diff --git a/.fixtures.yml b/.fixtures.yml index 09e8d01..10326c0 100644 --- a/.fixtures.yml +++ b/.fixtures.yml @@ -10,6 +10,7 @@ fixtures: repo: puppetlabs/inifile firewall: repo: puppetlabs/firewall + ref: '6.0.0' yumrepo_core: repo: puppetlabs/yumrepo_core python: diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index b56205f..fbed3d7 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -16,22 +16,21 @@ jobs: fail-fast: false matrix: include: - - ruby: 2.5.9 - puppet: 6 + - ruby: 2.7.7 + puppet: 7 fixtures: .fixtures.yml allow_failure: false - - ruby: 2.7.6 - puppet: 7 + - ruby: 3.2.2 + puppet: 8 fixtures: .fixtures.yml allow_failure: false env: BUNDLE_WITHOUT: system_tests:release PUPPET_GEM_VERSION: "~> ${{ matrix.puppet }}.0" - FACTER_GEM_VERSION: "< 4.0" FIXTURES_YML: ${{ matrix.fixtures }} name: Puppet ${{ matrix.puppet }} (Ruby ${{ matrix.ruby }}) steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 - name: Setup ruby uses: ruby/setup-ruby@v1 with: @@ -51,12 +50,12 @@ jobs: set: - "el7" - "el8" - - "debian-10" - - "ubuntu-1804" + - "debian-11" - "ubuntu-2004" + - "ubuntu-2204" puppet: - - "puppet6" - "puppet7" + - "puppet8" env: BUNDLE_WITHOUT: development:release BEAKER_debug: true @@ -66,7 +65,15 @@ jobs: run: | echo '{"ipv6":true,"fixed-cidr-v6":"2001:db8:1::/64"}' | sudo tee /etc/docker/daemon.json sudo service docker restart - - uses: actions/checkout@v2 + # https://github.com/actions/virtual-environments/issues/181#issuecomment-610874237 + - name: apparmor + run: | + set -x + sudo apt-get remove mysql-server --purge + sudo apt-get update + sudo apt-get install apparmor-profiles + sudo apparmor_parser -R /etc/apparmor.d/usr.sbin.mysqld + - uses: actions/checkout@v3 - name: Setup ruby uses: ruby/setup-ruby@v1 with: diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 495a715..f55e6af 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -14,7 +14,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@v2 + uses: actions/checkout@v3 - name: Setup Ruby uses: ruby/setup-ruby@v1 with: diff --git a/.sync.yml b/.sync.yml index bb5cb73..c348f4e 100644 --- a/.sync.yml +++ b/.sync.yml @@ -5,12 +5,12 @@ - el7 - el8 - ---el9 - - debian-10 - - ubuntu-1804 + - debian-11 - ubuntu-2004 + - ubuntu-2204 puppet: - - puppet6 - puppet7 + - puppet8 .rubocop.yml: profiles: strict: @@ -27,9 +27,3 @@ spec/acceptance/nodesets/el7.yml: extra_commands: - 'echo "LC_ALL=en_US.UTF-8" >> /etc/environment' - 'echo "LANG=en_US.UTF-8" > /etc/locale.conf' -spec/acceptance/nodesets/el9.yml: - delete: true -spec/acceptance/nodesets/debian-11.yml: - delete: true -spec/acceptance/nodesets/ubuntu-2204.yml: - delete: true diff --git a/Gemfile b/Gemfile index 4bc7150..60f2000 100644 --- a/Gemfile +++ b/Gemfile @@ -17,7 +17,7 @@ ruby_version_segments = Gem::Version.new(RUBY_VERSION.dup).segments minor_version = ruby_version_segments[0..1].join('.') group :development do - gem "voxpupuli-test", '5.4.1', require: false + gem "voxpupuli-test", '7.0.0', require: false gem "faraday", '~> 1.0', require: false gem "github_changelog_generator", require: false gem "puppet-blacksmith", require: false diff --git a/README.md b/README.md index b8afef7..337b8cc 100644 --- a/README.md +++ b/README.md @@ -9,24 +9,14 @@ This module manages Globus Connect Server. ### Supported Versions of Globus -Currently this module supports Globus 4.x and 5.4. +Currently this module supports Globus 5.4. | Globus Version | Globus Puppet module versions | | -------------- | ----------------------------- | | 4.x | 3.x | | 4.x & 5.3 | 4.x | -| 4.x & 5.4 | 5.x-7.x | - - -### Upgrading to module version 5.x - -Going from a version of this module prior to 5.0.0 to 5.x and using Globus v5 requires manual upgrade be performed. - -See [Globus v5.4 Migration Guide](https://docs.globus.org/globus-connect-server/v5.4/migration-guide/) for details. - -For sites using Globus v4 it's necessary to set `globus::version` to `4` in order to continue using Globus v4 as the default version was changed. - -For sites using Globus v5.3 and upgrading this module 5.x, it's expected you are also upgrading to Globus v5.4. The parameters completely changed for Globus v5 support so see the examples below for changes needed and required parameters. +| 4.x & 5.4 | 5.x-9.x | +| 5.4 | 10.x | ## Usage @@ -46,110 +36,6 @@ class { 'globus': } ``` -### Globus v4 - -Install and configure a Globus IO endpoint that uses OAuth. This example assumes host cert/key will not be provided by Globus. - -```puppet -class { 'globus': - include_id_server => false, - globus_user => 'myusername', - globus_password => 'password', - endpoint_name => 'myorg', - endpoint_public => true, - myproxy_server => 'myproxy.example.com:7512', - oauth_server => 'myproxy.example.com', - security_identity_method => 'OAuth', - security_fetch_credentials_from_relay => false, - security_certificate_file => '/etc/grid-security/hostcert.pem', - security_key_file => '/etc/grid-security/hostkey.pem', - gridftp_server => $::fqdn, - gridftp_restrict_paths => ['RW~','N~/.*','RW/project'], - # Example of extra settings - extra_gridftp_settings => [ - 'log_level ALL', - 'log_single /var/log/gridftp-auth.log', - 'log_transfer /var/log/gridftp-transfer.log', - ], -} -``` - -This is an example of setting up a system that acts as both MyProxy and OAuth host. This example assumes the host cert/key are not provided by Globus. - -```puppet - class { 'globus': - include_io_server => false, - include_id_server => true, - include_oauth_server => true, - globus_user => 'myusername', - globus_password => 'password', - endpoint_name => 'myorg', - endpoint_public => true, - myproxy_server => 'myproxy.example.com:7512', - oauth_server => 'myproxy.example.com', - security_identity_method => 'OAuth', - security_fetch_credentials_from_relay => false, - security_certificate_file => '/etc/grid-security/hostcert.pem', - security_key_file => '/etc/grid-security/hostkey.pem', - } -``` - -Below is an example of setting up the IO server to use CILogon. - -```puppet - class { 'globus': - include_id_server => false, - globus_user => 'myusername', - globus_password => 'password', - endpoint_name => 'myorg', - endpoint_public => true, - myproxy_server => 'myproxy.example.com:7512', - oauth_server => 'myproxy.example.com', - security_identity_method => 'CILogon', - security_cilogon_identity_provider => 'My Org', - security_fetch_credentials_from_relay => false, - security_certificate_file => '/etc/grid-security/hostcert.pem', - security_key_file => '/etc/grid-security/hostkey.pem', - gridftp_server => $::fqdn, - gridftp_restrict_paths => ['RW~','N~/.*','RW/project'], - # Example of extra settings - extra_gridftp_settings => [ - 'log_level ALL', - 'log_single /var/log/gridftp-auth.log', - 'log_transfer /var/log/gridftp-transfer.log', - ], - } -``` - -Below is an example of what would be required to setup Globus GridFTP to also work with OSG GridFTP. This example has not been verified since OSG 3.3. OSG module referenced: https://github.com/treydock/puppet-osg - -```puppet - include ::osg - include ::osg::gridftp - class { '::globus': - manage_service => false, - include_id_server => false, - remove_cilogon_cron => true, - extra_gridftp_settings => [ - 'log_level ALL' - 'log_single /var/log/gridftp-auth.log' - 'log_transfer /var/log/gridftp.log' - '$LLGT_LOG_IDENT "gridftp-server-llgt"' - '$LCMAPS_DB_FILE "/etc/lcmaps.db"' - '$LCMAPS_POLICY_NAME "authorize_only"' - '$LLGT_LIFT_PRIVILEGED_PROTECTION "1"' - '$LCMAPS_DEBUG_LEVEL "2"' - '$FTPNOSORT 1' - ], - first_gridftp_callback => '|globus_mapping liblcas_lcmaps_gt4_mapping.so lcmaps_callout', - } - - # Add globus repo before installing OSG GridFTP - Yumrepo['Globus-Toolkit'] -> Package['osg-gridftp'] - # Apply OSG GridFTP before Globus - Package['osg-gridftp'] -> Class['::globus::install'] -``` - ### Globus CLI To install the Globus CLI to `/opt/globus-cli` and create symlink for executable at `/usr/bin/globus`: @@ -200,12 +86,7 @@ The `globus_info` fact exposes the information stored in `/var/lib/globus-connec Tested using * RedHat/CentOS 7 -* RedHat/Rocky 8 -* Debian 9 -* Debian 10 -* Ubuntu 18.04 -* Ubuntu 20.04 - -## Limitations +* RedHat/Rocky 8 & 9 +* Debian 11 +* Ubuntu 20.04 & 22.04 -At this time `globus::cli`, `globus::timer` and `globus::sdk` are not supported on Debian 9 due to older system Python diff --git a/data/common.yaml b/data/common.yaml index 1094a91..325df86 100644 --- a/data/common.yaml +++ b/data/common.yaml @@ -1,5 +1,4 @@ --- -globus::toolkit_repo_baseurl: "https://downloads.globus.org/toolkit/gt6/stable/rpm/%{lookup('globus::url_os')}/%{facts.os.release.major}/$basearch/" globus::gcs_repo_baseurl: "https://downloads.globus.org/globus-connect-server/stable/rpm/%{lookup('globus::url_os')}/%{facts.os.release.major}/$basearch/" globus::release_url: 'https://downloads.globus.org/toolkit/globus-connect-server/globus-connect-server-repo-latest.noarch.rpm' globus::python::version: '3' diff --git a/data/os/Debian.yaml b/data/os/Debian.yaml index eb9e65f..bdd8884 100644 --- a/data/os/Debian.yaml +++ b/data/os/Debian.yaml @@ -1,7 +1,5 @@ --- globus::release_url: http://downloads.globus.org/toolkit/gt6/stable/installers/repo/deb/globus-toolkit-repo_latest_all.deb -globus::toolkit_repo_baseurl: https://downloads.globus.org/toolkit/gt6/stable/deb -globus::toolkit_repo_testing_baseurl: https://downloads.globus.org/toolkit/gt6/testing/deb globus::gcs_repo_baseurl: https://downloads.globus.org/globus-connect-server/stable/deb globus::gcs_repo_testing_baseurl: https://downloads.globus.org/globus-connect-server/testing/deb globus::python::venv_ensure: present diff --git a/data/os/RedHat.yaml b/data/os/RedHat.yaml index f3f56c2..1a58ea0 100644 --- a/data/os/RedHat.yaml +++ b/data/os/RedHat.yaml @@ -1,6 +1,4 @@ --- globus::url_os: el -globus::repo_dependencies: - - yum-plugin-priorities globus::python::pip_provider: pip3 globus::python::venv_python_version: '3.6' diff --git a/data/os/RedHat/9.yaml b/data/os/RedHat/9.yaml new file mode 100644 index 0000000..dc45ffc --- /dev/null +++ b/data/os/RedHat/9.yaml @@ -0,0 +1,4 @@ +--- +globus::url_os: el +globus::python::pip_provider: pip3 +globus::python::venv_python_version: '3.9' diff --git a/lib/puppet/provider/globus_connect_config/ini_setting.rb b/lib/puppet/provider/globus_connect_config/ini_setting.rb deleted file mode 100644 index c480821..0000000 --- a/lib/puppet/provider/globus_connect_config/ini_setting.rb +++ /dev/null @@ -1,24 +0,0 @@ -# frozen_string_literal: true - -Puppet::Type.type(:globus_connect_config).provide( - :ini_setting, - parent: Puppet::Type.type(:ini_setting).provider(:ruby), -) do - desc 'Provider globus_connect_config using ini_setting' - - def section - resource[:name].split('/', 2)[0] - end - - def setting - resource[:name].split('/', 2)[1] - end - - def separator - ' = ' - end - - def self.file_path - '/etc/globus-connect-server.conf' - end -end diff --git a/lib/puppet/type/globus_connect_config.rb b/lib/puppet/type/globus_connect_config.rb deleted file mode 100644 index 859e5bf..0000000 --- a/lib/puppet/type/globus_connect_config.rb +++ /dev/null @@ -1,62 +0,0 @@ -# frozen_string_literal: true - -Puppet::Type.newtype(:globus_connect_config) do - ensurable - - newparam(:name, namevar: true) do - desc 'Section/setting name to manage from /etc/globus-connect-server.conf' - # namevar should be of the form section/setting - validate do |value| - unless value =~ %r{\S+/\S+} - raise(Puppet::Error, "Invalid globus_connect_config #{value}, entries should be in the form of section/setting.") - end - end - end - - newproperty(:value) do - desc 'The value of the setting to be defined.' - munge do |value| - value = value.to_s.strip - value.capitalize! if value =~ %r{^(true|false)$}i - value - end - - newvalues(%r{^[\S ]*$}) - - def is_to_s(currentvalue) # rubocop:disable Style/PredicateName - if resource.secret? - '[old secret redacted]' - else - currentvalue - end - end - - def should_to_s(newvalue) - if resource.secret? - '[new secret redacted]' - else - newvalue - end - end - end - - newparam(:secret, boolean: true) do - desc 'Whether to hide the value from Puppet logs. Defaults to `false`.' - - newvalues(:true, :false) - - defaultto false - end - - validate do - if self[:ensure] == :present && self[:value].nil? - raise Puppet::Error, "Property value must be set for #{self[:name]} when ensure is present" - end - end - - autorequire(:file) do - [ - '/etc/globus-connect-server.conf' - ] - end -end diff --git a/manifests/config.pp b/manifests/config.pp index 63e9108..7b06fa9 100644 --- a/manifests/config.pp +++ b/manifests/config.pp @@ -1,172 +1,63 @@ # @summary Manage globus configs # @api private class globus::config { - if $globus::run_setup_commands { - $_globus_connect_config_notify = Exec['globus-connect-server-setup'] - $_resources_require_setup = Exec['globus-connect-server-setup'] - - exec { 'globus-connect-server-setup': - path => '/usr/bin:/bin:/usr/sbin:/sbin', - command => $globus::_setup_command, - refreshonly => true, - } - } else { - $_globus_connect_config_notify = undef - $_resources_require_setup = undef + $endpoint_setup_args = globus::endpoint_setup_args({ + display_name => $globus::display_name, + client_id => $globus::client_id, + client_secret => $globus::client_secret, + owner => $globus::owner, + deployment_key => $globus::deployment_key, + organization => $globus::organization, + keywords => $globus::keywords, + department => $globus::department, + contact_email => $globus::contact_email, + contact_info => $globus::contact_info, + info_link => $globus::info_link, + description => $globus::description, + public => $globus::public, + }) + $endpoint_setup = "globus-connect-server endpoint setup ${endpoint_setup_args}" + file { '/root/globus-endpoint-setup': + ensure => 'file', + owner => 'root', + group => 'root', + mode => '0700', + show_diff => false, + content => "export GLOBUS_CLIENT_SECRET=${globus::client_secret}\n${endpoint_setup}\n", } - - if String($globus::version) == '4' { - file { '/etc/globus-connect-server.conf': - ensure => 'file', - owner => 'root', - group => 'root', - mode => '0600', - } - - resources { 'globus_connect_config': purge => true } - - Globus_connect_config { - notify => $_globus_connect_config_notify, - } - - # Globus Configs - globus_connect_config { 'Globus/User': value => $globus::globus_user } - globus_connect_config { 'Globus/Password': value => $globus::globus_password, secret => true } - - # Endpoint Configs - globus_connect_config { 'Endpoint/Name': value => $globus::endpoint_name } - globus_connect_config { 'Endpoint/Public': value => $globus::endpoint_public } - globus_connect_config { 'Endpoint/DefaultDirectory': value => $globus::endpoint_default_directory } - - # Security Configs - globus_connect_config { 'Security/FetchCredentialFromRelay': value => $globus::security_fetch_credentials_from_relay } - globus_connect_config { 'Security/CertificateFile': value => $globus::security_certificate_file } - globus_connect_config { 'Security/KeyFile': value => $globus::security_key_file } - globus_connect_config { 'Security/TrustedCertificateDirectory': value => $globus::security_trusted_certificate_directory } - globus_connect_config { 'Security/IdentityMethod': value => $globus::security_identity_method } - if $globus::security_authorization_method { - globus_connect_config { 'Security/AuthorizationMethod': value => $globus::security_authorization_method } - } - if $globus::security_gridmap { - globus_connect_config { 'Security/Gridmap': value => $globus::security_gridmap } - } - if $globus::security_cilogon_identity_provider { - globus_connect_config { 'Security/CILogonIdentityProvider': value => $globus::security_cilogon_identity_provider } - } - - # GridFTP Configs - if $globus::include_io_server and $globus::_gridftp_server { - globus_connect_config { 'GridFTP/Server': value => $globus::_gridftp_server } - globus_connect_config { 'GridFTP/ServerBehindNAT': value => $globus::gridftp_server_behind_nat } - globus_connect_config { 'GridFTP/IncomingPortRange': value => join($globus::gridftp_incoming_port_range, ',') } - if $globus::gridftp_outgoing_port_range { - globus_connect_config { 'GridFTP/OutgoingPortRange': value => join($globus::gridftp_outgoing_port_range, ',') } - } - if $globus::gridftp_data_interface { - globus_connect_config { 'GridFTP/DataInterface': value => $globus::gridftp_data_interface } - } - globus_connect_config { 'GridFTP/RestrictPaths': value => join($globus::gridftp_restrict_paths, ',') } - globus_connect_config { 'GridFTP/Sharing': value => $globus::gridftp_sharing } - if $globus::gridftp_sharing_restrict_paths { - globus_connect_config { 'GridFTP/SharingRestrictPaths': value => join($globus::gridftp_sharing_restrict_paths, ',') } - } - globus_connect_config { 'GridFTP/SharingStateDir': value => $globus::gridftp_sharing_state_dir } - if $globus::gridftp_sharing_users_allow { - globus_connect_config { 'GridFTP/SharingUsersAllow': value => join($globus::gridftp_sharing_users_allow, ',') } - } - if $globus::gridftp_sharing_groups_allow { - globus_connect_config { 'GridFTP/SharingGroupsAllow': value => join($globus::gridftp_sharing_groups_allow, ',') } - } - if $globus::gridftp_sharing_users_deny { - globus_connect_config { 'GridFTP/SharingUsersDeny': value => join($globus::gridftp_sharing_users_deny, ',') } - } - if $globus::gridftp_sharing_groups_deny { - globus_connect_config { 'GridFTP/SharingGroupsDeny': value => join($globus::gridftp_sharing_groups_deny, ',') } - } - } - - # MyProxy Configs - if $globus::_myproxy_server { - globus_connect_config { 'MyProxy/Server': value => $globus::_myproxy_server } - globus_connect_config { 'MyProxy/ServerBehindNAT': value => $globus::myproxy_server_behind_nat } - globus_connect_config { 'MyProxy/CADirectory': value => $globus::myproxy_ca_directory } - globus_connect_config { 'MyProxy/ConfigFile': value => $globus::myproxy_config_file } - if $globus::myproxy_ca_subject_dn { - globus_connect_config { 'MyProxy/CaSubjectDN': value => $globus::myproxy_ca_subject_dn } - } - } - - # OAuth Configs - if $globus::_oauth_server { - globus_connect_config { 'OAuth/Server': value => $globus::_oauth_server } - globus_connect_config { 'OAuth/ServerBehindNAT': value => $globus::oauth_server_behind_firewall } - if $globus::oauth_stylesheet { - globus_connect_config { 'OAuth/Stylesheet': value => $globus::oauth_stylesheet } - } - if $globus::oauth_logo { - globus_connect_config { 'OAuth/Logo': value => $globus::oauth_logo } - } - } + $node_setup_args = globus::node_setup_args({ + client_id => $globus::client_id, + deployment_key => $globus::deployment_key, + incoming_port_range => $globus::incoming_port_range, + outgoing_port_range => $globus::outgoing_port_range, + ip_address => $globus::_ip_address, + export_node => $globus::export_node, + import_node => $globus::import_node, + }) + $node_setup = "globus-connect-server node setup ${node_setup_args}" + file { '/root/globus-node-setup': + ensure => 'file', + owner => 'root', + group => 'root', + mode => '0700', + show_diff => false, + content => "export GLOBUS_CLIENT_SECRET=${globus::client_secret}\n${node_setup}\n", } - if String($globus::version) == '5' { - $endpoint_setup_args = globus::endpoint_setup_args({ - display_name => $globus::display_name, - client_id => $globus::client_id, - client_secret => $globus::client_secret, - owner => $globus::owner, - deployment_key => $globus::deployment_key, - organization => $globus::organization, - keywords => $globus::keywords, - department => $globus::department, - contact_email => $globus::contact_email, - contact_info => $globus::contact_info, - info_link => $globus::info_link, - description => $globus::description, - public => $globus::public, - }) - $endpoint_setup = "globus-connect-server endpoint setup ${endpoint_setup_args}" - file { '/root/globus-endpoint-setup': - ensure => 'file', - owner => 'root', - group => 'root', - mode => '0700', - show_diff => false, - content => "export GLOBUS_CLIENT_SECRET=${globus::client_secret}\n${endpoint_setup}\n", - } - $node_setup_args = globus::node_setup_args({ - client_id => $globus::client_id, - deployment_key => $globus::deployment_key, - incoming_port_range => $globus::incoming_port_range, - outgoing_port_range => $globus::outgoing_port_range, - ip_address => $globus::_ip_address, - export_node => $globus::export_node, - import_node => $globus::import_node, - }) - $node_setup = "globus-connect-server node setup ${node_setup_args}" - file { '/root/globus-node-setup': - ensure => 'file', - owner => 'root', - group => 'root', - mode => '0700', - show_diff => false, - content => "export GLOBUS_CLIENT_SECRET=${globus::client_secret}\n${node_setup}\n", + if $globus::run_setup_commands { + exec { 'globus-endpoint-setup': + path => '/usr/bin:/bin:/usr/sbin:/sbin', + command => $endpoint_setup, + environment => ["GLOBUS_CLIENT_SECRET=${globus::client_secret}"], + creates => $globus::deployment_key, + logoutput => true, } - if $globus::run_setup_commands { - exec { 'globus-endpoint-setup': - path => '/usr/bin:/bin:/usr/sbin:/sbin', - command => $endpoint_setup, - environment => ["GLOBUS_CLIENT_SECRET=${globus::client_secret}"], - creates => $globus::deployment_key, - logoutput => true, - } - exec { 'globus-node-setup': - path => '/usr/bin:/bin:/usr/sbin:/sbin', - command => $node_setup, - environment => ["GLOBUS_CLIENT_SECRET=${globus::client_secret}"], - unless => 'test -s /var/lib/globus-connect-server/info.json', - logoutput => true, - require => Exec['globus-endpoint-setup'], - } + exec { 'globus-node-setup': + path => '/usr/bin:/bin:/usr/sbin:/sbin', + command => $node_setup, + environment => ["GLOBUS_CLIENT_SECRET=${globus::client_secret}"], + unless => 'test -s /var/lib/globus-connect-server/info.json', + logoutput => true, + require => Exec['globus-endpoint-setup'], } } @@ -181,61 +72,17 @@ } } - if String($globus::version) == '4' and $globus::first_gridftp_callback { - $_first_gridftp_callback_match = regsubst($globus::first_gridftp_callback, '\|', '\\|', 'G') - exec { 'add-gridftp-callback': - path => '/usr/bin:/bin:/usr/sbin:/sbin', - command => "sed -i '1s/^/${globus::first_gridftp_callback}\\n/' /var/lib/globus-connect-server/gsi-authz.conf", - unless => "head -n 1 /var/lib/globus-connect-server/gsi-authz.conf | egrep -q '^${_first_gridftp_callback_match}$'", - onlyif => 'test -f /var/lib/globus-connect-server/gsi-authz.conf', - require => $_resources_require_setup, - notify => Service['globus-gridftp-server'], - } - } - if $globus::manage_firewall { - if String($globus::version) == '4' and $globus::include_io_server { - firewall { '500 allow GridFTP control channel': - action => 'accept', - dport => $globus::gridftp_server_port, - proto => 'tcp', - } - } - - if String($globus::version) == '5' { - firewall { '500 allow HTTPS': - action => 'accept', - dport => '443', - proto => 'tcp', - } - } - - if String($globus::version) == '5' or $globus::include_io_server { - firewall { '500 allow GridFTP data channels': - action => 'accept', - dport => join($globus::gridftp_incoming_port_range, '-'), - proto => 'tcp', - } - } - - if String($globus::version) == '4' and $globus::include_id_server { - $globus::myproxy_firewall_sources.each |$source| { - firewall { "500 allow MyProxy from ${source}": - action => 'accept', - dport => $globus::myproxy_server_port, - proto => 'tcp', - source => $source, - provider => 'iptables', - } - } + firewall { '500 allow HTTPS': + action => 'accept', + dport => '443', + proto => 'tcp', } - if String($globus::version) == '4' and $globus::include_oauth_server { - firewall { '500 allow OAuth HTTPS': - action => 'accept', - dport => '443', - proto => 'tcp', - } + firewall { '500 allow GridFTP data channels': + action => 'accept', + dport => join($globus::incoming_port_range, '-'), + proto => 'tcp', } } } diff --git a/manifests/init.pp b/manifests/init.pp index fca465e..c817cb9 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -8,269 +8,95 @@ # owner => 'REPLACE-user@example.com', # } # -# @param version -# Major version of Globus to install. Only needed to install Globus v4 -# @param include_io_server -# Setup Globus v4 IO server -# Globus v4 only -# @param include_id_server -# Setup Globus v4 ID server -# Globus v4 only -# @param include_oauth_server -# Setup Globus v4 OAuth server -# Globus v4 only # @param release_url # Release URL of Globus release RPM -# Globus v4 & v5 -# @param toolkit_repo_baseurl -# Globus Toolkit RPM repo baseurl -# Globus v4 & v5 -# @param toolkit_repo_testing_baseurl -# Globus Toolkit testing RPM repo baseurl -# Globus v4 & v5 # @param gcs_repo_baseurl # Globus Connect Server repo baseurl -# Globus v4 & v5 # @param gcs_repo_testing_baseurl -# Globus v5 testing repo baseurl -# Globus v4 & v5 +# Globus testing repo baseurl # @param enable_testing_repos # Boolean that sets if testing repos should be added # @param extra_gridftp_settings # Additional settings for GridFTP -# Globus v4 & v5 -# @param first_gridftp_callback -# Used when running GridFTP from Globus with OSG, see README. -# Globus v4 only # @param manage_service # Boolean to set if globus-gridftp-server service is managed -# Globus v4 & v5 # @param run_setup_commands # Boolean to set if the commands to setup Globus are run (v4 and v5) -# Globus v4 & v5 # @param manage_firewall # Boolean to set if firewall rules are managed by this module -# Globus v4 & v5 # @param manage_epel # Boolean to set if EPEL is managed by this repo -# Globus v4 & v5 -# @param repo_dependencies -# Additional repo dependencies -# Globus v4 only # @param manage_user # Boolean to set if the gcsweb user and group are managed by this module -# Globus v5 only # @param group_gid # The gcsweb group GID -# Globus v5 only # @param user_uid # The gcsweb user UID -# Globus v5 only # @param package_name -# Globus v5 package name +# Globus package name # @param display_name # Display name to use when running 'globus-connect-server endpoint setup' -# Globus v5 only # @param client_id # --client-id use when running 'globus-connect-server endpoint setup' -# Globus v5 only # @param client_secret # --client-secret use when running 'globus-connect-server endpoint setup' -# Globus v5 only # @param owner # --owner use when running 'globus-connect-server endpoint setup' -# Globus v5 only # @param organization # --organization use when running 'globus-connect-server endpoint setup' -# Globus v5 only # @param deployment_key # --deployment-key use when running 'globus-connect-server endpoint setup' # The parent directory of this path must be writable by gcsweb user -# Globus v5 only # @param keywords # --keywords use when running 'globus-connect-server endpoint setup' -# Globus v5 only # @param department # --department use when running 'globus-connect-server endpoint setup' -# Globus v5 only # @param contact_email # --contact-email use when running 'globus-connect-server endpoint setup' -# Globus v5 only # @param contact_info # --contact-info use when running 'globus-connect-server endpoint setup' -# Globus v5 only # @param info_link # --info-link use when running 'globus-connect-server endpoint setup' -# Globus v5 only # @param description # --description use when running 'globus-connect-server endpoint setup' -# Globus v5 only # @param public # When false pass --private flag to 'globus-connect-server endpoint setup' -# Globus v5 only # @param incoming_port_range # --incoming-port-range use when running 'globus-connect-server node setup' -# Globus v5 only # @param outgoing_port_range # --outgoing-port-range use when running 'globus-connect-server node setup' -# Globus v5 only # @param ip_address # --ip-address use when running 'globus-connect-server node setup' -# Globus v5 only # @param export_node # --export-node use when running 'globus-connect-server node setup' -# Globus v5 only # @param import_node # --import-node use when running 'globus-connect-server node setup' -# Globus v5 only -# @param globus_user -# See globus-connect-server.conf Globus/User -# Globus v4 only -# @param globus_password -# See globus-connect-server.conf Globus/Password -# Globus v4 only -# @param endpoint_name -# See globus-connect-server.conf Endpoint/Name -# Globus v4 only -# @param endpoint_public -# See globus-connect-server.conf Endpoint/Public -# Globus v4 only -# @param endpoint_default_directory -# See globus-connect-server.conf Endpoint/DefaultDirectory -# Globus v4 only -# @param security_fetch_credentials_from_relay -# See globus-connect-server.conf Security/FetchCredentialFromRelay -# Globus v4 only -# @param security_certificate_file -# See globus-connect-server.conf Security/CertificateFile -# Globus v4 only -# @param security_key_file -# See globus-connect-server.conf Security/KeyFile -# Globus v4 only -# @param security_trusted_certificate_directory -# See globus-connect-server.conf Security/TrustedCertificateDirectory -# Globus v4 only -# @param security_identity_method -# See globus-connect-server.conf Security/IdentityMethod -# Globus v4 only -# @param security_authorization_method -# See globus-connect-server.conf Security/AuthorizationMethod -# Globus v4 only -# @param security_gridmap -# See globus-connect-server.conf Security/Gridmap -# Globus v4 only -# @param security_cilogon_identity_provider -# See globus-connect-server.conf Security/IdentityProvider -# Globus v4 only -# @param gridftp_server -# See globus-connect-server.conf GridFTP/Server -# Globus v4 only -# @param gridftp_server_port -# See globus-connect-server.conf GridFTP/ServerPort -# Globus v4 -# @param gridftp_server_behind_nat -# See globus-connect-server.conf GridFTP/ServerBehindNat -# Globus v4 only -# @param gridftp_incoming_port_range -# See globus-connect-server.conf GridFTP/IncomingPortRange -# Globus v4 only -# @param gridftp_outgoing_port_range -# See globus-connect-server.conf GridFTP/OutgoingPortRange -# Globus v4 only -# @param gridftp_data_interface -# See globus-connect-server.conf GridFTP/DataInterface -# Globus v4 only -# @param gridftp_restrict_paths -# See globus-connect-server.conf GridFTP/RestrictPaths -# Globus v4 only -# @param gridftp_sharing -# See globus-connect-server.conf GridFTP/Sharing -# Globus v4 only -# @param gridftp_sharing_restrict_paths -# See globus-connect-server.conf GridFTP/SharingRestrictPaths -# Globus v4 only -# @param gridftp_sharing_state_dir -# See globus-connect-server.conf GridFTP/SharingStateDir -# Globus v4 only -# @param gridftp_sharing_users_allow -# See globus-connect-server.conf GridFTP/UsersAllow -# Globus v4 only -# @param gridftp_sharing_groups_allow -# See globus-connect-server.conf GridFTP/GroupsAllow -# Globus v4 only -# @param gridftp_sharing_users_deny -# See globus-connect-server.conf GridFTP/UsersDeny -# Globus v4 only -# @param gridftp_sharing_groups_deny -# See globus-connect-server.conf GridFTP/GroupsDeny -# Globus v4 only -# @param myproxy_server -# See globus-connect-server.conf MyProxy/Server -# Globus v4 only -# @param myproxy_server_port -# See globus-connect-server.conf MyProxy/ServerPort -# Globus v4 only -# @param myproxy_server_behind_nat -# See globus-connect-server.conf MyProxy/ServerBehindNAT -# Globus v4 only -# @param myproxy_ca_directory -# See globus-connect-server.conf MyProxy/CADirectory -# Globus v4 only -# @param myproxy_config_file -# See globus-connect-server.conf MyProxy/ConfigFile -# Globus v4 only -# @param myproxy_ca_subject_dn -# See globus-connect-server.conf MyProxy/CaSubjectDN -# Globus v4 only -# @param myproxy_firewall_sources -# Sources to open in firewall for MyProxy -# Globus v4 only -# @param oauth_server -# See globus-connect-server.conf OAuth/Server -# Globus v4 only -# @param oauth_server_behind_firewall -# See globus-connect-server.conf OAuth/ServerBehindFirewall -# Globus v4 only -# @param oauth_stylesheet -# See globus-connect-server.conf OAuth/Stylesheet -# Globus v4 only -# @param oauth_logo -# See globus-connect-server.conf OAuth/Logo -# Globus v4 only # class globus ( - Variant[Enum['4','5'],Integer[4,5]] $version = '5', + # Required + String[1] $display_name, + String[1] $client_id, + String[1] $client_secret, + String[1] $owner, + String[1] $organization, - Boolean $include_io_server = true, - Boolean $include_id_server = true, - Boolean $include_oauth_server = false, Variant[Stdlib::Httpsurl, Stdlib::Httpurl] $release_url = 'https://downloads.globus.org/toolkit/globus-connect-server/globus-connect-server-repo-latest.noarch.rpm', - Variant[Stdlib::Httpsurl, Stdlib::Httpurl] $toolkit_repo_baseurl = "https://downloads.globus.org/toolkit/gt6/stable/rpm/el/${facts['os']['release']['major']}/\$basearch/", - Variant[Stdlib::Httpsurl, Stdlib::Httpurl] $toolkit_repo_testing_baseurl = "https://downloads.globus.org/toolkit/gt6/testing/rpm/el/${facts['os']['release']['major']}/\$basearch/", Variant[Stdlib::Httpsurl, Stdlib::Httpurl] $gcs_repo_baseurl = "https://downloads.globus.org/globus-connect-server/stable/rpm/el/${facts['os']['release']['major']}/\$basearch/", Variant[Stdlib::Httpsurl, Stdlib::Httpurl] $gcs_repo_testing_baseurl = "https://downloads.globus.org/globus-connect-server/testing/rpm/el/${facts['os']['release']['major']}/\$basearch/", Boolean $enable_testing_repos = false, Array $extra_gridftp_settings = [], - Optional[String] $first_gridftp_callback = undef, Boolean $manage_service = true, Boolean $run_setup_commands = true, Boolean $manage_firewall = true, Boolean $manage_epel = true, - Array $repo_dependencies = ['yum-plugin-priorities'], Boolean $manage_user = true, Optional[Integer] $group_gid = undef, Optional[Integer] $user_uid = undef, String $package_name = 'globus-connect-server54', - - # Required - v5 - Optional[String] $display_name = undef, - Optional[String] $client_id = undef, - Optional[String] $client_secret = undef, - Optional[String] $owner = undef, - Optional[String] $organization = undef, Stdlib::Absolutepath $deployment_key = '/var/lib/globus-connect-server/gcs-manager/deployment-key.json', - # endpoint setup - v5 + + # endpoint setup Optional[Array] $keywords = undef, Optional[String] $department = undef, Optional[String] $contact_email = undef, @@ -278,126 +104,21 @@ Optional[String] $info_link = undef, Optional[String] $description = undef, Boolean $public = true, - # node setup - v5 + # node setup Array[Stdlib::Port, 2, 2] $incoming_port_range = [50000, 51000], Optional[Array[Stdlib::Port, 2, 2]] $outgoing_port_range = undef, Optional[Stdlib::IP::Address] $ip_address = undef, Optional[Stdlib::Absolutepath] $export_node = undef, Optional[Stdlib::Absolutepath] $import_node = undef, - - # Globus Config - v4 - String $globus_user = '%(GLOBUS_USER)s', - String $globus_password = '%(GLOBUS_PASSWORD)s', - - # Endpoint Config - v4 - Boolean $endpoint_public = false, - String $endpoint_default_directory = '/~/', - String $endpoint_name = $facts['networking']['hostname'], - - # Security Config - v4 - Boolean $security_fetch_credentials_from_relay = true, - Stdlib::Absolutepath $security_certificate_file = '/var/lib/globus-connect-server/grid-security/hostcert.pem', - Stdlib::Absolutepath $security_key_file = '/var/lib/globus-connect-server/grid-security/hostkey.pem', - Stdlib::Absolutepath $security_trusted_certificate_directory = '/var/lib/globus-connect-server/grid-security/certificates/', - Enum['MyProxy', 'OAuth', 'CILogon'] $security_identity_method = 'MyProxy', - Optional[Enum['MyProxyGridmapCallout','CILogon','Gridmap']] $security_authorization_method = undef, - Optional[Stdlib::Absolutepath] $security_gridmap = undef, - Optional[String] $security_cilogon_identity_provider = undef, - - # GridFTP Config - v4 - Stdlib::Port $gridftp_server_port = 2811, - Array[Stdlib::Port, 2, 2] $gridftp_incoming_port_range = [50000, 51000], - Optional[Array[Stdlib::Port, 2, 2]] $gridftp_outgoing_port_range = undef, - Optional[String] $gridftp_data_interface = undef, - - # GridFTP Config - v4 - Optional[String] $gridftp_server = undef, - Boolean $gridftp_server_behind_nat = false, - Array $gridftp_restrict_paths = ['RW~', 'N~/.*'], - Boolean $gridftp_sharing = false, - Optional[Array] $gridftp_sharing_restrict_paths = undef, - String $gridftp_sharing_state_dir = '$HOME/.globus/sharing', - Optional[Array] $gridftp_sharing_users_allow = undef, - Optional[Array] $gridftp_sharing_groups_allow = undef, - Optional[Array] $gridftp_sharing_users_deny = undef, - Optional[Array] $gridftp_sharing_groups_deny = undef, - - # MyProxy Config - v4 - Optional[String] $myproxy_server = undef, - Stdlib::Port $myproxy_server_port = 7512, - Boolean $myproxy_server_behind_nat = false, - Stdlib::Absolutepath $myproxy_ca_directory = '/var/lib/globus-connect-server/myproxy-ca', - Stdlib::Absolutepath $myproxy_config_file = '/var/lib/globus-connect-server/myproxy-server.conf', - Optional[String] $myproxy_ca_subject_dn = undef, - Array $myproxy_firewall_sources = ['174.129.226.69', '54.237.254.192/29'], - - # OAuth Config - v4 - Optional[String] $oauth_server = undef, - Boolean $oauth_server_behind_firewall = false, - Optional[String] $oauth_stylesheet = undef, - Optional[String] $oauth_logo = undef, ) { $osfamily = $facts.dig('os', 'family') - $osmajor = $facts.dig('os', 'release', 'major') - $os = "${osfamily}-${osmajor}" - - if String($version) == '4' and $os == 'RedHat-8' { - fail("${module_name}: Version 4 is not support on OS ${os}") - } - - if String($version) == '5' { - if ! $display_name { - fail("${module_name}: display_name is required with version 5") - } - if ! $client_id { - fail("${module_name}: client_id is required with version 5") - } - if ! $client_secret { - fail("${module_name}: client_secret is required with version 5") - } - if ! $owner { - fail("${module_name}: owner is required with version 5") - } - if ! $organization { - fail("${module_name}: organization is required with version 5") - } - } - - if $include_io_server { - $_gridftp_server = pick($gridftp_server, "${facts['networking']['fqdn']}:${gridftp_server_port}") - $_io_setup_command = 'globus-connect-server-io-setup' - } else { - $_gridftp_server = $gridftp_server - $_io_setup_command = undef - } - if $include_id_server { - $_myproxy_server = pick($myproxy_server, "${facts['networking']['fqdn']}:${myproxy_server_port}") - $_id_setup_command = 'globus-connect-server-id-setup' - } else { - $_myproxy_server = $myproxy_server - $_id_setup_command = undef - } - - if $include_oauth_server { - $_oauth_server = pick($oauth_server, $facts['networking']['fqdn']) - $_oauth_setup_command = 'globus-connect-server-web-setup' - } else { - $_oauth_server = $oauth_server - $_oauth_setup_command = undef - } - - # For v5 if ! $ip_address { $_ip_address = $facts.dig('networking','ip') } else { $_ip_address = $ip_address } - # For v4 - $_setup_commands = delete_undef_values([$_io_setup_command, $_id_setup_command, $_oauth_setup_command]) - $_setup_command = join($_setup_commands, ' && ') - if $manage_service { $notify_service = Service['globus-gridftp-server'] } else { diff --git a/manifests/install.pp b/manifests/install.pp index 48fcdde..95956fe 100644 --- a/manifests/install.pp +++ b/manifests/install.pp @@ -1,37 +1,15 @@ # @summary manage Globus install # @api private class globus::install { - if String($globus::version) == '4' { - if $globus::include_io_server { - package { 'globus-connect-server-io': - ensure => 'present', - } - } - - if $globus::include_id_server { - package { 'globus-connect-server-id': - ensure => 'present', - } - } - - if $globus::include_oauth_server { - package { 'globus-connect-server-web': - ensure => 'present', - } + if $facts['os']['family'] == 'RedHat' and versioncmp($facts['os']['release']['major'], '8') >= 0 { + package { 'mod_auth_openidc-dnf-module': + ensure => 'disabled', + name => 'mod_auth_openidc', + provider => 'dnfmodule', + before => Package[$globus::package_name], } } - - if String($globus::version) == '5' { - if $facts['os']['family'] == 'RedHat' and versioncmp($facts['os']['release']['major'], '8') >= 0 { - package { 'mod_auth_openidc-dnf-module': - ensure => 'disabled', - name => 'mod_auth_openidc', - provider => 'dnfmodule', - before => Package[$globus::package_name], - } - } - package { $globus::package_name: - ensure => 'present', - } + package { $globus::package_name: + ensure => 'present', } } diff --git a/manifests/repo/deb.pp b/manifests/repo/deb.pp index e071906..0af3e78 100644 --- a/manifests/repo/deb.pp +++ b/manifests/repo/deb.pp @@ -5,21 +5,10 @@ $repo_dir = '/usr/share/globus-toolkit-repo' $release_path = "${repo_dir}/${release_name}" $repo_key = "${repo_dir}/RPM-GPG-KEY-Globus" - if String($globus::version) == '5' { - $gcs_ensure = 'present' - } else { - $gcs_ensure = 'absent' - } if $globus::enable_testing_repos { $testing_ensure = 'present' - if $gcs_ensure == 'absent' { - $gcs_testing_ensure = 'absent' - } else { - $gcs_testing_ensure = 'present' - } } else { $testing_ensure = 'absent' - $gcs_testing_ensure = 'absent' } file { $repo_dir: @@ -44,37 +33,15 @@ } apt::source { 'globus-toolkit-6-stable': - ensure => 'present', - location => $globus::toolkit_repo_baseurl, - release => $facts['os']['distro']['codename'], - repos => 'contrib', - include => { - 'src' => true, - }, - key => { - 'id' => '66A86341D3CDB1B26BE4D46F44AE7EC2FAF24365', - 'source' => $repo_key, - }, - require => Exec['extract-globus-repo-key'], + ensure => 'absent', } apt::source { 'globus-toolkit-6-testing': - ensure => $testing_ensure, - location => $globus::toolkit_repo_testing_baseurl, - release => $facts['os']['distro']['codename'], - repos => 'contrib', - include => { - 'src' => true, - }, - key => { - 'id' => '66A86341D3CDB1B26BE4D46F44AE7EC2FAF24365', - 'source' => $repo_key, - }, - require => Exec['extract-globus-repo-key'], + ensure => 'absent', } apt::source { 'globus-connect-server-stable': - ensure => $gcs_ensure, + ensure => 'present', location => $globus::gcs_repo_baseurl, release => $facts['os']['distro']['codename'], repos => 'contrib', @@ -89,7 +56,7 @@ } apt::source { 'globus-connect-server-testing': - ensure => $gcs_testing_ensure, + ensure => $testing_ensure, location => $globus::gcs_repo_testing_baseurl, release => $facts['os']['distro']['codename'], repos => 'contrib', diff --git a/manifests/repo/el.pp b/manifests/repo/el.pp index 851849b..cbe6ec6 100644 --- a/manifests/repo/el.pp +++ b/manifests/repo/el.pp @@ -1,51 +1,23 @@ # @summary Manage globus repo # @api private class globus::repo::el { - if String($globus::version) == '5' { - $gcs_enabled = '1' - } else { - $gcs_enabled = '0' - } if $globus::enable_testing_repos { $testing_enabled = '1' - if $gcs_enabled == '0' { - $gcs_testing_enabled = '0' - } else { - $gcs_testing_enabled = '1' - } } else { $testing_enabled = '0' - $gcs_testing_enabled = '0' - } - if String($globus::version) == '4' { - ensure_packages($globus::repo_dependencies) } exec { 'RPM-GPG-KEY-Globus': path => '/usr/bin:/bin:/usr/sbin:/sbin', command => "wget -qO- ${globus::release_url} | rpm2cpio - | cpio -i --quiet --to-stdout ./etc/pki/rpm-gpg/RPM-GPG-KEY-Globus > /etc/pki/rpm-gpg/RPM-GPG-KEY-Globus", creates => '/etc/pki/rpm-gpg/RPM-GPG-KEY-Globus', - before => Yumrepo['Globus-Toolkit'], } - yumrepo { 'Globus-Toolkit': - descr => 'Globus-Toolkit-6', - baseurl => $globus::toolkit_repo_baseurl, - failovermethod => 'priority', - priority => '98', - enabled => '1', - gpgcheck => '1', - gpgkey => 'file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Globus', + file { '/etc/yum.repos.d/Globus-Toolkit.repo': + ensure => 'absent', } - - yumrepo { 'Globus-Toolkit-6-Testing': - descr => 'Globus-Toolkit-6-testing', - baseurl => $globus::toolkit_repo_testing_baseurl, - failovermethod => 'priority', - priority => '98', - enabled => $testing_enabled, - gpgcheck => '1', - gpgkey => 'file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Globus', + file { '/etc/yum.repos.d/Globus-Toolkit-6-Testing.repo': + ensure => 'absent', } yumrepo { 'globus-connect-server-5': @@ -53,7 +25,7 @@ baseurl => $globus::gcs_repo_baseurl, failovermethod => 'priority', priority => '98', - enabled => $gcs_enabled, + enabled => '1', gpgcheck => '1', gpgkey => 'file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Globus', require => Exec['RPM-GPG-KEY-Globus'], @@ -64,7 +36,7 @@ baseurl => $globus::gcs_repo_testing_baseurl, failovermethod => 'priority', priority => '98', - enabled => $gcs_testing_enabled, + enabled => $testing_enabled, gpgcheck => '1', gpgkey => 'file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Globus', require => Exec['RPM-GPG-KEY-Globus'], diff --git a/manifests/service.pp b/manifests/service.pp index fd6a76f..de1d152 100644 --- a/manifests/service.pp +++ b/manifests/service.pp @@ -1,27 +1,13 @@ # @summary Manage Globus service # @api private class globus::service { - if $globus::include_io_server and String($globus::version) == '4' and $globus::manage_service { - service { 'globus-gridftp-server': - ensure => 'running', - enable => true, - hasstatus => true, - hasrestart => true, - } - } - - if String($globus::version) == '5' and $globus::manage_service { + if $globus::manage_service { # Only attempt to start GCS services if Globus node is setup if $facts['globus_node_setup'] { $gcs_ensure = 'running' $gridftp_ensure = 'running' } else { - # EL8 seems to have issues starting on fresh install - if $facts['os']['family'] == 'RedHat' and versioncmp($facts['os']['release']['major'], '8') == 0 { - $gridftp_ensure = undef - } else { - $gridftp_ensure = 'running' - } + $gridftp_ensure = undef $gcs_ensure = undef } service { 'globus-gridftp-server': diff --git a/manifests/user.pp b/manifests/user.pp index c5cac04..a28f1ea 100644 --- a/manifests/user.pp +++ b/manifests/user.pp @@ -7,7 +7,7 @@ $shell = '/sbin/nologin' } - if String($globus::version) == '5' and $globus::manage_user { + if $globus::manage_user { group { 'gcsweb': ensure => 'present', gid => $globus::group_gid, diff --git a/metadata.json b/metadata.json index c8bcb8a..3588e3d 100644 --- a/metadata.json +++ b/metadata.json @@ -10,19 +10,19 @@ "dependencies": [ { "name": "puppetlabs/stdlib", - "version_requirement": ">= 5.0.0 <9.0.0" + "version_requirement": ">= 5.0.0 <10.0.0" }, { "name": "puppetlabs/apt", - "version_requirement": ">= 7.5.0 <9.0.0" + "version_requirement": ">= 7.5.0 <10.0.0" }, { "name": "puppetlabs/inifile", - "version_requirement": ">= 1.0.0 <6.0.0" + "version_requirement": ">= 1.0.0 <7.0.0" }, { "name": "puppetlabs/firewall", - "version_requirement": ">= 1.0.0 <4.0.0" + "version_requirement": ">= 3.6.0 <7.0.0" }, { "name": "puppet/epel", @@ -30,7 +30,7 @@ }, { "name": "puppet/python", - "version_requirement": ">= 6.3.0 <7.0.0" + "version_requirement": ">= 6.3.0 <8.0.0" } ], "operatingsystem_support": [ @@ -38,7 +38,8 @@ "operatingsystem": "RedHat", "operatingsystemrelease": [ "7", - "8" + "8", + "9" ] }, { @@ -50,27 +51,28 @@ { "operatingsystem": "Rocky", "operatingsystemrelease": [ - "8" + "8", + "9" ] }, { "operatingsystem": "Debian", "operatingsystemrelease": [ - "10" + "11" ] }, { "operatingsystem": "Ubuntu", "operatingsystemrelease": [ - "18.04", - "20.04" + "20.04", + "22.04" ] } ], "requirements": [ { "name": "puppet", - "version_requirement": ">= 6.0.0 < 8.0.0" + "version_requirement": ">= 7.0.0 < 9.0.0" } ], "description": "Globus Online module", @@ -79,7 +81,7 @@ "gridftp", "hpc" ], - "pdk-version": "2.1.0", + "pdk-version": "2.7.1", "template-url": "https://github.com/treydock/pdk-templates.git#master", - "template-ref": "heads/master-0-g77d89fa" + "template-ref": "heads/master-0-g52b1622" } diff --git a/spec/acceptance/globus_spec.rb b/spec/acceptance/globus_spec.rb index 07ce6cb..939d325 100644 --- a/spec/acceptance/globus_spec.rb +++ b/spec/acceptance/globus_spec.rb @@ -3,73 +3,6 @@ require 'spec_helper_acceptance' describe 'globus class:' do - context 'with version => 4', unless: (fact('os.family') == 'RedHat' && fact('os.release.major').to_i == 8) do - it 'runs successfully' do - pp = " - class { 'globus': - version => '4', - globus_user => 'foo', - globus_password => 'bar', - endpoint_name => 'test', - run_setup_commands => false, - manage_firewall => false, - } - " - - apply_manifest(pp, catch_failures: true) - apply_manifest(pp, catch_changes: true) - end - - describe yumrepo('Globus-Toolkit'), if: fact('os.family') == 'RedHat' do - it { is_expected.to exist } - it { is_expected.to be_enabled } - end - - describe yumrepo('globus-connect-server-5'), if: fact('os.family') == 'RedHat' do - it { is_expected.to exist } - it { is_expected.not_to be_enabled } - end - - describe package('globus-connect-server-io') do - it { is_expected.to be_installed } - end - - describe package('globus-connect-server-id') do - it { is_expected.to be_installed } - end - - describe package('globus-connect-server54') do - it { is_expected.not_to be_installed } - end - - describe file('/etc/globus-connect-server.conf') do - it { is_expected.to be_file } - it { is_expected.to be_owned_by 'root' } - it { is_expected.to be_grouped_into 'root' } - it { is_expected.to be_mode 600 } - its(:content) { is_expected.to match %r{^User = foo$} } - its(:content) { is_expected.to match %r{^Password = bar$} } - its(:content) { is_expected.to match %r{^Name = test$} } - its(:content) { is_expected.to match %r{^Public = False$} } - its(:content) { is_expected.to match %r{^DefaultDirectory = /~/$} } - end - - describe service('globus-gridftp-server') do - it { is_expected.to be_enabled } - it { is_expected.to be_running } - end - - describe service('gcs_manager') do - it { is_expected.not_to be_enabled } - it { is_expected.not_to be_running } - end - - describe service('gcs_manager_assistant') do - it { is_expected.not_to be_enabled } - it { is_expected.not_to be_running } - end - end - context 'with v5 parameters' do it 'runs successfully' do pp = " @@ -83,48 +16,24 @@ class { 'globus': manage_firewall => false, } " - if fact('os.family') == 'RedHat' - on hosts, 'yum -y remove globus\\*' - end - if fact('os.family') == 'Debian' - on hosts, "apt-get -y remove 'globus.*'" - end apply_manifest(pp, catch_failures: true) apply_manifest(pp, catch_changes: true) end - describe yumrepo('Globus-Toolkit'), if: fact('os.family') == 'RedHat' do - it { is_expected.to exist } - it { is_expected.to be_enabled } - end - describe yumrepo('globus-connect-server-5'), if: fact('os.family') == 'RedHat' do it { is_expected.to exist } it { is_expected.to be_enabled } end - describe package('globus-connect-server-io') do - it { is_expected.not_to be_installed } - end - - describe package('globus-connect-server-id') do - it { is_expected.not_to be_installed } - end - describe package('globus-connect-server54') do it { is_expected.to be_installed } end - describe service('globus-gridftp-server'), if: fact('os.release.major').to_s == '8' do + describe service('globus-gridftp-server') do it { is_expected.to be_enabled } it { is_expected.not_to be_running } end - describe service('globus-gridftp-server'), unless: fact('os.release.major').to_s == '8' do - it { is_expected.to be_enabled } - it { is_expected.to be_running } - end - describe service('gcs_manager') do it { is_expected.to be_enabled } it { is_expected.not_to be_running } diff --git a/spec/acceptance/nodesets/debian-10.yml b/spec/acceptance/nodesets/debian-11.yml similarity index 85% rename from spec/acceptance/nodesets/debian-10.yml rename to spec/acceptance/nodesets/debian-11.yml index 1fbabd6..4a623e4 100644 --- a/spec/acceptance/nodesets/debian-10.yml +++ b/spec/acceptance/nodesets/debian-11.yml @@ -1,10 +1,10 @@ HOSTS: - debian10: + debian11: roles: - agent - platform: debian-10-amd64 + platform: debian-11-amd64 hypervisor: docker - image: debian:10 + image: debian:11 docker_preserve_image: true docker_cmd: - '/sbin/init' @@ -18,7 +18,7 @@ HOSTS: - LANG=en_US.UTF-8 - LANGUAGE=en_US.UTF-8 - LC_ALL=en_US.UTF-8 - docker_container_name: 'globus-debian10' + docker_container_name: 'globus-debian11' CONFIG: log_level: debug type: foss diff --git a/spec/acceptance/nodesets/el9.yml b/spec/acceptance/nodesets/el9.yml new file mode 100644 index 0000000..6681bc6 --- /dev/null +++ b/spec/acceptance/nodesets/el9.yml @@ -0,0 +1,26 @@ +HOSTS: + almalinux-9: + roles: + - agent + platform: el-9-x86_64 + hypervisor: docker + image: almalinux:9 + docker_preserve_image: true + docker_cmd: + - '/usr/sbin/init' + docker_image_commands: + - 'dnf install -y dnf-utils' + - 'dnf config-manager --set-enabled crb' + - 'dnf install -y wget which cronie iproute initscripts langpacks-en glibc-all-langpacks glibc-langpack-en cpio' + docker_env: + - LANG=en_US.UTF-8 + - LANGUAGE=en_US.UTF-8 + - LC_ALL=en_US.UTF-8 + docker_container_name: 'globus-el9' +CONFIG: + log_level: debug + type: foss +ssh: + password: root + auth_methods: ["password"] + diff --git a/spec/acceptance/nodesets/ubuntu-1804.yml b/spec/acceptance/nodesets/ubuntu-2204.yml similarity index 74% rename from spec/acceptance/nodesets/ubuntu-1804.yml rename to spec/acceptance/nodesets/ubuntu-2204.yml index 5241dd3..40903a9 100644 --- a/spec/acceptance/nodesets/ubuntu-1804.yml +++ b/spec/acceptance/nodesets/ubuntu-2204.yml @@ -1,21 +1,21 @@ HOSTS: - ubuntu1804: + ubuntu2204: roles: - agent - platform: ubuntu-18.04-amd64 + platform: ubuntu-22.04-amd64 hypervisor : docker - image: ubuntu:18.04 + image: ubuntu:22.04 docker_preserve_image: true docker_cmd: '["/sbin/init"]' docker_image_commands: - "rm -f /etc/dpkg/dpkg.cfg.d/excludes" - - 'apt-get install -y wget net-tools iproute2 locales apt-transport-https ca-certificates lsb-release' + - 'apt-get install -y wget net-tools iproute2 locales apt-transport-https ca-certificates' - 'locale-gen en_US.UTF-8' docker_env: - LANG=en_US.UTF-8 - LANGUAGE=en_US.UTF-8 - LC_ALL=en_US.UTF-8 - docker_container_name: 'globus-ubuntu1804' + docker_container_name: 'globus-ubuntu2204' CONFIG: log_level: debug type: foss diff --git a/spec/classes/globus_cli_spec.rb b/spec/classes/globus_cli_spec.rb index 76fee60..f190fa7 100644 --- a/spec/classes/globus_cli_spec.rb +++ b/spec/classes/globus_cli_spec.rb @@ -4,7 +4,7 @@ describe 'globus::cli' do on_supported_os.each do |os, facts| - context "on #{os}" do + context "when #{os}" do let(:facts) do facts end diff --git a/spec/classes/globus_sdk_spec.rb b/spec/classes/globus_sdk_spec.rb index e94cd9e..fbf6d2f 100644 --- a/spec/classes/globus_sdk_spec.rb +++ b/spec/classes/globus_sdk_spec.rb @@ -4,7 +4,7 @@ describe 'globus::sdk' do on_supported_os.each do |os, facts| - context "on #{os}" do + context "when #{os}" do let(:facts) do facts end diff --git a/spec/classes/globus_spec.rb b/spec/classes/globus_spec.rb index 37ae136..5aaa271 100644 --- a/spec/classes/globus_spec.rb +++ b/spec/classes/globus_spec.rb @@ -4,7 +4,7 @@ describe 'globus' do on_supported_os.each do |os, os_facts| - context "on #{os}" do + context "when #{os}" do let(:facts) do os_facts end @@ -36,7 +36,7 @@ it { is_expected.to contain_class('globus::config').that_comes_before('Class[globus::service]') } it { is_expected.to contain_class('globus::service') } - context 'when version => 5' do + context 'when default params' do let(:params) { default_params } if os_facts[:os]['family'] == 'RedHat' @@ -59,28 +59,6 @@ it { is_expected.to compile.with_all_deps } it { is_expected.not_to contain_class('epel') } end - - context 'when version => 4', if: support_v4(os_facts) do - let(:default_params) { { version: '4' } } - let(:params) { default_params } - - it { is_expected.to compile.with_all_deps } - - it { is_expected.not_to contain_group('gcsweb') } - it { is_expected.not_to contain_user('gcsweb') } - - if os_facts[:os]['family'] == 'RedHat' - it_behaves_like 'globus::repo::elv4', os_facts - end - if os_facts[:os]['family'] == 'Debian' - it { is_expected.not_to contain_class('epel') } - - it_behaves_like 'globus::repo::debv4', os_facts - end - it_behaves_like 'globus::installv4', os_facts - it_behaves_like 'globus::configv4', os_facts - it_behaves_like 'globus::servicev4', os_facts - end end end end diff --git a/spec/classes/globus_timer_spec.rb b/spec/classes/globus_timer_spec.rb index 2a32552..4002b1a 100644 --- a/spec/classes/globus_timer_spec.rb +++ b/spec/classes/globus_timer_spec.rb @@ -4,7 +4,7 @@ describe 'globus::timer' do on_supported_os.each do |os, facts| - context "on #{os}" do + context "when #{os}" do let(:facts) do facts end diff --git a/spec/shared_examples/globus_configv4.rb b/spec/shared_examples/globus_configv4.rb deleted file mode 100644 index 3e338ff..0000000 --- a/spec/shared_examples/globus_configv4.rb +++ /dev/null @@ -1,164 +0,0 @@ -# frozen_string_literal: true - -shared_examples_for 'globus::configv4' do |facts| - it 'purges unmanaged configs' do - is_expected.to contain_resources('globus_connect_config').with_purge('true') - end - - it do - is_expected.to contain_exec('globus-connect-server-setup').with(path: '/usr/bin:/bin:/usr/sbin:/sbin', - command: 'globus-connect-server-io-setup && globus-connect-server-id-setup', - refreshonly: 'true') - end - - it do - is_expected.to contain_file('/etc/globus-connect-server.conf').with(ensure: 'file', - owner: 'root', - group: 'root', - mode: '0600') - end - - it { is_expected.to contain_globus_connect_config('Globus/User').with_value('%(GLOBUS_USER)s').with_notify('Exec[globus-connect-server-setup]') } - it { is_expected.to contain_globus_connect_config('Globus/Password').with_value('%(GLOBUS_PASSWORD)s').with_secret('true') } - it { is_expected.to contain_globus_connect_config('Endpoint/Name').with_value(facts[:networking]['hostname']) } - it { is_expected.to contain_globus_connect_config('Endpoint/Public').with_value('false') } - it { is_expected.to contain_globus_connect_config('Endpoint/DefaultDirectory').with_value('/~/') } - it { is_expected.to contain_globus_connect_config('Security/FetchCredentialFromRelay').with_value('true') } - it { is_expected.to contain_globus_connect_config('Security/CertificateFile').with_value('/var/lib/globus-connect-server/grid-security/hostcert.pem') } - it { is_expected.to contain_globus_connect_config('Security/KeyFile').with_value('/var/lib/globus-connect-server/grid-security/hostkey.pem') } - it { is_expected.to contain_globus_connect_config('Security/TrustedCertificateDirectory').with_value('/var/lib/globus-connect-server/grid-security/certificates/') } - it { is_expected.to contain_globus_connect_config('Security/IdentityMethod').with_value('MyProxy') } - it { is_expected.not_to contain_globus_connect_config('Security/AuthorizationMethod') } - it { is_expected.not_to contain_globus_connect_config('Security/Gridmap') } - it { is_expected.not_to contain_globus_connect_config('Security/CILogonIdentityProvider') } - it { is_expected.to contain_globus_connect_config('GridFTP/Server').with_value("#{facts[:fqdn]}:2811") } - it { is_expected.to contain_globus_connect_config('GridFTP/ServerBehindNAT').with_value('false') } - it { is_expected.to contain_globus_connect_config('GridFTP/IncomingPortRange').with_value('50000,51000') } - it { is_expected.not_to contain_globus_connect_config('GridFTP/OutgoingPortRange') } - it { is_expected.not_to contain_globus_connect_config('GridFTP/DataInterface') } - it { is_expected.to contain_globus_connect_config('GridFTP/RestrictPaths').with_value('RW~,N~/.*') } - it { is_expected.to contain_globus_connect_config('GridFTP/Sharing').with_value('false') } - it { is_expected.not_to contain_globus_connect_config('GridFTP/SharingRestrictPaths') } - it { is_expected.to contain_globus_connect_config('GridFTP/SharingStateDir').with_value('$HOME/.globus/sharing') } - it { is_expected.not_to contain_globus_connect_config('GridFTP/SharingUsersAllow') } - it { is_expected.not_to contain_globus_connect_config('GridFTP/SharingGroupsAllow') } - it { is_expected.not_to contain_globus_connect_config('GridFTP/SharingUsersDeny') } - it { is_expected.not_to contain_globus_connect_config('GridFTP/SharingGroupsDeny') } - it { is_expected.to contain_globus_connect_config('MyProxy/Server').with_value("#{facts[:fqdn]}:7512") } - it { is_expected.to contain_globus_connect_config('MyProxy/ServerBehindNAT').with_value('false') } - it { is_expected.to contain_globus_connect_config('MyProxy/CADirectory').with_value('/var/lib/globus-connect-server/myproxy-ca') } - it { is_expected.to contain_globus_connect_config('MyProxy/ConfigFile').with_value('/var/lib/globus-connect-server/myproxy-server.conf') } - it { is_expected.not_to contain_globus_connect_config('OAuth/Server') } - it { is_expected.not_to contain_globus_connect_config('OAuth/ServerBehindNAT') } - it { is_expected.not_to contain_globus_connect_config('OAuth/Stylesheet') } - it { is_expected.not_to contain_globus_connect_config('OAuth/Logo') } - - it { is_expected.not_to contain_file('/etc/cron.hourly/globus-connect-server-cilogon-basic-crl') } - it { is_expected.not_to contain_file('/etc/cron.hourly/globus-connect-server-cilogon-silver-crl') } - it { is_expected.not_to contain_file('/etc/gridftp.d/z-extra-settings') } - it { is_expected.not_to contain_exec('add-gridftp-callback') } - - it do - is_expected.to contain_firewall('500 allow GridFTP control channel').with(action: 'accept', - dport: '2811', - proto: 'tcp') - end - - it { is_expected.not_to contain_firewall('500 allow HTTPS') } - - it do - is_expected.to contain_firewall('500 allow GridFTP data channels').with(action: 'accept', - dport: '50000-51000', - proto: 'tcp') - end - - it do - is_expected.to contain_firewall('500 allow MyProxy from 174.129.226.69').with(action: 'accept', - dport: '7512', - proto: 'tcp', - source: '174.129.226.69') - end - - it do - is_expected.to contain_firewall('500 allow MyProxy from 54.237.254.192/29').with(action: 'accept', - dport: '7512', - proto: 'tcp', - source: '54.237.254.192/29') - end - - it do - is_expected.not_to contain_firewall('500 allow OAuth HTTPS').with(action: 'accept', - dport: '443', - proto: 'tcp') - end - - context 'when run_setup_commands => false' do - let(:params) { default_params.merge(run_setup_commands: false) } - - it { is_expected.not_to contain_exec('globus-connect-server-setup') } - it { is_expected.to contain_globus_connect_config('Globus/User').without_notify } - end - - context 'when extra_gridftp_settings defined' do - let(:params) do - default_params.merge(extra_gridftp_settings: [ - 'log_level ALL', - 'log_single /var/log/gridftp-auth.log', - 'log_transfer /var/log/gridftp.log', - '$LLGT_LOG_IDENT "gridftp-server-llgt"', - '$LCMAPS_DB_FILE "/etc/lcmaps.db"', - '$LCMAPS_POLICY_NAME "authorize_only"', - '$LLGT_LIFT_PRIVILEGED_PROTECTION "1"', - '$LCMAPS_DEBUG_LEVEL "2"' - ]) - end - - it do - is_expected.to contain_file('/etc/gridftp.d/z-extra-settings').with(ensure: 'file', - owner: 'root', - group: 'root', - mode: '0644', - notify: 'Service[globus-gridftp-server]') - end - - it do - verify_contents(catalogue, '/etc/gridftp.d/z-extra-settings', [ - 'log_level ALL', - 'log_single /var/log/gridftp-auth.log', - 'log_transfer /var/log/gridftp.log', - '$LLGT_LOG_IDENT "gridftp-server-llgt"', - '$LCMAPS_DB_FILE "/etc/lcmaps.db"', - '$LCMAPS_POLICY_NAME "authorize_only"', - '$LLGT_LIFT_PRIVILEGED_PROTECTION "1"', - '$LCMAPS_DEBUG_LEVEL "2"' - ]) - end - end - - context 'when first_gridftp_callback defined' do - let(:params) { default_params.merge(first_gridftp_callback: '|globus_mapping liblcas_lcmaps_gt4_mapping.so lcmaps_callout') } - - it do - is_expected.to contain_exec('add-gridftp-callback') - .with(path: '/usr/bin:/bin:/usr/sbin:/sbin', - command: 'sed -i \'1s/^/|globus_mapping liblcas_lcmaps_gt4_mapping.so lcmaps_callout\n/\' /var/lib/globus-connect-server/gsi-authz.conf', - unless: 'head -n 1 /var/lib/globus-connect-server/gsi-authz.conf | egrep -q \'^\|globus_mapping liblcas_lcmaps_gt4_mapping.so lcmaps_callout$\'', - onlyif: 'test -f /var/lib/globus-connect-server/gsi-authz.conf', - require: 'Exec[globus-connect-server-setup]', - notify: 'Service[globus-gridftp-server]') - end - - context 'when run_setup_commands => false' do - let(:params) { default_params.merge(first_gridftp_callback: '|globus_mapping liblcas_lcmaps_gt4_mapping.so lcmaps_callout', run_setup_commands: false) } - - it { is_expected.to contain_exec('add-gridftp-callback').without_require } - end - end - - context 'when manage_firewall => false' do - let(:params) { default_params.merge(manage_firewall: false) } - - it { is_expected.not_to contain_firewall('500 allow GridFTP control channel') } - it { is_expected.not_to contain_firewall('500 allow GridFTP data channels') } - end -end diff --git a/spec/shared_examples/globus_installv4.rb b/spec/shared_examples/globus_installv4.rb deleted file mode 100644 index bdc1f69..0000000 --- a/spec/shared_examples/globus_installv4.rb +++ /dev/null @@ -1,8 +0,0 @@ -# frozen_string_literal: true - -shared_examples_for 'globus::installv4' do |_facts| - it { is_expected.to contain_package('globus-connect-server-io').with_ensure('present') } - it { is_expected.to contain_package('globus-connect-server-id').with_ensure('present') } - it { is_expected.not_to contain_package('globus-connect-server-web') } - it { is_expected.not_to contain_package('globus-connect-server54') } -end diff --git a/spec/shared_examples/globus_repo_deb.rb b/spec/shared_examples/globus_repo_deb.rb index b7ab4d6..d54fb7b 100644 --- a/spec/shared_examples/globus_repo_deb.rb +++ b/spec/shared_examples/globus_repo_deb.rb @@ -34,23 +34,6 @@ ) end - it do - is_expected.to contain_apt__source('globus-toolkit-6-stable').with( - ensure: 'present', - location: baseurl, - release: facts[:os]['distro']['codename'], - repos: 'contrib', - include: { 'src' => 'true' }, - key: { - 'id' => '66A86341D3CDB1B26BE4D46F44AE7EC2FAF24365', - 'source' => repo_key - }, - require: 'Exec[extract-globus-repo-key]', - ) - end - - it { is_expected.to contain_apt__source('globus-toolkit-6-testing').with_ensure('absent') } - it do is_expected.to contain_apt__source('globus-connect-server-stable').with( ensure: 'present', diff --git a/spec/shared_examples/globus_repo_debv4.rb b/spec/shared_examples/globus_repo_debv4.rb deleted file mode 100644 index d65de64..0000000 --- a/spec/shared_examples/globus_repo_debv4.rb +++ /dev/null @@ -1,66 +0,0 @@ -# frozen_string_literal: true - -shared_examples_for 'globus::repo::debv4' do |facts| - let(:release_url) { 'http://downloads.globus.org/toolkit/gt6/stable/installers/repo/deb/globus-toolkit-repo_latest_all.deb' } - let(:release_path) { '/usr/share/globus-toolkit-repo/globus-toolkit-repo_latest_all.deb' } - let(:repo_key) { '/usr/share/globus-toolkit-repo/RPM-GPG-KEY-Globus' } - let(:baseurl) { 'https://downloads.globus.org/toolkit/gt6/stable/deb' } - let(:baseurl_gcs) { 'https://downloads.globus.org/globus-connect-server/stable/deb' } - - it do - is_expected.to contain_file('/usr/share/globus-toolkit-repo').with( - ensure: 'directory', - owner: 'root', - group: 'root', - mode: '0755', - ) - end - - it do - is_expected.to contain_exec('curl-globus-release').with( - path: '/usr/bin:/bin:/usr/sbin:/sbin', - command: "curl -Ls --show-error -o #{release_path} #{release_url}", - creates: release_path, - require: 'File[/usr/share/globus-toolkit-repo]', - before: 'Exec[extract-globus-repo-key]', - ) - end - - it do - is_expected.to contain_exec('extract-globus-repo-key').with( - path: '/usr/bin:/bin:/usr/sbin:/sbin', - command: "dpkg --fsys-tarfile #{release_path} | tar xOf - .#{repo_key} > #{repo_key}", - creates: repo_key, - ) - end - - it do - is_expected.to contain_apt__source('globus-toolkit-6-stable').with( - ensure: 'present', - location: baseurl, - release: facts[:os]['distro']['codename'], - repos: 'contrib', - include: { 'src' => 'true' }, - key: { - 'id' => '66A86341D3CDB1B26BE4D46F44AE7EC2FAF24365', - 'source' => repo_key - }, - require: 'Exec[extract-globus-repo-key]', - ) - end - - it do - is_expected.to contain_apt__source('globus-connect-server-stable').with( - ensure: 'absent', - location: baseurl_gcs, - release: facts[:os]['distro']['codename'], - repos: 'contrib', - include: { 'src' => 'true' }, - key: { - 'id' => '66A86341D3CDB1B26BE4D46F44AE7EC2FAF24365', - 'source' => repo_key - }, - require: 'Exec[extract-globus-repo-key]', - ) - end -end diff --git a/spec/shared_examples/globus_repo_el.rb b/spec/shared_examples/globus_repo_el.rb index 9c13101..88c9ffa 100644 --- a/spec/shared_examples/globus_repo_el.rb +++ b/spec/shared_examples/globus_repo_el.rb @@ -13,24 +13,9 @@ is_expected.to contain_exec('RPM-GPG-KEY-Globus') .with(path: '/usr/bin:/bin:/usr/sbin:/sbin', command: 'wget -qO- https://downloads.globus.org/toolkit/globus-connect-server/globus-connect-server-repo-latest.noarch.rpm | rpm2cpio - | cpio -i --quiet --to-stdout ./etc/pki/rpm-gpg/RPM-GPG-KEY-Globus > /etc/pki/rpm-gpg/RPM-GPG-KEY-Globus', # rubocop:disable Metrics/LineLength - creates: '/etc/pki/rpm-gpg/RPM-GPG-KEY-Globus', - before: 'Yumrepo[Globus-Toolkit]') + creates: '/etc/pki/rpm-gpg/RPM-GPG-KEY-Globus') end - it 'creates Yumrepo[Globus-Toolkit]' do - is_expected.to contain_yumrepo('Globus-Toolkit').with( - descr: 'Globus-Toolkit-6', - baseurl: baseurl, - failovermethod: 'priority', - priority: '98', - enabled: '1', - gpgcheck: '1', - gpgkey: 'file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Globus', - ) - end - - it { is_expected.to contain_yumrepo('Globus-Toolkit-6-Testing').with_enabled('0') } - it 'creates Yumrepo[globus-connect-server-5' do is_expected.to contain_yumrepo('globus-connect-server-5').with( descr: 'Globus-Connect-Server-5', diff --git a/spec/shared_examples/globus_repo_elv4.rb b/spec/shared_examples/globus_repo_elv4.rb deleted file mode 100644 index 0ca4a3d..0000000 --- a/spec/shared_examples/globus_repo_elv4.rb +++ /dev/null @@ -1,52 +0,0 @@ -# frozen_string_literal: true - -shared_examples_for 'globus::repo::elv4' do |facts| - if facts[:operatingsystem] == 'Fedora' - let(:url_os) { 'fedora' } - else - let(:url_os) { 'el' } - end - let(:baseurl) { "https://downloads.globus.org/toolkit/gt6/stable/rpm/#{url_os}/#{facts[:operatingsystemmajrelease]}/$basearch/" } - let(:baseurl_gcs) { "https://downloads.globus.org/globus-connect-server/stable/rpm/#{url_os}/#{facts[:operatingsystemmajrelease]}/$basearch/" } - - it 'installs yum priorities plugin' do - is_expected.to contain_package('yum-plugin-priorities') - end - - it 'installs GPG key' do - is_expected.to contain_exec('RPM-GPG-KEY-Globus') - .with(path: '/usr/bin:/bin:/usr/sbin:/sbin', - command: 'wget -qO- https://downloads.globus.org/toolkit/globus-connect-server/globus-connect-server-repo-latest.noarch.rpm | rpm2cpio - | cpio -i --quiet --to-stdout ./etc/pki/rpm-gpg/RPM-GPG-KEY-Globus > /etc/pki/rpm-gpg/RPM-GPG-KEY-Globus', # rubocop:disable Metrics/LineLength - creates: '/etc/pki/rpm-gpg/RPM-GPG-KEY-Globus', - before: 'Yumrepo[Globus-Toolkit]') - end - - it 'creates Yumrepo[Globus-Toolkit]' do - is_expected.to contain_yumrepo('Globus-Toolkit').with( - descr: 'Globus-Toolkit-6', - baseurl: baseurl, - failovermethod: 'priority', - priority: '98', - enabled: '1', - gpgcheck: '1', - gpgkey: 'file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Globus', - ) - end - - it { is_expected.to contain_yumrepo('Globus-Toolkit-6-Testing').with_enabled('0') } - - it 'creates Yumrepo[globus-connect-server-5' do - is_expected.to contain_yumrepo('globus-connect-server-5').with( - descr: 'Globus-Connect-Server-5', - baseurl: baseurl_gcs, - failovermethod: 'priority', - priority: '98', - enabled: '0', - gpgcheck: '1', - gpgkey: 'file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Globus', - require: 'Exec[RPM-GPG-KEY-Globus]', - ) - end - - it { is_expected.to contain_yumrepo('globus-connect-server-5-testing').with_enabled('0') } -end diff --git a/spec/shared_examples/globus_service.rb b/spec/shared_examples/globus_service.rb index 9ec7deb..30d4088 100644 --- a/spec/shared_examples/globus_service.rb +++ b/spec/shared_examples/globus_service.rb @@ -1,17 +1,9 @@ # frozen_string_literal: true shared_examples_for 'globus::service' do |os_facts| - let(:gridftp_ensure) do - if os_facts[:os]['release']['major'].to_s == '8' - nil - else - 'running' - end - end - it do is_expected.to contain_service('globus-gridftp-server').with( - ensure: gridftp_ensure, + ensure: nil, enable: 'true', hasstatus: 'true', hasrestart: 'true', diff --git a/spec/shared_examples/globus_servicev4.rb b/spec/shared_examples/globus_servicev4.rb deleted file mode 100644 index 0eb10bf..0000000 --- a/spec/shared_examples/globus_servicev4.rb +++ /dev/null @@ -1,19 +0,0 @@ -# frozen_string_literal: true - -shared_examples_for 'globus::servicev4' do |_facts| - it do - is_expected.to contain_service('globus-gridftp-server').with(ensure: 'running', - enable: 'true', - hasstatus: 'true', - hasrestart: 'true') - end - - it { is_expected.not_to contain_service('gcs_manager') } - it { is_expected.not_to contain_service('gcs_manager_assistant') } - - context 'when manage_service => false' do - let(:params) { default_params.merge(manage_service: false) } - - it { is_expected.not_to contain_service('globus-gridftp-server') } - end -end diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index 036b5f8..7272754 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -25,7 +25,7 @@ next unless File.exist?(f) && File.readable?(f) && File.size?(f) begin - default_facts.merge!(YAML.safe_load(File.read(f), [], [], true)) + default_facts.merge!(YAML.safe_load(File.read(f))) rescue StandardError => e RSpec.configuration.reporter.message "WARNING: Unable to load #{f}: #{e}" end diff --git a/spec/spec_helper_local.rb b/spec/spec_helper_local.rb index 28bd1ed..78f629d 100644 --- a/spec/spec_helper_local.rb +++ b/spec/spec_helper_local.rb @@ -15,31 +15,25 @@ def platforms pip_provider: 'pip3', venv_python_version: '3.6' }, - 'Debian-9' => { + 'RedHat-9' => { python_version: '3', - pip_provider: 'pip', - venv_python_version: 'system' + pip_provider: 'pip3', + venv_python_version: '3.9' }, - 'Debian-10' => { + 'Debian-11' => { python_version: '3', pip_provider: 'pip', venv_python_version: 'system' }, - 'Debian-18.04' => { + 'Debian-20.04' => { python_version: '3', pip_provider: 'pip', venv_python_version: 'system' }, - 'Debian-20.04' => { + 'Debian-22.04' => { python_version: '3', pip_provider: 'pip', venv_python_version: 'system' } } end - -def support_v4(facts) - return false if facts[:os]['release']['major'].to_i == 8 && facts[:os]['family'] == 'RedHat' - - true -end diff --git a/spec/unit/puppet/provider/globus_connect_config/ini_setting_spec.rb b/spec/unit/puppet/provider/globus_connect_config/ini_setting_spec.rb deleted file mode 100644 index d03fe4d..0000000 --- a/spec/unit/puppet/provider/globus_connect_config/ini_setting_spec.rb +++ /dev/null @@ -1,32 +0,0 @@ -# frozen_string_literal: true - -# -# these tests are a little concerning b/c they are hacking around the -# modulepath, so these tests will not catch issues that may eventually arise -# related to loading these plugins. -# I could not, for the life of me, figure out how to programatcally set the modulepath -$LOAD_PATH.push( - File.join( - File.dirname(__FILE__), - '..', - '..', - '..', - '..', - 'fixtures', - 'modules', - 'inifile', - 'lib', - ), -) -require 'spec_helper' -provider_class = Puppet::Type.type(:globus_connect_config).provider(:ini_setting) -describe provider_class do - it 'sets section and setting' do - resource = Puppet::Type::Globus_connect_config.new( - name: 'vars/foo', value: 'bar', - ) - provider = provider_class.new(resource) - expect(provider.section).to eq('vars') - expect(provider.setting).to eq('foo') - end -end diff --git a/spec/unit/puppet/type/globus_connect_config_spec.rb b/spec/unit/puppet/type/globus_connect_config_spec.rb deleted file mode 100644 index b8f35cd..0000000 --- a/spec/unit/puppet/type/globus_connect_config_spec.rb +++ /dev/null @@ -1,104 +0,0 @@ -# frozen_string_literal: true - -require 'spec_helper' -# these tests are a little concerning b/c they are hacking around the -# modulepath, so these tests will not catch issues that may eventually arise -# related to loading these plugins. -# I could not, for the life of me, figure out how to programatcally set the modulepath -$LOAD_PATH.push( - File.join( - File.dirname(__FILE__), - '..', - '..', - '..', - 'fixtures', - 'modules', - 'inifile', - 'lib', - ), -) -require 'puppet' -require 'puppet/type/globus_connect_config' - -describe 'Puppet::Type.type(:globus_connect_config)' do - let(:globus_connect_config) do - Puppet::Type.type(:globus_connect_config).new(name: 'vars/foo', value: 'bar') - end - - it 'requires a name' do - expect { - Puppet::Type.type(:globus_connect_config).new({}) - }.to raise_error(Puppet::Error, 'Title or name must be provided') - end - - it 'does not expect a name with whitespace' do - expect { - Puppet::Type.type(:globus_connect_config).new(name: 'f oo') - }.to raise_error(Puppet::Error, %r{Invalid globus_connect_config}) - end - - it 'fails when there is no section' do - expect { - Puppet::Type.type(:globus_connect_config).new(name: 'foo') - }.to raise_error(Puppet::Error, %r{Invalid globus_connect_config}) - end - - it 'does not require a value when ensure is absent' do - Puppet::Type.type(:globus_connect_config).new(name: 'vars/foo', ensure: :absent) - end - - it 'requires a value when ensure is present' do - expect { - Puppet::Type.type(:globus_connect_config).new(name: 'vars/foo', ensure: :present) - }.to raise_error(Puppet::Error, %r{Property value must be set}) - end - - it 'accepts a valid value' do - globus_connect_config[:value] = 'bar' - expect(globus_connect_config[:value]).to eq('bar') - end - - it 'does not accept a value with whitespace' do - globus_connect_config[:value] = 'b ar' - expect(globus_connect_config[:value]).to eq('b ar') - end - - it 'accepts valid ensure values' do - globus_connect_config[:ensure] = :present - expect(globus_connect_config[:ensure]).to eq(:present) - globus_connect_config[:ensure] = :absent - expect(globus_connect_config[:ensure]).to eq(:absent) - end - - it 'does not accept invalid ensure values' do - expect { - globus_connect_config[:ensure] = :latest - }.to raise_error(Puppet::Error, %r{Invalid value}) - end - - it 'capitalizes true value' do - globus_connect_config[:value] = true - expect(globus_connect_config[:value]).to eq('True') - globus_connect_config[:value] = 'true' - expect(globus_connect_config[:value]).to eq('True') - end - - it 'capitalizes false value' do - globus_connect_config[:value] = false - expect(globus_connect_config[:value]).to eq('False') - globus_connect_config[:value] = 'false' - expect(globus_connect_config[:value]).to eq('False') - end - - describe 'autorequire File resources' do - it 'autorequires /etc/globus-connect-server.conf' do - conf = Puppet::Type.type(:file).new(name: '/etc/globus-connect-server.conf') - catalog = Puppet::Resource::Catalog.new - catalog.add_resource globus_connect_config - catalog.add_resource conf - rel = globus_connect_config.autorequire[0] - expect(rel.source.ref).to eq(conf.ref) - expect(rel.target.ref).to eq(globus_connect_config.ref) - end - end -end