diff options
-rw-r--r-- | .gitignore | 1 | ||||
-rw-r--r-- | Rakefile | 42 | ||||
m--------- | puppet/modules/apache | 0 | ||||
m--------- | puppet/modules/backupninja | 0 | ||||
m--------- | puppet/modules/bundler | 0 | ||||
m--------- | puppet/modules/couchdb | 0 | ||||
m--------- | puppet/modules/nagios | 0 | ||||
m--------- | puppet/modules/rubygems | 0 | ||||
-rw-r--r-- | puppet/modules/site_nagios/manifests/server.pp | 2 | ||||
-rw-r--r-- | puppet/modules/site_openvpn/manifests/server_config.pp | 8 | ||||
m--------- | puppet/modules/tor | 0 |
11 files changed, 32 insertions, 21 deletions
@@ -1,2 +1,3 @@ /.vagrant /puppet/modules/site_custom +Gemfile.lock @@ -3,11 +3,12 @@ require 'puppet-lint/tasks/puppet-lint' require 'puppet-syntax/tasks/puppet-syntax' # return list of modules, either -# submodules or custom modules +# submodules, custom or all modules # so we can check each array seperately def modules_pattern (type) submodules = Array.new custom_modules = Array.new + all_modules = Array.new Dir['puppet/modules/*'].sort.each do |m| system("grep -q #{m} .gitmodules") @@ -16,32 +17,41 @@ def modules_pattern (type) else custom_modules << m + '/**/*.pp' end + all_modules << m + '/**/*.pp' end - if type == 'submodule' - submodules - elsif type == 'custom' - custom_modules - else + case type + when 'submodule' + submodules + when 'custom' + custom_modules + when 'all' + all_modules end - end +exclude_paths = ["**/vendor/**/*", "spec/fixtures/**/*", "pkg/**/*" ] - -# redefine lint task with specific configuration +# redefine lint task so we don't lint submoudules for now Rake::Task[:lint].clear -desc "boo" PuppetLint::RakeTask.new :lint do |config| - # Pattern of files to check, defaults to `**/*.pp` - config.pattern = modules_pattern('custom') - config.ignore_paths = ["spec/**/*.pp", "pkg/**/*.pp", "vendor/**/*.pp"] + # only check for custom manifests, not submodules for now + config.pattern = modules_pattern('custom') + config.ignore_paths = exclude_paths config.disable_checks = ['documentation', '80chars'] config.fail_on_warnings = false end # rake syntax::* tasks -PuppetSyntax.exclude_paths = ["**/vendor/**/*"] +PuppetSyntax.exclude_paths = exclude_paths +PuppetSyntax.future_parser = true + +desc "Validate erb templates" +task :templates do + Dir['**/templates/**/*.erb'].each do |template| + sh "erb -P -x -T '-' #{template} | ruby -c" unless template =~ /.*vendor.*/ + end +end -desc "Run all puppet checks required for CI" -task :test => [:lint, :syntax , :validate, :spec] +desc "Run all puppet checks required for CI (syntax , validate, spec, lint)" +task :test => [:syntax , :validate, :templates, :spec, :lint] diff --git a/puppet/modules/apache b/puppet/modules/apache -Subproject 117bed9a9263c21d253d86b667eb165948efdc2 +Subproject 415e9504f99dca3ccaa4dfd389dde24ad9d0e01 diff --git a/puppet/modules/backupninja b/puppet/modules/backupninja -Subproject 497513547be79f9d3c8e96f1650ec43ee634b27 +Subproject 5268a87c329f895017f8ea6c6abc377a4f9a6a7 diff --git a/puppet/modules/bundler b/puppet/modules/bundler -Subproject b4a4a8434616247156e59b860b47cc6256ead8d +Subproject bacec3e072649be4ade56f7df8506b46ae9c516 diff --git a/puppet/modules/couchdb b/puppet/modules/couchdb -Subproject 40d2289f8e10625cd45fdccdf492b5fb6490e66 +Subproject 76ff149a095023611c05bbb00157d06f87b07c0 diff --git a/puppet/modules/nagios b/puppet/modules/nagios -Subproject 68dab01a85996e14efcccf856b623a2caf25782 +Subproject e6fee3c731f68ccf8b6add8ada2162c7ad2b840 diff --git a/puppet/modules/rubygems b/puppet/modules/rubygems -Subproject e704c9fe1c40fea5b10fe3ca2b4f5de825341cc +Subproject 510a3693eab5dc78ed27d3728ee4d3b12334ea1 diff --git a/puppet/modules/site_nagios/manifests/server.pp b/puppet/modules/site_nagios/manifests/server.pp index aa9b956e..6537124d 100644 --- a/puppet/modules/site_nagios/manifests/server.pp +++ b/puppet/modules/site_nagios/manifests/server.pp @@ -59,7 +59,7 @@ class site_nagios::server inherits nagios::base { include site_webapp::common_vhost include apache::module::headers - File ['nagios_htpasswd'] { + File['nagios_htpasswd'] { source => undef, content => "nagiosadmin:${nagiosadmin_pw}", mode => '0640', diff --git a/puppet/modules/site_openvpn/manifests/server_config.pp b/puppet/modules/site_openvpn/manifests/server_config.pp index 6decc665..15e6fb38 100644 --- a/puppet/modules/site_openvpn/manifests/server_config.pp +++ b/puppet/modules/site_openvpn/manifests/server_config.pp @@ -30,7 +30,7 @@ # auth SHA1 # # dkg: For HMAC digest to authenticate packets, we just want SHA256. OpenVPN lists -# a number of “digest” with names like “RSA-SHA256”, but this are legacy and +# a number of "digest" with names like "RSA-SHA256", but this are legacy and # should be avoided. # # elijah: i am not so sure that the digest algo matters for 'auth' option, because @@ -40,14 +40,14 @@ # cipher AES-128-CBC # # dkg: For the choice of cipher, we need to select an algorithm and a -# cipher mode. OpenVPN defaults to Blowfish, which is a fine algorithm — but +# cipher mode. OpenVPN defaults to Blowfish, which is a fine algorithm - but # our control channel is already relying on AES not being broken; if the # control channel is cracked, then the key material for the tunnel is exposed, # and the choice of algorithm is moot. So it makes more sense to me to rely on # the same cipher here: AES128. As for the cipher mode, OFB seems cleaner to # me, but CBC is more well-tested, and the OpenVPN man page (at least as of -# version 2.2.1) says “CBC is recommended and CFB and OFB should be considered -# advanced modes.” +# version 2.2.1) says "CBC is recommended and CFB and OFB should be considered +# advanced modes." # # note: the default is BF-CBC (blowfish) # diff --git a/puppet/modules/tor b/puppet/modules/tor -Subproject 8c936c166b6da1ebd0e8d95e56ceee5167357d6 +Subproject 9981a70f7ba1f9e4fe33e4eb46654295287c1fc |