From a5809e45e1f8d34c88713b3c7782a4e78bb50c51 Mon Sep 17 00:00:00 2001 From: varac Date: Mon, 25 Apr 2016 13:11:25 -0300 Subject: Add syntaxcheck and lint rake tasks to platform `rake test` will run all puppet checks required for CI (syntax , validate, templates, spec, lint). We ignore lint checks for submodules for now because puppet-lint would complain a lot! --- Rakefile | 42 ++++++++++++++++++++++++++---------------- 1 file changed, 26 insertions(+), 16 deletions(-) diff --git a/Rakefile b/Rakefile index 8f7a9686..0d1b18ad 100644 --- a/Rakefile +++ b/Rakefile @@ -3,11 +3,12 @@ require 'puppet-lint/tasks/puppet-lint' require 'puppet-syntax/tasks/puppet-syntax' # return list of modules, either -# submodules or custom modules +# submodules, custom or all modules # so we can check each array seperately def modules_pattern (type) submodules = Array.new custom_modules = Array.new + all_modules = Array.new Dir['puppet/modules/*'].sort.each do |m| system("grep -q #{m} .gitmodules") @@ -16,32 +17,41 @@ def modules_pattern (type) else custom_modules << m + '/**/*.pp' end + all_modules << m + '/**/*.pp' end - if type == 'submodule' - submodules - elsif type == 'custom' - custom_modules - else + case type + when 'submodule' + submodules + when 'custom' + custom_modules + when 'all' + all_modules end - end +exclude_paths = ["**/vendor/**/*", "spec/fixtures/**/*", "pkg/**/*" ] - -# redefine lint task with specific configuration +# redefine lint task so we don't lint submoudules for now Rake::Task[:lint].clear -desc "boo" PuppetLint::RakeTask.new :lint do |config| - # Pattern of files to check, defaults to `**/*.pp` - config.pattern = modules_pattern('custom') - config.ignore_paths = ["spec/**/*.pp", "pkg/**/*.pp", "vendor/**/*.pp"] + # only check for custom manifests, not submodules for now + config.pattern = modules_pattern('custom') + config.ignore_paths = exclude_paths config.disable_checks = ['documentation', '80chars'] config.fail_on_warnings = false end # rake syntax::* tasks -PuppetSyntax.exclude_paths = ["**/vendor/**/*"] +PuppetSyntax.exclude_paths = exclude_paths +PuppetSyntax.future_parser = true + +desc "Validate erb templates" +task :templates do + Dir['**/templates/**/*.erb'].each do |template| + sh "erb -P -x -T '-' #{template} | ruby -c" unless template =~ /.*vendor.*/ + end +end -desc "Run all puppet checks required for CI" -task :test => [:lint, :syntax , :validate, :spec] +desc "Run all puppet checks required for CI (syntax , validate, spec, lint)" +task :test => [:syntax , :validate, :templates, :spec, :lint] -- cgit v1.2.3 From 112e8e98bca4a11a068cc771e41d4b819da4ef52 Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 28 Apr 2016 13:48:06 +0200 Subject: [lint] make future parser happy --- puppet/modules/site_nagios/manifests/server.pp | 2 +- puppet/modules/site_openvpn/manifests/server_config.pp | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/puppet/modules/site_nagios/manifests/server.pp b/puppet/modules/site_nagios/manifests/server.pp index aa9b956e..6537124d 100644 --- a/puppet/modules/site_nagios/manifests/server.pp +++ b/puppet/modules/site_nagios/manifests/server.pp @@ -59,7 +59,7 @@ class site_nagios::server inherits nagios::base { include site_webapp::common_vhost include apache::module::headers - File ['nagios_htpasswd'] { + File['nagios_htpasswd'] { source => undef, content => "nagiosadmin:${nagiosadmin_pw}", mode => '0640', diff --git a/puppet/modules/site_openvpn/manifests/server_config.pp b/puppet/modules/site_openvpn/manifests/server_config.pp index 6decc665..15e6fb38 100644 --- a/puppet/modules/site_openvpn/manifests/server_config.pp +++ b/puppet/modules/site_openvpn/manifests/server_config.pp @@ -30,7 +30,7 @@ # auth SHA1 # # dkg: For HMAC digest to authenticate packets, we just want SHA256. OpenVPN lists -# a number of “digest” with names like “RSA-SHA256”, but this are legacy and +# a number of "digest" with names like "RSA-SHA256", but this are legacy and # should be avoided. # # elijah: i am not so sure that the digest algo matters for 'auth' option, because @@ -40,14 +40,14 @@ # cipher AES-128-CBC # # dkg: For the choice of cipher, we need to select an algorithm and a -# cipher mode. OpenVPN defaults to Blowfish, which is a fine algorithm — but +# cipher mode. OpenVPN defaults to Blowfish, which is a fine algorithm - but # our control channel is already relying on AES not being broken; if the # control channel is cracked, then the key material for the tunnel is exposed, # and the choice of algorithm is moot. So it makes more sense to me to rely on # the same cipher here: AES128. As for the cipher mode, OFB seems cleaner to # me, but CBC is more well-tested, and the OpenVPN man page (at least as of -# version 2.2.1) says “CBC is recommended and CFB and OFB should be considered -# advanced modes.” +# version 2.2.1) says "CBC is recommended and CFB and OFB should be considered +# advanced modes." # # note: the default is BF-CBC (blowfish) # -- cgit v1.2.3 From 8a7d6ae5bac366431cec2e4c281271334d3769fd Mon Sep 17 00:00:00 2001 From: varac Date: Tue, 17 May 2016 11:40:22 +0200 Subject: ignore Gemfile.lock --- .gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitignore b/.gitignore index 30792935..146a1006 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ /.vagrant /puppet/modules/site_custom +Gemfile.lock -- cgit v1.2.3 From 3e63ce3c71620433dc135959b2743aa010b28fe1 Mon Sep 17 00:00:00 2001 From: varac Date: Tue, 17 May 2016 12:52:57 +0200 Subject: update submodules so "rake test" doesnt complain anymore --- puppet/modules/apache | 2 +- puppet/modules/backupninja | 2 +- puppet/modules/bundler | 2 +- puppet/modules/couchdb | 2 +- puppet/modules/nagios | 2 +- puppet/modules/rubygems | 2 +- puppet/modules/tor | 2 +- 7 files changed, 7 insertions(+), 7 deletions(-) diff --git a/puppet/modules/apache b/puppet/modules/apache index 117bed9a..415e9504 160000 --- a/puppet/modules/apache +++ b/puppet/modules/apache @@ -1 +1 @@ -Subproject commit 117bed9a9263c21d253d86b667eb165948efdc24 +Subproject commit 415e9504f99dca3ccaa4dfd389dde24ad9d0e01c diff --git a/puppet/modules/backupninja b/puppet/modules/backupninja index 49751354..5268a87c 160000 --- a/puppet/modules/backupninja +++ b/puppet/modules/backupninja @@ -1 +1 @@ -Subproject commit 497513547be79f9d3c8e96f1650ec43ee634b277 +Subproject commit 5268a87c329f895017f8ea6c6abc377a4f9a6a77 diff --git a/puppet/modules/bundler b/puppet/modules/bundler index b4a4a843..bacec3e0 160000 --- a/puppet/modules/bundler +++ b/puppet/modules/bundler @@ -1 +1 @@ -Subproject commit b4a4a8434616247156e59b860b47cc6256ead8d1 +Subproject commit bacec3e072649be4ade56f7df8506b46ae9c5166 diff --git a/puppet/modules/couchdb b/puppet/modules/couchdb index 40d2289f..76ff149a 160000 --- a/puppet/modules/couchdb +++ b/puppet/modules/couchdb @@ -1 +1 @@ -Subproject commit 40d2289f8e10625cd45fdccdf492b5fb6490e66d +Subproject commit 76ff149a095023611c05bbb00157d06f87b07c05 diff --git a/puppet/modules/nagios b/puppet/modules/nagios index 68dab01a..e6fee3c7 160000 --- a/puppet/modules/nagios +++ b/puppet/modules/nagios @@ -1 +1 @@ -Subproject commit 68dab01a85996e14efcccf856b623a2caf257823 +Subproject commit e6fee3c731f68ccf8b6add8ada2162c7ad2b8407 diff --git a/puppet/modules/rubygems b/puppet/modules/rubygems index e704c9fe..510a3693 160000 --- a/puppet/modules/rubygems +++ b/puppet/modules/rubygems @@ -1 +1 @@ -Subproject commit e704c9fe1c40fea5b10fe3ca2b4f5de825341cc6 +Subproject commit 510a3693eab5dc78ed27d3728ee4d3b12334ea12 diff --git a/puppet/modules/tor b/puppet/modules/tor index 8c936c16..9981a70f 160000 --- a/puppet/modules/tor +++ b/puppet/modules/tor @@ -1 +1 @@ -Subproject commit 8c936c166b6da1ebd0e8d95e56ceee5167357d63 +Subproject commit 9981a70f7ba1f9e4fe33e4eb46654295287c1fc1 -- cgit v1.2.3