diff --git a/manifests/server/puppetserver.pp b/manifests/server/puppetserver.pp index 3c6153a9..a8ce8e08 100644 --- a/manifests/server/puppetserver.pp +++ b/manifests/server/puppetserver.pp @@ -252,14 +252,82 @@ content => template('puppet/server/puppetserver/conf.d/puppetserver.conf.erb'), } - file { "${server_puppetserver_dir}/conf.d/webserver.conf": + file { "${server_puppetserver_dir}/conf.d/auth.conf": ensure => file, - content => template('puppet/server/puppetserver/conf.d/webserver.conf.erb'), + content => template('puppet/server/puppetserver/conf.d/auth.conf.erb'), } - file { "${server_puppetserver_dir}/conf.d/auth.conf": + $webserver_conf = "${server_puppetserver_dir}/conf.d/webserver.conf" + + file { $webserver_conf: ensure => file, - content => template('puppet/server/puppetserver/conf.d/auth.conf.erb'), + } + + $webserver_general_settings = { + 'webserver.access-log-config' => "${server_puppetserver_dir}/request-logging.xml", + 'webserver.client-auth' => 'want', + 'webserver.ssl-host' => $server_ip, + 'webserver.ssl-port' => $server_port, + 'webserver.ssl-cert' => $server_ssl_cert, + 'webserver.ssl-key' => $server_ssl_cert_key, + 'webserver.ssl-ca-cert' => $server_ssl_ca_cert, + 'webserver.idle-timeout-milliseconds' => $server_web_idle_timeout, + } + + $webserver_general_settings.each |$setting, $value| { + hocon_setting { $setting: + ensure => present, + path => $webserver_conf, + setting => $setting, + value => $value, + require => File[$webserver_conf], + } + } + + $webserver_http_settings_ensure = $server_http ? { + true => present, + default => absent, + } + + $webserver_http_settings = { + 'webserver.host' => $server_ip, + 'webserver.port' => $server_http_port, + } + + $webserver_http_settings.each |$setting, $value| { + hocon_setting { $setting: + ensure => $webserver_http_settings_ensure, + path => $webserver_conf, + setting => $setting, + value => $value, + require => File[$webserver_conf], + } + } + + $webserver_crl_settings_ensure = $server_crl_enable ? { + true => present, + default => absent, + } + + hocon_setting { 'webserver.ssl-crl-path': + ensure => $webserver_crl_settings_ensure, + path => $webserver_conf, + setting => 'webserver.ssl-crl-path', + value => $server_ssl_ca_crl, + require => File[$webserver_conf], + } + + $webserver_ca_settings_ensure = $server_ca ? { + true => present, + default => absent, + } + + hocon_setting { 'webserver.ssl-cert-chain': + ensure => $webserver_ca_settings_ensure, + path => $webserver_conf, + setting => 'webserver.ssl-cert-chain', + value => $server_ssl_chain, + require => File[$webserver_conf], } $product_conf = "${server_puppetserver_dir}/conf.d/product.conf" @@ -267,7 +335,7 @@ if versioncmp($server_puppetserver_version, '2.7') >= 0 { $product_conf_ensure = file - hocon_setting { 'server_check_for_updates': + hocon_setting { 'product.check-for-updates': ensure => present, path => $product_conf, setting => 'product.check-for-updates', diff --git a/spec/classes/puppet_server_config_spec.rb b/spec/classes/puppet_server_config_spec.rb index 9637181e..10a5acb6 100644 --- a/spec/classes/puppet_server_config_spec.rb +++ b/spec/classes/puppet_server_config_spec.rb @@ -772,8 +772,11 @@ }" end it 'should use the ca_crl.pem file' do - should contain_file('/etc/custom/puppetserver/conf.d/webserver.conf'). - with_content(/ssl-crl-path: #{ssldir}\/ca\/ca_crl.pem/) + should contain_hocon_setting('webserver.ssl-crl-path'). + with_path('/etc/custom/puppetserver/conf.d/webserver.conf'). + with_setting('webserver.ssl-crl-path'). + with_value("#{ssldir}/ca/ca_crl.pem"). + with_ensure('present') end end context 'as non-ca with default' do @@ -787,11 +790,13 @@ }" end it 'should use the ca_crl.pem file' do - should contain_file('/etc/custom/puppetserver/conf.d/webserver.conf'). - without_content(/ssl-crl-path: #{ssldir}\/crl.pem/) + should contain_hocon_setting('webserver.ssl-crl-path'). + with_path('/etc/custom/puppetserver/conf.d/webserver.conf'). + with_setting('webserver.ssl-crl-path'). + with_ensure('absent') end end - context 'as non-ca with default' do + context 'as non-ca with server_crl_enable' do let :pre_condition do "class {'puppet': server => true, @@ -802,9 +807,12 @@ server_jruby_gem_home => '/opt/puppetlabs/server/data/puppetserver/jruby-gems' }" end - it 'should use the ca_crl.pem file' do - should contain_file('/etc/custom/puppetserver/conf.d/webserver.conf'). - with_content(/ssl-crl-path: #{ssldir}\/crl.pem/) + it 'should use the crl.pem file' do + should contain_hocon_setting('webserver.ssl-crl-path'). + with_path('/etc/custom/puppetserver/conf.d/webserver.conf'). + with_setting('webserver.ssl-crl-path'). + with_value("#{ssldir}/crl.pem"). + with_ensure('present') end end end @@ -821,8 +829,11 @@ }" end it 'should use the server_ssl_chain_filepath file' do - should contain_file('/etc/custom/puppetserver/conf.d/webserver.conf'). - with_content(/ssl-cert-chain: \/etc\/example\/certchain.pem/) + should contain_hocon_setting('webserver.ssl-cert-chain'). + with_path('/etc/custom/puppetserver/conf.d/webserver.conf'). + with_setting('webserver.ssl-cert-chain'). + with_value('/etc/example/certchain.pem'). + with_ensure('present') end end @@ -837,7 +848,11 @@ end it 'should put the correct ip address in webserver.conf' do - should contain_file('/etc/custom/puppetserver/conf.d/webserver.conf').with_content(/ssl-host:\s127\.0\.0\.1/) + should contain_hocon_setting('webserver.ssl-host'). + with_path('/etc/custom/puppetserver/conf.d/webserver.conf'). + with_setting('webserver.ssl-host'). + with_value('127.0.0.1'). + with_ensure('present') end end @@ -853,13 +868,19 @@ end it 'should put the correct ssl key path in webserver.conf' do - should contain_file('/etc/custom/puppetserver/conf.d/webserver.conf'). - with_content(%r{ssl-key: /etc/custom/puppet/ssl/private_keys/puppetserver43\.example\.com\.pem}) + should contain_hocon_setting('webserver.ssl-key'). + with_path('/etc/custom/puppetserver/conf.d/webserver.conf'). + with_setting('webserver.ssl-key'). + with_value('/etc/custom/puppet/ssl/private_keys/puppetserver43.example.com.pem'). + with_ensure('present') end it 'should put the correct ssl cert path in webserver.conf' do - should contain_file('/etc/custom/puppetserver/conf.d/webserver.conf'). - with_content(%r{ssl-cert: /etc/custom/puppet/ssl/certs/puppetserver43\.example\.com\.pem}) + should contain_hocon_setting('webserver.ssl-cert'). + with_path('/etc/custom/puppetserver/conf.d/webserver.conf'). + with_setting('webserver.ssl-cert'). + with_value('/etc/custom/puppet/ssl/certs/puppetserver43.example.com.pem'). + with_ensure('present') end end @@ -873,10 +894,15 @@ }" end - it { should contain_file('/etc/custom/puppetserver/conf.d/webserver.conf'). - with_content(/ host:\s0\.0\.0\.0/). - with_content(/ port:\s8139/). - with({}) + it { should contain_hocon_setting('webserver.host'). + with_path('/etc/custom/puppetserver/conf.d/webserver.conf'). + with_setting('webserver.host'). + with_value('0.0.0.0') + } + it { should contain_hocon_setting('webserver.port'). + with_path('/etc/custom/puppetserver/conf.d/webserver.conf'). + with_setting('webserver.port'). + with_value('8139') } it { should contain_file('/etc/custom/puppetserver/conf.d/auth.conf'). diff --git a/spec/classes/puppet_server_puppetserver_spec.rb b/spec/classes/puppet_server_puppetserver_spec.rb index 9054d3ed..df11310c 100644 --- a/spec/classes/puppet_server_puppetserver_spec.rb +++ b/spec/classes/puppet_server_puppetserver_spec.rb @@ -107,12 +107,23 @@ it { should contain_file('/etc/custom/puppetserver/conf.d/ca.conf') } it { should contain_file('/etc/custom/puppetserver/conf.d/puppetserver.conf') } - it { should contain_file('/etc/custom/puppetserver/conf.d/webserver.conf'). - with_content(/ssl-host:\s0\.0\.0\.0/). - with_content(/ssl-port:\s8140/). - without_content(/ host:\s/). - without_content(/ port:\s8139/). - with({}) + it { should contain_hocon_setting('webserver.ssl-host'). + with_path('/etc/custom/puppetserver/conf.d/webserver.conf'). + with_setting('webserver.ssl-host'). + with_value('0.0.0.0'). + with_ensure('present') + } + it { should contain_hocon_setting('webserver.ssl-port'). + with_path('/etc/custom/puppetserver/conf.d/webserver.conf'). + with_setting('webserver.ssl-port'). + with_value('8140'). + with_ensure('present') + } + it { should contain_hocon_setting('webserver.host'). + with_ensure('absent') + } + it { should contain_hocon_setting('webserver.port'). + with_ensure('absent') } it { should contain_file('/etc/custom/puppetserver/conf.d/auth.conf'). with_content(/allow-header-cert-info: false/). @@ -484,11 +495,12 @@ with_ensure('file') } it { - should contain_hocon_setting('server_check_for_updates'). + should contain_hocon_setting('product.check-for-updates'). with_path('/etc/custom/puppetserver/conf.d/product.conf'). with_setting('product.check-for-updates'). - with_value(false) - } + with_value(false). + with_ensure('present') + } end context 'when server_puppetserver_version < 2.7' do @@ -503,7 +515,7 @@ with_ensure('absent') } it { - should_not contain_hocon_setting('server_check_for_updates') + should_not contain_hocon_setting('product.check-for-updates') } end end diff --git a/templates/server/puppetserver/conf.d/webserver.conf.erb b/templates/server/puppetserver/conf.d/webserver.conf.erb deleted file mode 100644 index f8c20c6b..00000000 --- a/templates/server/puppetserver/conf.d/webserver.conf.erb +++ /dev/null @@ -1,20 +0,0 @@ -webserver: { - access-log-config: <%= @server_puppetserver_dir %>/request-logging.xml - client-auth: want -<%- if @server_http -%> - host: <%= @server_ip %> - port: <%= @server_http_port %> -<%- end -%> - ssl-host: <%= @server_ip %> - ssl-port: <%= @server_port %> - ssl-cert: <%= @server_ssl_cert %> - ssl-key: <%= @server_ssl_cert_key %> - ssl-ca-cert: <%= @server_ssl_ca_cert %> -<%- if @server_crl_enable -%> - ssl-crl-path: <%= @server_ssl_ca_crl %> -<%- end -%> -<%- if @server_ca -%> - ssl-cert-chain: <%= @server_ssl_chain %> -<%- end -%> - idle-timeout-milliseconds: <%= @server_web_idle_timeout %> -}