Skip to content

Commit

Permalink
Fix CentOS 7 / CentOS Stream 8 in CI
Browse files Browse the repository at this point in the history
Ensure we are using nginx from the correct repo: cleanup leftovers from
previous tests. Also, the passenger repository is not usable on CentOS
Stream 8, and the packaged version is too old for some of our tests
(e.g. when using nginx-mod-mail).

```
Error:
 Problem: cannot install the best candidate for the job
  - nothing provides rubygem(rack) needed by passenger-6.0.14-1.el8.x86_64
```

```sh-session
[vagrant@centos8s ~]$ dnf info nginx-mod-mail
Last metadata expiration check: 0:00:08 ago on Fri 12 Aug 2022 01:23:41 AM UTC.
Available Packages
Name         : nginx-mod-mail
Epoch        : 1
Version      : 1.14.1
Release      : 9.module_el8.0.0+1060+3ab382d3
Architecture : x86_64
Size         : 64 k
Source       : nginx-1.14.1-9.module_el8.0.0+1060+3ab382d3.src.rpm
Repository   : appstream
Summary      : Nginx mail modules
URL          : http://nginx.org/
License      : BSD
Description  : Nginx mail modules.
```
  • Loading branch information
smortex committed Aug 12, 2022
1 parent f91225b commit bb34f0c
Show file tree
Hide file tree
Showing 5 changed files with 139 additions and 90 deletions.
55 changes: 32 additions & 23 deletions manifests/package/redhat.pp
Original file line number Diff line number Diff line change
Expand Up @@ -19,17 +19,24 @@
default => 'rhel'
}

$want_module_hotfixes = if versioncmp(fact('os.release.full'), '8.0') >= 0 {
'1'
} else {
'absent'
}

if $manage_repo {
case $package_source {
'nginx', 'nginx-stable': {
yumrepo { 'nginx-release':
baseurl => "https://nginx.org/packages/${_os}/${facts['os']['release']['major']}/\$basearch/",
descr => 'nginx repo',
enabled => '1',
gpgcheck => '1',
priority => '1',
gpgkey => 'https://nginx.org/keys/nginx_signing.key',
before => Package['nginx'],
baseurl => "https://nginx.org/packages/${_os}/${facts['os']['release']['major']}/\$basearch/",
descr => 'nginx repo',
enabled => '1',
gpgcheck => '1',
priority => '1',
gpgkey => 'https://nginx.org/keys/nginx_signing.key',
before => Package['nginx'],
module_hotfixes => $want_module_hotfixes,
}

if $purge_passenger_repo {
Expand All @@ -41,13 +48,14 @@
}
'nginx-mainline': {
yumrepo { 'nginx-release':
baseurl => "https://nginx.org/packages/mainline/${_os}/${facts['os']['release']['major']}/\$basearch/",
descr => 'nginx repo',
enabled => '1',
gpgcheck => '1',
priority => '1',
gpgkey => 'https://nginx.org/keys/nginx_signing.key',
before => Package['nginx'],
baseurl => "https://nginx.org/packages/mainline/${_os}/${facts['os']['release']['major']}/\$basearch/",
descr => 'nginx repo',
enabled => '1',
gpgcheck => '1',
priority => '1',
gpgkey => 'https://nginx.org/keys/nginx_signing.key',
before => Package['nginx'],
module_hotfixes => $want_module_hotfixes,
}

if $purge_passenger_repo {
Expand All @@ -58,21 +66,22 @@
}
}
'passenger': {
if ($facts['os']['name'] in ['RedHat', 'CentOS', 'VirtuozzoLinux']) and ($facts['os']['release']['major'] in ['6', '7', '8']) {
if ($facts['os']['name'] in ['RedHat', 'CentOS', 'VirtuozzoLinux']) and ($facts['os']['release']['major'] in ['6', '7']) {
# 2019-11: Passenger changed their gpg key from: `https://packagecloud.io/phusion/passenger/gpgkey`
# to: `https://oss-binaries.phusionpassenger.com/auto-software-signing-gpg-key.txt`
# Find the latest key by opening: https://oss-binaries.phusionpassenger.com/yum/definitions/el-passenger.repo

# Also note: Since 6.0.5 there are no nginx packages in the phusion EL7 repository, and nginx packages are expected to come from epel instead
yumrepo { 'passenger':
baseurl => "https://oss-binaries.phusionpassenger.com/yum/passenger/el/${facts['os']['release']['major']}/\$basearch",
descr => 'passenger repo',
enabled => '1',
gpgcheck => '0',
repo_gpgcheck => '1',
priority => '1',
gpgkey => 'https://oss-binaries.phusionpassenger.com/auto-software-signing-gpg-key.txt',
before => Package['nginx'],
baseurl => "https://oss-binaries.phusionpassenger.com/yum/passenger/el/${facts['os']['release']['major']}/\$basearch",
descr => 'passenger repo',
enabled => '1',
gpgcheck => '0',
repo_gpgcheck => '1',
priority => '1',
gpgkey => 'https://oss-binaries.phusionpassenger.com/auto-software-signing-gpg-key.txt',
before => Package['nginx'],
module_hotfixes => $want_module_hotfixes,
}

yumrepo { 'nginx-release':
Expand Down
10 changes: 8 additions & 2 deletions spec/acceptance/class_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -3,11 +3,15 @@
require 'spec_helper_acceptance'

describe 'nginx class:' do
test_passenger = true

case fact('osfamily')
when 'RedHat'
pkg_cmd = 'yum info nginx | grep "^From repo"'
pkg_remove_cmd = 'yum -y remove nginx nginx-filesystem passenger'
pkg_match = case fact('operatingsystemmajrelease')
when '8'
test_passenger = false
when '7' # https://blog.phusion.nl/2020/05/29/passenger-6-0-5/
%r{epel}
else
Expand All @@ -24,6 +28,8 @@
else
%r{Phusion}
end
else
test_passenger = false
end

context 'default parameters' do
Expand All @@ -44,7 +50,7 @@
end
end

context 'nginx with package_source passenger', if: pkg_cmd do
context 'nginx with package_source passenger', if: test_passenger do
it 'runs successfully' do
shell(pkg_remove_cmd)
pp = <<-EOS
Expand Down Expand Up @@ -76,7 +82,7 @@ class { 'nginx':
end
end

context 'reset to default parameters', if: pkg_cmd do
context 'reset to default parameters', if: pkg_remove_cmd do
it 'runs successfully' do
shell(pkg_remove_cmd)
pp = "class { 'nginx': }"
Expand Down
157 changes: 94 additions & 63 deletions spec/acceptance/nginx_mail_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -3,87 +3,118 @@
require 'spec_helper_acceptance'

describe 'nginx::resource::mailhost define:' do
it 'runs successfully' do
pp = "
if fact('os.family') == 'RedHat' {
package { 'nginx-mod-mail':
ensure => installed,
}
}
has_recent_mail_module = true

class { 'nginx':
mail => true,
dynamic_modules => fact('os.family') ? {
'RedHat' => ['/usr/lib64/nginx/modules/ngx_mail_module.so'],
default => [],
}
if fact('os.family') == 'RedHat' && fact('os.release.major') == '8'
# EPEL had recent nginx-mod-mail package for CentOS 7 but not CentOS 8
# Stream. The base packages use an older version of nginx that does not
# work with the acceptance test configuration.
has_recent_mail_module = false
end

it 'remove leftovers from previous tests', if: fact('os.family') == 'RedHat' do
shell('yum -y remove nginx nginx-filesystem passenger')
# nginx-mod-mail is not available for all versions of nginx, the one
# installed might be incompatible with the version of nginx-mod-mail we are
# about to install so clean everything.
pp = "
yumrepo { 'nginx-release':
ensure => absent,
}
nginx::resource::mailhost { 'domain1.example':
ensure => present,
auth_http => 'localhost/cgi-bin/auth',
protocol => 'smtp',
listen_port => 587,
ssl => true,
ssl_port => 465,
ssl_cert => '/etc/pki/tls/certs/blah.cert',
ssl_key => '/etc/pki/tls/private/blah.key',
xclient => 'off',
yumrepo { 'passenger':
ensure => absent,
}
"

apply_manifest(pp, catch_failures: true)
end

describe file('/etc/nginx/conf.mail.d/domain1.example.conf') do
it { is_expected.to be_file }
it { is_expected.to contain 'auth_http localhost/cgi-bin/auth;' }
it { is_expected.to contain 'listen *:465 ssl;' }
end

describe port(587) do
it { is_expected.to be_listening }
end

describe port(465) do
it { is_expected.to be_listening }
end

context 'when configured for nginx 1.14' do
context 'actualy test the mail module', if: has_recent_mail_module do
it 'runs successfully' do
pp = "
if fact('os.family') == 'RedHat' {
package { 'nginx-mod-mail':
ensure => installed,
if fact('os.family') == 'RedHat' {
package { 'nginx-mod-mail':
ensure => installed,
}
}
}
class { 'nginx':
mail => true,
nginx_version => '1.14.0',
dynamic_modules => fact('os.family') ? {
'RedHat' => ['/usr/lib64/nginx/modules/ngx_mail_module.so'],
default => [],
class { 'nginx':
mail => true,
dynamic_modules => fact('os.family') ? {
'RedHat' => ['/usr/lib64/nginx/modules/ngx_mail_module.so'],
default => [],
}
}
nginx::resource::mailhost { 'domain1.example':
ensure => present,
auth_http => 'localhost/cgi-bin/auth',
protocol => 'smtp',
listen_port => 587,
ssl => true,
ssl_port => 465,
ssl_cert => '/etc/pki/tls/certs/blah.cert',
ssl_key => '/etc/pki/tls/private/blah.key',
xclient => 'off',
}
}
nginx::resource::mailhost { 'domain1.example':
ensure => present,
auth_http => 'localhost/cgi-bin/auth',
protocol => 'smtp',
listen_port => 587,
ssl => true,
ssl_port => 465,
ssl_cert => '/etc/pki/tls/certs/blah.cert',
ssl_key => '/etc/pki/tls/private/blah.key',
xclient => 'off',
}
"

apply_manifest(pp, catch_failures: true)
# The module produce different config when nginx is installed and when it
# is not installed prior to getting facts, so we need to re-apply the
# catalog.
apply_manifest(pp, catch_failures: true)
end

describe file('/etc/nginx/conf.mail.d/domain1.example.conf') do
it 'does\'t contain `ssl` on `listen` line' do
is_expected.to contain 'listen *:465;'
it { is_expected.to be_file }
it { is_expected.to contain 'auth_http localhost/cgi-bin/auth;' }
it { is_expected.to contain 'listen *:465 ssl;' }
end

describe port(587) do
it { is_expected.to be_listening }
end

describe port(465) do
it { is_expected.to be_listening }
end

context 'when configured for nginx 1.14' do
it 'runs successfully' do
pp = "
if fact('os.family') == 'RedHat' {
package { 'nginx-mod-mail':
ensure => installed,
}
}
class { 'nginx':
mail => true,
nginx_version => '1.14.0',
dynamic_modules => fact('os.family') ? {
'RedHat' => ['/usr/lib64/nginx/modules/ngx_mail_module.so'],
default => [],
}
}
nginx::resource::mailhost { 'domain1.example':
ensure => present,
auth_http => 'localhost/cgi-bin/auth',
protocol => 'smtp',
listen_port => 587,
ssl => true,
ssl_port => 465,
ssl_cert => '/etc/pki/tls/certs/blah.cert',
ssl_key => '/etc/pki/tls/private/blah.key',
xclient => 'off',
}
"

apply_manifest(pp, catch_failures: true)
end

describe file('/etc/nginx/conf.mail.d/domain1.example.conf') do
it 'does\'t contain `ssl` on `listen` line' do
is_expected.to contain 'listen *:465;'
end
end
end
end
Expand Down
5 changes: 4 additions & 1 deletion spec/acceptance/nginx_server_spec.rb
100755 → 100644
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,10 @@ class { 'nginx': }
end

context 'should run successfully with ssl' do
it 'remove leftovers from previous tests', if: fact('os.family') == 'RedHat' do
shell('yum -y remove nginx nginx-filesystem passenger')
end

it 'configures a nginx SSL server' do
pp = "
class { 'nginx': }
Expand All @@ -71,7 +75,6 @@ class { 'nginx': }

describe file('/etc/nginx/sites-available/www.puppetlabs.com.conf') do
it { is_expected.to be_file }
it { is_expected.not_to contain 'ssl on;' } # As of nginx 1.15 (1.16 stable), this will not be set.
it { is_expected.to contain 'listen *:443 ssl;' }
it { is_expected.not_to contain 'shared:SSL:10m;' }
end
Expand Down
2 changes: 1 addition & 1 deletion spec/classes/nginx_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -105,7 +105,7 @@
it { is_expected.to contain_yumrepo('passenger').that_comes_before('Package[nginx]') }
end

context 'package_source => passenger' do
context 'package_source => passenger', unless: facts[:operatingsystemmajrelease] == '8' do
let(:params) { { package_source: 'passenger' } }

it do
Expand Down

0 comments on commit bb34f0c

Please sign in to comment.