...
 
Commits (16)
......@@ -20,11 +20,13 @@ platforms:
# wheezy chef package is 10.12
driver:
require_chef_omnibus: 12.0.3
provision_command:
- /bin/true
- name: debian-buster
- name: debian-bullseye
- name: ubuntu-18.04
- name: centos-7
driver:
require_chef_omnibus: 12
require_chef_omnibus: 13
provision_command:
- yum install -y rubygems
......@@ -154,6 +154,21 @@ suites:
chef:
server_url:
http://localhost:4000
- name: sys_ferm
run_list:
- recipe[sys::ferm]
attributes:
sys:
ferm:
rules:
ip:
filter:
INPUT:
- 'policy ACCEPT;'
OUTPUT:
- 'policy ACCEPT;'
FORWARD:
- 'policy DROP;'
- name: sys_mail
run_list:
- recipe[sys::mail]
......
......@@ -2,7 +2,7 @@
language: ruby
cache: bundler
dist: xenial
dist: bionic
services: docker
......@@ -53,12 +53,10 @@ jobs:
- stage: chefspec
script: bundle exec rake chefspec
env: CHEF_VERSION=13.8
- stage: chefspec
script: bundle exec rake chefspec
env: CHEF_VERSION=14
rvm: 2.5
- stage: chefspec
script: bundle exec rake chefspec
env: CHEF_VERSION=14
rvm: 2.5
- stage: kitchen
env: KITCHEN_PLATFORM=debian-stretch
......@@ -69,6 +67,8 @@ jobs:
script: bundle exec kitchen test $KITCHEN_PLATFORM
- env: KITCHEN_PLATFORM=debian-wheezy
script: bundle exec kitchen test $KITCHEN_PLATFORM
- env: KITCHEN_PLATFORM=debian-bullseye
script: bundle exec kitchen test $KITCHEN_PLATFORM
- env: KITCHEN_PLATFORM=ubuntu-18.04
script: bundle exec kitchen test $KITCHEN_PLATFORM
- env: KITCHEN_PLATFORM=centos-7
......
name 'sys'
maintainer 'GSI HPC department'
maintainer_email 'hpc@gsi.de'
license 'Apache 2.0'
license 'Apache-2.0'
description 'System Software configuration and maintenance'
long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
if respond_to?(:source_url)
......@@ -15,4 +15,4 @@ supports 'debian'
depends 'line', '< 1.0'
version '1.53.6'
version '1.53.7'
......@@ -2,7 +2,24 @@
# Cookbook Name:: sys
# Recipe:: ferm
#
# Copyright 2014, HPC Team
# Copyright 2014-2020 GSI Helmholtzzentrum fuer Schwerionenforschung GmbH
#
# Authors:
# Christopher Huhn <c.huhn@gsi.de>
# Dennis Klein <d.klein@gsi.de>
# Matthias Pausch <m.pausch@gsi.de>
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
class Chef::Recipe::SysFermSanityCheckError < RuntimeError
......@@ -31,9 +48,8 @@ unless node['sys']['ferm']['rules'].empty?
end
end
package 'ferm' do
action :upgrade
end
package 'libnet-dns-perl' # required for @resolve in ferm.conf
package 'ferm'
fermserviceaction = :enable
fermaction = :start
......
<%= template_header %>
node_name '<%= node['fqdn'] %>'
chef_server_url '<%= @server_url %>'
client_key "<%= @client_key %>"
<% if @trusted_certs_dir -%>
trusted_certs_dir "<%= @trusted_certs_dir %>"
<% end -%>
<%- if @verify_ssl == 'all' -%>
# Verify all HTTPS connections
ssl_verify_mode :verify_peer
<%- elsif @verify_ssl == 'chef-server' -%>
# Verify only connections to chef-server
verify_api_cert true
<%- end -%>
validation_client_name "<%= @validation_client_name %>"
validation_key "<%= @validation_key %>"
log_level <%= @log_level %>
log_location <%= @use_syslog?'SyslogLogger.new("chef-client")':'STDOUT' %>
file_backup_path "/var/backups/chef"
file_cache_path "/var/cache/chef"
pid_file "/var/run/chef/client.pid"
# configuration for Ohai:
<%- unless @odisable.empty? -%>
<%# Make sure to write symbols into the configuration file %>
<%- plugins = @odisable.map { |p| p.capitalize.to_sym } -%>
Ohai::Config[:disabled_plugins] = <%= plugins %>
<%- end %>
Ohai::Config[:plugin_path] << "<%= @opath %>"
<%= @custom_config %>
source 'http://rubygems.org'
group :jessie do
# net-ssh >= 5 requires ruby 2.2 and
# net-telnet >= 0.2 requires ruby 2.3
if Gem::Version.new(RUBY_VERSION.dup) < Gem::Version.new('2.2.0')
gem 'net-ssh', '< 5'
gem 'net-telnet', '< 0.2'
end
end
group :wheezy do
# net-ssh >= 5 requires ruby 2.2
if Gem::Version.new(RUBY_VERSION.dup) < Gem::Version.new('2.0.0')
gem 'rake', '< 12.3'
end
end
# Cookbook Name:: sys
# Integration tests for recipe sys::ferm
#
# Copyright 2020 GSI Helmholtzzentrum fuer Schwerionenforschung GmbH
#
# Authors:
# Christopher Huhn <c.huhn@gsi.de>
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
require 'spec_helper'
describe package('ferm') do
it { should be_installed }
end
describe service('ferm') do
xit { should be_enabled } # test fails on Stretch
it { should be_running }
end
describe file('/etc/ferm/ferm.conf') do
it { should exist }
end
require 'serverspec'
set :backend, :exec
#
# Cookbook Name:: sys
# Unit tests for recipe sys::ssh
#
# Copyright 2015-2020 GSI Helmholtzzentrum fuer Schwerionenforschung GmbH
#
# Authors:
# Christopher Huhn <c.huhn@gsi.de>
# Dennis Klein <d.klein@gsi.de>
# Matthias Pausch <m.pausch@gsi.de>
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
require 'spec_helper'
describe 'sys::ssh' do
......@@ -15,22 +39,25 @@ describe 'sys::ssh' do
.and_return(0)
allow(File).to receive(:directory?).and_call_original
allow(File).to receive(:directory?).with('/home/jdoe').and_return(true)
end
chef_run.node.default['sys']['sshd']['config'] = {
'variable' => "value",
'X11Forwarding' => "overwritten" }
chef_run.node.default['sys']['ssh']['config'] = { "ssh" => "omg" }
chef_run.node.default['sys']['ssh']['authorize'] = {
'jdoe' => {
keys: [ "BBB" ],
managed: true
cached(:chef_run) do
ChefSpec::SoloRunner.new do |node|
node.default['sys']['sshd']['config'] = {
'variable' => "value",
'X11Forwarding' => "overwritten" }
node.default['sys']['ssh']['config'] = { "ssh" => "omg" }
node.default['sys']['ssh']['authorize'] = {
'jdoe' => {
keys: [ "BBB" ],
managed: true
}
}
}
chef_run.node.default['etc']['passwd']['jdoe']['keys'] = [ "AAA" ]
chef_run.node.default['etc']['passwd']['jdoe']['uid'] = 1000
chef_run.node.default['etc']['passwd']['jdoe']['gid'] = 1000
chef_run.node.default['etc']['passwd']['jdoe']['dir'] = '/home/jdoe'
chef_run.converge(described_recipe)
node.default['etc']['passwd']['jdoe']['keys'] = [ "AAA" ]
node.default['etc']['passwd']['jdoe']['uid'] = 1000
node.default['etc']['passwd']['jdoe']['gid'] = 1000
node.default['etc']['passwd']['jdoe']['dir'] = '/home/jdoe'
end.converge(described_recipe)
end
it 'installs openssh-server' do
......