summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--.gitignore7
-rw-r--r--.gitlab-ci.yml11
-rw-r--r--lib/leap_cli/config/manager.rb5
-rw-r--r--lib/leap_cli/ssh/options.rb14
-rw-r--r--puppet/modules/site_config/manifests/caching_resolver.pp18
-rw-r--r--puppet/modules/site_postfix/manifests/mx.pp33
-rw-r--r--puppet/modules/site_rsyslog/templates/client.conf.erb1
-rw-r--r--tests/puppet/provider/.platform-test.conf21
-rw-r--r--tests/puppet/provider/files/nodes/single/single.crt34
-rw-r--r--tests/puppet/provider/files/nodes/single/single.key51
-rw-r--r--tests/puppet/provider/files/ssh/authorized_keys2
-rw-r--r--tests/puppet/provider/nodes/single.json11
-rw-r--r--tests/puppet/provider/secrets.json20
-rw-r--r--tests/puppet/provider/tags/single.json4
-rw-r--r--tests/puppet/provider/users/catalog_testuser/catalog_testuser_ssh.pub1
-rw-r--r--tests/puppet/provider/users/gitlab-runner/gitlab-runner_ssh.pub1
16 files changed, 95 insertions, 139 deletions
diff --git a/.gitignore b/.gitignore
index e7be571f..7f9f2138 100644
--- a/.gitignore
+++ b/.gitignore
@@ -2,4 +2,11 @@
/puppet/modules/site_custom
/Gemfile.lock
/tests/puppet/provider/hiera
+/tests/puppet/provider/secrets.json
+/tests/puppet/provider/files/ssh/authorized_keys
+/tests/puppet/provider/files/nodes/
+/tests/puppet/provider/users/*
+!/tests/puppet/provider/users/gitlab-runner
+!/tests/puppet/provider/users/gitlab-runner/*
/tests/puppet/provider/test
+/builds
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index c17ce155..462d39f0 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -1,5 +1,5 @@
before_script:
- - ruby -v
+ - echo 'Running global before_script'
- bundle install --path vendor/bundle --jobs $(nproc) "${FLAGS[@]}"
- git submodule update --init
@@ -44,6 +44,11 @@ catalog:
build:
stage: build
before_script:
- - echo $CI_BUILD_REF_NAME
+ - env
script:
- - /usr/local/bin/platform_test/buildscripts/build-platform.sh $CI_BUILD_REF_NAME -x
+ # use simple_deploy to speed up local development
+ #- leap-platform-test simple_deploy
+ - leap-platform-test -v reset_deploy
+ - leap-platform-test -v test
+ - leap info
+ - leap local stop
diff --git a/lib/leap_cli/config/manager.rb b/lib/leap_cli/config/manager.rb
index aea1d322..62eaa894 100644
--- a/lib/leap_cli/config/manager.rb
+++ b/lib/leap_cli/config/manager.rb
@@ -387,6 +387,11 @@ module LeapCli
env('_all_').tags[node_tag].node_list.add(node.name, node)
end
end
+ if node.name == 'default' || environment_names.include?(node.name)
+ LeapCli::Util.bail! do
+ LeapCli.log :error, "The node name '#{node.name}' is invalid, because there is an environment with that same name."
+ end
+ end
elsif !options[:include_disabled]
LeapCli.log 2, :skipping, "disabled node #{name}."
env.nodes.delete(name)
diff --git a/lib/leap_cli/ssh/options.rb b/lib/leap_cli/ssh/options.rb
index d991cc29..b8266d11 100644
--- a/lib/leap_cli/ssh/options.rb
+++ b/lib/leap_cli/ssh/options.rb
@@ -6,6 +6,11 @@ module LeapCli
module SSH
module Options
+ #
+ # options passed to net-ssh. See
+ # https://net-ssh.github.io/net-ssh/Net/SSH.html#method-c-start
+ # for the available options.
+ #
def self.global_options
{
#:keys_only => true,
@@ -78,13 +83,12 @@ module LeapCli
def self.net_ssh_log_level
if DEBUG
case LeapCli.logger.log_level
- when 1 then 3
- when 2 then 2
- when 3 then 1
- else 0
+ when 1 then :error
+ when 2 then :info
+ else :debug
end
else
- nil
+ :fatal
end
end
diff --git a/puppet/modules/site_config/manifests/caching_resolver.pp b/puppet/modules/site_config/manifests/caching_resolver.pp
index 5541472d..4da13d9c 100644
--- a/puppet/modules/site_config/manifests/caching_resolver.pp
+++ b/puppet/modules/site_config/manifests/caching_resolver.pp
@@ -1,6 +1,8 @@
# deploy local caching resolver
class site_config::caching_resolver {
tag 'leap_base'
+ $domain = hiera('domain')
+ $internal_domain = $domain['internal_suffix']
# We need to make sure Package['bind9'] isn't installed because when it is, it
# keeps unbound from running. Some base debian installs will install bind9,
@@ -17,13 +19,15 @@ class site_config::caching_resolver {
require => Package['bind9'],
settings => {
server => {
- verbosity => '1',
- interface => [ '127.0.0.1', '::1' ],
- port => '53',
- hide-identity => 'yes',
- hide-version => 'yes',
- harden-glue => 'yes',
- access-control => [ '127.0.0.0/8 allow', '::1 allow' ]
+ verbosity => '1',
+ interface => [ '127.0.0.1', '::1' ],
+ port => '53',
+ hide-identity => 'yes',
+ hide-version => 'yes',
+ harden-glue => 'yes',
+ access-control => [ '127.0.0.0/8 allow', '::1 allow' ],
+ module-config => '"validator iterator"',
+ domain-insecure => $internal_domain
}
}
}
diff --git a/puppet/modules/site_postfix/manifests/mx.pp b/puppet/modules/site_postfix/manifests/mx.pp
index 0b760eb4..2dac85f5 100644
--- a/puppet/modules/site_postfix/manifests/mx.pp
+++ b/puppet/modules/site_postfix/manifests/mx.pp
@@ -57,10 +57,6 @@ class site_postfix::mx {
value => 'sha1';
'relay_clientcerts':
value => 'tcp:localhost:2424';
- # Note: we are setting this here, instead of in site_postfix::mx::smtp_tls
- # because the satellites need to have a different value
- 'smtp_tls_security_level':
- value => 'may';
# reject inbound mail to system users
# see https://leap.se/code/issues/6829
# this blocks *only* mails to system users, that don't appear in the
@@ -90,6 +86,35 @@ class site_postfix::mx {
value => 'permit_mynetworks';
'postscreen_greet_action':
value => 'enforce';
+ # Level of DNS support in the Postfix SMTP client. Enable DNS lookups
+ # (default: empty). When empty, then the legacy "disable_dns_lookups"
+ # (default: no) parameter is used. Setting 'smtp_dns_support_level' to
+ # enabled sets the previous behavior with the new parameter. When set to
+ # 'dnssec" this enables DNSSEC lookups.
+ 'smtp_dns_support_level':
+ value => 'dnssec';
+
+ # http://www.postfix.org/TLS_README.html#client_tls_dane The "dane" level is
+ # a stronger form of opportunistic TLS that is resistant to man in the
+ # middle and downgrade attacks when the destination domain uses DNSSEC to
+ # publish DANE TLSA records for its MX hosts. If a remote SMTP server has
+ # "usable" (see RFC 6698) DANE TLSA records, the server connection will be
+ # authenticated. When DANE authentication fails, there is no fallback to
+ # unauthenticated or plaintext delivery.
+ #
+ # If TLSA records are published for a given remote SMTP server (implying TLS
+ # support), but are all "unusable" due to unsupported parameters or
+ # malformed data, the Postfix SMTP client will use mandatory unauthenticated
+ # TLS. Otherwise, when no TLSA records are published, the Postfix SMTP
+ # client behavior is the same as with may.
+ #
+ # This requires postfix to be able to send its DNS queries to a recursive
+ # DNS nameserver that is able to validate the signed records
+ #
+ # Note: we are setting this here, instead of in site_postfix::mx::smtp_tls
+ # because the satellites need to have a different value
+ 'smtp_tls_security_level':
+ value => 'dane';
}
# Make sure that the cleanup serivce is not chrooted, otherwise it cannot
diff --git a/puppet/modules/site_rsyslog/templates/client.conf.erb b/puppet/modules/site_rsyslog/templates/client.conf.erb
index 7f94759d..553b8373 100644
--- a/puppet/modules/site_rsyslog/templates/client.conf.erb
+++ b/puppet/modules/site_rsyslog/templates/client.conf.erb
@@ -93,7 +93,6 @@ auth,authpriv.* /var/log/secure
<% if scope.lookupvar('rsyslog::log_style') == 'debian' -%>
# First some standard log files. Log by facility.
#
-*.*;auth,authpriv.none -/var/log/syslog
cron.* /var/log/cron.log
daemon.* -/var/log/daemon.log
kern.* -/var/log/kern.log
diff --git a/tests/puppet/provider/.platform-test.conf b/tests/puppet/provider/.platform-test.conf
new file mode 100644
index 00000000..a40b6b32
--- /dev/null
+++ b/tests/puppet/provider/.platform-test.conf
@@ -0,0 +1,21 @@
+export ROOTDIR=$(pwd)
+
+export PROVIDERDIR="${ROOTDIR}/tests/puppet/provider"
+export PLATFORMDIR="$ROOTDIR"
+export LOGDIR="$ROOTDIR/builds/log"
+
+export CONTACTS="sysdev@leap.se"
+export MAIL_TO=$CONTACTS
+
+export OPTS='--yes'
+
+export FILTER_COMMON=""
+
+export LEAP_CMD="leap"
+
+# Nodes to bootstrap
+# NODES='rewdevcouch1:couchdb,soledad rewdevmx1:mx rewdevvpn1:openvpn,tor rewdevweb1:webapp,monitor rewdevplain1: rewdevstatic1:static'
+
+# tag/environment to deploy to
+export TAG='local'
+
diff --git a/tests/puppet/provider/files/nodes/single/single.crt b/tests/puppet/provider/files/nodes/single/single.crt
deleted file mode 100644
index d51bbcc2..00000000
--- a/tests/puppet/provider/files/nodes/single/single.crt
+++ /dev/null
@@ -1,34 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIF1zCCA7+gAwIBAgIRAOa9uhf564pgUrrohRezgqswDQYJKoZIhvcNAQELBQAw
-SjEQMA4GA1UECgwHRXhhbXBsZTEcMBoGA1UECwwTaHR0cHM6Ly9leGFtcGxlLm9y
-ZzEYMBYGA1UEAwwPRXhhbXBsZSBSb290IENBMB4XDTE2MDYxMTAwMDAwMFoXDTE3
-MDYxMTAwMDAwMFowHTEbMBkGA1UEAwwSc2luZ2xlLmV4YW1wbGUub3JnMIICIjAN
-BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA3fVrTjpcmFuQG4bdI/cdptdpXoDu
-a1X03i1WfLTPm7mdeqrMvFR8/6ReLobpb+GYkrhqIv0X8M1PIXUgbblZK3Uo/jhy
-GINaNUUKkH/AaAi0g70BLYwDk6kXJ+mSuoEWQBKN6OdfHCsynFOg8B9B+ug4WEyR
-JSWNrK6jF2N551/r0DHOLJgqDEr/rIdXgKbsmeLa7k8jHslirkwNERtr1qLMMNI5
-OFb1Qb/rIqL6q1oypVbPIVTv7Dw7wcSyW9P32WeyyML+eDlJQloFY4Fg96gGX42q
-voiJ93C4tDBs/RbR3jrBEBP/Y52BOGB1cQaBQSfTRfCoJoEUpjeczevq2+YLwawI
-ADchQjKcPXfJ86Gt9uHbdQrPM0JhNBkPtzCWRkLpS0l4dh/H8p+6jjHmiVe7ulXT
-+rSOlucViB5r666a+YEY+v7IGMV9+f/LUXJsxKrl4N92r7GbGzcnX9cNKLGgxN+Z
-ye/MTdzuFBQ83xQ6d1ITk/N4ohkghTb+64DYHjYsisP4/513cFFLnWx74rm9eDcq
-UvljkF9POvnqJkCICLZLne0daaWxiSEw1HewfMZxh17esMp1eMXJGDoGSYAwDrsH
-3rETBzHhqPrPuqtEmyzNS85o6Vf1XOi1kb+UuKE7dik5h7jcEqpC5LOu5EqJnf2N
-MhJriuP8Mn0rKh0CAwEAAaOB5DCB4TAdBgNVHQ4EFgQUAl+3oyuiC9uG1iqlefB5
-7/w8uaswaAYDVR0RBGEwX4IPYXBpLmV4YW1wbGUub3JnggtleGFtcGxlLm9yZ4IT
-bmlja255bS5leGFtcGxlLm9yZ4IQc2luZ2xlLmV4YW1wbGUuaYISc2luZ2xlLmV4
-YW1wbGUub3JnhwQBAQEBMAsGA1UdDwQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcD
-AQYIKwYBBQUHAwIwCQYDVR0TBAIwADAfBgNVHSMEGDAWgBSWELbB+tUXMau27NwD
-SaQ77Kf1uDANBgkqhkiG9w0BAQsFAAOCAgEAOpy7sY9hKuHmvzyRSLdYipQiAI9a
-I/jpBQQ6/lILOQVdhxKp9fnoTHowub6DRLJx3xFp3PywCXanTucPUylhKHi7w3Us
-df0A8riUR7haXVJrHL2mCLlb4CyqdMyJ7eWRIv8DaUhdgPdX1d2LqDYWmbeDQeiV
-HJJ89dFGXmiaH/9TZgPx8hOnZuF2dTy+eoVDYw2McCYJw5xIHzFlhK74jbjM1oQJ
-xKItzb28/xOre4hsgi5S2hwIwXUfXkkbwI/KZaE9pC7DXa4KSmmZ48W5hJZS3pIU
-A7sTvkGB3xidsQGKn4+q33GvexWZ7YeXMmdeaz3uWgDyBgTKTI0dZb9VrmkjwtZ+
-AxgBCm+vYG+XZ30vKDPYfgadhE4z9CA3RL9Sd2SYVEy1jhZ0TE3V+xT9pPvaKraz
-l8fFZ7DvBvufbGjZFRgES56G6qgGs/CwdOkjfvpF9J/WsCTMceACyLKl9GfOZQHF
-2TBbJAv9WGJsTFdPY4Qq1tq2LosyPWKEj4+v3lxkdgkDN3QvivTme4gm2Ps0EkjG
-6u+0PtkFVHZ47Lz8mNx0Lmj6N6Rai6btTOSXm2rJlVDdRqih59oWuPJruqoU9S/z
-Rul0Er74Sbf3iiEsmFlQpm6RqxcGwjhE6iv1pPa3ksFWz/sUQ50iW1jXaA+N4DC0
-TCnSHgbeJfatvMA=
------END CERTIFICATE-----
diff --git a/tests/puppet/provider/files/nodes/single/single.key b/tests/puppet/provider/files/nodes/single/single.key
deleted file mode 100644
index c248e4cd..00000000
--- a/tests/puppet/provider/files/nodes/single/single.key
+++ /dev/null
@@ -1,51 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIJJwIBAAKCAgEA3fVrTjpcmFuQG4bdI/cdptdpXoDua1X03i1WfLTPm7mdeqrM
-vFR8/6ReLobpb+GYkrhqIv0X8M1PIXUgbblZK3Uo/jhyGINaNUUKkH/AaAi0g70B
-LYwDk6kXJ+mSuoEWQBKN6OdfHCsynFOg8B9B+ug4WEyRJSWNrK6jF2N551/r0DHO
-LJgqDEr/rIdXgKbsmeLa7k8jHslirkwNERtr1qLMMNI5OFb1Qb/rIqL6q1oypVbP
-IVTv7Dw7wcSyW9P32WeyyML+eDlJQloFY4Fg96gGX42qvoiJ93C4tDBs/RbR3jrB
-EBP/Y52BOGB1cQaBQSfTRfCoJoEUpjeczevq2+YLwawIADchQjKcPXfJ86Gt9uHb
-dQrPM0JhNBkPtzCWRkLpS0l4dh/H8p+6jjHmiVe7ulXT+rSOlucViB5r666a+YEY
-+v7IGMV9+f/LUXJsxKrl4N92r7GbGzcnX9cNKLGgxN+Zye/MTdzuFBQ83xQ6d1IT
-k/N4ohkghTb+64DYHjYsisP4/513cFFLnWx74rm9eDcqUvljkF9POvnqJkCICLZL
-ne0daaWxiSEw1HewfMZxh17esMp1eMXJGDoGSYAwDrsH3rETBzHhqPrPuqtEmyzN
-S85o6Vf1XOi1kb+UuKE7dik5h7jcEqpC5LOu5EqJnf2NMhJriuP8Mn0rKh0CAwEA
-AQKCAgBT7k/LXwpQmp8dqZvJ09IkmuQ/ViXR9MkJkr9XnM+8pS3FivysYo555N+w
-XFe9dONK5+1KmcYJyrkXf8DpfOMZKc58gz+xwUnFRvw9s/E/5brM7hWZ8Y4QsioN
-b6eKWvHc/Kco4QT4E+Wpc34yDr/WbyWPTjS8hTzThZ4qY/Ve5si3C35ZIpkT2PBh
-fzQ5c+WYM05yOv6ez6w/GIcAZwwaN6la9MOqaEeJu1bg3BxJ22u3VeIxSnsHK6e1
-F/oR+0+HqEzU2dd8Ar2PF5deDzhpreHrFBjyv5LcPIW7rWwpMA3gKPuEZut18cNB
-XEhMmxcZWkPr+Jq9JKZ4TCNBQuql1EWsKuzhYak/83oZjw+6imsDzHSRkNWOo2Ux
-CuY8QKD5zCtaOTzPx/K5b3sIiI1VMXsh5tg0YqrIyJF0WrGNLgwXOmG19V/DEZ81
-uCiTB0QEyJmk2xyEONEnUDT4f+WHCjSh6c9pJ9SnY3qKXUftTi8kywGwbZ2UNXiQ
-n53uU5JH2Fi3uFkbY8JPhaE0pSx0HG5k5flWTKeqPtt8Pto/1Hh3p0+oFBpHJ361
-HXhCkPxYLt+tUbtahnxavWlzLW9p1pIcSB7HW+me5LiCIq4UFNfG+spftDA7MymA
-r09kgYHOShTplNfaYCcgILBASdF6NTI8CRl2Z4M2ZUOWrp14iQKCAQEA8d2MhWO6
-ovKGkksl7uGHpbXcgpnPZxlLLazdG43t8Lx7T/fxZJcB4xGjY4u1YABIP0rMahcK
-yPsZkaNhXi4KzUXHDxh1QRWMwIpvsu/QSYpz/ksPgoAiQTE+nwPsaHVL4WLPdXFn
-7UGQL33/bdc2md7YHRnmFMK2PdS+XlOscjjNywoKejXhJKGlmSlD8+Itp8bb6TmN
-YFQuclX+coKJTfXrVhrFi0lhvuWjYq/30eZoFZnnIOxyinboG+2ESLiceqMbEBcB
-+63EMMN70qPMSrni7xJeCPCOFZAobJHkAIxTU2JyomFmIZEQyCMK80MZDZge+jeC
-x0fmOI+sCaQO1wKCAQEA6u4NpH4WsgJhKycJrjTzfiH6miznbXdPzkFMrg4ziXiK
-f4X0oe5bKyVSqZ1wzOFhkJjkernTUUtuwR/KW3EYpWe8mEvYiSQR500WkYynMlsy
-e70zspseFnc08ZgR+BYWIKJTEAZDURgF7Lh5uKhdG8quSYw/h//4GOWHVc1A5qjI
-UtUmGHVgqIBOvQChGI+HfBbeNOCXlnpZ/J24oYjjuMf+wnpxahawLk1+B0EVaKrP
-V7yJ2ju/1QcVx4DKhIA9IF41sfmbVSvMKeL0nlMoLLpH/Rdbc0jiwUMYwCbcvSD7
-wKTPHUwgGngwL0P5oSooBA+1kA5kRDONcVPmGw80KwKCAQBuANS7iktFd0arXNBo
-4FxgiuE66RfCjWd646dAtAGnPyJakatRk7jA/LGyQcWBXz98wdlM2yQFmubbLVLI
-kepJyFWr0PTrYBC/NXduC9JQ0E7HNn5cXUi3G92eVxt7uvWDEfzHLogVCX+5ifXV
-kE9+FjN2sOPLR2+5mXvnzOienqVCllODl+PJVFfL3E/SqWkYaMJ2Rb2+NStWxzPO
-Av7N3W5moBB+tCZnu2vfI6dz6PYn9PKBL+k8fq48nX9Pz98ji/FwFPbK8BJOF2rG
-t8bfqcHD+Deam0YUGpe4IXZwpWH0h88ZeXEJDUBztjRxxW+sliZoqTyqxFG6IeYe
-EGbLAoIBABq5T6X5jd1b9e+xtiEx9szPUrF9ECpcmyBsPyvBg81Mf/y3oTdWZNqI
-mVmgBjfYH4ASVFM9ljM2MHgZhKxYNiSCo2pznkMjbkHwe/O8mzxYMWrv/9R+XrLR
-hp1A3jJpWMUHkglNnRS5ddsStQ3zYPwLVz4YjRWMYY17dqSk/4/9fSQnCPlZSNCC
-H/LSAoFHunK8KzS6o6PDcT8SNfFyH+1iGrHGueYGhK4PtJlgpu3MGF/zm37Osyip
-cKnMFb1y1QE8lkETkr7ih4vwPEFSVkyYOB4rLQT1Mo4ncsZQ5WVCPkEQvlqn0TMR
-nvGRevEBWaH0o4Oqj29OqfVNROypExcCggEAdbEvcV6S28a73X9H+kbWAm5TJ8yH
-f80/OXaRS3bbfuVF2nGyHYuD7MU/gHdV15mzH+J0W5olatKwRfnGFy54JTl2mp7z
-8zvnNBy7L+0ZsTfAvZVskRCSJ4ACPFkFVidJei1fw90y5+nUpR+6motEywa4vqfO
-QsoqaKaErGTagNWKygH61A9lO6d0hrRFXeMXJMn4ZhIjoUWRYHJw4nK4nHJjq4t+
-TfnxED+lvaC16nmQJayvQwg8kUz46YFbGc4ieQSlste87vcsSfbTPBnPpNmxpK0v
-iPt2DD9o1djihRin/WnslcYNM7F9zABzJTr7tPfu0NSwnOQqYD0JMl4btQ==
------END RSA PRIVATE KEY-----
diff --git a/tests/puppet/provider/files/ssh/authorized_keys b/tests/puppet/provider/files/ssh/authorized_keys
deleted file mode 100644
index 534789db..00000000
--- a/tests/puppet/provider/files/ssh/authorized_keys
+++ /dev/null
@@ -1,2 +0,0 @@
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDEbZADylg5xTxWIF+DlAVNLuNugSvsb1QWlSKwfIbJjmsln/03ThQrsZG0JhL5F3/2epaahXhK11Uf2tcUsfE+9UffP+McYOKvZ9GmTLBpYZUyJT8XRBK/rthuig050xpNpxqlYTCbCM7QCkOseWp0FnAZv+CHXBbuVSkGDMc35nM1TxmVWHuJxiCq/XXg0CN/MD5UY7BWkJbWrelHxzTyVImB+cxRnaASaMk+LMLplrVG8jGTMSRFWea2U3iLrYnppLAsowNeXJ+NqKUXN9lo92OUDmKMy8Zlej/NRYJpAlLyTVzS+SPVqsYdnQn+3myj3SrJwP2PlDyzycxhnmttzULu4+zHbLCoJXB3RK3VJNw2rh0VNkRzl51ooUY2MLR/OndkbMi8TIB0kyKZcVwLXQk/5MGCitCY2sfuIY1+yuvxvQ/rlev0/eyikQ5KSew42hUGIf/0ygN3QK5Vj0DRmaYTEHyp/a5z2WXb9Itx1faOif2ZfnMEjYQ1wad7MeAa/iOnc8poGiSY5o6tBY0PvT9uBeigOZNTv47rdJ6Y+gmF3BIKIjhBTZWLloQQ7P3rqr6GLbFNd33ob3+qg6N2UEFlOHBKwXoUMZ0aN1R76qR8ZBtrJtYddt0clqYBaeoC1/AcNtKRKErB8kr4Gq6SQcah76XTNet9Q/4NnmtzGw== files/ssh/monitor_ssh.pub
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDew0EcUpfLjAAZbg6tkl5yRK/wya3TZugS0fbtC0ksG+A114XHJvSZH24nDAUFvV13SoGs5HunvXwnbt2S45Di8GPQXos8tLFP+Eh4ypnQJJaunYidEuYK2CG38zOGakX1y/ppKMrGAO6GiUi9ebR5DcJrXupyJBUsmKNsiV1sfekUvcFGBT5otZJwgNriIa3FjEDso6e5is7SfaBHTKAAXYKdnV1J89Y8lwuElrdBaW3N5q/IrNVt0d3LwOKCgupMz+pRGNAeOAXkAMwXjrr3RIqrnKpxAb32CFBh5MmSDMWxU3UInH+iyMUklMrJfUWfvEUF87dkJi6wWcck/VyB users/catalog_testuser/catalog_testuser_ssh.pub
diff --git a/tests/puppet/provider/nodes/single.json b/tests/puppet/provider/nodes/single.json
index fd9e4065..ca358cc5 100644
--- a/tests/puppet/provider/nodes/single.json
+++ b/tests/puppet/provider/nodes/single.json
@@ -1,12 +1,9 @@
{
- "ip_address": "1.1.1.1",
+ "ip_address": "10.5.5.101",
"services": [
"couchdb",
- "soledad",
- "webapp",
"mx",
- //"static"
- "monitor"
- ],
- "tags": ["single"]
+ "soledad",
+ "webapp"
+ ]
}
diff --git a/tests/puppet/provider/secrets.json b/tests/puppet/provider/secrets.json
deleted file mode 100644
index b5ac725d..00000000
--- a/tests/puppet/provider/secrets.json
+++ /dev/null
@@ -1,20 +0,0 @@
-{
- "single": {
- "api_monitor_auth_token": "FUwtxrjhnpr2VDrCbdnbHguBAyPgrAt2",
- "couch_admin_password": "cAUss5uM2nhnNsJPtn9rIEpv3BZBSNJd",
- "couch_admin_password_salt": "7331473921a67d7cd2c9f66991672c5c",
- "couch_leap_mx_password": "hBg7mw4sbZYWWyWwvzv37whcFeQBmVTK",
- "couch_leap_mx_password_salt": "f9da31c9d4877adc426a1a8333ea6709",
- "couch_nickserver_password": "e5VbYLky3NuccxTugAKSBmPCWgeetfne",
- "couch_nickserver_password_salt": "fe9b943d7a70db61663f7549a06b209c",
- "couch_replication_password": "nQWJtPJr8fZfcwMScdtxVALZPqEgfu8Y",
- "couch_replication_password_salt": "7b6e739cfdf8dff346ad4ef1d15d00f0",
- "couch_soledad_password": "UZDxFE2PMBqSVT3UkjwcDnbRLRBNYUq3",
- "couch_soledad_password_salt": "a2a3b37661a1bd54198d3f8418010719",
- "couch_webapp_password": "FKAgaDnmC8usduJcTMs79HdLsPnhkJL5",
- "couch_webapp_password_salt": "e8a8e58d42aec9cc04e943e1e972cccf",
- "nagios_admin_password": "dDrLfp2FqFE2Y9fz7PMdveAUHwf3DLuC",
- "nagios_test_password": "574EHS3bTWF5p7WnKJSZf78ZUEuU37E3",
- "webapp_secret_token": "tKHqE8FwL3XRTYE34bY5yQYaJXN3pTnq"
- }
-}
diff --git a/tests/puppet/provider/tags/single.json b/tests/puppet/provider/tags/single.json
deleted file mode 100644
index d856c6ee..00000000
--- a/tests/puppet/provider/tags/single.json
+++ /dev/null
@@ -1,4 +0,0 @@
-{
- "environment": "single"
-
-}
diff --git a/tests/puppet/provider/users/catalog_testuser/catalog_testuser_ssh.pub b/tests/puppet/provider/users/catalog_testuser/catalog_testuser_ssh.pub
deleted file mode 100644
index e6b43568..00000000
--- a/tests/puppet/provider/users/catalog_testuser/catalog_testuser_ssh.pub
+++ /dev/null
@@ -1 +0,0 @@
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDew0EcUpfLjAAZbg6tkl5yRK/wya3TZugS0fbtC0ksG+A114XHJvSZH24nDAUFvV13SoGs5HunvXwnbt2S45Di8GPQXos8tLFP+Eh4ypnQJJaunYidEuYK2CG38zOGakX1y/ppKMrGAO6GiUi9ebR5DcJrXupyJBUsmKNsiV1sfekUvcFGBT5otZJwgNriIa3FjEDso6e5is7SfaBHTKAAXYKdnV1J89Y8lwuElrdBaW3N5q/IrNVt0d3LwOKCgupMz+pRGNAeOAXkAMwXjrr3RIqrnKpxAb32CFBh5MmSDMWxU3UInH+iyMUklMrJfUWfvEUF87dkJi6wWcck/VyB varac@rocinante
diff --git a/tests/puppet/provider/users/gitlab-runner/gitlab-runner_ssh.pub b/tests/puppet/provider/users/gitlab-runner/gitlab-runner_ssh.pub
new file mode 100644
index 00000000..1a3c370d
--- /dev/null
+++ b/tests/puppet/provider/users/gitlab-runner/gitlab-runner_ssh.pub
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDkRxRRgaSmpzm1tOJMmvOrge/V7fQ9O0q/A+Ez0OlC0LC25ar0gPtm2aKjk3sIThA/C4jA9pGKn4Bi2TEh70NEUoTsrpRfFa8t3VRi3AdvMQ1gHdz53rZ+ZEk92Jf9DyP7pvJa0rKAL02bMAIugDqXXIW4KfrBZYZ30xCUywgl/0pqaQKidi2sFiFMeC36mW/YiomgXq6zmdZAI7h3/Vn4QWFVl/JJr+5MSVfYdG8wWgdnddAUC6gvsYsFP48e+gBeK0ueqHVMrEj2MB7WQ9h9zqPwzdcB6LcdbMgiFxxgpSdyy1DP4AW6PYkTOHPo4GjdU8/THXB9Ad/kr8vk7fOf gitlab-runner@greyhound
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-05 18:50:57 +0000