmq_vhost, ) inherits st2 { include ::st2::params @@ -65,6 +70,19 @@ tag => 'mistral', } + # URL encode the RabbitMQ password, in case it contains special characters that + # can mess up the URL. + $_rabbitmq_pass = st2::urlencode($rabbitmq_password) + ini_setting { 'DEFAULT_transport_url': + ensure => present, + path => $mistral_config, + section => 'DEFAULT', + setting => 'transport_url', + value => "rabbit://${rabbitmq_username}:${_rabbitmq_pass}@${rabbitmq_hostname}:${rabbitmq_port}/${rabbitmq_vhost}", + tag => 'mistral', + } + + # TODO add extra config params # https://forge.puppet.com/puppetlabs/inifile # create_ini_settings() diff --git a/manifests/profile/rabbitmq.pp b/manifests/profile/rabbitmq.pp index aa0049e4..bfbbce18 100644 --- a/manifests/profile/rabbitmq.pp +++ b/manifests/profile/rabbitmq.pp @@ -15,24 +15,39 @@ # # include st2::profile::rabbitmq # -class st2::profile::rabbitmq { +class st2::profile::rabbitmq ( + $username = $::st2::rabbitmq_username, + $password = $::st2::rabbitmq_password, + $port = $::st2::rabbitmq_port, + $bind_ip = $::st2::rabbitmq_bind_ip, + $vhost = $::st2::rabbitmq_vhost, +) inherits st2 { - if versioncmp($::puppetversion, '4') >= 0 { - # In new versions of the RabbitMQ module we need to explicitly turn off - # the ranch TCP settings so that Kombu can connect via AMQP - class { '::rabbitmq' : - config_ranch => false, - environment_variables => { - 'RABBITMQ_NODE_IP_ADDRESS' => '127.0.0.1', - }, - } + # In new versions of the RabbitMQ module we need to explicitly turn off + # the ranch TCP settings so that Kombu can connect via AMQP + class { '::rabbitmq' : + config_ranch => false, + delete_guest_user => true, + port => $port, + environment_variables => { + 'RABBITMQ_NODE_IP_ADDRESS' => $::st2::rabbitmq_bind_ip, + }, } - else { - class { '::rabbitmq': - environment_variables => { - 'RABBITMQ_NODE_IP_ADDRESS' => '127.0.0.1', - }, - } + contain '::rabbitmq' + + rabbitmq_user { $username: + admin => true, + password => $password, + } + + rabbitmq_vhost { $vhost: + ensure => present, + } + + rabbitmq_user_permissions { "${username}@${vhost}": + configure_permission => '.*', + read_permission => '.*', + write_permission => '.*', } # RHEL needs EPEL installed prior to rabbitmq diff --git a/manifests/profile/server.pp b/manifests/profile/server.pp index 0bdc424b..3cbae8b6 100644 --- a/manifests/profile/server.pp +++ b/manifests/profile/server.pp @@ -51,6 +51,11 @@ $ng_init = $::st2::ng_init, $db_username = $::st2::db_username, $db_password = $::st2::db_password, + $rabbitmq_username = $::st2::rabbitmq_username, + $rabbitmq_password = $::st2::rabbitmq_password, + $rabbitmq_hostname = $::st2::rabbitmq_hostname, + $rabbitmq_port = $::st2::rabbitmq_port, + $rabbitmq_vhost = $::st2::rabbitmq_vhost, $index_url = $::st2::index_url, ) inherits st2 { include ::st2::notices @@ -207,7 +212,7 @@ tag => 'st2::config', } - ## Database settings + ## Database settings (MongoDB) ini_setting { 'database_username': ensure => present, path => '/etc/st2/st2.conf', @@ -225,6 +230,20 @@ tag => 'st2::config', } + ## Messaging Settings (RabbitMQ) + + # URL encode the RabbitMQ password, in case it contains special characters that + # can mess up the URL in the config. + $_rabbitmq_pass = st2::urlencode($rabbitmq_password) + ini_setting { 'messaging_url': + ensure => present, + path => '/etc/st2/st2.conf', + section => 'messaging', + setting => 'url', + value => "amqp://${rabbitmq_username}:${_rabbitmq_pass}@${rabbitmq_hostname}:${rabbitmq_port}/${rabbitmq_vhost}", + tag => 'st2::config', + } + ## Notifier Settings ini_setting { 'notifier_logging': ensure => present, diff --git a/test/integration/stackstorm/controls/rabbitmq_test.rb b/test/integration/stackstorm/controls/rabbitmq_test.rb index 3685e86f..b3afa4ae 100644 --- a/test/integration/stackstorm/controls/rabbitmq_test.rb +++ b/test/integration/stackstorm/controls/rabbitmq_test.rb @@ -33,5 +33,20 @@ its('protocols') { should cmp 'tcp' } end + # check that the st2admin user was created + describe command('rabbitmqctl list_users') do + its(:stdout) { should match %r{st2admin} } + end + + # check that the guest user was removed + describe command('rabbitmqctl list_users') do + its(:stdout) { should_not match %r{guest} } + end + + # check that the permissions of the st2admin user + describe command('rabbitmqctl list_user_permissions st2admin') do + its(:stdout) { should match %r{/\s+\.\*\s+\.\*\s+\.\*} } + end + # TODO: Security check that 'beam.smp' is not listening on any other ports & IPs end diff --git a/test/integration/stackstorm/controls/st2_test.rb b/test/integration/stackstorm/controls/st2_test.rb index 6e8e61f8..eedcf447 100644 --- a/test/integration/stackstorm/controls/st2_test.rb +++ b/test/integration/stackstorm/controls/st2_test.rb @@ -33,6 +33,8 @@ it { should exist } its('owner') { should eq 'root' } its('group') { should eq 'root' } + # ensure that passwords with special characters are escaped for RabbitMQ URL + its('content') { should match %r{url = amqp://st2admin:Ch%40ngeMe@127.0.0.1:5672/} } end describe file('/etc/st2/htpasswd') do From eadfb07540310a269a6c0d6de5fcbf95352dca62 Mon Sep 17 00:00:00 2001 From: Nick Maludy Date: Sat, 22 Sep 2018 21:40:43 -0400 Subject: [PATCH 2/6] Added note about removing guest user to changelog --- CHANGELOG.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 185db2e1..d01cbf30 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -39,6 +39,10 @@ and Mistral services as the new password is applied. (Feature) Contributed by @nmaludy +- Remove the insecure RabbitMQ default `guest` user on RabbitMQ instances. + Note: this will remove this user on new AND existing instances. (Enhancement) + Contributed by @nmaludy + - Added support for additional RabbitMQ configuration options: - `rabbitmq_hostname` : Hostname of the RabbitMQ server (default: `127.0.0.1`) - `rabbitmq_port` : Port to connect to the RabbitMQ server (default: `5672`) From 01ec6d7ecff244f388dda7e8a26a56ba0beea8c4 Mon Sep 17 00:00:00 2001 From: Nick Maludy Date: Sat, 22 Sep 2018 21:47:34 -0400 Subject: [PATCH 3/6] Fixing unit tests. Making unit testing easier --- Makefile | 20 ++++++++++++------ build/scripts/ci_docker_unit.sh | 2 ++ build/scripts/ci_pdk_unit.sh | 2 ++ build/scripts/install_puppet.sh | 21 +++++++++++++++++++ .../stackstorm/controls/rabbitmq_test.rb | 2 +- 5 files changed, 40 insertions(+), 7 deletions(-) create mode 100644 build/scripts/install_puppet.sh diff --git a/Makefile b/Makefile index 94a557bc..fff13fe4 100644 --- a/Makefile +++ b/Makefile @@ -2,7 +2,7 @@ THIS_FILE := $(lastword $(MAKEFILE_LIST)) ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) .PHONY: clean -clean: clean-kitchen clean-puppet-librarian clean-bundler +clean: clean-kitchen clean-puppet-librarian clean-bundler clean-pkg # Clean kitchen build files .PHONY: clean-kitchen @@ -26,9 +26,17 @@ clean-bundler: @echo @echo "== clean-bundler ======================================" @echo - rm -rf build/kitchen/.bundle - rm -rf build/kitchen/vendor - rm -rf .bundle - rm -rf Gemfile.lock - rm -rf vendor + rm -rf ${ROOT_DIR}/build/kitchen/.bundle + rm -rf ${ROOT_DIR}/build/kitchen/vendor + rm -rf ${ROOT_DIR}/.bundle + rm -rf ${ROOT_DIR}/Gemfile.lock + rm -rf ${ROOT_DIR}/vendor rm -rf /tmp/puppet-st2/build + +# Clean packages +.PHONY: clean-pkg +clean-pkg: + @echo + @echo "== clean-pkg ======================================" + @echo + rm -rf ${ROOT_DIR}/pkg diff --git a/build/scripts/ci_docker_unit.sh b/build/scripts/ci_docker_unit.sh index 0921b38a..f34af8a5 100755 --- a/build/scripts/ci_docker_unit.sh +++ b/build/scripts/ci_docker_unit.sh @@ -2,6 +2,8 @@ set -e set -o xtrace +export CHECK="${CHECK:-syntax lint metadata_lint check:symlinks check:git_ignore check:dot_underscore check:test_file rubocop parallel_spec}" + docker build -t stackstorm/puppet-st2-$TEST_NAME -f build/$TEST_NAME/Dockerfile . docker run -dit --name stackstorm-puppet-st2-$TEST_NAME stackstorm/puppet-st2-$TEST_NAME docker exec stackstorm-puppet-st2-$TEST_NAME bash -l -c "bundle exec rake $CHECK" diff --git a/build/scripts/ci_pdk_unit.sh b/build/scripts/ci_pdk_unit.sh index 4e22d6d8..0a67ce88 100755 --- a/build/scripts/ci_pdk_unit.sh +++ b/build/scripts/ci_pdk_unit.sh @@ -2,4 +2,6 @@ set -e set -o xtrace +export CHECK="${CHECK:-syntax lint metadata_lint check:symlinks check:git_ignore check:dot_underscore check:test_file rubocop parallel_spec}" + bundle exec rake $CHECK diff --git a/build/scripts/install_puppet.sh b/build/scripts/install_puppet.sh new file mode 100644 index 00000000..e3c4a8cc --- /dev/null +++ b/build/scripts/install_puppet.sh @@ -0,0 +1,21 @@ +#!/bin/sh + +# install puppet +curl -sSL https://raw.githubusercontent.com/nmaludy/puppet-install-shell/master/install_puppet_6_agent.sh | sudo bash -s + +# install librarian-puppet +sudo /opt/puppetlabs/puppet/bin/gem install librarian-puppet + +# Install git +sudo yum -y install git + +# Install puppet module dependencies +sudo -i bash -c "pushd /vagrant/build/centos7-puppet6 && /opt/puppetlabs/puppet/bin/librarian-puppet install --verbose --path=/etc/puppetlabs/code/modules" + +# Create symlink for the st2/ puppet module in the Pupept code directory. +# This allows us to make changes locally, outside of the VM then automatically available +# within the VM so you can run `puppet agent -t` and it will just work! +# +# FYI the local puppet-st2/ directory is automatically mounted as /vagrant +# inside the vagrant VM when it comes up, that's why we're linking /vagrant as st2/ +sudo ln -s /vagrant /etc/puppetlabs/code/modules/st2 diff --git a/test/integration/stackstorm/controls/rabbitmq_test.rb b/test/integration/stackstorm/controls/rabbitmq_test.rb index b3afa4ae..c0f862f6 100644 --- a/test/integration/stackstorm/controls/rabbitmq_test.rb +++ b/test/integration/stackstorm/controls/rabbitmq_test.rb @@ -37,7 +37,7 @@ describe command('rabbitmqctl list_users') do its(:stdout) { should match %r{st2admin} } end - + # check that the guest user was removed describe command('rabbitmqctl list_users') do its(:stdout) { should_not match %r{guest} } From 6244f9a2818eb383ff09af3af519189667baf16d Mon Sep 17 00:00:00 2001 From: Nick Maludy Date: Sat, 22 Sep 2018 22:01:09 -0400 Subject: [PATCH 4/6] Added unit tests for st2::urlencode --- spec/functions/urlencode_spec.rb | 37 ++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) create mode 100644 spec/functions/urlencode_spec.rb diff --git a/spec/functions/urlencode_spec.rb b/spec/functions/urlencode_spec.rb new file mode 100644 index 00000000..48cf8b8a --- /dev/null +++ b/spec/functions/urlencode_spec.rb @@ -0,0 +1,37 @@ +# coding: utf-8 +require 'spec_helper' + +describe 'st2::urlencode' do + context 'when checking parameter validity' do + it { is_expected.not_to eq(nil) } + + it 'when passing no arguments' do + is_expected.to run.with_params.and_raise_error(ArgumentError, %r{expects 1 argument, got none}) + end + + it 'when more than one argument'do + is_expected.to run.with_params('one', 'two').and_raise_error(ArgumentError, %r{expects 1 argument, got 2}) + end + + it 'when passing an array (non-string)' do + is_expected.to run.with_params([]).and_raise_error(ArgumentError) + end + + it 'when passing a hash (non-string)' do + is_expected.to run.with_params({}).and_raise_error(ArgumentError) + end + + it 'when passing an integer (non-string)' do + is_expected.to run.with_params(1).and_raise_error(ArgumentError) + end + end + + context 'when urlencoding' do + sample_text = 'abc@/:+xyz' + desired_output = "abc%40%2F%3A%2Bxyz" + + it 'outputs URL encoded text' do + is_expected.to run.with_params(sample_text).and_return(desired_output) + end + end +end From cecb9348e1c6fc932dc1a57375615b9113fa9a95 Mon Sep 17 00:00:00 2001 From: Nick Maludy Date: Sat, 22 Sep 2018 23:18:16 -0400 Subject: [PATCH 5/6] Fix rubocop errors --- build/scripts/ci_pdk_unit.sh | 1 + spec/functions/urlencode_spec.rb | 15 ++++++++------- 2 files changed, 9 insertions(+), 7 deletions(-) diff --git a/build/scripts/ci_pdk_unit.sh b/build/scripts/ci_pdk_unit.sh index 0a67ce88..992df3e1 100755 --- a/build/scripts/ci_pdk_unit.sh +++ b/build/scripts/ci_pdk_unit.sh @@ -4,4 +4,5 @@ set -o xtrace export CHECK="${CHECK:-syntax lint metadata_lint check:symlinks check:git_ignore check:dot_underscore check:test_file rubocop parallel_spec}" +bundle install --without system_tests bundle exec rake $CHECK diff --git a/spec/functions/urlencode_spec.rb b/spec/functions/urlencode_spec.rb index 48cf8b8a..6ce55fa7 100644 --- a/spec/functions/urlencode_spec.rb +++ b/spec/functions/urlencode_spec.rb @@ -1,26 +1,27 @@ # coding: utf-8 + require 'spec_helper' describe 'st2::urlencode' do context 'when checking parameter validity' do it { is_expected.not_to eq(nil) } - + it 'when passing no arguments' do is_expected.to run.with_params.and_raise_error(ArgumentError, %r{expects 1 argument, got none}) end - - it 'when more than one argument'do + + it 'when more than one argument' do is_expected.to run.with_params('one', 'two').and_raise_error(ArgumentError, %r{expects 1 argument, got 2}) end - + it 'when passing an array (non-string)' do is_expected.to run.with_params([]).and_raise_error(ArgumentError) end - + it 'when passing a hash (non-string)' do is_expected.to run.with_params({}).and_raise_error(ArgumentError) end - + it 'when passing an integer (non-string)' do is_expected.to run.with_params(1).and_raise_error(ArgumentError) end @@ -28,7 +29,7 @@ context 'when urlencoding' do sample_text = 'abc@/:+xyz' - desired_output = "abc%40%2F%3A%2Bxyz" + desired_output = 'abc%40%2F%3A%2Bxyz' it 'outputs URL encoded text' do is_expected.to run.with_params(sample_text).and_return(desired_output) From c41fc86239d3e66b2bb710a6ba249784f76ff115 Mon Sep 17 00:00:00 2001 From: Nick Maludy Date: Mon, 26 Nov 2018 19:20:26 -0500 Subject: [PATCH 6/6] Added vagrantfile --- Vagrantfile | 88 +++++++++++++++++++++++++++++++++ build/scripts/install_puppet.sh | 0 2 files changed, 88 insertions(+) create mode 100644 Vagrantfile mode change 100644 => 100755 build/scripts/install_puppet.sh diff --git a/Vagrantfile b/Vagrantfile new file mode 100644 index 00000000..9ef74a16 --- /dev/null +++ b/Vagrantfile @@ -0,0 +1,88 @@ +# -*- mode: ruby -*- +# vi: set ft=ruby : + +# Description: +# This is a Vagrant file for developers to quickly get started with development +# on the puppet-st2 module. +# +# Usage: +# - Install VirtualBox (https://www.virtualbox.org/manual/ch02.html) +# - OR Install KVM/libvirt (https://www.linuxtechi.com/install-kvm-hypervisor-on-centos-7-and-rhel-7/) +# - Install Vagrant (https://www.vagrantup.com/docs/installation/) +# +# - Start vagrant VM +# vagrant up +# +# - In another terminal start up the rsync-auto daemon. +# Now, if you make any changes the code will be copied into the VM. This way you can +# re-run Puppet with your latest code without having to manually copy the code in: +# vagrant rsync-auto +# +# - Login to vagrant VM +# vagrant ssh +# +# - Fix sudoers directory +# sudo chmod 4400 -R /etc/sudoers.d +# +# - Run puppet to install StackStorm +# sudo su - +# puppet apply -e "include ::st2::profile::fullinstall" +# +# - Keep editing files locally and re-running puppet with the command above + +# hostname of the VM +hostname = ENV['HOSTNAME'] ? ENV['HOSTNAME'] : 'puppet-st2-vagrant' + +# We also support the :libvirt provider for CentOS / RHEL folks +provider = ENV['PROVIDER'] ? ENV['PROVIDER'] : :libvirt + +# The following boxes will work for both :virtualbox and :libvirt providers +# - centos/6 +# - centos/7 +# - generic/1404 +# - generic/1604 +box = ENV['BOX'] ? ENV['BOX'] : 'centos/7' + +# Vagrantfile API/syntax version. Don't touch unless you know what you're doing! +VAGRANTFILE_API_VERSION = "2" + +Vagrant.configure(VAGRANTFILE_API_VERSION) do |config| + config.vm.define "st2" do |st2| + # Box details + st2.vm.box = "#{box}" + st2.vm.hostname = "#{hostname}" + + # Box Specifications + if provider == :virtualbox + st2.vm.provider :virtualbox do |vb| + vb.name = "#{hostname}" + vb.memory = 2048 + vb.cpus = 2 + vb.customize [ "modifyvm", :id, "--uartmode1", "disconnected" ] + end + elsif provider == :libvirt + st2.vm.provider :libvirt do |lv| + lv.host = "#{hostname}" + lv.memory = 2048 + lv.cpus = 2 + lv.uri = "qemu:///system" + lv.storage_pool_name = "images" + end + else + raise RuntimeError.new("Unsupported provider: #{provider}") + end + + # sync code into box for development + # To setup automatic rsyncing, in another shell session you need to run: + # vagrant rsync-auto + # + # https://www.vagrantup.com/docs/cli/rsync-auto.html + st2.vm.synced_folder ".", "/vagrant", type: 'rsync', rsync__auto: true + + # Start shell provisioning. + st2.vm.provision "shell" do |s| + s.path = "build/scripts/install_puppet.sh" + s.privileged = false + end + end +end diff --git a/build/scripts/install_puppet.sh b/build/scripts/install_puppet.sh old mode 100644 new mode 100755