diff --git a/deployment/puppet/ntp/.gitignore b/deployment/puppet/ntp/.gitignore index 10c147642f..b5b7a00d67 100644 --- a/deployment/puppet/ntp/.gitignore +++ b/deployment/puppet/ntp/.gitignore @@ -1,4 +1,7 @@ pkg/ Gemfile.lock -.rspec_system/ -.*.sw* +vendor/ +spec/fixtures/ +.vagrant/ +.bundle/ +coverage/ diff --git a/deployment/puppet/ntp/.sync.yml b/deployment/puppet/ntp/.sync.yml new file mode 100644 index 0000000000..66a03c649e --- /dev/null +++ b/deployment/puppet/ntp/.sync.yml @@ -0,0 +1,3 @@ +--- +spec/spec_helper.rb: + unmanaged: true diff --git a/deployment/puppet/ntp/.travis.yml b/deployment/puppet/ntp/.travis.yml index fe5850a5d9..a40ae502e9 100644 --- a/deployment/puppet/ntp/.travis.yml +++ b/deployment/puppet/ntp/.travis.yml @@ -1,31 +1,17 @@ --- -branches: - only: - - master language: ruby bundler_args: --without development -script: "bundle exec rake spec SPEC_OPTS='--format documentation'" -rvm: -- 1.8.7 -- 1.9.3 -- 2.0.0 -env: - matrix: - - PUPPET_GEM_VERSION="~> 2.7.0" - - PUPPET_GEM_VERSION="~> 3.0.0" - - PUPPET_GEM_VERSION="~> 3.1.0" - - PUPPET_GEM_VERSION="~> 3.2.0" +script: "bundle exec rake validate && bundle exec rake lint && bundle exec rake spec SPEC_OPTS='--format documentation'" matrix: - exclude: - - rvm: 1.9.3 - env: PUPPET_GEM_VERSION="~> 2.7.0" - - rvm: 2.0.0 - env: PUPPET_GEM_VERSION="~> 2.7.0" - - rvm: 2.0.0 - env: PUPPET_GEM_VERSION="~> 3.0.0" - - rvm: 2.0.0 - env: PUPPET_GEM_VERSION="~> 3.1.0" - - rvm: 1.8.7 - env: PUPPET_GEM_VERSION="~> 3.2.0" + fast_finish: true + include: + - rvm: 1.8.7 + env: PUPPET_GEM_VERSION="~> 2.7.0" FACTER_GEM_VERSION="~> 1.6.0" + - rvm: 1.8.7 + env: PUPPET_GEM_VERSION="~> 2.7.0" FACTER_GEM_VERSION="~> 1.7.0" + - rvm: 1.9.3 + env: PUPPET_GEM_VERSION="~> 3.0" + - rvm: 2.0.0 + env: PUPPET_GEM_VERSION="~> 3.0" notifications: email: false diff --git a/deployment/puppet/ntp/CHANGELOG.md b/deployment/puppet/ntp/CHANGELOG.md index 08d9a87264..00dee7398a 100644 --- a/deployment/puppet/ntp/CHANGELOG.md +++ b/deployment/puppet/ntp/CHANGELOG.md @@ -1,3 +1,41 @@ +##2014-11-04 - Supported Release 3.3.0 +###Summary + +This release adds support for SLES 12. + +####Features +- Added support for SLES 12 + +##2014-10-02 - Supported Release 3.2.1 +###Summary + +This is a bug-fix release addressing the security concerns of setting /etc/ntp to mode 0755 recursively. + +####Bugfixes +- Do not recursively set ownership/mode of /etc/ntp + +##2014-09-10 - Supported Release 3.2.0 +###Summary + +This is primarily a feature release. It adds a few new parameters to class `ntp` +and adds support for Solaris 11. + +####Features +- Add the `$interfaces` parameter to `ntp` +- Add support for Solaris 10 and 11 +- Synchronized files with modulesync +- Test updates +- Add the `$iburst_enable` parameter to `ntp` + +####Bugfixes +- Fixes for strict variables +- Remove dependency on stdlib4 + +##2014-06-06 - Release 3.1.2 +###Summary + +This is a supported release. This release fixes a manifest typo. + ##2014-06-06 - Release 3.1.1 ###Summary diff --git a/deployment/puppet/ntp/CONTRIBUTING.md b/deployment/puppet/ntp/CONTRIBUTING.md index a2b1d77bc8..e1288478a2 100644 --- a/deployment/puppet/ntp/CONTRIBUTING.md +++ b/deployment/puppet/ntp/CONTRIBUTING.md @@ -1,9 +1,234 @@ -Puppet Labs modules on the Puppet Forge are open projects, and community contributions -are essential for keeping them great. We can’t access the huge number of platforms and -myriad of hardware, software, and deployment configurations that Puppet is intended to serve. +Checklist (and a short version for the impatient) +================================================= -We want to keep it as easy as possible to contribute changes so that our modules work -in your environment. There are a few guidelines that we need contributors to follow so -that we can have a chance of keeping on top of things. + * Commits: + + - Make commits of logical units. + + - Check for unnecessary whitespace with "git diff --check" before + committing. + + - Commit using Unix line endings (check the settings around "crlf" in + git-config(1)). + + - Do not check in commented out code or unneeded files. + + - The first line of the commit message should be a short + description (50 characters is the soft limit, excluding ticket + number(s)), and should skip the full stop. + + - Associate the issue in the message. The first line should include + the issue number in the form "(#XXXX) Rest of message". + + - The body should provide a meaningful commit message, which: + + - uses the imperative, present tense: "change", not "changed" or + "changes". + + - includes motivation for the change, and contrasts its + implementation with the previous behavior. + + - Make sure that you have tests for the bug you are fixing, or + feature you are adding. + + - Make sure the test suites passes after your commit: + `bundle exec rspec spec/acceptance` More information on [testing](#Testing) below + + - When introducing a new feature, make sure it is properly + documented in the README.md + + * Submission: + + * Pre-requisites: + + - Sign the [Contributor License Agreement](https://cla.puppetlabs.com/) + + - Make sure you have a [GitHub account](https://github.com/join) + + - [Create a ticket](http://projects.puppetlabs.com/projects/modules/issues/new), or [watch the ticket](http://projects.puppetlabs.com/projects/modules/issues) you are patching for. + + * Preferred method: + + - Fork the repository on GitHub. + + - Push your changes to a topic branch in your fork of the + repository. (the format ticket/1234-short_description_of_change is + usually preferred for this project). + + - Submit a pull request to the repository in the puppetlabs + organization. + +The long version +================ + + 1. Make separate commits for logically separate changes. + + Please break your commits down into logically consistent units + which include new or changed tests relevant to the rest of the + change. The goal of doing this is to make the diff easier to + read for whoever is reviewing your code. In general, the easier + your diff is to read, the more likely someone will be happy to + review it and get it into the code base. + + If you are going to refactor a piece of code, please do so as a + separate commit from your feature or bug fix changes. + + We also really appreciate changes that include tests to make + sure the bug is not re-introduced, and that the feature is not + accidentally broken. + + Describe the technical detail of the change(s). If your + description starts to get too long, that is a good sign that you + probably need to split up your commit into more finely grained + pieces. + + Commits which plainly describe the things which help + reviewers check the patch and future developers understand the + code are much more likely to be merged in with a minimum of + bike-shedding or requested changes. Ideally, the commit message + would include information, and be in a form suitable for + inclusion in the release notes for the version of Puppet that + includes them. + + Please also check that you are not introducing any trailing + whitespace or other "whitespace errors". You can do this by + running "git diff --check" on your changes before you commit. + + 2. Sign the Contributor License Agreement + + Before we can accept your changes, we do need a signed Puppet + Labs Contributor License Agreement (CLA). + + You can access the CLA via the [Contributor License Agreement link](https://cla.puppetlabs.com/) + + If you have any questions about the CLA, please feel free to + contact Puppet Labs via email at cla-submissions@puppetlabs.com. + + 3. Sending your patches + + To submit your changes via a GitHub pull request, we _highly_ + recommend that you have them on a topic branch, instead of + directly on "master". + It makes things much easier to keep track of, especially if + you decide to work on another thing before your first change + is merged in. + + GitHub has some pretty good + [general documentation](http://help.github.com/) on using + their site. They also have documentation on + [creating pull requests](http://help.github.com/send-pull-requests/). + + In general, after pushing your topic branch up to your + repository on GitHub, you can switch to the branch in the + GitHub UI and click "Pull Request" towards the top of the page + in order to open a pull request. + + + 4. Update the related GitHub issue. + + If there is a GitHub issue associated with the change you + submitted, then you should update the ticket to include the + location of your branch, along with any other commentary you + may wish to make. + +Testing +======= + +Getting Started +--------------- + +Our puppet modules provide [`Gemfile`](./Gemfile)s which can tell a ruby +package manager such as [bundler](http://bundler.io/) what Ruby packages, +or Gems, are required to build, develop, and test this software. + +Please make sure you have [bundler installed](http://bundler.io/#getting-started) +on your system, then use it to install all dependencies needed for this project, +by running + +```shell +% bundle install +Fetching gem metadata from https://rubygems.org/........ +Fetching gem metadata from https://rubygems.org/.. +Using rake (10.1.0) +Using builder (3.2.2) +-- 8><-- many more --><8 -- +Using rspec-system-puppet (2.2.0) +Using serverspec (0.6.3) +Using rspec-system-serverspec (1.0.0) +Using bundler (1.3.5) +Your bundle is complete! +Use `bundle show [gemname]` to see where a bundled gem is installed. +``` + +NOTE some systems may require you to run this command with sudo. + +If you already have those gems installed, make sure they are up-to-date: + +```shell +% bundle update +``` + +With all dependencies in place and up-to-date we can now run the tests: + +```shell +% rake spec +``` + +This will execute all the [rspec tests](http://rspec-puppet.com/) tests +under [spec/defines](./spec/defines), [spec/classes](./spec/classes), +and so on. rspec tests may have the same kind of dependencies as the +module they are testing. While the module defines in its [Modulefile](./Modulefile), +rspec tests define them in [.fixtures.yml](./fixtures.yml). + +Some puppet modules also come with [beaker](https://github.com/puppetlabs/beaker) +tests. These tests spin up a virtual machine under +[VirtualBox](https://www.virtualbox.org/)) with, controlling it with +[Vagrant](http://www.vagrantup.com/) to actually simulate scripted test +scenarios. In order to run these, you will need both of those tools +installed on your system. + +You can run them by issuing the following command + +```shell +% rake spec_clean +% rspec spec/acceptance +``` + +This will now download a pre-fabricated image configured in the [default node-set](./spec/acceptance/nodesets/default.yml), +install puppet, copy this module and install its dependencies per [spec/spec_helper_acceptance.rb](./spec/spec_helper_acceptance.rb) +and then run all the tests under [spec/acceptance](./spec/acceptance). + +Writing Tests +------------- + +XXX getting started writing tests. + +If you have commit access to the repository +=========================================== + +Even if you have commit access to the repository, you will still need to +go through the process above, and have someone else review and merge +in your changes. The rule is that all changes must be reviewed by a +developer on the project (that did not write the code) to ensure that +all changes go through a code review process. + +Having someone other than the author of the topic branch recorded as +performing the merge is the record that they performed the code +review. + + +Additional Resources +==================== + +* [Getting additional help](http://projects.puppetlabs.com/projects/puppet/wiki/Getting_Help) + +* [Writing tests](http://projects.puppetlabs.com/projects/puppet/wiki/Development_Writing_Tests) + +* [Patchwork](https://patchwork.puppetlabs.com) + +* [Contributor License Agreement](https://projects.puppetlabs.com/contributor_licenses/sign) + +* [General GitHub documentation](http://help.github.com/) + +* [GitHub pull request documentation](http://help.github.com/send-pull-requests/) -You can read the complete module contribution guide [on the Puppet Labs wiki.](http://projects.puppetlabs.com/projects/module-site/wiki/Module_contributing) diff --git a/deployment/puppet/ntp/Gemfile b/deployment/puppet/ntp/Gemfile index 7f86b2d6bd..106cfb76fe 100644 --- a/deployment/puppet/ntp/Gemfile +++ b/deployment/puppet/ntp/Gemfile @@ -2,12 +2,19 @@ source ENV['GEM_SOURCE'] || "https://rubygems.org" group :development, :test do gem 'rake', :require => false + gem 'rspec-puppet', :require => false gem 'puppetlabs_spec_helper', :require => false - gem 'puppet-lint', :require => false gem 'serverspec', :require => false - gem 'beaker', :require => false - gem 'beaker-rspec', :require => false - gem 'specinfra', '>=0.7.0' + gem 'puppet-lint', :require => false + gem 'beaker-rspec','>=2.2.0', :require => false + gem 'pry', :require => false + gem 'simplecov', :require => false +end + +if facterversion = ENV['FACTER_GEM_VERSION'] + gem 'facter', facterversion, :require => false +else + gem 'facter', :require => false end if puppetversion = ENV['PUPPET_GEM_VERSION'] diff --git a/deployment/puppet/ntp/README.markdown b/deployment/puppet/ntp/README.markdown index 7d96b14554..8aadb6b64b 100644 --- a/deployment/puppet/ntp/README.markdown +++ b/deployment/puppet/ntp/README.markdown @@ -68,6 +68,17 @@ class { '::ntp': } ``` +###I only want to listen on specific interfaces, not on 0.0.0.0 + +Restricting this is especially useful on Openstack nodes which may have numerous virtual interfaces. + +```puppet +class { '::ntp': + servers => [ 'ntp1.corp.com', 'ntp2.corp.com' ], + interfaces => ['127.0.0.1', '1.2.3.4'] +} +``` + ###I'd like to opt out of having the service controlled; we use another tool for that. ```puppet @@ -128,6 +139,14 @@ Disables monitoring of ntp. Sets the location of the drift file for ntp. +####`iburst_enable` + +Set the iburst option in the ntp configuration. If enabled the option is set for every ntp peer. + +####`interfaces` + +Sets the list of interfaces NTP will listen on. This parameter must be an array. + ####`keys_controlkey` The key to use as the control key. @@ -199,17 +218,19 @@ status as a virtual machine. ##Limitations -This module has been built on and tested against Puppet 2.7 and higher. +This module has been built on and tested against Puppet 3. The module has been tested on: -* RedHat Enterprise Linux 5/6 +* RedHat Enterprise Linux 5/6/7 +* CentOS 5/6/7 +* Oracle Enterprise Linux 5/6/7 +* Scientific Linux 5/6/7 +* SLES 10SP4/11SP1/12 * Debian 6/7 -* CentOS 5/6 -* Ubuntu 12.04 -* Gentoo -* Arch Linux -* FreeBSD +* Ubuntu 10.04/12.04/14.04 +* Solaris 11 +* AIX 5.3/6.1/7.1 Testing on other platforms has been light and cannot be guaranteed. diff --git a/deployment/puppet/ntp/Rakefile b/deployment/puppet/ntp/Rakefile index cd3d379958..5868545f20 100644 --- a/deployment/puppet/ntp/Rakefile +++ b/deployment/puppet/ntp/Rakefile @@ -1 +1,10 @@ require 'puppetlabs_spec_helper/rake_tasks' +require 'puppet-lint/tasks/puppet-lint' + +PuppetLint.configuration.fail_on_warnings +PuppetLint.configuration.send('disable_80chars') +PuppetLint.configuration.send('disable_class_inherits_from_params_class') +PuppetLint.configuration.send('disable_class_parameter_defaults') +PuppetLint.configuration.send('disable_documentation') +PuppetLint.configuration.send('disable_single_quote_string_with_variables') +PuppetLint.configuration.ignore_paths = ["spec/**/*.pp", "pkg/**/*.pp"] diff --git a/deployment/puppet/ntp/lib/puppet/parser/functions/ntp_dirname.rb b/deployment/puppet/ntp/lib/puppet/parser/functions/ntp_dirname.rb new file mode 100644 index 0000000000..06cdb7ce90 --- /dev/null +++ b/deployment/puppet/ntp/lib/puppet/parser/functions/ntp_dirname.rb @@ -0,0 +1,15 @@ +module Puppet::Parser::Functions + newfunction(:ntp_dirname, :type => :rvalue, :doc => <<-EOS + Returns the dirname of a path. + EOS + ) do |arguments| + + raise(Puppet::ParseError, "ntp_dirname(): Wrong number of arguments " + + "given (#{arguments.size} for 1)") if arguments.size < 1 + + path = arguments[0] + return File.dirname(path) + end +end + +# vim: set ts=2 sw=2 et : diff --git a/deployment/puppet/ntp/manifests/config.pp b/deployment/puppet/ntp/manifests/config.pp index 1c8963dcf4..91990ba11a 100644 --- a/deployment/puppet/ntp/manifests/config.pp +++ b/deployment/puppet/ntp/manifests/config.pp @@ -2,13 +2,12 @@ class ntp::config inherits ntp { if $keys_enable { - $directory = dirname($keys_file) + $directory = ntp_dirname($keys_file) file { $directory: ensure => directory, owner => 0, group => 0, mode => '0755', - recurse => true, } } diff --git a/deployment/puppet/ntp/manifests/init.pp b/deployment/puppet/ntp/manifests/init.pp index 467a01da51..2cbc462fd7 100644 --- a/deployment/puppet/ntp/manifests/init.pp +++ b/deployment/puppet/ntp/manifests/init.pp @@ -5,6 +5,7 @@ class ntp ( $disable_monitor = $ntp::params::disable_monitor, $driftfile = $ntp::params::driftfile, $logfile = $ntp::params::logfile, + $iburst_enable = $ntp::params::iburst_enable, $keys_enable = $ntp::params::keys_enable, $keys_file = $ntp::params::keys_file, $keys_controlkey = $ntp::params::keys_controlkey, @@ -15,6 +16,7 @@ class ntp ( $panic = $ntp::params::panic, $preferred_servers = $ntp::params::preferred_servers, $restrict = $ntp::params::restrict, + $interfaces = $ntp::params::interfaces, $servers = $ntp::params::servers, $service_enable = $ntp::params::service_enable, $service_ensure = $ntp::params::service_ensure, @@ -28,6 +30,7 @@ class ntp ( validate_bool($disable_monitor) validate_absolute_path($driftfile) if $logfile { validate_absolute_path($logfile) } + validate_bool($iburst_enable) validate_bool($keys_enable) validate_re($keys_controlkey, ['^\d+$', '']) validate_re($keys_requestkey, ['^\d+$', '']) @@ -37,6 +40,7 @@ class ntp ( validate_bool($panic) validate_array($preferred_servers) validate_array($restrict) + validate_array($interfaces) validate_array($servers) validate_bool($service_enable) validate_string($service_ensure) diff --git a/deployment/puppet/ntp/manifests/install.pp b/deployment/puppet/ntp/manifests/install.pp index 098949c398..237f4c1c00 100644 --- a/deployment/puppet/ntp/manifests/install.pp +++ b/deployment/puppet/ntp/manifests/install.pp @@ -1,9 +1,8 @@ # class ntp::install inherits ntp { - package { 'ntp': + package { $package_name: ensure => $package_ensure, - name => $package_name, } } diff --git a/deployment/puppet/ntp/manifests/params.pp b/deployment/puppet/ntp/manifests/params.pp index 456b321ba5..f959b2e3d2 100644 --- a/deployment/puppet/ntp/manifests/params.pp +++ b/deployment/puppet/ntp/manifests/params.pp @@ -7,14 +7,16 @@ class ntp::params { $keys_controlkey = '' $keys_requestkey = '' $keys_trusted = [] + $logfile = undef $package_ensure = 'present' $preferred_servers = [] $service_enable = true $service_ensure = 'running' $service_manage = true $udlc = false + $interfaces = [] - # On virtual machines allow large clock skews. +# On virtual machines allow large clock skews. $panic = str2bool($::is_virtual) ? { true => false, default => true, @@ -28,58 +30,81 @@ class ntp::params { case $::osfamily { 'AIX': { - $keys_file = '/etc/ntp.keys' - $driftfile = '/etc/ntp.drift' - $package_name = [ 'bos.net.tcp.client' ] - $restrict = [ + $config = $default_config + $keys_file = '/etc/ntp.keys' + $driftfile = '/etc/ntp.drift' + $package_name = [ 'bos.net.tcp.client' ] + $restrict = [ 'default nomodify notrap nopeer noquery', '127.0.0.1', ] - $service_name = 'xntpd' - $servers = [ - '0.debian.pool.ntp.org iburst', - '1.debian.pool.ntp.org iburst', - '2.debian.pool.ntp.org iburst', - '3.debian.pool.ntp.org iburst', + $service_name = 'xntpd' + $iburst_enable = true + $servers = [ + '0.debian.pool.ntp.org', + '1.debian.pool.ntp.org', + '2.debian.pool.ntp.org', + '3.debian.pool.ntp.org', ] } 'Debian': { - $restrict = [ + $config = $default_config + $keys_file = $default_keys_file + $driftfile = $default_driftfile + $package_name = $default_package_name + $restrict = [ 'default kod nomodify notrap nopeer noquery', '-6 default kod nomodify notrap nopeer noquery', '127.0.0.1', '-6 ::1', ] $service_name = 'ntp' + $iburst_enable = true $servers = [ - '0.debian.pool.ntp.org iburst', - '1.debian.pool.ntp.org iburst', - '2.debian.pool.ntp.org iburst', - '3.debian.pool.ntp.org iburst', + '0.debian.pool.ntp.org', + '1.debian.pool.ntp.org', + '2.debian.pool.ntp.org', + '3.debian.pool.ntp.org', ] } 'RedHat': { - $restrict = [ + $config = $default_config + $keys_file = $default_keys_file + $driftfile = $default_driftfile + $package_name = $default_package_name + $service_name = $default_service_name + $restrict = [ 'default kod nomodify notrap nopeer noquery', '-6 default kod nomodify notrap nopeer noquery', '127.0.0.1', '-6 ::1', ] + $iburst_enable = false $servers = [ '0.centos.pool.ntp.org', '1.centos.pool.ntp.org', '2.centos.pool.ntp.org', ] } - 'SuSE': { + 'Suse': { + if $::operatingsystem == 'SLES' and $::operatingsystemmajrelease == '12' + { + $service_name = 'ntpd' + $keys_file = '/etc/ntp.keys' + } else{ + $service_name = 'ntp' + $keys_file = $default_keys_file + } + $config = $default_config $driftfile = '/var/lib/ntp/drift/ntp.drift' - $restrict = [ + $package_name = $default_package_name + $restrict = [ 'default kod nomodify notrap nopeer noquery', '-6 default kod nomodify notrap nopeer noquery', '127.0.0.1', '-6 ::1', ] - $service_name = 'ntp' + $iburst_enable = false $servers = [ '0.opensuse.pool.ntp.org', '1.opensuse.pool.ntp.org', @@ -88,43 +113,81 @@ class ntp::params { ] } 'FreeBSD': { + $config = $default_config $driftfile = '/var/db/ntpd.drift' + $keys_file = $default_keys_file $package_name = ['net/ntp'] - $restrict = [ + $restrict = [ 'default kod nomodify notrap nopeer noquery', '-6 default kod nomodify notrap nopeer noquery', '127.0.0.1', '-6 ::1', ] + $service_name = $default_service_name + $iburst_enable = true $servers = [ - '0.freebsd.pool.ntp.org iburst maxpoll 9', - '1.freebsd.pool.ntp.org iburst maxpoll 9', - '2.freebsd.pool.ntp.org iburst maxpoll 9', - '3.freebsd.pool.ntp.org iburst maxpoll 9', + '0.freebsd.pool.ntp.org maxpoll 9', + '1.freebsd.pool.ntp.org maxpoll 9', + '2.freebsd.pool.ntp.org maxpoll 9', + '3.freebsd.pool.ntp.org maxpoll 9', ] } 'Archlinux': { - $restrict = [ + $config = $default_config + $keys_file = $default_keys_file + $driftfile = $default_driftfile + $package_name = $default_package_name + $service_name = $default_service_name + $restrict = [ 'default kod nomodify notrap nopeer noquery', '-6 default kod nomodify notrap nopeer noquery', '127.0.0.1', '-6 ::1', ] + $iburst_enable = false $servers = [ '0.pool.ntp.org', '1.pool.ntp.org', '2.pool.ntp.org', ] } - # Gentoo was added as its own $::osfamily in Facter 1.7.0 - 'Gentoo': { - $package_name = ['net-misc/ntp'] - $restrict = [ + 'Solaris': { + $config = '/etc/inet/ntp.conf' + $driftfile = '/var/ntp/ntp.drift' + $keys_file = '/etc/inet/ntp.keys' + $package_name = $::operatingsystemrelease ? { + /^(5\.10|10|10_u\d+)$/ => [ 'SUNWntpr', 'SUNWntpu' ], + /^(5\.11|11|11\.\d+)$/ => [ 'service/network/ntp' ] + } + $restrict = [ 'default kod nomodify notrap nopeer noquery', '-6 default kod nomodify notrap nopeer noquery', '127.0.0.1', '-6 ::1', ] + $service_name = 'network/ntp' + $iburst_enable = false + $servers = [ + '0.pool.ntp.org', + '1.pool.ntp.org', + '2.pool.ntp.org', + '3.pool.ntp.org', + ] + } + # Gentoo was added as its own $::osfamily in Facter 1.7.0 + 'Gentoo': { + $config = $default_config + $keys_file = $default_keys_file + $driftfile = $default_driftfile + $package_name = ['net-misc/ntp'] + $service_name = $default_service_name + $restrict = [ + 'default kod nomodify notrap nopeer noquery', + '-6 default kod nomodify notrap nopeer noquery', + '127.0.0.1', + '-6 ::1', + ] + $iburst_enable = false $servers = [ '0.gentoo.pool.ntp.org', '1.gentoo.pool.ntp.org', @@ -133,17 +196,22 @@ class ntp::params { ] } 'Linux': { - # Account for distributions that don't have $::osfamily specific settings. - # Before Facter 1.7.0 Gentoo did not have its own $::osfamily + # Account for distributions that don't have $::osfamily specific settings. + # Before Facter 1.7.0 Gentoo did not have its own $::osfamily case $::operatingsystem { 'Gentoo': { + $config = $default_config + $keys_file = $default_keys_file + $driftfile = $default_driftfile + $service_name = $default_service_name $package_name = ['net-misc/ntp'] - $restrict = [ + $restrict = [ 'default kod nomodify notrap nopeer noquery', '-6 default kod nomodify notrap nopeer noquery', '127.0.0.1', '-6 ::1', ] + $iburst_enable = false $servers = [ '0.gentoo.pool.ntp.org', '1.gentoo.pool.ntp.org', @@ -160,23 +228,4 @@ class ntp::params { fail("The ${module_name} module is not supported on an ${::osfamily} based system.") } } - if $config == undef { - $config = $default_config - } - if $keys_file == undef { - $keys_file = $default_keys_file - } - if $drfitfile == undef { - $driftfile = $default_driftfile - } - if $package_name == undef { - $package_name = $default_package_name - } - if $service_name == undef { - $service_name = $default_service_name - } - - - - } diff --git a/deployment/puppet/ntp/metadata.json b/deployment/puppet/ntp/metadata.json new file mode 100644 index 0000000000..73c31cd2e2 --- /dev/null +++ b/deployment/puppet/ntp/metadata.json @@ -0,0 +1,95 @@ +{ + "name": "puppetlabs-ntp", + "version": "3.3.0", + "author": "Puppet Labs", + "summary": "NTP Module", + "license": "Apache Version 2.0", + "source": "https://github.com/puppetlabs/puppetlabs-ntp", + "project_page": "https://github.com/puppetlabs/puppetlabs-ntp", + "issues_url": "https://tickets.puppetlabs.com/browse/MODULES", + "operatingsystem_support": [ + { + "operatingsystem": "RedHat", + "operatingsystemrelease": [ + "5", + "6", + "7" + ] + }, + { + "operatingsystem": "CentOS", + "operatingsystemrelease": [ + "5", + "6", + "7" + ] + }, + { + "operatingsystem": "OracleLinux", + "operatingsystemrelease": [ + "5", + "6", + "7" + ] + }, + { + "operatingsystem": "Scientific", + "operatingsystemrelease": [ + "5", + "6", + "7" + ] + }, + { + "operatingsystem": "SLES", + "operatingsystemrelease": [ + "10 SP4", + "11 SP1", + "12" + ] + }, + { + "operatingsystem": "Debian", + "operatingsystemrelease": [ + "6", + "7" + ] + }, + { + "operatingsystem": "Ubuntu", + "operatingsystemrelease": [ + "10.04", + "12.04", + "14.04" + ] + }, + { + "operatingsystem": "Solaris", + "operatingsystemrelease": [ + "11" + ] + }, + { + "operatingsystem": "AIX", + "operatingsystemrelease": [ + "5.3", + "6.1", + "7.1" + ] + } + ], + "requirements": [ + { + "name": "pe", + "version_requirement": "3.x" + }, + { + "name": "puppet", + "version_requirement": "3.x" + } + ], + "description": "NTP Module for Debian, Ubuntu, CentOS, RHEL, OEL, Fedora, FreeBSD, ArchLinux and Gentoo.", + "dependencies": [ + {"name":"puppetlabs/stdlib","version_requirement":">= 3.2.0 < 5.0.0"} + ] +} diff --git a/deployment/puppet/ntp/spec/acceptance/disable_monitoring_spec.rb b/deployment/puppet/ntp/spec/acceptance/disable_monitoring_spec.rb index 709010b0ac..e86c9b80c5 100644 --- a/deployment/puppet/ntp/spec/acceptance/disable_monitoring_spec.rb +++ b/deployment/puppet/ntp/spec/acceptance/disable_monitoring_spec.rb @@ -1,5 +1,11 @@ require 'spec_helper_acceptance' +if (fact('osfamily') == 'Solaris') + config = '/etc/inet/ntp.conf' +else + config = '/etc/ntp.conf' +end + describe "ntp class with disable_monitor:", :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do context 'should run successfully' do pp = "class { 'ntp': disable_monitor => true }" @@ -9,8 +15,8 @@ describe "ntp class with disable_monitor:", :unless => UNSUPPORTED_PLATFORMS.inc apply_manifest(pp, :catch_changes => true) end - describe file('/etc/ntp.conf') do - it { should contain('disable monitor') } + describe file("#{config}") do + its(:content) { should match('disable monitor') } end end @@ -22,8 +28,8 @@ describe "ntp class with disable_monitor:", :unless => UNSUPPORTED_PLATFORMS.inc apply_manifest(pp, :catch_changes => true) end - describe file('/etc/ntp.conf') do - it { should_not contain('disable monitor') } + describe file("#{config}") do + its(:content) { should_not match('disable monitor') } end end diff --git a/deployment/puppet/ntp/spec/acceptance/nodesets/centos-59-x64.yml b/deployment/puppet/ntp/spec/acceptance/nodesets/centos-59-x64.yml new file mode 100644 index 0000000000..2ad90b86aa --- /dev/null +++ b/deployment/puppet/ntp/spec/acceptance/nodesets/centos-59-x64.yml @@ -0,0 +1,10 @@ +HOSTS: + centos-59-x64: + roles: + - master + platform: el-5-x86_64 + box : centos-59-x64-vbox4210-nocm + box_url : http://puppet-vagrant-boxes.puppetlabs.com/centos-59-x64-vbox4210-nocm.box + hypervisor : vagrant +CONFIG: + type: git diff --git a/deployment/puppet/ntp/spec/acceptance/nodesets/sles-12-64.yml b/deployment/puppet/ntp/spec/acceptance/nodesets/sles-12-64.yml new file mode 100644 index 0000000000..00c147a8fb --- /dev/null +++ b/deployment/puppet/ntp/spec/acceptance/nodesets/sles-12-64.yml @@ -0,0 +1,20 @@ +--- +HOSTS: + czriitzephrrlzw: + roles: + - master + - database + - dashboard + - agent + - default + platform: sles-12-x86_64 + template: sles-12-x86_64 + hypervisor: vcloud +CONFIG: + nfs_server: none + consoleport: 443 + datastore: instance0 + folder: Delivery/Quality Assurance/Enterprise/Dynamic + resourcepool: delivery/Quality Assurance/Enterprise/Dynamic + pooling_api: http://vcloud.delivery.puppetlabs.net/ + pe_dir: http://enterprise.delivery.puppetlabs.net/3.4/preview diff --git a/deployment/puppet/ntp/spec/acceptance/nodesets/ubuntu-server-1404-x64.yml b/deployment/puppet/ntp/spec/acceptance/nodesets/ubuntu-server-1404-x64.yml new file mode 100644 index 0000000000..cba1cd04c2 --- /dev/null +++ b/deployment/puppet/ntp/spec/acceptance/nodesets/ubuntu-server-1404-x64.yml @@ -0,0 +1,11 @@ +HOSTS: + ubuntu-server-1404-x64: + roles: + - master + platform: ubuntu-14.04-amd64 + box : puppetlabs/ubuntu-14.04-64-nocm + box_url : https://vagrantcloud.com/puppetlabs/ubuntu-14.04-64-nocm + hypervisor : vagrant +CONFIG: + log_level : debug + type: git diff --git a/deployment/puppet/ntp/spec/acceptance/nodesets/ubuntu-server-14042-x64.yml b/deployment/puppet/ntp/spec/acceptance/nodesets/ubuntu-server-14042-x64.yml new file mode 100644 index 0000000000..da3a6d4625 --- /dev/null +++ b/deployment/puppet/ntp/spec/acceptance/nodesets/ubuntu-server-14042-x64.yml @@ -0,0 +1,16 @@ +HOSTS: + ubuntu1404: + roles: + - agent + platform: ubuntu-14.04-amd64 + template: ubuntu-1404-x86_64 + hypervisor: vcloud +CONFIG: + type: foss + keyfile: ~/.ssh/id_rsa-acceptance + nfs_server: none + consoleport: 443 + datastore: instance0 + folder: Delivery/Quality Assurance/Enterprise/Dynamic + resourcepool: delivery/Quality Assurance/Enterprise/Dynamic + pooling_api: http://vcloud.delivery.puppetlabs.net/ diff --git a/deployment/puppet/ntp/spec/acceptance/ntp_config_spec.rb b/deployment/puppet/ntp/spec/acceptance/ntp_config_spec.rb index 196ba76584..689ba8e6c0 100644 --- a/deployment/puppet/ntp/spec/acceptance/ntp_config_spec.rb +++ b/deployment/puppet/ntp/spec/acceptance/ntp_config_spec.rb @@ -2,12 +2,12 @@ require 'spec_helper_acceptance' case fact('osfamily') when 'FreeBSD' - line = '0.freebsd.pool.ntp.org iburst maxpoll 9' + line = '0.freebsd.pool.ntp.org maxpoll 9 iburst' when 'Debian' line = '0.debian.pool.ntp.org iburst' when 'RedHat' line = '0.centos.pool.ntp.org' -when 'SuSE' +when 'Suse' line = '0.opensuse.pool.ntp.org' when 'Gentoo' line = '0.gentoo.pool.ntp.org' @@ -18,10 +18,18 @@ when 'Linux' when 'Gentoo' line = '0.gentoo.pool.ntp.org' end +when 'Solaris' + line = '0.pool.ntp.org' when 'AIX' line = '0.debian.pool.ntp.org iburst' end +if (fact('osfamily') == 'Solaris') + config = '/etc/inet/ntp.conf' +else + config = '/etc/ntp.conf' +end + describe 'ntp::config class', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do it 'sets up ntp.conf' do apply_manifest(%{ @@ -29,8 +37,8 @@ describe 'ntp::config class', :unless => UNSUPPORTED_PLATFORMS.include?(fact('os }, :catch_failures => true) end - describe file('/etc/ntp.conf') do + describe file("#{config}") do it { should be_file } - it { should contain line } + its(:content) { should match line } end end diff --git a/deployment/puppet/ntp/spec/acceptance/ntp_install_spec.rb b/deployment/puppet/ntp/spec/acceptance/ntp_install_spec.rb index 1a451bbb23..29aac2246c 100644 --- a/deployment/puppet/ntp/spec/acceptance/ntp_install_spec.rb +++ b/deployment/puppet/ntp/spec/acceptance/ntp_install_spec.rb @@ -14,8 +14,19 @@ when 'Linux' end when 'AIX' packagename = 'bos.net.tcp.client' +when 'Solaris' + case fact('operatingsystemrelease') + when '5.10' + packagename = ['SUNWntpr','SUNWntpu'] + when '5.11' + packagename = 'service/network/ntp' + end else - packagename = 'ntp' + if fact('operatingsystem') == 'SLES' and fact('operatingsystemmajrelease') == '12' + servicename = 'ntpd' + else + servicename = 'ntp' + end end describe 'ntp::install class', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do @@ -25,7 +36,9 @@ describe 'ntp::install class', :unless => UNSUPPORTED_PLATFORMS.include?(fact('o }, :catch_failures => true) end - describe package(packagename) do - it { should be_installed } + Array(packagename).each do |package| + describe package(package) do + it { should be_installed } + end end end diff --git a/deployment/puppet/ntp/spec/acceptance/ntp_parameters_spec.rb b/deployment/puppet/ntp/spec/acceptance/ntp_parameters_spec.rb index 48e6cfdf9c..e4c230d7e1 100644 --- a/deployment/puppet/ntp/spec/acceptance/ntp_parameters_spec.rb +++ b/deployment/puppet/ntp/spec/acceptance/ntp_parameters_spec.rb @@ -14,8 +14,25 @@ when 'Linux' end when 'AIX' packagename = 'bos.net.tcp.client' +when 'Solaris' + case fact('operatingsystemrelease') + when '5.10' + packagename = ['SUNWntpr','SUNWntpu'] + when '5.11' + packagename = 'service/network/ntp' + end else - packagename = 'ntp' + if fact('operatingsystem') == 'SLES' and fact('operatingsystemmajrelease') == '12' + servicename = 'ntpd' + else + servicename = 'ntp' + end +end + +if (fact('osfamily') == 'Solaris') + config = '/etc/inet/ntp.conf' +else + config = '/etc/ntp.conf' end describe "ntp class:", :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do @@ -60,9 +77,9 @@ describe "ntp class:", :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily' apply_manifest(pp, :catch_failures => true) end - describe file('/etc/ntp.conf') do + describe file("#{config}") do it { should be_file } - it { should contain 'testcontent' } + its(:content) { should match 'testcontent' } end end @@ -72,9 +89,9 @@ describe "ntp class:", :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily' apply_manifest(pp, :catch_failures => true) end - describe file('/etc/ntp.conf') do + describe file("#{config}") do it { should be_file } - it { should contain 'driftfile /tmp/driftfile' } + its(:content) { should match 'driftfile /tmp/driftfile' } end end @@ -95,12 +112,12 @@ describe "ntp class:", :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily' apply_manifest(pp, :catch_failures => true) end - describe file('/etc/ntp.conf') do + describe file("#{config}") do it { should be_file } - it { should contain 'keys /etc/ntp/keys' } - it { should contain 'controlkey /etc/ntp/controlkey' } - it { should contain 'requestkey 1' } - it { should contain 'trustedkey 1 2' } + its(:content) { should match 'keys /etc/ntp/keys' } + its(:content) { should match 'controlkey /etc/ntp/controlkey' } + its(:content) { should match 'requestkey 1' } + its(:content) { should match 'trustedkey 1 2' } end end @@ -109,14 +126,16 @@ describe "ntp class:", :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily' pp = <<-EOS class { 'ntp': package_ensure => present, - package_name => ['#{packagename}'], + package_name => #{Array(packagename).inspect}, } EOS apply_manifest(pp, :catch_failures => true) end - describe package(packagename) do - it { should be_installed } + Array(packagename).each do |package| + describe package(package) do + it { should be_installed } + end end end @@ -130,8 +149,8 @@ describe "ntp class:", :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily' apply_manifest(pp, :catch_failures => true) end - describe file('/etc/ntp.conf') do - it { should contain 'tinker panic' } + describe file("#{config}") do + its(:content) { should match 'tinker panic' } end end @@ -145,8 +164,8 @@ describe "ntp class:", :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily' apply_manifest(pp, :catch_failures => true) end - describe file('/etc/ntp.conf') do - it { should_not contain 'tinker panic 0' } + describe file("#{config}") do + its(:content) { should_not match 'tinker panic 0' } end end @@ -156,9 +175,9 @@ describe "ntp class:", :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily' apply_manifest(pp, :catch_failures => true) end - describe file('/etc/ntp.conf') do + describe file("#{config}") do it { should be_file } - it { should contain '127.127.1.0' } + its(:content) { should match '127.127.1.0' } end end diff --git a/deployment/puppet/ntp/spec/acceptance/ntp_service_spec.rb b/deployment/puppet/ntp/spec/acceptance/ntp_service_spec.rb index cac12de5dc..73edd656dc 100644 --- a/deployment/puppet/ntp/spec/acceptance/ntp_service_spec.rb +++ b/deployment/puppet/ntp/spec/acceptance/ntp_service_spec.rb @@ -1,14 +1,35 @@ require 'spec_helper_acceptance' +require 'specinfra' case fact('osfamily') -when 'RedHat', 'FreeBSD', 'Linux', 'Gentoo' - servicename = 'ntpd' -when 'AIX' - servicename = 'xntpd' -else - servicename = 'ntp' + when 'RedHat', 'FreeBSD', 'Linux', 'Gentoo' + servicename = 'ntpd' + when 'Solaris' + servicename = 'network/ntp' + when 'AIX' + servicename = 'xntpd' + else + if fact('operatingsystem') == 'SLES' and fact('operatingsystemmajrelease') == '12' + servicename = 'ntpd' + else + servicename = 'ntp' + end +end +shared_examples 'running' do + describe service(servicename) do + if !(fact('operatingsystem') == 'SLES' && fact('operatingsystemmajrelease') == '12') + it { should be_running } + it { should be_enabled } + else + # hack until we either update SpecInfra or come up with alternative + it { + output = shell('service ntpd status') + expect(output.stdout).to match(/Active\:\s+active\s+\(running\)/) + expect(output.stdout).to match(/^\s+Loaded.*enabled\)$/) + } + end + end end - describe 'ntp::service class', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do describe 'basic test' do it 'sets up the service' do @@ -17,10 +38,7 @@ describe 'ntp::service class', :unless => UNSUPPORTED_PLATFORMS.include?(fact('o }, :catch_failures => true) end - describe service(servicename) do - it { should be_enabled } - it { should be_running } - end + it_should_behave_like 'running' end describe 'service parameters' do @@ -35,29 +53,37 @@ describe 'ntp::service class', :unless => UNSUPPORTED_PLATFORMS.include?(fact('o EOS apply_manifest(pp, :catch_failures => true) end - - describe service(servicename) do - it { should be_running } - it { should be_enabled } - end + it_should_behave_like 'running' end +end - describe 'service is unmanaged' do - it 'shouldnt stop the service' do - pp = <<-EOS +describe 'service is unmanaged' do + it 'shouldnt stop the service' do + pp = <<-EOS class { 'ntp': service_enable => false, service_ensure => stopped, service_manage => false, service_name => '#{servicename}' } - EOS - apply_manifest(pp, :catch_failures => true) - end + EOS + apply_manifest(pp, :catch_failures => true) + end - describe service(servicename) do + describe service(servicename) do + if !(fact('operatingsystem') == 'SLES' && fact('operatingsystemmajrelease') == '12') it { should be_running } it { should be_enabled } + else + # hack until we either update SpecInfra or come up with alternative + output = shell('service ntpd status', :acceptable_exit_codes => [0, 3]) + it 'should be disabled' do + expect(output.stdout).to match(/^\s+Loaded.*disabled\)$/) + end + it 'should be stopped' do + expect(output.stdout).to match(/Active\:\s+inactive/) + end end end end + diff --git a/deployment/puppet/ntp/spec/acceptance/preferred_servers_spec.rb b/deployment/puppet/ntp/spec/acceptance/preferred_servers_spec.rb index 8db82ec377..072752721c 100644 --- a/deployment/puppet/ntp/spec/acceptance/preferred_servers_spec.rb +++ b/deployment/puppet/ntp/spec/acceptance/preferred_servers_spec.rb @@ -1,5 +1,11 @@ require 'spec_helper_acceptance' +if (fact('osfamily') == 'Solaris') + config = '/etc/inet/ntp.conf' +else + config = '/etc/ntp.conf' +end + describe 'preferred servers', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do pp = <<-EOS class { '::ntp': @@ -14,11 +20,11 @@ describe 'preferred servers', :unless => UNSUPPORTED_PLATFORMS.include?(fact('os end end - describe file('/etc/ntp.conf') do + describe file("#{config}") do it { should be_file } - it { should contain 'server a' } - it { should contain 'server b' } - it { should contain 'server c prefer' } - it { should contain 'server d prefer' } + its(:content) { should match 'server a' } + its(:content) { should match 'server b' } + its(:content) { should match /server c (iburst\s|)prefer/ } + its(:content) { should match /server d (iburst\s|)prefer/ } end end diff --git a/deployment/puppet/ntp/spec/acceptance/restrict_spec.rb b/deployment/puppet/ntp/spec/acceptance/restrict_spec.rb index e07400aec2..b919a6b2a3 100644 --- a/deployment/puppet/ntp/spec/acceptance/restrict_spec.rb +++ b/deployment/puppet/ntp/spec/acceptance/restrict_spec.rb @@ -1,10 +1,15 @@ require 'spec_helper_acceptance' +if (fact('osfamily') == 'Solaris') + config = '/etc/inet/ntp.conf' +else + config = '/etc/ntp.conf' +end + describe "ntp class with restrict:", :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do context 'should run successfully' do - pp = "class { 'ntp': restrict => ['test restrict']}" - it 'runs twice' do + pp = "class { 'ntp': restrict => ['test restrict']}" 2.times do apply_manifest(pp, :catch_failures => true) do |r| expect(r.stderr).not_to match(/error/i) @@ -13,8 +18,8 @@ describe "ntp class with restrict:", :unless => UNSUPPORTED_PLATFORMS.include?(f end end - describe file('/etc/ntp.conf') do - it { should contain('test restrict') } + describe file("#{config}") do + its(:content) { should match('test restrict') } end end diff --git a/deployment/puppet/ntp/spec/classes/ntp_spec.rb b/deployment/puppet/ntp/spec/classes/ntp_spec.rb index 49d6712b1b..ab7eda5ede 100644 --- a/deployment/puppet/ntp/spec/classes/ntp_spec.rb +++ b/deployment/puppet/ntp/spec/classes/ntp_spec.rb @@ -1,157 +1,241 @@ require 'spec_helper' describe 'ntp' do + let(:facts) {{ :is_virtual => 'false' }} - ['Debian', 'RedHat','SuSE', 'FreeBSD', 'Archlinux', 'Gentoo', 'Gentoo (Facter < 1.7)'].each do |system| - if system == 'Gentoo (Facter < 1.7)' - let(:facts) {{ :osfamily => 'Linux', :operatingsystem => 'Gentoo' }} - else - let(:facts) {{ :osfamily => system }} - end - - it { should contain_class('ntp::install') } - it { should contain_class('ntp::config') } - it { should contain_class('ntp::service') } - - describe "ntp::config on #{system}" do - it { should contain_file('/etc/ntp.conf').with_owner('0') } - it { should contain_file('/etc/ntp.conf').with_group('0') } - it { should contain_file('/etc/ntp.conf').with_mode('0644') } - - describe 'allows template to be overridden' do - let(:params) {{ :config_template => 'my_ntp/ntp.conf.erb' }} - it { should contain_file('/etc/ntp.conf').with({ - 'content' => /server foobar/}) - } + ['Debian', 'RedHat','Suse', 'FreeBSD', 'Archlinux', 'Gentoo', 'Gentoo (Facter < 1.7)'].each do |system| + context "when on system #{system}" do + if system == 'Gentoo (Facter < 1.7)' + let :facts do + super().merge({ :osfamily => 'Linux', :operatingsystem => 'Gentoo' }) + end + elsif system == 'Suse' + let :facts do + super().merge({ :osfamily => system,:operatingsystem => 'SLES',:operatingsystemmajrelease => '11' }) + end + else + let :facts do + super().merge({ :osfamily => system }) + end end - describe "keys for osfamily #{system}" do - context "when enabled" do + it { should contain_class('ntp::install') } + it { should contain_class('ntp::config') } + it { should contain_class('ntp::service') } + + describe "ntp::config on #{system}" do + it { should contain_file('/etc/ntp.conf').with_owner('0') } + it { should contain_file('/etc/ntp.conf').with_group('0') } + it { should contain_file('/etc/ntp.conf').with_mode('0644') } + + describe 'allows template to be overridden' do + let(:params) {{ :config_template => 'my_ntp/ntp.conf.erb' }} + it { should contain_file('/etc/ntp.conf').with({ + 'content' => /server foobar/}) + } + end + + describe "keys for osfamily #{system}" do + context "when enabled" do + let(:params) {{ + :keys_enable => true, + :keys_file => '/etc/ntp/ntp.keys', + :keys_trusted => ['1', '2', '3'], + :keys_controlkey => '2', + :keys_requestkey => '3', + }} + + it { should contain_file('/etc/ntp').with({ + 'ensure' => 'directory'}) + } + it { should contain_file('/etc/ntp.conf').with({ + 'content' => /trustedkey 1 2 3/}) + } + it { should contain_file('/etc/ntp.conf').with({ + 'content' => /controlkey 2/}) + } + it { should contain_file('/etc/ntp.conf').with({ + 'content' => /requestkey 3/}) + } + end + end + + context "when disabled" do let(:params) {{ - :keys_enable => true, + :keys_enable => false, :keys_file => '/etc/ntp/ntp.keys', :keys_trusted => ['1', '2', '3'], :keys_controlkey => '2', :keys_requestkey => '3', }} - it { should contain_file('/etc/ntp').with({ + it { should_not contain_file('/etc/ntp').with({ 'ensure' => 'directory'}) } - it { should contain_file('/etc/ntp.conf').with({ + it { should_not contain_file('/etc/ntp.conf').with({ 'content' => /trustedkey 1 2 3/}) } - it { should contain_file('/etc/ntp.conf').with({ + it { should_not contain_file('/etc/ntp.conf').with({ 'content' => /controlkey 2/}) } - it { should contain_file('/etc/ntp.conf').with({ + it { should_not contain_file('/etc/ntp.conf').with({ 'content' => /requestkey 3/}) } end - end - context "when disabled" do - let(:params) {{ - :keys_enable => false, - :keys_file => '/etc/ntp/ntp.keys', - :keys_trusted => ['1', '2', '3'], - :keys_controlkey => '2', - :keys_requestkey => '3', - }} + describe 'preferred servers' do + context "when set" do + let(:params) {{ + :servers => ['a', 'b', 'c', 'd'], + :preferred_servers => ['a', 'b'] + }} - it { should_not contain_file('/etc/ntp').with({ - 'ensure' => 'directory'}) - } - it { should_not contain_file('/etc/ntp.conf').with({ - 'content' => /trustedkey 1 2 3/}) - } - it { should_not contain_file('/etc/ntp.conf').with({ - 'content' => /controlkey 2/}) - } - it { should_not contain_file('/etc/ntp.conf').with({ - 'content' => /requestkey 3/}) - } - end + it { should contain_file('/etc/ntp.conf').with({ + 'content' => /server a( iburst)? prefer\nserver b( iburst)? prefer\nserver c( iburst)?\nserver d( iburst)?/}) + } + end + context "when not set" do + let(:params) {{ + :servers => ['a', 'b', 'c', 'd'], + :preferred_servers => [] + }} - describe 'preferred servers' do - context "when set" do - let(:params) {{ - :servers => ['a', 'b', 'c', 'd'], - :preferred_servers => ['a', 'b'] - }} - - it { should contain_file('/etc/ntp.conf').with({ - 'content' => /server a prefer\nserver b prefer\nserver c\nserver d/}) - } + it { should_not contain_file('/etc/ntp.conf').with({ + 'content' => /server a prefer/}) + } + end end - context "when not set" do - let(:params) {{ - :servers => ['a', 'b', 'c', 'd'], - :preferred_servers => [] - }} + describe 'specified interfaces' do + context "when set" do + let(:params) {{ + :servers => ['a', 'b', 'c', 'd'], + :interfaces => ['127.0.0.1', 'a.b.c.d'] + }} - it { should_not contain_file('/etc/ntp.conf').with({ - 'content' => /server a prefer/}) - } - end - end + it { should contain_file('/etc/ntp.conf').with({ + 'content' => /interface ignore wildcard\ninterface listen 127.0.0.1\ninterface listen a.b.c.d/}) + } + end + context "when not set" do + let(:params) {{ + :servers => ['a', 'b', 'c', 'd'], + }} - describe "ntp::install on #{system}" do - let(:params) {{ :package_ensure => 'present', :package_name => ['ntp'], }} - - it { should contain_package('ntp').with( - :ensure => 'present', - :name => 'ntp' - )} - - describe 'should allow package ensure to be overridden' do - let(:params) {{ :package_ensure => 'latest', :package_name => ['ntp'] }} - it { should contain_package('ntp').with_ensure('latest') } - end - - describe 'should allow the package name to be overridden' do - let(:params) {{ :package_ensure => 'present', :package_name => ['hambaby'] }} - it { should contain_package('ntp').with_name('hambaby') } - end - end - - describe 'ntp::service' do - let(:params) {{ - :service_manage => true, - :service_enable => true, - :service_ensure => 'running', - :service_name => 'ntp' - }} - - describe 'with defaults' do - it { should contain_service('ntp').with( - :enable => true, - :ensure => 'running', - :name => 'ntp' - )} - end - - describe 'service_ensure' do - describe 'when overridden' do - let(:params) {{ :service_name => 'ntp', :service_ensure => 'stopped' }} - it { should contain_service('ntp').with_ensure('stopped') } + it { should_not contain_file('/etc/ntp.conf').with({ + 'content' => /interface ignore wildcard/}) + } end end - describe 'service_manage' do + describe "ntp::install on #{system}" do + let(:params) {{ :package_ensure => 'present', :package_name => ['ntp'], }} + + it { should contain_package('ntp').with( + :ensure => 'present' + )} + + describe 'should allow package ensure to be overridden' do + let(:params) {{ :package_ensure => 'latest', :package_name => ['ntp'] }} + it { should contain_package('ntp').with_ensure('latest') } + end + + describe 'should allow the package name to be overridden' do + let(:params) {{ :package_ensure => 'present', :package_name => ['hambaby'] }} + it { should contain_package('hambaby') } + end + end + + describe 'ntp::service' do let(:params) {{ - :service_manage => false, + :service_manage => true, :service_enable => true, :service_ensure => 'running', - :service_name => 'ntpd', + :service_name => 'ntp' }} - it 'when set to false' do - should_not contain_service('ntp').with({ - 'enable' => true, - 'ensure' => 'running', - 'name' => 'ntpd' - }) + describe 'with defaults' do + it { should contain_service('ntp').with( + :enable => true, + :ensure => 'running', + :name => 'ntp' + )} + end + + describe 'service_ensure' do + describe 'when overridden' do + let(:params) {{ :service_name => 'ntp', :service_ensure => 'stopped' }} + it { should contain_service('ntp').with_ensure('stopped') } + end + end + + describe 'service_manage' do + let(:params) {{ + :service_manage => false, + :service_enable => true, + :service_ensure => 'running', + :service_name => 'ntpd', + }} + + it 'when set to false' do + should_not contain_service('ntp').with({ + 'enable' => true, + 'ensure' => 'running', + 'name' => 'ntpd' + }) + end + end + end + + describe 'with parameter iburst_enable' do + context 'when set to true' do + let(:params) {{ + :iburst_enable => true, + }} + + it do + should contain_file('/etc/ntp.conf').with({ + 'content' => /iburst\n/, + }) + end + end + + context 'when set to false' do + let(:params) {{ + :iburst_enable => false, + }} + + it do + should_not contain_file('/etc/ntp.conf').with({ + 'content' => /iburst\n/, + }) + end + end + end + + describe 'with parameter logfile' do + context 'when set to true' do + let(:params) {{ + :servers => ['a', 'b', 'c', 'd'], + :logfile => '/var/log/foobar.log', + }} + + it 'should contain logfile setting' do + should contain_file('/etc/ntp.conf').with({ + 'content' => /^logfile = \/var\/log\/foobar\.log\n/, + }) + end + end + + context 'when set to false' do + let(:params) {{ + :servers => ['a', 'b', 'c', 'd'], + }} + + it 'should not contain a logfile line' do + should_not contain_file('/etc/ntp.conf').with({ + 'content' => /logfile =/, + }) + end end end end @@ -159,8 +243,10 @@ describe 'ntp' do context 'ntp::config' do describe "for operating system Gentoo (Facter < 1.7)" do - let(:facts) {{ :operatingsystem => 'Gentoo', - :osfamily => 'Linux' }} + let :facts do + super().merge({ :operatingsystem => 'Gentoo', + :osfamily => 'Linux' }) + end it 'uses the NTP pool servers by default' do should contain_file('/etc/ntp.conf').with({ @@ -170,7 +256,9 @@ describe 'ntp' do end describe "on osfamily Gentoo" do - let(:facts) {{ :osfamily => 'Gentoo' }} + let :facts do + super().merge({ :osfamily => 'Gentoo' }) + end it 'uses the NTP pool servers by default' do should contain_file('/etc/ntp.conf').with({ @@ -180,17 +268,21 @@ describe 'ntp' do end describe "on osfamily Debian" do - let(:facts) {{ :osfamily => 'debian' }} + let :facts do + super().merge({ :osfamily => 'debian' }) + end it 'uses the debian ntp servers by default' do should contain_file('/etc/ntp.conf').with({ - 'content' => /server \d.debian.pool.ntp.org iburst/, + 'content' => /server \d.debian.pool.ntp.org iburst\n/, }) end end describe "on osfamily RedHat" do - let(:facts) {{ :osfamily => 'RedHat' }} + let :facts do + super().merge({ :osfamily => 'RedHat' }) + end it 'uses the redhat ntp servers by default' do should contain_file('/etc/ntp.conf').with({ @@ -199,28 +291,34 @@ describe 'ntp' do end end - describe "on osfamily SuSE" do - let(:facts) {{ :osfamily => 'SuSE' }} + describe "on osfamily Suse" do + let :facts do + super().merge({ :osfamily => 'Suse', :operatingsystem => 'SLES',:operatingsystemmajrelease => '11' }) + end it 'uses the opensuse ntp servers by default' do should contain_file('/etc/ntp.conf').with({ 'content' => /server \d.opensuse.pool.ntp.org/, - }) + }) end end describe "on osfamily FreeBSD" do - let(:facts) {{ :osfamily => 'FreeBSD' }} + let :facts do + super().merge({ :osfamily => 'FreeBSD' }) + end it 'uses the freebsd ntp servers by default' do should contain_file('/etc/ntp.conf').with({ - 'content' => /server \d.freebsd.pool.ntp.org iburst maxpoll 9/, + 'content' => /server \d.freebsd.pool.ntp.org maxpoll 9 iburst/, }) end end describe "on osfamily ArchLinux" do - let(:facts) {{ :osfamily => 'ArchLinux' }} + let :facts do + super().merge({ :osfamily => 'ArchLinux' }) + end it 'uses the NTP pool servers by default' do should contain_file('/etc/ntp.conf').with({ @@ -229,10 +327,36 @@ describe 'ntp' do end end + describe "on osfamily Solaris and operatingsystemrelease 5.10" do + let :facts do + super().merge({ :osfamily => 'Solaris', :operatingsystemrelease => '5.10' }) + end + + it 'uses the NTP pool servers by default' do + should contain_file('/etc/inet/ntp.conf').with({ + 'content' => /server \d.pool.ntp.org/, + }) + end + end + + describe "on osfamily Solaris and operatingsystemrelease 5.11" do + let :facts do + super().merge({ :osfamily => 'Solaris', :operatingsystemrelease => '5.11' }) + end + + it 'uses the NTP pool servers by default' do + should contain_file('/etc/inet/ntp.conf').with({ + 'content' => /server \d.pool.ntp.org/, + }) + end + end + describe "for operating system family unsupported" do - let(:facts) {{ + let :facts do + super().merge({ :osfamily => 'unsupported', - }} + }) + end it { expect{ subject }.to raise_error( /^The ntp module is not supported on an unsupported based system./ @@ -241,8 +365,10 @@ describe 'ntp' do end describe 'for virtual machines' do - let(:facts) {{ :osfamily => 'Archlinux', - :is_virtual => 'true' }} + let :facts do + super().merge({ :osfamily => 'Archlinux', + :is_virtual => 'true' }) + end it 'should not use local clock as a time source' do should_not contain_file('/etc/ntp.conf').with({ @@ -258,8 +384,10 @@ describe 'ntp' do end describe 'for physical machines' do - let(:facts) {{ :osfamily => 'Archlinux', - :is_virtual => 'false' }} + let :facts do + super().merge({ :osfamily => 'Archlinux', + :is_virtual => 'false' }) + end it 'disallows large clock skews' do should_not contain_file('/etc/ntp.conf').with({ @@ -268,5 +396,4 @@ describe 'ntp' do end end end - end diff --git a/deployment/puppet/ntp/spec/spec_helper.rb b/deployment/puppet/ntp/spec/spec_helper.rb index 2c6f56649a..270d2acdf1 100644 --- a/deployment/puppet/ntp/spec/spec_helper.rb +++ b/deployment/puppet/ntp/spec/spec_helper.rb @@ -1 +1,28 @@ require 'puppetlabs_spec_helper/module_spec_helper' + +RSpec.configure do |c| + c.include PuppetlabsSpec::Files + + c.before :each do + # Ensure that we don't accidentally cache facts and environment + # between test cases. + Facter::Util::Loader.any_instance.stubs(:load_all) + Facter.clear + Facter.clear_messages + + # Store any environment variables away to be restored later + @old_env = {} + ENV.each_key {|k| @old_env[k] = ENV[k]} + + if Gem::Version.new(`puppet --version`) >= Gem::Version.new('3.5') + Puppet.settings[:strict_variables]=true + end + if ENV['PARSER'] + Puppet.settings[:parser]=ENV['PARSER'] + end + end + + c.after :each do + PuppetlabsSpec::Files.cleanup + end +end diff --git a/deployment/puppet/ntp/spec/spec_helper_acceptance.rb b/deployment/puppet/ntp/spec/spec_helper_acceptance.rb index 0a5952566f..1a4bea19a3 100644 --- a/deployment/puppet/ntp/spec/spec_helper_acceptance.rb +++ b/deployment/puppet/ntp/spec/spec_helper_acceptance.rb @@ -1,15 +1,29 @@ require 'beaker-rspec' -UNSUPPORTED_PLATFORMS = [ 'windows', 'Solaris' ] +UNSUPPORTED_PLATFORMS = ['windows', 'Darwin'] unless ENV['RS_PROVISION'] == 'no' or ENV['BEAKER_provision'] == 'no' - if hosts.first.is_pe? - install_pe + # This will install the latest available package on el and deb based + # systems fail on windows and osx, and install via gem on other *nixes + foss_opts = {:default_action => 'gem_install'} + + if default.is_pe?; then + install_pe; else - install_puppet + install_puppet(foss_opts); end + hosts.each do |host| - on hosts, "mkdir -p #{host['distmoduledir']}" + unless host.is_pe? + on host, "/bin/echo '' > #{host['hieraconf']}" + end + on host, "mkdir -p #{host['distmoduledir']}" + if host['platform'] =~ /sles-12/i || host['platform'] =~ /solaris-11/i + apply_manifest_on(host, 'package{"git":}') + on host, 'git clone -b 4.3.x https://github.com/puppetlabs/puppetlabs-stdlib /etc/puppetlabs/puppet/modules/stdlib' + else + on host, puppet('module install puppetlabs-stdlib'), {:acceptable_exit_codes => [0, 1]} + end end end @@ -22,11 +36,11 @@ RSpec.configure do |c| # Configure all nodes in nodeset c.before :suite do - # Install module and dependencies - puppet_module_install(:source => proj_root, :module_name => 'ntp') hosts.each do |host| - shell("/bin/touch #{default['puppetpath']}/hiera.yaml") - shell('puppet module install puppetlabs-stdlib', :acceptable_exit_codes => [0,1]) + on host, "mkdir -p #{host['distmoduledir']}/ntp" + %w(lib manifests templates metadata.json).each do |file| + scp_to host, "#{proj_root}/#{file}", "#{host['distmoduledir']}/ntp" + end end end end diff --git a/deployment/puppet/ntp/templates/ntp.conf.erb b/deployment/puppet/ntp/templates/ntp.conf.erb index 83652ac956..99f43d7e08 100644 --- a/deployment/puppet/ntp/templates/ntp.conf.erb +++ b/deployment/puppet/ntp/templates/ntp.conf.erb @@ -15,11 +15,20 @@ disable monitor # permit the source to query or modify the service on this system. <% @restrict.flatten.each do |restrict| -%> restrict <%= restrict %> -<% end %> +<% end -%> +<% end -%> + +<% if @interfaces != [] -%> +# Ignore wildcard interface and only listen on the following specified +# interfaces +interface ignore wildcard +<% @interfaces.flatten.each do |interface| -%> +interface listen <%= interface %> +<% end -%> <% end -%> <% [@servers].flatten.each do |server| -%> -server <%= server %><% if @preferred_servers.include?(server) -%> prefer<% end %> +server <%= server %><% if @iburst_enable == true -%> iburst<% end %><% if @preferred_servers.include?(server) -%> prefer<% end %> <% end -%> <% if scope.lookupvar('::is_virtual') == "false" or @udlc -%> @@ -33,10 +42,10 @@ restrict 127.127.1.0 # Driftfile. driftfile <%= @driftfile %> -<% unless @logfile.nil? %> +<% unless @logfile.nil? -%> # Logfile logfile = <%= @logfile %> -<% end %> +<% end -%> <% if @keys_enable -%> keys <%= @keys_file %> diff --git a/utils/jenkins/modules.disable_rspec b/utils/jenkins/modules.disable_rspec index 816e9dce3d..c8132512ae 100644 --- a/utils/jenkins/modules.disable_rspec +++ b/utils/jenkins/modules.disable_rspec @@ -22,7 +22,6 @@ mysql nailgun neutron nova -ntp openssl openstack operatingsystem