Skip to content

Commit

Permalink
use puppetlabs-hocon for webserver.conf
Browse files Browse the repository at this point in the history
  • Loading branch information
@mmoll
mmoll committed Aug 9, 2017
1 parent 5a514a4 commit 64b0cf3
Show file tree
Hide file tree
Showing 4 changed files with 140 additions and 54 deletions.
78 changes: 73 additions & 5 deletions manifests/server/puppetserver.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -252,22 +252,90 @@
content => template('puppet/server/puppetserver/conf.d/puppetserver.conf.erb'),
}

file { "${server_puppetserver_dir}/conf.d/webserver.conf":
file { "${server_puppetserver_dir}/conf.d/auth.conf":
ensure => file,
content => template('puppet/server/puppetserver/conf.d/webserver.conf.erb'),
content => template('puppet/server/puppetserver/conf.d/auth.conf.erb'),
}

file { "${server_puppetserver_dir}/conf.d/auth.conf":
$webserver_conf = "${server_puppetserver_dir}/conf.d/webserver.conf"

file { $webserver_conf:
ensure => file,
content => template('puppet/server/puppetserver/conf.d/auth.conf.erb'),
}

$webserver_general_settings = {
'webserver.access-log-config' => "${server_puppetserver_dir}/request-logging.xml",
'webserver.client-auth' => 'want',
'webserver.ssl-host' => $server_ip,
'webserver.ssl-port' => $server_port,
'webserver.ssl-cert' => $server_ssl_cert,
'webserver.ssl-key' => $server_ssl_cert_key,
'webserver.ssl-ca-cert' => $server_ssl_ca_cert,
'webserver.idle-timeout-milliseconds' => $server_web_idle_timeout,
}

$webserver_general_settings.each |$setting, $value| {
hocon_setting { $setting:
ensure => present,
path => $webserver_conf,
setting => $setting,
value => $value,
require => File[$webserver_conf],
}
}

$webserver_http_settings_ensure = $server_http ? {
true => present,
default => absent,
}

$webserver_http_settings = {
'webserver.host' => $server_ip,
'webserver.port' => $server_http_port,
}

$webserver_http_settings.each |$setting, $value| {
hocon_setting { $setting:
ensure => $webserver_http_settings_ensure,
path => $webserver_conf,
setting => $setting,
value => $value,
require => File[$webserver_conf],
}
}

$webserver_crl_settings_ensure = $server_crl_enable ? {
true => present,
default => absent,
}

hocon_setting { 'webserver.ssl-crl-path':
ensure => $webserver_crl_settings_ensure,
path => $webserver_conf,
setting => 'webserver.ssl-crl-path',
value => $server_ssl_ca_crl,
require => File[$webserver_conf],
}

$webserver_ca_settings_ensure = $server_ca ? {
true => present,
default => absent,
}

hocon_setting { 'webserver.ssl-cert-chain':
ensure => $webserver_ca_settings_ensure,
path => $webserver_conf,
setting => 'webserver.ssl-cert-chain',
value => $server_ssl_chain,
require => File[$webserver_conf],
}

$product_conf = "${server_puppetserver_dir}/conf.d/product.conf"

if versioncmp($server_puppetserver_version, '2.7') >= 0 {
$product_conf_ensure = file

hocon_setting { 'server_check_for_updates':
hocon_setting { 'product.check-for-updates':
ensure => present,
path => $product_conf,
setting => 'product.check-for-updates',
Expand Down
64 changes: 45 additions & 19 deletions spec/classes/puppet_server_config_spec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -772,8 +772,11 @@
}"
end
it 'should use the ca_crl.pem file' do
should contain_file('/etc/custom/puppetserver/conf.d/webserver.conf').
with_content(/ssl-crl-path: #{ssldir}\/ca\/ca_crl.pem/)
should contain_hocon_setting('webserver.ssl-crl-path').
with_path('/etc/custom/puppetserver/conf.d/webserver.conf').
with_setting('webserver.ssl-crl-path').
with_value("#{ssldir}/ca/ca_crl.pem").
with_ensure('present')
end
end
context 'as non-ca with default' do
Expand All @@ -787,11 +790,13 @@
}"
end
it 'should use the ca_crl.pem file' do
should contain_file('/etc/custom/puppetserver/conf.d/webserver.conf').
without_content(/ssl-crl-path: #{ssldir}\/crl.pem/)
should contain_hocon_setting('webserver.ssl-crl-path').
with_path('/etc/custom/puppetserver/conf.d/webserver.conf').
with_setting('webserver.ssl-crl-path').
with_ensure('absent')
end
end
context 'as non-ca with default' do
context 'as non-ca with server_crl_enable' do
let :pre_condition do
"class {'puppet':
server => true,
Expand All @@ -802,9 +807,12 @@
server_jruby_gem_home => '/opt/puppetlabs/server/data/puppetserver/jruby-gems'
}"
end
it 'should use the ca_crl.pem file' do
should contain_file('/etc/custom/puppetserver/conf.d/webserver.conf').
with_content(/ssl-crl-path: #{ssldir}\/crl.pem/)
it 'should use the crl.pem file' do
should contain_hocon_setting('webserver.ssl-crl-path').
with_path('/etc/custom/puppetserver/conf.d/webserver.conf').
with_setting('webserver.ssl-crl-path').
with_value("#{ssldir}/crl.pem").
with_ensure('present')
end
end
end
Expand All @@ -821,8 +829,11 @@
}"
end
it 'should use the server_ssl_chain_filepath file' do
should contain_file('/etc/custom/puppetserver/conf.d/webserver.conf').
with_content(/ssl-cert-chain: \/etc\/example\/certchain.pem/)
should contain_hocon_setting('webserver.ssl-cert-chain').
with_path('/etc/custom/puppetserver/conf.d/webserver.conf').
with_setting('webserver.ssl-cert-chain').
with_value('/etc/example/certchain.pem').
with_ensure('present')
end
end

Expand All @@ -837,7 +848,11 @@
end

it 'should put the correct ip address in webserver.conf' do
should contain_file('/etc/custom/puppetserver/conf.d/webserver.conf').with_content(/ssl-host:\s127\.0\.0\.1/)
should contain_hocon_setting('webserver.ssl-host').
with_path('/etc/custom/puppetserver/conf.d/webserver.conf').
with_setting('webserver.ssl-host').
with_value('127.0.0.1').
with_ensure('present')
end
end

Expand All @@ -853,13 +868,19 @@
end

it 'should put the correct ssl key path in webserver.conf' do
should contain_file('/etc/custom/puppetserver/conf.d/webserver.conf').
with_content(%r{ssl-key: /etc/custom/puppet/ssl/private_keys/puppetserver43\.example\.com\.pem})
should contain_hocon_setting('webserver.ssl-key').
with_path('/etc/custom/puppetserver/conf.d/webserver.conf').
with_setting('webserver.ssl-key').
with_value('/etc/custom/puppet/ssl/private_keys/puppetserver43.example.com.pem').
with_ensure('present')
end

it 'should put the correct ssl cert path in webserver.conf' do
should contain_file('/etc/custom/puppetserver/conf.d/webserver.conf').
with_content(%r{ssl-cert: /etc/custom/puppet/ssl/certs/puppetserver43\.example\.com\.pem})
should contain_hocon_setting('webserver.ssl-cert').
with_path('/etc/custom/puppetserver/conf.d/webserver.conf').
with_setting('webserver.ssl-cert').
with_value('/etc/custom/puppet/ssl/certs/puppetserver43.example.com.pem').
with_ensure('present')
end
end

Expand All @@ -873,10 +894,15 @@
}"
end

it { should contain_file('/etc/custom/puppetserver/conf.d/webserver.conf').
with_content(/ host:\s0\.0\.0\.0/).
with_content(/ port:\s8139/).
with({})
it { should contain_hocon_setting('webserver.host').
with_path('/etc/custom/puppetserver/conf.d/webserver.conf').
with_setting('webserver.host').
with_value('0.0.0.0')
}
it { should contain_hocon_setting('webserver.port').
with_path('/etc/custom/puppetserver/conf.d/webserver.conf').
with_setting('webserver.port').
with_value('8139')
}

it { should contain_file('/etc/custom/puppetserver/conf.d/auth.conf').
Expand Down
32 changes: 22 additions & 10 deletions spec/classes/puppet_server_puppetserver_spec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -107,12 +107,23 @@

it { should contain_file('/etc/custom/puppetserver/conf.d/ca.conf') }
it { should contain_file('/etc/custom/puppetserver/conf.d/puppetserver.conf') }
it { should contain_file('/etc/custom/puppetserver/conf.d/webserver.conf').
with_content(/ssl-host:\s0\.0\.0\.0/).
with_content(/ssl-port:\s8140/).
without_content(/ host:\s/).
without_content(/ port:\s8139/).
with({})
it { should contain_hocon_setting('webserver.ssl-host').
with_path('/etc/custom/puppetserver/conf.d/webserver.conf').
with_setting('webserver.ssl-host').
with_value('0.0.0.0').
with_ensure('present')
}
it { should contain_hocon_setting('webserver.ssl-port').
with_path('/etc/custom/puppetserver/conf.d/webserver.conf').
with_setting('webserver.ssl-port').
with_value('8140').
with_ensure('present')
}
it { should contain_hocon_setting('webserver.host').
with_ensure('absent')
}
it { should contain_hocon_setting('webserver.port').
with_ensure('absent')
}
it { should contain_file('/etc/custom/puppetserver/conf.d/auth.conf').
with_content(/allow-header-cert-info: false/).
Expand Down Expand Up @@ -484,11 +495,12 @@
with_ensure('file')
}
it {
should contain_hocon_setting('server_check_for_updates').
should contain_hocon_setting('product.check-for-updates').
with_path('/etc/custom/puppetserver/conf.d/product.conf').
with_setting('product.check-for-updates').
with_value(false)
}
with_value(false).
with_ensure('present')
}
end

context 'when server_puppetserver_version < 2.7' do
Expand All @@ -503,7 +515,7 @@
with_ensure('absent')
}
it {
should_not contain_hocon_setting('server_check_for_updates')
should_not contain_hocon_setting('product.check-for-updates')
}
end
end
Expand Down
20 changes: 0 additions & 20 deletions templates/server/puppetserver/conf.d/webserver.conf.erb
View file

This file was deleted.

0 comments on commit 64b0cf3

Please sign in to comment.