diff --git a/.travis.yml b/.travis.yml index 1b406d2..e40063c 100644 --- a/.travis.yml +++ b/.travis.yml @@ -30,7 +30,7 @@ jobs: - env: STRICT_VARIABLES=yes TRUSTED_NODE_DATA=yes PUPPET_VERSION="~> 5.0" include: - - stage: spec + - stage: check rvm: 2.4.1 env: STRICT_VARIABLES=yes TRUSTED_NODE_DATA=yes PUPPET_VERSION="~> 5" script: diff --git a/CHANGELOG b/CHANGELOG index a6e53f9..9ebc9ba 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,10 @@ +* Tue Mar 06 2018 Liz Nemsick - 6.3.0 +- Fixed bug in which the stunnel systemd pre-exec script failed to + execute completely, because one command did not have a fully + qualified path. +- Reworked stunnel systemd pre-exec scripts to only emit error + messages when errors have occurred. + * Wed Dec 13 2017 Trevor Vaughan - 6.3.0 - Isolated the 'instance' logic away from the 'connection' logic - Added a private 'monolithic' class that arranges everything properly for the diff --git a/spec/acceptance/suites/default/00_instances_spec.rb b/spec/acceptance/suites/default/00_instances_spec.rb index 2db8804..3062435 100644 --- a/spec/acceptance/suites/default/00_instances_spec.rb +++ b/spec/acceptance/suites/default/00_instances_spec.rb @@ -139,11 +139,6 @@ ].each do |service| on(host, "puppet resource service #{service} ensure=stopped enable=false") end - - # There was an issue where the domain fact would cease to exist, causing failures - on(host, 'service network restart') - # Get rid of stunnels - # on(host, "ps aux | grep -ie stunnel | grep -v 'grep' | awk '{print $2}' | xargs --no-run-if-empty kill -9") end end end diff --git a/spec/acceptance/suites/default/01_connection_spec.rb b/spec/acceptance/suites/default/01_connection_spec.rb index b538f97..2f88377 100644 --- a/spec/acceptance/suites/default/01_connection_spec.rb +++ b/spec/acceptance/suites/default/01_connection_spec.rb @@ -51,7 +51,7 @@ reset = yes EOF } - it 'should set up a stunnel process, ripe for killing' do + it 'should kill running stunnel process started with old SysV-type init script' do create_remote_file(host, '/etc/stunnel/stunnel.conf', minion_stunnel_conf) scp_to(host,'spec/expected/legacy_el7_init.txt','/etc/rc.d/init.d/stunnel_legacy') on(host, 'mkdir -p /var/run/stunnel') @@ -61,9 +61,13 @@ on(host, 'chmod -R go+r /etc/pki/simp-testing/pki') on(host, 'chcon -R --type cert_t /etc/pki/simp-testing/pki') on(host, '/etc/rc.d/init.d/stunnel_legacy start') + pid = on(host, 'cat /var/run/stunnel/stunnel.pid').stdout.strip + on(host, "ps -f --pid #{pid}") apply_manifest_on(host,base_manifest, catch_failures: true) apply_manifest_on(host,base_manifest, catch_changes: true) + on(host, "ps -f --pid #{pid}", :acceptable_exit_codes => [1]) + on(host, 'ls /var/run/stunnel/stunnel.pid', :acceptable_exit_codes => [2]) end end end @@ -139,8 +143,20 @@ class { 'selinux': ensure => 'disabled' } context 'after reboot' do it 'should reboot and have selinux disabled' do + # There is an issue in which the domain fact ceases to exist after + # reboot, because NetworkManager generates an empty /etc/resolv.conf. + # To work around this problem, backup /etc/resolv.conf and restore + # as needed. + on(host,'cp /etc/resolv.conf /etc/resolv.conf.bak') host.reboot + if fact_on(host, 'domain').strip.empty? + on(host, 'cp /etc/resolv.conf.bak /etc/resolv.conf') + if fact_on(host, 'domain').strip.empty? + fail('Cannot determine domain even after restore of /etc/resolv.conf') + end + end + result = on(host, 'getenforce') expect(result.stdout).to include('Disabled') @@ -212,10 +228,16 @@ class { 'selinux': ensure => 'enforcing' } on(host, "puppet resource service stunnel ensure=stopped enable=false") host.reboot + if fact_on(host, 'domain').strip.empty? + # Restore working resolv.conf, as it has been munged by NetworkManager + on(host, 'cp /etc/resolv.conf.bak /etc/resolv.conf') + if fact_on(host, 'domain').strip.empty? + fail('Cannot determine domain even after restore of /etc/resolv.conf') + end + end + result = on(host, 'getenforce') expect(result.stdout).to include('Enforcing') - on(host, "echo domain #{domain} >> /etc/resolv.conf") - on(host, "echo search #{domain} >> /etc/resolv.conf") apply_manifest_on(host,base_manifest, catch_failures: true) end diff --git a/spec/expected/connection/chroot-systemd-pid.txt b/spec/expected/connection/chroot-systemd-pid.txt index bf7f84a..6e0f4cc 100644 --- a/spec/expected/connection/chroot-systemd-pid.txt +++ b/spec/expected/connection/chroot-systemd-pid.txt @@ -7,7 +7,8 @@ Wants=network-online.target [Service] Type=simple -ExecStartPre=-/usr/bin/pkill -f "stunnel /etc/stunnel/stunnel.conf" -F /var/stunnel/var/opt/run/stunnel.pid ; rm /var/stunnel/var/opt/run/stunnel.pid +ExecStartPre=/bin/bash -c 'if test -f /var/stunnel/var/opt/run/stunnel.pid; then /usr/bin/pkill -f "stunnel /etc/stunnel/stunnel.conf" -F /var/stunnel/var/opt/run/stunnel.pid; fi' +ExecStartPre=/usr/bin/rm -f /var/stunnel/var/opt/run/stunnel.pid ExecStart=/usr/bin/stunnel /etc/stunnel/stunnel.conf KillMode=process LimitNOFILE=1048576 diff --git a/spec/expected/connection/chroot-systemd.txt b/spec/expected/connection/chroot-systemd.txt index 49856e7..ade8b3c 100644 --- a/spec/expected/connection/chroot-systemd.txt +++ b/spec/expected/connection/chroot-systemd.txt @@ -7,7 +7,8 @@ Wants=network-online.target [Service] Type=simple -ExecStartPre=-/usr/bin/pkill -f "stunnel /etc/stunnel/stunnel.conf" -F /var/stunnel/var/run/stunnel/stunnel.pid ; rm /var/stunnel/var/run/stunnel/stunnel.pid +ExecStartPre=/bin/bash -c 'if test -f /var/stunnel/var/run/stunnel/stunnel.pid; then /usr/bin/pkill -f "stunnel /etc/stunnel/stunnel.conf" -F /var/stunnel/var/run/stunnel/stunnel.pid; fi' +ExecStartPre=/usr/bin/rm -f /var/stunnel/var/run/stunnel/stunnel.pid ExecStart=/usr/bin/stunnel /etc/stunnel/stunnel.conf KillMode=process LimitNOFILE=1048576 diff --git a/spec/expected/connection/nonchroot-systemd.txt b/spec/expected/connection/nonchroot-systemd.txt index c18ea12..9f9ce21 100644 --- a/spec/expected/connection/nonchroot-systemd.txt +++ b/spec/expected/connection/nonchroot-systemd.txt @@ -7,7 +7,8 @@ Wants=network-online.target [Service] Type=simple -ExecStartPre=-/usr/bin/pkill -f "stunnel /etc/stunnel/stunnel.conf" -F /var/run/stunnel/stunnel.pid ; rm /var/run/stunnel/stunnel.pid +ExecStartPre=/bin/bash -c 'if test -f /var/run/stunnel/stunnel.pid; then /usr/bin/pkill -f "stunnel /etc/stunnel/stunnel.conf" -F /var/run/stunnel/stunnel.pid; fi' +ExecStartPre=/usr/bin/rm -f /var/run/stunnel/stunnel.pid ExecStart=/usr/bin/stunnel /etc/stunnel/stunnel.conf KillMode=process LimitNOFILE=1048576 diff --git a/templates/connection_systemd.erb b/templates/connection_systemd.erb index 57e2bab..9aebe97 100644 --- a/templates/connection_systemd.erb +++ b/templates/connection_systemd.erb @@ -8,9 +8,11 @@ Wants=network-online.target [Service] Type=simple <% if @_chroot -%> -ExecStartPre=-/usr/bin/pkill -f "stunnel /etc/stunnel/stunnel.conf" -F <%= @_chroot %><%= @_legacy_pid %> ; rm <%= @_chroot %><%= @_legacy_pid %> +ExecStartPre=/bin/bash -c 'if test -f <%= @_chroot %><%= @_legacy_pid %>; then /usr/bin/pkill -f "stunnel /etc/stunnel/stunnel.conf" -F <%= @_chroot %><%= @_legacy_pid %>; fi' +ExecStartPre=/usr/bin/rm -f <%= @_chroot %><%= @_legacy_pid %> <% else -%> -ExecStartPre=-/usr/bin/pkill -f "stunnel /etc/stunnel/stunnel.conf" -F <%= @_legacy_pid %> ; rm <%= @_chroot %><%= @_legacy_pid %> +ExecStartPre=/bin/bash -c 'if test -f <%= @_legacy_pid %>; then /usr/bin/pkill -f "stunnel /etc/stunnel/stunnel.conf" -F <%= @_legacy_pid %>; fi' +ExecStartPre=/usr/bin/rm -f <%= @_legacy_pid %> <% end -%> ExecStart=/usr/bin/stunnel /etc/stunnel/stunnel.conf KillMode=process