diff --git a/README.md b/README.md index ca62036..c34077d 100644 --- a/README.md +++ b/README.md @@ -143,6 +143,12 @@ Value of the graph option in puppet.conf. - *Default*: false +--- +#### dns_alt_names (type: Optional[String]) +Value of the dns_alt_names option in puppet.conf. + +- *Default*: undef + --- #### agent_sysconfig_path (type: String) The absolute path to the puppet agent sysconfig file. @@ -187,9 +193,3 @@ external_nodes option in puppet.conf and the node_terminus option will be set to 'exec'. - *Default*: undef - ---- -#### dns_alt_names (type: Optional[String]) -Value of the dns_alt_names option in puppet.conf. - -- *Default*: undef diff --git a/manifests/init.pp b/manifests/init.pp index 592bcc2..55a6376 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -12,6 +12,7 @@ String $server = 'puppet', String $ca_server = 'puppet', String $env = $environment, + Optional[String] $dns_alt_names = undef, Variant[Enum['true', 'false'], Boolean] $graph = false, #lint:ignore:quoted_booleans String $agent_sysconfig_path = '/etc/sysconfig/puppet', ) { @@ -87,15 +88,23 @@ } $ini_settings = { - 'server' => { setting => 'server', value => $server,}, - 'ca_server' => { setting => 'ca_server', value => $ca_server,}, - 'certname' => { setting => 'certname', value => $certname,}, - 'environment' => { setting => 'environment', value => $env,}, - 'trusted_node_data' => { setting => 'trusted_node_data', value => true,}, - 'graph' => { setting => 'graph', value => $graph,}, + 'server' => { setting => 'server', value => $server,}, + 'ca_server' => { setting => 'ca_server', value => $ca_server,}, + 'certname' => { setting => 'certname', value => $certname,}, + 'environment' => { setting => 'environment', value => $env,}, + 'trusted_node_data' => { setting => 'trusted_node_data', value => true,}, + 'graph' => { setting => 'graph', value => $graph,}, } create_resources('ini_setting', $ini_settings, $ini_defaults) + if $dns_alt_names != undef { + ini_setting { 'dns_alt_names': + setting => 'dns_alt_names', + value => $dns_alt_names, + * => $ini_defaults, + } + } + file { 'puppet_config': ensure => 'file', path => $config_path, diff --git a/manifests/server.pp b/manifests/server.pp index 3104ad1..a658243 100644 --- a/manifests/server.pp +++ b/manifests/server.pp @@ -2,17 +2,18 @@ # # Manages puppetserver # -class puppet::server( +class puppet::server ( Variant[Enum['true', 'false'], Boolean] $ca = false, #lint:ignore:quoted_booleans Variant[Array[String, 1], Undef] $autosign_entries = undef, String $sysconfig_path = '/etc/sysconfig/puppetserver', String $memory_size = '2g', # only m and g are appropriate for unit Optional[String] $enc = undef, - Optional[String] $dns_alt_names = undef, ) { include ::puppet + $_ca = str2bool($ca) + if $sysconfig_path != undef { validate_absolute_path($sysconfig_path) } @@ -34,7 +35,7 @@ 'rundir' => { setting => 'rundir', value => '/var/run/puppetlabs/puppetserver',}, 'pidfile' => { setting => 'pidfile', value => '/var/run/puppetlabs/puppetserver/puppetserver.pid',}, 'codedir' => { setting => 'codedir', value =>'/etc/puppetlabs/code',}, - 'ca' => { setting => 'ca', value => $ca,}, + 'ca' => { setting => 'ca', value => $_ca,}, } if $enc != undef { @@ -47,15 +48,7 @@ $ini_enc_settings = {} } - if $dns_alt_names != undef { - $ini_dns_alt_names_settings = { - 'dns_alt_names' => { setting => 'dns_alt_names', value => $dns_alt_names }, - } - } else { - $ini_dns_alt_names_settings = {} - } - - $ini_settings_merged = $non_conditional_ini_settings + $ini_enc_settings + $ini_dns_alt_names_settings + $ini_settings_merged = $non_conditional_ini_settings + $ini_enc_settings create_resources('ini_setting', $ini_settings_merged, $ini_defaults) # Ensure that puppet.conf settings in [main] also trigger a restart of @@ -81,6 +74,16 @@ notify => Service['puppetserver'], } + file { 'puppetserver_ca_cfg': + ensure => 'file', + path => '/etc/puppetlabs/puppetserver/services.d/ca.cfg', + content => template('puppet/ca.cfg.erb'), + owner => 'root', + group => 'root', + mode => '0644', + notify => Service['puppetserver'], + } + service { 'puppetserver': ensure => 'running', enable => true, diff --git a/spec/classes/init_spec.rb b/spec/classes/init_spec.rb index 7039d78..745f61f 100644 --- a/spec/classes/init_spec.rb +++ b/spec/classes/init_spec.rb @@ -61,6 +61,8 @@ end end + it { should_not contain_ini_setting('dns_alt_names') } + it do should contain_file('puppet_config').with({ :ensure => 'file', @@ -187,7 +189,7 @@ end describe 'with puppet.conf ini setting' do - %w(server ca_server certname graph).each do |setting| + %w(server ca_server certname graph dns_alt_names).each do |setting| context "#{setting} set to a valid entry" do # 'true' is used because it is acceptable to all of the above # parameters. Some of the settings are strings and some are boolean and @@ -266,7 +268,7 @@ :message => 'Error while evaluating a Resource Statement', }, 'strings' => { - :name => %w(certname cron_command server ca_server env), + :name => %w(certname cron_command server ca_server dns_alt_names env), :valid => ['string'], :invalid => [true, %w(array), { 'ha' => 'sh' }, 3, 2.42], :message => 'Error while evaluating a Resource Statement', diff --git a/spec/classes/server_spec.rb b/spec/classes/server_spec.rb index 5f06b1e..46a709f 100644 --- a/spec/classes/server_spec.rb +++ b/spec/classes/server_spec.rb @@ -1,5 +1,26 @@ require 'spec_helper' describe 'puppet::server' do + + ca_config_if_true = <<-END.gsub(/^\s+\|/, '') + |# This file is being maintained by Puppet. + |# DO NOT EDIT + | + |# To enable the CA service, leave the following line uncommented + |puppetlabs.services.ca.certificate-authority-service/certificate-authority-service + |# To disable the CA service, comment out the above line and uncomment the line below + |#puppetlabs.services.ca.certificate-authority-disabled-service/certificate-authority-disabled-service + END + + ca_config_if_false = <<-END.gsub(/^\s+\|/, '') + |# This file is being maintained by Puppet. + |# DO NOT EDIT + | + |# To enable the CA service, leave the following line uncommented + |#puppetlabs.services.ca.certificate-authority-service/certificate-authority-service + |# To disable the CA service, comment out the above line and uncomment the line below + |puppetlabs.services.ca.certificate-authority-disabled-service/certificate-authority-disabled-service + END + # Filter out duplicate platforms platforms = on_supported_os.select { |k, _v| !k.to_s.match(/^(RedHat|Scientific|OracleLinux)/i) } @@ -36,7 +57,7 @@ end end - %w(node_terminus external_nodes dns_alt_names).each do |setting| + %w(node_terminus external_nodes).each do |setting| it { should_not contain_ini_setting(setting) } end @@ -57,6 +78,18 @@ }) end + it do + should contain_file('puppetserver_ca_cfg').with({ + :ensure => 'file', + :path => '/etc/puppetlabs/puppetserver/services.d/ca.cfg', + :content => ca_config_if_false, + :owner => 'root', + :group => 'root', + :mode => '0644', + :notify => 'Service[puppetserver]', + }) + end + puppetserver_sysconfig = File.read(fixtures('puppetserver_sysconfig')) it do should contain_file('puppetserver_sysconfig').with({ @@ -83,19 +116,39 @@ end describe 'with ca' do - [true, 'true', false, 'false'].each do |value| + [true, 'true'].each do |value| context "set to #{value} (as #{value.class})" do let(:params) { { :ca => value } } + it do + should contain_file('puppetserver_ca_cfg').with({ + :content => ca_config_if_true, + }) + end + it do should contain_ini_setting('ca').with({ - :ensure => 'present', :setting => 'ca', - :value => value, - :path => '/etc/puppetlabs/puppet/puppet.conf', - :section => 'master', - :require => 'File[puppet_config]', - :notify => 'Service[puppetserver]', + :value => true, + }) + end + end + end + + [false, 'false'].each do |value| + context "set to #{value} (as #{value.class})" do + let(:params) { { :ca => value } } + + it do + should contain_file('puppetserver_ca_cfg').with({ + :content => ca_config_if_false, + }) + end + + it do + should contain_ini_setting('ca').with({ + :setting => 'ca', + :value => false, }) end end @@ -132,24 +185,6 @@ end end - describe 'with dns_alt_names' do - context 'set to a valid path' do - let(:params) { { :dns_alt_names => 'foo,foo1,foo1.example.com,foo.example.com' } } - - it do - should contain_ini_setting('dns_alt_names').with({ - :ensure => 'present', - :setting => 'dns_alt_names', - :value => 'foo,foo1,foo1.example.com,foo.example.com', - :path => '/etc/puppetlabs/puppet/puppet.conf', - :section => 'master', - :require => 'File[puppet_config]', - :notify => 'Service[puppetserver]', - }) - end - end - end - describe 'with autosign_entries' do context 'set to a valid array of strings' do let(:params) { { :autosign_entries => ['*.example.org', '*.dev.example.org'] } } @@ -179,12 +214,6 @@ :invalid => ['string', %w(array), { 'ha' => 'sh' }, 3, 2.42], :message => 'Error while evaluating a Resource Statement', }, - 'strings' => { - :name => %w(dns_alt_names), - :valid => ['string'], - :invalid => [true, %w(array), { 'ha' => 'sh' }, 3, 2.42], - :message => 'Error while evaluating a Resource Statement', - }, 'non-empty array of strings' => { :name => %w(autosign_entries), :valid => [['array with one string'], %w(array with many strings)], diff --git a/spec/fixtures/puppetserver_sysconfig b/spec/fixtures/puppetserver_sysconfig index 16f3716..b6ad21e 100644 --- a/spec/fixtures/puppetserver_sysconfig +++ b/spec/fixtures/puppetserver_sysconfig @@ -9,7 +9,7 @@ JAVA_BIN="/usr/bin/java" # Modify this if you'd like to change the memory allocation, enable JMX, etc -JAVA_ARGS="-Xms2g -Xmx2g -XX:MaxPermSize=256m" +JAVA_ARGS="-Xms2g -Xmx2g" # These normally shouldn't need to be edited if using OS packages USER="puppet" diff --git a/templates/ca.cfg.erb b/templates/ca.cfg.erb new file mode 100644 index 0000000..03431cb --- /dev/null +++ b/templates/ca.cfg.erb @@ -0,0 +1,15 @@ +# This file is being maintained by Puppet. +# DO NOT EDIT + +# To enable the CA service, leave the following line uncommented +<% if @_ca == true -%> +puppetlabs.services.ca.certificate-authority-service/certificate-authority-service +<% else -%> +#puppetlabs.services.ca.certificate-authority-service/certificate-authority-service +<% end -%> +# To disable the CA service, comment out the above line and uncomment the line below +<% if @_ca == true -%> +#puppetlabs.services.ca.certificate-authority-disabled-service/certificate-authority-disabled-service +<% else -%> +puppetlabs.services.ca.certificate-authority-disabled-service/certificate-authority-disabled-service +<% end -%> diff --git a/templates/puppetserver_sysconfig.erb b/templates/puppetserver_sysconfig.erb index 3615e2e..35af20a 100644 --- a/templates/puppetserver_sysconfig.erb +++ b/templates/puppetserver_sysconfig.erb @@ -9,7 +9,7 @@ JAVA_BIN="/usr/bin/java" # Modify this if you'd like to change the memory allocation, enable JMX, etc -JAVA_ARGS="-Xms<%= @memory_size -%> -Xmx<%= @memory_size -%> -XX:MaxPermSize=256m" +JAVA_ARGS="-Xms<%= @memory_size -%> -Xmx<%= @memory_size -%>" # These normally shouldn't need to be edited if using OS packages USER="puppet"