diff --git a/deployment/puppet/cobbler/manifests/checksum_bootpc.pp b/deployment/puppet/cobbler/manifests/checksum_bootpc.pp index 473474867c..06373b3703 100644 --- a/deployment/puppet/cobbler/manifests/checksum_bootpc.pp +++ b/deployment/puppet/cobbler/manifests/checksum_bootpc.pp @@ -14,21 +14,25 @@ class cobbler::checksum_bootpc () { - - Exec {path => '/usr/bin:/bin:/usr/sbin:/sbin'} - - case $operatingsystem { + case $::operatingsystem { /(?i)(centos|redhat)/ : { - exec { "checksum_fill_bootpc": - command => "iptables -t mangle -A POSTROUTING -p udp --dport 68 -j CHECKSUM --checksum-fill; /etc/init.d/iptables save", - unless => "iptables -t mangle -S POSTROUTING | grep -q \"^-A POSTROUTING -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill\"" - } + $iptables_save_location = '/etc/sysconfig/iptables' } /(?i)(debian|ubuntu)/ : { - exec { "checksum_fill_bootpc": - command => "iptables -t mangle -A POSTROUTING -p udp --dport 68 -j CHECKSUM --checksum-fill; iptables-save -c > /etc/iptables.rules", - unless => "iptables -t mangle -S POSTROUTING | grep -q \"^-A POSTROUTING -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill\"" - } + $iptables_save_location = '/etc/iptables.rules' + } + default: { + fail('Unsupported OS') } } + + # TODO(aschultz): replace this with a proper firewall resource usage which + # requires an firewall module verison bump and figure out how to get around + # the module not being able to save the rules inside docker (which currently + # errors) + exec { 'checksum_fill_bootpc': + command => "iptables -t mangle -A POSTROUTING -p udp --dport 68 -j CHECKSUM --checksum-fill; iptables-save -c > ${iptables_save_location}", # lint:ignore:80chars + path => '/usr/bin:/bin:/usr/sbin:/sbin', + unless => 'iptables -t mangle -S POSTROUTING | grep -q "^-A POSTROUTING -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill"' # lint:ignore:80chars + } } diff --git a/deployment/puppet/cobbler/spec/classes/cobbler_checksum_bootpc_spec.rb b/deployment/puppet/cobbler/spec/classes/cobbler_checksum_bootpc_spec.rb new file mode 100644 index 0000000000..47534b68ca --- /dev/null +++ b/deployment/puppet/cobbler/spec/classes/cobbler_checksum_bootpc_spec.rb @@ -0,0 +1,54 @@ +require 'spec_helper' + +describe 'cobbler::checksum_bootpc' do + + let(:default_params) { { + } } + + shared_examples_for 'cobbler::checksum_bootpc configuration' do + let :params do + default_params + end + + + context 'with default params' do + let :params do + default_params.merge!({}) + end + + it 'configures with the default params' do + if facts[:operatingsystem] == 'RedHat' + save_location = '/etc/sysconfig/iptables' + elsif facts[:operatingsystem] == 'Debian' + save_location = '/etc/iptables.rules' + end + should contain_exec('checksum_fill_bootpc').with( + :command => "iptables -t mangle -A POSTROUTING -p udp --dport 68 -j CHECKSUM --checksum-fill; iptables-save -c > #{save_location}", + :unless => 'iptables -t mangle -S POSTROUTING | grep -q "^-A POSTROUTING -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill"' + ) + end + end + end + + context 'on Debian platforms' do + let :facts do + @default_facts.merge({ :osfamily => 'Debian', + :operatingsystem => 'Debian', + }) + end + + it_configures 'cobbler::checksum_bootpc configuration' + end + + context 'on RedHat platforms' do + let :facts do + @default_facts.merge({ :osfamily => 'RedHat', + :operatingsystem => 'RedHat', + }) + end + + it_configures 'cobbler::checksum_bootpc configuration' + end + +end +