summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--.gitignore1
-rw-r--r--Rakefile42
m---------puppet/modules/apache0
m---------puppet/modules/backupninja0
m---------puppet/modules/bundler0
m---------puppet/modules/couchdb0
m---------puppet/modules/nagios0
m---------puppet/modules/rubygems0
-rw-r--r--puppet/modules/site_nagios/manifests/server.pp2
-rw-r--r--puppet/modules/site_openvpn/manifests/server_config.pp8
m---------puppet/modules/tor0
11 files changed, 32 insertions, 21 deletions
diff --git a/.gitignore b/.gitignore
index 30792935..146a1006 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,3 @@
/.vagrant
/puppet/modules/site_custom
+Gemfile.lock
diff --git a/Rakefile b/Rakefile
index 8f7a9686..0d1b18ad 100644
--- a/Rakefile
+++ b/Rakefile
@@ -3,11 +3,12 @@ require 'puppet-lint/tasks/puppet-lint'
require 'puppet-syntax/tasks/puppet-syntax'
# return list of modules, either
-# submodules or custom modules
+# submodules, custom or all modules
# so we can check each array seperately
def modules_pattern (type)
submodules = Array.new
custom_modules = Array.new
+ all_modules = Array.new
Dir['puppet/modules/*'].sort.each do |m|
system("grep -q #{m} .gitmodules")
@@ -16,32 +17,41 @@ def modules_pattern (type)
else
custom_modules << m + '/**/*.pp'
end
+ all_modules << m + '/**/*.pp'
end
- if type == 'submodule'
- submodules
- elsif type == 'custom'
- custom_modules
- else
+ case type
+ when 'submodule'
+ submodules
+ when 'custom'
+ custom_modules
+ when 'all'
+ all_modules
end
-
end
+exclude_paths = ["**/vendor/**/*", "spec/fixtures/**/*", "pkg/**/*" ]
-
-# redefine lint task with specific configuration
+# redefine lint task so we don't lint submoudules for now
Rake::Task[:lint].clear
-desc "boo"
PuppetLint::RakeTask.new :lint do |config|
- # Pattern of files to check, defaults to `**/*.pp`
- config.pattern = modules_pattern('custom')
- config.ignore_paths = ["spec/**/*.pp", "pkg/**/*.pp", "vendor/**/*.pp"]
+ # only check for custom manifests, not submodules for now
+ config.pattern = modules_pattern('custom')
+ config.ignore_paths = exclude_paths
config.disable_checks = ['documentation', '80chars']
config.fail_on_warnings = false
end
# rake syntax::* tasks
-PuppetSyntax.exclude_paths = ["**/vendor/**/*"]
+PuppetSyntax.exclude_paths = exclude_paths
+PuppetSyntax.future_parser = true
+
+desc "Validate erb templates"
+task :templates do
+ Dir['**/templates/**/*.erb'].each do |template|
+ sh "erb -P -x -T '-' #{template} | ruby -c" unless template =~ /.*vendor.*/
+ end
+end
-desc "Run all puppet checks required for CI"
-task :test => [:lint, :syntax , :validate, :spec]
+desc "Run all puppet checks required for CI (syntax , validate, spec, lint)"
+task :test => [:syntax , :validate, :templates, :spec, :lint]
diff --git a/puppet/modules/apache b/puppet/modules/apache
-Subproject 117bed9a9263c21d253d86b667eb165948efdc2
+Subproject 415e9504f99dca3ccaa4dfd389dde24ad9d0e01
diff --git a/puppet/modules/backupninja b/puppet/modules/backupninja
-Subproject 497513547be79f9d3c8e96f1650ec43ee634b27
+Subproject 5268a87c329f895017f8ea6c6abc377a4f9a6a7
diff --git a/puppet/modules/bundler b/puppet/modules/bundler
-Subproject b4a4a8434616247156e59b860b47cc6256ead8d
+Subproject bacec3e072649be4ade56f7df8506b46ae9c516
diff --git a/puppet/modules/couchdb b/puppet/modules/couchdb
-Subproject 40d2289f8e10625cd45fdccdf492b5fb6490e66
+Subproject 76ff149a095023611c05bbb00157d06f87b07c0
diff --git a/puppet/modules/nagios b/puppet/modules/nagios
-Subproject 68dab01a85996e14efcccf856b623a2caf25782
+Subproject e6fee3c731f68ccf8b6add8ada2162c7ad2b840
diff --git a/puppet/modules/rubygems b/puppet/modules/rubygems
-Subproject e704c9fe1c40fea5b10fe3ca2b4f5de825341cc
+Subproject 510a3693eab5dc78ed27d3728ee4d3b12334ea1
diff --git a/puppet/modules/site_nagios/manifests/server.pp b/puppet/modules/site_nagios/manifests/server.pp
index aa9b956e..6537124d 100644
--- a/puppet/modules/site_nagios/manifests/server.pp
+++ b/puppet/modules/site_nagios/manifests/server.pp
@@ -59,7 +59,7 @@ class site_nagios::server inherits nagios::base {
include site_webapp::common_vhost
include apache::module::headers
- File ['nagios_htpasswd'] {
+ File['nagios_htpasswd'] {
source => undef,
content => "nagiosadmin:${nagiosadmin_pw}",
mode => '0640',
diff --git a/puppet/modules/site_openvpn/manifests/server_config.pp b/puppet/modules/site_openvpn/manifests/server_config.pp
index 6decc665..15e6fb38 100644
--- a/puppet/modules/site_openvpn/manifests/server_config.pp
+++ b/puppet/modules/site_openvpn/manifests/server_config.pp
@@ -30,7 +30,7 @@
# auth SHA1
#
# dkg: For HMAC digest to authenticate packets, we just want SHA256. OpenVPN lists
-# a number of “digest” with names like “RSA-SHA256”, but this are legacy and
+# a number of "digest" with names like "RSA-SHA256", but this are legacy and
# should be avoided.
#
# elijah: i am not so sure that the digest algo matters for 'auth' option, because
@@ -40,14 +40,14 @@
# cipher AES-128-CBC
#
# dkg: For the choice of cipher, we need to select an algorithm and a
-# cipher mode. OpenVPN defaults to Blowfish, which is a fine algorithm — but
+# cipher mode. OpenVPN defaults to Blowfish, which is a fine algorithm - but
# our control channel is already relying on AES not being broken; if the
# control channel is cracked, then the key material for the tunnel is exposed,
# and the choice of algorithm is moot. So it makes more sense to me to rely on
# the same cipher here: AES128. As for the cipher mode, OFB seems cleaner to
# me, but CBC is more well-tested, and the OpenVPN man page (at least as of
-# version 2.2.1) says “CBC is recommended and CFB and OFB should be considered
-# advanced modes.”
+# version 2.2.1) says "CBC is recommended and CFB and OFB should be considered
+# advanced modes."
#
# note: the default is BF-CBC (blowfish)
#
diff --git a/puppet/modules/tor b/puppet/modules/tor
-Subproject 8c936c166b6da1ebd0e8d95e56ceee5167357d6
+Subproject 9981a70f7ba1f9e4fe33e4eb46654295287c1fc