From 65168203cf41647af729576b87dbb14fa2e588e5 Mon Sep 17 00:00:00 2001 From: Matthew Haughton Date: Sat, 30 Nov 2013 17:52:01 -0500 Subject: [PATCH 01/18] no more Gemfile.lock It messes with rspec-system builds and isn't really relevant for code that's running directly on Puppet --- .gitignore | 1 + Gemfile.lock | 96 ---------------------------------------------------- 2 files changed, 1 insertion(+), 96 deletions(-) delete mode 100644 Gemfile.lock diff --git a/.gitignore b/.gitignore index ba7f7787e..02eab4884 100644 --- a/.gitignore +++ b/.gitignore @@ -4,4 +4,5 @@ pkg/ .librarian/ .tmp/ pkg/ +Gemfile.lock spec/fixtures/ diff --git a/Gemfile.lock b/Gemfile.lock deleted file mode 100644 index d78d90213..000000000 --- a/Gemfile.lock +++ /dev/null @@ -1,96 +0,0 @@ -GEM - remote: https://rubygems.org/ - specs: - builder (3.2.2) - diff-lcs (1.2.4) - facter (1.7.1) - hiera (1.2.1) - json_pure - highline (1.6.19) - json (1.8.0) - json_pure (1.8.0) - kwalify (0.7.2) - librarian (0.1.0) - highline - thor (~> 0.15) - librarian-puppet-maestrodev (0.9.9.2) - json - librarian (>= 0.1.0) - thor (~> 0.15) - metaclass (0.0.1) - mime-types (1.23) - mocha (0.14.0) - metaclass (~> 0.0.1) - net-scp (1.1.2) - net-ssh (>= 2.6.5) - net-ssh (2.6.8) - nokogiri (1.5.9) - puppet (3.2.1) - facter (~> 1.6) - hiera (~> 1.0) - rgen (~> 0.6) - puppet-blacksmith (1.0.5) - nokogiri - puppet (>= 2.7.16) - puppetlabs_spec_helper (>= 0.3.0) - rake - rest-client - puppet-lint (0.3.2) - puppetlabs_spec_helper (0.4.1) - mocha (>= 0.10.5) - rake - rspec (>= 2.9.0) - rspec-puppet (>= 0.1.1) - rake (10.0.4) - rbvmomi (1.6.0) - builder - nokogiri (>= 1.4.1) - trollop - rest-client (1.6.7) - mime-types (>= 1.16) - rgen (0.6.2) - rspec (2.13.0) - rspec-core (~> 2.13.0) - rspec-expectations (~> 2.13.0) - rspec-mocks (~> 2.13.0) - rspec-core (2.13.1) - rspec-expectations (2.13.0) - diff-lcs (>= 1.1.3, < 2.0) - rspec-mocks (2.13.1) - rspec-puppet (0.1.6) - rspec - rspec-system (2.2.0) - kwalify (~> 0.7.2) - net-scp (~> 1.1) - net-ssh (~> 2.6) - nokogiri (~> 1.5.9) - rbvmomi (~> 1.6) - rspec (~> 2.13) - systemu (~> 2.5) - rspec-system-puppet (2.2.0) - rspec-system (~> 2.0) - rspec-system-serverspec (1.0.0) - rspec-system (~> 2.0) - serverspec (~> 0.6.0) - serverspec (0.6.3) - highline - net-ssh - rspec (~> 2.0) - systemu (2.5.2) - thor (0.18.1) - trollop (2.0) - -PLATFORMS - ruby - -DEPENDENCIES - librarian-puppet-maestrodev - puppet (>= 3.0.1) - puppet-blacksmith - puppet-lint (>= 0.1.12) - puppetlabs_spec_helper - rake (>= 0.9.2.2) - rspec-puppet (>= 0.1.3) - rspec-system-puppet - rspec-system-serverspec - serverspec From 2533623695b0066a2a7a295f17c523e09a47e85c Mon Sep 17 00:00:00 2001 From: Matthew Haughton Date: Sat, 30 Nov 2013 14:07:45 -0500 Subject: [PATCH 02/18] lock serverspec to 0.11.x required to work around https://github.com/puppetlabs/rspec-system-serverspec/issues/6 --- Gemfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile b/Gemfile index 722e7fa59..902091ae9 100644 --- a/Gemfile +++ b/Gemfile @@ -9,6 +9,6 @@ group :rake do gem 'puppet-blacksmith' gem 'librarian-puppet-maestrodev' gem 'rspec-system-puppet', :require => false - gem 'serverspec', :require => false + gem 'serverspec', '~> 0.11.0', :require => false gem 'rspec-system-serverspec', :require => false end From a42f971fa6ec88b725a9601deebd5ea0f9929877 Mon Sep 17 00:00:00 2001 From: Matthew Haughton Date: Sat, 30 Nov 2013 17:21:26 -0500 Subject: [PATCH 03/18] remove SLES 11 from nodeset Doesn't work with current rspec-system-puppet gem (no puppet_install helper support) --- .nodeset.yml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/.nodeset.yml b/.nodeset.yml index cbd0d57b8..767f9cd2f 100644 --- a/.nodeset.yml +++ b/.nodeset.yml @@ -29,7 +29,3 @@ sets: nodes: "main.foo.vm": prefab: 'ubuntu-server-12042-x64' - 'sles-11sp1-x64': - nodes: - "main.foo.vm": - prefab: 'sles-11sp1-x64' From d2ec91da6e549adafd50b2acf75ae20f29902ba7 Mon Sep 17 00:00:00 2001 From: Matthew Haughton Date: Sat, 30 Nov 2013 17:57:32 -0500 Subject: [PATCH 04/18] Don't include RSpecSystemPuppet::Helpers twice --- spec/spec_helper_system.rb | 2 -- 1 file changed, 2 deletions(-) diff --git a/spec/spec_helper_system.rb b/spec/spec_helper_system.rb index 0c5eeb965..cbf1ec897 100644 --- a/spec/spec_helper_system.rb +++ b/spec/spec_helper_system.rb @@ -12,8 +12,6 @@ # Enable colour c.tty = true - c.include RSpecSystemPuppet::Helpers - # This is where we 'setup' the nodes before running our tests c.before :suite do # Install puppet From 0922eb72105eb414f4f7c1107379583c1368f02b Mon Sep 17 00:00:00 2001 From: Matthew Haughton Date: Sat, 30 Nov 2013 19:08:28 -0500 Subject: [PATCH 05/18] check for 0 or 2 exit code See http://docs.puppetlabs.com/man/apply.html puppet_apply from rspec-system-puppet runs with --detailed-exitcodes --- spec/system/class_spec.rb | 16 +++++++++------- spec/system/nginx_mail_spec.rb | 12 ++++++------ spec/system/nginx_proxy_spec.rb | 12 ++++++------ spec/system/nginx_vhost_spec.rb | 28 +++++++++++++++------------- 4 files changed, 36 insertions(+), 32 deletions(-) diff --git a/spec/system/class_spec.rb b/spec/system/class_spec.rb index ca58d3f57..3d0594bf7 100644 --- a/spec/system/class_spec.rb +++ b/spec/system/class_spec.rb @@ -2,14 +2,16 @@ describe "nginx class:" do context 'should run successfully' do - pp = "class { 'nginx': }" + it 'should run successfully' do + pp = "class { 'nginx': }" - context puppet_apply(pp) do - its(:stderr) { should be_empty } - its(:exit_code) { should_not == 1 } - its(:refresh) { should be_nil } - its(:stderr) { should be_empty } - its(:exit_code) { should be_zero } + puppet_apply(pp) do |r| + #r.stderr.should be_empty + [0,2].should include r.exit_code + r.refresh + #r.stderr.should be_empty + r.exit_code.should be_zero + end end end diff --git a/spec/system/nginx_mail_spec.rb b/spec/system/nginx_mail_spec.rb index 22d925796..71b4b5b92 100644 --- a/spec/system/nginx_mail_spec.rb +++ b/spec/system/nginx_mail_spec.rb @@ -1,7 +1,7 @@ require 'spec_helper_system' describe "nginx::resource::mailhost define:" do - context 'should run successfully' do + it 'should run successfully' do pp = " class { 'nginx': @@ -21,12 +21,12 @@ class { 'nginx': } " - context puppet_apply(pp) do - its(:exit_code) { should_not == 1 } - its(:refresh) { should be_nil } + puppet_apply(pp) do |r| + [0,2].should include r.exit_code + r.refresh # Not until deprecated variables fixed. - #its(:stderr) { should be_empty } - its(:exit_code) { should be_zero } + #r.stderr.should be_empty + r.exit_code.should be_zero end end diff --git a/spec/system/nginx_proxy_spec.rb b/spec/system/nginx_proxy_spec.rb index 9081eaacf..42cb7ed0a 100644 --- a/spec/system/nginx_proxy_spec.rb +++ b/spec/system/nginx_proxy_spec.rb @@ -1,7 +1,7 @@ require 'spec_helper_system' describe "nginx::resource::upstream define:" do - context 'should run successfully' do + it 'should run successfully' do pp = " class { 'nginx': } @@ -19,11 +19,11 @@ class { 'nginx': } } " - context puppet_apply(pp) do - its(:exit_code) { should_not == 1 } - its(:refresh) { should be_nil } - its(:stderr) { should be_empty } - its(:exit_code) { should be_zero } + puppet_apply(pp) do |r| + [0,2].should include r.exit_code + r.refresh + r.stderr.should be_empty + r.exit_code.should be_zero end end diff --git a/spec/system/nginx_vhost_spec.rb b/spec/system/nginx_vhost_spec.rb index f1865edf3..228b19ff3 100644 --- a/spec/system/nginx_vhost_spec.rb +++ b/spec/system/nginx_vhost_spec.rb @@ -1,21 +1,23 @@ require 'spec_helper_system' describe "nginx::resource::vhost define:" do - context 'should run successfully' do + context 'new vhost on port 80' do + it 'should configure a nginx vhost' do - pp = " - class { 'nginx': } - nginx::resource::vhost { 'www.puppetlabs.com': - ensure => present, - www_root => '/var/www/www.puppetlabs.com', - } - " + pp = " + class { 'nginx': } + nginx::resource::vhost { 'www.puppetlabs.com': + ensure => present, + www_root => '/var/www/www.puppetlabs.com', + } + " - context puppet_apply(pp) do - its(:exit_code) { should_not == 1 } - its(:refresh) { should be_nil } - its(:stderr) { should be_empty } - its(:exit_code) { should be_zero } + puppet_apply(pp) do |r| + [0,2].should include r.exit_code + r.refresh + r.stderr.should be_empty + r.exit_code.should be_zero + end end end From dd810866d0930f0c089e42de422df61ab3afa979 Mon Sep 17 00:00:00 2001 From: Matthew Haughton Date: Sat, 30 Nov 2013 18:52:55 -0500 Subject: [PATCH 06/18] add dummy (but valid) SSL cert/key nginx won't start if it can't get OpenSSL to validate the key/cert combo --- spec/spec_helper_system.rb | 40 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) diff --git a/spec/spec_helper_system.rb b/spec/spec_helper_system.rb index cbf1ec897..e16374a5a 100644 --- a/spec/spec_helper_system.rb +++ b/spec/spec_helper_system.rb @@ -21,5 +21,45 @@ puppet_module_install(:source => proj_root, :module_name => 'nginx') shell('puppet module install puppetlabs-apt') shell('puppet module install puppetlabs-stdlib') + + # Fake keys. + # Valid self-signed SSL key with 10 year expiry. + # Required for nginx to start when SSL enabled + shell('echo "-----BEGIN PRIVATE KEY----- +MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAOPchwRZRF4KmU6E +g7C6Pq9zhdLiQt9owdcLZNiZS+UVRQjeDHSy3titzh5YwSoQonlnSqd0g/PJ6kNA +O3CNOMVuzAddnAaHzW1J4Rt6sZwOuidtJC4t/hFCgz5NqOMgYOOfratQx00A7ZXK +TXMgNG79lDP5L/N06Ox53sOxhy4hAgMBAAECgYEAlfktCKi0fe0d8Hb5slUzMwmn +GCECAMeTZbXDH2jucg4ozOhRbHHaiOUEmCa0pLokJiHdGhBvVQMd5Dufo7nflZzE +mpZY0lCZE7HSeK6Bcbru/8w3vm3iBQTGK+MCaDtH5nQU7m/3cOXaenOX0ZmsTzRs +QE/V84S1fuO8bBPSz20CQQD9d4LxrBByosFxRdHsTb/nnqx/rzLEf4M3MC7uydPv +fDDbSRRSYpNxonQJfU3JrOk1WPWoXY30VQCv395s57X7AkEA5iOBT+ME8/PxuUUC +ZDjg21tAdkaiCQ5kgeVTmkD1k/gTwreOV2AexWGrrcW/MLaIhpDCpQkw37y5vrYw +UyDdkwJAAU+j8sIUF7O10nMtAc7pJjaQ59wtJA0QzbFHHN8YZI285vV60G5IGvdf +KElopJlrX2ZFZwiM2m2yIjbDPMb6DwJAbNoiUbzZHOInVTA0316fzGEu7kKeZZYv +J9lmX7GV9nUCM7lKVD2ckFOQNlMwCURs8ukJh7H/MfQ8Dt5xoQAMjQJBAOWpK6k6 +b0fTREZFZRGZBJcSu959YyMzhpSFA+lXkLNTWX8j1/D88H731oMSImoQNWcYx2dH +sCwOCDqu1nZ2LJ8= +-----END PRIVATE KEY-----" > /tmp/blah.key') + shell('echo "-----BEGIN CERTIFICATE----- +MIIDRjCCAq+gAwIBAgIJAL9m0V4sHW2tMA0GCSqGSIb3DQEBBQUAMIG7MQswCQYD +VQQGEwItLTESMBAGA1UECAwJU29tZVN0YXRlMREwDwYDVQQHDAhTb21lQ2l0eTEZ +MBcGA1UECgwQU29tZU9yZ2FuaXphdGlvbjEfMB0GA1UECwwWU29tZU9yZ2FuaXph +dGlvbmFsVW5pdDEeMBwGA1UEAwwVbG9jYWxob3N0LmxvY2FsZG9tYWluMSkwJwYJ +KoZIhvcNAQkBFhpyb290QGxvY2FsaG9zdC5sb2NhbGRvbWFpbjAeFw0xMzExMzAw +NzA3NDlaFw0yMzExMjgwNzA3NDlaMIG7MQswCQYDVQQGEwItLTESMBAGA1UECAwJ +U29tZVN0YXRlMREwDwYDVQQHDAhTb21lQ2l0eTEZMBcGA1UECgwQU29tZU9yZ2Fu +aXphdGlvbjEfMB0GA1UECwwWU29tZU9yZ2FuaXphdGlvbmFsVW5pdDEeMBwGA1UE +AwwVbG9jYWxob3N0LmxvY2FsZG9tYWluMSkwJwYJKoZIhvcNAQkBFhpyb290QGxv +Y2FsaG9zdC5sb2NhbGRvbWFpbjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA +49yHBFlEXgqZToSDsLo+r3OF0uJC32jB1wtk2JlL5RVFCN4MdLLe2K3OHljBKhCi +eWdKp3SD88nqQ0A7cI04xW7MB12cBofNbUnhG3qxnA66J20kLi3+EUKDPk2o4yBg +45+tq1DHTQDtlcpNcyA0bv2UM/kv83To7Hnew7GHLiECAwEAAaNQME4wHQYDVR0O +BBYEFP5Kkot/7pStLaYPtT+vngE0v6N8MB8GA1UdIwQYMBaAFP5Kkot/7pStLaYP +tT+vngE0v6N8MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAwYYQKVRN +HaHIWGMBuXApE7t4PNdYWZ5Y56tI+HT59yVoDjc1YSnuzkKlWUPibVYoLpX/ROKr +aIZ8kxsBjLvpi9KQTHi7Wl6Sw3ecoYdKy+2P8S5xOIpWjs8XVmOWf7Tq1+9KPv3z +HLw/FDCzntkdq3G4em15CdFlO9BTY4HXiHU= +-----END CERTIFICATE-----" > /tmp/blah.cert') end end From 9a39249e1a649a96fc8e23a404590437f6b1889f Mon Sep 17 00:00:00 2001 From: Matthew Haughton Date: Sat, 30 Nov 2013 19:07:37 -0500 Subject: [PATCH 07/18] more coverage for rspec-system --- spec/system/basic_spec.rb | 20 ++++++++++++ spec/system/class_spec.rb | 13 ++++++++ spec/system/nginx_vhost_spec.rb | 58 +++++++++++++++++++++++++++++++++ 3 files changed, 91 insertions(+) diff --git a/spec/system/basic_spec.rb b/spec/system/basic_spec.rb index 216f0c701..775c8b654 100644 --- a/spec/system/basic_spec.rb +++ b/spec/system/basic_spec.rb @@ -10,4 +10,24 @@ its(:exit_code) { should be_zero } end end + + #puppet smoke test + context puppet_apply 'notice("foo")' do + its(:stdout) { should =~ /foo/ } + its(:stderr) { should be_empty } + its(:exit_code) { should be_zero } + end + + it 'nginx class should work with no errors' do + pp = <<-EOS + class { 'nginx': } + EOS + + # Run it twice and test for idempotency + puppet_apply(pp) do |r| + [0,2].should include(r.exit_code) + r.refresh + r.exit_code.should be_zero + end + end end diff --git a/spec/system/class_spec.rb b/spec/system/class_spec.rb index 3d0594bf7..d8eff7c41 100644 --- a/spec/system/class_spec.rb +++ b/spec/system/class_spec.rb @@ -1,6 +1,15 @@ require 'spec_helper_system' describe "nginx class:" do + case node.facts['osfamily'] + when 'RedHat' + package_name = 'nginx' + when 'Debian' + package_name = 'nginx' + when 'Suse' + package_name = 'nginx-0.8' + end + context 'should run successfully' do it 'should run successfully' do pp = "class { 'nginx': }" @@ -15,6 +24,10 @@ end end + describe package(package_name) do + it { should be_installed } + end + describe service('nginx') do it { should be_running } end diff --git a/spec/system/nginx_vhost_spec.rb b/spec/system/nginx_vhost_spec.rb index 228b19ff3..2b3ce549a 100644 --- a/spec/system/nginx_vhost_spec.rb +++ b/spec/system/nginx_vhost_spec.rb @@ -10,6 +10,9 @@ class { 'nginx': } ensure => present, www_root => '/var/www/www.puppetlabs.com', } + host { 'www.puppetlabs.com': ip => '127.0.0.1', } + file { ['/var/www','/var/www/www.puppetlabs.com']: ensure => directory } + file { '/var/www/www.puppetlabs.com/index.html': ensure => file, content => 'Hello from www\n', } " puppet_apply(pp) do |r| @@ -19,6 +22,17 @@ class { 'nginx': } r.exit_code.should be_zero end end + + describe service('nginx') do + it { should be_running } + end + + it 'should answer to www.puppetlabs.com' do + shell("/usr/bin/curl http://www.puppetlabs.com:80") do |r| + r.stdout.should == "Hello from www\n" + r.exit_code.should be_zero + end + end end describe file('/etc/nginx/conf.d/vhost_autogen.conf') do @@ -26,4 +40,48 @@ class { 'nginx': } it { should contain "www.puppetlabs.com" } end + context 'should run successfully with ssl' do + it 'should configure a nginx SSL vhost' do + + pp = " + class { 'nginx': } + nginx::resource::vhost { 'www.puppetlabs.com': + ensure => present, + ssl => true, + ssl_cert => '/tmp/blah.cert', + ssl_key => '/tmp/blah.key', + www_root => '/var/www/www.puppetlabs.com', + } + host { 'www.puppetlabs.com': ip => '127.0.0.1', } + file { ['/var/www','/var/www/www.puppetlabs.com']: ensure => directory } + file { '/var/www/www.puppetlabs.com/index.html': ensure => file, content => 'Hello from www\n', } + " + + puppet_apply(pp) do |r| + [0,2].should include r.exit_code + r.refresh + r.stderr.should be_empty + r.exit_code.should be_zero + end + end + + describe service('nginx') do + it { should be_running } + end + + it 'should answer to http://www.puppetlabs.com' do + shell("/usr/bin/curl http://www.puppetlabs.com:80") do |r| + r.stdout.should == "Hello from www\n" + r.exit_code.should == 0 + end + end + + it 'should answer to https://www.puppetlabs.com' do + # use --insecure because it's a self-signed cert + shell("/usr/bin/curl --insecure https://www.puppetlabs.com:443") do |r| + r.stdout.should == "Hello from www\n" + r.exit_code.should == 0 + end + end + end end From 2459844373b06153318f24ba099ff43ea485bef6 Mon Sep 17 00:00:00 2001 From: Matthew Haughton Date: Sat, 30 Nov 2013 19:18:15 -0500 Subject: [PATCH 08/18] add puppetlabs-concat dependency --- Modulefile | 1 + Puppetfile | 1 + Puppetfile.lock | 2 ++ spec/classes/nginx_spec.rb | 3 +++ spec/defines/resource_location_spec.rb | 1 + spec/defines/resource_mailhost_spec.rb | 1 + spec/defines/resource_upstream_spec.rb | 4 ++++ spec/defines/resource_vhost_spec.rb | 1 + spec/spec_helper_system.rb | 1 + 9 files changed, 15 insertions(+) diff --git a/Modulefile b/Modulefile index 5e5a2f141..883abc0e8 100644 --- a/Modulefile +++ b/Modulefile @@ -9,3 +9,4 @@ project_page 'http://github.com/jfryman/puppet-nginx' dependency 'puppetlabs/stdlib', '>= 0.1.6' dependency 'puppetlabs/apt', '>= 1.0.0' +dependency 'puppetlabs/concat', '>= 1.0.0' diff --git a/Puppetfile b/Puppetfile index 7edb487a4..7a314f2e9 100644 --- a/Puppetfile +++ b/Puppetfile @@ -2,3 +2,4 @@ forge 'http://forge.puppetlabs.com' mod 'puppetlabs/stdlib', '>=0.1.6' mod 'puppetlabs/apt', '>=1.0.0' +mod 'puppetlabs/concat', '>=1.0.0' diff --git a/Puppetfile.lock b/Puppetfile.lock index 47783d2f8..aac666e40 100644 --- a/Puppetfile.lock +++ b/Puppetfile.lock @@ -3,9 +3,11 @@ FORGE specs: puppetlabs/apt (1.2.0) puppetlabs/stdlib (>= 2.2.1) + puppetlabs/concat (1.0.0) puppetlabs/stdlib (4.1.0) DEPENDENCIES puppetlabs/apt (>= 1.0.0) + puppetlabs/concat (>= 1.0.0) puppetlabs/stdlib (>= 0.1.6) diff --git a/spec/classes/nginx_spec.rb b/spec/classes/nginx_spec.rb index 44ccf3a38..3f6e7f7c0 100644 --- a/spec/classes/nginx_spec.rb +++ b/spec/classes/nginx_spec.rb @@ -16,6 +16,7 @@ :operatingsystem => 'Debian', :osfamily => 'Debian', :lsbdistcodename => 'precise', + :concat_basedir => '/var/lib/puppet/concat', } end @@ -34,6 +35,7 @@ :kernel => 'linux', :operatingsystem => 'RedHat', :osfamily => 'RedHat', + :concat_basedir => '/var/lib/puppet/concat', } end @@ -52,6 +54,7 @@ :kernel => 'linux', :operatingsystem => 'SuSE', :osfamily => 'Suse', + :concat_basedir => '/var/lib/puppet/concat', } end diff --git a/spec/defines/resource_location_spec.rb b/spec/defines/resource_location_spec.rb index 8d6e3470d..f445f9c40 100644 --- a/spec/defines/resource_location_spec.rb +++ b/spec/defines/resource_location_spec.rb @@ -9,6 +9,7 @@ :osfamily => 'Debian', :operatingsystem => 'debian', :kernel => 'Linux', + :concat_basedir => '/var/lib/puppet/concat', } end let :pre_condition do diff --git a/spec/defines/resource_mailhost_spec.rb b/spec/defines/resource_mailhost_spec.rb index 943e26a87..1a73030af 100644 --- a/spec/defines/resource_mailhost_spec.rb +++ b/spec/defines/resource_mailhost_spec.rb @@ -10,6 +10,7 @@ :operatingsystem => 'debian', :kernel => 'Linux', :ipaddress6 => '::', + :concat_basedir => '/var/lib/puppet/concat', } end let :default_params do diff --git a/spec/defines/resource_upstream_spec.rb b/spec/defines/resource_upstream_spec.rb index d12a9ccb5..7e54fcc04 100644 --- a/spec/defines/resource_upstream_spec.rb +++ b/spec/defines/resource_upstream_spec.rb @@ -5,6 +5,10 @@ 'upstream-test' end + let :facts do { + :concat_basedir => '/var/lib/puppet/concat', + } end + let :default_params do { :members => ['test'], diff --git a/spec/defines/resource_vhost_spec.rb b/spec/defines/resource_vhost_spec.rb index ccf75fc52..dd1c0c2e9 100644 --- a/spec/defines/resource_vhost_spec.rb +++ b/spec/defines/resource_vhost_spec.rb @@ -16,6 +16,7 @@ :operatingsystem => 'debian', :kernel => 'Linux', :ipaddress6 => '::', + :concat_basedir => '/var/lib/puppet/concat', } end let :pre_condition do diff --git a/spec/spec_helper_system.rb b/spec/spec_helper_system.rb index e16374a5a..aceafba95 100644 --- a/spec/spec_helper_system.rb +++ b/spec/spec_helper_system.rb @@ -21,6 +21,7 @@ puppet_module_install(:source => proj_root, :module_name => 'nginx') shell('puppet module install puppetlabs-apt') shell('puppet module install puppetlabs-stdlib') + shell('puppet module install puppetlabs-concat') # Fake keys. # Valid self-signed SSL key with 10 year expiry. From 2023ca1d6d0f22962ae27a31242aa62abca4f0e8 Mon Sep 17 00:00:00 2001 From: Matthew Haughton Date: Sat, 30 Nov 2013 19:49:41 -0500 Subject: [PATCH 09/18] switch mailhost resource to concat pattern --- manifests/resource/mailhost.pp | 36 +++++++++++------- spec/defines/resource_mailhost_spec.rb | 51 +++++++++++--------------- spec/system/nginx_mail_spec.rb | 2 +- 3 files changed, 45 insertions(+), 44 deletions(-) diff --git a/manifests/resource/mailhost.pp b/manifests/resource/mailhost.pp index 5279f0400..09ae55ffc 100644 --- a/manifests/resource/mailhost.pp +++ b/manifests/resource/mailhost.pp @@ -67,6 +67,13 @@ validate_array($server_name) + $file_ensure = $ensure ? { + 'absent' => absent, + default => 'file', + } + + $config_file = "${nginx::config::nx_conf_dir}/conf.mail.d/${name}.conf" + # Add IPv6 Logic Check - Nginx service will not start if ipv6 is enabled # and support does not exist for it in the kernel. if ($ipv6_enable and !$::ipaddress6) { @@ -80,28 +87,29 @@ } } - # Use the File Fragment Pattern to construct the configuration files. - # Create the base configuration file reference. + concat { $config_file: + # Waiting on https://github.com/puppetlabs/puppetlabs-concat/pull/39/files + #ensure => $file_ensure, + owner => 'root', + group => 'root', + mode => '0644', + notify => Class['nginx::service'], + } + if ($listen_port != $ssl_port) { - file { "${nginx::config::nx_temp_dir}/nginx.mail.d/${name}-001": - ensure => $ensure ? { - 'absent' => absent, - default => 'file', - }, + concat::fragment { "${name}-header": + target => $config_file, content => template('nginx/mailhost/mailhost.erb'), - notify => Class['nginx::service'], + order => '001', } } # Create SSL File Stubs if SSL is enabled if ($ssl) { - file { "${nginx::config::nx_temp_dir}/nginx.mail.d/${name}-700-ssl": - ensure => $ensure ? { - 'absent' => absent, - default => 'file', - }, + concat::fragment { "${name}-ssl": + target => $config_file, content => template('nginx/mailhost/mailhost_ssl.erb'), - notify => Class['nginx::service'], + order => '700', } } } diff --git a/spec/defines/resource_mailhost_spec.rb b/spec/defines/resource_mailhost_spec.rb index 1a73030af..9f71a6cd5 100644 --- a/spec/defines/resource_mailhost_spec.rb +++ b/spec/defines/resource_mailhost_spec.rb @@ -30,8 +30,13 @@ describe 'basic assumptions' do let :params do default_params end it { should include_class("nginx::config") } - it { should contain_file("/tmp/nginx.mail.d/#{title}-001") } - it { should_not contain_file("/tmp/nginx.mail.d/#{title}-700-ssl") } + it { should contain_concat("/etc/nginx/conf.mail.d/#{title}.conf").with({ + 'owner' => 'root', + 'group' => 'root', + 'mode' => '0644', + })} + it { should contain_concat__fragment("#{title}-header") } + it { should_not contain_concat__fragment("#{title}-ssl") } end describe "mailhost template content" do @@ -124,10 +129,10 @@ context "when #{param[:attr]} is #{param[:value]}" do let :params do default_params.merge({ param[:attr].to_sym => param[:value] }) end - it { should contain_file("/tmp/nginx.mail.d/#{title}-001").with_mode('0644') } + it { should contain_concat__fragment("#{title}-header") } it param[:title] do - verify_contents(subject, "/tmp/nginx.mail.d/#{title}-001", Array(param[:match])) - lines = subject.resource('file', "/tmp/nginx.mail.d/#{title}-001").send(:parameters)[:content].split("\n") + lines = subject.resource('concat::fragment', "#{title}-header").send(:parameters)[:content].split("\n") + (lines & Array(param[:match])).should == Array(param[:match]) (Array(param[:notmatch]).collect { |x| lines.grep x }.flatten).should be_empty end end @@ -176,10 +181,10 @@ } end let :params do default_params.merge({ param[:attr].to_sym => param[:value] }) end - it { should contain_file("/tmp/nginx.mail.d/#{title}-001").with_mode('0644') } + it { should contain_concat__fragment("#{title}-header") } it param[:title] do - verify_contents(subject, "/tmp/nginx.mail.d/#{title}-001", Array(param[:match])) - lines = subject.resource('file', "/tmp/nginx.mail.d/#{title}-001").send(:parameters)[:content].split("\n") + lines = subject.resource('concat::fragment', "#{title}-header").send(:parameters)[:content].split("\n") + (lines & Array(param[:match])).should == Array(param[:match]) (Array(param[:notmatch]).collect { |x| lines.grep x }.flatten).should be_empty end end @@ -271,10 +276,10 @@ } end let :params do default_params.merge({ param[:attr].to_sym => param[:value] }) end - it { should contain_file("/tmp/nginx.mail.d/#{title}-700-ssl").with_mode('0644') } + it { should contain_concat__fragment("#{title}-ssl") } it param[:title] do - verify_contents(subject, "/tmp/nginx.mail.d/#{title}-700-ssl", Array(param[:match])) - lines = subject.resource('file', "/tmp/nginx.mail.d/#{title}-001").send(:parameters)[:content].split("\n") + lines = subject.resource('concat::fragment', "#{title}-ssl").send(:parameters)[:content].split("\n") + (lines & Array(param[:match])).should == Array(param[:match]) (Array(param[:notmatch]).collect { |x| lines.grep x }.flatten).should be_empty end end @@ -342,7 +347,7 @@ :ssl_port => 443, }) end - it { should contain_file("/tmp/nginx.mail.d/#{title}-001") } + it { should contain_concat__fragment("#{title}-header") } end context 'when listen_port == ssl_port' do @@ -351,19 +356,7 @@ :ssl_port => 80, }) end - it { should_not contain_file("/tmp/nginx.mail.d/#{title}-001") } - end - - context 'when ensure => absent' do - let :params do default_params.merge({ - :ensure => 'absent', - :ssl => true, - :ssl_key => 'dummy.key', - :ssl_cert => 'dummy.cert', - }) end - - it { should contain_file("/tmp/nginx.mail.d/#{title}-001").with_ensure('absent') } - it { should contain_file("/tmp/nginx.mail.d/#{title}-700-ssl").with_ensure('absent') } + it { should_not contain_concat__fragment("#{title}-header") } end context 'when ssl => true' do @@ -374,8 +367,8 @@ :ssl_cert => 'dummy.cert', }) end - it { should contain_file("/tmp/nginx.mail.d/#{title}-001") } - it { should contain_file("/tmp/nginx.mail.d/#{title}-700-ssl") } + it { should contain_concat__fragment("#{title}-header") } + it { should contain_concat__fragment("#{title}-ssl") } end context 'when ssl => false' do @@ -384,8 +377,8 @@ :ssl => false, }) end - it { should contain_file("/tmp/nginx.mail.d/#{title}-001") } - it { should_not contain_file("/tmp/nginx.mail.d/#{title}-700-ssl") } + it { should contain_concat__fragment("#{title}-header") } + it { should_not contain_concat__fragment("#{title}-ssl") } end end end diff --git a/spec/system/nginx_mail_spec.rb b/spec/system/nginx_mail_spec.rb index 71b4b5b92..f8ec265b1 100644 --- a/spec/system/nginx_mail_spec.rb +++ b/spec/system/nginx_mail_spec.rb @@ -30,7 +30,7 @@ class { 'nginx': end end - describe file('/etc/nginx/conf.mail.d/vhost_autogen.conf') do + describe file('/etc/nginx/conf.mail.d/domain1.example.conf') do it { should be_file } it { should contain "auth_http localhost/cgi-bin/auth;" } end From 753283286fa415a5cb0aa0ff38efd684ba81e413 Mon Sep 17 00:00:00 2001 From: Matthew Haughton Date: Sat, 30 Nov 2013 19:51:31 -0500 Subject: [PATCH 10/18] switch vhost resource to concat pattern Also uses sites-available/enabled pattern for config files --- manifests/config.pp | 8 ++++ manifests/resource/vhost.pp | 68 ++++++++++++++++++--------- spec/defines/resource_vhost_spec.rb | 71 ++++++++++++++++------------- spec/system/nginx_mail_spec.rb | 4 ++ spec/system/nginx_proxy_spec.rb | 2 +- spec/system/nginx_vhost_spec.rb | 18 ++++++++ templates/conf.d/nginx.conf.erb | 1 + 7 files changed, 117 insertions(+), 55 deletions(-) diff --git a/manifests/config.pp b/manifests/config.pp index 89fba7a5c..103ee55b9 100644 --- a/manifests/config.pp +++ b/manifests/config.pp @@ -80,6 +80,14 @@ owner => $nginx::params::nx_daemon_user, } + file { "${nginx::params::nx_conf_dir}/sites-available": + ensure => directory, + } + + file { "${nginx::params::nx_conf_dir}/sites-enabled": + ensure => directory, + } + file { '/etc/nginx/sites-enabled/default': ensure => absent, } diff --git a/manifests/resource/vhost.pp b/manifests/resource/vhost.pp index b1d7f956a..3edceefc5 100644 --- a/manifests/resource/vhost.pp +++ b/manifests/resource/vhost.pp @@ -144,6 +144,20 @@ validate_array($index_files) validate_array($server_name) + # Variables + $file_ensure = $ensure ? { + 'absent' => absent, + default => 'file', + } + + $vhost_dir = "${nginx::config::nx_conf_dir}/sites-available" + $vhost_enable_dir = "${nginx::config::nx_conf_dir}/sites-enabled" + $vhost_symlink_ensure = $ensure ? { + 'absent' => absent, + default => 'link', + } + $config_file = "${vhost_dir}/${name}.conf" + File { ensure => $ensure ? { 'absent' => absent, @@ -181,6 +195,15 @@ default => $error_log, } + concat { $config_file: + # Waiting on https://github.com/puppetlabs/puppetlabs-concat/pull/39/files + #ensure => $file_ensure, + owner => 'root', + group => 'root', + mode => '0644', + notify => Class['nginx::service'], + } + if ($ssl == true) and ($ssl_port == $listen_port) { $ssl_only = true } @@ -231,22 +254,21 @@ } } - # Use the File Fragment Pattern to construct the configuration files. - # Create the base configuration file reference. if ($listen_port != $ssl_port) { - file { "${nginx::config::nx_temp_dir}/nginx.d/${name}-001": - ensure => $ensure ? { - 'absent' => absent, - default => 'file', - }, + concat::fragment { "${name}-header": + target => $config_file, content => template('nginx/vhost/vhost_header.erb'), - notify => Class['nginx::service'], + order => '001', } } # Create a proper file close stub. if ($listen_port != $ssl_port) { - file { "${nginx::config::nx_temp_dir}/nginx.d/${name}-699": content => template('nginx/vhost/vhost_footer.erb'), } + concat::fragment { "${name}-footer": + target => $config_file, + content => template('nginx/vhost/vhost_footer.erb'), + order => '699', + } } # Create SSL File Stubs if SSL is enabled @@ -260,25 +282,19 @@ undef => "${nginx::params::nx_logdir}/ssl-${domain_log_name}.error.log", default => $error_log, } - file { "${nginx::config::nx_temp_dir}/nginx.d/${name}-700-ssl": - ensure => $ensure ? { - 'absent' => absent, - default => 'file', - }, + + concat::fragment { "${name}-ssl-header": + target => $config_file, content => template('nginx/vhost/vhost_ssl_header.erb'), - notify => Class['nginx::service'], + order => '700', } - file { "${nginx::config::nx_temp_dir}/nginx.d/${name}-999-ssl": - ensure => $ensure ? { - 'absent' => absent, - default => 'file', - }, + concat::fragment { "${name}-ssl-footer": + target => $config_file, content => template('nginx/vhost/vhost_ssl_footer.erb'), - notify => Class['nginx::service'], + order => '999', } #Generate ssl key/cert with provided file-locations - $cert = regsubst($name,' ','_') # Check if the file has been defined before creating the file to @@ -294,4 +310,12 @@ source => $ssl_key, }) } + + file{ "${name}.conf symlink": + ensure => $vhost_symlink_ensure, + path => "${vhost_enable_dir}/${name}.conf", + target => $config_file, + require => Concat[$config_file], + notify => Service['nginx'], + } } diff --git a/spec/defines/resource_vhost_spec.rb b/spec/defines/resource_vhost_spec.rb index dd1c0c2e9..e65ae2f71 100644 --- a/spec/defines/resource_vhost_spec.rb +++ b/spec/defines/resource_vhost_spec.rb @@ -32,11 +32,21 @@ let :params do default_params end it { should include_class("nginx::params") } it { should include_class("nginx::config") } - it { should contain_file("/tmp/nginx.d/#{title}-001").with_content(%r{access_log[ ]+/var/log/nginx/www\.rspec\.example\.com\.access\.log}) } - it { should contain_file("/tmp/nginx.d/#{title}-001").with_content(%r{error_log[ ]+/var/log/nginx/www\.rspec\.example\.com\.error\.log}) } + it { should contain_concat("/etc/nginx/sites-available/#{title}.conf").with({ + 'owner' => 'root', + 'group' => 'root', + 'mode' => '0644', + })} + it { should contain_concat__fragment("#{title}-header").with_content(%r{access_log[ ]+/var/log/nginx/www\.rspec\.example\.com\.access\.log}) } + it { should contain_concat__fragment("#{title}-header").with_content(%r{error_log[ ]+/var/log/nginx/www\.rspec\.example\.com\.error\.log}) } + it { should contain_concat__fragment("#{title}-footer") } it { should contain_nginx__resource__location("#{title}-default") } - it { should contain_file("/tmp/nginx.d/#{title}-699") } it { should_not contain_file("/etc/nginx/fastcgi_params") } + it { should contain_file("#{title}.conf symlink").with({ + 'ensure' => 'link', + 'path' => "/etc/nginx/sites-enabled/#{title}.conf", + 'target' => "/etc/nginx/sites-available/#{title}.conf" + })} end describe "vhost_header template content" do @@ -190,10 +200,10 @@ context "when #{param[:attr]} is #{param[:value]}" do let :params do default_params.merge({ param[:attr].to_sym => param[:value] }) end - it { should contain_file("/tmp/nginx.d/#{title}-001").with_mode('0644') } + it { should contain_concat__fragment("#{title}-header") } it param[:title] do - verify_contents(subject, "/tmp/nginx.d/#{title}-001", Array(param[:match])) - lines = subject.resource('file', "/tmp/nginx.d/#{title}-001").send(:parameters)[:content].split("\n") + lines = subject.resource('concat::fragment', "#{title}-header").send(:parameters)[:content].split("\n") + (lines & Array(param[:match])).should == Array(param[:match]) (Array(param[:notmatch]).collect { |x| lines.grep x }.flatten).should be_empty end end @@ -245,10 +255,10 @@ context "when #{param[:attr]} is #{param[:value]}" do let :params do default_params.merge({ param[:attr].to_sym => param[:value] }) end - it { should contain_file("/tmp/nginx.d/#{title}-699").with_mode('0644') } + it { should contain_concat__fragment("#{title}-footer") } it param[:title] do - verify_contents(subject, "/tmp/nginx.d/#{title}-699", Array(param[:match])) - lines = subject.resource('file', "/tmp/nginx.d/#{title}-699").send(:parameters)[:content].split("\n") + lines = subject.resource('concat::fragment', "#{title}-footer").send(:parameters)[:content].split("\n") + (lines & Array(param[:match])).should == Array(param[:match]) (Array(param[:notmatch]).collect { |x| lines.grep x }.flatten).should be_empty end end @@ -409,10 +419,10 @@ :ssl_key => 'dummy.key', :ssl_cert => 'dummy.crt', }) end - it { should contain_file("/tmp/nginx.d/#{title}-700-ssl").with_mode('0644') } + it { should contain_concat__fragment("#{title}-ssl-header") } it param[:title] do - verify_contents(subject, "/tmp/nginx.d/#{title}-700-ssl", Array(param[:match])) - lines = subject.resource('file', "/tmp/nginx.d/#{title}-700-ssl").send(:parameters)[:content].split("\n") + lines = subject.resource('concat::fragment', "#{title}-ssl-header").send(:parameters)[:content].split("\n") + (lines & Array(param[:match])).should == Array(param[:match]) (Array(param[:notmatch]).collect { |x| lines.grep x }.flatten).should be_empty end end @@ -469,10 +479,10 @@ :ssl_cert => 'dummy.crt', }) end - it { should contain_file("/tmp/nginx.d/#{title}-999-ssl").with_mode('0644') } + it { should contain_concat__fragment("#{title}-ssl-footer") } it param[:title] do - verify_contents(subject, "/tmp/nginx.d/#{title}-999-ssl", Array(param[:match])) - lines = subject.resource('file', "/tmp/nginx.d/#{title}-999-ssl").send(:parameters)[:content].split("\n") + lines = subject.resource('concat::fragment', "#{title}-ssl-footer").send(:parameters)[:content].split("\n") + (lines & Array(param[:match])).should == Array(param[:match]) (Array(param[:notmatch]).collect { |x| lines.grep x }.flatten).should be_empty end end @@ -537,8 +547,8 @@ :ssl_port => 80, }) end - it { should_not contain_file("/tmp/nginx.d/#{title}-001") } - it { should_not contain_file("/tmp/nginx.d/#{title}-699") } + it { should_not contain_concat__fragment("#{title}-header") } + it { should_not contain_concat__fragment("#{title}-footer") } end context 'when listen_port != ssl_port' do @@ -547,8 +557,8 @@ :ssl_port => 443, }) end - it { should contain_file("/tmp/nginx.d/#{title}-001") } - it { should contain_file("/tmp/nginx.d/#{title}-699") } + it { should contain_concat__fragment("#{title}-header") } + it { should contain_concat__fragment("#{title}-footer") } end context 'when ensure => absent' do @@ -559,11 +569,8 @@ :ssl_cert => 'dummy.cert', }) end - it { should contain_file("/tmp/nginx.d/#{title}-001").with_ensure('absent') } - it { should contain_file("/tmp/nginx.d/#{title}-699").with_ensure('absent') } - it { should contain_file("/tmp/nginx.d/#{title}-700-ssl").with_ensure('absent') } - it { should contain_file("/tmp/nginx.d/#{title}-999-ssl").with_ensure('absent') } it { should contain_nginx__resource__location("#{title}-default").with_ensure('absent') } + it { should contain_file("#{title}.conf symlink").with_ensure('absent') } end context 'when ssl => true and ssl_port == listen_port' do @@ -576,9 +583,9 @@ }) end it { should contain_nginx__resource__location("#{title}-default").with_ssl_only(true) } - it { should contain_file("/tmp/nginx.d/#{title}-700-ssl").with_content(%r{access_log[ ]+/var/log/nginx/ssl-www\.rspec\.example\.com\.access\.log}) } - it { should contain_file("/tmp/nginx.d/#{title}-700-ssl").with_content(%r{error_log[ ]+/var/log/nginx/ssl-www\.rspec\.example\.com\.error\.log}) } - it { should contain_file("/tmp/nginx.d/#{title}-999-ssl") } + it { should contain_concat__fragment("#{title}-ssl-header").with_content(%r{access_log[ ]+/var/log/nginx/ssl-www\.rspec\.example\.com\.access\.log}) } + it { should contain_concat__fragment("#{title}-ssl-header").with_content(%r{error_log[ ]+/var/log/nginx/ssl-www\.rspec\.example\.com\.error\.log}) } + it { should contain_concat__fragment("#{title}-ssl-footer") } it { should contain_file("/etc/nginx/#{title}.crt") } it { should contain_file("/etc/nginx/#{title}.key") } end @@ -588,9 +595,9 @@ :passenger_cgi_param => { 'test1' => 'test value 1', 'test2' => 'test value 2', 'test3' => 'test value 3' } }) end - it { should contain_file("/tmp/nginx.d/#{title}-001").with_content( /passenger_set_cgi_param test1 test value 1;/ ) } - it { should contain_file("/tmp/nginx.d/#{title}-001").with_content( /passenger_set_cgi_param test2 test value 2;/ ) } - it { should contain_file("/tmp/nginx.d/#{title}-001").with_content( /passenger_set_cgi_param test3 test value 3;/ ) } + it { should contain_concat__fragment("#{title}-header").with_content( /passenger_set_cgi_param test1 test value 1;/ ) } + it { should contain_concat__fragment("#{title}-header").with_content( /passenger_set_cgi_param test2 test value 2;/ ) } + it { should contain_concat__fragment("#{title}-header").with_content( /passenger_set_cgi_param test3 test value 3;/ ) } end context 'when passenger_cgi_param is set and ssl => true' do @@ -601,9 +608,9 @@ :ssl_cert => 'dummy.cert', }) end - it { should contain_file("/tmp/nginx.d/#{title}-700-ssl").with_content( /passenger_set_cgi_param test1 test value 1;/ ) } - it { should contain_file("/tmp/nginx.d/#{title}-700-ssl").with_content( /passenger_set_cgi_param test2 test value 2;/ ) } - it { should contain_file("/tmp/nginx.d/#{title}-700-ssl").with_content( /passenger_set_cgi_param test3 test value 3;/ ) } + it { should contain_concat__fragment("#{title}-ssl-header").with_content( /passenger_set_cgi_param test1 test value 1;/ ) } + it { should contain_concat__fragment("#{title}-ssl-header").with_content( /passenger_set_cgi_param test2 test value 2;/ ) } + it { should contain_concat__fragment("#{title}-ssl-header").with_content( /passenger_set_cgi_param test3 test value 3;/ ) } end end end diff --git a/spec/system/nginx_mail_spec.rb b/spec/system/nginx_mail_spec.rb index f8ec265b1..e8cce6cf1 100644 --- a/spec/system/nginx_mail_spec.rb +++ b/spec/system/nginx_mail_spec.rb @@ -35,4 +35,8 @@ class { 'nginx': it { should contain "auth_http localhost/cgi-bin/auth;" } end + describe file('/etc/nginx/sites-available/www.puppetlabs.com.conf') do + it { should be_file } + end + end diff --git a/spec/system/nginx_proxy_spec.rb b/spec/system/nginx_proxy_spec.rb index 42cb7ed0a..09b188565 100644 --- a/spec/system/nginx_proxy_spec.rb +++ b/spec/system/nginx_proxy_spec.rb @@ -35,7 +35,7 @@ class { 'nginx': } it { should_not contain "server localhost:3003" } end - describe file('/etc/nginx/conf.d/vhost_autogen.conf') do + describe file('/etc/nginx/sites-available/rack.puppetlabs.com.conf') do it { should be_file } it { should contain "proxy_pass http://puppet_rack_app;" } end diff --git a/spec/system/nginx_vhost_spec.rb b/spec/system/nginx_vhost_spec.rb index 2b3ce549a..fe2244797 100644 --- a/spec/system/nginx_vhost_spec.rb +++ b/spec/system/nginx_vhost_spec.rb @@ -23,6 +23,15 @@ class { 'nginx': } end end + describe file('/etc/nginx/sites-available/www.puppetlabs.com.conf') do + it { should be_file } + it { should contain "www.puppetlabs.com" } + end + + describe file('/etc/nginx/sites-enabled/www.puppetlabs.com.conf') do + it { should be_linked_to '/etc/nginx/sites-available/www.puppetlabs.com.conf' } + end + describe service('nginx') do it { should be_running } end @@ -65,6 +74,15 @@ class { 'nginx': } end end + describe file('/etc/nginx/sites-available/www.puppetlabs.com.conf') do + it { should be_file } + it { should contain "ssl on;" } + end + + describe file('/etc/nginx/sites-enabled/www.puppetlabs.com.conf') do + it { should be_linked_to '/etc/nginx/sites-available/www.puppetlabs.com.conf' } + end + describe service('nginx') do it { should be_running } end diff --git a/templates/conf.d/nginx.conf.erb b/templates/conf.d/nginx.conf.erb index 5c38de839..925044a3a 100644 --- a/templates/conf.d/nginx.conf.erb +++ b/templates/conf.d/nginx.conf.erb @@ -44,6 +44,7 @@ http { <% end -%> include /etc/nginx/conf.d/*.conf; + include <%= scope.lookupvar('nginx::params::nx_conf_dir') %>/sites-enabled/*; } <% if scope.lookupvar('nginx::mail') %> From d849c31c35d0fdbf78aed9e97499326214cba23c Mon Sep 17 00:00:00 2001 From: Matthew Haughton Date: Sat, 30 Nov 2013 19:52:12 -0500 Subject: [PATCH 11/18] switch location resource to concat pattern --- manifests/resource/location.pp | 11 ++++-- spec/defines/resource_location_spec.rb | 52 +++++++++++++------------- 2 files changed, 32 insertions(+), 31 deletions(-) diff --git a/manifests/resource/location.pp b/manifests/resource/location.pp index 3fd96e3f3..233f78e69 100644 --- a/manifests/resource/location.pp +++ b/manifests/resource/location.pp @@ -129,6 +129,7 @@ 'absent' => absent, default => file, } + $config_file = "${nginx::config::nx_conf_dir}/sites-available/${vhost}.conf" $location_sanitized = regsubst($location, '\/', '_', 'G') @@ -168,18 +169,20 @@ ## Create stubs for vHost File Fragment Pattern if ($ssl_only != true) { - file {"${nginx::config::nx_temp_dir}/nginx.d/${vhost}-${priority}-${location_sanitized}": - ensure => $ensure_real, + concat::fragment { "${vhost}-${priority}-${location_sanitized}": + target => $config_file, content => $content_real, + order => $priority, } } ## Only create SSL Specific locations if $ssl is true. if ($ssl == true) { $ssl_priority = $priority + 300 - file {"${nginx::config::nx_temp_dir}/nginx.d/${vhost}-${ssl_priority}-${location_sanitized}-ssl": - ensure => $ensure_real, + concat::fragment {"${vhost}-${ssl_priority}-${location_sanitized}-ssl": + target => $config_file, content => $content_real, + order => $ssl_priority, } } diff --git a/spec/defines/resource_location_spec.rb b/spec/defines/resource_location_spec.rb index f445f9c40..666b6f877 100644 --- a/spec/defines/resource_location_spec.rb +++ b/spec/defines/resource_location_spec.rb @@ -29,9 +29,9 @@ it { should include_class("nginx::params") } it { should include_class("nginx::config") } - it { should contain_file("/tmp/nginx.d/vhost1-500-rspec-test").with_content(/location rspec-test/) } + it { should contain_concat__fragment("vhost1-500-rspec-test").with_content(/location rspec-test/) } it { should_not contain_file('/etc/nginx/fastcgi_params') } - it { should_not contain_file("/tmp/nginx.d/vhost1-800-rspec-test-ssl") } + it { should_not contain_concat__fragment("vhost1-800-rspec-test-ssl") } it { should_not contain_file("/etc/nginx/rspec-test_htpasswd") } end @@ -92,10 +92,10 @@ let :default_params do { :location => 'location', :proxy => 'proxy_value', :vhost => 'vhost1' } end let :params do default_params.merge({ param[:attr].to_sym => param[:value] }) end - it { should contain_file("/tmp/nginx.d/vhost1-500-#{params[:location]}") } + it { should contain_concat__fragment("vhost1-500-#{params[:location]}") } it param[:title] do - verify_contents(subject, "/tmp/nginx.d/vhost1-500-#{params[:location]}", Array(param[:match])) - lines = subject.resource('file', "/tmp/nginx.d/vhost1-500-#{params[:location]}").send(:parameters)[:content].split("\n") + lines = subject.resource('concat::fragment', "vhost1-500-#{params[:location]}").send(:parameters)[:content].split("\n") + (lines & Array(param[:match])).should == Array(param[:match]) (Array(param[:notmatch]).collect { |x| lines.grep x }.flatten).should be_empty end end @@ -110,7 +110,7 @@ :proxy_cache_valid => '10m', } end - it { should contain_file("/tmp/nginx.d/vhost1-500-location").with_content(/proxy_cache_valid 10m;/) } + it { should contain_concat__fragment("vhost1-500-location").with_content(/proxy_cache_valid 10m;/) } end end @@ -153,10 +153,10 @@ let :default_params do { :location => 'location', :location_alias => 'location_alias_value', :vhost => 'vhost1' } end let :params do default_params.merge({ param[:attr].to_sym => param[:value] }) end - it { should contain_file("/tmp/nginx.d/vhost1-500-#{params[:location]}") } + it { should contain_concat__fragment("vhost1-500-#{params[:location]}") } it param[:title] do - verify_contents(subject, "/tmp/nginx.d/vhost1-500-#{params[:location]}", Array(param[:match])) - lines = subject.resource('file', "/tmp/nginx.d/vhost1-500-#{params[:location]}").send(:parameters)[:content].split("\n") + lines = subject.resource('concat::fragment', "vhost1-500-#{params[:location]}").send(:parameters)[:content].split("\n") + (lines & Array(param[:match])).should == Array(param[:match]) (Array(param[:notmatch]).collect { |x| lines.grep x }.flatten).should be_empty end end @@ -196,10 +196,10 @@ let :default_params do { :location => 'location', :stub_status => true, :vhost => 'vhost1' } end let :params do default_params.merge({ param[:attr].to_sym => param[:value] }) end - it { should contain_file("/tmp/nginx.d/vhost1-500-#{params[:location]}").with_content(/stub_status on;/) } + it { should contain_concat__fragment("vhost1-500-#{params[:location]}") } it param[:title] do - verify_contents(subject, "/tmp/nginx.d/vhost1-500-#{params[:location]}", Array(param[:match])) - lines = subject.resource('file', "/tmp/nginx.d/vhost1-500-#{params[:location]}").send(:parameters)[:content].split("\n") + lines = subject.resource('concat::fragment', "vhost1-500-#{params[:location]}").send(:parameters)[:content].split("\n") + (lines & Array(param[:match])).should == Array(param[:match]) (Array(param[:notmatch]).collect { |x| lines.grep x }.flatten).should be_empty end end @@ -281,10 +281,10 @@ let :default_params do { :location => 'location', :fastcgi => true, :vhost => 'vhost1' } end let :params do default_params.merge({ param[:attr].to_sym => param[:value] }) end - it { should contain_file("/tmp/nginx.d/vhost1-500-#{params[:location]}") } + it { should contain_concat__fragment("vhost1-500-#{params[:location]}") } it param[:title] do - verify_contents(subject, "/tmp/nginx.d/vhost1-500-#{params[:location]}", Array(param[:match])) - lines = subject.resource('file', "/tmp/nginx.d/vhost1-500-#{params[:location]}").send(:parameters)[:content].split("\n") + lines = subject.resource('concat::fragment', "vhost1-500-#{params[:location]}").send(:parameters)[:content].split("\n") + (lines & Array(param[:match])).should == Array(param[:match]) (Array(param[:notmatch]).collect { |x| lines.grep x }.flatten).should be_empty end end @@ -366,10 +366,10 @@ let :default_params do { :location => 'location', :www_root => '/var/www/root', :vhost => 'vhost1' } end let :params do default_params.merge({ param[:attr].to_sym => param[:value] }) end - it { should contain_file("/tmp/nginx.d/vhost1-500-#{params[:location]}") } + it { should contain_concat__fragment("vhost1-500-#{params[:location]}") } it param[:title] do - verify_contents(subject, "/tmp/nginx.d/vhost1-500-#{params[:location]}", Array(param[:match])) - lines = subject.resource('file', "/tmp/nginx.d/vhost1-500-#{params[:location]}").send(:parameters)[:content].split("\n") + lines = subject.resource('concat::fragment', "vhost1-500-#{params[:location]}").send(:parameters)[:content].split("\n") + (lines & Array(param[:match])).should == Array(param[:match]) (Array(param[:notmatch]).collect { |x| lines.grep x }.flatten).should be_empty end end @@ -399,10 +399,10 @@ let :default_params do { :location => 'location', :location_custom_cfg => {'test1'=>'value1'}, :vhost => 'vhost1' } end let :params do default_params.merge({ param[:attr].to_sym => param[:value] }) end - it { should contain_file("/tmp/nginx.d/vhost1-500-#{params[:location]}") } + it { should contain_concat__fragment("vhost1-500-#{params[:location]}") } it param[:title] do - verify_contents(subject, "/tmp/nginx.d/vhost1-500-#{params[:location]}", Array(param[:match])) - lines = subject.resource('file', "/tmp/nginx.d/vhost1-500-#{params[:location]}").send(:parameters)[:content].split("\n") + lines = subject.resource('concat::fragment', "vhost1-500-#{params[:location]}").send(:parameters)[:content].split("\n") + (lines & Array(param[:match])).should == Array(param[:match]) (Array(param[:notmatch]).collect { |x| lines.grep x }.flatten).should be_empty end end @@ -418,25 +418,25 @@ context 'when ssl_only => true' do let :params do { :ssl_only => true, :vhost => 'vhost1', :www_root => '/', } end - it { should_not contain_file("/tmp/nginx.d/vhost1-500-rspec-test") } + it { should_not contain_concat__fragment("vhost1-500-rspec-test") } end context 'when ssl_only => false' do let :params do { :ssl_only => false, :vhost => 'vhost1', :www_root => '/', } end - it { should contain_file("/tmp/nginx.d/vhost1-500-rspec-test") } + it { should contain_concat__fragment("vhost1-500-rspec-test") } end context 'when ssl => true' do let :params do { :ssl => true, :vhost => 'vhost1', :www_root => '/', } end - it { should contain_file("/tmp/nginx.d/vhost1-800-rspec-test-ssl") } + it { should contain_concat__fragment("vhost1-800-rspec-test-ssl") } end context 'when ssl => false' do let :params do { :ssl => false, :vhost => 'vhost1', :www_root => '/', } end - it { should_not contain_file("/tmp/nginx.d/vhost1-800-rspec-test-ssl") } + it { should_not contain_concat__fragment("vhost1-800-rspec-test-ssl") } end context 'when auth_basic_user_file => true' do @@ -454,8 +454,6 @@ :auth_basic_user_file => true, } end - it { should contain_file("/tmp/nginx.d/vhost1-500-rspec-test").with_ensure('absent') } - it { should contain_file("/tmp/nginx.d/vhost1-800-rspec-test-ssl").with_ensure('absent') } it { should contain_file("/etc/nginx/rspec-test_htpasswd").with_ensure('absent') } end From eb31df40d6620790a9a6eb82496bdd56e5a3eff3 Mon Sep 17 00:00:00 2001 From: Matthew Haughton Date: Sat, 30 Nov 2013 19:56:38 -0500 Subject: [PATCH 12/18] Remove vhost and mailhost vhost_autogen.conf Don't generate it anymore, and remove any existing file from people's systems --- manifests/config.pp | 21 ++++++++------------- manifests/params.pp | 1 - manifests/service.pp | 13 ------------- spec/classes/config_spec.rb | 19 ++----------------- spec/classes/service_spec.rb | 17 +---------------- spec/system/nginx_vhost_spec.rb | 5 ----- 6 files changed, 11 insertions(+), 65 deletions(-) diff --git a/manifests/config.pp b/manifests/config.pp index 103ee55b9..05c574084 100644 --- a/manifests/config.pp +++ b/manifests/config.pp @@ -49,7 +49,6 @@ } if $confd_purge == true { File["${nginx::params::nx_conf_dir}/conf.d"] { - ignore => 'vhost_autogen.conf', purge => true, recurse => true, } @@ -60,12 +59,19 @@ } if $confd_purge == true { File["${nginx::params::nx_conf_dir}/conf.mail.d"] { - ignore => 'vhost_autogen.conf', purge => true, recurse => true, } } + file { "${nginx::params::nx_conf_dir}/conf.d/vhost_autogen.conf": + ensure => absent, + } + + file { "${nginx::params::nx_conf_dir}/conf.mail.d/vhost_autogen.conf": + ensure => absent, + } + file {$nginx::config::nx_run_dir: ensure => directory, } @@ -102,15 +108,4 @@ content => template('nginx/conf.d/proxy.conf.erb'), } - file { "${nginx::config::nx_temp_dir}/nginx.d": - ensure => directory, - purge => true, - recurse => true, - } - - file { "${nginx::config::nx_temp_dir}/nginx.mail.d": - ensure => directory, - purge => true, - recurse => true, - } } diff --git a/manifests/params.pp b/manifests/params.pp index 2356f32d5..982c64bf6 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -14,7 +14,6 @@ # # This class file is not called directly class nginx::params { - $nx_temp_dir = '/tmp' $nx_run_dir = '/var/nginx' $nx_conf_dir = '/etc/nginx' diff --git a/manifests/service.pp b/manifests/service.pp index 8441f3e4d..e71220c67 100644 --- a/manifests/service.pp +++ b/manifests/service.pp @@ -17,24 +17,11 @@ $configtest_enable = $nginx::params::nx_configtest_enable, $service_restart = $nginx::params::nx_service_restart ) { - exec { 'rebuild-nginx-vhosts': - command => "/bin/cat ${nginx::params::nx_temp_dir}/nginx.d/* > ${nginx::params::nx_conf_dir}/conf.d/vhost_autogen.conf", - refreshonly => true, - unless => "/usr/bin/test ! -f ${nginx::params::nx_temp_dir}/nginx.d/*", - subscribe => File["${nginx::params::nx_temp_dir}/nginx.d"], - } - exec { 'rebuild-nginx-mailhosts': - command => "/bin/cat ${nginx::params::nx_temp_dir}/nginx.mail.d/* > ${nginx::params::nx_conf_dir}/conf.mail.d/vhost_autogen.conf", - refreshonly => true, - unless => "/usr/bin/test ! -f ${nginx::params::nx_temp_dir}/nginx.mail.d/*", - subscribe => File["${nginx::params::nx_temp_dir}/nginx.mail.d"], - } service { 'nginx': ensure => running, enable => true, hasstatus => true, hasrestart => true, - subscribe => Exec['rebuild-nginx-vhosts', 'rebuild-nginx-mailhosts'], } if $configtest_enable == true { Service['nginx'] { diff --git a/spec/classes/config_spec.rb b/spec/classes/config_spec.rb index 197251cda..468dc7cb4 100644 --- a/spec/classes/config_spec.rb +++ b/spec/classes/config_spec.rb @@ -47,6 +47,8 @@ :group => 'root', :mode => '0644' )} + it { should contain_file("/etc/nginx/conf.d/vhost_autogen.conf").with_ensure('absent') } + it { should contain_file("/etc/nginx/conf.mail.d/vhost_autogen.conf").with_ensure('absent') } it { should contain_file("/var/nginx").with( :ensure => 'directory', :owner => 'root', @@ -76,22 +78,6 @@ :group => 'root', :mode => '0644' )} - it { should contain_file("/tmp/nginx.d").with( - :ensure => 'directory', - :purge => true, - :recurse => true, - :owner => 'root', - :group => 'root', - :mode => '0644' - )} - it { should contain_file("/tmp/nginx.mail.d").with( - :ensure => 'directory', - :purge => true, - :recurse => true, - :owner => 'root', - :group => 'root', - :mode => '0644' - )} end end end @@ -278,7 +264,6 @@ context "when confd_purge true" do let(:params) {{:confd_purge => true}} it { should contain_file('/etc/nginx/conf.d').with( - :ignore => 'vhost_autogen.conf', :purge => true, :recurse => true )} diff --git a/spec/classes/service_spec.rb b/spec/classes/service_spec.rb index 1b5108cef..06a40ed97 100644 --- a/spec/classes/service_spec.rb +++ b/spec/classes/service_spec.rb @@ -15,26 +15,11 @@ context "using default parameters" do - it { should contain_exec('rebuild-nginx-vhosts').with( - :command => "/bin/cat /tmp/nginx.d/* > /etc/nginx/conf.d/vhost_autogen.conf", - :refreshonly => true, - :unless => "/usr/bin/test ! -f /tmp/nginx.d/*", - :subscribe => "File[/tmp/nginx.d]" - )} - - it { should contain_exec('rebuild-nginx-mailhosts').with( - :command => "/bin/cat /tmp/nginx.mail.d/* > /etc/nginx/conf.mail.d/vhost_autogen.conf", - :refreshonly => true, - :unless => "/usr/bin/test ! -f /tmp/nginx.mail.d/*", - :subscribe => "File[/tmp/nginx.mail.d]" - )} - it { should contain_service('nginx').with( :ensure => 'running', :enable => true, :hasstatus => true, - :hasrestart => true, - :subscribe => ['Exec[rebuild-nginx-vhosts]','Exec[rebuild-nginx-mailhosts]'] + :hasrestart => true )} it { should contain_service('nginx').without_restart } diff --git a/spec/system/nginx_vhost_spec.rb b/spec/system/nginx_vhost_spec.rb index fe2244797..d4f344676 100644 --- a/spec/system/nginx_vhost_spec.rb +++ b/spec/system/nginx_vhost_spec.rb @@ -44,11 +44,6 @@ class { 'nginx': } end end - describe file('/etc/nginx/conf.d/vhost_autogen.conf') do - it { should be_file } - it { should contain "www.puppetlabs.com" } - end - context 'should run successfully with ssl' do it 'should configure a nginx SSL vhost' do From 0e1d4adbd567bc64e02962c72b319f9350351fea Mon Sep 17 00:00:00 2001 From: Matthew Haughton <3flex@users.noreply.github.com> Date: Mon, 2 Dec 2013 13:49:47 -0500 Subject: [PATCH 13/18] Remove unused code in mailhost --- manifests/resource/mailhost.pp | 7 ------- 1 file changed, 7 deletions(-) diff --git a/manifests/resource/mailhost.pp b/manifests/resource/mailhost.pp index 09ae55ffc..a5f6d0edf 100644 --- a/manifests/resource/mailhost.pp +++ b/manifests/resource/mailhost.pp @@ -67,11 +67,6 @@ validate_array($server_name) - $file_ensure = $ensure ? { - 'absent' => absent, - default => 'file', - } - $config_file = "${nginx::config::nx_conf_dir}/conf.mail.d/${name}.conf" # Add IPv6 Logic Check - Nginx service will not start if ipv6 is enabled @@ -88,8 +83,6 @@ } concat { $config_file: - # Waiting on https://github.com/puppetlabs/puppetlabs-concat/pull/39/files - #ensure => $file_ensure, owner => 'root', group => 'root', mode => '0644', From a9c445b3f9bfc6b80cba59b206bd029d2ed49795 Mon Sep 17 00:00:00 2001 From: Matthew Haughton <3flex@users.noreply.github.com> Date: Mon, 2 Dec 2013 13:50:22 -0500 Subject: [PATCH 14/18] Remove unused code in vhost --- manifests/resource/vhost.pp | 7 ------- 1 file changed, 7 deletions(-) diff --git a/manifests/resource/vhost.pp b/manifests/resource/vhost.pp index 3edceefc5..aefc2725c 100644 --- a/manifests/resource/vhost.pp +++ b/manifests/resource/vhost.pp @@ -145,11 +145,6 @@ validate_array($server_name) # Variables - $file_ensure = $ensure ? { - 'absent' => absent, - default => 'file', - } - $vhost_dir = "${nginx::config::nx_conf_dir}/sites-available" $vhost_enable_dir = "${nginx::config::nx_conf_dir}/sites-enabled" $vhost_symlink_ensure = $ensure ? { @@ -196,8 +191,6 @@ } concat { $config_file: - # Waiting on https://github.com/puppetlabs/puppetlabs-concat/pull/39/files - #ensure => $file_ensure, owner => 'root', group => 'root', mode => '0644', From 684fafc5598138a0d4c399f7ce7c972a80aa5cd3 Mon Sep 17 00:00:00 2001 From: Matthew Haughton <3flex@users.noreply.github.com> Date: Mon, 2 Dec 2013 13:53:10 -0500 Subject: [PATCH 15/18] Remove the now unused file fragments from /tmp --- manifests/config.pp | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/manifests/config.pp b/manifests/config.pp index 05c574084..0565e1646 100644 --- a/manifests/config.pp +++ b/manifests/config.pp @@ -108,4 +108,15 @@ content => template('nginx/conf.d/proxy.conf.erb'), } + file { "${nginx::config::nx_temp_dir}/nginx.d": + ensure => absent, + purge => true, + recurse => true, + } + + file { "${nginx::config::nx_temp_dir}/nginx.mail.d": + ensure => absent, + purge => true, + recurse => true, + } } From 486d03b6850a0fdaea91eb6f69e8f4d5d8ecd99c Mon Sep 17 00:00:00 2001 From: Matthew Haughton <3flex@users.noreply.github.com> Date: Mon, 2 Dec 2013 13:54:02 -0500 Subject: [PATCH 16/18] required to remove unused file fragments from /tmp --- manifests/params.pp | 1 + 1 file changed, 1 insertion(+) diff --git a/manifests/params.pp b/manifests/params.pp index 982c64bf6..2356f32d5 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -14,6 +14,7 @@ # # This class file is not called directly class nginx::params { + $nx_temp_dir = '/tmp' $nx_run_dir = '/var/nginx' $nx_conf_dir = '/etc/nginx' From 2ccd399a74e1ca9cbfaa5144815a01b8faae804c Mon Sep 17 00:00:00 2001 From: Matthew Haughton <3flex@users.noreply.github.com> Date: Mon, 2 Dec 2013 13:58:23 -0500 Subject: [PATCH 17/18] add tests to check file fragments are absent --- spec/classes/config_spec.rb | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/spec/classes/config_spec.rb b/spec/classes/config_spec.rb index 468dc7cb4..f48029bc0 100644 --- a/spec/classes/config_spec.rb +++ b/spec/classes/config_spec.rb @@ -78,6 +78,16 @@ :group => 'root', :mode => '0644' )} + it { should contain_file("/tmp/nginx.d").with( + :ensure => 'absent', + :purge => true, + :recurse => true, + )} + it { should contain_file("/tmp/nginx.mail.d").with( + :ensure => 'absent', + :purge => true, + :recurse => true, + )} end end end From 390b491cc132a1e91a44d4f6924090bb36f87754 Mon Sep 17 00:00:00 2001 From: Matthew Haughton <3flex@users.noreply.github.com> Date: Mon, 2 Dec 2013 14:01:38 -0500 Subject: [PATCH 18/18] ruby 1.8.7 syntax fix --- spec/classes/config_spec.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/spec/classes/config_spec.rb b/spec/classes/config_spec.rb index f48029bc0..ed3e0e0e4 100644 --- a/spec/classes/config_spec.rb +++ b/spec/classes/config_spec.rb @@ -81,12 +81,12 @@ it { should contain_file("/tmp/nginx.d").with( :ensure => 'absent', :purge => true, - :recurse => true, + :recurse => true )} it { should contain_file("/tmp/nginx.mail.d").with( :ensure => 'absent', :purge => true, - :recurse => true, + :recurse => true )} end end