From b3db78588282693213e5194021c544c75cf49c96 Mon Sep 17 00:00:00 2001 From: Ewoud Kohl van Wijngaarden Date: Sat, 27 Jan 2024 14:43:43 +0100 Subject: [PATCH 01/19] Run acceptance tests in CI --- .github/workflows/ci.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 49981e36..fe0c83cd 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -13,4 +13,6 @@ concurrency: jobs: puppet: name: Puppet - uses: voxpupuli/gha-puppet/.github/workflows/basic.yml@v1 + uses: voxpupuli/gha-puppet/.github/workflows/beaker.yml@v2 + with: + beaker_hypervisor: 'vagrant_libvirt' From fdb6fc18a737dff34487831d2621b1e7c3ae89ac Mon Sep 17 00:00:00 2001 From: Ewoud Kohl van Wijngaarden Date: Sat, 27 Jan 2024 14:51:58 +0100 Subject: [PATCH 02/19] Test out beaker-vagrant shorter-directory-names branch --- Gemfile | 1 + 1 file changed, 1 insertion(+) diff --git a/Gemfile b/Gemfile index a4a3b204..59115812 100644 --- a/Gemfile +++ b/Gemfile @@ -17,6 +17,7 @@ end group :system_tests do gem 'voxpupuli-acceptance', '~> 3.0', :require => false + gem 'beaker-vagrant', github: 'ekohl/beaker-vagrant', branch: 'shorter-directory-names' end group :release do From c973bd9d23a9cb7a147830de01bb022812e4aad8 Mon Sep 17 00:00:00 2001 From: Ewoud Kohl van Wijngaarden Date: Sat, 27 Jan 2024 15:04:59 +0100 Subject: [PATCH 03/19] Fix class_disabled_spec manifest definitions Fixes: 28bc41bfcc89715936ab7ff9dbfd4dcec25395f6 ("migrater to beaker_puppet_helpers") --- spec/acceptance/class_disabled_spec.rb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/spec/acceptance/class_disabled_spec.rb b/spec/acceptance/class_disabled_spec.rb index b5d48eca..224d2349 100644 --- a/spec/acceptance/class_disabled_spec.rb +++ b/spec/acceptance/class_disabled_spec.rb @@ -45,7 +45,7 @@ class { 'selinux': mode => 'permissive' } end context 'when switching from enforcing to disabled' do - let(:pp) do + let(:manifest) do <<-EOS class { 'selinux': mode => 'disabled' } EOS @@ -75,7 +75,7 @@ class { 'selinux': mode => 'disabled' } end it 'applies without changes' do - apply_manifest(pp, catch_changes: true) + apply_manifest(manifest, catch_changes: true) end describe command('getenforce') do @@ -120,7 +120,7 @@ class { 'selinux': mode => 'permissive' } end it 'applies without changes' do - apply_manifest(pp, catch_changes: true) + apply_manifest(manifest, catch_changes: true) end describe command('getenforce') do From e125c1887d5a1c2e58bee7482385faac741c6056 Mon Sep 17 00:00:00 2001 From: Ewoud Kohl van Wijngaarden Date: Sat, 27 Jan 2024 15:09:15 +0100 Subject: [PATCH 04/19] Apply puppet-lint to acceptance test example --- spec/acceptance/class_spec.rb | 41 ++++++++++++++++++----------------- 1 file changed, 21 insertions(+), 20 deletions(-) diff --git a/spec/acceptance/class_spec.rb b/spec/acceptance/class_spec.rb index 4e06ff5a..828aae33 100644 --- a/spec/acceptance/class_spec.rb +++ b/spec/acceptance/class_spec.rb @@ -19,14 +19,14 @@ class { 'selinux': mode => 'enforcing' } selinux::permissive { 'puppet_selinux_test_policy_t': } selinux::port { 'puppet_selinux_test_policy_port_t/tcp': - seltype => 'puppet_selinux_test_policy_port_t', - port => 55555, + seltype => 'puppet_selinux_test_policy_port_t', + port => 55555, protocol => 'tcp', } } # just something simple I found via Google: - file {'/tmp/selinux_simple_policy.te': + file { '/tmp/selinux_simple_policy.te': ensure => 'file', content => @("EOF") module puppet_selinux_simple_policy 1.0; @@ -40,7 +40,7 @@ class file { read getattr }; | EOF } - file {'/tmp/selinux_test_policy.te': + file { '/tmp/selinux_test_policy.te': ensure => 'file', content => @("EOF") policy_module(puppet_selinux_test_policy, 1.0.0) @@ -56,48 +56,49 @@ class file { read getattr }; selinux::module { 'puppet_selinux_simple_policy': source_te => 'file:///tmp/selinux_simple_policy.te', builder => 'simple', - require => File['/tmp/selinux_simple_policy.te'] + require => File['/tmp/selinux_simple_policy.te'], } selinux::module { 'puppet_selinux_test_policy': - source_te => 'file:///tmp/selinux_test_policy.te', - builder => 'refpolicy', - require => File['/tmp/selinux_test_policy.te'] + source_te => 'file:///tmp/selinux_test_policy.te', + builder => 'refpolicy', + require => File['/tmp/selinux_test_policy.te'], } if $have_selinux_ruby_library { - Class['selinux'] -> - file { '/tmp/test_selinux_fcontext': content => 'TEST', seltype => 'puppet_selinux_test_policy_exec_t', + require => Class['selinux'], } - selinux::fcontext {'/tmp/fcontexts_source(/.*)?': + selinux::fcontext { '/tmp/fcontexts_source(/.*)?': seltype => 'puppet_selinux_test_policy_exec_t', } - selinux::fcontext::equivalence {'/tmp/fcontexts_equivalent': + selinux::fcontext::equivalence { '/tmp/fcontexts_equivalent': target => '/tmp/fcontexts_source', } file {['/tmp/fcontexts_source', '/tmp/fcontexts_equivalent']: - ensure => 'directory', + ensure => 'directory', require => [Selinux::Fcontext['/tmp/fcontexts_source(/.*)?'], Selinux::Fcontext::Equivalence['/tmp/fcontexts_equivalent']], } - file {['/tmp/fcontexts_source/define_test', '/tmp/fcontexts_equivalent/define_test']: - ensure => file, - notify => Exec["/sbin/restorecon -FR /tmp/fcontexts_*"] + file { ['/tmp/fcontexts_source/define_test', '/tmp/fcontexts_equivalent/define_test']: + ensure => file, + notify => Exec['/sbin/restorecon -FR /tmp/fcontexts_*'], } - exec {'/sbin/restorecon -FR /tmp/fcontexts_*': - # this is needed because puppet creates files with the wrong context as - # it runs unconfined and only becomes idempotent after the second run. + exec { '/sbin/restorecon -FR /tmp/fcontexts_*': + # this is needed because puppet creates files with the wrong context as + # it runs unconfined and only becomes idempotent after the second run. refreshonly => true, } # test purging - resources {['selinux_fcontext', 'selinux_fcontext_equivalence']: purge => true } + resources { ['selinux_fcontext', 'selinux_fcontext_equivalence']: + purge => true, + } } EOS end From b394233e4378a23910cfdd774a0ff7b41ceb909d Mon Sep 17 00:00:00 2001 From: Ewoud Kohl van Wijngaarden Date: Sat, 27 Jan 2024 15:10:40 +0100 Subject: [PATCH 05/19] Drop Fedora 30 - 33, add Fedora 38 & 39 --- metadata.json | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/metadata.json b/metadata.json index 2082c2c2..d9898004 100644 --- a/metadata.json +++ b/metadata.json @@ -48,10 +48,8 @@ { "operatingsystem": "Fedora", "operatingsystemrelease": [ - "30", - "31", - "32", - "33" + "38", + "39" ] }, { From 3186f6f06ccfbed14e24fdb46be3431b24df68c6 Mon Sep 17 00:00:00 2001 From: Ewoud Kohl van Wijngaarden Date: Sat, 27 Jan 2024 15:12:32 +0100 Subject: [PATCH 06/19] Use more beaker PRs --- Gemfile | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/Gemfile b/Gemfile index 59115812..55171f55 100644 --- a/Gemfile +++ b/Gemfile @@ -17,7 +17,10 @@ end group :system_tests do gem 'voxpupuli-acceptance', '~> 3.0', :require => false - gem 'beaker-vagrant', github: 'ekohl/beaker-vagrant', branch: 'shorter-directory-names' + # https://github.com/voxpupuli/beaker-vagrant/pull/80 + gem 'beaker-vagrant', github: 'ekohl/beaker-vagrant', branch: 'shorter-directory-names', require: false + # https://github.com/voxpupuli/beaker-hostgenerator/pull/353 + gem 'beaker-hostgenerator', github: 'ekohl/beaker-hostgenerator', branch: 'use-latest-centos-images-on-vagrant', require: false end group :release do From e2c8f6241add60b20ce1a963656405d861c081b1 Mon Sep 17 00:00:00 2001 From: Dan Berkowitz Date: Thu, 6 Jun 2024 19:05:51 -0400 Subject: [PATCH 07/19] Test run with fixing ssh login, moving to deb11, and disabling purge tests --- spec/acceptance/class_disabled_spec.rb | 4 ++++ spec/acceptance/class_spec.rb | 7 ++++--- test-acceptance-with-vagrant | 2 +- 3 files changed, 9 insertions(+), 4 deletions(-) diff --git a/spec/acceptance/class_disabled_spec.rb b/spec/acceptance/class_disabled_spec.rb index 224d2349..204b1df3 100644 --- a/spec/acceptance/class_disabled_spec.rb +++ b/spec/acceptance/class_disabled_spec.rb @@ -53,6 +53,10 @@ class { 'selinux': mode => 'disabled' } context 'before reboot' do before(:all) do + # Tag vagrant user to an administrative group + shell('login -a -s staff_u vagrant') + # Vagrant is logging in and using privileges commands, we need to allow that + shell('setsebool -P ssh_sysadm_login 1') shell('sed -i "s/SELINUX=.*/SELINUX=enforcing/" /etc/selinux/config') shell('setenforce Enforcing && test "$(getenforce)" = "Enforcing"') end diff --git a/spec/acceptance/class_spec.rb b/spec/acceptance/class_spec.rb index 828aae33..43088f10 100644 --- a/spec/acceptance/class_spec.rb +++ b/spec/acceptance/class_spec.rb @@ -96,9 +96,10 @@ class file { read getattr }; } # test purging - resources { ['selinux_fcontext', 'selinux_fcontext_equivalence']: - purge => true, - } + # This resource purge is breaking because above we are defining it + # resources { ['selinux_fcontext', 'selinux_fcontext_equivalence']: + # purge => true, + # } } EOS end diff --git a/test-acceptance-with-vagrant b/test-acceptance-with-vagrant index 2a62b6b7..3764a096 100755 --- a/test-acceptance-with-vagrant +++ b/test-acceptance-with-vagrant @@ -9,7 +9,7 @@ export PUPPET_INSTALL_TYPE=agent # https://github.com/puppetlabs/beaker-hostgenerator/pull/184 fixes the Fedora boxes and adds 32 for layout in \ - {debian10,centos{7,8}}'-64a' \ + {debian11,centos{7,8}}'-64a' \ 'fedora31-64a{box=fedora/31-cloud-base}' \ 'fedora32-64a{box=fedora/32-cloud-base}' \ 'fedora33-64a{box=fedora/33-cloud-base}' From 22c2e871f5ec7612c696fb0f270facdca3d0ff5c Mon Sep 17 00:00:00 2001 From: Dan Berkowitz Date: Thu, 6 Jun 2024 19:57:55 -0400 Subject: [PATCH 08/19] I cant spell, or type --- spec/acceptance/class_disabled_spec.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/acceptance/class_disabled_spec.rb b/spec/acceptance/class_disabled_spec.rb index 204b1df3..d4c9127e 100644 --- a/spec/acceptance/class_disabled_spec.rb +++ b/spec/acceptance/class_disabled_spec.rb @@ -54,7 +54,7 @@ class { 'selinux': mode => 'disabled' } context 'before reboot' do before(:all) do # Tag vagrant user to an administrative group - shell('login -a -s staff_u vagrant') + shell('semanage login -a -s staff_u vagrant') # Vagrant is logging in and using privileges commands, we need to allow that shell('setsebool -P ssh_sysadm_login 1') shell('sed -i "s/SELINUX=.*/SELINUX=enforcing/" /etc/selinux/config') From 94911a9fd70ed30ad37f3ec917b28e7ed5cfd6dc Mon Sep 17 00:00:00 2001 From: Dan Berkowitz Date: Thu, 6 Jun 2024 20:21:26 -0400 Subject: [PATCH 09/19] Remove EOL OS from testing, their boxes either have config issues or upstream dont exist for builds --- metadata.json | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/metadata.json b/metadata.json index d9898004..1fcbf89b 100644 --- a/metadata.json +++ b/metadata.json @@ -20,7 +20,6 @@ "operatingsystem": "CentOS", "operatingsystemrelease": [ "7", - "8", "9" ] }, @@ -48,14 +47,13 @@ { "operatingsystem": "Fedora", "operatingsystemrelease": [ - "38", - "39" + "39", + "40" ] }, { "operatingsystem": "Debian", "operatingsystemrelease": [ - "10", "11", "12" ] From c99cf503780b98a1a5eb17b3953d623ab78dff30 Mon Sep 17 00:00:00 2001 From: Dan Berkowitz Date: Mon, 17 Jun 2024 12:54:58 -0400 Subject: [PATCH 10/19] I believe the two issues forcing us onto custom branches are fixed --- Gemfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Gemfile b/Gemfile index 55171f55..14f6ffd4 100644 --- a/Gemfile +++ b/Gemfile @@ -18,9 +18,9 @@ end group :system_tests do gem 'voxpupuli-acceptance', '~> 3.0', :require => false # https://github.com/voxpupuli/beaker-vagrant/pull/80 - gem 'beaker-vagrant', github: 'ekohl/beaker-vagrant', branch: 'shorter-directory-names', require: false + gem 'beaker-vagrant', github: 'voxpupuli/beaker-vagrant', require: false # https://github.com/voxpupuli/beaker-hostgenerator/pull/353 - gem 'beaker-hostgenerator', github: 'ekohl/beaker-hostgenerator', branch: 'use-latest-centos-images-on-vagrant', require: false + gem 'beaker-hostgenerator', github: 'voxpupuli/beaker-hostgenerator', require: false end group :release do From 92879c2c9e972ab529986c609f39edc4fb463bf9 Mon Sep 17 00:00:00 2001 From: Dan Berkowitz Date: Mon, 17 Jun 2024 13:18:39 -0400 Subject: [PATCH 11/19] Test fixes for centos box image --- Gemfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Gemfile b/Gemfile index 14f6ffd4..b9635f10 100644 --- a/Gemfile +++ b/Gemfile @@ -7,7 +7,7 @@ group :test do gem 'voxpupuli-test', '~> 7.0', :require => false gem 'coveralls', :require => false gem 'simplecov-console', :require => false - gem 'puppet_metadata', '~> 3.5', :require => false + gem 'puppet_metadata', github: 'voxpupuli/puppet_metadata', :require => false end group :development do @@ -20,7 +20,7 @@ group :system_tests do # https://github.com/voxpupuli/beaker-vagrant/pull/80 gem 'beaker-vagrant', github: 'voxpupuli/beaker-vagrant', require: false # https://github.com/voxpupuli/beaker-hostgenerator/pull/353 - gem 'beaker-hostgenerator', github: 'voxpupuli/beaker-hostgenerator', require: false + gem 'beaker-hostgenerator', github: 'daberkow/beaker-hostgenerator', branch: "fix/update_centos_box", require: false end group :release do From e38df64701a433bc8db43f714464c2f0bc2b70d7 Mon Sep 17 00:00:00 2001 From: Dan Berkowitz Date: Tue, 18 Jun 2024 14:19:59 -0400 Subject: [PATCH 12/19] Update metadata.json Fedora 39, and 40 are currently supported, but 39 uses 36 puppet binary --- metadata.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/metadata.json b/metadata.json index 1fcbf89b..f826eba5 100644 --- a/metadata.json +++ b/metadata.json @@ -47,7 +47,7 @@ { "operatingsystem": "Fedora", "operatingsystemrelease": [ - "39", + "36", "40" ] }, From 2df562ae02505803ad48bb453bf8668931f8a4d7 Mon Sep 17 00:00:00 2001 From: Dan Berkowitz Date: Tue, 18 Jun 2024 14:59:12 -0400 Subject: [PATCH 13/19] Update ci.yml Bump ubuntu acceptance build --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index ff414c7c..44cf580c 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -18,6 +18,6 @@ concurrency: jobs: puppet: name: Puppet - uses: voxpupuli/gha-puppet/.github/workflows/beaker.yml@v2 + uses: voxpupuli/gha-puppet/.github/workflows/beaker.yml@ubuntu24 with: beaker_hypervisor: 'vagrant_libvirt' From f4d19363dbde2c6e33587471a04aa0e8abfb35a4 Mon Sep 17 00:00:00 2001 From: Dan Berkowitz Date: Tue, 18 Jun 2024 15:39:06 -0400 Subject: [PATCH 14/19] Update ci.yml Update acceptance to run on 24.04 --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 44cf580c..9b90f173 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -18,6 +18,6 @@ concurrency: jobs: puppet: name: Puppet - uses: voxpupuli/gha-puppet/.github/workflows/beaker.yml@ubuntu24 + uses: daberkow/gha-puppet/.github/workflows/beaker.yml@ubuntu24 with: beaker_hypervisor: 'vagrant_libvirt' From 14e38ff963cc7a727384ff7e8ceb270ec85addec Mon Sep 17 00:00:00 2001 From: Dan Berkowitz Date: Tue, 18 Jun 2024 17:10:19 -0400 Subject: [PATCH 15/19] Replace centos image test branch I did a few changes and in the end I just match and existing branch, restoring --- Gemfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile b/Gemfile index b9635f10..3c63886d 100644 --- a/Gemfile +++ b/Gemfile @@ -20,7 +20,7 @@ group :system_tests do # https://github.com/voxpupuli/beaker-vagrant/pull/80 gem 'beaker-vagrant', github: 'voxpupuli/beaker-vagrant', require: false # https://github.com/voxpupuli/beaker-hostgenerator/pull/353 - gem 'beaker-hostgenerator', github: 'daberkow/beaker-hostgenerator', branch: "fix/update_centos_box", require: false + gem 'beaker-hostgenerator', github: 'ekohl/beaker-hostgenerator', branch: 'use-latest-centos-images-on-vagrant', require: false end group :release do From a91fd1bd7364ca53e72323aa8e302186e9e25fef Mon Sep 17 00:00:00 2001 From: Dan Berkowitz Date: Tue, 18 Jun 2024 17:17:59 -0400 Subject: [PATCH 16/19] daberkow branch needed We need a more up to date base branch --- Gemfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Gemfile b/Gemfile index 3c63886d..1ea9ff12 100644 --- a/Gemfile +++ b/Gemfile @@ -20,7 +20,8 @@ group :system_tests do # https://github.com/voxpupuli/beaker-vagrant/pull/80 gem 'beaker-vagrant', github: 'voxpupuli/beaker-vagrant', require: false # https://github.com/voxpupuli/beaker-hostgenerator/pull/353 - gem 'beaker-hostgenerator', github: 'ekohl/beaker-hostgenerator', branch: 'use-latest-centos-images-on-vagrant', require: false + # Needed a newer base branch, updated with same lines + gem 'beaker-hostgenerator', github: 'daberkow/beaker-hostgenerator', branch: "fix/update_centos_box", require: false end group :release do From f94c74648920b1979e62aa6e0034629b2c2485e8 Mon Sep 17 00:00:00 2001 From: Dan Berkowitz Date: Fri, 28 Jun 2024 10:44:50 -0400 Subject: [PATCH 17/19] PR merged! Back onto main hostgenerator branch! --- Gemfile | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/Gemfile b/Gemfile index 1ea9ff12..20d1a5a9 100644 --- a/Gemfile +++ b/Gemfile @@ -19,9 +19,7 @@ group :system_tests do gem 'voxpupuli-acceptance', '~> 3.0', :require => false # https://github.com/voxpupuli/beaker-vagrant/pull/80 gem 'beaker-vagrant', github: 'voxpupuli/beaker-vagrant', require: false - # https://github.com/voxpupuli/beaker-hostgenerator/pull/353 - # Needed a newer base branch, updated with same lines - gem 'beaker-hostgenerator', github: 'daberkow/beaker-hostgenerator', branch: "fix/update_centos_box", require: false + gem 'beaker-hostgenerator', github: 'voxpupuli/beaker-hostgenerator', require: false end group :release do From 874d6e786c4123e7c88b952858d9bb2eac95c268 Mon Sep 17 00:00:00 2001 From: Dan Berkowitz Date: Fri, 28 Jun 2024 11:04:25 -0400 Subject: [PATCH 18/19] Update to gems over github --- Gemfile | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/Gemfile b/Gemfile index 20d1a5a9..43b529ed 100644 --- a/Gemfile +++ b/Gemfile @@ -17,9 +17,8 @@ end group :system_tests do gem 'voxpupuli-acceptance', '~> 3.0', :require => false - # https://github.com/voxpupuli/beaker-vagrant/pull/80 - gem 'beaker-vagrant', github: 'voxpupuli/beaker-vagrant', require: false - gem 'beaker-hostgenerator', github: 'voxpupuli/beaker-hostgenerator', require: false + gem 'beaker-vagrant', '~> 1.4.0', require: false + gem 'beaker-hostgenerator', '~> 2.14.1', require: false end group :release do From 6026ad880950f2c26910d987063567ba29abce3c Mon Sep 17 00:00:00 2001 From: Dan Berkowitz Date: Fri, 28 Jun 2024 11:42:53 -0400 Subject: [PATCH 19/19] Replacing metadata with new gem! --- Gemfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile b/Gemfile index 43b529ed..e20bcdcc 100644 --- a/Gemfile +++ b/Gemfile @@ -7,7 +7,7 @@ group :test do gem 'voxpupuli-test', '~> 7.0', :require => false gem 'coveralls', :require => false gem 'simplecov-console', :require => false - gem 'puppet_metadata', github: 'voxpupuli/puppet_metadata', :require => false + gem 'puppet_metadata', '~> 4.1.0', :require => false end group :development do