diff --git a/.github/workflows/pr_tests.yml b/.github/workflows/pr_tests.yml index 93d05dc..5f70562 100644 --- a/.github/workflows/pr_tests.yml +++ b/.github/workflows/pr_tests.yml @@ -35,7 +35,7 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v5 - - name: "Install Ruby ${{matrix.puppet.ruby_version}}" + - name: "Install Ruby 2.7" uses: ruby/setup-ruby@v1 # ruby/setup-ruby@ec106b438a1ff6ff109590de34ddc62c540232e0 with: ruby-version: 2.7 @@ -47,7 +47,7 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v5 - - name: "Install Ruby ${{matrix.puppet.ruby_version}}" + - name: "Install Ruby 2.7" uses: ruby/setup-ruby@v1 with: ruby-version: 2.7 @@ -56,13 +56,12 @@ jobs: - run: "bundle exec rake metadata_lint" ruby-style: - if: false # TODO Modules will need: rubocop in Gemfile, .rubocop.yml - name: 'Ruby Style (experimental)' + name: 'Ruby Style' runs-on: ubuntu-latest continue-on-error: true steps: - uses: actions/checkout@v5 - - name: "Install Ruby ${{matrix.puppet.ruby_version}}" + - name: "Install Ruby 2.7" uses: ruby/setup-ruby@v1 with: ruby-version: 2.7 @@ -89,7 +88,7 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v5 - - name: 'Install Ruby ${{matrix.puppet.ruby_version}}' + - name: 'Install Ruby 2.7' uses: ruby/setup-ruby@v1 with: ruby-version: 2.7 diff --git a/.rubocop.yml b/.rubocop.yml new file mode 100644 index 0000000..293ccee --- /dev/null +++ b/.rubocop.yml @@ -0,0 +1,699 @@ +--- +plugins: + - rubocop-performance + - rubocop-rake + - rubocop-rspec +AllCops: + NewCops: enable + DisplayCopNames: true + TargetRubyVersion: "2.7" + Include: + - "**/*.rb" + Exclude: + - bin/* + - ".vendor/**/*" + - pkg/**/* + - spec/fixtures/**/* + - vendor/**/* + - "**/Puppetfile" + - "**/Vagrantfile" + - "**/Guardfile" +Layout/LineLength: + Description: People have wide screens, use them. + Max: 200 +RSpec/BeforeAfterAll: + Description: + Beware of using after(:all) as it may cause state to leak between tests. + A necessary evil in acceptance testing. + Exclude: + - spec/acceptance/**/*.rb +RSpec/HookArgument: + Description: Prefer explicit :each argument, matching existing module's style + EnforcedStyle: each +RSpec/DescribeSymbol: + Exclude: + - spec/unit/facter/**/*.rb +Style/BlockDelimiters: + Description: + Prefer braces for chaining. Mostly an aesthetical choice. Better to + be consistent then. + EnforcedStyle: braces_for_chaining +Style/ClassAndModuleChildren: + Description: Compact style reduces the required amount of indentation. + EnforcedStyle: compact +Style/EmptyElse: + Description: Enforce against empty else clauses, but allow `nil` for clarity. + EnforcedStyle: empty +Style/FormatString: + Description: Following the main puppet project's style, prefer the % format format. + EnforcedStyle: percent +Style/FormatStringToken: + Description: + Following the main puppet project's style, prefer the simpler template + tokens over annotated ones. + EnforcedStyle: template +Style/Lambda: + Description: Prefer the keyword for easier discoverability. + EnforcedStyle: literal +Style/RegexpLiteral: + Description: Community preference. See https://github.com/voxpupuli/modulesync_config/issues/168 + EnforcedStyle: percent_r +Style/TernaryParentheses: + Description: + Checks for use of parentheses around ternary conditions. Enforce parentheses + on complex expressions for better readability, but seriously consider breaking + it up. + EnforcedStyle: require_parentheses_when_complex +Style/TrailingCommaInArguments: + Description: + Prefer always trailing comma on multiline argument lists. This makes + diffs, and re-ordering nicer. + EnforcedStyleForMultiline: comma +Style/TrailingCommaInArrayLiteral: + Description: + Prefer always trailing comma on multiline literals. This makes diffs, + and re-ordering nicer. + EnforcedStyleForMultiline: comma +Style/SymbolArray: + Description: Using percent style obscures symbolic intent of array's contents. + EnforcedStyle: brackets +RSpec/MessageSpies: + EnforcedStyle: receive +Style/Documentation: + Exclude: + - lib/puppet/parser/functions/**/* + - spec/**/* +Style/WordArray: + EnforcedStyle: brackets +Performance/AncestorsInclude: + Enabled: true +Performance/BigDecimalWithNumericArgument: + Enabled: true +Performance/BlockGivenWithExplicitBlock: + Enabled: true +Performance/CaseWhenSplat: + Enabled: true +Performance/ConstantRegexp: + Enabled: true +Performance/MethodObjectAsBlock: + Enabled: true +Performance/RedundantSortBlock: + Enabled: true +Performance/RedundantStringChars: + Enabled: true +Performance/ReverseFirst: + Enabled: true +Performance/SortReverse: + Enabled: true +Performance/Squeeze: + Enabled: true +Performance/StringInclude: + Enabled: true +Performance/Sum: + Enabled: true +Style/CollectionMethods: + Enabled: true +Style/MethodCalledOnDoEndBlock: + Enabled: true +Style/StringMethods: + Enabled: true +Bundler/GemFilename: + Enabled: false +Bundler/InsecureProtocolSource: + Enabled: false +Gemspec/DuplicatedAssignment: + Enabled: false +Gemspec/OrderedDependencies: + Enabled: false +Gemspec/RequiredRubyVersion: + Enabled: false +Gemspec/RubyVersionGlobalsUsage: + Enabled: false +Layout/ArgumentAlignment: + Enabled: false +Layout/BeginEndAlignment: + Enabled: false +Layout/ClosingHeredocIndentation: + Enabled: false +Layout/EmptyComment: + Enabled: false +Layout/EmptyLineAfterGuardClause: + Enabled: false +Layout/EmptyLinesAroundArguments: + Enabled: false +Layout/EmptyLinesAroundAttributeAccessor: + Enabled: false +Layout/EndOfLine: + Enabled: false +Layout/FirstArgumentIndentation: + Enabled: false +Layout/HashAlignment: + Enabled: false +Layout/HeredocIndentation: + Enabled: true +Layout/LeadingEmptyLines: + Enabled: false +Layout/SpaceAroundMethodCallOperator: + Enabled: false +Layout/SpaceInsideArrayLiteralBrackets: + Enabled: false +Layout/SpaceInsideReferenceBrackets: + Enabled: false +Lint/BigDecimalNew: + Enabled: false +Lint/BooleanSymbol: + Enabled: false +Lint/ConstantDefinitionInBlock: + Enabled: false +Lint/DeprecatedOpenSSLConstant: + Enabled: false +Lint/DisjunctiveAssignmentInConstructor: + Enabled: false +Lint/DuplicateElsifCondition: + Enabled: false +Lint/DuplicateRequire: + Enabled: false +Lint/DuplicateRescueException: + Enabled: false +Lint/EmptyConditionalBody: + Enabled: false +Lint/EmptyFile: + Enabled: false +Lint/ErbNewArguments: + Enabled: false +Lint/FloatComparison: + Enabled: false +Lint/HashCompareByIdentity: + Enabled: false +Lint/IdentityComparison: + Enabled: false +Lint/InterpolationCheck: + Enabled: false +Lint/MissingCopEnableDirective: + Enabled: false +Lint/MixedRegexpCaptureTypes: + Enabled: false +Lint/NestedPercentLiteral: + Enabled: false +Lint/NonDeterministicRequireOrder: + Enabled: false +Lint/OrderedMagicComments: + Enabled: false +Lint/OutOfRangeRegexpRef: + Enabled: false +Lint/RaiseException: + Enabled: false +Lint/RedundantCopEnableDirective: + Enabled: false +Lint/RedundantRequireStatement: + Enabled: false +Lint/RedundantSafeNavigation: + Enabled: false +Lint/RedundantWithIndex: + Enabled: false +Lint/RedundantWithObject: + Enabled: false +Lint/RegexpAsCondition: + Enabled: false +Lint/ReturnInVoidContext: + Enabled: false +Lint/SafeNavigationConsistency: + Enabled: false +Lint/SafeNavigationWithEmpty: + Enabled: false +Lint/SelfAssignment: + Enabled: false +Lint/SendWithMixinArgument: + Enabled: false +Lint/ShadowedArgument: + Enabled: false +Lint/StructNewOverride: + Enabled: false +Lint/ToJSON: + Enabled: false +Lint/TopLevelReturnWithArgument: + Enabled: false +Lint/TrailingCommaInAttributeDeclaration: + Enabled: false +Lint/UnreachableLoop: + Enabled: false +Lint/UriEscapeUnescape: + Enabled: false +Lint/UriRegexp: + Enabled: false +Lint/UselessMethodDefinition: + Enabled: false +Lint/UselessTimes: + Enabled: false +Metrics/AbcSize: + Enabled: false +Metrics/BlockLength: + Enabled: false +Metrics/BlockNesting: + Enabled: false +Metrics/ClassLength: + Enabled: false +Metrics/CyclomaticComplexity: + Enabled: false +Metrics/MethodLength: + Enabled: false +Metrics/ModuleLength: + Enabled: false +Metrics/ParameterLists: + Enabled: false +Metrics/PerceivedComplexity: + Enabled: false +Migration/DepartmentName: + Enabled: false +Naming/AccessorMethodName: + Enabled: false +Naming/BlockParameterName: + Enabled: false +Naming/HeredocDelimiterCase: + Enabled: false +Naming/HeredocDelimiterNaming: + Enabled: false +Naming/MemoizedInstanceVariableName: + Enabled: false +Naming/MethodParameterName: + Enabled: false +Naming/RescuedExceptionsVariableName: + Enabled: false +Naming/VariableNumber: + Enabled: false +Performance/BindCall: + Enabled: false +Performance/DeletePrefix: + Enabled: false +Performance/DeleteSuffix: + Enabled: false +Performance/InefficientHashSearch: + Enabled: false +Performance/UnfreezeString: + Enabled: false +Performance/UriDefaultParser: + Enabled: false +RSpec/Be: + Enabled: false +RSpec/Dialect: + Enabled: false +RSpec/ContainExactly: + Enabled: false +RSpec/ContextMethod: + Enabled: false +RSpec/ContextWording: + Enabled: false +RSpec/DescribeClass: + Enabled: false +RSpec/EmptyHook: + Enabled: false +RSpec/EmptyLineAfterExample: + Enabled: false +RSpec/EmptyLineAfterExampleGroup: + Enabled: false +RSpec/EmptyLineAfterHook: + Enabled: false +RSpec/ExampleLength: + Enabled: false +RSpec/ExampleWithoutDescription: + Enabled: false +RSpec/ExpectChange: + Enabled: false +RSpec/ExpectInHook: + Enabled: false +RSpec/HooksBeforeExamples: + Enabled: false +RSpec/ImplicitBlockExpectation: + Enabled: false +RSpec/ImplicitSubject: + Enabled: false +RSpec/LeakyConstantDeclaration: + Enabled: false +RSpec/LetBeforeExamples: + Enabled: false +RSpec/MatchArray: + Enabled: false +RSpec/MissingExampleGroupArgument: + Enabled: false +RSpec/MultipleExpectations: + Enabled: false +RSpec/MultipleMemoizedHelpers: + Enabled: false +RSpec/MultipleSubjects: + Enabled: false +RSpec/NestedGroups: + Enabled: false +RSpec/PredicateMatcher: + Enabled: false +RSpec/ReceiveCounts: + Enabled: false +RSpec/ReceiveNever: + Enabled: false +RSpec/RepeatedExampleGroupBody: + Enabled: false +RSpec/RepeatedExampleGroupDescription: + Enabled: false +RSpec/RepeatedIncludeExample: + Enabled: false +RSpec/ReturnFromStub: + Enabled: false +RSpec/SharedExamples: + Enabled: false +RSpec/StubbedMock: + Enabled: false +RSpec/UnspecifiedException: + Enabled: false +RSpec/VariableDefinition: + Enabled: false +RSpec/VoidExpect: + Enabled: false +RSpec/Yield: + Enabled: false +Security/Open: + Enabled: false +Style/AccessModifierDeclarations: + Enabled: false +Style/AccessorGrouping: + Enabled: false +Style/BisectedAttrAccessor: + Enabled: false +Style/CaseLikeIf: + Enabled: false +Style/ClassEqualityComparison: + Enabled: false +Style/ColonMethodDefinition: + Enabled: false +Style/CombinableLoops: + Enabled: false +Style/CommentedKeyword: + Enabled: false +Style/Dir: + Enabled: false +Style/DoubleCopDisableDirective: + Enabled: false +Style/EmptyBlockParameter: + Enabled: false +Style/EmptyLambdaParameter: + Enabled: false +Style/Encoding: + Enabled: false +Style/EvalWithLocation: + Enabled: false +Style/ExpandPathArguments: + Enabled: false +Style/ExplicitBlockArgument: + Enabled: false +Style/ExponentialNotation: + Enabled: false +Style/FloatDivision: + Enabled: false +Style/FrozenStringLiteralComment: + Enabled: false +Style/GlobalStdStream: + Enabled: false +Style/HashAsLastArrayItem: + Enabled: false +Style/HashLikeCase: + Enabled: false +Style/HashTransformKeys: + Enabled: false +Style/HashTransformValues: + Enabled: false +Style/IfUnlessModifier: + Enabled: false +Style/KeywordParametersOrder: + Enabled: false +Style/MinMax: + Enabled: false +Style/MixinUsage: + Enabled: false +Style/MultilineWhenThen: + Enabled: false +Style/NegatedUnless: + Enabled: false +Style/NumericPredicate: + Enabled: false +Style/OptionalBooleanParameter: + Enabled: false +Style/OrAssignment: + Enabled: false +Style/RandomWithOffset: + Enabled: false +Style/RedundantAssignment: + Enabled: false +Style/RedundantCondition: + Enabled: false +Style/RedundantConditional: + Enabled: false +Style/RedundantFetchBlock: + Enabled: false +Style/RedundantFileExtensionInRequire: + Enabled: false +Style/RedundantRegexpCharacterClass: + Enabled: false +Style/RedundantRegexpEscape: + Enabled: false +Style/RedundantSelfAssignment: + Enabled: false +Style/RedundantSort: + Enabled: false +Style/RescueStandardError: + Enabled: false +Style/SingleArgumentDig: + Enabled: false +Style/SlicingWithRange: + Enabled: false +Style/SoleNestedConditional: + Enabled: false +Style/StderrPuts: + Enabled: false +Style/StringConcatenation: + Enabled: false +Style/Strip: + Enabled: false +Style/SymbolProc: + Enabled: false +Style/TrailingBodyOnClass: + Enabled: false +Style/TrailingBodyOnMethodDefinition: + Enabled: false +Style/TrailingBodyOnModule: + Enabled: false +Style/TrailingCommaInHashLiteral: + EnforcedStyleForMultiline: comma +Style/TrailingMethodEndStatement: + Enabled: false +Style/UnpackFirst: + Enabled: false +Gemspec/DeprecatedAttributeAssignment: + Enabled: false +Gemspec/DevelopmentDependencies: + Enabled: false +Gemspec/RequireMFA: + Enabled: false +Layout/LineContinuationLeadingSpace: + Enabled: false +Layout/LineContinuationSpacing: + Enabled: false +Layout/LineEndStringConcatenationIndentation: + Enabled: false +Layout/SpaceBeforeBrackets: + Enabled: false +Lint/AmbiguousAssignment: + Enabled: false +Lint/AmbiguousOperatorPrecedence: + Enabled: false +Lint/AmbiguousRange: + Enabled: false +Lint/ConstantOverwrittenInRescue: + Enabled: false +Lint/DeprecatedConstants: + Enabled: false +Lint/DuplicateBranch: + Enabled: false +Lint/DuplicateMagicComment: + Enabled: false +Lint/DuplicateMatchPattern: + Enabled: false +Lint/DuplicateRegexpCharacterClassElement: + Enabled: false +Lint/EmptyBlock: + Enabled: false +Lint/EmptyClass: + Enabled: false +Lint/EmptyInPattern: + Enabled: false +Lint/IncompatibleIoSelectWithFiberScheduler: + Enabled: false +Lint/LambdaWithoutLiteralBlock: + Enabled: false +Lint/NoReturnInBeginEndBlocks: + Enabled: false +Lint/NonAtomicFileOperation: + Enabled: false +Lint/NumberedParameterAssignment: + Enabled: false +Lint/OrAssignmentToConstant: + Enabled: false +Lint/RedundantDirGlobSort: + Enabled: false +Lint/RefinementImportMethods: + Enabled: false +Lint/RequireRangeParentheses: + Enabled: false +Lint/RequireRelativeSelfPath: + Enabled: false +Lint/SymbolConversion: + Enabled: false +Lint/ToEnumArguments: + Enabled: false +Lint/TripleQuotes: + Enabled: false +Lint/UnexpectedBlockArity: + Enabled: false +Lint/UnmodifiedReduceAccumulator: + Enabled: false +Lint/UselessRescue: + Enabled: false +Lint/UselessRuby2Keywords: + Enabled: false +Metrics/CollectionLiteralLength: + Enabled: false +Naming/BlockForwarding: + Enabled: false +Performance/CollectionLiteralInLoop: + Enabled: false +Performance/ConcurrentMonotonicTime: + Enabled: false +Performance/MapCompact: + Enabled: false +Performance/RedundantEqualityComparisonBlock: + Enabled: false +Performance/RedundantSplitRegexpArgument: + Enabled: false +Performance/StringIdentifierArgument: + Enabled: false +RSpec/BeEq: + Enabled: false +RSpec/BeNil: + Enabled: false +RSpec/ChangeByZero: + Enabled: false +RSpec/ClassCheck: + Enabled: false +RSpec/DuplicatedMetadata: + Enabled: false +RSpec/ExcessiveDocstringSpacing: + Enabled: false +RSpec/IdenticalEqualityAssertion: + Enabled: false +RSpec/NoExpectationExample: + Enabled: false +RSpec/PendingWithoutReason: + Enabled: false +RSpec/RedundantAround: + Enabled: false +RSpec/SkipBlockInsideExample: + Enabled: false +RSpec/SortMetadata: + Enabled: false +RSpec/SubjectDeclaration: + Enabled: false +RSpec/VerifiedDoubleReference: + Enabled: false +Security/CompoundHash: + Enabled: false +Security/IoMethods: + Enabled: false +Style/ArgumentsForwarding: + Enabled: false +Style/ArrayIntersect: + Enabled: false +Style/CollectionCompact: + Enabled: false +Style/ComparableClamp: + Enabled: false +Style/ConcatArrayLiterals: + Enabled: false +Style/DataInheritance: + Enabled: false +Style/DirEmpty: + Enabled: false +Style/DocumentDynamicEvalDefinition: + Enabled: false +Style/EmptyHeredoc: + Enabled: false +Style/EndlessMethod: + Enabled: false +Style/EnvHome: + Enabled: false +Style/FetchEnvVar: + Enabled: false +Style/FileEmpty: + Enabled: false +Style/FileRead: + Enabled: false +Style/FileWrite: + Enabled: false +Style/HashConversion: + Enabled: false +Style/HashExcept: + Enabled: false +Style/IfWithBooleanLiteralBranches: + Enabled: false +Style/InPatternThen: + Enabled: false +Style/MagicCommentFormat: + Enabled: false +Style/MapCompactWithConditionalBlock: + Enabled: false +Style/MapToHash: + Enabled: false +Style/MapToSet: + Enabled: false +Style/MinMaxComparison: + Enabled: false +Style/MultilineInPatternThen: + Enabled: false +Style/NegatedIfElseCondition: + Enabled: false +Style/NestedFileDirname: + Enabled: false +Style/NilLambda: + Enabled: false +Style/NumberedParameters: + Enabled: false +Style/NumberedParametersLimit: + Enabled: false +Style/ObjectThen: + Enabled: false +Style/OpenStructUse: + Enabled: false +Style/OperatorMethodCall: + Enabled: false +Style/QuotedSymbols: + Enabled: false +Style/RedundantArgument: + Enabled: false +Style/RedundantConstantBase: + Enabled: false +Style/RedundantDoubleSplatHashBraces: + Enabled: false +Style/RedundantEach: + Enabled: false +Style/RedundantHeredocDelimiterQuotes: + Enabled: false +Style/RedundantInitialize: + Enabled: false +Style/RedundantLineContinuation: + Enabled: false +Style/RedundantSelfAssignmentBranch: + Enabled: false +Style/RedundantStringEscape: + Enabled: false +Style/SelectByRegexp: + Enabled: false +Style/StringChars: + Enabled: false +Style/SwapValues: + Enabled: false diff --git a/Gemfile b/Gemfile index 454b853..0817124 100644 --- a/Gemfile +++ b/Gemfile @@ -10,16 +10,22 @@ ENV['PDK_DISABLE_ANALYTICS'] ||= 'true' gem_sources.each { |gem_source| source gem_source } +group :syntax do + gem 'metadata-json-lint' + gem 'puppet-lint-trailing_comma-check', require: false + gem 'rubocop', '~> 1.80.2' + gem 'rubocop-performance', '~> 1.26.0' + gem 'rubocop-rake', '~> 0.7.1' + gem 'rubocop-rspec', '~> 3.7.0' +end + group :test do puppet_version = ENV.fetch('PUPPET_VERSION', ['>= 7', '< 9']) major_puppet_version = Array(puppet_version).first.scan(%r{(\d+)(?:\.|\Z)}).flatten.first.to_i gem 'hiera-puppet-helper' - gem 'metadata-json-lint' - gem 'pathspec', '~> 0.2' if Gem::Requirement.create('< 2.6').satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) gem('pdk', ENV.fetch('PDK_VERSION', ['>= 2.0', '< 4.0']), require: false) if major_puppet_version > 5 gem 'puppet', puppet_version gem 'puppetlabs_spec_helper' - gem 'puppet-lint-trailing_comma-check', require: false gem 'puppet-strings' gem 'rake' gem 'rspec' diff --git a/spec/acceptance/helpers.rb b/spec/acceptance/helpers.rb index 7ab878a..29bdf1d 100644 --- a/spec/acceptance/helpers.rb +++ b/spec/acceptance/helpers.rb @@ -1,2 +1,2 @@ -rb_files = File.expand_path( 'helpers/**/*.rb', __dir__) -Dir.glob( rb_files ).sort_by(&:to_s).each { |file| require file } +rb_files = File.expand_path('helpers/**/*.rb', __dir__) +Dir.glob(rb_files).sort_by(&:to_s).each { |file| require file } diff --git a/spec/acceptance/helpers/manifest_helpers.rb b/spec/acceptance/helpers/manifest_helpers.rb index 7a4841d..dca36d1 100644 --- a/spec/acceptance/helpers/manifest_helpers.rb +++ b/spec/acceptance/helpers/manifest_helpers.rb @@ -1,134 +1,129 @@ -module Acceptance - module Helpers - module ManifestHelpers - - # returns Hash of NFS host-specific hieradata - # - # +base_hiera+: Hash of base hieradata - # +opts+: Hash of host-specific hieradata to be added - # - def build_host_hiera(base_hiera, opts) - hiera = Marshal.load(Marshal.dump(base_hiera)) - hiera['nfs::is_client'] = opts[:is_client] - hiera['nfs::is_server'] = opts[:is_server] - hiera['nfs::nfsv3'] = opts[:nfsv3] - hiera['nfs::nfsd_port'] = opts[:nfsd_port] - hiera['nfs::stunnel_nfsd_port'] = opts[:stunnel_nfsd_port] - hiera.compact - end - - # Create a string that can be inserted into the body of a - # nfs::client::mount in a manifest and which contains custom mount - # options - def build_custom_mount_options(opts) - options = '' - if opts[:mount_nfs_version] - options += " nfs_version => #{opts[:mount_nfs_version]},\n" - end - - if opts[:mount_sec] - options += " sec => #{opts[:mount_sec]},\n" - end - - unless opts[:mount_autodetect_remote].nil? - if opts[:mount_autodetect_remote] - options += " autodetect_remote => true,\n" - else - options += " autodetect_remote => false,\n" - end - end - - if opts[:mount_nfsd_port] - options += " nfsd_port => #{opts[:mount_nfsd_port]},\n" - end - - if opts[:mount_stunnel_nfsd_port] - options += " stunnel_nfsd_port => #{opts[:mount_stunnel_nfsd_port]},\n" - end - - unless opts[:mount_stunnel].nil? - if opts[:mount_stunnel] - options += " stunnel => true,\n" - else - options += " stunnel => false,\n" - end - end - - options - end - - # Create a manifest that creates a directory, creates a test file in - # that directory, and then exports the directory - def create_export_manifest(opts) - <<~EOM - include 'ssh' - - file { '#{opts[:exported_dir]}': - ensure => 'directory', - owner => 'root', - group => 'root', - mode => '0644' - } - - file { '#{opts[:exported_file]}': - ensure => 'file', - owner => 'root', - group => 'root', - mode => '0644', - content => "#{opts[:exported_file_content]}\\n" - } - - nfs::server::export { '#{opts[:exported_dir]}': - clients => ['*'], - export_path => '#{opts[:exported_dir]}', - sec => ['#{opts[:export_sec]}'], - insecure => #{opts[:export_insecure].to_s} - } - - File['#{opts[:exported_dir]}'] -> Nfs::Server::Export['#{opts[:exported_dir]}'] - - #{opts[:server_custom]} - EOM - end - - # Create a manifest that creates a mount directory and then statically - # mounts to that directory - def create_static_mount_manifest(opts) - custom_mount_options = build_custom_mount_options(opts) - - <<~EOM - include 'ssh' - - nfs::client::mount { '#{opts[:mount_dir]}': - nfs_server => '#{opts[:mount_server_ip]}', - remote_path => '#{opts[:mount_remote_dir]}', - autofs => false, - #{custom_mount_options} - } - - # mount directory must exist if not using autofs - file { '#{opts[:mount_dir]}': - ensure => 'directory', - owner => 'root', - group => 'root', - mode => '0644' - } - - File['#{opts[:mount_dir]}'] -> Nfs::Client::Mount['#{opts[:mount_dir]}'] - EOM - end - - def print_test_config(hieradata, manifest) - puts '>'*80 - if hieradata.is_a?(Hash) - puts "Hieradata:\n#{hieradata.to_yaml}" - else - puts "Hieradata:\n#{hieradata}" - end - puts '-'*80 - puts "Manifest:\n#{manifest}" - puts '<'*80 - end +module Acceptance::Helpers::ManifestHelpers + # returns Hash of NFS host-specific hieradata + # + # +base_hiera+: Hash of base hieradata + # +opts+: Hash of host-specific hieradata to be added + # + def build_host_hiera(base_hiera, opts) + hiera = Marshal.load(Marshal.dump(base_hiera)) + hiera['nfs::is_client'] = opts[:is_client] + hiera['nfs::is_server'] = opts[:is_server] + hiera['nfs::nfsv3'] = opts[:nfsv3] + hiera['nfs::nfsd_port'] = opts[:nfsd_port] + hiera['nfs::stunnel_nfsd_port'] = opts[:stunnel_nfsd_port] + hiera.compact + end + + # Create a string that can be inserted into the body of a + # nfs::client::mount in a manifest and which contains custom mount + # options + def build_custom_mount_options(opts) + options = '' + if opts[:mount_nfs_version] + options += " nfs_version => #{opts[:mount_nfs_version]},\n" + end + + if opts[:mount_sec] + options += " sec => #{opts[:mount_sec]},\n" + end + + unless opts[:mount_autodetect_remote].nil? + options += if opts[:mount_autodetect_remote] + " autodetect_remote => true,\n" + else + " autodetect_remote => false,\n" + end + end + + if opts[:mount_nfsd_port] + options += " nfsd_port => #{opts[:mount_nfsd_port]},\n" + end + + if opts[:mount_stunnel_nfsd_port] + options += " stunnel_nfsd_port => #{opts[:mount_stunnel_nfsd_port]},\n" + end + + unless opts[:mount_stunnel].nil? + options += if opts[:mount_stunnel] + " stunnel => true,\n" + else + " stunnel => false,\n" + end + end + + options + end + + # Create a manifest that creates a directory, creates a test file in + # that directory, and then exports the directory + def create_export_manifest(opts) + <<~EOM + include 'ssh' + + file { '#{opts[:exported_dir]}': + ensure => 'directory', + owner => 'root', + group => 'root', + mode => '0644', + } + + file { '#{opts[:exported_file]}': + ensure => 'file', + owner => 'root', + group => 'root', + mode => '0644', + content => "#{opts[:exported_file_content]}\\n", + } + + nfs::server::export { '#{opts[:exported_dir]}': + clients => ['*'], + export_path => '#{opts[:exported_dir]}', + sec => ['#{opts[:export_sec]}'], + insecure => #{opts[:export_insecure]}, + } + + File['#{opts[:exported_dir]}'] -> Nfs::Server::Export['#{opts[:exported_dir]}'] + + #{opts[:server_custom]} + EOM + end + + # Create a manifest that creates a mount directory and then statically + # mounts to that directory + def create_static_mount_manifest(opts) + custom_mount_options = build_custom_mount_options(opts) + + <<~EOM + include 'ssh' + + nfs::client::mount { '#{opts[:mount_dir]}': + nfs_server => '#{opts[:mount_server_ip]}', + remote_path => '#{opts[:mount_remote_dir]}', + autofs => false, + #{custom_mount_options} + } + + # mount directory must exist if not using autofs + file { '#{opts[:mount_dir]}': + ensure => 'directory', + owner => 'root', + group => 'root', + mode => '0644', + } + + File['#{opts[:mount_dir]}'] -> Nfs::Client::Mount['#{opts[:mount_dir]}'] + EOM + end + + def print_test_config(hieradata, manifest) + puts '>' * 80 + if hieradata.is_a?(Hash) + puts "Hieradata:\n#{hieradata.to_yaml}" + else + puts "Hieradata:\n#{hieradata}" end + puts '-' * 80 + puts "Manifest:\n#{manifest}" + puts '<' * 80 end end diff --git a/spec/acceptance/helpers/utils.rb b/spec/acceptance/helpers/utils.rb index f0a63b7..6c499bb 100644 --- a/spec/acceptance/helpers/utils.rb +++ b/spec/acceptance/helpers/utils.rb @@ -1,79 +1,70 @@ -module Acceptance - module Helpers - module Utils +module Acceptance::Helpers::Utils + # code copied from simp-core's acceptance tests + # FIXME - Move to simp-beaker-helpers - # code copied from simp-core's acceptance tests - # FIXME - Move to simp-beaker-helpers - - # @returns array of IPV4 networks configured on a host - # - # +host+: Host (object) - # - def host_networks(host) - require 'json' - require 'ipaddr' - networking = JSON.load(on(host, 'facter --json networking').stdout) - networking['networking']['interfaces'].delete_if { |key,value| key == 'lo' } - networks = networking['networking']['interfaces'].map do |key,value| - net_mask = IPAddr.new(value['netmask']).to_i.to_s(2).count("1") - "#{value['network']}/#{net_mask}" - end - networks - end + # @returns array of IPV4 networks configured on a host + # + # +host+: Host (object) + # + def host_networks(host) + require 'json' + require 'ipaddr' + networking = JSON.parse(on(host, 'facter --json networking').stdout) + networking['networking']['interfaces'].delete_if { |key, _value| key == 'lo' } + networks = networking['networking']['interfaces'].map do |_key, value| + net_mask = IPAddr.new(value['netmask']).to_i.to_s(2).count('1') + "#{value['network']}/#{net_mask}" + end + networks + end - # @returns the internal IPV4 network info for a host or nil if - # none can be found - # - # +host+: Host (object) - # - def internal_network_info(host) - networking = JSON.load(on(host, 'facter --json networking').stdout) + # @returns the internal IPV4 network info for a host or nil if + # none can be found + # + # +host+: Host (object) + # + def internal_network_info(host) + networking = JSON.parse(on(host, 'facter --json networking').stdout) - # this is the IP address beaker puts into /etc/hosts - internal_ip = host['vm_ip'] || host['ip'].to_s + # this is the IP address beaker puts into /etc/hosts + internal_ip = host['vm_ip'] || host['ip'].to_s - internal_ip_info = nil - networking['networking']['interfaces'].each do |interface,settings| - if ( settings['ip'] and settings['ip'] == internal_ip ) - internal_ip_info = { - :interface => interface, - :ip => settings['ip'], - :netmask => settings['netmask'] - } - break - end - end + internal_ip_info = nil + networking['networking']['interfaces'].each do |interface, settings| + next unless settings['ip'] && (settings['ip'] == internal_ip) + internal_ip_info = { + interface: interface, + ip: settings['ip'], + netmask: settings['netmask'], + } + break + end - internal_ip_info - end + internal_ip_info + end - # Temporary hack to try to ensure connection to a host after reboot - # with beaker 4.14.1 - # TODO: Remove this when beaker is fixed - def wait_for_reboot_hack(host) - # Sometimes beaker connects to the host before it has rebooted, so first sleep - # to give the host time to get farther along in its shutdown - wait_seconds = ENV['NFS_TEST_REBOOT_WAIT'] ? ENV['NFS_TEST_REBOOT_WAIT'] : 10 - sleep(wait_seconds) + # Temporary hack to try to ensure connection to a host after reboot + # with beaker 4.14.1 + # TODO: Remove this when beaker is fixed + def wait_for_reboot_hack(host) + # Sometimes beaker connects to the host before it has rebooted, so first sleep + # to give the host time to get farther along in its shutdown + wait_seconds = ENV['NFS_TEST_REBOOT_WAIT'] ? ENV['NFS_TEST_REBOOT_WAIT'] : 10 + sleep(wait_seconds) - # If beaker has already connected successfully before the reboot, it will think - # the necessity to reconnect is a failure. So it will close the connection and - # raise an exception. If we catch that exception and retry, beaker will then - # create a new connection. - tries = ENV['NFS_TEST_RECONNECT_TRIES'] ? ENV['NFS_TEST_RECONNECT_TRIES'] : 10 - begin - on(host, 'uptime') - rescue Beaker::Host::CommandFailure => e - if e.message.include?('connection failure') && (tries > 0) - puts "Retrying due to << #{e.message.strip} >>" - tries -= 1 - sleep 1 - retry - else - raise e - end - end - end + # If beaker has already connected successfully before the reboot, it will think + # the necessity to reconnect is a failure. So it will close the connection and + # raise an exception. If we catch that exception and retry, beaker will then + # create a new connection. + tries = ENV['NFS_TEST_RECONNECT_TRIES'] ? ENV['NFS_TEST_RECONNECT_TRIES'] : 10 + begin + on(host, 'uptime') + rescue Beaker::Host::CommandFailure => e + raise e unless e.message.include?('connection failure') && (tries > 0) + puts "Retrying due to << #{e.message.strip} >>" + tries -= 1 + sleep 1 + retry end end end diff --git a/spec/acceptance/shared_examples.rb b/spec/acceptance/shared_examples.rb index b689f67..892e442 100644 --- a/spec/acceptance/shared_examples.rb +++ b/spec/acceptance/shared_examples.rb @@ -1,2 +1,2 @@ -rb_files = File.expand_path( 'shared_examples/**/*.rb', __dir__) -Dir.glob( rb_files ).sort_by(&:to_s).each { |file| require file } +rb_files = File.expand_path('shared_examples/**/*.rb', __dir__) +Dir.glob(rb_files).sort_by(&:to_s).each { |file| require file } diff --git a/spec/acceptance/shared_examples/multi_client_nfs_share.rb b/spec/acceptance/shared_examples/multi_client_nfs_share.rb index 93a0432..c7ebc0d 100644 --- a/spec/acceptance/shared_examples/multi_client_nfs_share.rb +++ b/spec/acceptance/shared_examples/multi_client_nfs_share.rb @@ -32,83 +32,87 @@ servers.each do |server| context "with NFS server #{server}" do - let(:server_opts) {{ - :is_server => true, - :is_client => false, - :nfsv3 => opts[:server_config][:nfsv3], - :exported_dir => exported_dir, - :exported_file => File.join(exported_dir, file_basename), - :exported_file_content => "#{file_search_string} from #{exported_dir}", - :export_sec => opts[:server_config][:export_sec], - :export_insecure => opts[:server_config][:export_insecure] - }} + let(:server_opts) do + { + is_server: true, + is_client: false, + nfsv3: opts[:server_config][:nfsv3], + exported_dir: exported_dir, + exported_file: File.join(exported_dir, file_basename), + exported_file_content: "#{file_search_string} from #{exported_dir}", + export_sec: opts[:server_config][:export_sec], + export_insecure: opts[:server_config][:export_insecure], + } + end let(:server_manifest) { create_export_manifest(server_opts) } context "as the NFS server #{server}" do - it 'should ensure vagrant connectivity' do + it 'ensures vagrant connectivity' do on(hosts, 'date') end - it 'should apply server manifest to export' do + it 'applies server manifest to export' do server_hieradata = build_host_hiera(opts[:base_hiera], server_opts) set_hieradata_on(server, server_hieradata) print_test_config(server_hieradata, server_manifest) - apply_manifest_on(server, server_manifest, :catch_failures => true) + apply_manifest_on(server, server_manifest, catch_failures: true) end - it 'should be idempotent' do - apply_manifest_on(server, server_manifest, :catch_changes => true) + it 'is idempotent' do + apply_manifest_on(server, server_manifest, catch_changes: true) end - it 'should export shared dir' do + it 'exports shared dir' do on(server, "exportfs -v | grep #{exported_dir}") end end { client1 => opts[:mount1_config], - client2 => opts[:mount2_config] - }.each do |client,config| - + client2 => opts[:mount2_config], + }.each do |client, config| context "as NFS client #{client}" do - let(:client_opts) {{ - :is_server => false, - :is_client => true, - :nfsv3 => (config[:nfs_version] == 3), - :mount_dir => "/mnt/#{server.to_s}-#{File.basename(exported_dir)}", - :mount_server_ip => internal_network_info(server)[:ip], - :mount_remote_dir => exported_dir, - :mount_nfs_version => config[:nfs_version], - :mount_sec => config[:sec], - :mount_stunnel => config[:stunnel] - }} + let(:client_opts) do + { + is_server: false, + is_client: true, + nfsv3: (config[:nfs_version] == 3), + mount_dir: "/mnt/#{server}-#{File.basename(exported_dir)}", + mount_server_ip: internal_network_info(server)[:ip], + mount_remote_dir: exported_dir, + mount_nfs_version: config[:nfs_version], + mount_sec: config[:sec], + mount_stunnel: config[:stunnel], + } + end let(:client_manifest) { create_static_mount_manifest(client_opts) } - it 'should apply client manifest to mount a dir from the server' do + it 'applies client manifest to mount a dir from the server' do client_hieradata = build_host_hiera(opts[:base_hiera], client_opts) set_hieradata_on(client, client_hieradata) print_test_config(client_hieradata, client_manifest) - apply_manifest_on(client, client_manifest, :catch_failures => true) + apply_manifest_on(client, client_manifest, catch_failures: true) end - it 'should be idempotent' do - apply_manifest_on(client, client_manifest, :catch_changes => true) + it 'is idempotent' do + apply_manifest_on(client, client_manifest, catch_changes: true) end - it "should mount NFS share from #{server}" do - on(client, %(grep -q '#{file_search_string}' #{client_opts[:mount_dir]}/#{file_basename})) + it "mounts NFS share from #{server}" do + on(client, %(grep -q '#{file_search_string}' #{client_opts[:mount_dir]}/#{file_basename})) end end end context 'test clean up' do - let(:mount_dir) { "/mnt/#{server.to_s}-#{File.basename(exported_dir)}" } - it 'should remove mount as prep for next test' do + let(:mount_dir) { "/mnt/#{server}-#{File.basename(exported_dir)}" } + + it 'removes mount as prep for next test' do # use puppet resource instead of simple umount, in order to remove # persistent mount configuration - on([client1, client2], %{puppet resource mount #{mount_dir} ensure=absent}) + on([client1, client2], %(puppet resource mount #{mount_dir} ensure=absent)) on([client1, client2], "rm -rf #{mount_dir}") end end diff --git a/spec/acceptance/shared_examples/multi_server_nfs_share.rb b/spec/acceptance/shared_examples/multi_server_nfs_share.rb index 8e7b7b6..d4066a5 100644 --- a/spec/acceptance/shared_examples/multi_server_nfs_share.rb +++ b/spec/acceptance/shared_examples/multi_server_nfs_share.rb @@ -26,53 +26,53 @@ file_basename = 'test_file' file_search_string = 'This is a test file' server1_opts = { - :host => server1, - :is_server => true, - :is_client => false, - :nfsv3 => opts[:server1_config][:nfsv3], - :nfsd_port => opts[:server1_config][:nfsd_port], - :stunnel_nfsd_port => opts[:server1_config][:stunnel_nfsd_port], - :exported_dir => opts[:server1_config][:exported_dir], - :exported_file => File.join(opts[:server1_config][:exported_dir], file_basename), - :exported_file_content => "#{file_search_string} from #{opts[:server1_config][:exported_dir]}", - :export_sec => opts[:server1_config][:export_sec], - :export_insecure => opts[:server1_config][:export_insecure], + host: server1, + is_server: true, + is_client: false, + nfsv3: opts[:server1_config][:nfsv3], + nfsd_port: opts[:server1_config][:nfsd_port], + stunnel_nfsd_port: opts[:server1_config][:stunnel_nfsd_port], + exported_dir: opts[:server1_config][:exported_dir], + exported_file: File.join(opts[:server1_config][:exported_dir], file_basename), + exported_file_content: "#{file_search_string} from #{opts[:server1_config][:exported_dir]}", + export_sec: opts[:server1_config][:export_sec], + export_insecure: opts[:server1_config][:export_insecure], } server2_opts = { - :host => server2, - :is_server => true, - :is_client => false, - :nfsv3 => opts[:server2_config][:nfsv3], - :nfsd_port => opts[:server2_config][:nfsd_port], - :stunnel_nfsd_port => opts[:server2_config][:stunnel_nfsd_port], - :exported_dir => opts[:server2_config][:exported_dir], - :exported_file => File.join(opts[:server2_config][:exported_dir], file_basename), - :exported_file_content => "#{file_search_string} from #{opts[:server2_config][:exported_dir]}", - :export_sec => opts[:server2_config][:export_sec], - :export_insecure => opts[:server2_config][:export_insecure], + host: server2, + is_server: true, + is_client: false, + nfsv3: opts[:server2_config][:nfsv3], + nfsd_port: opts[:server2_config][:nfsd_port], + stunnel_nfsd_port: opts[:server2_config][:stunnel_nfsd_port], + exported_dir: opts[:server2_config][:exported_dir], + exported_file: File.join(opts[:server2_config][:exported_dir], file_basename), + exported_file_content: "#{file_search_string} from #{opts[:server2_config][:exported_dir]}", + export_sec: opts[:server2_config][:export_sec], + export_insecure: opts[:server2_config][:export_insecure], } context 'server exports' do [ server1_opts, server2_opts].each do |srv_opts| context "as NFS server #{srv_opts[:host]}" do let(:server) { srv_opts[:host] } - let(:server_manifest) { + let(:server_manifest) do create_export_manifest(srv_opts) - } + end - it 'should apply server manifest to export' do + it 'applies server manifest to export' do server_hieradata = build_host_hiera(opts[:base_hiera], srv_opts) set_hieradata_on(server, server_hieradata) print_test_config(server_hieradata, server_manifest) - apply_manifest_on(server, server_manifest, :catch_failures => true) + apply_manifest_on(server, server_manifest, catch_failures: true) end - it 'should be idempotent' do - apply_manifest_on(server, server_manifest, :catch_changes => true) + it 'is idempotent' do + apply_manifest_on(server, server_manifest, catch_changes: true) end - it 'should export shared dir' do + it 'exports shared dir' do on(server, 'exportfs -v') on(server, "exportfs -v | grep #{srv_opts[:exported_dir]}") end @@ -81,81 +81,81 @@ end context 'vagrant connectivity' do - it 'should ensure vagrant connectivity' do + it 'ensures vagrant connectivity' do on(hosts, 'date') end end clients.each_index do |index| client_opts = { - :host => clients[index], - :is_server => false, - :is_client => true, - :nfsv3 => opts[:client_config][:nfsv3], - :mounts => [ + host: clients[index], + is_server: false, + is_client: true, + nfsv3: opts[:client_config][:nfsv3], + mounts: [ { # mount to server 1 - :mount_dir => "/mnt/#{server1.to_s}-#{File.basename(opts[:server1_config][:exported_dir])}", - :mount_server_name => server1.to_s, - :mount_server_ip => opts[:server1_config][:server_ip], - :mount_remote_dir => opts[:server1_config][:exported_dir], - :mount_nfs_version => (opts[:client_config][:mount_nfs_version] ? opts[:client_config][:mount_nfs_version][0] : nil), - :mount_sec => (opts[:client_config][:mount_sec] ? opts[:client_config][:mount_sec][0] : nil), - :mount_nfsd_port => opts[:server1_config][:nfsd_port], - :mount_stunnel_nfsd_port => opts[:server1_config][:stunnel_nfsd_port], - :mount_stunnel => (opts[:client_config][:mount_stunnel] ? opts[:client_config][:mount_stunnel][0] : nil) + mount_dir: "/mnt/#{server1}-#{File.basename(opts[:server1_config][:exported_dir])}", + mount_server_name: server1.to_s, + mount_server_ip: opts[:server1_config][:server_ip], + mount_remote_dir: opts[:server1_config][:exported_dir], + mount_nfs_version: (opts[:client_config][:mount_nfs_version] ? opts[:client_config][:mount_nfs_version][0] : nil), + mount_sec: (opts[:client_config][:mount_sec] ? opts[:client_config][:mount_sec][0] : nil), + mount_nfsd_port: opts[:server1_config][:nfsd_port], + mount_stunnel_nfsd_port: opts[:server1_config][:stunnel_nfsd_port], + mount_stunnel: (opts[:client_config][:mount_stunnel] ? opts[:client_config][:mount_stunnel][0] : nil), }, { # mount to server 2 - :mount_dir => "/mnt/#{server2.to_s}-#{File.basename(opts[:server2_config][:exported_dir])}", - :mount_server_name => server2.to_s, - :mount_server_ip => opts[:server2_config][:server_ip], - :mount_remote_dir => opts[:server2_config][:exported_dir], - :mount_nfs_version => (opts[:client_config][:mount_nfs_version] ? opts[:client_config][:mount_nfs_version][1] : nil), - :mount_sec => (opts[:client_config][:mount_sec] ? opts[:client_config][:mount_sec][1] : nil), - :mount_nfsd_port => opts[:server2_config][:nfsd_port], - :mount_stunnel_nfsd_port => opts[:server2_config][:stunnel_nfsd_port], - :mount_stunnel => (opts[:client_config][:mount_stunnel] ? opts[:client_config][:mount_stunnel][1] : nil) - } - ] + mount_dir: "/mnt/#{server2}-#{File.basename(opts[:server2_config][:exported_dir])}", + mount_server_name: server2.to_s, + mount_server_ip: opts[:server2_config][:server_ip], + mount_remote_dir: opts[:server2_config][:exported_dir], + mount_nfs_version: (opts[:client_config][:mount_nfs_version] ? opts[:client_config][:mount_nfs_version][1] : nil), + mount_sec: (opts[:client_config][:mount_sec] ? opts[:client_config][:mount_sec][1] : nil), + mount_nfsd_port: opts[:server2_config][:nfsd_port], + mount_stunnel_nfsd_port: opts[:server2_config][:stunnel_nfsd_port], + mount_stunnel: (opts[:client_config][:mount_stunnel] ? opts[:client_config][:mount_stunnel][1] : nil), + }, + ], } context "as a NFS client #{clients[index]} using NFS servers #{server1} and #{server2}" do let(:client) { clients[index] } - let(:client_manifest) { - [ - create_static_mount_manifest(client_opts[:mounts][0]), - '', - create_static_mount_manifest(client_opts[:mounts][1]) - ].join("\n") - } + let(:client_manifest) do + [ + create_static_mount_manifest(client_opts[:mounts][0]), + '', + create_static_mount_manifest(client_opts[:mounts][1]), + ].join("\n") + end - it 'should ensure vagrant connectivity' do + it 'ensures vagrant connectivity' do on(hosts, 'date') end - it 'should apply client manifest to mount a dir from each server' do + it 'applies client manifest to mount a dir from each server' do client_hieradata = build_host_hiera(opts[:base_hiera], client_opts) set_hieradata_on(client, client_hieradata) print_test_config(client_hieradata, client_manifest) - apply_manifest_on(client, client_manifest, :catch_failures => true) + apply_manifest_on(client, client_manifest, catch_failures: true) end - it 'should be idempotent' do - apply_manifest_on(client, client_manifest, :catch_changes => true) + it 'is idempotent' do + apply_manifest_on(client, client_manifest, catch_changes: true) on(client, 'mount') end client_opts[:mounts].each do |mount_opts| - it "should mount NFS share from #{mount_opts[:mount_server_name]}" do + it "mounts NFS share from #{mount_opts[:mount_server_name]}" do on(client, "mount | grep #{mount_opts[:mount_dir]}") on(client, %(grep -q '#{file_search_string}' #{mount_opts[:mount_dir]}/#{file_basename})) end end client_opts[:mounts].each do |mount_opts| - it 'should remove mount as prep for next test' do + it 'removes mount as prep for next test' do # use puppet resource instead of simple umount, in order to remove # persistent mount configuration - on(client, %{puppet resource mount #{mount_opts[:mount_dir]} ensure=absent}) + on(client, %(puppet resource mount #{mount_opts[:mount_dir]} ensure=absent)) on(client, "rm -rf #{mount_opts[:mount_dir]}") end end diff --git a/spec/acceptance/shared_examples/nfs_share_using_autofs_distinct_roles.rb b/spec/acceptance/shared_examples/nfs_share_using_autofs_distinct_roles.rb index 1a8f7a7..7c4b3c7 100644 --- a/spec/acceptance/shared_examples/nfs_share_using_autofs_distinct_roles.rb +++ b/spec/acceptance/shared_examples/nfs_share_using_autofs_distinct_roles.rb @@ -21,44 +21,44 @@ # * #SERVER_IP# # shared_examples 'a NFS share using autofs with distinct client/server roles' do |servers, clients, opts| - export_root_path = '/srv/nfs_root' + export_root_path = '/srv/nfs_root' mount_root_path = '/mnt' mount_map = { - :direct => { - :export_dir => "#{export_root_path}/for_direct", - :exported_files => [ "#{export_root_path}/for_direct/test_file" ], - :mount_name => "#{mount_root_path}/direct", - :mounted_files => [ "#{mount_root_path}/direct/test_file" ] + direct: { + export_dir: "#{export_root_path}/for_direct", + exported_files: [ "#{export_root_path}/for_direct/test_file" ], + mount_name: "#{mount_root_path}/direct", + mounted_files: [ "#{mount_root_path}/direct/test_file" ], + }, + indirect: { + export_dir: "#{export_root_path}/for_indirect", + exported_files: [ "#{export_root_path}/for_indirect/test_file" ], + mount_name: "#{mount_root_path}/indirect", + mounted_files: [ "#{mount_root_path}/indirect/autodir/test_file" ], + map_key: 'autodir', + add_key_subst: false, }, - :indirect => { - :export_dir => "#{export_root_path}/for_indirect", - :exported_files => [ "#{export_root_path}/for_indirect/test_file" ], - :mount_name => "#{mount_root_path}/indirect", - :mounted_files => [ "#{mount_root_path}/indirect/autodir/test_file" ], - :map_key => 'autodir', - :add_key_subst => false, - }, - :indirect_wildcard => { - :export_dir => "#{export_root_path}/for_indirect_wildcard", - :exported_files => [ + indirect_wildcard: { + export_dir: "#{export_root_path}/for_indirect_wildcard", + exported_files: [ "#{export_root_path}/for_indirect_wildcard/sub1/test_file", - "#{export_root_path}/for_indirect_wildcard/sub2/test_file" + "#{export_root_path}/for_indirect_wildcard/sub2/test_file", ], - :mount_name => "#{mount_root_path}/indirect_wildcard", - :mounted_files => [ + mount_name: "#{mount_root_path}/indirect_wildcard", + mounted_files: [ "#{mount_root_path}/indirect_wildcard/sub1/test_file", - "#{mount_root_path}/indirect_wildcard/sub2/test_file" + "#{mount_root_path}/indirect_wildcard/sub2/test_file", ], - :map_key => '*', - :add_key_subst => true, - } + map_key: '*', + add_key_subst: true, + }, } - let(:export_dirs) { mount_map.map { |type,info| info[:export_dir] }.flatten } - let(:exported_files) { mount_map.map { |type,info| info[:exported_files] }.flatten } - let(:mounted_files) { mount_map.map { |type,info| info[:mounted_files] }.flatten } + let(:export_dirs) { mount_map.map { |_type, info| info[:export_dir] }.flatten } + let(:exported_files) { mount_map.map { |_type, info| info[:exported_files] }.flatten } + let(:mounted_files) { mount_map.map { |_type, info| info[:mounted_files] }.flatten } let(:file_content_base) { 'This is a test file from' } - let(:server_manifest) { + let(:server_manifest) do <<~EOM include 'ssh' @@ -66,7 +66,7 @@ ensure => 'directory', owner => 'root', group => 'root', - mode => '0644' + mode => '0644', } $export_dirs = [ @@ -78,14 +78,14 @@ ensure => 'directory', owner => 'root', group => 'root', - mode => '0644' + mode => '0644', } nfs::server::export { $_export_dir: clients => ['*'], export_path => $_export_dir, sec => ['#{opts[:nfs_sec]}'], - insecure => #{opts[:export_insecure]} + insecure => #{opts[:export_insecure]}, } File["${_export_dir}"] -> Nfs::Server::Export["${_export_dir}"] @@ -99,7 +99,7 @@ ensure => 'directory', owner => 'root', group => 'root', - mode => '0644' + mode => '0644', } $files.each |String $_file| { @@ -117,10 +117,10 @@ #{opts[:server_custom]} EOM - } + end let(:nfs_version) { opts[:nfsv3] ? 3 : 4 } - let(:client_manifest_base) { + let(:client_manifest_base) do <<~EOM include 'ssh' @@ -143,7 +143,7 @@ sec => '#{opts[:nfs_sec]}', autofs => true, autofs_indirect_map_key => '#{mount_map[:indirect][:map_key]}', - autofs_add_key_subst => #{mount_map[:indirect][:add_key_subst].to_s} + autofs_add_key_subst => #{mount_map[:indirect][:add_key_subst]}, } # indirect mount with wildcard and map key substitution @@ -154,34 +154,34 @@ sec => '#{opts[:nfs_sec]}', autofs => true, autofs_indirect_map_key => '#{mount_map[:indirect_wildcard][:map_key]}', - autofs_add_key_subst => #{mount_map[:indirect_wildcard][:add_key_subst].to_s} + autofs_add_key_subst => #{mount_map[:indirect_wildcard][:add_key_subst]}, } #{opts[:client_custom]} EOM - } + end servers.each do |server| context "as just a NFS server #{server}" do - it 'should ensure vagrant connectivity' do + it 'ensures vagrant connectivity' do on(hosts, 'date') end - it 'should apply server manifest to export' do + it 'applies server manifest to export' do server_hieradata = Marshal.load(Marshal.dump(opts[:base_hiera])) server_hieradata['nfs::is_client'] = false server_hieradata['nfs::is_server'] = true server_hieradata['nfs::nfsv3'] = opts[:nfsv3] set_hieradata_on(server, server_hieradata) print_test_config(server_hieradata, server_manifest) - apply_manifest_on(server, server_manifest, :catch_failures => true) + apply_manifest_on(server, server_manifest, catch_failures: true) end - it 'should be idempotent' do - apply_manifest_on(server, server_manifest, :catch_changes => true) + it 'is idempotent' do + apply_manifest_on(server, server_manifest, catch_changes: true) end - it 'should export shared dirs' do + it 'exports shared dirs' do export_dirs.each do |dir| on(server, 'exportfs -v') on(server, "exportfs -v | grep -w #{dir}") @@ -195,35 +195,38 @@ clients.each do |client| servers.each do |server| context "as just a NFS client #{client} using NFS server #{server}" do - let(:server_ip) { + let(:server_ip) do info = internal_network_info(server) - expect(info[:ip]).to_not be_nil info[:ip] - } + end let(:mount_dir) { "/mnt/#{server}" } - let(:client_manifest) { + let(:client_manifest) do client_manifest = client_manifest_base.dup client_manifest.gsub!('#MOUNT_ROOT_DIR#', mount_dir) client_manifest.gsub!('#SERVER_IP#', server_ip) client_manifest - } + end + + it "checks server IP for #{server}" do + expect(info[:ip]).not_to be_nil + end - it "should apply client manifest to mount dir from #{server}" do + it "applies client manifest to mount dir from #{server}" do client_hieradata = Marshal.load(Marshal.dump(opts[:base_hiera])) client_hieradata['nfs::is_client'] = true client_hieradata['nfs::is_server'] = false client_hieradata['nfs::nfsv3'] = opts[:nfsv3] set_hieradata_on(client, client_hieradata) print_test_config(client_hieradata, client_manifest) - apply_manifest_on(client, client_manifest, :catch_failures => true) + apply_manifest_on(client, client_manifest, catch_failures: true) end - it 'should be idempotent' do - apply_manifest_on(client, client_manifest, :catch_changes => true) + it 'is idempotent' do + apply_manifest_on(client, client_manifest, catch_changes: true) end - it 'should automount NFS shares' do + it 'automounts NFS shares' do mounted_files.each do |file| auto_dir = File.dirname(file) filename = File.basename(file) @@ -234,7 +237,7 @@ end if opts[:verify_reboot] - it 'should ensure vagrant connectivity' do + it 'ensures vagrant connectivity' do on(hosts, 'date') end @@ -263,9 +266,9 @@ end end - it 'should stop and disable autofs service as prep for next test' do + it 'stops and disable autofs service as prep for next test' do # auto-mounted filesystems are unmounted when autofs service is stopped - on(client, %{puppet resource service autofs ensure=stopped enable=false}) + on(client, %(puppet resource service autofs ensure=stopped enable=false)) end end end diff --git a/spec/acceptance/shared_examples/nfs_share_using_static_mounts_combined_roles.rb b/spec/acceptance/shared_examples/nfs_share_using_static_mounts_combined_roles.rb index 505c01c..dce81f3 100644 --- a/spec/acceptance/shared_examples/nfs_share_using_static_mounts_combined_roles.rb +++ b/spec/acceptance/shared_examples/nfs_share_using_static_mounts_combined_roles.rb @@ -21,67 +21,69 @@ servers_with_client.each do |host| opts[:mount_autodetect_remote].each do |autodetect_remote| context "with autodetect_remote=#{autodetect_remote} on host #{host}" do - let(:mount_dir) { "/mnt/#{host.to_s}-#{File.basename(exported_dir)}" } - let(:host_opts) {{ - :is_server => true, - :is_client => true, - :nfsv3 => opts[:nfsv3], - :exported_dir => exported_dir, - :exported_file => File.join(exported_dir, file_basename), - :exported_file_content => "#{file_search_string} from #{exported_dir}", - :export_sec => opts[:nfs_sec], - :export_insecure => opts[:export_insecure], - :server_custom => opts[:server_custom], - :mount_dir => mount_dir, - :mount_server_ip => internal_network_info(host)[:ip], - :mount_remote_dir => exported_dir, - :mount_nfs_version => (opts[:nfsv3] ? 3 : 4), - :mount_sec => opts[:nfs_sec], - :mount_autodetect_remote => autodetect_remote, - :client_custom => <<~EOM - #{opts[:client_custom]} + let(:mount_dir) { "/mnt/#{host}-#{File.basename(exported_dir)}" } + let(:host_opts) do + { + is_server: true, + is_client: true, + nfsv3: opts[:nfsv3], + exported_dir: exported_dir, + exported_file: File.join(exported_dir, file_basename), + exported_file_content: "#{file_search_string} from #{exported_dir}", + export_sec: opts[:nfs_sec], + export_insecure: opts[:export_insecure], + server_custom: opts[:server_custom], + mount_dir: mount_dir, + mount_server_ip: internal_network_info(host)[:ip], + mount_remote_dir: exported_dir, + mount_nfs_version: (opts[:nfsv3] ? 3 : 4), + mount_sec: opts[:nfs_sec], + mount_autodetect_remote: autodetect_remote, + client_custom: <<~EOM, + #{opts[:client_custom]} - Nfs::Server::Export['#{exported_dir}'] -> Nfs::Client::Mount['#{mount_dir}'] - Service['nfs-server.service'] -> Nfs::Client::Mount['#{mount_dir}'] - EOM - }} + Nfs::Server::Export['#{exported_dir}'] -> Nfs::Client::Mount['#{mount_dir}'] + Service['nfs-server.service'] -> Nfs::Client::Mount['#{mount_dir}'] + EOM + } + end - let(:manifest) { + let(:manifest) do [ create_export_manifest(host_opts), '', - create_static_mount_manifest(host_opts) + create_static_mount_manifest(host_opts), ].join("\n") - } + end - it 'should ensure vagrant connectivity' do + it 'ensures vagrant connectivity' do on(hosts, 'date') end - it 'should apply server+client manifest to export+mount' do + it 'applies server+client manifest to export+mount' do hieradata = build_host_hiera(opts[:base_hiera], host_opts) set_hieradata_on(host, hieradata) print_test_config(hieradata, manifest) - apply_manifest_on(host, manifest, :catch_failures => true) + apply_manifest_on(host, manifest, catch_failures: true) end - it 'should be idempotent' do - apply_manifest_on(host, manifest, :catch_changes => true) + it 'is idempotent' do + apply_manifest_on(host, manifest, catch_changes: true) end - it 'should export shared dir' do + it 'exports shared dir' do on(host, 'exportfs -v') on(host, "exportfs | grep #{exported_dir}") end - it 'should mount NFS share' do + it 'mounts NFS share' do on(host, %(grep -q '#{file_search_string}' #{mount_dir}/#{file_basename})) end - it 'should remove mount as prep for next test' do - # use puppet resource instead of simple umount, in order to remove - # persistent mount configuration - on(host, %{puppet resource mount #{mount_dir} ensure=absent}) + it 'removes mount as prep for next test' do + # use puppet resource instead of simple umount, in order to remove + # persistent mount configuration + on(host, %(puppet resource mount #{mount_dir} ensure=absent)) on(host, "rm -rf #{mount_dir}") end end diff --git a/spec/acceptance/shared_examples/nfs_share_using_static_mounts_distinct_roles.rb b/spec/acceptance/shared_examples/nfs_share_using_static_mounts_distinct_roles.rb index 7072a7b..2fe4c75 100644 --- a/spec/acceptance/shared_examples/nfs_share_using_static_mounts_distinct_roles.rb +++ b/spec/acceptance/shared_examples/nfs_share_using_static_mounts_distinct_roles.rb @@ -19,39 +19,40 @@ let(:file_basename) { 'test_file' } let(:file_search_string) { 'This is a test file' } - let(:server_opts) {{ - :is_server => true, - :is_client => false, - :nfsv3 => opts[:nfsv3], - :exported_dir => exported_dir, - :exported_file => File.join(exported_dir, file_basename), - :exported_file_content => "#{file_search_string} from #{exported_dir}", - :export_sec => opts[:nfs_sec], - :export_insecure => opts[:export_insecure], - :server_custom => opts[:server_custom] - }} + let(:server_opts) do + { + is_server: true, + is_client: false, + nfsv3: opts[:nfsv3], + exported_dir: exported_dir, + exported_file: File.join(exported_dir, file_basename), + exported_file_content: "#{file_search_string} from #{exported_dir}", + export_sec: opts[:nfs_sec], + export_insecure: opts[:export_insecure], + server_custom: opts[:server_custom], + } + end let(:server_manifest) { create_export_manifest(server_opts) } servers.each do |server| context "as just a NFS server #{server}" do - - it 'should ensure vagrant connectivity' do + it 'ensures vagrant connectivity' do on(hosts, 'date') end - it 'should apply server manifest to export' do + it 'applies server manifest to export' do server_hieradata = build_host_hiera(opts[:base_hiera], server_opts) set_hieradata_on(server, server_hieradata) print_test_config(server_hieradata, server_manifest) - apply_manifest_on(server, server_manifest, :catch_failures => true) + apply_manifest_on(server, server_manifest, catch_failures: true) end - it 'should be idempotent' do - apply_manifest_on(server, server_manifest, :catch_changes => true) + it 'is idempotent' do + apply_manifest_on(server, server_manifest, catch_changes: true) end - it 'should export shared dir' do + it 'exports shared dir' do on(server, 'exportfs -v') on(server, "exportfs -v | grep #{exported_dir}") end @@ -61,39 +62,43 @@ clients.each do |client| servers.each do |server| context "as just a NFS client #{client} using NFS server #{server}" do - let(:client_opts) {{ - :is_server => false, - :is_client => true, - :nfsv3 => opts[:nfsv3], - :mount_dir => "/mnt/#{server.to_s}-#{File.basename(exported_dir)}", - :mount_server_ip => internal_network_info(server)[:ip], - :mount_remote_dir => exported_dir, - :mount_nfs_version => (opts[:nfsv3] ? 3 : 4), - :mount_sec => opts[:nfs_sec] - }} - - let(:client_manifest) { + let(:client_opts) do + { + is_server: false, + is_client: true, + nfsv3: opts[:nfsv3], + mount_dir: "/mnt/#{server}-#{File.basename(exported_dir)}", + mount_server_ip: internal_network_info(server)[:ip], + mount_remote_dir: exported_dir, + mount_nfs_version: (opts[:nfsv3] ? 3 : 4), + mount_sec: opts[:nfs_sec], + } + end + + let(:client_manifest) do <<~EOM #{create_static_mount_manifest(client_opts)} #{opts[:client_custom]} EOM - } + end - it "should apply client manifest to mount dir from #{server}" do + it "applies client manifest to mount dir from #{server}" do client_hieradata = build_host_hiera(opts[:base_hiera], client_opts) set_hieradata_on(client, client_hieradata) print_test_config(client_hieradata, client_manifest) - apply_manifest_on(client, client_manifest, :catch_failures => true) + apply_manifest_on(client, client_manifest, catch_failures: true) end - it 'should be idempotent' do - apply_manifest_on(client, client_manifest, :catch_changes => true) + it 'is idempotent' do + apply_manifest_on(client, client_manifest, catch_changes: true) end - it 'should mount NFS share' do + # rubocop:disable RSpec/RepeatedExample + it 'mounts NFS share' do on(client, %(grep -q '#{file_search_string}' #{client_opts[:mount_dir]}/#{file_basename})) end + # rubocop:enable RSpec/RepeatedExample if opts[:nfsv3] # Want to verify the NLM ports are correctly configured. According @@ -106,7 +111,7 @@ # Unfortunately, even the --nonblock flock option simply hangs when we # have communication problem. So, we will timeout to detect communication # problems instead. - it 'should communicate lock status with NFS server' do + it 'communicates lock status with NFS server' do require 'timeout' begin @@ -117,17 +122,17 @@ nfsd_grace_time = 90 lock_seconds = 1 timeout_seconds = nfsd_grace_time + lock_seconds + 2 - Timeout::timeout(timeout_seconds) do + Timeout.timeout(timeout_seconds) do on(client, "date; flock #{client_opts[:mount_dir]}/#{file_basename} -c 'sleep #{lock_seconds}'; date") end rescue Timeout::Error - fail('Problem with NFSv3 connectivity during file lock') + raise('Problem with NFSv3 connectivity during file lock') end end end if opts[:verify_reboot] - it 'should ensure vagrant connectivity' do + it 'ensures vagrant connectivity' do on(hosts, 'date') end @@ -142,10 +147,11 @@ it 'client manifest should be idempotent after reboot' do client.reboot wait_for_reboot_hack(client) - apply_manifest_on(client, client_manifest, :catch_changes => true) + apply_manifest_on(client, client_manifest, catch_changes: true) end end + # rubocop:disable RSpec/RepeatedExample it 'mount should be re-established after client reboot' do on(client, %(grep -q '#{file_search_string}' #{client_opts[:mount_dir]}/#{file_basename})) end @@ -153,18 +159,19 @@ it 'server manifest should be idempotent after reboot' do server.reboot wait_for_reboot_hack(server) - apply_manifest_on(server, server_manifest, :catch_changes => true) + apply_manifest_on(server, server_manifest, catch_changes: true) end it 'mount should be re-established after server reboot' do on(client, %(grep -q '#{file_search_string}' #{client_opts[:mount_dir]}/#{file_basename})) end + # rubocop:enable RSpec/RepeatedExample end - it 'should remove mount as prep for next test' do + it 'removes mount as prep for next test' do # use puppet resource instead of simple umount, in order to remove # persistent mount configuration - on(client, %{puppet resource mount #{client_opts[:mount_dir]} ensure=absent}) + on(client, %(puppet resource mount #{client_opts[:mount_dir]} ensure=absent)) on(client, "rm -rf #{client_opts[:mount_dir]}") end end diff --git a/spec/acceptance/shared_examples/nfs_share_with_cross_mounted_nfs_servers.rb b/spec/acceptance/shared_examples/nfs_share_with_cross_mounted_nfs_servers.rb index 803821b..e73f712 100644 --- a/spec/acceptance/shared_examples/nfs_share_with_cross_mounted_nfs_servers.rb +++ b/spec/acceptance/shared_examples/nfs_share_with_cross_mounted_nfs_servers.rb @@ -19,53 +19,53 @@ file_basename = 'test_file' file_search_string = 'This is a test file' server1_opts = { - :host => server1, - :server_ip => opts[:server1_config][:server_ip], - :is_server => true, - :is_client => true, - :nfsv3 => opts[:server1_config][:nfsv3], - :nfsd_port => opts[:server1_config][:nfsd_port], - :stunnel_nfsd_port => opts[:server1_config][:stunnel_nfsd_port], - :exported_dir => opts[:server1_config][:exported_dir], - :exported_file => File.join(opts[:server1_config][:exported_dir], file_basename), - :exported_file_content => "#{file_search_string} from #{opts[:server1_config][:exported_dir]}", - :export_sec => opts[:server1_config][:export_sec], - :export_insecure => opts[:server1_config][:export_insecure], + host: server1, + server_ip: opts[:server1_config][:server_ip], + is_server: true, + is_client: true, + nfsv3: opts[:server1_config][:nfsv3], + nfsd_port: opts[:server1_config][:nfsd_port], + stunnel_nfsd_port: opts[:server1_config][:stunnel_nfsd_port], + exported_dir: opts[:server1_config][:exported_dir], + exported_file: File.join(opts[:server1_config][:exported_dir], file_basename), + exported_file_content: "#{file_search_string} from #{opts[:server1_config][:exported_dir]}", + export_sec: opts[:server1_config][:export_sec], + export_insecure: opts[:server1_config][:export_insecure], # mount to server2 - :mount_server_name => server2.to_s, - :mount_dir => "/mnt/#{server2.to_s}-#{File.basename(opts[:server2_config][:exported_dir])}", - :mount_server_ip => opts[:server2_config][:server_ip], - :mount_remote_dir => opts[:server2_config][:exported_dir], - :mount_nfs_version => opts[:server1_config][:mount_nfs_version], - :mount_sec => opts[:server1_config][:mount_sec], - :mount_nfsd_port => opts[:server2_config][:nfsd_port], - :mount_stunnel_nfsd_port => opts[:server2_config][:stunnel_nfsd_port], - :mount_stunnel => opts[:server1_config][:mount_stunnel], + mount_server_name: server2.to_s, + mount_dir: "/mnt/#{server2}-#{File.basename(opts[:server2_config][:exported_dir])}", + mount_server_ip: opts[:server2_config][:server_ip], + mount_remote_dir: opts[:server2_config][:exported_dir], + mount_nfs_version: opts[:server1_config][:mount_nfs_version], + mount_sec: opts[:server1_config][:mount_sec], + mount_nfsd_port: opts[:server2_config][:nfsd_port], + mount_stunnel_nfsd_port: opts[:server2_config][:stunnel_nfsd_port], + mount_stunnel: opts[:server1_config][:mount_stunnel], } server2_opts = { - :host => server2, - :server_ip => opts[:server2_config][:server_ip], - :is_server => true, - :is_client => true, - :nfsv3 => opts[:server2_config][:nfsv3], - :nfsd_port => opts[:server2_config][:nfsd_port], - :stunnel_nfsd_port => opts[:server2_config][:stunnel_nfsd_port], - :exported_dir => opts[:server2_config][:exported_dir], - :exported_file => File.join(opts[:server2_config][:exported_dir], file_basename), - :exported_file_content => "#{file_search_string} from #{opts[:server2_config][:exported_dir]}", - :export_sec => opts[:server2_config][:export_sec], - :export_insecure => opts[:server2_config][:export_insecure], + host: server2, + server_ip: opts[:server2_config][:server_ip], + is_server: true, + is_client: true, + nfsv3: opts[:server2_config][:nfsv3], + nfsd_port: opts[:server2_config][:nfsd_port], + stunnel_nfsd_port: opts[:server2_config][:stunnel_nfsd_port], + exported_dir: opts[:server2_config][:exported_dir], + exported_file: File.join(opts[:server2_config][:exported_dir], file_basename), + exported_file_content: "#{file_search_string} from #{opts[:server2_config][:exported_dir]}", + export_sec: opts[:server2_config][:export_sec], + export_insecure: opts[:server2_config][:export_insecure], # mount to server1 - :mount_server_name => server1.to_s, - :mount_dir => "/mnt/#{server1.to_s}-#{File.basename(opts[:server1_config][:exported_dir])}", - :mount_server_ip => opts[:server1_config][:server_ip], - :mount_remote_dir => opts[:server1_config][:exported_dir], - :mount_nfs_version => opts[:server2_config][:mount_nfs_version], - :mount_sec => opts[:server2_config][:mount_sec], - :mount_nfsd_port => opts[:server1_config][:nfsd_port], - :mount_stunnel_nfsd_port => opts[:server1_config][:stunnel_nfsd_port], - :mount_stunnel => opts[:server2_config][:mount_stunnel], + mount_server_name: server1.to_s, + mount_dir: "/mnt/#{server1}-#{File.basename(opts[:server1_config][:exported_dir])}", + mount_server_ip: opts[:server1_config][:server_ip], + mount_remote_dir: opts[:server1_config][:exported_dir], + mount_nfs_version: opts[:server2_config][:mount_nfs_version], + mount_sec: opts[:server2_config][:mount_sec], + mount_nfsd_port: opts[:server1_config][:nfsd_port], + mount_stunnel_nfsd_port: opts[:server1_config][:stunnel_nfsd_port], + mount_stunnel: opts[:server2_config][:mount_stunnel], } # Just do the exports first, so we can then apply a manifest that exports @@ -74,22 +74,22 @@ [ server1_opts, server2_opts].each do |srv_opts| context "as NFS server #{srv_opts[:host]}" do let(:server) { srv_opts[:host] } - let(:server_manifest) { + let(:server_manifest) do create_export_manifest(srv_opts) - } + end - it 'should apply server manifest to export' do + it 'applies server manifest to export' do server_hieradata = build_host_hiera(opts[:base_hiera], srv_opts) set_hieradata_on(server, server_hieradata) print_test_config(server_hieradata, server_manifest) - apply_manifest_on(server, server_manifest, :catch_failures => true) + apply_manifest_on(server, server_manifest, catch_failures: true) end - it 'should be idempotent' do - apply_manifest_on(server, server_manifest, :catch_changes => true) + it 'is idempotent' do + apply_manifest_on(server, server_manifest, catch_changes: true) end - it 'should export shared dir' do + it 'exports shared dir' do on(server, 'exportfs -v') on(server, "exportfs -v | grep #{srv_opts[:exported_dir]}") end @@ -98,7 +98,7 @@ end context 'vagrant connectivity' do - it 'should ensure vagrant connectivity' do + it 'ensures vagrant connectivity' do on(hosts, 'date') end end @@ -107,31 +107,31 @@ [ server1_opts, server2_opts].each do |srv_opts| context "as NFS server #{srv_opts[:host]}" do let(:server) { srv_opts[:host] } - let(:server_manifest) { + let(:server_manifest) do [ create_export_manifest(srv_opts), '', - create_static_mount_manifest(srv_opts) + create_static_mount_manifest(srv_opts), ].join("\n") - } + end - it 'should apply server manifest to export and mount' do + it 'applies server manifest to export and mount' do server_hieradata = build_host_hiera(opts[:base_hiera], srv_opts) set_hieradata_on(server, server_hieradata) print_test_config(server_hieradata, server_manifest) - apply_manifest_on(server, server_manifest, :catch_failures => true) + apply_manifest_on(server, server_manifest, catch_failures: true) end - it 'should be idempotent' do - apply_manifest_on(server, server_manifest, :catch_changes => true) + it 'is idempotent' do + apply_manifest_on(server, server_manifest, catch_changes: true) end - it 'should export shared dir' do + it 'exports shared dir' do on(server, 'exportfs -v') on(server, "exportfs -v | grep #{srv_opts[:exported_dir]}") end - it "should mount NFS share from #{srv_opts[:mount_server_name]}" do + it "mounts NFS share from #{srv_opts[:mount_server_name]}" do on(server, "mount | grep #{srv_opts[:mount_dir]}") on(server, %(grep -q '#{file_search_string}' #{srv_opts[:mount_dir]}/#{file_basename})) end @@ -142,67 +142,67 @@ clients_cleanup_opts = [] clients.each_index do |index| client_opts = { - :host => clients[index], - :is_server => false, - :is_client => true, - :nfsv3 => opts[:client_config][:nfsv3], - :mounts => [ + host: clients[index], + is_server: false, + is_client: true, + nfsv3: opts[:client_config][:nfsv3], + mounts: [ { # mount to server 1 - :mount_dir => "/mnt/#{server1.to_s}-#{File.basename(opts[:server1_config][:exported_dir])}", - :mount_server_name => server1.to_s, - :mount_server_ip => opts[:server1_config][:server_ip], - :mount_remote_dir => opts[:server1_config][:exported_dir], - :mount_nfs_version => (opts[:client_config][:mount_nfs_version] ? opts[:client_config][:mount_nfs_version][0] : nil), - :mount_sec => (opts[:client_config][:mount_sec] ? opts[:client_config][:mount_sec][0] : nil), - :mount_nfsd_port => opts[:server1_config][:nfsd_port], - :mount_stunnel_nfsd_port => opts[:server1_config][:stunnel_nfsd_port], - :mount_stunnel => (opts[:client_config][:mount_stunnel] ? opts[:client_config][:mount_stunnel][0] : nil) + mount_dir: "/mnt/#{server1}-#{File.basename(opts[:server1_config][:exported_dir])}", + mount_server_name: server1.to_s, + mount_server_ip: opts[:server1_config][:server_ip], + mount_remote_dir: opts[:server1_config][:exported_dir], + mount_nfs_version: (opts[:client_config][:mount_nfs_version] ? opts[:client_config][:mount_nfs_version][0] : nil), + mount_sec: (opts[:client_config][:mount_sec] ? opts[:client_config][:mount_sec][0] : nil), + mount_nfsd_port: opts[:server1_config][:nfsd_port], + mount_stunnel_nfsd_port: opts[:server1_config][:stunnel_nfsd_port], + mount_stunnel: (opts[:client_config][:mount_stunnel] ? opts[:client_config][:mount_stunnel][0] : nil), }, { # mount to server 2 - :mount_dir => "/mnt/#{server2.to_s}-#{File.basename(opts[:server2_config][:exported_dir])}", - :mount_server_name => server2.to_s, - :mount_server_ip => opts[:server2_config][:server_ip], - :mount_remote_dir => opts[:server2_config][:exported_dir], - :mount_nfs_version => (opts[:client_config][:mount_nfs_version] ? opts[:client_config][:mount_nfs_version][1] : nil), - :mount_sec => (opts[:client_config][:mount_sec] ? opts[:client_config][:mount_sec][1] : nil), - :mount_nfsd_port => opts[:server2_config][:nfsd_port], - :mount_stunnel_nfsd_port => opts[:server2_config][:stunnel_nfsd_port], - :mount_stunnel => (opts[:client_config][:mount_stunnel] ? opts[:client_config][:mount_stunnel][1] : nil) - } - ] + mount_dir: "/mnt/#{server2}-#{File.basename(opts[:server2_config][:exported_dir])}", + mount_server_name: server2.to_s, + mount_server_ip: opts[:server2_config][:server_ip], + mount_remote_dir: opts[:server2_config][:exported_dir], + mount_nfs_version: (opts[:client_config][:mount_nfs_version] ? opts[:client_config][:mount_nfs_version][1] : nil), + mount_sec: (opts[:client_config][:mount_sec] ? opts[:client_config][:mount_sec][1] : nil), + mount_nfsd_port: opts[:server2_config][:nfsd_port], + mount_stunnel_nfsd_port: opts[:server2_config][:stunnel_nfsd_port], + mount_stunnel: (opts[:client_config][:mount_stunnel] ? opts[:client_config][:mount_stunnel][1] : nil), + }, + ], } - clients_cleanup_opts << { :host => clients[index], :mount_dir => client_opts[:mounts][0][:mount_dir] } - clients_cleanup_opts << { :host => clients[index], :mount_dir => client_opts[:mounts][1][:mount_dir] } + clients_cleanup_opts << { host: clients[index], mount_dir: client_opts[:mounts][0][:mount_dir] } + clients_cleanup_opts << { host: clients[index], mount_dir: client_opts[:mounts][1][:mount_dir] } context "as a NFS client #{clients[index]} using NFS servers #{server1} and #{server2}" do let(:client) { clients[index] } - let(:client_manifest) { + let(:client_manifest) do [ create_static_mount_manifest(client_opts[:mounts][0]), '', - create_static_mount_manifest(client_opts[:mounts][1]) + create_static_mount_manifest(client_opts[:mounts][1]), ].join("\n") - } + end - it 'should ensure vagrant connectivity' do + it 'ensures vagrant connectivity' do on(hosts, 'date') end - it 'should apply client manifest to mount a dir from each server' do + it 'applies client manifest to mount a dir from each server' do client_hieradata = build_host_hiera(opts[:base_hiera], client_opts) set_hieradata_on(client, client_hieradata) print_test_config(client_hieradata, client_manifest) - apply_manifest_on(client, client_manifest, :catch_failures => true) + apply_manifest_on(client, client_manifest, catch_failures: true) end - it 'should be idempotent' do - apply_manifest_on(client, client_manifest, :catch_changes => true) + it 'is idempotent' do + apply_manifest_on(client, client_manifest, catch_changes: true) on(client, 'mount') end client_opts[:mounts].each do |mount_opts| - it "should mount NFS share from #{mount_opts[:mount_server_name]}" do + it "mounts NFS share from #{mount_opts[:mount_server_name]}" do on(client, "mount | grep #{mount_opts[:mount_dir]}") on(client, %(grep -q '#{file_search_string}' #{mount_opts[:mount_dir]}/#{file_basename})) end @@ -213,10 +213,10 @@ context 'cleanup' do ([ server1_opts, server2_opts] + clients_cleanup_opts).each do |host_opts| let(:host) { host_opts[:host] } - it 'should remove mount as prep for next test' do + it 'removes mount as prep for next test' do # use puppet resource instead of simple umount, in order to remove # persistent mount configuration - on(host, %{puppet resource mount #{host_opts[:mount_dir]} ensure=absent}) + on(host, %(puppet resource mount #{host_opts[:mount_dir]} ensure=absent)) on(host, "rm -rf #{host_opts[:mount_dir]}") end end diff --git a/spec/acceptance/suites/default/00_basic_test_spec.rb b/spec/acceptance/suites/default/00_basic_test_spec.rb index 24e03d2..85f6392 100644 --- a/spec/acceptance/suites/default/00_basic_test_spec.rb +++ b/spec/acceptance/suites/default/00_basic_test_spec.rb @@ -3,13 +3,12 @@ test_name 'nfs basic' describe 'nfs basic' do + servers = hosts_with_role(hosts, 'nfs_server') + servers_with_client = hosts_with_role(hosts, 'nfs_server_and_client') + servers_tcpwrappers = servers.select { |server| server.name.include?('el7') } - servers = hosts_with_role( hosts, 'nfs_server' ) - servers_with_client = hosts_with_role( hosts, 'nfs_server_and_client' ) - servers_tcpwrappers = servers.select { |server| server.name.match(/el7/) } - - clients = hosts_with_role( hosts, 'nfs_client' ) - clients_tcpwrappers = clients.select { |client| client.name.match(/el7/) } + clients = hosts_with_role(hosts, 'nfs_client') + clients_tcpwrappers = clients.select { |client| client.name.include?('el7') } base_hiera = { # Set us up for a basic NFS (firewall-only) @@ -25,18 +24,18 @@ # make sure we are using iptables and not nftables because nftables # core dumps with rules from the nfs module - 'firewalld::firewall_backend' => 'iptables' + 'firewalld::firewall_backend' => 'iptables', } context 'with firewall only' do context 'NFSv4 with firewall' do opts = { - :base_hiera => base_hiera, - :export_insecure => false, - :nfs_sec => 'sys', - :nfsv3 => false, - :mount_autodetect_remote => [ true, false ], - :verify_reboot => true + base_hiera: base_hiera, + export_insecure: false, + nfs_sec: 'sys', + nfsv3: false, + mount_autodetect_remote: [ true, false ], + verify_reboot: true, } it_behaves_like 'a NFS share using static mounts with distinct client/server roles', servers, clients, opts @@ -46,12 +45,12 @@ context 'NFSv3 with firewall' do opts = { - :base_hiera => base_hiera, - :export_insecure => false, - :nfs_sec => 'sys', - :nfsv3 => true, - :mount_autodetect_remote => [ true, false ], # used in combined client/server test - :verify_reboot => true + base_hiera: base_hiera, + export_insecure: false, + nfs_sec: 'sys', + nfsv3: true, + mount_autodetect_remote: [ true, false ], # used in combined client/server test + verify_reboot: true, } it_behaves_like 'a NFS share using static mounts with distinct client/server roles', servers, clients, opts @@ -61,7 +60,7 @@ end context 'long running test' do - it 'should ensure vagrant connectivity' do + it 'ensures vagrant connectivity' do on(hosts, 'date') end end @@ -74,18 +73,18 @@ 'nfs::custom_nfs_conf_opts' => { 'nfsd' => { 'tcp' => true, - 'udp' => false - } - } + 'udp' => false, + }, + }, } context 'NFSv4 with firewall and tcpwrappers' do opts = { - :base_hiera => base_hiera.merge(tcpwrappers_hiera), - :export_insecure => false, - :nfs_sec => 'sys', - :nfsv3 => false, - :verify_reboot => false + base_hiera: base_hiera.merge(tcpwrappers_hiera), + export_insecure: false, + nfs_sec: 'sys', + nfsv3: false, + verify_reboot: false, } it_behaves_like 'a NFS share using static mounts with distinct client/server roles', @@ -97,11 +96,11 @@ context 'NFSv3 with firewall and tcpwrappers' do opts = { - :base_hiera => base_hiera.merge(tcpwrappers_hiera), - :export_insecure => false, - :nfs_sec => 'sys', - :nfsv3 => true, - :verify_reboot => false + base_hiera: base_hiera.merge(tcpwrappers_hiera), + export_insecure: false, + nfs_sec: 'sys', + nfsv3: true, + verify_reboot: false, } it_behaves_like 'a NFS share using static mounts with distinct client/server roles', @@ -113,7 +112,7 @@ context 'clean up for next test' do (servers_tcpwrappers + clients_tcpwrappers).each do |host| - it 'should disable tcpwrappers by removing hosts.allow and hosts.deny files' do + it 'disables tcpwrappers by removing hosts.allow and hosts.deny files' do on(host, 'rm -f /etc/hosts.allow /etc/hosts.deny') end end diff --git a/spec/acceptance/suites/default/10_cross_server_mounts_test_spec.rb b/spec/acceptance/suites/default/10_cross_server_mounts_test_spec.rb index 016acff..42f7ec1 100644 --- a/spec/acceptance/suites/default/10_cross_server_mounts_test_spec.rb +++ b/spec/acceptance/suites/default/10_cross_server_mounts_test_spec.rb @@ -8,16 +8,15 @@ # * Each NFS client mounts directories from both NFS servers describe 'cross-mounted NFS servers plus clients' do - - servers = hosts_with_role( hosts, 'nfs_server' ) + servers = hosts_with_role(hosts, 'nfs_server') if servers.size < 2 - fail("#{__FILE__} requires at least 2 hosts with role 'nfs_server'") + raise("#{__FILE__} requires at least 2 hosts with role 'nfs_server'") end server1 = servers[0] server2 = servers[1] - clients = hosts_with_role( hosts, 'nfs_client' ) + clients = hosts_with_role(hosts, 'nfs_client') base_hiera = { 'simp_options::firewall' => true, @@ -32,37 +31,37 @@ # make sure we are using iptables and not nftables because nftables # core dumps with rules from the nfs module - 'firewalld::firewall_backend' => 'iptables' + 'firewalld::firewall_backend' => 'iptables', } context 'NFSv4 cross mounts' do opts = { - :base_hiera => base_hiera, - :server1_config => { - :server_ip => internal_network_info(server1)[:ip], - :exported_dir => '/srv/home', - :export_insecure => false, - :export_sec => 'sys', - :mount_nfs_version => 4, - :mount_sec => 'sys', - :mount_stunnel => false + base_hiera: base_hiera, + server1_config: { + server_ip: internal_network_info(server1)[:ip], + exported_dir: '/srv/home', + export_insecure: false, + export_sec: 'sys', + mount_nfs_version: 4, + mount_sec: 'sys', + mount_stunnel: false, }, - :server2_config => { - :server_ip => internal_network_info(server2)[:ip], - :exported_dir => '/srv/apps', - :export_insecure => false, - :export_sec => 'sys', - :mount_nfs_version => 4, - :mount_sec => 'sys', - :mount_stunnel => false + server2_config: { + server_ip: internal_network_info(server2)[:ip], + exported_dir: '/srv/apps', + export_insecure: false, + export_sec: 'sys', + mount_nfs_version: 4, + mount_sec: 'sys', + mount_stunnel: false, }, # applies to all clients - :client_config => { + client_config: { # index 0 => server1 mount, index 1 => server 2 mount - :mount_nfs_version => [4, 4], - :mount_sec => ['sys', 'sys'], - :mount_stunnel => [false, false] - } + mount_nfs_version: [4, 4], + mount_sec: ['sys', 'sys'], + mount_stunnel: [false, false], + }, } it_behaves_like 'a NFS share with cross-mounted servers', diff --git a/spec/acceptance/suites/default/20_idmapd_test_spec.rb b/spec/acceptance/suites/default/20_idmapd_test_spec.rb index 6b5a461..836d2fc 100644 --- a/spec/acceptance/suites/default/20_idmapd_test_spec.rb +++ b/spec/acceptance/suites/default/20_idmapd_test_spec.rb @@ -3,9 +3,8 @@ test_name 'nfs basic idmapd' describe 'nfs basic idmapd' do - - servers = hosts_with_role( hosts, 'nfs_server' ) - clients = hosts_with_role( hosts, 'nfs_client' ) + servers = hosts_with_role(hosts, 'nfs_server') + clients = hosts_with_role(hosts, 'nfs_client') base_hiera = { # Set us up for a NFSv4 with basic idmapd settings (default config) @@ -22,35 +21,35 @@ # make sure we are using iptables and not nftables because nftables # core dumps with rules from the nfs module - 'firewalld::firewall_backend' => 'iptables' + 'firewalld::firewall_backend' => 'iptables', } context 'long running test' do - it 'should ensure vagrant connectivity' do + it 'ensures vagrant connectivity' do on(hosts, 'date') end end context 'with idmapd enabled' do opts = { - :base_hiera => base_hiera, - :export_insecure => false, - :nfs_sec => 'sys', - :nfsv3 => false, - :verify_reboot => true + base_hiera: base_hiera, + export_insecure: false, + nfs_sec: 'sys', + nfsv3: false, + verify_reboot: true, } it_behaves_like 'a NFS share using static mounts with distinct client/server roles', servers, clients, opts context 'idmapd config verification' do hosts.each do |host| - it "should configure /etc/idmapd.conf on #{host}" do + it "configures /etc/idmapd.conf on #{host}" do on(host, "grep 'file is managed by Puppet' /etc/idmapd.conf") end end clients.each do |client| - it "should add nfsidmap to /etc/request-key.conf on #{client}" do + it "adds nfsidmap to /etc/request-key.conf on #{client}" do on(client, "grep '/usr/sbin/nfsidmap' /etc/request-key.conf") end end diff --git a/spec/acceptance/suites/krb5/00_krb5_test_spec.rb b/spec/acceptance/suites/krb5/00_krb5_test_spec.rb index be1f954..ea1693e 100644 --- a/spec/acceptance/suites/krb5/00_krb5_test_spec.rb +++ b/spec/acceptance/suites/krb5/00_krb5_test_spec.rb @@ -3,12 +3,11 @@ test_name 'nfs krb5' describe 'nfs krb5' do - # This test only uses hosts that have distinct NFS server/client roles, # because we don't have a separate KDC in the test's Kerberos infrastructure. # Instead, each NFS server also acts as the KDC. - servers = hosts_with_role( hosts, 'nfs_server' ) - clients = hosts_with_role( hosts, 'nfs_client' ) + servers = hosts_with_role(hosts, 'nfs_server') + clients = hosts_with_role(hosts, 'nfs_client') base_hiera = { # Set us up for a NFS using Kerberos @@ -28,19 +27,19 @@ # Fake out sync source, as this is not a full SIMP server 'krb5::keytab::keytab_source' => 'file:///tmp/keytabs', - # Config for KDC on NFS server (unused on NFS clients) + # Config for KDC on NFS server (unused on NFS clients) 'krb5::kdc::ldap' => false, 'krb5::kdc::auto_keytabs::introspect' => false, 'krb5::kdc::auto_keytabs::hosts' => # Generate keytabs for everyone - hosts.map{|host| [ fact_on(host,'fqdn'), {'ensure' => 'present'} ]}.to_h, + hosts.map { |host| [ fact_on(host, 'networking.fqdn'), { 'ensure' => 'present' } ] }.to_h, 'krb5::kdc::auto_keytabs::global_services' => [ 'nfs' ], 'nfs::secure_nfs' => true, # make sure we are using iptables and not nftables because nftables # core dumps with rules from the nfs module - 'firewalld::firewall_backend' => 'iptables' + 'firewalld::firewall_backend' => 'iptables', } # We need to set up the Kerberos server prior to running NFS. @@ -52,47 +51,48 @@ # the Puppet master. servers.each do |server| context "with server #{server} as NFS server and KDC" do - let(:server_fqdn) { fact_on(server, 'fqdn') } + let(:server_fqdn) { fact_on(server, 'networking.fqdn') } + let(:client_fqdn) { fact_on(client, 'networking.fqdn') } context 'Kerberos infrastructure set up' do - let(:kdc_manifest) { + let(:kdc_manifest) do <<~EOM include 'krb5::kdc' include 'ssh' EOM - } + end - let(:krb5_client_manifest) { + let(:krb5_client_manifest) do <<~EOM include 'krb5' include 'ssh' - krb5::setting::realm { $facts['domain'] : - admin_server => '#{server_fqdn}' + krb5::setting::realm { $facts['networking']['domain'] : + admin_server => '#{server_fqdn}', } EOM - } + end - it "should create a KDC on NFS server #{server} with keytabs for all hosts" do + it "creates a KDC on NFS server #{server} with keytabs for all hosts" do set_hieradata_on(server, base_hiera) - apply_manifest_on(server, kdc_manifest, :catch_failures => true) + apply_manifest_on(server, kdc_manifest, catch_failures: true) end - it "should set up #{server} keytab and fake keytab sync source" do - keytab_src = %(/var/kerberos/krb5kdc/generated_keytabs/#{fact_on(server,'fqdn')}/krb5.keytab) + it "sets up #{server} keytab and fake keytab sync source" do + keytab_src = %(/var/kerberos/krb5kdc/generated_keytabs/#{server_fqdn}/krb5.keytab) on(server, %(cp #{keytab_src} /etc)) server.mkdir_p('/tmp/keytabs') on(server, "cp #{keytab_src} /tmp/keytabs/") end clients.each do |client| - # FIXME SIMP-7561 - it "should clear the gssproxy credential cache on client #{client}" do - on(client, "if [ -f /var/lib/gssproxy/clients/krb5cc_0 ]; then /usr/bin/kdestroy -c /var/lib/gssproxy/clients/krb5cc_0 ; fi") + # FIXME: SIMP-7561 + it "clears the gssproxy credential cache on client #{client}" do + on(client, 'if [ -f /var/lib/gssproxy/clients/krb5cc_0 ]; then /usr/bin/kdestroy -c /var/lib/gssproxy/clients/krb5cc_0 ; fi') end - it "should copy keytabs from KDC to fake keytab sync source on client #{client}" do - keytab_src = %(/var/kerberos/krb5kdc/generated_keytabs/#{fact_on(client,'fqdn')}/krb5.keytab) + it "copies keytabs from KDC to fake keytab sync source on client #{client}" do + keytab_src = %(/var/kerberos/krb5kdc/generated_keytabs/#{client_fqdn}/krb5.keytab) tmpdir = Dir.mktmpdir begin @@ -101,21 +101,21 @@ # doing. server.do_scp_from(keytab_src, tmpdir, {}) client.mkdir_p('/tmp/keytabs') - client.do_scp_to(File.join(tmpdir, File.basename(keytab_src)), "/tmp/keytabs/", {}) + client.do_scp_to(File.join(tmpdir, File.basename(keytab_src)), '/tmp/keytabs/', {}) ensure FileUtils.remove_entry_secure(tmpdir) end end - it "should set the Kerberos realm on client #{client}" do + it "sets the Kerberos realm on client #{client}" do set_hieradata_on(client, base_hiera) - apply_manifest_on(client, krb5_client_manifest, :catch_failures => true) + apply_manifest_on(client, krb5_client_manifest, catch_failures: true) end end end context 'long running test' do - it 'should ensure vagrant connectivity' do + it 'ensures vagrant connectivity' do on(hosts, 'date') end end @@ -129,19 +129,19 @@ client_krb5_manifest_extras = <<~EOM # Keep Kerberos realm configured to know location of KDC - krb5::setting::realm { $facts['domain'] : - admin_server => '#{fact_on(server,'fqdn')}' + krb5::setting::realm { $facts['networking']['domain'] : + admin_server => '#{server_fqdn}', } EOM opts = { - :base_hiera => base_hiera, - :export_insecure => false, - :server_custom => server_krb5_manifest_extras, - :client_custom => client_krb5_manifest_extras, - :nfs_sec => 'krb5p', - :nfsv3 => false, - :verify_reboot => true + base_hiera: base_hiera, + export_insecure: false, + server_custom: server_krb5_manifest_extras, + client_custom: client_krb5_manifest_extras, + nfs_sec: 'krb5p', + nfsv3: false, + verify_reboot: true, } it_behaves_like 'a NFS share using static mounts with distinct client/server roles', [ server ], clients, opts diff --git a/spec/acceptance/suites/stunnel/00_stunnel_test_spec.rb b/spec/acceptance/suites/stunnel/00_stunnel_test_spec.rb index 2ce20c2..8f755fe 100644 --- a/spec/acceptance/suites/stunnel/00_stunnel_test_spec.rb +++ b/spec/acceptance/suites/stunnel/00_stunnel_test_spec.rb @@ -29,16 +29,14 @@ # mount will fail. ################################################################################ - # Tests stunneling between individual NFS client and NFS server pairs describe 'nfs stunnel' do + servers = hosts_with_role(hosts, 'nfs_server') + servers_with_client = hosts_with_role(hosts, 'nfs_server_and_client') + servers_tcpwrappers = servers.select { |server| server.name.include?('el7') } - servers = hosts_with_role( hosts, 'nfs_server' ) - servers_with_client = hosts_with_role( hosts, 'nfs_server_and_client' ) - servers_tcpwrappers = servers.select { |server| server.name.match(/el7/) } - - clients = hosts_with_role( hosts, 'nfs_client' ) - clients_tcpwrappers = clients.select { |client| client.name.match(/el7/) } + clients = hosts_with_role(hosts, 'nfs_client') + clients_tcpwrappers = clients.select { |client| client.name.include?('el7') } base_hiera = { # Set us up for a basic stunneled NFS (firewall-only) @@ -61,17 +59,17 @@ # make sure we are using iptables and not nftables because nftables # core dumps with rules from the nfs module - 'firewalld::firewall_backend' => 'iptables' + 'firewalld::firewall_backend' => 'iptables', } context 'with NFSv4 stunnel and firewall' do opts = { - :base_hiera => base_hiera, - :export_insecure => true, - :nfs_sec => 'sys', - :nfsv3 => false, - :mount_autodetect_remote => [ false ], # this is immaterial when using stunnel - :verify_reboot => true + base_hiera: base_hiera, + export_insecure: true, + nfs_sec: 'sys', + nfsv3: false, + mount_autodetect_remote: [ false ], # this is immaterial when using stunnel + verify_reboot: true, } it_behaves_like 'a NFS share using static mounts with distinct client/server roles', servers, clients, opts @@ -80,7 +78,7 @@ end context 'long running test' do - it 'should ensure vagrant connectivity' do + it 'ensures vagrant connectivity' do on(hosts, 'date') end end @@ -93,17 +91,17 @@ 'nfs::custom_nfs_conf_opts' => { 'nfsd' => { 'tcp' => true, - 'udp' => false - } - } + 'udp' => false, + }, + }, } opts = { - :base_hiera => base_hiera.merge(tcpwrappers_hiera), - :export_insecure => true, - :nfs_sec => 'sys', - :nfsv3 => false, - :verify_reboot => false + base_hiera: base_hiera.merge(tcpwrappers_hiera), + export_insecure: true, + nfs_sec: 'sys', + nfsv3: false, + verify_reboot: false, } it_behaves_like 'a NFS share using static mounts with distinct client/server roles', @@ -115,7 +113,7 @@ context 'clean up for next test' do (servers_tcpwrappers + clients_tcpwrappers).each do |host| - it 'should disable tcpwrappers by removing hosts.allow and hosts.deny files' do + it 'disables tcpwrappers by removing hosts.allow and hosts.deny files' do on(host, 'rm -f /etc/hosts.allow /etc/hosts.deny') end end diff --git a/spec/acceptance/suites/stunnel/10_client_with_multiple_servers_test_spec.rb b/spec/acceptance/suites/stunnel/10_client_with_multiple_servers_test_spec.rb index a24341b..ff349ef 100644 --- a/spec/acceptance/suites/stunnel/10_client_with_multiple_servers_test_spec.rb +++ b/spec/acceptance/suites/stunnel/10_client_with_multiple_servers_test_spec.rb @@ -12,16 +12,15 @@ # mounts. describe 'nfs client with multiple servers' do - - servers = hosts_with_role( hosts, 'nfs_server' ) + servers = hosts_with_role(hosts, 'nfs_server') if servers.size < 2 - fail("#{__FILE__} requires at least 2 hosts with role 'nfs_server'") + raise("#{__FILE__} requires at least 2 hosts with role 'nfs_server'") end server1 = servers[0] server2 = servers[1] - clients = hosts_with_role( hosts, 'nfs_client' ) + clients = hosts_with_role(hosts, 'nfs_client') base_hiera = { # Set us up for a stunneled NFS with firewall @@ -45,38 +44,38 @@ # make sure we are using iptables and not nftables because nftables # core dumps with rules from the nfs module - 'firewalld::firewall_backend' => 'iptables' + 'firewalld::firewall_backend' => 'iptables', } context 'client mounting from 2 NFSv4 servers, both via stunnel' do opts = { - :base_hiera => base_hiera, - :server1_config => { - :server_ip => internal_network_info(server1)[:ip], - :nfsv3 => false, # NFSv4 only - :nfsd_port => 2049, - :stunnel_nfsd_port => 20490, - :exported_dir => '/srv/home', - :export_insecure => true, - :export_sec => 'sys', + base_hiera: base_hiera, + server1_config: { + server_ip: internal_network_info(server1)[:ip], + nfsv3: false, # NFSv4 only + nfsd_port: 2049, + stunnel_nfsd_port: 20_490, + exported_dir: '/srv/home', + export_insecure: true, + export_sec: 'sys', }, - :server2_config => { - :server_ip => internal_network_info(server2)[:ip], - :nfsv3 => false, # NFSv4 only - :nfsd_port => 2150, # avoid port conflict with server1 - :stunnel_nfsd_port => 21500, - :exported_dir => '/srv/apps', - :export_insecure => true, - :export_sec => 'sys', + server2_config: { + server_ip: internal_network_info(server2)[:ip], + nfsv3: false, # NFSv4 only + nfsd_port: 2150, # avoid port conflict with server1 + stunnel_nfsd_port: 21_500, + exported_dir: '/srv/apps', + export_insecure: true, + export_sec: 'sys', }, # applies to all clients - :client_config => { - :nfsv3 => false, # NFSv4 only + client_config: { + nfsv3: false, # NFSv4 only # index 0 => server1 mount, index 1 => server 2 mount - :mount_nfs_version => [4, 4], - :mount_sec => ['sys', 'sys'], - :mount_stunnel => [nil, nil] # use default of true - } + mount_nfs_version: [4, 4], + mount_sec: ['sys', 'sys'], + mount_stunnel: [nil, nil], # use default of true + }, } it_behaves_like 'a multi-server NFS share', server1, server2, clients, opts @@ -84,33 +83,33 @@ context 'client mounting from 1 NFSv4 server via stunnel and 1 NFSv3 server directly' do opts = { - :base_hiera => base_hiera, - :server1_config => { - :server_ip => internal_network_info(server1)[:ip], - :nfsv3 => false, # NFSv4 only - :nfsd_port => 2049, - :stunnel_nfsd_port => 20490, - :exported_dir => '/srv/home', - :export_insecure => true, - :export_sec => 'sys', + base_hiera: base_hiera, + server1_config: { + server_ip: internal_network_info(server1)[:ip], + nfsv3: false, # NFSv4 only + nfsd_port: 2049, + stunnel_nfsd_port: 20_490, + exported_dir: '/srv/home', + export_insecure: true, + export_sec: 'sys', }, - :server2_config => { - :server_ip => internal_network_info(server2)[:ip], - :nfsv3 => true, # NFSv3 and NFSv4 - :nfsd_port => 2150, # avoid port conflict with server1 - :stunnel_nfsd_port => 21500, # - :exported_dir => '/srv/apps', - :export_insecure => true, - :export_sec => 'sys', + server2_config: { + server_ip: internal_network_info(server2)[:ip], + nfsv3: true, # NFSv3 and NFSv4 + nfsd_port: 2150, # avoid port conflict with server1 + stunnel_nfsd_port: 21_500, # + exported_dir: '/srv/apps', + export_insecure: true, + export_sec: 'sys', }, # applies to all clients - :client_config => { - :nfsv3 => true, # NFSv3 and NFSv4 + client_config: { + nfsv3: true, # NFSv3 and NFSv4 # index 0 => server1 mount, index 1 => server 2 mount - :mount_nfs_version => [4, 3], - :mount_sec => ['sys', 'sys'], - :mount_stunnel => [true, false] - } + mount_nfs_version: [4, 3], + mount_sec: ['sys', 'sys'], + mount_stunnel: [true, false], + }, } it_behaves_like 'a multi-server NFS share', server1, server2, clients, opts @@ -118,33 +117,33 @@ context 'client mounting from 2 NFSv3 servers directly' do opts = { - :base_hiera => base_hiera, - :server1_config => { - :server_ip => internal_network_info(server1)[:ip], - :nfsv3 => true, # NFSv3 and NFSv4 - :nfsd_port => 2049, - :stunnel_nfsd_port => 20490, - :exported_dir => '/srv/home', - :export_insecure => true, - :export_sec => 'sys', + base_hiera: base_hiera, + server1_config: { + server_ip: internal_network_info(server1)[:ip], + nfsv3: true, # NFSv3 and NFSv4 + nfsd_port: 2049, + stunnel_nfsd_port: 20_490, + exported_dir: '/srv/home', + export_insecure: true, + export_sec: 'sys', }, - :server2_config => { - :server_ip => internal_network_info(server2)[:ip], - :nfsv3 => true, # NFSv3 and NFSv4 - :nfsd_port => 2150, # avoid port conflict with server1 - :stunnel_nfsd_port => 21500, - :exported_dir => '/srv/apps', - :export_insecure => true, - :export_sec => 'sys', + server2_config: { + server_ip: internal_network_info(server2)[:ip], + nfsv3: true, # NFSv3 and NFSv4 + nfsd_port: 2150, # avoid port conflict with server1 + stunnel_nfsd_port: 21_500, + exported_dir: '/srv/apps', + export_insecure: true, + export_sec: 'sys', }, # applies to all clients - :client_config => { - :nfsv3 => true, # NFSv3 and NFSv4 + client_config: { + nfsv3: true, # NFSv3 and NFSv4 # index 0 => server1 mount, index 1 => server 2 mount - :mount_nfs_version => [3, 3], - :mount_sec => ['sys', 'sys'], - :mount_stunnel => [false, false] - } + mount_nfs_version: [3, 3], + mount_sec: ['sys', 'sys'], + mount_stunnel: [false, false], + }, } it_behaves_like 'a multi-server NFS share', server1, server2, clients, opts diff --git a/spec/acceptance/suites/stunnel/20_server_with_multiple_clients_test_spec.rb b/spec/acceptance/suites/stunnel/20_server_with_multiple_clients_test_spec.rb index 92a551d..1cb18f0 100644 --- a/spec/acceptance/suites/stunnel/20_server_with_multiple_clients_test_spec.rb +++ b/spec/acceptance/suites/stunnel/20_server_with_multiple_clients_test_spec.rb @@ -11,16 +11,15 @@ # Verifies server can support a mix of NFSv4 (stunneled) and NFSv3 (direct) # client mounts of the same exported filesystem. describe 'nfs server with multiple clients' do - - clients = hosts_with_role( hosts, 'nfs_client' ) + clients = hosts_with_role(hosts, 'nfs_client') if clients.size < 2 - fail("#{__FILE__} requires at least 2 hosts with role 'nfs_client'") + raise("#{__FILE__} requires at least 2 hosts with role 'nfs_client'") end client1 = clients[0] client2 = clients[1] - servers = hosts_with_role( hosts, 'nfs_server' ) + servers = hosts_with_role(hosts, 'nfs_server') base_hiera = { # Set us up for a stunneled NFS with firewall @@ -46,25 +45,25 @@ # make sure we are using iptables and not nftables because nftables # core dumps with rules from the nfs module - 'firewalld::firewall_backend' => 'iptables' + 'firewalld::firewall_backend' => 'iptables', } context 'server exporting to 2 NFSv4 clients, both via stunnel' do opts = { - :base_hiera => base_hiera, - :server_config => { - :export_insecure => true, # server allows mount via NFSv4 stunnel - :export_sec => 'sys' # server export NFS sec setting + base_hiera: base_hiera, + server_config: { + export_insecure: true, # server allows mount via NFSv4 stunnel + export_sec: 'sys', # server export NFS sec setting }, - :mount1_config => { - :nfs_version => 4, # client1 mount with NFSv4 - :sec => 'sys', # client1 mount NFS sec setting - :stunnel => true # client1 mount enable stunnel + mount1_config: { + nfs_version: 4, # client1 mount with NFSv4 + sec: 'sys', # client1 mount NFS sec setting + stunnel: true, # client1 mount enable stunnel }, - :mount2_config => { - :nfs_version => 4, # client2 mount with NFSv4 - :sec => 'sys', # client2 mount NFS sec setting - :stunnel => true # client1 mount enable stunnel + mount2_config: { + nfs_version: 4, # client2 mount with NFSv4 + sec: 'sys', # client2 mount NFS sec setting + stunnel: true, # client1 mount enable stunnel }, } @@ -73,22 +72,22 @@ context 'client mounting from 1 NFSv4 server via stunnel and 1 NFSv3 server directly' do opts = { - :base_hiera => base_hiera, - :server_config => { - :nfsv3 => true, # NFSv3 and NFSv4 - :export_insecure => true, # server allows mount via NFSv4 stunnel - :export_sec => 'sys' # server export NFS sec setting + base_hiera: base_hiera, + server_config: { + nfsv3: true, # NFSv3 and NFSv4 + export_insecure: true, # server allows mount via NFSv4 stunnel + export_sec: 'sys', # server export NFS sec setting + }, + mount1_config: { + nfs_version: 4, # client1 mount with NFSv4 + sec: 'sys', # client1 mount NFS sec setting + stunnel: nil, # client1 mount, stunnel enabled by default }, - :mount1_config => { - :nfs_version => 4, # client1 mount with NFSv4 - :sec => 'sys', # client1 mount NFS sec setting - :stunnel => nil # client1 mount, stunnel enabled by default + mount2_config: { + nfs_version: 3, # client2 mount with NFSv3 + sec: 'sys', # client2 mount NFS sec setting + stunnel: nil, # client2 mount, stunnel automatically disabled }, - :mount2_config => { - :nfs_version => 3, # client2 mount with NFSv3 - :sec => 'sys', # client2 mount NFS sec setting - :stunnel => nil # client2 mount, stunnel automatically disabled - } } it_behaves_like 'a multi-client NFS share', servers, client1, client2, opts @@ -96,22 +95,22 @@ context 'client mounting from 2 NFSv3 servers directly' do opts = { - :base_hiera => base_hiera, - :server_config => { - :nfsv3 => true, # NFSv3 and NFSv4 - :export_insecure => true, # server allows mount via NFSv4 stunnel - :export_sec => 'sys' # server export NFS sec setting + base_hiera: base_hiera, + server_config: { + nfsv3: true, # NFSv3 and NFSv4 + export_insecure: true, # server allows mount via NFSv4 stunnel + export_sec: 'sys', # server export NFS sec setting + }, + mount1_config: { + nfs_version: 3, # client1 mount with NFSv3 + sec: 'sys', # client1 mount NFS sec setting + stunnel: false, # client2 mount disable stunnel }, - :mount1_config => { - :nfs_version => 3, # client1 mount with NFSv3 - :sec => 'sys', # client1 mount NFS sec setting - :stunnel => false # client2 mount disable stunnel + mount2_config: { + nfs_version: 3, # client2 mount with NFSv3 + sec: 'sys', # client2 mount NFS sec setting + stunnel: false, # client2 mount disable stunnel }, - :mount2_config => { - :nfs_version => 3, # client2 mount with NFSv3 - :sec => 'sys', # client2 mount NFS sec setting - :stunnel => false # client2 mount disable stunnel - } } it_behaves_like 'a multi-client NFS share', servers, client1, client2, opts diff --git a/spec/acceptance/suites/stunnel/30_cross_server_mounts_test_spec.rb b/spec/acceptance/suites/stunnel/30_cross_server_mounts_test_spec.rb index 15ede0b..1129970 100644 --- a/spec/acceptance/suites/stunnel/30_cross_server_mounts_test_spec.rb +++ b/spec/acceptance/suites/stunnel/30_cross_server_mounts_test_spec.rb @@ -14,16 +14,15 @@ # describe 'cross-mounted NFS servers plus clients' do - - servers = hosts_with_role( hosts, 'nfs_server' ) + servers = hosts_with_role(hosts, 'nfs_server') if servers.size < 2 - fail("#{__FILE__} requires at least 2 hosts with role 'nfs_server'") + raise("#{__FILE__} requires at least 2 hosts with role 'nfs_server'") end server1 = servers[0] server2 = servers[1] - clients = hosts_with_role( hosts, 'nfs_client' ) + clients = hosts_with_role(hosts, 'nfs_client') base_hiera = { 'simp_options::audit' => false, @@ -45,41 +44,41 @@ # make sure we are using iptables and not nftables because nftables # core dumps with rules from the nfs module - 'firewalld::firewall_backend' => 'iptables' + 'firewalld::firewall_backend' => 'iptables', } context 'NFSv4 cross mounts with stunnel' do opts = { - :base_hiera => base_hiera, - :server1_config => { - :server_ip => internal_network_info(server1)[:ip], - :nfsd_port => 2049, - :stunnel_nfsd_port => 20490, - :exported_dir => '/srv/home', - :export_insecure => true, - :export_sec => 'sys', - :mount_nfs_version => 4, - :mount_sec => 'sys', - :mount_stunnel => true + base_hiera: base_hiera, + server1_config: { + server_ip: internal_network_info(server1)[:ip], + nfsd_port: 2049, + stunnel_nfsd_port: 20_490, + exported_dir: '/srv/home', + export_insecure: true, + export_sec: 'sys', + mount_nfs_version: 4, + mount_sec: 'sys', + mount_stunnel: true, }, - :server2_config => { - :server_ip => internal_network_info(server2)[:ip], - :nfsd_port => 2150, # avoid port conflict with server1 - :stunnel_nfsd_port => 21500, - :exported_dir => '/srv/apps', - :export_insecure => true, - :export_sec => 'sys', - :mount_nfs_version => 4, - :mount_sec => 'sys', - :mount_stunnel => true + server2_config: { + server_ip: internal_network_info(server2)[:ip], + nfsd_port: 2150, # avoid port conflict with server1 + stunnel_nfsd_port: 21_500, + exported_dir: '/srv/apps', + export_insecure: true, + export_sec: 'sys', + mount_nfs_version: 4, + mount_sec: 'sys', + mount_stunnel: true, }, # applies to all clients - :client_config => { + client_config: { # index 0 => server1 mount, index 1 => server 2 mount - :mount_nfs_version => [4, 4], - :mount_sec => ['sys', 'sys'], - :mount_stunnel => [true, true] - } + mount_nfs_version: [4, 4], + mount_sec: ['sys', 'sys'], + mount_stunnel: [true, true], + }, } it_behaves_like 'a NFS share with cross-mounted servers', diff --git a/spec/classes/base/config_spec.rb b/spec/classes/base/config_spec.rb index 09cdd1b..7b71726 100644 --- a/spec/classes/base/config_spec.rb +++ b/spec/classes/base/config_spec.rb @@ -5,347 +5,405 @@ describe 'private nfs::base::config' do on_supported_os.each do |os, os_facts| context "on #{os}" do - let(:facts) { + let(:facts) do # to workaround service provider issues related to masking haveged # when tests are run on GitLab runners which are docker containers - os_facts.merge( { :haveged__rngd_enabled => false } ) - } + os_facts.merge(haveged__rngd_enabled: false) + end context 'with default nfs parameters' do it { is_expected.to compile.with_all_deps } it { is_expected.to create_class('nfs::base::config') } - it { is_expected.to create_concat('/etc/nfs.conf').with( { - :owner => 'root', - :group => 'root', - :mode => '0644' - } ) } - - it { is_expected.to_not create_concat__fragment('nfs_conf_general') } - it { is_expected.to_not create_concat__fragment('nfs_conf_gssd') } - it { is_expected.to_not create_concat__fragment('nfs_conf_lockd') } - it { is_expected.to_not create_concat__fragment('nfs_conf_sm_notify') } - it { is_expected.to_not create_concat__fragment('nfs_conf_statd') } + it { + is_expected.to create_concat('/etc/nfs.conf').with( + owner: 'root', + group: 'root', + mode: '0644', + ) + } + + it { is_expected.not_to create_concat__fragment('nfs_conf_general') } + it { is_expected.not_to create_concat__fragment('nfs_conf_gssd') } + it { is_expected.not_to create_concat__fragment('nfs_conf_lockd') } + it { is_expected.not_to create_concat__fragment('nfs_conf_sm_notify') } + it { is_expected.not_to create_concat__fragment('nfs_conf_statd') } if os_facts[:os][:release][:major].to_i < 8 - it { is_expected.to create_concat('/etc/sysconfig/nfs').with( { - :owner => 'root', - :group => 'root', - :mode => '0644' - } ) } - - it { is_expected.to_not create_concat__fragment('nfs_gss_use_proxy') } - it { is_expected.to_not create_concat__fragment('nfs_GSSDARGS') } - it { is_expected.to_not create_concat__fragment('nfs_SMNOTIFYARGS') } - it { is_expected.to_not create_concat__fragment('nfs_STATDARG') } + it { + is_expected.to create_concat('/etc/sysconfig/nfs').with( + owner: 'root', + group: 'root', + mode: '0644', + ) + } + + it { is_expected.not_to create_concat__fragment('nfs_gss_use_proxy') } + it { is_expected.not_to create_concat__fragment('nfs_GSSDARGS') } + it { is_expected.not_to create_concat__fragment('nfs_SMNOTIFYARGS') } + it { is_expected.not_to create_concat__fragment('nfs_STATDARG') } else it { is_expected.to create_file('/etc/sysconfig/nfs').with_ensure('absent') } end - it { is_expected.to_not create_systemd__dropin_file('simp_unit.conf') } - it { is_expected.to create_file('/etc/modprobe.d/sunrpc.conf').with( { - :owner => 'root', - :group => 'root', - :mode => '0640', - :content => <<~EOM - # This file is managed by Puppet (simp-nfs module). Changes will be overwritten - # at the next puppet run. - # - options sunrpc tcp_slot_table_entries=128 udp_slot_table_entries=128 - EOM - } ) } - - it { is_expected.to_not create_class('nfs::idmapd::config') } - it { is_expected.to_not create_file('/etc/modprobe.d/lockd.conf') } + it { is_expected.not_to create_systemd__dropin_file('simp_unit.conf') } + it { + is_expected.to create_file('/etc/modprobe.d/sunrpc.conf').with( + owner: 'root', + group: 'root', + mode: '0640', + content: <<~EOM, + # This file is managed by Puppet (simp-nfs module). Changes will be overwritten + # at the next puppet run. + # + options sunrpc tcp_slot_table_entries=128 udp_slot_table_entries=128 + EOM + ) + } + + it { is_expected.not_to create_class('nfs::idmapd::config') } + it { is_expected.not_to create_file('/etc/modprobe.d/lockd.conf') } end context "when nfs::custom_nfs_conf_opts has 'general' key" do - let(:params) {{ - :custom_nfs_conf_opts => { - 'general' => { - 'pipefs-directory' => '/some/dir' - } + let(:params) do + { + custom_nfs_conf_opts: { + 'general' => { + 'pipefs-directory' => '/some/dir', + }, + }, } - }} + end it { is_expected.to compile.with_all_deps } it { is_expected.to create_class('nfs::base::config') } - it { is_expected.to create_concat__fragment('nfs_conf_general').with( { - :target => '/etc/nfs.conf', - :content => <<~EOM + it { + is_expected.to create_concat__fragment('nfs_conf_general').with( + target: '/etc/nfs.conf', + content: <<~EOM, - [general] - pipefs-directory = /some/dir + [general] + pipefs-directory = /some/dir EOM - } ) } + ) + } end context 'when nfs::secure_nfs=true' do context 'when nfs::gssd_use_gss_proxy=false' do - let(:params) {{ - :secure_nfs => true, - :gssd_use_gss_proxy => false - }} + let(:params) do + { + secure_nfs: true, + gssd_use_gss_proxy: false, + } + end it { is_expected.to compile.with_all_deps } it { is_expected.to create_class('nfs::base::config') } - it { is_expected.to create_concat__fragment('nfs_conf_gssd').with( { - :target => '/etc/nfs.conf', - :content => <<~EOM - - [gssd] - avoid-dns = true - limit-to-legacy-enctypes = false - use-gss-proxy = false + it { + is_expected.to create_concat__fragment('nfs_conf_gssd').with( + target: '/etc/nfs.conf', + content: <<~EOM, + + [gssd] + avoid-dns = true + limit-to-legacy-enctypes = false + use-gss-proxy = false EOM - } ) } + ) + } if os_facts[:os][:release][:major].to_i < 8 - it { is_expected.to_not create_concat__fragment('nfs_gss_use_proxy') } - it { is_expected.to_not create_concat__fragment('nfs_GSSDARGS') } + it { is_expected.not_to create_concat__fragment('nfs_gss_use_proxy') } + it { is_expected.not_to create_concat__fragment('nfs_GSSDARGS') } end - it { is_expected.to_not create_systemd__dropin_file('simp_unit.conf') } + it { is_expected.not_to create_systemd__dropin_file('simp_unit.conf') } end context 'when nfs::gssd_use_gss_proxy=true' do - let(:params) {{ - :secure_nfs => true - # nfs::gssd_use_gss_proxy default is true - }} + let(:params) do + { + secure_nfs: true, + # nfs::gssd_use_gss_proxy default is true + } + end it { is_expected.to compile.with_all_deps } it { is_expected.to create_class('nfs::base::config') } - it { is_expected.to create_concat__fragment('nfs_conf_gssd').with( { - :target => '/etc/nfs.conf', - :content => <<~EOM - - [gssd] - avoid-dns = true - limit-to-legacy-enctypes = false - use-gss-proxy = true + it { + is_expected.to create_concat__fragment('nfs_conf_gssd').with( + target: '/etc/nfs.conf', + content: <<~EOM, + + [gssd] + avoid-dns = true + limit-to-legacy-enctypes = false + use-gss-proxy = true EOM - } ) } + ) + } if os_facts[:os][:release][:major].to_i < 8 - it { is_expected.to create_concat__fragment('nfs_gss_use_proxy').with( { - :target => '/etc/sysconfig/nfs', - :content => "GSS_USE_PROXY=yes" - } ) } + it { + is_expected.to create_concat__fragment('nfs_gss_use_proxy').with( + target: '/etc/sysconfig/nfs', + content: 'GSS_USE_PROXY=yes', + ) + } - it { is_expected.to_not create_concat__fragment('nfs_GSSDARGS') } + it { is_expected.not_to create_concat__fragment('nfs_GSSDARGS') } end - it { is_expected.to create_systemd__dropin_file('simp_unit.conf').with( { - :unit => 'gssproxy.service', - :content => <<~EOM - # This file is managed by Puppet (simp-nfs module). Changes will be overwritten - # at the next puppet run. + it { + is_expected.to create_systemd__dropin_file('simp_unit.conf').with( + unit: 'gssproxy.service', + content: <<~EOM, + # This file is managed by Puppet (simp-nfs module). Changes will be overwritten + # at the next puppet run. - [Unit] + [Unit] - PartOf=nfs-utils.service + PartOf=nfs-utils.service EOM - } ) } + ) + } end context "when nfs::custom_nfs_conf_opts has 'gssd' key" do - let(:params) {{ - :secure_nfs => true, - :custom_nfs_conf_opts => { - 'gssd' => { - 'use-memcache' => true - } + let(:params) do + { + secure_nfs: true, + custom_nfs_conf_opts: { + 'gssd' => { + 'use-memcache' => true, + }, + }, } - }} + end it { is_expected.to compile.with_all_deps } it { is_expected.to create_class('nfs::base::config') } - it { is_expected.to create_concat__fragment('nfs_conf_gssd').with( { - :target => '/etc/nfs.conf', - :content => <<~EOM - - [gssd] - avoid-dns = true - limit-to-legacy-enctypes = false - use-gss-proxy = true - use-memcache = true + it { + is_expected.to create_concat__fragment('nfs_conf_gssd').with( + target: '/etc/nfs.conf', + content: <<~EOM, + + [gssd] + avoid-dns = true + limit-to-legacy-enctypes = false + use-gss-proxy = true + use-memcache = true EOM - } ) } + ) + } end if os_facts[:os][:release][:major].to_i < 8 context "when nfs::custom_daemon_args has 'GSSDARGS' key" do - let(:params) {{ - :secure_nfs => true, - :custom_daemon_args => { 'GSSDARGS' => '-v' } - }} + let(:params) do + { + secure_nfs: true, + custom_daemon_args: { 'GSSDARGS' => '-v' }, + } + end it { is_expected.to compile.with_all_deps } it { is_expected.to create_class('nfs::base::config') } - it { is_expected.to create_concat__fragment('nfs_GSSDARGS').with( { - :target => '/etc/sysconfig/nfs', - :content => 'GSSDARGS="-v"' - } ) } + it { + is_expected.to create_concat__fragment('nfs_GSSDARGS').with( + target: '/etc/sysconfig/nfs', + content: 'GSSDARGS="-v"', + ) + } end end end context 'when nfs::nfsv3=true' do context 'with default NFSv3-related nfs parameters' do - let(:params) {{ :nfsv3 => true }} + let(:params) { { nfsv3: true } } it { is_expected.to compile.with_all_deps } it { is_expected.to create_class('nfs::base::config') } - it { is_expected.to create_concat__fragment('nfs_conf_lockd').with( { - :target => '/etc/nfs.conf', - :content => <<~EOM - - [lockd] - port = 32803 - udp-port = 32769 + it { + is_expected.to create_concat__fragment('nfs_conf_lockd').with( + target: '/etc/nfs.conf', + content: <<~EOM, + + [lockd] + port = 32803 + udp-port = 32769 EOM - } ) } + ) + } - it { is_expected.to create_concat__fragment('nfs_conf_sm_notify').with( { - :target => '/etc/nfs.conf', - :content => <<~EOM + it { + is_expected.to create_concat__fragment('nfs_conf_sm_notify').with( + target: '/etc/nfs.conf', + content: <<~EOM, - [sm-notify] - outgoing-port = 2021 + [sm-notify] + outgoing-port = 2021 EOM - } ) } + ) + } - it { is_expected.to create_concat__fragment('nfs_conf_statd').with( { - :target => '/etc/nfs.conf', - :content => <<~EOM + it { + is_expected.to create_concat__fragment('nfs_conf_statd').with( + target: '/etc/nfs.conf', + content: <<~EOM, - [statd] - outgoing-port = 2020 - port = 662 + [statd] + outgoing-port = 2020 + port = 662 EOM - } ) } - - it { is_expected.to create_file('/etc/modprobe.d/lockd.conf').with( { - :owner => 'root', - :group => 'root', - :mode => '0640', - :content => <<~EOM - # This file is managed by Puppet (simp-nfs module). Changes will be overwritten - # at the next puppet run. - # - # Set the TCP port that the NFS lock manager should use. - # port must be a valid TCP port value (1-65535). - options lockd nlm_tcpport=32803 + ) + } - # Set the UDP port that the NFS lock manager should use. - # port must be a valid UDP port value (1-65535). - options lockd nlm_udpport=32769 + it { + is_expected.to create_file('/etc/modprobe.d/lockd.conf').with( + owner: 'root', + group: 'root', + mode: '0640', + content: <<~EOM, + # This file is managed by Puppet (simp-nfs module). Changes will be overwritten + # at the next puppet run. + # + # Set the TCP port that the NFS lock manager should use. + # port must be a valid TCP port value (1-65535). + options lockd nlm_tcpport=32803 + + # Set the UDP port that the NFS lock manager should use. + # port must be a valid UDP port value (1-65535). + options lockd nlm_udpport=32769 EOM - } ) } + ) + } end context "when nfs::custom_nfs_conf_opts has 'lockd' key" do - let(:params) {{ - :nfsv3 => true, - :custom_nfs_conf_opts => { - 'lockd' => { - # this isn't a real option yet, but currently only - # two options available are being set - 'debug' => 'all' - } + let(:params) do + { + nfsv3: true, + custom_nfs_conf_opts: { + 'lockd' => { + # this isn't a real option yet, but currently only + # two options available are being set + 'debug' => 'all', + }, + }, } - }} + end it { is_expected.to compile.with_all_deps } it { is_expected.to create_class('nfs::base::config') } - it { is_expected.to create_concat__fragment('nfs_conf_lockd').with( { - :target => '/etc/nfs.conf', - :content => <<~EOM - - [lockd] - debug = all - port = 32803 - udp-port = 32769 + it { + is_expected.to create_concat__fragment('nfs_conf_lockd').with( + target: '/etc/nfs.conf', + content: <<~EOM, + + [lockd] + debug = all + port = 32803 + udp-port = 32769 EOM - } ) } + ) + } end context "when nfs::custom_nfs_conf_opts has 'sm-notify' key" do - let(:params) {{ - :nfsv3 => true, - :custom_nfs_conf_opts => { - 'sm-notify' => { - 'retry-time' => 10 - } + let(:params) do + { + nfsv3: true, + custom_nfs_conf_opts: { + 'sm-notify' => { + 'retry-time' => 10, + }, + }, } - }} + end - it { is_expected.to create_concat__fragment('nfs_conf_sm_notify').with( { - :target => '/etc/nfs.conf', - :content => <<~EOM + it { + is_expected.to create_concat__fragment('nfs_conf_sm_notify').with( + target: '/etc/nfs.conf', + content: <<~EOM, - [sm-notify] - outgoing-port = 2021 - retry-time = 10 + [sm-notify] + outgoing-port = 2021 + retry-time = 10 EOM - } ) } + ) + } end context "when nfs::custom_nfs_conf_opts has 'statd' key" do - let(:params) {{ - :nfsv3 => true, - :custom_nfs_conf_opts => { - 'statd' => { - 'state-directory-path' => '/some/path' - } + let(:params) do + { + nfsv3: true, + custom_nfs_conf_opts: { + 'statd' => { + 'state-directory-path' => '/some/path', + }, + }, } - }} + end - it { is_expected.to create_concat__fragment('nfs_conf_statd').with( { - :target => '/etc/nfs.conf', - :content => <<~EOM + it { + is_expected.to create_concat__fragment('nfs_conf_statd').with( + target: '/etc/nfs.conf', + content: <<~EOM, - [statd] - outgoing-port = 2020 - port = 662 - state-directory-path = /some/path + [statd] + outgoing-port = 2020 + port = 662 + state-directory-path = /some/path EOM - } ) } + ) + } end if os_facts[:os][:release][:major].to_i < 8 context "when nfs::custom_daemon_args has 'SMNOTIFYARGS' key" do - let(:params) {{ - :nfsv3 => true, - :custom_daemon_args => { 'SMNOTIFYARGS' => '-f' } - }} + let(:params) do + { + nfsv3: true, + custom_daemon_args: { 'SMNOTIFYARGS' => '-f' }, + } + end it { is_expected.to compile.with_all_deps } it { is_expected.to create_class('nfs::base::config') } - it { is_expected.to create_concat__fragment('nfs_SMNOTIFYARGS').with( { - :target => '/etc/sysconfig/nfs', - :content => 'SMNOTIFYARGS="-f"' - } ) } + it { + is_expected.to create_concat__fragment('nfs_SMNOTIFYARGS').with( + target: '/etc/sysconfig/nfs', + content: 'SMNOTIFYARGS="-f"', + ) + } end context "when nfs::custom_daemon_args has 'STATDARG' key" do - let(:params) {{ - :nfsv3 => true, - :custom_daemon_args => { 'STATDARG' => '--no-syslog' } - }} + let(:params) do + { + nfsv3: true, + custom_daemon_args: { 'STATDARG' => '--no-syslog' }, + } + end it { is_expected.to compile.with_all_deps } it { is_expected.to create_class('nfs::base::config') } - it { is_expected.to create_concat__fragment('nfs_STATDARG').with( { - :target => '/etc/sysconfig/nfs', - :content => 'STATDARG="--no-syslog"' - } ) } + it { + is_expected.to create_concat__fragment('nfs_STATDARG').with( + target: '/etc/sysconfig/nfs', + content: 'STATDARG="--no-syslog"', + ) + } end end end context 'with nfs::idmapd=true' do - let(:params) {{ :idmapd => true }} + let(:params) { { idmapd: true } } it { is_expected.to create_class('nfs::idmapd::config') } end diff --git a/spec/classes/base/service_spec.rb b/spec/classes/base/service_spec.rb index 7a0d559..3e5d88b 100644 --- a/spec/classes/base/service_spec.rb +++ b/spec/classes/base/service_spec.rb @@ -5,92 +5,114 @@ describe 'private nfs::base::service' do on_supported_os.each do |os, os_facts| context "on #{os}" do - let(:facts) { + let(:facts) do # to workaround service provider issues related to masking haveged # when tests are run on GitLab runners which are docker containers - os_facts.merge( { :haveged__rngd_enabled => false } ) - } + os_facts.merge(haveged__rngd_enabled: false) + end context 'NFSv3' do context 'with nfs::nfsv3 false' do let(:params) { {} } # nfs::nfsv3 default is false + it { is_expected.to compile.with_all_deps } it { is_expected.to create_class('nfs::base::service') } it { is_expected.to create_service('rpc-statd.service').with_ensure('stopped') } - it { is_expected.to create_exec('mask_rpc-statd.service').with( { - :command => '/usr/bin/systemctl mask rpc-statd.service', - :unless => '/usr/bin/systemctl status rpc-statd.service | /usr/bin/grep -qw masked' - } ) } + it { + is_expected.to create_exec('mask_rpc-statd.service').with( + command: '/usr/bin/systemctl mask rpc-statd.service', + unless: '/usr/bin/systemctl status rpc-statd.service | /usr/bin/grep -qw masked', + ) + } end context 'with nfs::nfsv3 true' do - let(:params) {{ :nfsv3 => true }} + let(:params) { { nfsv3: true } } it { is_expected.to compile.with_all_deps } it { is_expected.to create_class('nfs::base::service') } - it { is_expected.to create_service('rpcbind.service').with( { - :ensure => 'running', - :enable => true, - :hasrestart => true - } ) } + it { + is_expected.to create_service('rpcbind.service').with( + ensure: 'running', + enable: true, + hasrestart: true, + ) + } - it { is_expected.to create_service('rpc-statd.service').with( { - :ensure => 'running', - :hasrestart => true - } ) } + it { + is_expected.to create_service('rpc-statd.service').with( + ensure: 'running', + hasrestart: true, + ) + } it { is_expected.to create_svckill__ignore('rpc-statd-notify') } - it { is_expected.to create_exec('unmask_rpc-statd.service').with( { - :command => '/usr/bin/systemctl unmask rpc-statd.service', - :onlyif => '/usr/bin/systemctl status rpc-statd.service | /usr/bin/grep -qw masked' - } ) } + it { + is_expected.to create_exec('unmask_rpc-statd.service').with( + command: '/usr/bin/systemctl unmask rpc-statd.service', + onlyif: '/usr/bin/systemctl status rpc-statd.service | /usr/bin/grep -qw masked', + ) + } end end context 'Secure NFS' do context 'with nfs::secure_nfs false' do let(:params) { {} } # nfs::secure_nfs default is false + it { is_expected.to create_class('nfs::base::service') } it { is_expected.to create_service('rpc-gssd.service').with_ensure('stopped') } - it { is_expected.to create_exec('mask_rpc-gssd.service').with( { - :command => '/usr/bin/systemctl mask rpc-gssd.service', - :unless => '/usr/bin/systemctl status rpc-gssd.service | /usr/bin/grep -qw masked' - } ) } + it { + is_expected.to create_exec('mask_rpc-gssd.service').with( + command: '/usr/bin/systemctl mask rpc-gssd.service', + unless: '/usr/bin/systemctl status rpc-gssd.service | /usr/bin/grep -qw masked', + ) + } end context 'with nfs::secure_nfs true' do context 'with nfs::gssd_use_gss_proxy false' do - let(:params) {{ - :secure_nfs => true, - :gssd_use_gss_proxy => false - }} + let(:params) do + { + secure_nfs: true, + gssd_use_gss_proxy: false, + } + end it { is_expected.to create_class('nfs::base::service') } - it { is_expected.to create_service('rpc-gssd.service').with( { - :ensure => 'running', - :hasrestart => true - } ) } + it { + is_expected.to create_service('rpc-gssd.service').with( + ensure: 'running', + hasrestart: true, + ) + } - it { is_expected.to create_exec('unmask_rpc-gssd.service').with( { - :command => '/usr/bin/systemctl unmask rpc-gssd.service', - :onlyif => '/usr/bin/systemctl status rpc-gssd.service | /usr/bin/grep -qw masked' - } ) } + it { + is_expected.to create_exec('unmask_rpc-gssd.service').with( + command: '/usr/bin/systemctl unmask rpc-gssd.service', + onlyif: '/usr/bin/systemctl status rpc-gssd.service | /usr/bin/grep -qw masked', + ) + } end context 'with nfs::gssd_use_gss_proxy true' do - let(:params) {{ - :secure_nfs => true - # nfs::gssd_use_gss_proxy default is true - }} + let(:params) do + { + secure_nfs: true, + # nfs::gssd_use_gss_proxy default is true + } + end it { is_expected.to create_class('nfs::base::service') } - it { is_expected.to create_service('rpc-gssd.service')} + it { is_expected.to create_service('rpc-gssd.service') } it { is_expected.to create_exec('unmask_rpc-gssd.service') } - it { is_expected.to create_service('gssproxy.service').with( { - :ensure => 'running', - :enable => true, - :hasrestart => true - } ) } + it { + is_expected.to create_service('gssproxy.service').with( + ensure: 'running', + enable: true, + hasrestart: true, + ) + } end end end diff --git a/spec/classes/client/config_spec.rb b/spec/classes/client/config_spec.rb index 71a1ede..1e0b333 100644 --- a/spec/classes/client/config_spec.rb +++ b/spec/classes/client/config_spec.rb @@ -5,53 +5,59 @@ describe 'private nfs::client::config' do on_supported_os.each do |os, os_facts| context "on #{os}" do - let(:facts) { + let(:facts) do # to workaround service provider issues related to masking haveged # when tests are run on GitLab runners which are docker containers - os_facts.merge( { :haveged__rngd_enabled => false } ) - } + os_facts.merge(haveged__rngd_enabled: false) + end context 'with default nfs and nfs::client parameters' do it { is_expected.to compile.with_all_deps } it { is_expected.to create_class('nfs::client::config') } - it { is_expected.to create_exec('modprobe_nfsv4').with( { - :command => '/sbin/modprobe nfsv4', - :unless => '/sbin/lsmod | /usr/bin/grep -qw nfsv4' - } ) } + it { + is_expected.to create_exec('modprobe_nfsv4').with( + command: '/sbin/modprobe nfsv4', + unless: '/sbin/lsmod | /usr/bin/grep -qw nfsv4', + ) + } - it { is_expected.to create_file('/etc/modprobe.d/nfs.conf').with( { - :owner => 'root', - :group => 'root', - :mode => '0640', - :content => <<~EOM - # This file is managed by Puppet (simp-nfs module). Changes will be overwritten - # at the next puppet run. - # - options nfs callback_tcpport=876 + it { + is_expected.to create_file('/etc/modprobe.d/nfs.conf').with( + owner: 'root', + group: 'root', + mode: '0640', + content: <<~EOM, + # This file is managed by Puppet (simp-nfs module). Changes will be overwritten + # at the next puppet run. + # + options nfs callback_tcpport=876 EOM - } ) } + ) + } - it { is_expected.to create_file('/etc/exports').with( { - :owner => 'root', - :group => 'root', - :mode => '0644', - :content => "\n" - } ) } + it { + is_expected.to create_file('/etc/exports').with( + owner: 'root', + group: 'root', + mode: '0644', + content: "\n", + ) + } - it { is_expected.to_not create_class('nfs::client::tcpwrappers') } - it { is_expected.to_not create_class('nfs::idmapd::client') } + it { is_expected.not_to create_class('nfs::client::tcpwrappers') } + it { is_expected.not_to create_class('nfs::idmapd::client') } end context 'when nfs::is_server=true' do - let(:params) {{ :is_server => true }} + let(:params) { { is_server: true } } it { is_expected.to compile.with_all_deps } it { is_expected.to create_class('nfs::client::config') } - it { is_expected.to_not create_file('/etc/exports') } + it { is_expected.not_to create_file('/etc/exports') } end context 'when nfs::tcpwrappers=true' do - let(:params) {{ :tcpwrappers => true }} + let(:params) { { tcpwrappers: true } } it { is_expected.to compile.with_all_deps } it { is_expected.to create_class('nfs::client::config') } @@ -59,7 +65,7 @@ end context 'when nfs::idmapd=true' do - let(:params) {{ :idmapd => true }} + let(:params) { { idmapd: true } } it { is_expected.to compile.with_all_deps } it { is_expected.to create_class('nfs::client::config') } diff --git a/spec/classes/client/service_spec.rb b/spec/classes/client/service_spec.rb index 2bd72d6..1ff79d7 100644 --- a/spec/classes/client/service_spec.rb +++ b/spec/classes/client/service_spec.rb @@ -5,52 +5,63 @@ describe 'private nfs::client::service' do on_supported_os.each do |os, os_facts| context "on #{os}" do - let(:facts) { + let(:facts) do # to workaround service provider issues related to masking haveged # when tests are run on GitLab runners which are docker containers - os_facts.merge( { :haveged__rngd_enabled => false } ) - } + os_facts.merge(haveged__rngd_enabled: false) + end context 'with default nfs and nfs::client parameters' do it { is_expected.to compile.with_all_deps } it { is_expected.to create_class('nfs::client::service') } - it { is_expected.to create_service('nfs-client.target').with( { - :ensure => 'running', - :enable => true, - :hasrestart => false, - :restart => '/usr/bin/systemctl restart nfs-utils.service nfs-client.target' - } ) } - - it { is_expected.to create_sysctl('sunrpc.tcp_slot_table_entries').with( { - :ensure => 'present', - :val => 128, - :silent => true - } ) } - - it { is_expected.to create_sysctl('sunrpc.udp_slot_table_entries').with( { - :ensure => 'present', - :val => 128, - :silent => true - } ) } - - it { is_expected.to create_sysctl('fs.nfs.nfs_callback_tcpport').with( { - :ensure => 'present', - :val => 876, - :silent => true - } ) } - - it { is_expected.to_not create_service('nfs-blkmap.service') } + it { + is_expected.to create_service('nfs-client.target').with( + ensure: 'running', + enable: true, + hasrestart: false, + restart: '/usr/bin/systemctl restart nfs-utils.service nfs-client.target', + ) + } + + it { + is_expected.to create_sysctl('sunrpc.tcp_slot_table_entries').with( + ensure: 'present', + val: 128, + silent: true, + ) + } + + it { + is_expected.to create_sysctl('sunrpc.udp_slot_table_entries').with( + ensure: 'present', + val: 128, + silent: true, + ) + } + + it { + is_expected.to create_sysctl('fs.nfs.nfs_callback_tcpport').with( + ensure: 'present', + val: 876, + silent: true, + ) + } + + it { is_expected.not_to create_service('nfs-blkmap.service') } end context 'when nfs::client::blkmap=true' do let(:hieradata) { 'nfs_client_blkmap' } + it { is_expected.to compile.with_all_deps } it { is_expected.to create_class('nfs::client::service') } - it { is_expected.to create_service('nfs-blkmap.service').with( { - :ensure => 'running', - :enable => true, - :hasrestart => true - } ) } + it { + is_expected.to create_service('nfs-blkmap.service').with( + ensure: 'running', + enable: true, + hasrestart: true, + ) + } end end end diff --git a/spec/classes/client/tcpwrappers_spec.rb b/spec/classes/client/tcpwrappers_spec.rb index 11a4195..21586d9 100644 --- a/spec/classes/client/tcpwrappers_spec.rb +++ b/spec/classes/client/tcpwrappers_spec.rb @@ -5,50 +5,58 @@ describe 'private nfs::client::tcpwrappers' do on_supported_os.each do |os, os_facts| context "on #{os}" do - let(:facts) { + let(:facts) do # to workaround service provider issues related to masking haveged # when tests are run on GitLab runners which are docker containers - os_facts.merge( { :haveged__rngd_enabled => false } ) - } + os_facts.merge(haveged__rngd_enabled: false) + end context 'when tcpwrappers and nfsv3 enabled' do - let(:params) {{ - :nfsv3 => true, - :tcpwrappers => true, - :trusted_nets => [ '1.2.3.0/24' ] - }} + let(:params) do + { + nfsv3: true, + tcpwrappers: true, + trusted_nets: [ '1.2.3.0/24' ], + } + end it { is_expected.to compile.with_all_deps } it { is_expected.to create_class('nfs::client::tcpwrappers') } if os_facts[:os][:release][:major].to_i > 7 - it { is_expected.to_not create_class('tcpwrappers') } - it { is_expected.to_not create_tcpwrappers__allow('rpcbind') } - it { is_expected.to_not create_tcpwrappers__allow('statd') } + it { is_expected.not_to create_class('tcpwrappers') } + it { is_expected.not_to create_tcpwrappers__allow('rpcbind') } + it { is_expected.not_to create_tcpwrappers__allow('statd') } else it { is_expected.to create_class('tcpwrappers') } - it { is_expected.to create_tcpwrappers__allow('rpcbind').with_pattern( - params[:trusted_nets] - ) } + it { + is_expected.to create_tcpwrappers__allow('rpcbind').with_pattern( + params[:trusted_nets], + ) + } - it { is_expected.to create_tcpwrappers__allow('statd') .with_pattern( - params[:trusted_nets] - ) } + it { + is_expected.to create_tcpwrappers__allow('statd') .with_pattern( + params[:trusted_nets], + ) + } end end context 'when tcpwrappers enabled and nfsv3 disabled' do - let(:params) {{ - :nfsv3 => false, - :tcpwrappers => true, - :trusted_nets => [ '1.2.3.0/24' ] - }} + let(:params) do + { + nfsv3: false, + tcpwrappers: true, + trusted_nets: [ '1.2.3.0/24' ], + } + end it { is_expected.to compile.with_all_deps } it { is_expected.to create_class('nfs::client::tcpwrappers') } - it { is_expected.to_not create_class('tcpwrappers') } - it { is_expected.to_not create_tcpwrappers__allow('rpcbind') } - it { is_expected.to_not create_tcpwrappers__allow('statd') } + it { is_expected.not_to create_class('tcpwrappers') } + it { is_expected.not_to create_tcpwrappers__allow('rpcbind') } + it { is_expected.not_to create_tcpwrappers__allow('statd') } end end end diff --git a/spec/classes/client_spec.rb b/spec/classes/client_spec.rb index 2e42064..9d22311 100644 --- a/spec/classes/client_spec.rb +++ b/spec/classes/client_spec.rb @@ -5,41 +5,44 @@ describe 'private nfs::client' do on_supported_os.each do |os, os_facts| context "on #{os}" do - let(:facts) { + let(:facts) do # to workaround service provider issues related to masking haveged # when tests are run on GitLab runners which are docker containers - os_facts.merge( { :haveged__rngd_enabled => false } ) - } + os_facts.merge(haveged__rngd_enabled: false) + end context 'with default nfs and nfs::client parameters' do it { is_expected.to compile.with_all_deps } - it { is_expected.to create_class('nfs::client::config') } it { is_expected.to create_class('nfs::base::config') } it { is_expected.to create_class('nfs::base::service') } it { is_expected.to create_class('nfs::client::config') } it { is_expected.to create_class('nfs::client::service') } - it { is_expected.to_not create_class('krb5') } - it { is_expected.to_not create_class('krb5::keytab') } + it { is_expected.not_to create_class('krb5') } + it { is_expected.not_to create_class('krb5::keytab') } end context 'with nfs::kerberos = true' do context 'with nfs::keytab_on_puppet = false' do - let(:params) {{ - :kerberos => true, - :keytab_on_puppet => false - }} + let(:params) do + { + kerberos: true, + keytab_on_puppet: false, + } + end it { is_expected.to compile.with_all_deps } it { is_expected.to create_class('nfs::client') } it { is_expected.to create_class('krb5') } - it { is_expected.to_not create_class('krb5::keytab') } + it { is_expected.not_to create_class('krb5::keytab') } end context 'with nfs::keytab_on_puppet = true' do - let(:params) {{ - :kerberos => true, - :keytab_on_puppet => true - }} + let(:params) do + { + kerberos: true, + keytab_on_puppet: true, + } + end it { is_expected.to compile.with_all_deps } it { is_expected.to create_class('nfs::client') } diff --git a/spec/classes/idmapd/client_spec.rb b/spec/classes/idmapd/client_spec.rb index e45bbf9..b9dd0fc 100644 --- a/spec/classes/idmapd/client_spec.rb +++ b/spec/classes/idmapd/client_spec.rb @@ -6,10 +6,11 @@ it { is_expected.to create_class('nfs::idmapd::client') } it { is_expected.to create_class('nfs::idmapd::config') } it do - is_expected.to create_exec('enable_nfsidmap_request_key').with( { - :unless => "/usr/bin/grep -v '#' /etc/request-key.conf | grep -q 'nfsidmap -t 600'", - :command => "/usr/bin/sed -r -i '/^create[[:space:]]+id_resolver[[:space:]]/d' /etc/request-key.conf;/usr/bin/sed -i '/^negate/i create\tid_resolver\t*\t*\t\t/usr/sbin/nfsidmap -t 600 %k %d' /etc/request-key.conf" - } ) + is_expected.to create_exec('enable_nfsidmap_request_key').with( + unless: "/usr/bin/grep -v '#' /etc/request-key.conf | grep -q 'nfsidmap -t 600'", + command: "/usr/bin/sed -r -i '/^create[[:space:]]+id_resolver[[:space:]]/d' /etc/request-key.conf;" \ + "/usr/bin/sed -i '/^negate/i create\tid_resolver\t*\t*\t\t/usr/sbin/nfsidmap -t 600 %k %d' /etc/request-key.conf", + ) end end end diff --git a/spec/classes/idmapd/config_spec.rb b/spec/classes/idmapd/config_spec.rb index 52bcab7..d7925eb 100644 --- a/spec/classes/idmapd/config_spec.rb +++ b/spec/classes/idmapd/config_spec.rb @@ -4,8 +4,9 @@ context 'with default parameters' do it { is_expected.to compile.with_all_deps } it { is_expected.to create_class('nfs::idmapd::config') } - it { is_expected.to create_file('/etc/idmapd.conf').with_content( - <<~EOM + it { + is_expected.to create_file('/etc/idmapd.conf').with_content( + <<~EOM, # This file is managed by Puppet (simp-nfs module). Changes will be overwritten # at the next Puppet run. [General] @@ -26,25 +27,28 @@ # This is not yet supported by the SIMP configuration. EOM - )} + ) + } end context 'with optional parameters set and multiple methods' do - let(:params) {{ - :verbosity => 2, - :domain => 'mydomain', - :no_strip => 'both', - :reformat_group => false, - :local_realms => ['realm1', 'realm2'], - :trans_method => ['nsswitch', 'static'], - :gss_methods => ['nsswitch', 'static'], - :static_translation => { 'key1' => 'value1', 'key2' => 'value2' } - }} + let(:params) do + { + verbosity: 2, + domain: 'mydomain', + no_strip: 'both', + reformat_group: false, + local_realms: ['realm1', 'realm2'], + trans_method: ['nsswitch', 'static'], + gss_methods: ['nsswitch', 'static'], + static_translation: { 'key1' => 'value1', 'key2' => 'value2' }, + } + end it { is_expected.to compile.with_all_deps } it { is_expected.to create_class('nfs::idmapd::config') } - it { is_expected.to create_file('/etc/idmapd.conf').with_content( - <<~EOM + it { + is_expected.to create_file('/etc/idmapd.conf').with_content(<<~EOM) # This file is managed by Puppet (simp-nfs module). Changes will be overwritten # at the next Puppet run. [General] @@ -73,6 +77,6 @@ # This is not yet supported by the SIMP configuration. EOM - )} + } end end diff --git a/spec/classes/idmapd/server_spec.rb b/spec/classes/idmapd/server_spec.rb index 3a5b638..870a6ee 100644 --- a/spec/classes/idmapd/server_spec.rb +++ b/spec/classes/idmapd/server_spec.rb @@ -5,53 +5,61 @@ describe 'private nfs::idmapd::server' do on_supported_os.each do |os, os_facts| context "on #{os}" do - let(:facts) { + let(:facts) do # to workaround service provider issues related to masking haveged # when tests are run on GitLab runners which are docker containers - os_facts.merge( { :haveged__rngd_enabled => false } ) - } + os_facts.merge(haveged__rngd_enabled: false) + end context 'with nfs::idmapd=true' do - let(:params) {{ - :is_server => true, - :idmapd => true - }} + let(:params) do + { + is_server: true, + idmapd: true, + } + end it { is_expected.to compile.with_all_deps } it { is_expected.to create_class('nfs::idmapd::server') } it { is_expected.to create_class('nfs::idmapd::config') } - it { is_expected.to create_service('nfs-idmapd.service').with( { - :ensure => 'running', - :enable => true, - :hasrestart => true - } ) + it { + is_expected.to create_service('nfs-idmapd.service').with( + ensure: 'running', + enable: true, + hasrestart: true, + ) } - it { is_expected.to create_exec('unmask_nfs-idmapd.service').with( { - :command => '/usr/bin/systemctl unmask nfs-idmapd.service', - :onlyif => '/usr/bin/systemctl status nfs-idmapd.service | /usr/bin/grep -qw masked' - } ) + it { + is_expected.to create_exec('unmask_nfs-idmapd.service').with( + command: '/usr/bin/systemctl unmask nfs-idmapd.service', + onlyif: '/usr/bin/systemctl status nfs-idmapd.service | /usr/bin/grep -qw masked', + ) } end context 'with nfs::idmapd=false' do - let(:params) {{ - :is_server => true, - :idmapd => false - }} + let(:params) do + { + is_server: true, + idmapd: false, + } + end it { is_expected.to compile.with_all_deps } it { is_expected.to create_class('nfs::idmapd::server') } - it { is_expected.to_not create_class('nfs::idmapd::config') } - it { is_expected.to create_service('nfs-idmapd.service').with( { - :ensure => 'stopped' - } ) + it { is_expected.not_to create_class('nfs::idmapd::config') } + it { + is_expected.to create_service('nfs-idmapd.service').with( + ensure: 'stopped', + ) } - it { is_expected.to create_exec('mask_nfs-idmapd.service').with( { - :command => '/usr/bin/systemctl mask nfs-idmapd.service', - :unless => '/usr/bin/systemctl status nfs-idmapd.service | /usr/bin/grep -qw masked' - } ) + it { + is_expected.to create_exec('mask_nfs-idmapd.service').with( + command: '/usr/bin/systemctl mask nfs-idmapd.service', + unless: '/usr/bin/systemctl status nfs-idmapd.service | /usr/bin/grep -qw masked', + ) } end end diff --git a/spec/classes/init_spec.rb b/spec/classes/init_spec.rb index fa11edf..b132418 100644 --- a/spec/classes/init_spec.rb +++ b/spec/classes/init_spec.rb @@ -3,11 +3,11 @@ describe 'nfs' do on_supported_os.each do |os, os_facts| context "on #{os}" do - let(:facts) { + let(:facts) do # to workaround service provider issues related to masking haveged # when tests are run on GitLab runners which are docker containers - os_facts.merge( { :haveged__rngd_enabled => false } ) - } + os_facts.merge(haveged__rngd_enabled: false) + end shared_examples_for 'a NFS base installer' do it { is_expected.to compile.with_all_deps } @@ -17,36 +17,40 @@ context 'with default parameters' do it_behaves_like 'a NFS base installer' - it { is_expected.to_not create_class('nfs::selinux_hotfix') } + it { is_expected.not_to create_class('nfs::selinux_hotfix') } it { is_expected.to create_class('nfs::lvm2') } it { is_expected.to create_class('nfs::client') } - it { is_expected.to_not create_class('nfs::server') } + it { is_expected.not_to create_class('nfs::server') } end context 'with kerberos=true' do - let(:params){{ :kerberos => true }} + let(:params) { { kerberos: true } } + it_behaves_like 'a NFS base installer' if os_facts[:os][:release][:major].to_i < 8 it { is_expected.to create_class('nfs::selinux_hotfix') } else - it { is_expected.to_not create_class('nfs::selinux_hotfix') } + it { is_expected.not_to create_class('nfs::selinux_hotfix') } end end context 'ensure_latest_lvm=false' do - let(:params){{ :ensure_latest_lvm2 => false }} + let(:params) { { ensure_latest_lvm2: false } } + it_behaves_like 'a NFS base installer' - it { is_expected.to_not create_class('nfs::lvm2') } + it { is_expected.not_to create_class('nfs::lvm2') } end context 'is_client=false' do - let(:params){{ :is_client => false }} + let(:params) { { is_client: false } } + it_behaves_like 'a NFS base installer' - it { is_expected.to_not create_class('nfs::client') } + it { is_expected.not_to create_class('nfs::client') } end context 'is_server=true' do - let(:params){{ :is_server => true }} + let(:params) { { is_server: true } } + it_behaves_like 'a NFS base installer' it { is_expected.to create_class('nfs::server') } end diff --git a/spec/classes/install_spec.rb b/spec/classes/install_spec.rb index 1034e0c..0de9014 100644 --- a/spec/classes/install_spec.rb +++ b/spec/classes/install_spec.rb @@ -5,23 +5,24 @@ describe 'private nfs::install' do on_supported_os.each do |os, os_facts| context "on #{os}" do - let(:facts) { + let(:facts) do # to workaround service provider issues related to masking haveged # when tests are run on GitLab runners which are docker containers - os_facts.merge( { :haveged__rngd_enabled => false } ) - } + os_facts.merge(haveged__rngd_enabled: false) + end context 'default nfs and nfs::install parameters' do it { is_expected.to compile.with_all_deps } it { is_expected.to create_class('nfs::install') } it { is_expected.to create_package('nfs-utils').with_ensure('installed') } it { is_expected.to create_package('nfs4-acl-tools').with_ensure('installed') } - it { is_expected.to_not create_package('quota-rpc').with_ensure('installed') } + it { is_expected.not_to create_package('quota-rpc').with_ensure('installed') } end if os_facts[:os][:release][:major].to_i > 7 context 'nfs::is_server=true' do - let(:params) { { :is_server => true } } + let(:params) { { is_server: true } } + it { is_expected.to compile.with_all_deps } it { is_expected.to create_class('nfs::install') } it { is_expected.to create_package('nfs-utils').with_ensure('installed') } diff --git a/spec/classes/selinux_hotfix_spec.rb b/spec/classes/selinux_hotfix_spec.rb index 2a2b729..d6cb070 100644 --- a/spec/classes/selinux_hotfix_spec.rb +++ b/spec/classes/selinux_hotfix_spec.rb @@ -1,7 +1,6 @@ require 'spec_helper' describe 'nfs::selinux_hotfix' do - def mock_selinux_false_facts(os_facts) os_facts[:selinux] = false os_facts[:os][:selinux][:config_mode] = 'disabled' @@ -23,56 +22,60 @@ def mock_selinux_enforcing_facts(os_facts) on_supported_os.each do |os, os_facts| context "on #{os}" do - let(:facts){ os_facts } + let(:facts) { os_facts } before(:each) do # Mask 'assert_private' for testing - Puppet::Parser::Functions.newfunction(:assert_private, :type => :rvalue) { |args| } + Puppet::Parser::Functions.newfunction(:assert_private, type: :rvalue) { |args| } end context 'selinux_current_mode fact not present' do - let(:facts) { - os_facts = mock_selinux_false_facts(os_facts) + let(:facts) do + os_facts = mock_selinux_false_facts(Marshal.load(Marshal.dump(os_facts))) os_facts.delete(:selinux_current_mode) + os_facts[:os][:selinux].delete(:current_mode) os_facts - } + end it { is_expected.to compile.with_all_deps } - it { is_expected.to_not contain_vox_selinux__module('gss_hotfix') } + it { is_expected.not_to contain_vox_selinux__module('gss_hotfix') } end context 'selinux_current_mode = disabled' do - let(:facts) { mock_selinux_false_facts(os_facts) } + let(:facts) { mock_selinux_false_facts(Marshal.load(Marshal.dump(os_facts))) } it { is_expected.to compile.with_all_deps } - it { is_expected.to_not contain_vox_selinux__module('gss_hotfix') } + it { is_expected.not_to contain_vox_selinux__module('gss_hotfix') } end context 'selinux_current_mode != disabled' do - let(:facts) { mock_selinux_enforcing_facts(os_facts) } + let(:facts) { mock_selinux_enforcing_facts(Marshal.load(Marshal.dump(os_facts))) } + it { is_expected.to compile.with_all_deps } - it { is_expected.to contain_vox_selinux__module('gss_hotfix').with( { - :ensure => 'present', - :builder => 'simple', - :content_te => <<~EOM - module gss_hotfix 1.0; + it { + is_expected.to contain_vox_selinux__module('gss_hotfix').with( + ensure: 'present', + builder: 'simple', + content_te: <<~EOM, + module gss_hotfix 1.0; - require { - \ttype gssd_t; - \ttype gssproxy_t; - \ttype krb5_conf_t; - \tclass dir { read search open }; - } + require { + \ttype gssd_t; + \ttype gssproxy_t; + \ttype krb5_conf_t; + \tclass dir { read search open }; + } - #============= gssd_t ============== - allow gssd_t krb5_conf_t:dir search; - allow gssd_t krb5_conf_t:dir { read open }; + #============= gssd_t ============== + allow gssd_t krb5_conf_t:dir search; + allow gssd_t krb5_conf_t:dir { read open }; - #============= gssproxy_t ============== - allow gssproxy_t krb5_conf_t:dir search; - allow gssproxy_t krb5_conf_t:dir { read open }; + #============= gssproxy_t ============== + allow gssproxy_t krb5_conf_t:dir search; + allow gssproxy_t krb5_conf_t:dir { read open }; EOM - } ) } + ) + } end end end diff --git a/spec/classes/server/config_spec.rb b/spec/classes/server/config_spec.rb index 9c4c9a5..5764f07 100644 --- a/spec/classes/server/config_spec.rb +++ b/spec/classes/server/config_spec.rb @@ -5,96 +5,108 @@ describe 'private nfs::server::config' do on_supported_os.each do |os, os_facts| context "on #{os}" do - let(:facts) { + let(:facts) do # to workaround service provider issues related to masking haveged # when tests are run on GitLab runners which are docker containers - os_facts.merge( { :haveged__rngd_enabled => false } ) - } + os_facts.merge(haveged__rngd_enabled: false) + end context 'with default nfs and nfs::server parameters' do - let(:params) {{ :is_server => true }} + let(:params) { { is_server: true } } it { is_expected.to compile.with_all_deps } it { is_expected.to create_class('nfs::server::config') } - it { is_expected.to_not create_concat__fragment('nfs_conf_exportfs') } - it { is_expected.to create_concat__fragment('nfs_conf_mountd').with( { - :target => '/etc/nfs.conf', - :content => <<~EOM + it { is_expected.not_to create_concat__fragment('nfs_conf_exportfs') } + it { + is_expected.to create_concat__fragment('nfs_conf_mountd').with( + target: '/etc/nfs.conf', + content: <<~EOM, - [mountd] - port = 20048 + [mountd] + port = 20048 EOM - } ) } - - it { is_expected.to create_concat__fragment('nfs_conf_nfsd').with( { - :target => '/etc/nfs.conf', - :content => <<~EOM - - [nfsd] - port = 2049 - vers2 = false - vers3 = false - vers4 = true - vers4.0 = false - vers4.1 = true - vers4.2 = true + ) + } + + it { + is_expected.to create_concat__fragment('nfs_conf_nfsd').with( + target: '/etc/nfs.conf', + content: <<~EOM, + + [nfsd] + port = 2049 + vers2 = false + vers3 = false + vers4 = true + vers4.0 = false + vers4.1 = true + vers4.2 = true EOM - } ) } + ) + } - it { is_expected.to_not create_concat__fragment('nfs_conf_nfsdcltrack') } + it { is_expected.not_to create_concat__fragment('nfs_conf_nfsdcltrack') } # the next 4 omissions are true for EL > 7, always, and for EL7 in # this case, because there is no custom config - it { is_expected.to_not create_concat__fragment('nfs_RPCIDMAPDARGS') } - it { is_expected.to_not create_concat__fragment('nfs_RPCMOUNTDARGS') } - it { is_expected.to_not create_concat__fragment('nfs_RPCNFSDCOUNT') } - it { is_expected.to_not create_concat__fragment('nfs_RPCNFSDARGS') } - - it { is_expected.to create_file('/etc/sysconfig/rpc-rquotad').with( { - :owner => 'root', - :group => 'root', - :mode => '0644', - :content => <<~EOM - # This file is managed by Puppet (simp-nfs module). Changes will be overwritten - # at the next puppet run. - # - RPCRQUOTADOPTS="-p 875" + it { is_expected.not_to create_concat__fragment('nfs_RPCIDMAPDARGS') } + it { is_expected.not_to create_concat__fragment('nfs_RPCMOUNTDARGS') } + it { is_expected.not_to create_concat__fragment('nfs_RPCNFSDCOUNT') } + it { is_expected.not_to create_concat__fragment('nfs_RPCNFSDARGS') } + + it { + is_expected.to create_file('/etc/sysconfig/rpc-rquotad').with( + owner: 'root', + group: 'root', + mode: '0644', + content: <<~EOM, + # This file is managed by Puppet (simp-nfs module). Changes will be overwritten + # at the next puppet run. + # + RPCRQUOTADOPTS="-p 875" EOM - } ) } - - it { is_expected.to create_concat('/etc/exports').with( { - :owner => 'root', - :group => 'root', - :mode => '0644' - } ) } - - it { is_expected.to create_systemd__unit_file('simp_etc_exports.path').with( { - :enable => true, - :active => true, - :content => <<~EOM - # This file is managed by Puppet (simp-nfs module). Changes will be overwritten - # at the next puppet run. - - [Path] - Unit=simp_etc_exports.service - PathChanged=/etc/exports - - [Install] - WantedBy=multi-user.target + ) + } + + it { + is_expected.to create_concat('/etc/exports').with( + owner: 'root', + group: 'root', + mode: '0644', + ) + } + + it { + is_expected.to create_systemd__unit_file('simp_etc_exports.path').with( + enable: true, + active: true, + content: <<~EOM, + # This file is managed by Puppet (simp-nfs module). Changes will be overwritten + # at the next puppet run. + + [Path] + Unit=simp_etc_exports.service + PathChanged=/etc/exports + + [Install] + WantedBy=multi-user.target EOM - } ) } - - it { is_expected.to create_systemd__unit_file('simp_etc_exports.service').with( { - :enable => true, - :content => <<~EOM - # This file is managed by Puppet (simp-nfs module). Changes will be overwritten - # at the next puppet run. - - [Service] - Type=simple - ExecStart=/usr/sbin/exportfs -ra + ) + } + + it { + is_expected.to create_systemd__unit_file('simp_etc_exports.service').with( + enable: true, + content: <<~EOM, + # This file is managed by Puppet (simp-nfs module). Changes will be overwritten + # at the next puppet run. + + [Service] + Type=simple + ExecStart=/usr/sbin/exportfs -ra EOM - } ) } + ) + } end context 'when nfsv3 only enabled for the NFS client' do @@ -102,273 +114,312 @@ it { is_expected.to compile.with_all_deps } it { is_expected.to create_class('nfs::server::config') } - it { is_expected.to create_concat__fragment('nfs_conf_nfsd').with( { - :target => '/etc/nfs.conf', - :content => <<~EOM - - [nfsd] - port = 2049 - vers2 = false - vers3 = false - vers4 = true - vers4.0 = false - vers4.1 = true - vers4.2 = true - EOM - } ) } - end - - context 'when stunnel enabled' do - context 'when nfsd tcp and udp are not specified in custom config' do - let(:params) {{ - :is_server => true, - :stunnel => true - }} - - it { is_expected.to compile.with_all_deps } - it { is_expected.to create_class('nfs::server::config') } - it 'should explicitly enabled tcp and disable udp in nfsd config' do - is_expected.to create_concat__fragment('nfs_conf_nfsd').with( { - :target => '/etc/nfs.conf', - :content => <<~EOM + it { + is_expected.to create_concat__fragment('nfs_conf_nfsd').with( + target: '/etc/nfs.conf', + content: <<~EOM, [nfsd] port = 2049 - tcp = true - udp = false vers2 = false vers3 = false vers4 = true vers4.0 = false vers4.1 = true vers4.2 = true + EOM + ) + } + end + + context 'when stunnel enabled' do + context 'when nfsd tcp and udp are not specified in custom config' do + let(:params) do + { + is_server: true, + stunnel: true, + } + end + + it { is_expected.to compile.with_all_deps } + it { is_expected.to create_class('nfs::server::config') } + it 'explicitlies enabled tcp and disable udp in nfsd config' do + is_expected.to create_concat__fragment('nfs_conf_nfsd').with( + target: '/etc/nfs.conf', + content: <<~EOM, + + [nfsd] + port = 2049 + tcp = true + udp = false + vers2 = false + vers3 = false + vers4 = true + vers4.0 = false + vers4.1 = true + vers4.2 = true EOM - } ) + ) end end context 'when nfsd tcp and udp are specified with bad settings for stunnel in custom config' do - let(:params) {{ - :is_server => true, - :stunnel => true, - :custom_nfs_conf_opts => { - 'nfsd' => { - # ask for protocol settings that are the opposite of those - # required for stunnnel - 'tcp' => false, - 'udp' => true - } + let(:params) do + { + is_server: true, + stunnel: true, + custom_nfs_conf_opts: { + 'nfsd' => { + # ask for protocol settings that are the opposite of those + # required for stunnnel + 'tcp' => false, + 'udp' => true, + }, + }, } - }} + end it { is_expected.to compile.with_all_deps } it { is_expected.to create_class('nfs::server::config') } - it 'should override tcp and udp settings in nfsd config' do - is_expected.to create_concat__fragment('nfs_conf_nfsd').with( { - :target => '/etc/nfs.conf', - :content => <<~EOM - - [nfsd] - port = 2049 - tcp = true - udp = false - vers2 = false - vers3 = false - vers4 = true - vers4.0 = false - vers4.1 = true - vers4.2 = true + it 'overrides tcp and udp settings in nfsd config' do + is_expected.to create_concat__fragment('nfs_conf_nfsd').with( + target: '/etc/nfs.conf', + content: <<~EOM, + + [nfsd] + port = 2049 + tcp = true + udp = false + vers2 = false + vers3 = false + vers4 = true + vers4.0 = false + vers4.1 = true + vers4.2 = true EOM - } ) + ) end end end context 'with nfs::custom_nfs_conf_opts set' do context "when nfs::custom_nfs_conf_opts has 'exportfs' key" do - let(:params) {{ - :is_server => true, - :custom_nfs_conf_opts => { - 'exportfs' => { - 'debug' => 'all' - } + let(:params) do + { + is_server: true, + custom_nfs_conf_opts: { + 'exportfs' => { + 'debug' => 'all', + }, + }, } - }} + end it { is_expected.to compile.with_all_deps } it { is_expected.to create_class('nfs::server::config') } - it { is_expected.to create_concat__fragment('nfs_conf_exportfs').with( { - :target => '/etc/nfs.conf', - :content => <<~EOM + it { + is_expected.to create_concat__fragment('nfs_conf_exportfs').with( + target: '/etc/nfs.conf', + content: <<~EOM, - [exportfs] - debug = all + [exportfs] + debug = all EOM - } ) } + ) + } end context "when nfs::custom_nfs_conf_opts has 'mountd' key" do - let(:params) {{ - :is_server => true, - :custom_nfs_conf_opts => { - 'mountd' => { - 'threads' => 16 - } + let(:params) do + { + is_server: true, + custom_nfs_conf_opts: { + 'mountd' => { + 'threads' => 16, + }, + }, } - }} + end it { is_expected.to compile.with_all_deps } it { is_expected.to create_class('nfs::server::config') } - it { is_expected.to create_concat__fragment('nfs_conf_mountd').with( { - :target => '/etc/nfs.conf', - :content => <<~EOM - - [mountd] - port = 20048 - threads = 16 + it { + is_expected.to create_concat__fragment('nfs_conf_mountd').with( + target: '/etc/nfs.conf', + content: <<~EOM, + + [mountd] + port = 20048 + threads = 16 EOM - } ) } + ) + } end context "when nfs::custom_nfs_conf_opts has 'nfsd' key" do - let(:params) {{ - :is_server => true, - :custom_nfs_conf_opts => { - 'nfsd' => { - 'threads' => 32 - } + let(:params) do + { + is_server: true, + custom_nfs_conf_opts: { + 'nfsd' => { + 'threads' => 32, + }, + }, } - }} + end it { is_expected.to compile.with_all_deps } it { is_expected.to create_class('nfs::server::config') } - it { is_expected.to create_concat__fragment('nfs_conf_nfsd').with( { - :target => '/etc/nfs.conf', - :content => <<~EOM - - [nfsd] - port = 2049 - threads = 32 - vers2 = false - vers3 = false - vers4 = true - vers4.0 = false - vers4.1 = true - vers4.2 = true + it { + is_expected.to create_concat__fragment('nfs_conf_nfsd').with( + target: '/etc/nfs.conf', + content: <<~EOM, + + [nfsd] + port = 2049 + threads = 32 + vers2 = false + vers3 = false + vers4 = true + vers4.0 = false + vers4.1 = true + vers4.2 = true EOM - } ) } + ) + } end if os_facts[:os][:release][:major].to_i < 8 context "when nfs::custom_nfs_conf_opts has 'nfsd' key with 'threads' key on EL7" do - let(:params) {{ - :is_server => true, - :custom_nfs_conf_opts => { - 'nfsd' => { - 'threads' => 32 - } + let(:params) do + { + is_server: true, + custom_nfs_conf_opts: { + 'nfsd' => { + 'threads' => 32, + }, + }, } - }} + end it { is_expected.to compile.with_all_deps } it { is_expected.to create_class('nfs::server::config') } - it 'should also set RPCNFSDCOUNT in /etc/sysconfig/nfs' do - is_expected.to create_concat__fragment('nfs_RPCNFSDCOUNT').with( { - :target => '/etc/sysconfig/nfs', - :content => 'RPCNFSDCOUNT="32"' - } ) + it 'alsoes set RPCNFSDCOUNT in /etc/sysconfig/nfs' do + is_expected.to create_concat__fragment('nfs_RPCNFSDCOUNT').with( + target: '/etc/sysconfig/nfs', + content: 'RPCNFSDCOUNT="32"', + ) end end end context "when nfs::custom_nfs_conf_opts has 'nfsdcltrack' key" do - let(:params) {{ - :is_server => true, - :custom_nfs_conf_opts => { - 'nfsdcltrack' => { - 'storagedir' => '/some/path' - } + let(:params) do + { + is_server: true, + custom_nfs_conf_opts: { + 'nfsdcltrack' => { + 'storagedir' => '/some/path', + }, + }, } - }} + end it { is_expected.to compile.with_all_deps } it { is_expected.to create_class('nfs::server::config') } - it { is_expected.to create_concat__fragment('nfs_conf_nfsdcltrack').with( { - :target => '/etc/nfs.conf', - :content => <<~EOM + it { + is_expected.to create_concat__fragment('nfs_conf_nfsdcltrack').with( + target: '/etc/nfs.conf', + content: <<~EOM, - [nfsdcltrack] - storagedir = /some/path + [nfsdcltrack] + storagedir = /some/path EOM - } ) } + ) + } end end if os_facts[:os][:release][:major].to_i < 8 context 'when nfs::custom_daemon_args set' do context "when nfs::custom_daemon_args has 'RCIDMAPDARGS' key" do - let(:params) {{ - :is_server => true, - :custom_daemon_args => { 'RPCIDMAPDARGS' => '-C' } - }} + let(:params) do + { + is_server: true, + custom_daemon_args: { 'RPCIDMAPDARGS' => '-C' }, + } + end it { is_expected.to compile.with_all_deps } it { is_expected.to create_class('nfs::server::config') } - it { is_expected.to create_concat__fragment('nfs_RPCIDMAPDARGS').with( { - :target => '/etc/sysconfig/nfs', - :content => 'RPCIDMAPDARGS="-C"' - } ) } + it { + is_expected.to create_concat__fragment('nfs_RPCIDMAPDARGS').with( + target: '/etc/sysconfig/nfs', + content: 'RPCIDMAPDARGS="-C"', + ) + } end context "when nfs::custom_daemon_args has 'RPCMOUNTDARGS' key" do - let(:params) {{ - :is_server => true, - :custom_daemon_args => { 'RPCMOUNTDARGS' => '-f /some/export/file' } - }} + let(:params) do + { + is_server: true, + custom_daemon_args: { 'RPCMOUNTDARGS' => '-f /some/export/file' }, + } + end it { is_expected.to compile.with_all_deps } it { is_expected.to create_class('nfs::server::config') } - it { is_expected.to create_concat__fragment('nfs_RPCMOUNTDARGS').with( { - :target => '/etc/sysconfig/nfs', - :content => 'RPCMOUNTDARGS="-f /some/export/file"' - } ) } + it { + is_expected.to create_concat__fragment('nfs_RPCMOUNTDARGS').with( + target: '/etc/sysconfig/nfs', + content: 'RPCMOUNTDARGS="-f /some/export/file"', + ) + } end context "when nfs::custom_daemon_args has 'RPCNFSDARGS' key" do - let(:params) {{ - :is_server => true, - :custom_daemon_args => { 'RPCNFSDARGS' => '--syslog' } - }} + let(:params) do + { + is_server: true, + custom_daemon_args: { 'RPCNFSDARGS' => '--syslog' }, + } + end it { is_expected.to compile.with_all_deps } it { is_expected.to create_class('nfs::server::config') } - it { is_expected.to create_concat__fragment('nfs_RPCNFSDARGS').with( { - :target => '/etc/sysconfig/nfs', - :content => 'RPCNFSDARGS="--syslog"' - } ) } + it { + is_expected.to create_concat__fragment('nfs_RPCNFSDARGS').with( + target: '/etc/sysconfig/nfs', + content: 'RPCNFSDARGS="--syslog"', + ) + } end end end context 'when nfs::server::custom_rpcrquotad_opts set' do let(:hieradata) { 'nfs_server_custom_rpcrquotad_opts' } + it { is_expected.to compile.with_all_deps } it { is_expected.to create_class('nfs::server::config') } - it { is_expected.to create_file('/etc/sysconfig/rpc-rquotad').with_content( - <<~EOM + it { + is_expected.to create_file('/etc/sysconfig/rpc-rquotad').with_content(<<~EOM) # This file is managed by Puppet (simp-nfs module). Changes will be overwritten # at the next puppet run. # RPCRQUOTADOPTS="--setquota -p 875" - EOM - ) } + EOM + } end context 'when tcpwrappers enabled' do - let(:params) {{ - :is_server => true, - :tcpwrappers => true - }} + let(:params) do + { + is_server: true, + tcpwrappers: true, + } + end it { is_expected.to compile.with_all_deps } it { is_expected.to create_class('nfs::server::config') } diff --git a/spec/classes/server/firewall/nfsv3and4_spec.rb b/spec/classes/server/firewall/nfsv3and4_spec.rb index fd0667b..48b7e35 100644 --- a/spec/classes/server/firewall/nfsv3and4_spec.rb +++ b/spec/classes/server/firewall/nfsv3and4_spec.rb @@ -5,32 +5,38 @@ describe 'private nfs::server::firewall::nfs3andv4' do on_supported_os.each do |os, os_facts| context "on #{os}" do - let(:facts) { + let(:facts) do # to workaround service provider issues related to masking haveged # when tests are run on GitLab runners which are docker containers - os_facts.merge( { :haveged__rngd_enabled => false } ) - } + os_facts.merge(haveged__rngd_enabled: false) + end - let(:params) { { - # nfs class params - :is_server => true, - :nfsv3 => true, - :firewall => true, - :trusted_nets => [ '1.2.3.0/24' ] - }} + let(:params) do + { + # nfs class params + is_server: true, + nfsv3: true, + firewall: true, + trusted_nets: ['1.2.3.0/24'], + } + end it { is_expected.to compile.with_all_deps } it { is_expected.to create_class('nfs::server::firewall::nfsv3and4') } it { is_expected.to create_class('iptables') } - it { is_expected.to create_iptables__listen__tcp_stateful('nfs_client_tcp_ports').with( { - :trusted_nets => params[:trusted_nets], - :dports => [111, 2049, 875, 20048, 662, 32803] - } ) } + it { + is_expected.to create_iptables__listen__tcp_stateful('nfs_client_tcp_ports').with( + trusted_nets: params[:trusted_nets], + dports: [111, 2049, 875, 20_048, 662, 32_803], + ) + } - it { is_expected.to create_iptables__listen__udp('nfs_client_udp_ports').with( { - :trusted_nets => params[:trusted_nets], - :dports => [111, 2049, 875, 20048, 662, 32769] - } ) } + it { + is_expected.to create_iptables__listen__udp('nfs_client_udp_ports').with( + trusted_nets: params[:trusted_nets], + dports: [111, 2049, 875, 20_048, 662, 32_769], + ) + } end end end diff --git a/spec/classes/server/firewall/nfsv4_spec.rb b/spec/classes/server/firewall/nfsv4_spec.rb index 5a9fdcb..7a00331 100644 --- a/spec/classes/server/firewall/nfsv4_spec.rb +++ b/spec/classes/server/firewall/nfsv4_spec.rb @@ -5,31 +5,37 @@ describe 'private nfs::server::firewall::nfsv4' do on_supported_os.each do |os, os_facts| context "on #{os}" do - let(:facts) { + let(:facts) do # to workaround service provider issues related to masking haveged # when tests are run on GitLab runners which are docker containers - os_facts.merge( { :haveged__rngd_enabled => false } ) - } + os_facts.merge(haveged__rngd_enabled: false) + end - let(:params) { { - # nfs class params - :is_server => true, - :firewall => true, - :trusted_nets => [ '1.2.3.0/24' ] - }} + let(:params) do + { + # nfs class params + is_server: true, + firewall: true, + trusted_nets: ['1.2.3.0/24'], + } + end it { is_expected.to compile.with_all_deps } it { is_expected.to create_class('nfs::server::firewall::nfsv4') } it { is_expected.to create_class('iptables') } - it { is_expected.to create_iptables__listen__tcp_stateful('nfs_client_tcp_ports').with( { - :trusted_nets => params[:trusted_nets], - :dports => [111, 2049, 875 ] - } ) } + it { + is_expected.to create_iptables__listen__tcp_stateful('nfs_client_tcp_ports').with( + trusted_nets: params[:trusted_nets], + dports: [111, 2049, 875], + ) + } - it { is_expected.to create_iptables__listen__udp('nfs_client_udp_ports').with( { - :trusted_nets => params[:trusted_nets], - :dports => [111, 2049, 875 ] - } ) } + it { + is_expected.to create_iptables__listen__udp('nfs_client_udp_ports').with( + trusted_nets: params[:trusted_nets], + dports: [111, 2049, 875], + ) + } end end end diff --git a/spec/classes/server/firewall_spec.rb b/spec/classes/server/firewall_spec.rb index 63cfd0c..4edfb56 100644 --- a/spec/classes/server/firewall_spec.rb +++ b/spec/classes/server/firewall_spec.rb @@ -5,97 +5,109 @@ describe 'private nfs::server::firewall' do on_supported_os.each do |os, os_facts| context "on #{os}" do - let(:facts) { + let(:facts) do # to workaround service provider issues related to masking haveged # when tests are run on GitLab runners which are docker containers - os_facts.merge( { :haveged__rngd_enabled => false } ) - } + os_facts.merge(haveged__rngd_enabled: false) + end context 'when stunnel enabled' do context 'when nfsv3 enabled' do - let(:params) { { - # nfs class params - :is_server => true, - :nfsv3 => true, - :firewall => true, - :stunnel => true - }} + let(:params) do + { + # nfs class params + is_server: true, + nfsv3: true, + firewall: true, + stunnel: true, + } + end it { is_expected.to compile.with_all_deps } it { is_expected.to create_class('nfs::server::firewall') } it { is_expected.to create_class('nfs::server::firewall::nfsv3and4') } - it { is_expected.to_not create_class('nfs::server::firewall::nfsv4') } + it { is_expected.not_to create_class('nfs::server::firewall::nfsv4') } end context 'when nfsv3 only enabled for the NFS client' do let(:hieradata) { 'nfs_nfsv3_and_not_nfs_server_nfsd_vers3' } - let(:params) { { - # nfs class params - :firewall => true, - :stunnel => true - }} + let(:params) do + { + # nfs class params + firewall: true, + stunnel: true, + } + end it { is_expected.to compile.with_all_deps } it { is_expected.to create_class('nfs::server::firewall') } - it { is_expected.to_not create_class('nfs::server::firewall::nfsv3and4') } - it { is_expected.to_not create_class('nfs::server::firewall::nfsv4') } + it { is_expected.not_to create_class('nfs::server::firewall::nfsv3and4') } + it { is_expected.not_to create_class('nfs::server::firewall::nfsv4') } end context 'when nfsv3 disabled' do - let(:params) { { - # nfs class params - :is_server => true, - :nfsv3 => false, - :firewall => true, - :stunnel => true - }} + let(:params) do + { + # nfs class params + is_server: true, + nfsv3: false, + firewall: true, + stunnel: true, + } + end it { is_expected.to compile.with_all_deps } it { is_expected.to create_class('nfs::server::firewall') } - it { is_expected.to_not create_class('nfs::server::firewall::nfsv3and4') } - it { is_expected.to_not create_class('nfs::server::firewall::nfsv4') } + it { is_expected.not_to create_class('nfs::server::firewall::nfsv3and4') } + it { is_expected.not_to create_class('nfs::server::firewall::nfsv4') } end end context 'when stunnel disabled' do context 'when nfsv3 enabled' do - let(:params) { { - # nfs class params - :is_server => true, - :nfsv3 => true, - :firewall => true, - :stunnel => false - }} + let(:params) do + { + # nfs class params + is_server: true, + nfsv3: true, + firewall: true, + stunnel: false, + } + end it { is_expected.to compile.with_all_deps } it { is_expected.to create_class('nfs::server::firewall::nfsv3and4') } - it { is_expected.to_not create_class('nfs::server::firewall::nfsv4') } + it { is_expected.not_to create_class('nfs::server::firewall::nfsv4') } end context 'when nfsv3 only enabled for the NFS client' do let(:hieradata) { 'nfs_nfsv3_and_not_nfs_server_nfsd_vers3' } - let(:params) { { - # nfs class params - :firewall => true, - :stunnel => false - }} + let(:params) do + { + # nfs class params + firewall: true, + stunnel: false, + } + end it { is_expected.to compile.with_all_deps } - it { is_expected.to_not create_class('nfs::server::firewall::nfsv3and4') } + it { is_expected.not_to create_class('nfs::server::firewall::nfsv3and4') } it { is_expected.to create_class('nfs::server::firewall::nfsv4') } end context 'when nfsv3 disabled' do - let(:params) { { - # nfs class params - :is_server => true, - :nfsv3 => false, - :firewall => true, - :stunnel => false - }} + let(:params) do + { + # nfs class params + is_server: true, + nfsv3: false, + firewall: true, + stunnel: false, + } + end it { is_expected.to compile.with_all_deps } - it { is_expected.to_not create_class('nfs::server::firewall::nfsv3and4') } + it { is_expected.not_to create_class('nfs::server::firewall::nfsv3and4') } it { is_expected.to create_class('nfs::server::firewall::nfsv4') } end end diff --git a/spec/classes/server/service_spec.rb b/spec/classes/server/service_spec.rb index 16bb201..5409b3d 100644 --- a/spec/classes/server/service_spec.rb +++ b/spec/classes/server/service_spec.rb @@ -5,48 +5,58 @@ describe 'private nfs::server::service' do on_supported_os.each do |os, os_facts| context "on #{os}" do - let(:facts) { + let(:facts) do # to workaround service provider issues related to masking haveged # when tests are run on GitLab runners which are docker containers - os_facts.merge( { :haveged__rngd_enabled => false } ) - } + os_facts.merge(haveged__rngd_enabled: false) + end - let(:params) {{ :is_server => true, }} + let(:params) { { is_server: true } } it { is_expected.to compile.with_all_deps } it { is_expected.to create_class('nfs::server::service') } - it { is_expected.to create_service('nfs-server.service').with( { - :ensure => 'running', - :enable => true, - :hasrestart => false, - :restart => '/usr/bin/systemctl restart nfs-utils.service nfs-server.service' - } ) } - - it { is_expected.to create_sysctl('sunrpc.tcp_slot_table_entries').with( { - :ensure => 'present', - :val => 128, - :silent => true - } ) } - - it { is_expected.to create_sysctl('sunrpc.udp_slot_table_entries').with( { - :ensure => 'present', - :val => 128, - :silent => true - } ) } + it { + is_expected.to create_service('nfs-server.service').with( + ensure: 'running', + enable: true, + hasrestart: false, + restart: '/usr/bin/systemctl restart nfs-utils.service nfs-server.service', + ) + } + + it { + is_expected.to create_sysctl('sunrpc.tcp_slot_table_entries').with( + ensure: 'present', + val: 128, + silent: true, + ) + } + + it { + is_expected.to create_sysctl('sunrpc.udp_slot_table_entries').with( + ensure: 'present', + val: 128, + silent: true, + ) + } it { is_expected.to create_svckill__ignore('nfs-mountd') } - it { is_expected.to create_service('rpcbind.service').with( { - :ensure => 'running', - :enable => true, - :hasrestart => true - } ) } - - it { is_expected.to create_service('rpc-rquotad.service').with( { - :ensure => 'running', - :enable => true, - :hasrestart => true - } ) } + it { + is_expected.to create_service('rpcbind.service').with( + ensure: 'running', + enable: true, + hasrestart: true, + ) + } + + it { + is_expected.to create_service('rpc-rquotad.service').with( + ensure: 'running', + enable: true, + hasrestart: true, + ) + } end end end diff --git a/spec/classes/server/stunnel_spec.rb b/spec/classes/server/stunnel_spec.rb index 7adf379..0fb1c5a 100644 --- a/spec/classes/server/stunnel_spec.rb +++ b/spec/classes/server/stunnel_spec.rb @@ -5,35 +5,39 @@ describe 'private nfs::server::stunnel' do on_supported_os.each do |os, os_facts| context "on #{os}" do - let(:facts) { + let(:facts) do # to workaround service provider issues related to masking haveged # when tests are run on GitLab runners which are docker containers - os_facts.merge( { :haveged__rngd_enabled => false } ) - } + os_facts.merge(haveged__rngd_enabled: false) + end - let(:params) {{ - :is_server => true, - :firewall => true, - :stunnel => true, - :tcpwrappers => true, - :trusted_nets => [ '1.2.3.0/24' ] - }} + let(:params) do + { + is_server: true, + firewall: true, + stunnel: true, + tcpwrappers: true, + trusted_nets: ['1.2.3.0/24'], + } + end it { is_expected.to compile.with_all_deps } it { is_expected.to create_class('nfs::server::stunnel') } - it { is_expected.to create_stunnel__instance('nfsd').with( { - :client => false, - :trusted_nets => params[:trusted_nets], - :connect => [2049], - :accept => ['0.0.0.0:20490'], - :verify => 2, - :socket_options => ['l:TCP_NODELAY=1','r:TCP_NODELAY=1'], - :systemd_wantedby => [ 'nfs-server.service' ], - :firewall => true, - :tcpwrappers => true, - :tag => ['nfs'] - } ) } + it { + is_expected.to create_stunnel__instance('nfsd').with( + client: false, + trusted_nets: params[:trusted_nets], + connect: [2049], + accept: ['0.0.0.0:20490'], + verify: 2, + socket_options: ['l:TCP_NODELAY=1', 'r:TCP_NODELAY=1'], + systemd_wantedby: ['nfs-server.service'], + firewall: true, + tcpwrappers: true, + tag: ['nfs'], + ) + } end end end diff --git a/spec/classes/server/tcpwrappers_spec.rb b/spec/classes/server/tcpwrappers_spec.rb index 264f523..bae0e65 100644 --- a/spec/classes/server/tcpwrappers_spec.rb +++ b/spec/classes/server/tcpwrappers_spec.rb @@ -5,110 +5,129 @@ describe 'private nfs::server::tcpwrappers' do on_supported_os.each do |os, os_facts| context "on #{os}" do - let(:facts) { + let(:facts) do # to workaround service provider issues related to masking haveged # when tests are run on GitLab runners which are docker containers - os_facts.merge( { :haveged__rngd_enabled => false } ) - } + os_facts.merge(haveged__rngd_enabled: false) + end context 'when tcpwrappers and nfsv3 enabled' do - let(:params) {{ - :is_server => true, - :nfsv3 => true, - :tcpwrappers => true, - :trusted_nets => [ '1.2.3.0/24' ] - }} + let(:params) do + { + is_server: true, + nfsv3: true, + tcpwrappers: true, + trusted_nets: [ '1.2.3.0/24' ], + } + end it { is_expected.to compile.with_all_deps } it { is_expected.to create_class('nfs::server::tcpwrappers') } if os_facts[:os][:release][:major].to_i > 7 - it { is_expected.to_not create_class('tcpwrappers') } - it { is_expected.to_not create_tcpwrappers__allow('rpcbind') } - it { is_expected.to_not create_tcpwrappers__allow('statd') } - it { is_expected.to_not create_tcpwrappers__allow('mountd') } - it { is_expected.to_not create_tcpwrappers__allow('rquotad') } + it { is_expected.not_to create_class('tcpwrappers') } + it { is_expected.not_to create_tcpwrappers__allow('rpcbind') } + it { is_expected.not_to create_tcpwrappers__allow('statd') } + it { is_expected.not_to create_tcpwrappers__allow('mountd') } + it { is_expected.not_to create_tcpwrappers__allow('rquotad') } else it { is_expected.to create_class('tcpwrappers') } - it { is_expected.to create_tcpwrappers__allow('rpcbind').with_pattern( - params[:trusted_nets] - ) } - - it { is_expected.to create_tcpwrappers__allow('statd').with_pattern( - params[:trusted_nets] - ) } - - it { is_expected.to create_tcpwrappers__allow('mountd').with_pattern( - params[:trusted_nets] - ) } - - it { is_expected.to create_tcpwrappers__allow('rquotad').with_pattern( - params[:trusted_nets] - ) } + it { + is_expected.to create_tcpwrappers__allow('rpcbind').with_pattern( + params[:trusted_nets], + ) + } + + it { + is_expected.to create_tcpwrappers__allow('statd').with_pattern( + params[:trusted_nets], + ) + } + + it { + is_expected.to create_tcpwrappers__allow('mountd').with_pattern( + params[:trusted_nets], + ) + } + + it { + is_expected.to create_tcpwrappers__allow('rquotad').with_pattern( + params[:trusted_nets], + ) + } end end context 'when tcpwrappers and nfsv3 enabled only for client' do let(:hieradata) { 'nfs_nfsv3_and_not_nfs_server_nfsd_vers3' } - let(:params) {{ - :tcpwrappers => true, - :trusted_nets => [ '1.2.3.0/24' ] - }} + let(:params) do + { + tcpwrappers: true, + trusted_nets: [ '1.2.3.0/24' ], + } + end it { is_expected.to compile.with_all_deps } it { is_expected.to create_class('nfs::server::tcpwrappers') } if os_facts[:os][:release][:major].to_i > 7 - it { is_expected.to_not create_class('tcpwrappers') } - it { is_expected.to_not create_tcpwrappers__allow('rpcbind') } - it { is_expected.to_not create_tcpwrappers__allow('statd') } - it { is_expected.to_not create_tcpwrappers__allow('mountd') } - it { is_expected.to_not create_tcpwrappers__allow('rquotad') } + it { is_expected.not_to create_class('tcpwrappers') } + it { is_expected.not_to create_tcpwrappers__allow('rpcbind') } + it { is_expected.not_to create_tcpwrappers__allow('statd') } + it { is_expected.not_to create_tcpwrappers__allow('rquotad') } else it { is_expected.to create_class('tcpwrappers') } - it { is_expected.to create_tcpwrappers__allow('rpcbind').with_pattern( - params[:trusted_nets] - ) } + it { + is_expected.to create_tcpwrappers__allow('rpcbind').with_pattern( + params[:trusted_nets], + ) + } # allowed by base config it { is_expected.to create_tcpwrappers__allow('statd') } - it { is_expected.to_not create_tcpwrappers__allow('mountd') } - it { is_expected.to create_tcpwrappers__allow('rquotad').with_pattern( - params[:trusted_nets] - ) } + it { + is_expected.to create_tcpwrappers__allow('rquotad').with_pattern( + params[:trusted_nets], + ) + } end + it { is_expected.not_to create_tcpwrappers__allow('mountd') } end context 'when tcpwrappers enabled and nfsv3 disabled' do - let(:params) {{ - :is_server => true, - :nfsv3 => false, - :tcpwrappers => true, - :trusted_nets => [ '1.2.3.0/24' ] - }} + let(:params) do + { + is_server: true, + nfsv3: false, + tcpwrappers: true, + trusted_nets: [ '1.2.3.0/24' ], + } + end it { is_expected.to compile.with_all_deps } it { is_expected.to create_class('nfs::server::tcpwrappers') } if os_facts[:os][:release][:major].to_i > 7 - it { is_expected.to_not create_class('tcpwrappers') } - it { is_expected.to_not create_tcpwrappers__allow('rpcbind') } - it { is_expected.to_not create_tcpwrappers__allow('statd') } - it { is_expected.to_not create_tcpwrappers__allow('mountd') } - it { is_expected.to_not create_tcpwrappers__allow('rquotad') } + it { is_expected.not_to create_class('tcpwrappers') } + it { is_expected.not_to create_tcpwrappers__allow('rpcbind') } + it { is_expected.not_to create_tcpwrappers__allow('rquotad') } else it { is_expected.to create_class('tcpwrappers') } - it { is_expected.to create_tcpwrappers__allow('rpcbind').with_pattern( - params[:trusted_nets] - ) } - - it { is_expected.to_not create_tcpwrappers__allow('statd') } - it { is_expected.to_not create_tcpwrappers__allow('mountd') } - it { is_expected.to create_tcpwrappers__allow('rquotad').with_pattern( - params[:trusted_nets] - ) } + it { + is_expected.to create_tcpwrappers__allow('rpcbind').with_pattern( + params[:trusted_nets], + ) + } + + it { + is_expected.to create_tcpwrappers__allow('rquotad').with_pattern( + params[:trusted_nets], + ) + } end + it { is_expected.not_to create_tcpwrappers__allow('statd') } + it { is_expected.not_to create_tcpwrappers__allow('mountd') } end end end diff --git a/spec/classes/server_spec.rb b/spec/classes/server_spec.rb index bddd87c..e32cb28 100644 --- a/spec/classes/server_spec.rb +++ b/spec/classes/server_spec.rb @@ -5,14 +5,14 @@ describe 'private nfs::server' do on_supported_os.each do |os, os_facts| context "on #{os}" do - let(:facts) { + let(:facts) do # to workaround service provider issues related to masking haveged # when tests are run on GitLab runners which are docker containers - os_facts.merge( { :haveged__rngd_enabled => false } ) - } + os_facts.merge(haveged__rngd_enabled: false) + end context 'with default nfs and nfs::server parameters' do - let(:params) {{ :is_server => true }} + let(:params) { { is_server: true } } it { is_expected.to compile.with_all_deps } it { is_expected.to create_class('nfs::server') } @@ -21,18 +21,20 @@ it { is_expected.to create_class('nfs::server::config') } it { is_expected.to create_class('nfs::server::service') } it { is_expected.to create_class('nfs::idmapd::server') } - it { is_expected.to_not create_class('nfs::server::stunnel') } - it { is_expected.to_not create_class('nfs::server::firewall') } - it { is_expected.to_not create_class('krb5') } - it { is_expected.to_not create_class('krb5::keytab') } + it { is_expected.not_to create_class('nfs::server::stunnel') } + it { is_expected.not_to create_class('nfs::server::firewall') } + it { is_expected.not_to create_class('krb5') } + it { is_expected.not_to create_class('krb5::keytab') } end context 'with nfs::stunnel = true' do context 'with nfs::server::nfsd_vers_4_0 = false' do - let(:params) {{ - :is_server => true, - :stunnel => true - }} + let(:params) do + { + is_server: true, + stunnel: true, + } + end it { is_expected.to compile.with_all_deps } it { is_expected.to create_class('nfs::server') } @@ -41,15 +43,18 @@ context 'with nfs::server::nfsd_vers4_0 = true' do let(:hieradata) { 'nfs_server_stunnel_and_nfsd_vers4_0' } - it { is_expected.to_not compile.with_all_deps } + + it { is_expected.not_to compile.with_all_deps } end end context 'with nfs::firewall = true' do - let(:params) {{ - :is_server => true, - :firewall => true - }} + let(:params) do + { + is_server: true, + firewall: true, + } + end it { is_expected.to compile.with_all_deps } it { is_expected.to create_class('nfs::server') } @@ -58,24 +63,28 @@ context 'with nfs::kerberos = true' do context 'with nfs::keytab_on_puppet = false' do - let(:params) {{ - :is_server => true, - :kerberos => true, - :keytab_on_puppet => false - }} + let(:params) do + { + is_server: true, + kerberos: true, + keytab_on_puppet: false, + } + end it { is_expected.to compile.with_all_deps } it { is_expected.to create_class('nfs::server') } it { is_expected.to create_class('krb5') } - it { is_expected.to_not create_class('krb5::keytab') } + it { is_expected.not_to create_class('krb5::keytab') } end context 'with nfs::keytab_on_puppet = true' do - let(:params) {{ - :is_server => true, - :kerberos => true, - :keytab_on_puppet => true - }} + let(:params) do + { + is_server: true, + kerberos: true, + keytab_on_puppet: true, + } + end it { is_expected.to compile.with_all_deps } it { is_expected.to create_class('nfs::server') } diff --git a/spec/defines/client/mount/connection_spec.rb b/spec/defines/client/mount/connection_spec.rb index ffb9a72..4b93786 100644 --- a/spec/defines/client/mount/connection_spec.rb +++ b/spec/defines/client/mount/connection_spec.rb @@ -5,129 +5,145 @@ context "on #{os}" do before(:each) do # Mask 'assert_private' with mock version for testing - Puppet::Parser::Functions.newfunction(:assert_private, :type => :rvalue) { |args| } + Puppet::Parser::Functions.newfunction(:assert_private, type: :rvalue) { |args| } end let(:pre_condition) { "include 'nfs'" } - let(:facts) { + let(:facts) do # to workaround service provider issues related to masking haveged # when tests are run on GitLab runners which are docker containers - os_facts.merge( { :haveged__rngd_enabled => false } ) - } + os_facts.merge(haveged__rngd_enabled: false) + end let(:title) { '/mnt/apps' } context 'when stunnel=true and nfs_version=4' do - let(:params) {{ - :nfs_server => '1.2.3.4', - :nfs_version => 4, - :nfsd_port => 2049, - :firewall => true, - :stunnel => true, - :stunnel_nfsd_port => 20490, - :stunnel_socket_options => ['l:TCP_NODELAY=1','r:TCP_NODELAY=1'], - :stunnel_verify => 2, - :stunnel_wantedby => [ 'remote-fs-pre.target' ], - :tcpwrappers => true - }} + let(:params) do + { + nfs_server: '1.2.3.4', + nfs_version: 4, + nfsd_port: 2049, + firewall: true, + stunnel: true, + stunnel_nfsd_port: 20_490, + stunnel_socket_options: ['l:TCP_NODELAY=1', 'r:TCP_NODELAY=1'], + stunnel_verify: 2, + stunnel_wantedby: ['remote-fs-pre.target'], + tcpwrappers: true, + } + end it { is_expected.to compile.with_all_deps } it { is_expected.to create_nfs__client__mount__connection(title) } - it { is_expected.to create_nfs__client__stunnel('1.2.3.4:2049').with( { - :nfs_server => params[:nfs_server], - :nfsd_accept_port => params[:nfsd_port], - :nfsd_connect_port => params[:stunnel_nfsd_port], - :stunnel_socket_options => params[:stunnel_socket_options], - :stunnel_verify => params[:stunnel_verify], - :stunnel_wantedby => params[:stunnel_wantedby], - :firewall => params[:firewall], - :tcpwrappers => params[:tcpwrappers] - } ) } + it { + is_expected.to create_nfs__client__stunnel('1.2.3.4:2049').with( + nfs_server: params[:nfs_server], + nfsd_accept_port: params[:nfsd_port], + nfsd_connect_port: params[:stunnel_nfsd_port], + stunnel_socket_options: params[:stunnel_socket_options], + stunnel_verify: params[:stunnel_verify], + stunnel_wantedby: params[:stunnel_wantedby], + firewall: params[:firewall], + tcpwrappers: params[:tcpwrappers], + ) + } - it { is_expected.to_not create_iptables__listen__tcp_stateful('nfs_callback_1.2.3.4') } - it { is_expected.to_not create_iptables__listen__tcp_stateful('nfs_status_tcp_1.2.3.4') } - it { is_expected.to_not create_iptables__listen__udp('nfs_status_udp_1.2.3.4') } + it { is_expected.not_to create_iptables__listen__tcp_stateful('nfs_callback_1.2.3.4') } + it { is_expected.not_to create_iptables__listen__tcp_stateful('nfs_status_tcp_1.2.3.4') } + it { is_expected.not_to create_iptables__listen__udp('nfs_status_udp_1.2.3.4') } end context 'when stunnel=false' do context 'when firewall=false' do - let(:params) {{ - :nfs_server => '1.2.3.4', - :nfs_version => 4, - :nfsd_port => 2049, - :firewall => false, - :stunnel => false, - :stunnel_nfsd_port => 20490, - :stunnel_socket_options => ['l:TCP_NODELAY=1','r:TCP_NODELAY=1'], - :stunnel_verify => 2, - :stunnel_wantedby => [ 'remote-fs-pre.target' ], - :tcpwrappers => true - }} + let(:params) do + { + nfs_server: '1.2.3.4', + nfs_version: 4, + nfsd_port: 2049, + firewall: false, + stunnel: false, + stunnel_nfsd_port: 20_490, + stunnel_socket_options: ['l:TCP_NODELAY=1', 'r:TCP_NODELAY=1'], + stunnel_verify: 2, + stunnel_wantedby: ['remote-fs-pre.target'], + tcpwrappers: true, + } + end it { is_expected.to compile.with_all_deps } it { is_expected.to create_nfs__client__mount__connection(title) } - it { is_expected.to_not create_class('iptables') } - it { is_expected.to_not create_nfs__client__stunnel('1.2.3.4:2049') } - it { is_expected.to_not create_iptables__listen__tcp_stateful('nfs_callback_1.2.3.4') } - it { is_expected.to_not create_iptables__listen__tcp_stateful('nfs_status_tcp_1.2.3.4') } - it { is_expected.to_not create_iptables__listen__udp('nfs_status_udp_1.2.3.4') } + it { is_expected.not_to create_class('iptables') } + it { is_expected.not_to create_nfs__client__stunnel('1.2.3.4:2049') } + it { is_expected.not_to create_iptables__listen__tcp_stateful('nfs_callback_1.2.3.4') } + it { is_expected.not_to create_iptables__listen__tcp_stateful('nfs_status_tcp_1.2.3.4') } + it { is_expected.not_to create_iptables__listen__udp('nfs_status_udp_1.2.3.4') } end context 'when firewall=true' do context 'when nfs_version=4' do - let(:params) {{ - :nfs_server => '1.2.3.4', - :nfs_version => 4, - :nfsd_port => 2049, - :firewall => true, - :stunnel => false, - :stunnel_nfsd_port => 20490, - :stunnel_socket_options => ['l:TCP_NODELAY=1','r:TCP_NODELAY=1'], - :stunnel_verify => 2, - :stunnel_wantedby => [ 'remote-fs-pre.target' ], - :tcpwrappers => true - }} + let(:params) do + { + nfs_server: '1.2.3.4', + nfs_version: 4, + nfsd_port: 2049, + firewall: true, + stunnel: false, + stunnel_nfsd_port: 20_490, + stunnel_socket_options: ['l:TCP_NODELAY=1', 'r:TCP_NODELAY=1'], + stunnel_verify: 2, + stunnel_wantedby: ['remote-fs-pre.target'], + tcpwrappers: true, + } + end it { is_expected.to compile.with_all_deps } it { is_expected.to create_nfs__client__mount__connection(title) } it { is_expected.to create_class('iptables') } - it { is_expected.to_not create_nfs__client__stunnel('1.2.3.4:2049') } - it { is_expected.to create_iptables__listen__tcp_stateful('nfs_callback_1.2.3.4').with( { - :trusted_nets => [ params[:nfs_server] ], - :dports => [ 876 ] - } ) } + it { is_expected.not_to create_nfs__client__stunnel('1.2.3.4:2049') } + it { + is_expected.to create_iptables__listen__tcp_stateful('nfs_callback_1.2.3.4').with( + trusted_nets: [params[:nfs_server]], + dports: [876], + ) + } - it { is_expected.to_not create_iptables__listen__tcp_stateful('nfs_status_tcp_1.2.3.4') } - it { is_expected.to_not create_iptables__listen__udp('nfs_status_udp_1.2.3.4') } + it { is_expected.not_to create_iptables__listen__tcp_stateful('nfs_status_tcp_1.2.3.4') } + it { is_expected.not_to create_iptables__listen__udp('nfs_status_udp_1.2.3.4') } end context 'when nfs_version=3' do - let(:params) {{ - :nfs_server => '1.2.3.4', - :nfs_version => 3, - :nfsd_port => 2049, - :firewall => true, - :stunnel => false, - :stunnel_nfsd_port => 20490, - :stunnel_socket_options => ['l:TCP_NODELAY=1','r:TCP_NODELAY=1'], - :stunnel_verify => 2, - :stunnel_wantedby => [ 'remote-fs-pre.target' ], - :tcpwrappers => true - }} + let(:params) do + { + nfs_server: '1.2.3.4', + nfs_version: 3, + nfsd_port: 2049, + firewall: true, + stunnel: false, + stunnel_nfsd_port: 20_490, + stunnel_socket_options: ['l:TCP_NODELAY=1', 'r:TCP_NODELAY=1'], + stunnel_verify: 2, + stunnel_wantedby: ['remote-fs-pre.target'], + tcpwrappers: true, + } + end it { is_expected.to compile.with_all_deps } it { is_expected.to create_nfs__client__mount__connection(title) } - it { is_expected.to_not create_nfs__client__stunnel('1.2.3.4:2049') } - it { is_expected.to_not create_iptables__listen__tcp_stateful('nfs_callback_1.2.3.4') } - it { is_expected.to create_iptables__listen__tcp_stateful('nfs_status_tcp_1.2.3.4').with({ - :trusted_nets => [ params[:nfs_server] ], - :dports => [ 111, 32803, 662 ] - } ) } + it { is_expected.not_to create_nfs__client__stunnel('1.2.3.4:2049') } + it { is_expected.not_to create_iptables__listen__tcp_stateful('nfs_callback_1.2.3.4') } + it { + is_expected.to create_iptables__listen__tcp_stateful('nfs_status_tcp_1.2.3.4').with( + trusted_nets: [params[:nfs_server]], + dports: [111, 32_803, 662], + ) + } - it { is_expected.to create_iptables__listen__udp('nfs_status_udp_1.2.3.4').with({ - :trusted_nets => [ params[:nfs_server] ], - :dports => [ 111, 32769, 662 ] - } ) } + it { + is_expected.to create_iptables__listen__udp('nfs_status_udp_1.2.3.4').with( + trusted_nets: [params[:nfs_server]], + dports: [111, 32_769, 662], + ) + } end end end diff --git a/spec/defines/client/mount_spec.rb b/spec/defines/client/mount_spec.rb index 66b0a5f..4c2764f 100644 --- a/spec/defines/client/mount_spec.rb +++ b/spec/defines/client/mount_spec.rb @@ -9,14 +9,14 @@ on_supported_os.each do |os, os_facts| context "on #{os}" do - let(:facts) { + let(:facts) do # to workaround service provider issues related to masking haveged # when tests are run on GitLab runners which are docker containers - os_facts.merge( { :haveged__rngd_enabled => false } ) - } + os_facts.merge(haveged__rngd_enabled: false) + end let(:title) { '/net/apps' } - let(:nfs_server) { '1.2.3.4'} + let(:nfs_server) { '1.2.3.4' } let(:pre_condition) do # Mask 'simplib::host_is_me' with mock version for testing @@ -24,315 +24,359 @@ end context 'with default parameters' do - let(:params) {{ - :nfs_server => nfs_server, - :remote_path => title - }} + let(:params) do + { + nfs_server: nfs_server, + remote_path: title, + } + end context 'with defaults for nfs and nfs::client' do - include_examples 'a base client mount define' + it_behaves_like 'a base client mount define' it { is_expected.not_to contain_service('remote-fs.target') } - it 'should use nfs & nfs::client defaults for unspecified connection params' do - is_expected.to create_nfs__client__mount__connection(title).with( { - :nfs_server => params[:nfs_server], - :nfs_version => 4, - :nfsd_port => 2049, # from nfs - :firewall => false, # from nfs - :stunnel => false, # from nfs::client - :stunnel_nfsd_port => 20490, # from nfs - :stunnel_socket_options => ['l:TCP_NODELAY=1','r:TCP_NODELAY=1'], # from nfs::client - :stunnel_verify => 2, # from nfs::client - :stunnel_wantedby => ['remote-fs-pre.target'], # from nfs::client - :tcpwrappers => false # from nfs - } ) + it 'uses nfs & nfs::client defaults for unspecified connection params' do + is_expected.to create_nfs__client__mount__connection(title).with( + nfs_server: params[:nfs_server], + nfs_version: 4, + nfsd_port: 2049, # from nfs + firewall: false, # from nfs + stunnel: false, # from nfs::client + stunnel_nfsd_port: 20_490, # from nfs + stunnel_socket_options: ['l:TCP_NODELAY=1', 'r:TCP_NODELAY=1'], # from nfs::client + stunnel_verify: 2, # from nfs::client + stunnel_wantedby: ['remote-fs-pre.target'], # from nfs::client + tcpwrappers: false, # from nfs + ) end it { is_expected.to contain_class('autofs') } - it { is_expected.to contain_autofs__map(title).with( { - :mount_point => '/-', - :mappings => { + it { + is_expected.to contain_autofs__map(title).with( + mount_point: '/-', + mappings: { 'key' => title, 'options' => '-_netdev,nfsvers=4,port=2049,soft,sec=sys', - 'location' => "#{params[:nfs_server]}:#{params[:remote_path]}" - } - } ) } + 'location' => "#{params[:nfs_server]}:#{params[:remote_path]}", + }, + ) + } end context 'with explicit nfs and nfs::client parameters' do let(:hieradata) { 'nfs_client_mount_custom' } - include_examples 'a base client mount define' - it 'should use nfs & nfs::client params for unspecified connection params' do - is_expected.to create_nfs__client__mount__connection(title).with( { - :nfs_server => params[:nfs_server], - :nfs_version => 4, - :nfsd_port => 2050, # from nfs - :firewall => true, # from nfs - :stunnel => true, # from nfs::client - :stunnel_nfsd_port => 20500, # from nfs - :stunnel_socket_options => ['l:TCP_NODELAY=2','r:TCP_NODELAY=2'], # from nfs::client - :stunnel_verify => 1, # from nfs::client - :stunnel_wantedby => ['remote-fs-pre.target', 'some-other.service'], # from nfs::client - :tcpwrappers => true # from nfs - } ) + + it_behaves_like 'a base client mount define' + it 'uses nfs & nfs::client params for unspecified connection params' do + is_expected.to create_nfs__client__mount__connection(title).with( + nfs_server: params[:nfs_server], + nfs_version: 4, + nfsd_port: 2050, # from nfs + firewall: true, # from nfs + stunnel: true, # from nfs::client + stunnel_nfsd_port: 20_500, # from nfs + stunnel_socket_options: ['l:TCP_NODELAY=2', 'r:TCP_NODELAY=2'], # from nfs::client + stunnel_verify: 1, # from nfs::client + stunnel_wantedby: ['remote-fs-pre.target', 'some-other.service'], # from nfs::client + tcpwrappers: true, # from nfs + ) end end end # context 'with default parameters' do context 'with autofs' do - let(:base_params) {{ - :nfs_server => nfs_server, - :remote_path => title, - :autofs => true - }} + let(:base_params) do + { + nfs_server: nfs_server, + remote_path: title, + autofs: true, + } + end context 'with direct map' do context 'with NFSv3' do let(:pre_condition) { "class { 'nfs': nfsv3 => true }" } - let(:params) { base_params.merge( { :nfs_version => 3, :stunnel => false } ) } + let(:params) { base_params.merge(nfs_version: 3, stunnel: false) } - include_examples 'a base client mount define' + it_behaves_like 'a base client mount define' it { is_expected.to create_nfs__client__mount__connection(title).with_nfs_version(3) } it { is_expected.to contain_class('autofs') } - it { is_expected.to contain_autofs__map(title).with( { - :mount_point => '/-', - :mappings => { + it { + is_expected.to contain_autofs__map(title).with( + mount_point: '/-', + mappings: { 'key' => title, 'options' => '-_netdev,nfsvers=3,port=2049,soft', - 'location' => "#{params[:nfs_server]}:#{params[:remote_path]}" - } - } ) } + 'location' => "#{params[:nfs_server]}:#{params[:remote_path]}", + }, + ) + } end context 'with NFSV4 and stunnel' do - let(:params) { - base_params.merge( { - :nfsd_port => 2050, - :stunnel => true, - :stunnel_nfsd_port => 20500, - :stunnel_socket_options => ['l:TCP_NODELAY=2','r:TCP_NODELAY=2'], - :stunnel_verify => 1, - :stunnel_wantedby => ['remote-fs-pre.target', 'some-other.service'] - } ) + let(:params) do + base_params.merge( + nfsd_port: 2050, + stunnel: true, + stunnel_nfsd_port: 20_500, + stunnel_socket_options: ['l:TCP_NODELAY=2', 'r:TCP_NODELAY=2'], + stunnel_verify: 1, + stunnel_wantedby: ['remote-fs-pre.target', 'some-other.service'], + ) + end + + it_behaves_like 'a base client mount define' + it { + is_expected.to create_nfs__client__mount__connection(title).with( + nfs_server: params[:nfs_server], + nfs_version: 4, + nfsd_port: 2050, + stunnel: true, + stunnel_nfsd_port: 20_500, + stunnel_socket_options: ['l:TCP_NODELAY=2', 'r:TCP_NODELAY=2'], + stunnel_verify: 1, + stunnel_wantedby: ['remote-fs-pre.target', 'some-other.service'], + ) } - include_examples 'a base client mount define' - it { is_expected.to create_nfs__client__mount__connection(title).with( { - :nfs_server => params[:nfs_server], - :nfs_version => 4, - :nfsd_port => 2050, - :stunnel => true, - :stunnel_nfsd_port => 20500, - :stunnel_socket_options => ['l:TCP_NODELAY=2','r:TCP_NODELAY=2'], - :stunnel_verify => 1, - :stunnel_wantedby => ['remote-fs-pre.target', 'some-other.service'] - } ) } - it { is_expected.to contain_class('autofs') } - it { is_expected.to contain_autofs__map(title).with( { - :mount_point => '/-', - :mappings => { + it { + is_expected.to contain_autofs__map(title).with( + mount_point: '/-', + mappings: { 'key' => title, 'options' => '-_netdev,nfsvers=4,port=2050,soft,sec=sys,proto=tcp', - 'location' => "127.0.0.1:#{params[:remote_path]}" - } - } ) } - - it { is_expected.to contain_stunnel__instance("nfs_#{params[:nfs_server]}:2050_client_nfsd") - .that_notifies('Exec[autofs_reload]') } + 'location' => "127.0.0.1:#{params[:remote_path]}", + }, + ) + } + it { + is_expected.to contain_stunnel__instance("nfs_#{params[:nfs_server]}:2050_client_nfsd") + .that_notifies('Exec[autofs_reload]') + } end context 'with NFSV4 without stunnel' do - let(:params) { base_params.merge( { :stunnel => false } ) } - - include_examples 'a base client mount define' - it { is_expected.to create_nfs__client__mount__connection(title).with( { - :nfs_server => params[:nfs_server], - :nfs_version => 4, - :nfsd_port => 2049, - :stunnel => false - } ) } + let(:params) { base_params.merge(stunnel: false) } + + it_behaves_like 'a base client mount define' + it { + is_expected.to create_nfs__client__mount__connection(title).with( + nfs_server: params[:nfs_server], + nfs_version: 4, + nfsd_port: 2049, + stunnel: false, + ) + } it { is_expected.to contain_class('autofs') } - it { is_expected.to contain_autofs__map(title).with( { - :mount_point => '/-', - :mappings => { + it { + is_expected.to contain_autofs__map(title).with( + mount_point: '/-', + mappings: { 'key' => title, 'options' => '-_netdev,nfsvers=4,port=2049,soft,sec=sys', - 'location' => "#{params[:nfs_server]}:#{params[:remote_path]}" - } - } ) } + 'location' => "#{params[:nfs_server]}:#{params[:remote_path]}", + }, + ) + } end - end #context 'with direct map' do + end # context 'with direct map' do context 'with indirect map' do context 'with NFSv3' do let(:pre_condition) { "class { 'nfs': nfsv3 => true }" } - let(:params) { - base_params.merge( { - :nfs_version => 3, - :autofs_indirect_map_key => 'some_dir', + let(:params) do + base_params.merge( + nfs_version: 3, + autofs_indirect_map_key: 'some_dir', # this will be ignored - :stunnel => true - } ) - } + stunnel: true, + ) + end it { is_expected.to compile.with_all_deps } - it { is_expected.to contain_autofs__map(title).with( { - :mount_point => title, - :mappings => [ { - 'key' => params[:autofs_indirect_map_key], - 'options' => '-_netdev,nfsvers=3,port=2049,soft', - 'location' => "#{params[:nfs_server]}:#{params[:remote_path]}" - } ] - } ) } + it { + is_expected.to contain_autofs__map(title).with( + mount_point: title, + mappings: [ + { + 'key' => params[:autofs_indirect_map_key], + 'options' => '-_netdev,nfsvers=3,port=2049,soft', + 'location' => "#{params[:nfs_server]}:#{params[:remote_path]}", + }, + ], + ) + } end context 'with NFSV4 and stunnel' do - let(:params) { - base_params.merge( { - :autofs_indirect_map_key => 'some_dir', - :stunnel => true - } ) - } + let(:params) do + base_params.merge( + autofs_indirect_map_key: 'some_dir', + stunnel: true, + ) + end it { is_expected.to compile.with_all_deps } - it { is_expected.to contain_autofs__map(title).with( { - :mount_point => title, - :mappings => [ { - 'key' => params[:autofs_indirect_map_key], - 'options' => '-_netdev,nfsvers=4,port=2049,soft,sec=sys,proto=tcp', - 'location' => "127.0.0.1:#{params[:remote_path]}" - } ] - } ) } + it { + is_expected.to contain_autofs__map(title).with( + mount_point: title, + mappings: [ + { + 'key' => params[:autofs_indirect_map_key], + 'options' => '-_netdev,nfsvers=4,port=2049,soft,sec=sys,proto=tcp', + 'location' => "127.0.0.1:#{params[:remote_path]}", + }, + ], + ) + } end context 'with NFSV4 without stunnel' do - let(:params) { - base_params.merge( { - :autofs_indirect_map_key => 'some_dir', - :stunnel => false - } ) - } + let(:params) do + base_params.merge( + autofs_indirect_map_key: 'some_dir', + stunnel: false, + ) + end it { is_expected.to compile.with_all_deps } - it { is_expected.to contain_autofs__map(title).with( { - :mount_point => title, - :mappings => [ { - 'key' => params[:autofs_indirect_map_key], - 'options' => '-_netdev,nfsvers=4,port=2049,soft,sec=sys', - 'location' => "#{params[:nfs_server]}:#{params[:remote_path]}" - } ] - } ) } + it { + is_expected.to contain_autofs__map(title).with( + mount_point: title, + mappings: [ + { + 'key' => params[:autofs_indirect_map_key], + 'options' => '-_netdev,nfsvers=4,port=2049,soft,sec=sys', + 'location' => "#{params[:nfs_server]}:#{params[:remote_path]}", + }, + ], + ) + } end context 'with key substitution' do - let(:params) { - base_params.merge( { - :autofs_indirect_map_key => '*', - :autofs_add_key_subst => true - } ) - } + let(:params) do + base_params.merge( + autofs_indirect_map_key: '*', + autofs_add_key_subst: true, + ) + end it { is_expected.to compile.with_all_deps } - it { is_expected.to contain_autofs__map(title).with( { - :mount_point => title, - :mappings => [ { - 'key' => params[:autofs_indirect_map_key], - 'options' => '-_netdev,nfsvers=4,port=2049,soft,sec=sys', - 'location' => "#{params[:nfs_server]}:#{params[:remote_path]}/&" - } ] - } ) } + it { + is_expected.to contain_autofs__map(title).with( + mount_point: title, + mappings: [ + { + 'key' => params[:autofs_indirect_map_key], + 'options' => '-_netdev,nfsvers=4,port=2049,soft,sec=sys', + 'location' => "#{params[:nfs_server]}:#{params[:remote_path]}/&", + }, + ], + ) + } end end - end #context 'with autofs' do + end # context 'with autofs' do context 'without autofs' do - let(:base_params) {{ - :nfs_server => nfs_server, - :remote_path => title, - :autofs => false - }} + let(:base_params) do + { + nfs_server: nfs_server, + remote_path: title, + autofs: false, + } + end context 'with NFSv3' do let(:pre_condition) { "class { 'nfs': nfsv3 => true }" } - let(:params) { base_params.merge( { :nfs_version => 3, :stunnel => false } ) } + let(:params) { base_params.merge(nfs_version: 3, stunnel: false) } - include_examples 'a base client mount define' + it_behaves_like 'a base client mount define' it { is_expected.to create_nfs__client__mount__connection(title).with_nfs_version(3) } it { is_expected.to contain_service('remote-fs.target').with_enable(true) } - it { is_expected.to contain_mount(title).with( { - :ensure => 'mounted', - :atboot => true, - :device => "#{params[:nfs_server]}:#{params[:remote_path]}", - :fstype => 'nfs', - :options => '_netdev,nfsvers=3,port=2049,soft', - :remounts => false - } ) } - - it { is_expected.to_not contain_class('autofs') } - it { is_expected.to_not contain_autofs__map(title) } + it { + is_expected.to contain_mount(title).with( + ensure: 'mounted', + atboot: true, + device: "#{params[:nfs_server]}:#{params[:remote_path]}", + fstype: 'nfs', + options: '_netdev,nfsvers=3,port=2049,soft', + remounts: false, + ) + } + + it { is_expected.not_to contain_class('autofs') } + it { is_expected.not_to contain_autofs__map(title) } end context 'with NFSV4 and stunnel' do - let(:params) { base_params.merge( { :stunnel => true } ) } + let(:params) { base_params.merge(stunnel: true) } - include_examples 'a base client mount define' + it_behaves_like 'a base client mount define' it { is_expected.to create_nfs__client__mount__connection(title).with_nfs_version(4) } it { is_expected.to contain_service('remote-fs.target').with_enable(true) } - it { is_expected.to contain_mount(title).with( { - :ensure => 'mounted', - :atboot => true, - :device => "127.0.0.1:#{params[:remote_path]}", - :fstype => 'nfs', - :options => '_netdev,nfsvers=4,port=2049,soft,sec=sys,proto=tcp', - :remounts => false - } ) } - - it { is_expected.to_not contain_class('autofs') } - it { is_expected.to_not contain_autofs__map(title) } + it { + is_expected.to contain_mount(title).with( + ensure: 'mounted', + atboot: true, + device: "127.0.0.1:#{params[:remote_path]}", + fstype: 'nfs', + options: '_netdev,nfsvers=4,port=2049,soft,sec=sys,proto=tcp', + remounts: false, + ) + } + + it { is_expected.not_to contain_class('autofs') } + it { is_expected.not_to contain_autofs__map(title) } end context 'with NFSV4 without stunnel' do - let(:params) { base_params.merge( { :stunnel => false } ) } + let(:params) { base_params.merge(stunnel: false) } - include_examples 'a base client mount define' + it_behaves_like 'a base client mount define' it { is_expected.to create_nfs__client__mount__connection(title).with_nfs_version(4) } it { is_expected.to contain_service('remote-fs.target').with_enable(true) } - it { is_expected.to contain_mount(title).with( { - :ensure => 'mounted', - :atboot => true, - :device => "#{params[:nfs_server]}:#{params[:remote_path]}", - :fstype => 'nfs', - :options => '_netdev,nfsvers=4,port=2049,soft,sec=sys', - :remounts => false - } ) } - - it { is_expected.to_not contain_class('autofs') } - it { is_expected.to_not contain_autofs__map(title) } + it { + is_expected.to contain_mount(title).with( + ensure: 'mounted', + atboot: true, + device: "#{params[:nfs_server]}:#{params[:remote_path]}", + fstype: 'nfs', + options: '_netdev,nfsvers=4,port=2049,soft,sec=sys', + remounts: false, + ) + } + + it { is_expected.not_to contain_class('autofs') } + it { is_expected.not_to contain_autofs__map(title) } end context 'with at_boot=false and ensure=present' do - let(:params) { - base_params.merge( { - :at_boot => false, - :ensure => 'present', - :stunnel => false - } ) - } + let(:params) do + base_params.merge( + at_boot: false, + ensure: 'present', + stunnel: false, + ) + end it { is_expected.to compile.with_all_deps } it { is_expected.to create_nfs__client__mount__connection(title).with_nfs_version(4) } it { is_expected.to contain_service('remote-fs.target').with_enable(true) } - it { is_expected.to contain_mount(title).with( { - :ensure => 'present', - :atboot => false, - :device => "#{params[:nfs_server]}:#{params[:remote_path]}", - :fstype => 'nfs', - :options => '_netdev,nfsvers=4,port=2049,soft,sec=sys', - :remounts => false - } ) } + it { + is_expected.to contain_mount(title).with( + ensure: 'present', + atboot: false, + device: "#{params[:nfs_server]}:#{params[:remote_path]}", + fstype: 'nfs', + options: '_netdev,nfsvers=4,port=2049,soft,sec=sys', + remounts: false, + ) + } end end # context 'without autofs' do @@ -342,68 +386,74 @@ 'function simplib::host_is_me($host) { return true }' end - let(:base_params) {{ - :nfs_server => nfs_server, - :remote_path => title, - :stunnel => false, - :autofs => false # same logic exercised for static and auto mounts - }} + let(:base_params) do + { + nfs_server: nfs_server, + remote_path: title, + stunnel: false, + autofs: false, # same logic exercised for static and auto mounts + } + end context 'autodetect_remote=false and simplib::host_is_me($host)=true' do - let(:params) { base_params.merge( { :autodetect_remote => false } ) } + let(:params) { base_params.merge(autodetect_remote: false) } - include_examples 'a base client mount define' + it_behaves_like 'a base client mount define' it { is_expected.to create_nfs__client__mount__connection(title).with_nfs_version(4) } it { is_expected.to contain_service('remote-fs.target').with_enable(true) } - it 'should not use localhost for mount' do - is_expected.to contain_mount(title).with( { - :ensure => 'mounted', - :atboot => true, - :device => "#{params[:nfs_server]}:#{params[:remote_path]}", - :fstype => 'nfs', - :options => '_netdev,nfsvers=4,port=2049,soft,sec=sys', - :remounts => false - } ) + it 'does not use localhost for mount' do + is_expected.to contain_mount(title).with( + ensure: 'mounted', + atboot: true, + device: "#{params[:nfs_server]}:#{params[:remote_path]}", + fstype: 'nfs', + options: '_netdev,nfsvers=4,port=2049,soft,sec=sys', + remounts: false, + ) end end context 'autodetect_remote=true and simplib::host_is_me($host)=true' do - let(:params) { base_params.merge( { :autodetect_remote => true } ) } + let(:params) { base_params.merge(autodetect_remote: true) } it { is_expected.to contain_service('remote-fs.target').with_enable(true) } - it 'should use localhost for mount' do - is_expected.to contain_mount(title).with( { - :ensure => 'mounted', - :atboot => true, - :device => "127.0.0.1:#{params[:remote_path]}", - :fstype => 'nfs', - :options => '_netdev,nfsvers=4,port=2049,soft,sec=sys', - :remounts => false - } ) + it 'uses localhost for mount' do + is_expected.to contain_mount(title).with( + ensure: 'mounted', + atboot: true, + device: "127.0.0.1:#{params[:remote_path]}", + fstype: 'nfs', + options: '_netdev,nfsvers=4,port=2049,soft,sec=sys', + remounts: false, + ) end end - end #context 'with other autodetect_remote permutations' do + end # context 'with other autodetect_remote permutations' do context 'errors' do context 'title is not a full path' do - let(:params) {{ - :nfs_server => '1.2.3.4', - :remote_path => 'home' - }} + let(:params) do + { + nfs_server: '1.2.3.4', + remote_path: 'home', + } + end - it { is_expected.to_not compile.with_all_deps } + it { is_expected.not_to compile.with_all_deps } end context 'when nfs_version=3 but nfs::nfsv3=false' do - let(:params) {{ - :nfs_server => '1.2.3.4', - :remote_path => '/home', - :nfs_version => 3 - }} + let(:params) do + { + nfs_server: '1.2.3.4', + remote_path: '/home', + nfs_version: 3, + } + end - it { is_expected.to_not compile.with_all_deps } + it { is_expected.not_to compile.with_all_deps } end end - end #context "on #{os}" - end #on_supported_os.each -end #describe + end # context "on #{os}" + end # on_supported_os.each +end # describe diff --git a/spec/defines/client/stunnel_spec.rb b/spec/defines/client/stunnel_spec.rb index 420daaa..781621a 100644 --- a/spec/defines/client/stunnel_spec.rb +++ b/spec/defines/client/stunnel_spec.rb @@ -5,26 +5,28 @@ context "on #{os}" do before(:each) do # Mask 'assert_private' with mock version for testing - Puppet::Parser::Functions.newfunction(:assert_private, :type => :rvalue) { |args| } + Puppet::Parser::Functions.newfunction(:assert_private, type: :rvalue) { |args| } end - let(:facts) { + let(:facts) do # to workaround service provider issues related to masking haveged # when tests are run on GitLab runners which are docker containers - os_facts.merge( { :haveged__rngd_enabled => false } ) - } + os_facts.merge(haveged__rngd_enabled: false) + end let(:title) { '1.2.3.4:2049' } - let(:params) {{ - :nfs_server => '1.2.3.4', - :nfsd_accept_port => 2049, - :nfsd_connect_port => 20490, - :stunnel_socket_options => ['l:TCP_NODELAY=1','r:TCP_NODELAY=1'], - :stunnel_verify => 2, - :stunnel_wantedby => [ 'remote-fs-pre.target' ], - :firewall => true, - :tcpwrappers => true - }} + let(:params) do + { + nfs_server: '1.2.3.4', + nfsd_accept_port: 2049, + nfsd_connect_port: 20_490, + stunnel_socket_options: ['l:TCP_NODELAY=1', 'r:TCP_NODELAY=1'], + stunnel_verify: 2, + stunnel_wantedby: ['remote-fs-pre.target'], + firewall: true, + tcpwrappers: true, + } + end context 'when is not the NFS server' do let(:pre_condition) do @@ -33,17 +35,18 @@ end it { is_expected.to compile.with_all_deps } - it { is_expected.to create_stunnel__instance("nfs_#{title}_client_nfsd").with( { - :connect => ['1.2.3.4:20490'], - :accept => '127.0.0.1:2049', - :verify => params[:stunnel_verify], - :socket_options => params[:stunnel_socket_options], - :systemd_wantedby => params[:stunnel_wantedby], - :firewall => params[:firewall], - :tcpwrappers => params[:tcpwrappers], - :tag => ['nfs'] - } ) } - + it { + is_expected.to create_stunnel__instance("nfs_#{title}_client_nfsd").with( + connect: ['1.2.3.4:20490'], + accept: '127.0.0.1:2049', + verify: params[:stunnel_verify], + socket_options: params[:stunnel_socket_options], + systemd_wantedby: params[:stunnel_wantedby], + firewall: params[:firewall], + tcpwrappers: params[:tcpwrappers], + tag: ['nfs'], + ) + } end context 'when is the NFS server' do @@ -53,7 +56,7 @@ end it { is_expected.to compile.with_all_deps } - it { is_expected.to_not create_stunnel__instance("nfs_#{title}_client_nfsd") } + it { is_expected.not_to create_stunnel__instance("nfs_#{title}_client_nfsd") } end end end diff --git a/spec/defines/server/export_spec.rb b/spec/defines/server/export_spec.rb index fd0516c..04f953a 100644 --- a/spec/defines/server/export_spec.rb +++ b/spec/defines/server/export_spec.rb @@ -1,7 +1,6 @@ require 'spec_helper' describe 'nfs::server::export' do - def mock_selinux_false_facts(os_facts) os_facts[:selinux] = false os_facts[:os][:selinux][:config_mode] = 'disabled' @@ -21,24 +20,24 @@ def mock_selinux_enforcing_facts(os_facts) os_facts end - on_supported_os.each do |os, os_facts| context "on #{os}" do let(:pre_condition) { 'class { "nfs": is_server => true }' } - let(:facts) { - os_facts.merge( { + let(:facts) do + os_facts.merge( # to workaround service provider issues related to masking haveged # when tests are run on GitLab runners which are docker containers - :haveged__rngd_enabled => false, - :ipv6_enabled => true - } ) - } + haveged__rngd_enabled: false, + ipv6_enabled: true, + ) + end let(:title) { 'nfs_test' } + base_params = { - :export_path => '/foo/bar/baz', - :clients => ['0.0.0.0/0'] + export_path: '/foo/bar/baz', + clients: ['0.0.0.0/0'], } context 'with default parameters' do @@ -60,24 +59,26 @@ def mock_selinux_enforcing_facts(os_facts) end context 'with parameters different from defaults' do - let(:params) { base_params.merge({ - :insecure => true, - :rw => true, - :async => true, - :no_wdelay => true, - :nohide => true, - :crossmnt => true, - :subtree_check => true, - :insecure_locks => true, - :nordirplus => true, - :pnfs => true, - :security_label => false, - :sec => ['sys', 'krb5p'], - :no_root_squash => true, - :all_squash => true, - :anonuid => 65520, - :anongid => 65530 - }) } + let(:params) do + base_params.merge( + insecure: true, + rw: true, + async: true, + no_wdelay: true, + nohide: true, + crossmnt: true, + subtree_check: true, + insecure_locks: true, + nordirplus: true, + pnfs: true, + security_label: false, + sec: ['sys', 'krb5p'], + no_root_squash: true, + all_squash: true, + anonuid: 65_520, + anongid: 65_530, + ) + end it { is_expected.to contain_class('nfs::server') } @@ -93,13 +94,15 @@ def mock_selinux_enforcing_facts(os_facts) end context 'with optional parameters set and mountpoint is a path' do - let(:params) { base_params.merge({ - :comment => 'some comment', - :mountpoint => '/mount/point/path', - :fsid => 'test_vsid', - :refer => ['/path@test_refer1', '/path@test_refer2'], - :replicas => ['/path@test_replica1', '/path@test_replica2'] - }) } + let(:params) do + base_params.merge( + comment: 'some comment', + mountpoint: '/mount/point/path', + fsid: 'test_vsid', + refer: ['/path@test_refer1', '/path@test_refer2'], + replicas: ['/path@test_replica1', '/path@test_replica2'], + ) + end it { is_expected.to compile.with_all_deps } @@ -116,7 +119,8 @@ def mock_selinux_enforcing_facts(os_facts) end context 'with mountpoint is a true' do - let(:params) { base_params.merge({ :mountpoint => true }) } + let(:params) { base_params.merge(mountpoint: true) } + it { is_expected.to compile.with_all_deps } it { @@ -124,14 +128,15 @@ def mock_selinux_enforcing_facts(os_facts) /foo/bar/baz 0.0.0.0/0(sync,mp,security_label,sec=sys,anonuid=65534,anongid=65534) /foo/bar/baz 127.0.0.1(sync,mp,security_label,sec=sys,anonuid=65534,anongid=65534,insecure) /foo/bar/baz ::1(sync,mp,security_label,sec=sys,anonuid=65534,anongid=65534,insecure) - EOM + EOM is_expected.to create_concat__fragment("nfs_#{title}_export").with_content(content) } end context 'with custom set' do - let(:params) { base_params.merge({ :custom => 'some custom setting' }) } + let(:params) { base_params.merge(custom: 'some custom setting') } + it { is_expected.to compile.with_all_deps } it { @@ -147,16 +152,17 @@ def mock_selinux_enforcing_facts(os_facts) context "with selinux disabled and 'sys' in 'sec' parameter" do let(:params) { base_params } - let(:facts) { - os_facts.merge( { + let(:facts) do + os_facts.merge( # to workaround service provider issues related to masking haveged # when tests are run on GitLab runners which are docker containers - :haveged__rngd_enabled => false, - }) + haveged__rngd_enabled: false, + ) mock_selinux_false_facts(os_facts) - } + end + it { is_expected.to compile.with_all_deps } - it { is_expected.to_not contain_selboolean('nfsd_anon_write') } + it { is_expected.not_to contain_selboolean('nfsd_anon_write') } end end end diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index f44bcc2..3c1bf14 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -1,4 +1,5 @@ # frozen_string_literal: true + # # ------------------------------------------------------------------------------ # NOTICE: **This file is maintained with puppetsync** @@ -24,18 +25,18 @@ end default_hiera_config = <<~HIERA_CONFIG ---- -version: 5 -hierarchy: - - name: Custom Test Hiera - path: "%{custom_hiera}.yaml" - - name: "%{module_name}" - path: "%{module_name}.yaml" - - name: Common - path: default.yaml -defaults: - data_hash: yaml_data - datadir: "stub" + --- + version: 5 + hierarchy: + - name: Custom Test Hiera + path: "%{custom_hiera}.yaml" + - name: "%{module_name}" + path: "%{module_name}.yaml" + - name: Common + path: default.yaml + defaults: + data_hash: yaml_data + datadir: "stub" HIERA_CONFIG # This can be used from inside your spec tests to set the testable environment. @@ -86,10 +87,10 @@ def set_hieradata(hieradata) # If nothing else... c.default_facts = { production: { - #:fqdn => 'production.rspec.test.localdomain', + # :fqdn => 'production.rspec.test.localdomain', path: '/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin', - concat_basedir: '/tmp' - } + concat_basedir: '/tmp', + }, } c.mock_framework = :rspec @@ -146,9 +147,9 @@ def set_hieradata(hieradata) # sanitize hieradata if defined?(hieradata) - set_hieradata(hieradata.gsub(':', '_')) + set_hieradata(hieradata.tr(':', '_')) elsif defined?(class_name) - set_hieradata(class_name.gsub(':', '_')) + set_hieradata(class_name.tr(':', '_')) end end @@ -160,9 +161,7 @@ def set_hieradata(hieradata) end Dir.glob("#{RSpec.configuration.module_path}/*").each do |dir| - begin - Pathname.new(dir).realpath - rescue StandardError - raise "ERROR: The module '#{dir}' is not installed. Tests cannot continue." - end + Pathname.new(dir).realpath +rescue StandardError + raise "ERROR: The module '#{dir}' is not installed. Tests cannot continue." end diff --git a/spec/spec_helper_acceptance.rb b/spec/spec_helper_acceptance.rb index 42f89fa..544ea90 100644 --- a/spec/spec_helper_acceptance.rb +++ b/spec/spec_helper_acceptance.rb @@ -20,7 +20,6 @@ end end - RSpec.configure do |c| # ensure that environment OS is ready on each host fix_errata_on hosts @@ -34,21 +33,17 @@ # Configure all nodes in nodeset c.before :suite do - begin - # Install modules and dependencies from spec/fixtures/modules - copy_fixture_modules_to( hosts ) + # Install modules and dependencies from spec/fixtures/modules + copy_fixture_modules_to(hosts) - # Generate and install PKI certificates on each SUT - Dir.mktmpdir do |cert_dir| - run_fake_pki_ca_on( default, hosts, cert_dir ) - hosts.each{ |sut| copy_pki_to( sut, cert_dir, '/etc/pki/simp-testing' )} - end - rescue StandardError, ScriptError => e - if ENV['PRY'] - require 'pry'; binding.pry - else - raise e - end + # Generate and install PKI certificates on each SUT + Dir.mktmpdir do |cert_dir| + run_fake_pki_ca_on(default, hosts, cert_dir) + hosts.each { |sut| copy_pki_to(sut, cert_dir, '/etc/pki/simp-testing') } end + rescue StandardError, ScriptError => e + raise e unless ENV['PRY'] + require 'pry' + binding.pry # rubocop:disable Lint/Debugger end end