Showing with 71 additions and 42 deletions.
  1. +8 −5 .gitlab-ci.yml
  2. +11 −0 .rubocop.yml
  3. +8 −4 .travis.yml
  4. +1 −1 .vscode/extensions.json
  5. +4 −4 Gemfile
  6. +8 −2 README.md
  7. +1 −1 REFERENCE.md
  8. +8 −7 Rakefile
  9. +4 −4 metadata.json
  10. +14 −14 plans/extend_ca_cert.pp
  11. +1 −0 spec/default_facts.yml
  12. +3 −0 spec/spec_helper.rb
13 changes: 8 additions & 5 deletions .gitlab-ci.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,22 +10,25 @@ cache:
before_script:
- bundle -v
- rm Gemfile.lock || true
- gem update --system $RUBYGEMS_VERSION
- "# Update system gems if requested. This is useful to temporarily workaround troubles in the test runner"
- "# Set `rubygems_version` in the .sync.yml to set a value"
- "# Ignore exit code of SIGPIPE'd yes to not fail with shell's pipefail set"
- '[ -z "$RUBYGEMS_VERSION" ] || (yes || true) | gem update --system $RUBYGEMS_VERSION'
- gem --version
- bundle -v
- bundle install --without system_tests --path vendor/bundle --jobs $(nproc)

syntax lint metadata_lint check:symlinks check:git_ignore check:dot_underscore check:test_file rubocop-Ruby 2.5.3-Puppet ~> 6:
syntax lint metadata_lint check:symlinks check:git_ignore check:dot_underscore check:test_file rubocop-Ruby 2.5.7-Puppet ~> 6:
stage: syntax
image: ruby:2.5.3
image: ruby:2.5.7
script:
- bundle exec rake syntax lint metadata_lint check:symlinks check:git_ignore check:dot_underscore check:test_file rubocop
variables:
PUPPET_GEM_VERSION: '~> 6'

parallel_spec-Ruby 2.5.3-Puppet ~> 6:
parallel_spec-Ruby 2.5.7-Puppet ~> 6:
stage: unit
image: ruby:2.5.3
image: ruby:2.5.7
script:
- bundle exec rake parallel_spec
variables:
Expand Down
11 changes: 11 additions & 0 deletions .rubocop.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@ GetText/DecorateString:
Description: We don't want to decorate test output.
Exclude:
- spec/**/*
Enabled: false
RSpec/BeforeAfterAll:
Description: Beware of using after(:all) as it may cause state to leak between tests.
A necessary evil in acceptance testing.
Expand All @@ -39,6 +40,10 @@ Style/BlockDelimiters:
Description: Prefer braces for chaining. Mostly an aesthetical choice. Better to
be consistent then.
EnforcedStyle: braces_for_chaining
Style/BracesAroundHashParameters:
Description: Braces are required by Ruby 2.7. Cop removed from RuboCop v0.80.0.
See https://github.com/rubocop-hq/rubocop/pull/7643
Enabled: true
Style/ClassAndModuleChildren:
Description: Compact style reduces the required amount of indentation.
EnforcedStyle: compact
Expand Down Expand Up @@ -88,6 +93,12 @@ Style/MethodCalledOnDoEndBlock:
Enabled: true
Style/StringMethods:
Enabled: true
GetText/DecorateFunctionMessage:
Enabled: false
GetText/DecorateStringFormattingUsingInterpolation:
Enabled: false
GetText/DecorateStringFormattingUsingPercent:
Enabled: false
Layout/EndOfLine:
Enabled: false
Layout/IndentHeredoc:
Expand Down
12 changes: 8 additions & 4 deletions .travis.yml
View file
Original file line number Diff line number Diff line change
@@ -1,26 +1,30 @@
---
os: linux
dist: xenial
language: ruby
cache: bundler
before_install:
- bundle -v
- rm -f Gemfile.lock
- gem update --system $RUBYGEMS_VERSION
- "# Update system gems if requested. This is useful to temporarily workaround troubles in the test runner"
- "# See https://github.com/puppetlabs/pdk-templates/commit/705154d5c437796b821691b707156e1b056d244f for an example of how this was used"
- "# Ignore exit code of SIGPIPE'd yes to not fail with shell's pipefail set"
- '[ -z "$RUBYGEMS_VERSION" ] || (yes || true) | gem update --system $RUBYGEMS_VERSION'
- gem --version
- bundle -v
script:
- 'bundle exec rake $CHECK'
bundler_args: --without system_tests
rvm:
- 2.5.3
- 2.5.7
stages:
- static
- spec
- acceptance
-
if: tag =~ ^v\d
name: deploy
matrix:
jobs:
fast_finish: true
include:
-
Expand All @@ -32,7 +36,7 @@ matrix:
stage: spec
-
env: PUPPET_GEM_VERSION="~> 6.0" CHECK=parallel_spec
rvm: 2.5.3
rvm: 2.5.7
stage: spec
-
env: DEPLOY_TO_FORGE=yes
Expand Down
2 changes: 1 addition & 1 deletion .vscode/extensions.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"recommendations": [
"jpogran.puppet-vscode",
"puppet.puppet-vscode",
"rebornix.Ruby"
]
}
8 changes: 4 additions & 4 deletions Gemfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,10 +24,10 @@ group :development do
gem "json", '= 2.0.4', require: false if Gem::Requirement.create('~> 2.4.2').satisfied_by?(Gem::Version.new(RUBY_VERSION.dup))
gem "json", '= 2.1.0', require: false if Gem::Requirement.create(['>= 2.5.0', '< 2.7.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup))
gem "rb-readline", '= 0.5.5', require: false, platforms: [:mswin, :mingw, :x64_mingw]
gem "puppet-module-posix-default-r#{minor_version}", '~> 0.3', require: false, platforms: [:ruby]
gem "puppet-module-posix-dev-r#{minor_version}", '~> 0.3', require: false, platforms: [:ruby]
gem "puppet-module-win-default-r#{minor_version}", '~> 0.3', require: false, platforms: [:mswin, :mingw, :x64_mingw]
gem "puppet-module-win-dev-r#{minor_version}", '~> 0.3', require: false, platforms: [:mswin, :mingw, :x64_mingw]
gem "puppet-module-posix-default-r#{minor_version}", '~> 0.4', require: false, platforms: [:ruby]
gem "puppet-module-posix-dev-r#{minor_version}", '~> 0.4', require: false, platforms: [:ruby]
gem "puppet-module-win-default-r#{minor_version}", '~> 0.4', require: false, platforms: [:mswin, :mingw, :x64_mingw]
gem "puppet-module-win-dev-r#{minor_version}", '~> 0.4', require: false, platforms: [:mswin, :mingw, :x64_mingw]
end

puppet_version = ENV['PUPPET_GEM_VERSION']
Expand Down
10 changes: 8 additions & 2 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -81,6 +81,8 @@ EOF
bolt puppetfile install
```

See the "Usage" section for how to run the tasks and plans remotely or locally on the master.

### Dependencies

* A [Puppet Bolt](https://puppet.com/docs/bolt/latest/bolt_installing.html) >= 1.21.0
Expand Down Expand Up @@ -111,10 +113,14 @@ Note that you cannot use the Bolt `pcp` transport if your CA certificate has alr
### Usage

```bash
bolt plan run ca_extend::extend_ca_cert master=<master_fqdn> compile_masters=<comma_separated_compile_master_fqdns>
bolt plan run ca_extend::extend_ca_cert --targets <master_fqdn> compile_masters=<comma_separated_compile_master_fqdns> --run-as root
```

Note that if you are running the `extend_ca_cert` on the Master, you can avoid potential Bolt transport issues by specifying `master=localhost`.
Note that if you are running `extend_ca_cert` locally on the Master, you can avoid potential Bolt transport issues by specifying `--targets local://$(hostname -f)`, e.g.

```
bolt plan run ca_extend::extend_ca_cert --targets local://$(hostname -f) --run-as root
```

(The `master` and (optional) `compile_masters` parameters are Bolt targets, not certificate data.)

Expand Down
2 changes: 1 addition & 1 deletion REFERENCE.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -149,7 +149,7 @@ The output consists of Bolt logging messages and any failures of the steps invol
### Example
```bash
$ bolt plan run ca_extend::extend_ca_cert master=pe-master.example.com compile_masters=pe-compiler.example.com --run-as root
$ bolt plan run ca_extend::extend_ca_cert --targets pe-master.example.com compile_masters=pe-compiler.example.com --run-as root
Starting: plan ca_extend::extend_ca_cert
Starting: command 'echo "test" | base64 -w 0 - &>/dev/null' on localhost
Finished: command 'echo "test" | base64 -w 0 - &>/dev/null' with 0 failures in 0.0 sec
Expand Down
15 changes: 8 additions & 7 deletions Rakefile
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,5 @@
# frozen_string_literal: true

require 'puppet_litmus/rake_tasks' if Bundler.rubygems.find_name('puppet_litmus').any?
require 'puppetlabs_spec_helper/rake_tasks'
require 'puppet-syntax/tasks/puppet-syntax'
Expand Down Expand Up @@ -50,36 +52,35 @@ if Bundler.rubygems.find_name('github_changelog_generator').any?
config.header = "# Change log\n\nAll notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org)."
config.add_pr_wo_labels = true
config.issues = false
config.merge_prefix = "### UNCATEGORIZED PRS; GO LABEL THEM"
config.merge_prefix = "### UNCATEGORIZED PRS; LABEL THEM ON GITHUB"
config.configure_sections = {
"Changed" => {
"prefix" => "### Changed",
"labels" => ["backwards-incompatible"],
},
"Added" => {
"prefix" => "### Added",
"labels" => ["feature", "enhancement"],
"labels" => ["enhancement", "feature"],
},
"Fixed" => {
"prefix" => "### Fixed",
"labels" => ["bugfix"],
"labels" => ["bug", "documentation", "bugfix"],
},
}
end
else
desc 'Generate a Changelog from GitHub'
task :changelog do
raise <<EOM
The changelog tasks depends on unreleased features of the github_changelog_generator gem.
The changelog tasks depends on recent features of the github_changelog_generator gem.
Please manually add it to your .sync.yml for now, and run `pdk update`:
---
Gemfile:
optional:
':development':
- gem: 'github_changelog_generator'
git: 'https://github.com/skywinder/github-changelog-generator'
ref: '20ee04ba1234e9e83eb2ffb5056e23d641c7a018'
condition: "Gem::Version.new(RUBY_VERSION.dup) >= Gem::Version.new('2.2.2')"
version: '~> 1.15'
condition: "Gem::Version.new(RUBY_VERSION.dup) >= Gem::Version.new('2.3.0')"
EOM
end
end
Expand Down
8 changes: 4 additions & 4 deletions metadata.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "puppetlabs-ca_extend",
"version": "1.1.1",
"version": "1.2.0",
"author": "Adrian Parreiras Horta",
"summary": "A set of Bolt Plans and Tasks to extend the CA cert in Puppet Enterprise",
"license": "GPL-2.0-only",
Expand Down Expand Up @@ -56,7 +56,7 @@
"version_requirement": ">= 4.10.0 < 7.0.0"
}
],
"pdk-version": "1.13.0",
"template-url": "https://github.com/puppetlabs/pdk-templates#1.13.0",
"template-ref": "tags/1.13.0-0-g66e1443"
"pdk-version": "1.18.1",
"template-url": "https://github.com/puppetlabs/pdk-templates#1.18.1",
"template-ref": "tags/1.18.1-0-g3d2e75c"
}
28 changes: 14 additions & 14 deletions plans/extend_ca_cert.pp
View file
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
plan ca_extend::extend_ca_cert(
TargetSpec $master,
TargetSpec $targets,
Optional[TargetSpec] $compile_masters = undef,
$ssldir = '/etc/puppetlabs/puppet/ssl',
) {
$master.apply_prep
$master_facts = run_plan('facts', $master).first
$targets.apply_prep
$master_facts = run_plan('facts', $targets).first

if $master_facts['pe_build'] {
$is_pe = true
Expand All @@ -15,29 +15,29 @@
$services = ['puppet', 'puppetserver']
}
else {
fail_plan("Puppet not detected on ${master}")
fail_plan("Puppet not detected on ${targets}")
}

out::message("INFO: Stopping Puppet services on ${master}")
out::message("INFO: Stopping Puppet services on ${targets}")
$services.each |$service| {
run_task('service::linux', $master, 'action' => 'stop', 'name' => $service)
run_task('service::linux', $targets, 'action' => 'stop', 'name' => $service)
}
out::message("INFO: Extending CA certificate on ${master}")
$regen_results = run_task('ca_extend::extend_ca_cert', $master)
out::message("INFO: Extending CA certificate on ${targets}")
$regen_results = run_task('ca_extend::extend_ca_cert', $targets)
$new_cert = $regen_results.first.value
$cert_contents = base64('decode', $new_cert['contents'])
out::message("INFO: Configuring ${master} to use the extended CA certificate")
out::message("INFO: Configuring ${targets} to use the extended CA certificate")
if $is_pe {
run_task('ca_extend::configure_master', $master, 'new_cert' => $new_cert['new_cert'])
run_task('ca_extend::configure_master', $targets, 'new_cert' => $new_cert['new_cert'])
}
else {
run_command("/bin/cp ${new_cert['new_cert']} ${ssldir}/certs/ca.pem", $master)
run_command("/bin/cp ${new_cert['new_cert']} ${ssldir}/ca/ca_crt.pem", $master)
run_task('service::linux', $master, 'action' => 'start', 'name' => 'puppetserver')
run_command("/bin/cp ${new_cert['new_cert']} ${ssldir}/certs/ca.pem", $targets)
run_command("/bin/cp ${new_cert['new_cert']} ${ssldir}/ca/ca_crt.pem", $targets)
run_task('service::linux', $targets, 'action' => 'start', 'name' => 'puppetserver')
}
run_task('service::linux', $master, 'action' => 'start', 'name' => 'puppet')
run_task('service::linux', $targets, 'action' => 'start', 'name' => 'puppet')
$tmp = run_command('mktemp', 'localhost', '_run_as' => system::env('USER'))
$tmp_file = $tmp.first.value['stdout'].chomp
Expand Down
1 change: 1 addition & 0 deletions spec/default_facts.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,5 +3,6 @@
# Facts specified here will override the values provided by rspec-puppet-facts.
---
ipaddress: "172.16.254.254"
ipaddress6: "FE80:0000:0000:0000:AAAA:AAAA:AAAA"
is_pe: false
macaddress: "AA:AA:AA:AA:AA:AA"
3 changes: 3 additions & 0 deletions spec/spec_helper.rb
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,5 @@
# frozen_string_literal: true

require 'puppetlabs_spec_helper/module_spec_helper'
require 'rspec-puppet-facts'

Expand Down Expand Up @@ -36,6 +38,7 @@
# set to strictest setting for testing
# by default Puppet runs at warning level
Puppet.settings[:strict] = :warning
Puppet.settings[:strict_variables] = true
end
c.filter_run_excluding(bolt: true) unless ENV['GEM_BOLT']
c.after(:suite) do
Expand Down