puppetlabs · bmjen · Apr 13, 2015 · Feb 2, 2014
diff --git a/.travis.yml b/.travis.yml
@@ -1,6 +1,6 @@
 ---
 language: ruby
-bundler_args: --without development
+bundler_args: --without system_tests
 script: "bundle exec rake spec SPEC_OPTS='--format documentation'"
 rvm:
   - 1.8.7

diff --git a/Gemfile b/Gemfile
@@ -1,10 +1,13 @@
 source 'https://rubygems.org'
 
-group :development, :test do
+group :development, :unit_test do
   gem 'rake',                    :require => false
   gem 'rspec-puppet', '~> 1.0',  :require => false
   gem 'puppetlabs_spec_helper',  :require => false
   gem 'puppet-lint',             :require => false
+end
+
+group :system_tests do
   gem 'serverspec',              :require => false
   gem 'rspec-system',            :require => false
   gem 'rspec-system-puppet',     :require => false

diff --git a/README.md b/README.md
@@ -24,6 +24,31 @@ package names and service needs.
  * `service_hasrestart`
  * `service_hasstatus`
 
+Additionally, all the global defaults in the main xinetd.conf can be set. By 
+default they are *not* set, allowing the internal xinetd defaults to be used:
+(see `man xinetd.conf` for full descriptions)
+
+ * `enabled`        - Takes a list of service ID's to enable.
+ * `disabled`       - Takes a list of service ID's to disable.
+ * `log_type`       - Determines where the service log output is sent.
+ * `log_on_failure` - Determines what information is logged when a server cannot be started.
+ * `log_on_success` - Determines what information is logged when a server is started and when that server exits.
+ * `no_access`      - Determines the remote hosts to which the particular service is unavailable.
+ * `only_from`      - Determines the remote hosts to which the particular service is available.
+ * `max_load`       - Takes a floating point value as the load at which the service will stop accepting connections.
+ * `instances`      - Determines the number of servers that can be simultaneously active for a service (the default is no limit).
+ * `per_source`     - This specifies the maximum instances of this service per source IP address. 
+ * `bind`           - Allows a service to be bound to a specific interface on the machine.
+ * `mdns`           - On systems that support mdns registration of services (currently only Mac OS X), this will enable or disable registration of the service.
+ * `v6only`         - Set to yes to use IPv6 only.
+ * `passenv`        - The value of this attribute is a list of environment variables from xinetd's environment that will be passed to the server.
+ * `env`            - The value of this attribute is a list of environment variables that will be added to the environment before starting a server.
+ * `groups`         - If the groups attribute is set to "yes", then the server is executed with access to the groups that the server's effective UID has access to.
+ * `umask`          - Sets the inherited umask for the service.
+ * `banner`         - Takes the name of a file to be splatted at the remote host when a connection to that service is established.
+ * `banner_fail`    - Takes the name of a file to be splatted at the remote host when a connection to that service is denied.
+ * `banner_success` - Takes the name of a file to be splatted at the remote host when a connection to that service is granted. 
+
 ## Definition: xinetd::service
 
 Sets up a xinetd service. All parameters match up with xinetd.conf(5) man

diff --git a/Rakefile b/Rakefile
@@ -1,2 +1,5 @@
 require 'puppetlabs_spec_helper/rake_tasks'
-require 'rspec-system/rake_task'
+begin
+  require 'rspec-system/rake_task'
+rescue LoadError
+end
diff --git a/manifests/init.pp b/manifests/init.pp
@@ -19,7 +19,27 @@
   $service_status     = $xinetd::params::service_status,
   $service_hasrestart = $xinetd::params::service_hasrestart,
   $service_hasstatus  = $xinetd::params::service_hasstatus,
-  $purge_confdir      = false,
+  $enabled            = undef,
+  $disabled           = undef,
+  $log_type           = undef,
+  $log_on_failure     = undef,
+  $log_on_success     = undef,
+  $no_access          = undef,
+  $only_from          = undef,
+  $max_load           = undef,
+  $instances          = undef,
+  $per_source         = undef,
+  $bind               = undef,
+  $mdns               = undef,
+  $v6only             = undef,
+  $env                = undef,
+  $passenv            = undef,
+  $groups             = undef,
+  $umask              = undef,
+  $banner             = undef,
+  $banner_fail        = undef,
+  $banner_success     = undef,
+  $purge_confdir      = undef,
 ) inherits xinetd::params {
 
   File {

diff --git a/manifests/service.pp b/manifests/service.pp
@@ -89,7 +89,8 @@
   $access_times            = undef,
   $log_type                = undef,
   $bind                    = undef,
-  $nice                    = undef
+  $nice                    = undef,
+  $env                     = undef,
 ) {
 
   include xinetd

diff --git a/spec/classes/xinetd_init_spec.rb b/spec/classes/xinetd_init_spec.rb
@@ -2,22 +2,109 @@
 
 describe 'xinetd' do
 
-  let :facts do
-    { :osfamily => 'Debian' }
+  context 'When using default values' do
+    let :facts do
+      { :osfamily => 'Debian' }
+    end
+    it {
+      should contain_package('xinetd')
+      should contain_file('/etc/xinetd.conf')
+      should contain_service('xinetd')
+    }
+    it {
+      # Ensure that the config file allows xinetd to use its own defaults
+      should contain_file('/etc/xinetd.conf').without_content(/enabled *=/)
+      should contain_file('/etc/xinetd.conf').without_content(/disabled *=/)
+      should contain_file('/etc/xinetd.conf').without_content(/log_type *=/)
+      should contain_file('/etc/xinetd.conf').without_content(/log_on_failure *=/)
+      should contain_file('/etc/xinetd.conf').without_content(/log_on_success *=/)
+      should contain_file('/etc/xinetd.conf').without_content(/no_access *=/)
+      should contain_file('/etc/xinetd.conf').without_content(/only_from *=/)
+      should contain_file('/etc/xinetd.conf').without_content(/max_load *=/)
+      should contain_file('/etc/xinetd.conf').without_content(/instances *=/)
+      should contain_file('/etc/xinetd.conf').without_content(/per_source *=/)
+      should contain_file('/etc/xinetd.conf').without_content(/bind *=/)
+      should contain_file('/etc/xinetd.conf').without_content(/mdns *=/)
+      should contain_file('/etc/xinetd.conf').without_content(/v6only *=/)
+      should contain_file('/etc/xinetd.conf').without_content(/passenv *=/)
+      should contain_file('/etc/xinetd.conf').without_content(/env *=/)
+      should contain_file('/etc/xinetd.conf').without_content(/groups *=/)
+      should contain_file('/etc/xinetd.conf').without_content(/umask *=/)
+      should contain_file('/etc/xinetd.conf').without_content(/banner *=/)
+      should contain_file('/etc/xinetd.conf').without_content(/banner_fail *=/)
+      should contain_file('/etc/xinetd.conf').without_content(/banner_success *=/)
+    }
   end
 
-  describe 'with defaults' do
+  context 'When overriding the default vaules' do
+    let :facts do
+      { :osfamily => 'Debian' }
+    end
+    let :params do
+      { :enabled        => 'tftp nrpe',
+        :disabled       => 'time echo',
+        :log_type       => 'SYSLOG daemon info',
+        :log_on_failure => 'HOST',
+        :log_on_success => 'PID HOST DURATION EXIT',
+        :no_access      => '128.138.209.10',
+        :only_from      => '127.0.0.1',
+        :max_load       => '2',
+        :instances      => '50', 
+        :per_source     => '50',
+        :bind           => '0.0.0.0',
+        :mdns           => 'yes',
+        :v6only         => 'no',
+        :env            => 'foo=bar',
+        :passenv        => 'yes',
+        :groups         => 'yes',
+        :umask          => '002',
+        :banner         => '/etc/banner',
+        :banner_fail    => '/etc/banner.fail',
+        :banner_success => '/etc/banner.good',
+      }
+    end
+    it {
+      # Ensure that the config file allows xinetd to use its own defaults
+      should contain_file('/etc/xinetd.conf').with_content(/enabled *= tftp nrpe/)
+      should contain_file('/etc/xinetd.conf').with_content(/disabled *= time echo/)
+      should contain_file('/etc/xinetd.conf').with_content(/log_type *= SYSLOG daemon info/)
+      should contain_file('/etc/xinetd.conf').with_content(/log_on_failure *= HOST/)
+      should contain_file('/etc/xinetd.conf').with_content(/log_on_success *= PID HOST DURATION EXIT/)
+      should contain_file('/etc/xinetd.conf').with_content(/no_access *= 128.138.209.10/)
+      should contain_file('/etc/xinetd.conf').with_content(/only_from *= 127.0.0.1/)
+      should contain_file('/etc/xinetd.conf').with_content(/max_load *= 2/)
+      should contain_file('/etc/xinetd.conf').with_content(/instances *= 50/)
+      should contain_file('/etc/xinetd.conf').with_content(/per_source *= 50/)
+      should contain_file('/etc/xinetd.conf').with_content(/bind *= 0.0.0.0/)
+      should contain_file('/etc/xinetd.conf').with_content(/mdns *= yes/)
+      should contain_file('/etc/xinetd.conf').with_content(/v6only *= no/)
+      should contain_file('/etc/xinetd.conf').with_content(/env *= foo=bar/)
+      should contain_file('/etc/xinetd.conf').with_content(/passenv *= yes/)
+      should contain_file('/etc/xinetd.conf').with_content(/passenv *= yes/)
+      should contain_file('/etc/xinetd.conf').with_content(/groups *= yes/)
+      should contain_file('/etc/xinetd.conf').with_content(/umask *= 002/)
+      should contain_file('/etc/xinetd.conf').with_content(/banner *= \/etc\/banner/)
+      should contain_file('/etc/xinetd.conf').with_content(/banner_fail *= \/etc\/banner\.fail/)
+      should contain_file('/etc/xinetd.conf').with_content(/banner_success *= \/etc\/banner\.good/)
+    }
+  end
+
+  context 'with defaults' do
+    let :facts do
+      { :osfamily => 'Debian' }
+    end
     it {
       should contain_package('xinetd')
       should contain_file('/etc/xinetd.conf')
       should contain_file('/etc/xinetd.d').with_ensure('directory')
-      should contain_file('/etc/xinetd.d').with_recurse(false)
-      should contain_file('/etc/xinetd.d').with_purge(false)
       should contain_service('xinetd')
     }
   end
 
-  describe 'with managed confdir' do
+  context 'with managed confdir' do
+    let :facts do
+      { :osfamily => 'Debian' }
+    end
     let :params do
       { :purge_confdir => true }
     end

diff --git a/templates/service.erb b/templates/service.erb
@@ -54,4 +54,7 @@ service <%= @service_name %>
 <% if @nice -%>
         nice            = <%= @nice %>
 <% end -%>
+<% if @env -%>
+        env             = <%= @env %>
+<% end -%>
 }
diff --git a/templates/xinetd.conf.erb b/templates/xinetd.conf.erb
@@ -11,41 +11,79 @@ defaults
 {
 # The next two items are intended to be a quick access place to
 # temporarily enable or disable services.
-#
-#       enabled         =
-#       disabled        =
+<% if @enabled -%>
+        enabled         = <%= @enabled -%>
+<% end %>
+<% if @disabled -%>
+        disabled        = <%= @disabled -%>
+<% end %>
 
 # Define general logging characteristics.
-        log_type        = SYSLOG daemon info
-        log_on_failure  = HOST
-        log_on_success  = PID HOST DURATION EXIT
+<% if @log_type -%>
+        log_type        = <%= @log_type -%>
+<% end %>
+<% if @log_on_failure -%>
+        log_on_failure  = <%= @log_on_failure -%>
+<% end %>
+<% if @log_on_success -%>
+        log_on_success  = <%= @log_on_success -%>
+<% end %>
 
 # Define access restriction defaults
-#
-#       no_access       =
-#       only_from       =
-#       max_load        = 0
-        cps             = 50 10
-        instances       = 50
-        per_source      = 10
+<% if @no_access -%>
+        no_access       = <%= @no_access -%>
+<% end %>
+<% if @only_from -%>
+        only_from       = <%= @only_from -%>
+<% end %>
+<% if @max_load -%>
+        max_load        = <%= @max_load -%>
+<% end %>
+<% if @cps -%>
+        cps             = <%= @cps -%>
+<% end %>
+<% if @instances -%>
+        instances       = <%= @instances -%>
+<% end %>
+<% if @per_source -%>
+        per_source      = <%= @per_source -%>
+<% end %>
 
 # Address and networking defaults
-#
-#       bind            =
-#       mdns            = yes
-        v6only          = no
+<% if @bind -%>
+        bind            = <%= @bind -%>
+<% end %>
+<% if @mdns -%>
+        mdns            = <%= @mdns -%>
+<% end %>
+<% if @v6only -%>
+        v6only          = <%= @v6only -%>
+<% end %>
 
 # setup environmental attributes
-#
-#       passenv         =
-        groups          = yes
-        umask           = 002
+<% if @env -%>
+        env             = <%= @env -%>
+<% end %>
+<% if @passenv -%>
+        passenv         = <%= @passenv -%>
+<% end %>
+<% if @groups -%>
+        groups          = <%= @groups -%>
+<% end %>
+<% if @umask -%>
+        umask           = <%= @umask -%>
+<% end %>
 
 # Generally, banners are not used. This sets up their global defaults
-#
-#       banner          =
-#       banner_fail     =
-#       banner_success  =
+<% if @banner -%>
+        banner          = <%= @banner -%>
+<% end %>
+<% if @banner_fail -%>
+        banner_fail     = <%= @banner_fail -%>
+<% end %>
+<% if @banner_success -%>
+        banner_success  = <%= @banner_success -%>
+<% end %>
 }
 
 includedir <%= @confdir %>