From 148361ca71e944d5d15a8b54e366f2dc821b8361 Mon Sep 17 00:00:00 2001 From: intrigeri Date: Thu, 22 Sep 2016 09:08:45 +0000 Subject: Drop owner, group and mode for concat::fragment. These parameters are not supported anymore in recent versions of the concat module. Besides, they make little sense since what matters is the ownership and permissions of the resulting, merged file. --- manifests/daemon/base.pp | 6 ------ manifests/daemon/bridge.pp | 3 --- manifests/daemon/control.pp | 3 --- manifests/daemon/directory.pp | 3 --- manifests/daemon/dns.pp | 3 --- manifests/daemon/exit_policy.pp | 3 --- manifests/daemon/hidden_service.pp | 3 --- manifests/daemon/map_address.pp | 3 --- manifests/daemon/relay.pp | 3 --- manifests/daemon/snippet.pp | 3 --- manifests/daemon/socks.pp | 3 --- manifests/daemon/transparent.pp | 3 --- 12 files changed, 39 deletions(-) diff --git a/manifests/daemon/base.pp b/manifests/daemon/base.pp index c0b1640..b6b3aa8 100644 --- a/manifests/daemon/base.pp +++ b/manifests/daemon/base.pp @@ -58,9 +58,6 @@ class tor::daemon::base inherits tor::base { concat::fragment { '00.header': ensure => present, content => template('tor/torrc.header.erb'), - owner => 'debian-tor', - group => 'debian-tor', - mode => '0644', order => 00, target => $tor::daemon::config_file, } @@ -68,9 +65,6 @@ class tor::daemon::base inherits tor::base { # global configurations concat::fragment { '01.global': content => template('tor/torrc.global.erb'), - owner => 'debian-tor', - group => 'debian-tor', - mode => '0644', order => 01, target => $tor::daemon::config_file, } diff --git a/manifests/daemon/bridge.pp b/manifests/daemon/bridge.pp index 063f565..83d74e0 100644 --- a/manifests/daemon/bridge.pp +++ b/manifests/daemon/bridge.pp @@ -8,9 +8,6 @@ define tor::daemon::bridge( concat::fragment { "10.bridge.${name}": ensure => $ensure, content => template('tor/torrc.bridge.erb'), - owner => 'debian-tor', - group => 'debian-tor', - mode => '0644', order => 10, target => $tor::daemon::config_file, } diff --git a/manifests/daemon/control.pp b/manifests/daemon/control.pp index d19a1db..ee425f3 100644 --- a/manifests/daemon/control.pp +++ b/manifests/daemon/control.pp @@ -21,9 +21,6 @@ define tor::daemon::control( concat::fragment { '04.control': ensure => $ensure, content => template('tor/torrc.control.erb'), - owner => 'debian-tor', - group => 'debian-tor', - mode => '0600', order => 04, target => $tor::daemon::config_file, } diff --git a/manifests/daemon/directory.pp b/manifests/daemon/directory.pp index d877a86..e2e405d 100644 --- a/manifests/daemon/directory.pp +++ b/manifests/daemon/directory.pp @@ -8,9 +8,6 @@ define tor::daemon::directory ( concat::fragment { '06.directory': ensure => $ensure, content => template('tor/torrc.directory.erb'), - owner => 'debian-tor', - group => 'debian-tor', - mode => '0644', order => 06, target => $tor::daemon::config_file, } diff --git a/manifests/daemon/dns.pp b/manifests/daemon/dns.pp index 4677f24..e8d4fc8 100644 --- a/manifests/daemon/dns.pp +++ b/manifests/daemon/dns.pp @@ -7,9 +7,6 @@ define tor::daemon::dns( concat::fragment { "08.dns.${name}": ensure => $ensure, content => template('tor/torrc.dns.erb'), - owner => 'debian-tor', - group => 'debian-tor', - mode => '0644', order => '08', target => $tor::daemon::config_file, } diff --git a/manifests/daemon/exit_policy.pp b/manifests/daemon/exit_policy.pp index f459ece..df0fb99 100644 --- a/manifests/daemon/exit_policy.pp +++ b/manifests/daemon/exit_policy.pp @@ -8,9 +8,6 @@ define tor::daemon::exit_policy( concat::fragment { "07.exit_policy.${name}": ensure => $ensure, content => template('tor/torrc.exit_policy.erb'), - owner => 'debian-tor', - group => 'debian-tor', - mode => '0644', order => 07, target => $tor::daemon::config_file, } diff --git a/manifests/daemon/hidden_service.pp b/manifests/daemon/hidden_service.pp index c827211..b54aa44 100644 --- a/manifests/daemon/hidden_service.pp +++ b/manifests/daemon/hidden_service.pp @@ -7,9 +7,6 @@ define tor::daemon::hidden_service( concat::fragment { "05.hidden_service.${name}": ensure => $ensure, content => template('tor/torrc.hidden_service.erb'), - owner => 'debian-tor', - group => 'debian-tor', - mode => '0644', order => 05, target => $tor::daemon::config_file, } diff --git a/manifests/daemon/map_address.pp b/manifests/daemon/map_address.pp index 270eac2..ac624a0 100644 --- a/manifests/daemon/map_address.pp +++ b/manifests/daemon/map_address.pp @@ -7,9 +7,6 @@ define tor::daemon::map_address( concat::fragment { "08.map_address.${name}": ensure => $ensure, content => template('tor/torrc.map_address.erb'), - owner => 'debian-tor', - group => 'debian-tor', - mode => '0644', order => '08', target => $tor::daemon::config_file, } diff --git a/manifests/daemon/relay.pp b/manifests/daemon/relay.pp index ff52893..555587c 100644 --- a/manifests/daemon/relay.pp +++ b/manifests/daemon/relay.pp @@ -33,9 +33,6 @@ define tor::daemon::relay( concat::fragment { '03.relay': ensure => $ensure, content => template('tor/torrc.relay.erb'), - owner => 'debian-tor', - group => 'debian-tor', - mode => '0644', order => 03, target => $tor::daemon::config_file, } diff --git a/manifests/daemon/snippet.pp b/manifests/daemon/snippet.pp index b9089b4..7e1494c 100644 --- a/manifests/daemon/snippet.pp +++ b/manifests/daemon/snippet.pp @@ -6,9 +6,6 @@ define tor::daemon::snippet( concat::fragment { "99.snippet.${name}": ensure => $ensure, content => $content, - owner => 'debian-tor', - group => 'debian-tor', - mode => '0644', order => 99, target => $tor::daemon::config_file, } diff --git a/manifests/daemon/socks.pp b/manifests/daemon/socks.pp index 910461c..54c8b6a 100644 --- a/manifests/daemon/socks.pp +++ b/manifests/daemon/socks.pp @@ -6,9 +6,6 @@ define tor::daemon::socks( concat::fragment { '02.socks': content => template('tor/torrc.socks.erb'), - owner => 'debian-tor', - group => 'debian-tor', - mode => '0644', order => 02, target => $tor::daemon::config_file, } diff --git a/manifests/daemon/transparent.pp b/manifests/daemon/transparent.pp index 65d744f..6ac7b44 100644 --- a/manifests/daemon/transparent.pp +++ b/manifests/daemon/transparent.pp @@ -7,9 +7,6 @@ define tor::daemon::transparent( concat::fragment { "09.transparent.${name}": ensure => $ensure, content => template('tor/torrc.transparent.erb'), - owner => 'debian-tor', - group => 'debian-tor', - mode => '0644', order => '09', target => $tor::daemon::config_file, } -- cgit v1.2.3 From 3205c24cfcbac7a20bd8b43166f88c00ebe3cdee Mon Sep 17 00:00:00 2001 From: intrigeri Date: Thu, 22 Sep 2016 09:34:06 +0000 Subject: Subscribe to the Concat resource, not to the File one. This is needed with recent versions of the concat module. --- manifests/daemon/base.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/daemon/base.pp b/manifests/daemon/base.pp index b6b3aa8..c0c82ac 100644 --- a/manifests/daemon/base.pp +++ b/manifests/daemon/base.pp @@ -2,7 +2,7 @@ class tor::daemon::base inherits tor::base { # packages, user, group Service['tor'] { - subscribe => File[$tor::daemon::config_file], + subscribe => Concat[$tor::daemon::config_file], } Package[ 'tor' ] { -- cgit v1.2.3 From 9c7d45201a81d46d2cb829d4eab5d3d65d0c4d88 Mon Sep 17 00:00:00 2001 From: guido Date: Fri, 10 Feb 2017 18:11:16 -0300 Subject: removed spaces not needed --- manifests/daemon/hidden_service.pp | 4 ---- 1 file changed, 4 deletions(-) diff --git a/manifests/daemon/hidden_service.pp b/manifests/daemon/hidden_service.pp index b77b790..07121bd 100644 --- a/manifests/daemon/hidden_service.pp +++ b/manifests/daemon/hidden_service.pp @@ -18,8 +18,4 @@ define tor::daemon::hidden_service( order => 05, target => $tor::daemon::config_file, } - - - } - -- cgit v1.2.3 From e006d181a856644c63e08bfa957b39f4e1b6216f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Louis-Philippe=20V=C3=A9ronneau?= Date: Thu, 5 Oct 2017 17:13:44 -0400 Subject: listen_addresses is an array --- README | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README b/README index 188acca..e4b8f88 100644 --- a/README +++ b/README @@ -178,7 +178,7 @@ Configuring directories An example directory configuration: tor::daemon::directory { 'ssh_directory': - port => 80, listen_address => '192.168.0.1', + port => 80, listen_addresses => '192.168.0.1', port_front_page => '/etc/tor/tor.html' } -- cgit v1.2.3 From c3dd0d46949fd9bf7eff73ff3cc58c71a05936c0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Louis-Philippe=20V=C3=A9ronneau?= Date: Thu, 5 Oct 2017 17:25:24 -0400 Subject: concat::fragment does not have an 'ensure' var anymore --- manifests/daemon/base.pp | 1 - manifests/daemon/bridge.pp | 4 +--- manifests/daemon/control.pp | 1 - manifests/daemon/directory.pp | 1 - manifests/daemon/dns.pp | 4 +--- manifests/daemon/exit_policy.pp | 4 +--- manifests/daemon/hidden_service.pp | 4 +--- manifests/daemon/map_address.pp | 4 +--- manifests/daemon/relay.pp | 1 - manifests/daemon/snippet.pp | 4 +--- manifests/daemon/transparent.pp | 4 +--- 11 files changed, 7 insertions(+), 25 deletions(-) diff --git a/manifests/daemon/base.pp b/manifests/daemon/base.pp index c0c82ac..f3bbc37 100644 --- a/manifests/daemon/base.pp +++ b/manifests/daemon/base.pp @@ -56,7 +56,6 @@ class tor::daemon::base inherits tor::base { # config file headers concat::fragment { '00.header': - ensure => present, content => template('tor/torrc.header.erb'), order => 00, target => $tor::daemon::config_file, diff --git a/manifests/daemon/bridge.pp b/manifests/daemon/bridge.pp index 83d74e0..a448f82 100644 --- a/manifests/daemon/bridge.pp +++ b/manifests/daemon/bridge.pp @@ -2,11 +2,9 @@ define tor::daemon::bridge( $ip, $port, - $fingerprint = false, - $ensure = present ) { + $fingerprint = false ) { concat::fragment { "10.bridge.${name}": - ensure => $ensure, content => template('tor/torrc.bridge.erb'), order => 10, target => $tor::daemon::config_file, diff --git a/manifests/daemon/control.pp b/manifests/daemon/control.pp index ee425f3..4137c3e 100644 --- a/manifests/daemon/control.pp +++ b/manifests/daemon/control.pp @@ -19,7 +19,6 @@ define tor::daemon::control( } concat::fragment { '04.control': - ensure => $ensure, content => template('tor/torrc.control.erb'), order => 04, target => $tor::daemon::config_file, diff --git a/manifests/daemon/directory.pp b/manifests/daemon/directory.pp index e2e405d..fa7d52d 100644 --- a/manifests/daemon/directory.pp +++ b/manifests/daemon/directory.pp @@ -6,7 +6,6 @@ define tor::daemon::directory ( $ensure = present ) { concat::fragment { '06.directory': - ensure => $ensure, content => template('tor/torrc.directory.erb'), order => 06, target => $tor::daemon::config_file, diff --git a/manifests/daemon/dns.pp b/manifests/daemon/dns.pp index e8d4fc8..e2141c9 100644 --- a/manifests/daemon/dns.pp +++ b/manifests/daemon/dns.pp @@ -1,11 +1,9 @@ # DNS definition define tor::daemon::dns( $port = 0, - $listen_addresses = [], - $ensure = present ) { + $listen_addresses = [] ) { concat::fragment { "08.dns.${name}": - ensure => $ensure, content => template('tor/torrc.dns.erb'), order => '08', target => $tor::daemon::config_file, diff --git a/manifests/daemon/exit_policy.pp b/manifests/daemon/exit_policy.pp index df0fb99..c117d5d 100644 --- a/manifests/daemon/exit_policy.pp +++ b/manifests/daemon/exit_policy.pp @@ -2,11 +2,9 @@ define tor::daemon::exit_policy( $accept = [], $reject = [], - $reject_private = 1, - $ensure = present ) { + $reject_private = 1 ) { concat::fragment { "07.exit_policy.${name}": - ensure => $ensure, content => template('tor/torrc.exit_policy.erb'), order => 07, target => $tor::daemon::config_file, diff --git a/manifests/daemon/hidden_service.pp b/manifests/daemon/hidden_service.pp index 07121bd..4549cc7 100644 --- a/manifests/daemon/hidden_service.pp +++ b/manifests/daemon/hidden_service.pp @@ -2,8 +2,7 @@ define tor::daemon::hidden_service( $ports = [], $single_hop = false, - $data_dir = $tor::daemon::data_dir, - $ensure = present ) { + $data_dir = $tor::daemon::data_dir ) { if $single_hop { @@ -13,7 +12,6 @@ define tor::daemon::hidden_service( } concat::fragment { "05.hidden_service.${name}": - ensure => $ensure, content => template('tor/torrc.hidden_service.erb'), order => 05, target => $tor::daemon::config_file, diff --git a/manifests/daemon/map_address.pp b/manifests/daemon/map_address.pp index ac624a0..1829eae 100644 --- a/manifests/daemon/map_address.pp +++ b/manifests/daemon/map_address.pp @@ -1,11 +1,9 @@ # map address definition define tor::daemon::map_address( $address = '', - $newaddress = '', - $ensure = 'present') { + $newaddress = '' ) { concat::fragment { "08.map_address.${name}": - ensure => $ensure, content => template('tor/torrc.map_address.erb'), order => '08', target => $tor::daemon::config_file, diff --git a/manifests/daemon/relay.pp b/manifests/daemon/relay.pp index 555587c..115eb25 100644 --- a/manifests/daemon/relay.pp +++ b/manifests/daemon/relay.pp @@ -31,7 +31,6 @@ define tor::daemon::relay( } concat::fragment { '03.relay': - ensure => $ensure, content => template('tor/torrc.relay.erb'), order => 03, target => $tor::daemon::config_file, diff --git a/manifests/daemon/snippet.pp b/manifests/daemon/snippet.pp index 7e1494c..5a4c091 100644 --- a/manifests/daemon/snippet.pp +++ b/manifests/daemon/snippet.pp @@ -1,10 +1,8 @@ # Arbitrary torrc snippet definition define tor::daemon::snippet( - $content = '', - $ensure = present ) { + $content = '' ) { concat::fragment { "99.snippet.${name}": - ensure => $ensure, content => $content, order => 99, target => $tor::daemon::config_file, diff --git a/manifests/daemon/transparent.pp b/manifests/daemon/transparent.pp index 6ac7b44..7115fee 100644 --- a/manifests/daemon/transparent.pp +++ b/manifests/daemon/transparent.pp @@ -1,11 +1,9 @@ # Transparent proxy definition define tor::daemon::transparent( $port = 0, - $listen_addresses = [], - $ensure = present ) { + $listen_addresses = [] ) { concat::fragment { "09.transparent.${name}": - ensure => $ensure, content => template('tor/torrc.transparent.erb'), order => '09', target => $tor::daemon::config_file, -- cgit v1.2.3 From 26f56433a57aec688a18a964751cfe08b62d9bd8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Louis-Philippe=20V=C3=A9ronneau?= Date: Wed, 11 Oct 2017 15:35:21 -0400 Subject: puppet 4 needs arrays in templates to be marked as such --- templates/torrc.directory.erb | 2 +- templates/torrc.dns.erb | 2 +- templates/torrc.exit_policy.erb | 4 ++-- templates/torrc.global.erb | 2 +- templates/torrc.hidden_service.erb | 2 +- templates/torrc.relay.erb | 4 ++-- templates/torrc.socks.erb | 4 ++-- templates/torrc.transparent.erb | 2 +- 8 files changed, 11 insertions(+), 11 deletions(-) diff --git a/templates/torrc.directory.erb b/templates/torrc.directory.erb index c7dc4ab..2eaffb7 100644 --- a/templates/torrc.directory.erb +++ b/templates/torrc.directory.erb @@ -2,7 +2,7 @@ <% if @port != '0' -%> DirPort <%= @port %> <% end -%> -<% listen_addresses.each do |listen_address| -%> +<% Array(listen_addresses).each do |listen_address| -%> DirListenAddress <%= listen_address %> <% end -%> <% if @port_front_page != '' -%> diff --git a/templates/torrc.dns.erb b/templates/torrc.dns.erb index 57cf46d..2b9ff8e 100644 --- a/templates/torrc.dns.erb +++ b/templates/torrc.dns.erb @@ -1,5 +1,5 @@ # DNS DNSPort <%= @port %> -<% @listen_addresses.each do |listen_address| -%> +<% Array(@listen_addresses).each do |listen_address| -%> DNSListenAddress <%= listen_address %> <% end -%> diff --git a/templates/torrc.exit_policy.erb b/templates/torrc.exit_policy.erb index a30d43b..5481914 100644 --- a/templates/torrc.exit_policy.erb +++ b/templates/torrc.exit_policy.erb @@ -2,10 +2,10 @@ <% if @reject_private != '1' -%> ExitPolicyRejectPrivate <%= @reject_private %> <% end -%> -<% @accept.each do |policy| -%> +<% Array(@accept).each do |policy| -%> ExitPolicy accept <%= policy %> <% end -%> -<% @reject.each do |policy| -%> +<% Array(@reject).each do |policy| -%> ExitPolicy reject <%= policy %> <% end -%> diff --git a/templates/torrc.global.erb b/templates/torrc.global.erb index a02afc8..c29b76b 100644 --- a/templates/torrc.global.erb +++ b/templates/torrc.global.erb @@ -8,7 +8,7 @@ DataDirectory <%= v %> <% if (rules=scope.lookupvar('tor::daemon::log_rules')).empty? -%> Log notice syslog <% else -%> -<% rules.each do |log_rule| -%> +<% Array(rules).each do |log_rule| -%> Log <%= log_rule %> <% end -%> <% end -%> diff --git a/templates/torrc.hidden_service.erb b/templates/torrc.hidden_service.erb index 5b6afe1..6672937 100644 --- a/templates/torrc.hidden_service.erb +++ b/templates/torrc.hidden_service.erb @@ -6,7 +6,7 @@ SOCKSPort 0 # hidden service <%= @name %> HiddenServiceDir <%= @data_dir %>/<%= @name %> -<% @ports.each do |port| -%> +<% Array(@ports).each do |port| -%> HiddenServicePort <%= port %> <% end -%> diff --git a/templates/torrc.relay.erb b/templates/torrc.relay.erb index a286459..bfe982c 100644 --- a/templates/torrc.relay.erb +++ b/templates/torrc.relay.erb @@ -1,10 +1,10 @@ # relay <% if @port != 0 -%> ORPort <%= @port %> -<% @listen_addresses.each do |listen_address| -%> +<% Array(@listen_addresses).each do |listen_address| -%> ORListenAddress <%= @listen_address %> <% end -%> -<% @real_outbound_bindaddresses.each do |outbound_bindaddress| -%> +<% Array(@real_outbound_bindaddresses).each do |outbound_bindaddress| -%> OutboundBindAddress <%= @outbound_bindaddress %> <% end -%> <% if @nickname != '' -%> diff --git a/templates/torrc.socks.erb b/templates/torrc.socks.erb index 4bc3ddc..09e13ae 100644 --- a/templates/torrc.socks.erb +++ b/templates/torrc.socks.erb @@ -1,9 +1,9 @@ # socks SocksPort <%= @port %> -<% @listen_addresses.each do |listen_address| -%> +<% Array(@listen_addresses).each do |listen_address| -%> SocksListenAddress <%= listen_address %> <% end -%> -<% @policies.each do |policy| -%> +<% Array(@policies).each do |policy| -%> SocksPolicy <%= policy %> <% end -%> diff --git a/templates/torrc.transparent.erb b/templates/torrc.transparent.erb index c683150..19a40e1 100644 --- a/templates/torrc.transparent.erb +++ b/templates/torrc.transparent.erb @@ -1,5 +1,5 @@ # Transparent proxy TransPort <%= @port %> -<% @listen_addresses.each do |listen_address| -%> +<% Array(@listen_addresses).each do |listen_address| -%> TransListenAddress <%= listen_address %> <% end -%> -- cgit v1.2.3 From 10767a0016b0f46aceab9ac97738390035a112dc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Louis-Philippe=20V=C3=A9ronneau?= Date: Wed, 11 Oct 2017 15:52:10 -0400 Subject: copy CI infra from the shared apt module as-is --- .fixtures.yml | 6 ++ .gitlab-ci.yml | 39 ++++++++++ Gemfile | 22 ++++++ Rakefile | 19 +++++ spec/acceptance/apt_spec.rb | 21 ++++++ .../acceptance/nodesets/debian-8-x86_64-docker.yml | 19 +++++ spec/acceptance/nodesets/default.yml | 1 + spec/classes/init_spec.rb | 18 +++++ spec/defines/conf_spec.rb | 74 +++++++++++++++++++ spec/defines/preferences_snippet_spec.rb | 66 +++++++++++++++++ spec/spec_helper.rb | 12 +++ spec/spec_helper_acceptance.rb | 18 +++++ spec/unit/custom_facts_spec.rb | 86 ++++++++++++++++++++++ 13 files changed, 401 insertions(+) create mode 100644 .fixtures.yml create mode 100644 .gitlab-ci.yml create mode 100644 Gemfile create mode 100644 Rakefile create mode 100644 spec/acceptance/apt_spec.rb create mode 100644 spec/acceptance/nodesets/debian-8-x86_64-docker.yml create mode 120000 spec/acceptance/nodesets/default.yml create mode 100644 spec/classes/init_spec.rb create mode 100644 spec/defines/conf_spec.rb create mode 100644 spec/defines/preferences_snippet_spec.rb create mode 100644 spec/spec_helper.rb create mode 100644 spec/spec_helper_acceptance.rb create mode 100644 spec/unit/custom_facts_spec.rb diff --git a/.fixtures.yml b/.fixtures.yml new file mode 100644 index 0000000..99efd66 --- /dev/null +++ b/.fixtures.yml @@ -0,0 +1,6 @@ +fixtures: + repositories: + "common": + "repo": "https://gitlab.com/shared-puppet-modules-group/common.git" + symlinks: + "apt": "#{source_dir}" diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml new file mode 100644 index 0000000..05430fd --- /dev/null +++ b/.gitlab-ci.yml @@ -0,0 +1,39 @@ +image: ruby:2.1 +before_script: + - bundle install --jobs $(nproc) --without system_tests --path=/var/cache/gitlab-runner/ "${FLAGS[@]}" + +.job_template: &job_definition + script: + # don't fail on lint warnings + - bundle exec rake lint || /bin/true + - bundle exec rake syntax + - bundle exec rake validate + - bundle exec rake spec + +# Default debian jessie versions +test:puppet37: + variables: + PUPPET_VERSION: "~> 3.7.2" + FACTER_VERSION: '~> 2.2.0' + <<: *job_definition + +test:puppet38_future_parser: + variables: + PUPPET_VERSION: '~> 3.8' + FACTER_VERSION: '~> 2.2.0' + FUTURE_PARSER: 'yes' + <<: *job_definition + +# Default debia stretch versions +test:puppet45: + variables: + PUPPET_VERSION: "~> 4.5.2" + FACTER_VERSION: '~> 2.4.6' + <<: *job_definition + +# Latest greatest +test:puppet4x: + variables: + PUPPET_VERSION: "> 4" + FACTER_VERSION: '> 2' + <<: *job_definition diff --git a/Gemfile b/Gemfile new file mode 100644 index 0000000..226d7ae --- /dev/null +++ b/Gemfile @@ -0,0 +1,22 @@ +source "https://rubygems.org" + +group :development, :unit_tests do + gem "rake" + gem "rspec-puppet", "~> 2.1", :require => false + gem "rspec-core" + gem "puppetlabs_spec_helper" + gem "metadata-json-lint" + gem "rspec-puppet-facts" + gem "mocha" +end + +group :system_tests do + gem 'beaker' + gem 'beaker-rspec' + gem 'beaker_spec_helper' + gem 'serverspec' +end + +gem "puppet", ENV['PUPPET_VERSION'] || ENV['GEM_PUPPET_VERSION'] || ENV['PUPPET_GEM_VERSION'] || '~> 3.7.0' +gem "facter", ENV['FACTER_VERSION'] || ENV['GEM_FACTER_VERSION'] || ENV['FACTER_GEM_VERSION'] || '~> 2.2.0' + diff --git a/Rakefile b/Rakefile new file mode 100644 index 0000000..85326bb --- /dev/null +++ b/Rakefile @@ -0,0 +1,19 @@ +require 'puppetlabs_spec_helper/rake_tasks' +require 'puppet-lint/tasks/puppet-lint' +PuppetLint.configuration.send('disable_80chars') +PuppetLint.configuration.ignore_paths = ["spec/**/*.pp", "pkg/**/*.pp"] + +desc "Validate manifests, templates, and ruby files" +task :validate do + Dir['manifests/**/*.pp'].each do |manifest| + sh "puppet parser validate --noop #{manifest}" + end + Dir['spec/**/*.rb','lib/**/*.rb'].each do |ruby_file| + sh "ruby -c #{ruby_file}" unless ruby_file =~ /spec\/fixtures/ + end + Dir['templates/**/*.erb'].each do |template| + sh "erb -P -x -T '-' #{template} | ruby -c" + end +end + +task :test => [:lint, :syntax , :validate, :spec] diff --git a/spec/acceptance/apt_spec.rb b/spec/acceptance/apt_spec.rb new file mode 100644 index 0000000..a976a56 --- /dev/null +++ b/spec/acceptance/apt_spec.rb @@ -0,0 +1,21 @@ +require 'spec_helper_acceptance' + +describe 'apt class' do + + context 'default parameters' do + it 'should work idempotently with no errors' do + pp = <<-EOS + class { 'apt': } + EOS + + # Run it twice and test for idempotency + apply_manifest(pp, :catch_failures => true) + apply_manifest(pp, :catch_changes => true) + end + + describe package('apt') do + it { is_expected.to be_installed } + end + + end +end diff --git a/spec/acceptance/nodesets/debian-8-x86_64-docker.yml b/spec/acceptance/nodesets/debian-8-x86_64-docker.yml new file mode 100644 index 0000000..f09ad62 --- /dev/null +++ b/spec/acceptance/nodesets/debian-8-x86_64-docker.yml @@ -0,0 +1,19 @@ +HOSTS: + debian-8-x64: + platform: debian-8-amd64 + image: debian:8 + hypervisor: docker + docker_preserve_image: true + docker_cmd: '["/sbin/init"]' + docker_image_commands: + - 'apt-get install -y wget locales-all puppet git' + - 'rm -f /usr/sbin/policy-rc.d' + +CONFIG: + type: foss + #log_level: verbose + #log_level: debug + +ssh: + password: root + auth_methods: ["password"] diff --git a/spec/acceptance/nodesets/default.yml b/spec/acceptance/nodesets/default.yml new file mode 120000 index 0000000..b125a96 --- /dev/null +++ b/spec/acceptance/nodesets/default.yml @@ -0,0 +1 @@ +debian-8-x86_64-docker.yml \ No newline at end of file diff --git a/spec/classes/init_spec.rb b/spec/classes/init_spec.rb new file mode 100644 index 0000000..9ba554f --- /dev/null +++ b/spec/classes/init_spec.rb @@ -0,0 +1,18 @@ +require 'spec_helper' + +describe 'apt', :type => :class do + let :pre_condition do + 'class { "apt": }' + end + let(:facts) { { + :lsbdistid => 'Debian', + :osfamily => 'Debian', + :operatingsystem => 'Debian', + :debian_release => 'jessie', + :debian_codename => 'jessie', + :lsbdistcodename => 'jessie', + :virtual => 'physical', + :puppetversion => Puppet.version, } } + #it { is_expected.to compile.with_all_deps } + it { is_expected.to compile } +end diff --git a/spec/defines/conf_spec.rb b/spec/defines/conf_spec.rb new file mode 100644 index 0000000..cc4fb1f --- /dev/null +++ b/spec/defines/conf_spec.rb @@ -0,0 +1,74 @@ +require 'spec_helper' +describe 'apt::apt_conf', :type => :define do + let :pre_condition do + 'class { "apt": }' + end + let(:facts) { { + :lsbdistid => 'Debian', + :osfamily => 'Debian', + :operatingsystem => 'Debian', + :debian_release => 'jessie', + :debian_codename => 'jessie', + :lsbdistcodename => 'jessie', + :virtual => 'physical', + :puppetversion => Puppet.version, } } + let :title do + 'norecommends' + end + + describe "when creating an apt_conf snippet" do + let :default_params do + { + :ensure => 'present', + :content => "Apt::Install-Recommends 0;\nApt::AutoRemove::InstallRecommends 1;\n" + } + end + let :params do + default_params + end + let :filename do + "/etc/apt/apt.conf.d/norecommends" + end + + it { is_expected.to contain_file(filename).with({ + 'ensure' => 'present', + 'content' => /Apt::Install-Recommends 0;\nApt::AutoRemove::InstallRecommends 1;/, + 'owner' => 'root', + # default to '0', not 'root' + #'group' => 'root', + 'mode' => '0644', + }) + } + + end + + describe "when creating a preference without content" do + let :params do + { + :ensure => 'absent', + } + end + + it 'fails' do + expect { subject.call } .to raise_error(Puppet::Error, /One of \$source or \$content must be specified for apt_conf norecommends/) + end + end + + describe "when removing an apt preference" do + let :params do + { + :ensure => 'absent', + :content => "Apt::Install-Recommends 0;\nApt::AutoRemove::InstallRecommends 1;\n", + } + end + + let :filename do + "/etc/apt/apt.conf.d/norecommends" + end + + it { is_expected.to contain_file(filename).with({ + 'ensure' => 'absent', + }) + } + end +end diff --git a/spec/defines/preferences_snippet_spec.rb b/spec/defines/preferences_snippet_spec.rb new file mode 100644 index 0000000..012a5f6 --- /dev/null +++ b/spec/defines/preferences_snippet_spec.rb @@ -0,0 +1,66 @@ +require 'spec_helper' +describe 'apt::preferences_snippet', :type => :define do + let :pre_condition do + 'class { "apt": }' + end + let(:facts) { { + :lsbdistid => 'Debian', + :osfamily => 'Debian', + :operatingsystem => 'Debian', + :debian_release => 'jessie', + :debian_codename => 'jessie', + :lsbdistcodename => 'jessie', + :virtual => 'physical', + :puppetversion => Puppet.version, } } + let :title do + 'test' + end + + describe "when creating a preferences_snippet" do + let :default_params do + { + :ensure => 'present', + :release => "jessie-backports", + :priority => '999' + } + end + let :params do + default_params + end + let :filename do + "/etc/apt/preferences.d/test" + end + + it { is_expected.to contain_file(filename).with({ + 'ensure' => 'present', + 'content' => /Package: test\nPin: release a=jessie-backports\nPin-Priority: 999/, + 'owner' => 'root', + 'group' => '0', + 'mode' => '0644', + }) + } + + end + + describe "when using both pin and release parameters" do + let :default_params do + { + :ensure => 'present', + :priority => '999', + :release => "jessie-backports", + :pin => '1.0' + } + end + let :params do + default_params + end + let :filename do + "/etc/apt/preferences.d/test" + end + + it 'fails' do + expect { subject.call } .to raise_error(Puppet::Error, /apt::preferences_snippet requires either a 'pin' or 'release' argument, not both/) + end + end + +end diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb new file mode 100644 index 0000000..3cca63a --- /dev/null +++ b/spec/spec_helper.rb @@ -0,0 +1,12 @@ +# https://puppetlabs.com/blog/testing-modules-in-the-puppet-forge +require 'puppetlabs_spec_helper/module_spec_helper' + +fixture_path = File.expand_path(File.join(__FILE__, '..', 'fixtures')) + +RSpec.configure do |c| + + c.manifest_dir = File.join(fixture_path, 'manifests') + c.module_path = File.join(fixture_path, 'modules') + + c.color = true +end diff --git a/spec/spec_helper_acceptance.rb b/spec/spec_helper_acceptance.rb new file mode 100644 index 0000000..1ccd84d --- /dev/null +++ b/spec/spec_helper_acceptance.rb @@ -0,0 +1,18 @@ +require 'beaker-rspec' + +RSpec.configure do |c| + module_root = File.expand_path(File.join(File.dirname(__FILE__), '..')) + module_name = module_root.split('-').last + + # Readable test descriptions + c.formatter = :documentation + + # Configure all nodes in nodeset + c.before :suite do + # Install module and dependencies + puppet_module_install(:source => module_root, :module_name => module_name) + hosts.each do |host| + shell('git clone https://gitlab.com/shared-puppet-modules-group/common.git /etc/puppet/modules/common') + end + end +end diff --git a/spec/unit/custom_facts_spec.rb b/spec/unit/custom_facts_spec.rb new file mode 100644 index 0000000..9a28d92 --- /dev/null +++ b/spec/unit/custom_facts_spec.rb @@ -0,0 +1,86 @@ +require "spec_helper" + +describe "Facter::Util::Fact" do + before { + Facter.clear + } + + describe 'custom facts' do + + context 'Debian 7' do + before do + Facter.fact(:operatingsystem).stubs(:value).returns("Debian") + Facter.fact(:operatingsystemrelease).stubs(:value).returns("7.8") + Facter.fact(:lsbdistcodename).stubs(:value).returns("wheezy") + end + + it "debian_release = oldstable" do + expect(Facter.fact(:debian_release).value).to eq('oldstable') + end + + it "debian_codename = wheezy" do + expect(Facter.fact(:debian_codename).value).to eq('wheezy') + end + + it "debian_nextcodename = jessie" do + expect(Facter.fact(:debian_nextcodename).value).to eq('jessie') + end + + it "debian_nextrelease = stable" do + expect(Facter.fact(:debian_nextrelease).value).to eq('stable') + end + end + + context 'Debian 8' do + before do + Facter.fact(:operatingsystem).stubs(:value).returns("Debian") + Facter.fact(:operatingsystemrelease).stubs(:value).returns("8.0") + Facter.fact(:lsbdistcodename).stubs(:value).returns("jessie") + end + + it "debian_release = stable" do + expect(Facter.fact(:debian_release).value).to eq('stable') + end + + it "debian_codename = jessie" do + expect(Facter.fact(:debian_codename).value).to eq('jessie') + end + + it "debian_nextcodename = stretch" do + expect(Facter.fact(:debian_nextcodename).value).to eq('stretch') + end + + it "debian_nextrelease = testing" do + expect(Facter.fact(:debian_nextrelease).value).to eq('testing') + end + end + + context 'Ubuntu 15.10' do + before do + Facter.fact(:operatingsystem).stubs(:value).returns("Ubuntu") + Facter.fact(:operatingsystemrelease).stubs(:value).returns("15.10") + Facter.fact(:lsbdistcodename).stubs(:value).returns("wily") + end + + it "ubuntu_codename = wily" do + expect(Facter.fact(:ubuntu_codename).value).to eq('wily') + end + + it "ubuntu_nextcodename = xenial" do + expect(Facter.fact(:ubuntu_nextcodename).value).to eq('xenial') + end + end + end + + describe "Test 'apt_running' fact" do + it "should return true when apt-get is running" do + Facter::Util::Resolution.stubs(:exec).with("pgrep apt-get >/dev/null 2>&1 && echo true || echo false").returns("true") + expect(Facter.fact(:apt_running).value).to eq('true') + end + it "should return false when apt-get is not running" do + Facter::Util::Resolution.stubs(:exec).with("pgrep apt-get >/dev/null 2>&1 && echo true || echo false").returns("false") + expect(Facter.fact(:apt_running).value).to eq('false') + end + end + +end -- cgit v1.2.3 From 08888152bdf5e350021b1ccaec40d882225178a0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Louis-Philippe=20V=C3=A9ronneau?= Date: Wed, 11 Oct 2017 15:52:55 -0400 Subject: Puppet's version in Stretch is 4.8, not 4.5 --- .gitlab-ci.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 05430fd..611058c 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -24,10 +24,10 @@ test:puppet38_future_parser: FUTURE_PARSER: 'yes' <<: *job_definition -# Default debia stretch versions -test:puppet45: +# Default debian stretch versions +test:puppet48: variables: - PUPPET_VERSION: "~> 4.5.2" + PUPPET_VERSION: "~> 4.8.2" FACTER_VERSION: '~> 2.4.6' <<: *job_definition -- cgit v1.2.3 From a37622be65ff288f0b22ca0412521eb186a87e23 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Louis-Philippe=20V=C3=A9ronneau?= Date: Wed, 11 Oct 2017 15:58:41 -0400 Subject: add semantic puppet gem, as recommended by the error message on the CI --- Gemfile | 1 + 1 file changed, 1 insertion(+) diff --git a/Gemfile b/Gemfile index 226d7ae..cd1f56f 100644 --- a/Gemfile +++ b/Gemfile @@ -5,6 +5,7 @@ group :development, :unit_tests do gem "rspec-puppet", "~> 2.1", :require => false gem "rspec-core" gem "puppetlabs_spec_helper" + gem "semantic_puppet gem" gem "metadata-json-lint" gem "rspec-puppet-facts" gem "mocha" -- cgit v1.2.3 From 6b12caf4f6310bd6695ef5676387658fb444778a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Louis-Philippe=20V=C3=A9ronneau?= Date: Wed, 11 Oct 2017 16:05:28 -0400 Subject: remove apt-specific tests --- spec/acceptance/apt_spec.rb | 21 -------- spec/classes/init_spec.rb | 18 ------- spec/defines/conf_spec.rb | 74 --------------------------- spec/defines/preferences_snippet_spec.rb | 66 ------------------------ spec/unit/custom_facts_spec.rb | 86 -------------------------------- 5 files changed, 265 deletions(-) delete mode 100644 spec/acceptance/apt_spec.rb delete mode 100644 spec/classes/init_spec.rb delete mode 100644 spec/defines/conf_spec.rb delete mode 100644 spec/defines/preferences_snippet_spec.rb delete mode 100644 spec/unit/custom_facts_spec.rb diff --git a/spec/acceptance/apt_spec.rb b/spec/acceptance/apt_spec.rb deleted file mode 100644 index a976a56..0000000 --- a/spec/acceptance/apt_spec.rb +++ /dev/null @@ -1,21 +0,0 @@ -require 'spec_helper_acceptance' - -describe 'apt class' do - - context 'default parameters' do - it 'should work idempotently with no errors' do - pp = <<-EOS - class { 'apt': } - EOS - - # Run it twice and test for idempotency - apply_manifest(pp, :catch_failures => true) - apply_manifest(pp, :catch_changes => true) - end - - describe package('apt') do - it { is_expected.to be_installed } - end - - end -end diff --git a/spec/classes/init_spec.rb b/spec/classes/init_spec.rb deleted file mode 100644 index 9ba554f..0000000 --- a/spec/classes/init_spec.rb +++ /dev/null @@ -1,18 +0,0 @@ -require 'spec_helper' - -describe 'apt', :type => :class do - let :pre_condition do - 'class { "apt": }' - end - let(:facts) { { - :lsbdistid => 'Debian', - :osfamily => 'Debian', - :operatingsystem => 'Debian', - :debian_release => 'jessie', - :debian_codename => 'jessie', - :lsbdistcodename => 'jessie', - :virtual => 'physical', - :puppetversion => Puppet.version, } } - #it { is_expected.to compile.with_all_deps } - it { is_expected.to compile } -end diff --git a/spec/defines/conf_spec.rb b/spec/defines/conf_spec.rb deleted file mode 100644 index cc4fb1f..0000000 --- a/spec/defines/conf_spec.rb +++ /dev/null @@ -1,74 +0,0 @@ -require 'spec_helper' -describe 'apt::apt_conf', :type => :define do - let :pre_condition do - 'class { "apt": }' - end - let(:facts) { { - :lsbdistid => 'Debian', - :osfamily => 'Debian', - :operatingsystem => 'Debian', - :debian_release => 'jessie', - :debian_codename => 'jessie', - :lsbdistcodename => 'jessie', - :virtual => 'physical', - :puppetversion => Puppet.version, } } - let :title do - 'norecommends' - end - - describe "when creating an apt_conf snippet" do - let :default_params do - { - :ensure => 'present', - :content => "Apt::Install-Recommends 0;\nApt::AutoRemove::InstallRecommends 1;\n" - } - end - let :params do - default_params - end - let :filename do - "/etc/apt/apt.conf.d/norecommends" - end - - it { is_expected.to contain_file(filename).with({ - 'ensure' => 'present', - 'content' => /Apt::Install-Recommends 0;\nApt::AutoRemove::InstallRecommends 1;/, - 'owner' => 'root', - # default to '0', not 'root' - #'group' => 'root', - 'mode' => '0644', - }) - } - - end - - describe "when creating a preference without content" do - let :params do - { - :ensure => 'absent', - } - end - - it 'fails' do - expect { subject.call } .to raise_error(Puppet::Error, /One of \$source or \$content must be specified for apt_conf norecommends/) - end - end - - describe "when removing an apt preference" do - let :params do - { - :ensure => 'absent', - :content => "Apt::Install-Recommends 0;\nApt::AutoRemove::InstallRecommends 1;\n", - } - end - - let :filename do - "/etc/apt/apt.conf.d/norecommends" - end - - it { is_expected.to contain_file(filename).with({ - 'ensure' => 'absent', - }) - } - end -end diff --git a/spec/defines/preferences_snippet_spec.rb b/spec/defines/preferences_snippet_spec.rb deleted file mode 100644 index 012a5f6..0000000 --- a/spec/defines/preferences_snippet_spec.rb +++ /dev/null @@ -1,66 +0,0 @@ -require 'spec_helper' -describe 'apt::preferences_snippet', :type => :define do - let :pre_condition do - 'class { "apt": }' - end - let(:facts) { { - :lsbdistid => 'Debian', - :osfamily => 'Debian', - :operatingsystem => 'Debian', - :debian_release => 'jessie', - :debian_codename => 'jessie', - :lsbdistcodename => 'jessie', - :virtual => 'physical', - :puppetversion => Puppet.version, } } - let :title do - 'test' - end - - describe "when creating a preferences_snippet" do - let :default_params do - { - :ensure => 'present', - :release => "jessie-backports", - :priority => '999' - } - end - let :params do - default_params - end - let :filename do - "/etc/apt/preferences.d/test" - end - - it { is_expected.to contain_file(filename).with({ - 'ensure' => 'present', - 'content' => /Package: test\nPin: release a=jessie-backports\nPin-Priority: 999/, - 'owner' => 'root', - 'group' => '0', - 'mode' => '0644', - }) - } - - end - - describe "when using both pin and release parameters" do - let :default_params do - { - :ensure => 'present', - :priority => '999', - :release => "jessie-backports", - :pin => '1.0' - } - end - let :params do - default_params - end - let :filename do - "/etc/apt/preferences.d/test" - end - - it 'fails' do - expect { subject.call } .to raise_error(Puppet::Error, /apt::preferences_snippet requires either a 'pin' or 'release' argument, not both/) - end - end - -end diff --git a/spec/unit/custom_facts_spec.rb b/spec/unit/custom_facts_spec.rb deleted file mode 100644 index 9a28d92..0000000 --- a/spec/unit/custom_facts_spec.rb +++ /dev/null @@ -1,86 +0,0 @@ -require "spec_helper" - -describe "Facter::Util::Fact" do - before { - Facter.clear - } - - describe 'custom facts' do - - context 'Debian 7' do - before do - Facter.fact(:operatingsystem).stubs(:value).returns("Debian") - Facter.fact(:operatingsystemrelease).stubs(:value).returns("7.8") - Facter.fact(:lsbdistcodename).stubs(:value).returns("wheezy") - end - - it "debian_release = oldstable" do - expect(Facter.fact(:debian_release).value).to eq('oldstable') - end - - it "debian_codename = wheezy" do - expect(Facter.fact(:debian_codename).value).to eq('wheezy') - end - - it "debian_nextcodename = jessie" do - expect(Facter.fact(:debian_nextcodename).value).to eq('jessie') - end - - it "debian_nextrelease = stable" do - expect(Facter.fact(:debian_nextrelease).value).to eq('stable') - end - end - - context 'Debian 8' do - before do - Facter.fact(:operatingsystem).stubs(:value).returns("Debian") - Facter.fact(:operatingsystemrelease).stubs(:value).returns("8.0") - Facter.fact(:lsbdistcodename).stubs(:value).returns("jessie") - end - - it "debian_release = stable" do - expect(Facter.fact(:debian_release).value).to eq('stable') - end - - it "debian_codename = jessie" do - expect(Facter.fact(:debian_codename).value).to eq('jessie') - end - - it "debian_nextcodename = stretch" do - expect(Facter.fact(:debian_nextcodename).value).to eq('stretch') - end - - it "debian_nextrelease = testing" do - expect(Facter.fact(:debian_nextrelease).value).to eq('testing') - end - end - - context 'Ubuntu 15.10' do - before do - Facter.fact(:operatingsystem).stubs(:value).returns("Ubuntu") - Facter.fact(:operatingsystemrelease).stubs(:value).returns("15.10") - Facter.fact(:lsbdistcodename).stubs(:value).returns("wily") - end - - it "ubuntu_codename = wily" do - expect(Facter.fact(:ubuntu_codename).value).to eq('wily') - end - - it "ubuntu_nextcodename = xenial" do - expect(Facter.fact(:ubuntu_nextcodename).value).to eq('xenial') - end - end - end - - describe "Test 'apt_running' fact" do - it "should return true when apt-get is running" do - Facter::Util::Resolution.stubs(:exec).with("pgrep apt-get >/dev/null 2>&1 && echo true || echo false").returns("true") - expect(Facter.fact(:apt_running).value).to eq('true') - end - it "should return false when apt-get is not running" do - Facter::Util::Resolution.stubs(:exec).with("pgrep apt-get >/dev/null 2>&1 && echo true || echo false").returns("false") - expect(Facter.fact(:apt_running).value).to eq('false') - end - end - -end -- cgit v1.2.3 From 15d171a2bc2a76cb3d6f94fb1443e24e93a545e2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Louis-Philippe=20V=C3=A9ronneau?= Date: Wed, 11 Oct 2017 16:22:48 -0400 Subject: replace the apt deps in the CI by the tor ones --- .fixtures.yml | 6 +++--- spec/spec_helper_acceptance.rb | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.fixtures.yml b/.fixtures.yml index 99efd66..ba96496 100644 --- a/.fixtures.yml +++ b/.fixtures.yml @@ -1,6 +1,6 @@ fixtures: repositories: - "common": - "repo": "https://gitlab.com/shared-puppet-modules-group/common.git" + "concat": + "repo": "https://github.com/puppetlabs/puppetlabs-concat.git" symlinks: - "apt": "#{source_dir}" + "tor": "#{source_dir}" diff --git a/spec/spec_helper_acceptance.rb b/spec/spec_helper_acceptance.rb index 1ccd84d..e6a2cd8 100644 --- a/spec/spec_helper_acceptance.rb +++ b/spec/spec_helper_acceptance.rb @@ -12,7 +12,7 @@ RSpec.configure do |c| # Install module and dependencies puppet_module_install(:source => module_root, :module_name => module_name) hosts.each do |host| - shell('git clone https://gitlab.com/shared-puppet-modules-group/common.git /etc/puppet/modules/common') + shell('git clone https://github.com/puppetlabs/puppetlabs-concat.git /etc/puppet/modules/concat') end end end -- cgit v1.2.3 From 024e4d49d6a4afce4fa309c87c722763ac3ce706 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Louis-Philippe=20V=C3=A9ronneau?= Date: Wed, 11 Oct 2017 16:25:50 -0400 Subject: fix semantic_puppet gem name in Gemfile --- Gemfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile b/Gemfile index cd1f56f..7a16b94 100644 --- a/Gemfile +++ b/Gemfile @@ -5,7 +5,7 @@ group :development, :unit_tests do gem "rspec-puppet", "~> 2.1", :require => false gem "rspec-core" gem "puppetlabs_spec_helper" - gem "semantic_puppet gem" + gem "semantic_puppet" gem "metadata-json-lint" gem "rspec-puppet-facts" gem "mocha" -- cgit v1.2.3 From 382ae61aeecb8c07075809731a4a02629f349e81 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Louis-Philippe=20V=C3=A9ronneau?= Date: Wed, 11 Oct 2017 16:55:02 -0400 Subject: replace the shared concat module (deprecated) by the puppetlabs one --- README | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README b/README index e4b8f88..0ee45a3 100644 --- a/README +++ b/README @@ -40,7 +40,7 @@ Dependencies This module needs: -- the concat module: git://labs.riseup.net/shared-concat +- the concat module: https://github.com/puppetlabs/puppetlabs-concat.git Usage ===== -- cgit v1.2.3 From a8c13d73fbc7af65b5b6c5059e9d4246f5984472 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Louis-Philippe=20V=C3=A9ronneau?= Date: Wed, 11 Oct 2017 17:24:20 -0400 Subject: markdownify the README --- README | 214 ----------------------------------------------------------- README.md | 224 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 224 insertions(+), 214 deletions(-) delete mode 100644 README create mode 100644 README.md diff --git a/README b/README deleted file mode 100644 index 0ee45a3..0000000 --- a/README +++ /dev/null @@ -1,214 +0,0 @@ -puppet module for managing tor -============================== - -This module tries to manage tor, making sure it is installed, running, has munin -graphs if desired and allows for configuration of relays, hidden services, exit -policies, etc. - -! Upgrade Notice ! - - previously, if you did not set the $outbound_bindaddress variable, it was being - automatically set to the $listen_address variable. Now this is not being done - and instead you will need to set the $outbound_bindaddress explicitly for it to - be set. - - the tor::relay{} variables $bandwidth_rate and $bandwidth_burst were previously - used for the tor configuration variables RelayBandwidthRate and - RelayBandwidthBurst, these have been renamed to $relay_bandwidth_rate and - $relay_bandwidth_burst. If you were using these, please rename your variables in - your configuration. - - The variables $bandwidth_rate and $bandwidth_burst are now used for the tor - configuration variables BandwidthRate and BandwidthBurst. If you used - $bandwidth_rate or $bandwidth_burst please be aware that these values have - changed and adjust your configuration as necessary. - - The $tor_ensure_version was converted to a parameter for the tor and - tor::daemon classes. - - The $torsocks_ensure_version was converted to a parameter for the - tor::torsocks class. - - The options that used to be settable with the - tor::daemon::global_opts define now are parameters for the - tor::daemon class, and tor::daemon::global_opts was - removed accordingly. - - -Dependencies -============ - -This module needs: - -- the concat module: https://github.com/puppetlabs/puppetlabs-concat.git - -Usage -===== - -Installing tor --------------- - -To install tor, simply include the 'tor' class in your manifests: - - class { 'tor': } - -You can specify the $ensure_version class parameter to get a specific -version installed. - -However, if you want to make configuration changes to your tor daemon, you will -want to instead include the 'tor::daemon' class in your manifests, which will -inherit the 'tor' class from above: - - class { '::tor::daemon': } - -You have the following class parameters that you can specify: - -data_dir (default: '/var/lib/tor') -config_file (default: '/etc/tor/torrc') -use_bridges (default: 0) -automap_hosts_on_resolve (default: 0) -log_rules (default: ['notice file /var/log/tor/notices.log']) - -The data_dir will be used for the tor user's $HOME, and the tor DataDirectory -value. - -The config_file will be managed and the daemon restarted when -it changed. - -use_bridges and automap_hosts_on_resolve are used to set the -UseBridges and AutomapHostsOnResolve torrc settings. - -The log_rules can be an array of different Log lines, each will be added to the -config, for example the following will use syslog: - - class { '::tor::daemon': - log_rules => [ 'notice syslog' ], - } - -If you want to set specific options for the tor class, -you may pass them directly to the tor::daemon in your manifests, -e.g.: - - class { '::tor::daemon': - use_munin => true, - automap_hosts_on_resolve => 1, - } - -Configuring socks ------------------ - -To configure tor socks support, you can do the following: - - tor::daemon::socks { "listen_locally": listen_addresses => [ '127.0.0.1' ]; } - -this will setup the SocksListenAddress to be 127.0.0.1. You also can pass the -following options to tor::daemon::socks: - -$port = 0 - SocksPort -$listen_address - can pass multiple values to configure SocksListenAddress lines -$policies - can pass multiple values to configure SocksPolicy lines - -Installing torsocks -------------------- - -To install torsocks, simply include the 'torsocks' class in your manifests: - - class { 'tor::torsocks': } - -You can specify the $ensure_version class parameter to get a specific -version installed. - -Configuring relays -================== - -An example relay configuration: - - tor::daemon::relay { "foobar": - port => 9001, listen_addresses => '192.168.0.1', address => '192.168.0.1', - bandwidth_rate => '256', bandwidth_burst => '256', contact_info => "Foo ", - my_family => '' - } - -You have the following options that can be passed to a relay, with the defaults shown: - -$port = 0, -$listen_addresses = [], -$portforwarding = 0, # PortForwarding 0|1, set for opening ports at the router via UPnP. - # Requires 'tor-fw-helper' binary present. -$bandwidth_rate = '', # KB/s, defaulting to using tor's default: 5120KB/s -$bandwidth_burst = '', # KB/s, defaulting to using tor's default: 10240KB/s -$relay_bandwidth_rate = 0, # KB/s, 0 for no limit. -$relay_bandwidth_burst = 0, # KB/s, 0 for no limit. -$accounting_max = 0, # GB, 0 for no limit. -$accounting_start = [], -$contact_info = '', -$my_family = '', # TODO: autofill with other relays -$address = "tor.${domain}", -$bridge_relay = 0, -$ensure = present -$nickname = $name - -Configuring the control ------------------------ - -To pass parameters to configure the ControlPort and the HashedControlPassword, -you would do something like this: - - tor::daemon::control { "foo-control": - port => '80', hashed_control_password => '', - ensure => present -} - -Note: you must pass a hashed password to the control port, if you are going to -use it. - - -Configuring hidden services ---------------------------- - -To configure a tor hidden service you can do something like the following: - - tor::daemon::hidden_service { "hidden_ssh": ports => 22 } - -The HiddenServiceDir is set to the ${data_dir}/${name}. - -Configuring directories ------------------------ - -An example directory configuration: - - tor::daemon::directory { 'ssh_directory': - port => 80, listen_addresses => '192.168.0.1', - port_front_page => '/etc/tor/tor.html' - } - -Configuring exit policies --------------------------- - -To configure exit policies, you can do the following: - -tor::daemon::exit_policy { "ssh_exit_policy": - accept => "192.168.0.1:22", - reject => "*:*"; - } - } - - -Polipo -====== - -Polipo support can be enabled by doing: - - include tor::polipo - -this will inherit the tor class by default, remove privoxy if its installed, and -install polipo, making sure it is running. - - -Munin -===== - -If you are using munin, and have the puppet munin module installed, you can set -the use_munin parameter to true when defining the tor::daemon class to have -graphs setup for you. - diff --git a/README.md b/README.md new file mode 100644 index 0000000..8b1288d --- /dev/null +++ b/README.md @@ -0,0 +1,224 @@ +# tor + +#### Table of Contents + +* [Overview](#overview) + * [Upgrade Notice](#upgrade-notice) +* [Dependencies](#dependencies) +* [Usage](#usage) + * [Installing tor](#installing-tor) + * [Configuring SOCKS](#configuring-socks) + * [Installing torsocks](#installing-torsock) + * [Configuring relays](#configuring-relays) + * [Configuring the control](#configuring-control) + * [Configuring hidden services](#configuring-hidden-services) + * [Configuring directories](#configuring-directories) + * [Configuring exit policies](#configuring-exit-policies) +* [Polipo](#polipo) +* [Munin](#munin) + +# Overview + +This module tries to manage tor, making sure it is installed, running, has +munin graphs if desired and allows for configuration of relays, hidden services, +exit policies, etc. + +## Upgrade Notice + + * Previously, if you did not set the `$outbound_bindaddress` variable, it was + being automatically set to the `$listen_address variable`. Now this is not + being done and instead you will need to set the `$outbound_bindaddress` + explicitly for it to be set. + + * The `tor::relay{}` variables `$bandwidth_rate` and `$bandwidth_burst` were + previously used for the tor configuration variables `RelayBandwidthRate` and + `RelayBandwidthBurst`, these have been renamed to `$relay_bandwidth_rate` + and `$relay_bandwidth_burst`. If you were using these, please rename your + variables in your configuration. + + * The variables `$bandwidth_rate` and `$bandwidth_burst` are now used for the + tor configuration variables `BandwidthRate` and `BandwidthBurst`. If you + used `$bandwidth_rate` or `$bandwidth_burst` please be aware that these + values have changed and adjust your configuration as necessary. + + * The `$tor_ensure_version` was converted to a parameter for the tor and + `tor::daemon` classes. + + * The `$torsocks_ensure_version` was converted to a parameter for the + `tor::torsocks` class. + + * The options that used to be settable with the `tor::daemon::global_opts` + define now are parameters for the `tor::daemon class`, and + `tor::daemon::global_opts` was removed accordingly. + + +# Dependencies + +This module needs: + + * the [concat module](https://github.com/puppetlabs/puppetlabs-concat.git) + +# Usage + +## Installing tor + +To install tor, simply include the 'tor' class in your manifests: + + class { 'tor': } + +You can specify the `$ensure_version` class parameter to get a specific +version installed. + +However, if you want to make configuration changes to your tor daemon, you will +want to instead include the `tor::daemon` class in your manifests, which will +inherit the `tor` class from above: + + class { '::tor::daemon': } + +You have the following class parameters that you can specify: + + data_dir (default: '/var/lib/tor') + config_file (default: '/etc/tor/torrc') + use_bridges (default: 0) + automap_hosts_on_resolve (default: 0) + log_rules (default: ['notice file /var/log/tor/notices.log']) + +The `data_dir` will be used for the tor user's `$HOME`, and the tor +`DataDirectory` value. + +The `config_file` will be managed and the daemon restarted when it changed. + +`use_bridges` and `automap_hosts_on_resolve` are used to set the `UseBridges` +and `AutomapHostsOnResolve` torrc settings. + +The `log_rules` can be an array of different Log lines, each will be added to +the config, for example the following will use syslog: + + class { '::tor::daemon': + log_rules => [ 'notice syslog' ], + } + +If you want to set specific options for the tor class, you may pass them +directly to the tor::daemon in your manifests, e.g.: + + class { '::tor::daemon': + use_munin => true, + automap_hosts_on_resolve => 1, + } + +## Configuring SOCKS + +To configure tor socks support, you can do the following: + + tor::daemon::socks { "listen_locally": + listen_addresses => [ '127.0.0.1' ]; + } + +This will setup the `SocksListenAddress` to be `127.0.0.1`. You also can pass +the following options to `tor::daemon::socks`: + + $port = 0 - SocksPort + $listen_address - can pass multiple values to configure SocksListenAddress lines + $policies - can pass multiple values to configure SocksPolicy lines + +## Installing torsocks + +To install torsocks, simply include the `torsocks` class in your manifests: + + class { 'tor::torsocks': } + +You can specify the `$ensure_version` class parameter to get a specific +version installed. + +# Configuring relays + +An example relay configuration: + + tor::daemon::relay { "foobar": + port => '9001', + listen_addresses => '192.168.0.1', + address => '192.168.0.1', + bandwidth_rate => '256', + bandwidth_burst => '256', + contact_info => "Foo ", + my_family => ''; + } + +You have the following options that can be passed to a relay, with the defaults +shown: + + $port = 0, + $listen_addresses = [], + $portforwarding = 0, # PortForwarding 0|1, set for opening ports at the router via UPnP. + # Requires 'tor-fw-helper' binary present. + $bandwidth_rate = '', # KB/s, defaulting to using tor's default: 5120KB/s + $bandwidth_burst = '', # KB/s, defaulting to using tor's default: 10240KB/s + $relay_bandwidth_rate = 0, # KB/s, 0 for no limit. + $relay_bandwidth_burst = 0, # KB/s, 0 for no limit. + $accounting_max = 0, # GB, 0 for no limit. + $accounting_start = [], + $contact_info = '', + $my_family = '', # TODO: autofill with other relays + $address = "tor.${domain}", + $bridge_relay = 0, + $ensure = present + $nickname = $name + +## Configuring the control + +To pass parameters to configure the ControlPort and the HashedControlPassword, +you would do something like this: + + tor::daemon::control { "foo-control": + port => '80', + hashed_control_password => '', + ensure => present; + } + +Note: you must pass a hashed password to the control port, if you are going to +use it. + +## Configuring hidden services + +To configure a tor hidden service you can do something like the following: + + tor::daemon::hidden_service { "hidden_ssh": + ports => 22; + } + +The `HiddenServiceDir` is set to the `${data_dir}/${name}`. + +## Configuring directories + +An example directory configuration: + + tor::daemon::directory { 'ssh_directory': + port => '80', + listen_addresses => '192.168.0.1', + port_front_page => '/etc/tor/tor.html'; + } + +## Configuring exit policies + +To configure exit policies, you can do the following: + + tor::daemon::exit_policy { "ssh_exit_policy": + accept => "192.168.0.1:22", + reject => "*:*"; + } + + +# Polipo + +Polipo support can be enabled by doing: + + include tor::polipo + +This will inherit the `tor` class by default, remove `privoxy` if it's +installed, and install `polipo`, making sure it is running. + +# Munin + +If you are using `munin`, and have the puppet munin module installed, you can +set the `use_munin` parameter to `true` when defining the `tor::daemon` class +to have graphs setup for you. -- cgit v1.2.3 From 3a9a7cca01cdcdefc84256fdffbedfdaa3944f9c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Louis-Philippe=20V=C3=A9ronneau?= Date: Wed, 11 Oct 2017 17:30:17 -0400 Subject: a few markdown fixes --- README.md | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/README.md b/README.md index 8b1288d..2f2ebf2 100644 --- a/README.md +++ b/README.md @@ -8,7 +8,7 @@ * [Usage](#usage) * [Installing tor](#installing-tor) * [Configuring SOCKS](#configuring-socks) - * [Installing torsocks](#installing-torsock) + * [Installing torsocks](#installing-torsocks) * [Configuring relays](#configuring-relays) * [Configuring the control](#configuring-control) * [Configuring hidden services](#configuring-hidden-services) @@ -134,15 +134,15 @@ version installed. An example relay configuration: - tor::daemon::relay { "foobar": - port => '9001', - listen_addresses => '192.168.0.1', - address => '192.168.0.1', - bandwidth_rate => '256', - bandwidth_burst => '256', - contact_info => "Foo ", - my_family => ''; - } + tor::daemon::relay { "foobar": + port => '9001', + listen_addresses => '192.168.0.1', + address => '192.168.0.1', + bandwidth_rate => '256', + bandwidth_burst => '256', + contact_info => "Foo ", + my_family => ''; + } You have the following options that can be passed to a relay, with the defaults shown: @@ -166,8 +166,8 @@ shown: ## Configuring the control -To pass parameters to configure the ControlPort and the HashedControlPassword, -you would do something like this: +To pass parameters to configure the `ControlPort` and the +`HashedControlPassword`, you would do something like this: tor::daemon::control { "foo-control": port => '80', -- cgit v1.2.3 From 682cc7622e033575d6238c5792f135fce05b13c3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Louis-Philippe=20V=C3=A9ronneau?= Date: Wed, 18 Oct 2017 16:09:14 -0400 Subject: add support for Server Transport Plugins --- manifests/daemon/transport_plugin.pp | 17 +++++++++++++++++ templates/torrc.transport_plugin.pp | 10 ++++++++++ 2 files changed, 27 insertions(+) create mode 100644 manifests/daemon/transport_plugin.pp create mode 100644 templates/torrc.transport_plugin.pp diff --git a/manifests/daemon/transport_plugin.pp b/manifests/daemon/transport_plugin.pp new file mode 100644 index 0000000..f0ba41f --- /dev/null +++ b/manifests/daemon/transport_plugin.pp @@ -0,0 +1,17 @@ +# transport plugin +define tor::daemon::transport_plugin( + $servertransport_plugin = '', + $servertransport_listenaddr = '', + $servertransport_options = '', + $ext_port = '' ) { + + if $port == $ext_port { + fail('ORPort and ExtORPort values cannot be the same') + } + + concat::fragment { "11.transport_plugin": + content => template('tor/torrc.transport_plugin.erb'), + order => 11, + target => $tor::daemon::config_file, + } +} diff --git a/templates/torrc.transport_plugin.pp b/templates/torrc.transport_plugin.pp new file mode 100644 index 0000000..6adf00e --- /dev/null +++ b/templates/torrc.transport_plugin.pp @@ -0,0 +1,10 @@ +# transport plugin +<% if @servertransport_plugin != '' -%> +ServerTransportPlugin <%= @servertransport_plugin %> +<% if @servertransport_listenaddr != '' -%> +ServerTransportListenAddr <%= @servertransport_listenaddr %> +<% if @servertransport_options != '' -%> +ServerTransportOptions <%= @servertransport_options %> +<% if @ext_port != '' -%> +ExtORPort <%= @ext_port %> +<% end -%> -- cgit v1.2.3 From 354a87462f346ce6da31c52857f21a923d798445 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Louis-Philippe=20V=C3=A9ronneau?= Date: Wed, 25 Oct 2017 15:51:22 -0400 Subject: remove the port check, since we can't access a variable in another define without creating a fact --- manifests/daemon/transport_plugin.pp | 4 ---- 1 file changed, 4 deletions(-) diff --git a/manifests/daemon/transport_plugin.pp b/manifests/daemon/transport_plugin.pp index f0ba41f..7242e5e 100644 --- a/manifests/daemon/transport_plugin.pp +++ b/manifests/daemon/transport_plugin.pp @@ -5,10 +5,6 @@ define tor::daemon::transport_plugin( $servertransport_options = '', $ext_port = '' ) { - if $port == $ext_port { - fail('ORPort and ExtORPort values cannot be the same') - } - concat::fragment { "11.transport_plugin": content => template('tor/torrc.transport_plugin.erb'), order => 11, -- cgit v1.2.3 From 2785024a9b2bb49847d8cc77e0691b70cbb3fd5c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Louis-Philippe=20V=C3=A9ronneau?= Date: Wed, 25 Oct 2017 15:58:32 -0400 Subject: fix syntax error in transport_plugin template --- templates/torrc.transport_plugin.pp | 3 +++ 1 file changed, 3 insertions(+) diff --git a/templates/torrc.transport_plugin.pp b/templates/torrc.transport_plugin.pp index 6adf00e..d57f0e8 100644 --- a/templates/torrc.transport_plugin.pp +++ b/templates/torrc.transport_plugin.pp @@ -1,10 +1,13 @@ # transport plugin <% if @servertransport_plugin != '' -%> ServerTransportPlugin <%= @servertransport_plugin %> +<% end -%> <% if @servertransport_listenaddr != '' -%> ServerTransportListenAddr <%= @servertransport_listenaddr %> +<% end -%> <% if @servertransport_options != '' -%> ServerTransportOptions <%= @servertransport_options %> +<% end -%> <% if @ext_port != '' -%> ExtORPort <%= @ext_port %> <% end -%> -- cgit v1.2.3 From 47342c072a8d39d8680b7a9b60ffc5ff674840a1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Louis-Philippe=20V=C3=A9ronneau?= Date: Wed, 18 Oct 2017 14:01:32 -0400 Subject: '[]' is not a proper default for AccountingStart, use tor's default instead --- manifests/daemon/relay.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/daemon/relay.pp b/manifests/daemon/relay.pp index 115eb25..056bbf6 100644 --- a/manifests/daemon/relay.pp +++ b/manifests/daemon/relay.pp @@ -14,7 +14,7 @@ define tor::daemon::relay( $relay_bandwidth_burst = 0, # GB, 0 for no limit $accounting_max = 0, - $accounting_start = [], + $accounting_start = "month 1 0:00", $contact_info = '', # TODO: autofill with other relays $my_family = '', -- cgit v1.2.3 From 1e885d3d5987f4b4cec42e883db5b3f444350c1f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Louis-Philippe=20V=C3=A9ronneau?= Date: Wed, 1 Nov 2017 16:31:55 -0400 Subject: templates are ERB files, not PP --- templates/torrc.transport_plugin.erb | 13 +++++++++++++ templates/torrc.transport_plugin.pp | 13 ------------- 2 files changed, 13 insertions(+), 13 deletions(-) create mode 100644 templates/torrc.transport_plugin.erb delete mode 100644 templates/torrc.transport_plugin.pp diff --git a/templates/torrc.transport_plugin.erb b/templates/torrc.transport_plugin.erb new file mode 100644 index 0000000..d57f0e8 --- /dev/null +++ b/templates/torrc.transport_plugin.erb @@ -0,0 +1,13 @@ +# transport plugin +<% if @servertransport_plugin != '' -%> +ServerTransportPlugin <%= @servertransport_plugin %> +<% end -%> +<% if @servertransport_listenaddr != '' -%> +ServerTransportListenAddr <%= @servertransport_listenaddr %> +<% end -%> +<% if @servertransport_options != '' -%> +ServerTransportOptions <%= @servertransport_options %> +<% end -%> +<% if @ext_port != '' -%> +ExtORPort <%= @ext_port %> +<% end -%> diff --git a/templates/torrc.transport_plugin.pp b/templates/torrc.transport_plugin.pp deleted file mode 100644 index d57f0e8..0000000 --- a/templates/torrc.transport_plugin.pp +++ /dev/null @@ -1,13 +0,0 @@ -# transport plugin -<% if @servertransport_plugin != '' -%> -ServerTransportPlugin <%= @servertransport_plugin %> -<% end -%> -<% if @servertransport_listenaddr != '' -%> -ServerTransportListenAddr <%= @servertransport_listenaddr %> -<% end -%> -<% if @servertransport_options != '' -%> -ServerTransportOptions <%= @servertransport_options %> -<% end -%> -<% if @ext_port != '' -%> -ExtORPort <%= @ext_port %> -<% end -%> -- cgit v1.2.3 From 4b234d7eb2c42f1c8c8e872e64c619f08bdaa304 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Louis-Philippe=20V=C3=A9ronneau?= Date: Wed, 1 Nov 2017 16:33:03 -0400 Subject: follow puppet syntax guide (and make the CI shutup) --- manifests/daemon/transport_plugin.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/daemon/transport_plugin.pp b/manifests/daemon/transport_plugin.pp index 7242e5e..1921282 100644 --- a/manifests/daemon/transport_plugin.pp +++ b/manifests/daemon/transport_plugin.pp @@ -5,7 +5,7 @@ define tor::daemon::transport_plugin( $servertransport_options = '', $ext_port = '' ) { - concat::fragment { "11.transport_plugin": + concat::fragment { '11.transport_plugin': content => template('tor/torrc.transport_plugin.erb'), order => 11, target => $tor::daemon::config_file, -- cgit v1.2.3 From d5c17a1c842bbec4d0172895d715f5ce48fb7068 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Louis-Philippe=20V=C3=A9ronneau?= Date: Wed, 1 Nov 2017 16:47:02 -0400 Subject: *ListenAddress (OR, DNS, Trans, etc.) are deprecated since 0.2.3.x-alpha --- README.md | 17 ++++++----------- manifests/daemon/directory.pp | 1 - manifests/daemon/dns.pp | 3 +-- manifests/daemon/relay.pp | 1 - manifests/daemon/socks.pp | 1 - manifests/daemon/transparent.pp | 3 +-- templates/torrc.directory.erb | 3 --- templates/torrc.dns.erb | 3 --- templates/torrc.relay.erb | 2 -- templates/torrc.socks.erb | 3 --- templates/torrc.transparent.erb | 3 --- 11 files changed, 8 insertions(+), 32 deletions(-) diff --git a/README.md b/README.md index 2f2ebf2..7186ab7 100644 --- a/README.md +++ b/README.md @@ -25,6 +25,10 @@ exit policies, etc. ## Upgrade Notice + * All of the `listen_address` variables have been deprecated, since they have + been deprecated in tor since 0.2.3.x-alpha. Please read the new tor man page + if you were using those variables. + * Previously, if you did not set the `$outbound_bindaddress` variable, it was being automatically set to the `$listen_address variable`. Now this is not being done and instead you will need to set the `$outbound_bindaddress` @@ -111,16 +115,10 @@ directly to the tor::daemon in your manifests, e.g.: To configure tor socks support, you can do the following: tor::daemon::socks { "listen_locally": - listen_addresses => [ '127.0.0.1' ]; + port => 0, + policies => 'your super policy'; } -This will setup the `SocksListenAddress` to be `127.0.0.1`. You also can pass -the following options to `tor::daemon::socks`: - - $port = 0 - SocksPort - $listen_address - can pass multiple values to configure SocksListenAddress lines - $policies - can pass multiple values to configure SocksPolicy lines - ## Installing torsocks To install torsocks, simply include the `torsocks` class in your manifests: @@ -136,7 +134,6 @@ An example relay configuration: tor::daemon::relay { "foobar": port => '9001', - listen_addresses => '192.168.0.1', address => '192.168.0.1', bandwidth_rate => '256', bandwidth_burst => '256', @@ -148,7 +145,6 @@ You have the following options that can be passed to a relay, with the defaults shown: $port = 0, - $listen_addresses = [], $portforwarding = 0, # PortForwarding 0|1, set for opening ports at the router via UPnP. # Requires 'tor-fw-helper' binary present. $bandwidth_rate = '', # KB/s, defaulting to using tor's default: 5120KB/s @@ -194,7 +190,6 @@ An example directory configuration: tor::daemon::directory { 'ssh_directory': port => '80', - listen_addresses => '192.168.0.1', port_front_page => '/etc/tor/tor.html'; } diff --git a/manifests/daemon/directory.pp b/manifests/daemon/directory.pp index fa7d52d..3eaef9f 100644 --- a/manifests/daemon/directory.pp +++ b/manifests/daemon/directory.pp @@ -1,7 +1,6 @@ # directory advertising define tor::daemon::directory ( $port = 0, - $listen_addresses = [], $port_front_page = '/etc/tor/tor-exit-notice.html', $ensure = present ) { diff --git a/manifests/daemon/dns.pp b/manifests/daemon/dns.pp index e2141c9..599abd8 100644 --- a/manifests/daemon/dns.pp +++ b/manifests/daemon/dns.pp @@ -1,7 +1,6 @@ # DNS definition define tor::daemon::dns( - $port = 0, - $listen_addresses = [] ) { + $port = 0 ) { concat::fragment { "08.dns.${name}": content => template('tor/torrc.dns.erb'), diff --git a/manifests/daemon/relay.pp b/manifests/daemon/relay.pp index 056bbf6..fa908f5 100644 --- a/manifests/daemon/relay.pp +++ b/manifests/daemon/relay.pp @@ -1,7 +1,6 @@ # relay definition define tor::daemon::relay( $port = 0, - $listen_addresses = [], $outbound_bindaddresses = [], $portforwarding = 0, # KB/s, defaulting to using tor's default: 5120KB/s diff --git a/manifests/daemon/socks.pp b/manifests/daemon/socks.pp index 54c8b6a..cb130d9 100644 --- a/manifests/daemon/socks.pp +++ b/manifests/daemon/socks.pp @@ -1,7 +1,6 @@ # socks definition define tor::daemon::socks( $port = 0, - $listen_addresses = [], $policies = [] ) { concat::fragment { '02.socks': diff --git a/manifests/daemon/transparent.pp b/manifests/daemon/transparent.pp index 7115fee..90c0142 100644 --- a/manifests/daemon/transparent.pp +++ b/manifests/daemon/transparent.pp @@ -1,7 +1,6 @@ # Transparent proxy definition define tor::daemon::transparent( - $port = 0, - $listen_addresses = [] ) { + $port = 0 ) { concat::fragment { "09.transparent.${name}": content => template('tor/torrc.transparent.erb'), diff --git a/templates/torrc.directory.erb b/templates/torrc.directory.erb index 2eaffb7..d70ab39 100644 --- a/templates/torrc.directory.erb +++ b/templates/torrc.directory.erb @@ -2,9 +2,6 @@ <% if @port != '0' -%> DirPort <%= @port %> <% end -%> -<% Array(listen_addresses).each do |listen_address| -%> -DirListenAddress <%= listen_address %> -<% end -%> <% if @port_front_page != '' -%> DirPortFrontPage <%= @port_front_page %> <%- end -%> diff --git a/templates/torrc.dns.erb b/templates/torrc.dns.erb index 2b9ff8e..a89ba31 100644 --- a/templates/torrc.dns.erb +++ b/templates/torrc.dns.erb @@ -1,5 +1,2 @@ # DNS DNSPort <%= @port %> -<% Array(@listen_addresses).each do |listen_address| -%> -DNSListenAddress <%= listen_address %> -<% end -%> diff --git a/templates/torrc.relay.erb b/templates/torrc.relay.erb index bfe982c..27e35d6 100644 --- a/templates/torrc.relay.erb +++ b/templates/torrc.relay.erb @@ -1,8 +1,6 @@ # relay <% if @port != 0 -%> ORPort <%= @port %> -<% Array(@listen_addresses).each do |listen_address| -%> -ORListenAddress <%= @listen_address %> <% end -%> <% Array(@real_outbound_bindaddresses).each do |outbound_bindaddress| -%> OutboundBindAddress <%= @outbound_bindaddress %> diff --git a/templates/torrc.socks.erb b/templates/torrc.socks.erb index 09e13ae..c6aba60 100644 --- a/templates/torrc.socks.erb +++ b/templates/torrc.socks.erb @@ -1,8 +1,5 @@ # socks SocksPort <%= @port %> -<% Array(@listen_addresses).each do |listen_address| -%> -SocksListenAddress <%= listen_address %> -<% end -%> <% Array(@policies).each do |policy| -%> SocksPolicy <%= policy %> <% end -%> diff --git a/templates/torrc.transparent.erb b/templates/torrc.transparent.erb index 19a40e1..c57d138 100644 --- a/templates/torrc.transparent.erb +++ b/templates/torrc.transparent.erb @@ -1,5 +1,2 @@ # Transparent proxy TransPort <%= @port %> -<% Array(@listen_addresses).each do |listen_address| -%> -TransListenAddress <%= listen_address %> -<% end -%> -- cgit v1.2.3 From 76ab876ae0e660e1f68e2d8432b865f8e7915da7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Louis-Philippe=20V=C3=A9ronneau?= Date: Wed, 1 Nov 2017 16:53:28 -0400 Subject: remove missing end in modified template --- templates/torrc.relay.erb | 1 - 1 file changed, 1 deletion(-) diff --git a/templates/torrc.relay.erb b/templates/torrc.relay.erb index 27e35d6..7735b47 100644 --- a/templates/torrc.relay.erb +++ b/templates/torrc.relay.erb @@ -1,7 +1,6 @@ # relay <% if @port != 0 -%> ORPort <%= @port %> -<% end -%> <% Array(@real_outbound_bindaddresses).each do |outbound_bindaddress| -%> OutboundBindAddress <%= @outbound_bindaddress %> <% end -%> -- cgit v1.2.3 From 7170dae37787ad213ace30648a5929a1171f7529 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Louis-Philippe=20V=C3=A9ronneau?= Date: Wed, 1 Nov 2017 17:06:53 -0400 Subject: document the new transport plugin mechanism --- README.md | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/README.md b/README.md index 7186ab7..b44f7e3 100644 --- a/README.md +++ b/README.md @@ -14,6 +14,7 @@ * [Configuring hidden services](#configuring-hidden-services) * [Configuring directories](#configuring-directories) * [Configuring exit policies](#configuring-exit-policies) + * [Configuring transport plugins](#configuring-transport-plugins) * [Polipo](#polipo) * [Munin](#munin) @@ -202,6 +203,23 @@ To configure exit policies, you can do the following: reject => "*:*"; } +## Configuring transport plugins + +To configure transport plugins, you can do the following: + + tor::daemon::transport_plugins { "obfs4": + ext_port => '80', + servertransport_plugin => 'obfs4 exec /usr/bin/obfs4proxy', + } + +If you wish to use `obfs4proxy`, you will also need to install the required +Debian package, as the puppet module will not do it for you. + +Other options for transport plugins are also available but not defined by +default: + + $servertransport_listenaddr #Set a different address for the transport plugin mechanism + $servertransport_options #Pass a k=v parameters to the transport proxy # Polipo -- cgit v1.2.3 From 01cfa7e013179f17d981ef8ca9822a8c3bd727ff Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Sat, 7 Oct 2017 13:39:12 -0400 Subject: add v3 hidden service support --- README.md | 10 +++++++++- manifests/daemon/hidden_service.pp | 2 ++ templates/torrc.hidden_service.erb | 8 ++++++++ 3 files changed, 19 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index b44f7e3..2cf89df 100644 --- a/README.md +++ b/README.md @@ -183,7 +183,15 @@ To configure a tor hidden service you can do something like the following: ports => 22; } -The `HiddenServiceDir` is set to the `${data_dir}/${name}`. +The `HiddenServiceDir` is set to the `${data_dir}/${name}`, but you can override +it with the parameter `datadir`. + +If you wish to enable v3-style hidden services to correspond with the v2-style +hidden services (the same configuration will be applied to both), you can pass +the parameter `v3 => true`. The default is `false`. + +If you wish to enable single-hop onion addresses, you can enable them by +passing `single_hop => true`. The default is `false`. ## Configuring directories diff --git a/manifests/daemon/hidden_service.pp b/manifests/daemon/hidden_service.pp index 4549cc7..9e053cc 100644 --- a/manifests/daemon/hidden_service.pp +++ b/manifests/daemon/hidden_service.pp @@ -2,9 +2,11 @@ define tor::daemon::hidden_service( $ports = [], $single_hop = false, + $v3 = false, $data_dir = $tor::daemon::data_dir ) { + if $single_hop { file { "${$data_dir}/${$name}/onion_service_non_anonymous": ensure => 'present', diff --git a/templates/torrc.hidden_service.erb b/templates/torrc.hidden_service.erb index 6672937..c7dbe9e 100644 --- a/templates/torrc.hidden_service.erb +++ b/templates/torrc.hidden_service.erb @@ -10,3 +10,11 @@ HiddenServiceDir <%= @data_dir %>/<%= @name %> HiddenServicePort <%= port %> <% end -%> +<% if @v3 != false %> +# hidden service v3 static +HiddenServiceDir <%= @data_dir %>/<%= @name -%>3 +HiddenServiceVersion 3 +<% Array(@ports).each do |port| -%> +HiddenServicePort <%= port %> +<% end -%> +<% end -%> -- cgit v1.2.3 From b0b9bf0f275897b131eaf03434f17dd17400caaa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Louis-Philippe=20V=C3=A9ronneau?= Date: Fri, 12 Jan 2018 15:24:41 -0500 Subject: add metadata.json file to publish the module on the forge --- metadata.json | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 metadata.json diff --git a/metadata.json b/metadata.json new file mode 100644 index 0000000..7fd5fed --- /dev/null +++ b/metadata.json @@ -0,0 +1,29 @@ +{ + "name": "tor", + "version": "1.0.0", + "author": "SMASH", + "summary": "This project tracks the tor puppet module that manages the tor onion routing system.", + "license": "GPL-3.0-or-later", + "source": "https://gitlab.com/shared-puppet-modules-group/tor", + "project_page": "https://gitlab.com/shared-puppet-modules-group/tor", + "issues_url": "https://gitlab.com/shared-puppet-modules-group/tor/issues", + "dependencies": [ + { "name":"puppetlabs/concat" } + ], + "operatingsystem_support": [ + { + "operatingsystem": "Debian", + "operatingsystemrelease": [ + "8", + "9" + ] + } + ], + "requirements": [ + { + "name": "puppet", + "version_requirement": "4.X" + } + ], + "description": "This module tries to manage tor, making sure it is installed, running, has munin graphs if desired and allows for configuration of relays, hidden services, exit policies, etc." +} -- cgit v1.2.3 From 50fa6fc4876c23c3bb85860be61636832604bc78 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Louis-Philippe=20V=C3=A9ronneau?= Date: Fri, 12 Jan 2018 15:30:10 -0500 Subject: fix metadata.json to fix CI --- metadata.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/metadata.json b/metadata.json index 7fd5fed..b882949 100644 --- a/metadata.json +++ b/metadata.json @@ -1,5 +1,5 @@ { - "name": "tor", + "name": "smash-tor", "version": "1.0.0", "author": "SMASH", "summary": "This project tracks the tor puppet module that manages the tor onion routing system.", -- cgit v1.2.3 From dfdfd35c4045f4f1c31e3f8e7ab40b4b57db8746 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Louis-Philippe=20V=C3=A9ronneau?= Date: Fri, 12 Jan 2018 15:41:53 -0500 Subject: use old SPDX license notation to fix CI --- metadata.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/metadata.json b/metadata.json index b882949..72e3701 100644 --- a/metadata.json +++ b/metadata.json @@ -3,7 +3,7 @@ "version": "1.0.0", "author": "SMASH", "summary": "This project tracks the tor puppet module that manages the tor onion routing system.", - "license": "GPL-3.0-or-later", + "license": "GPL-3.0", "source": "https://gitlab.com/shared-puppet-modules-group/tor", "project_page": "https://gitlab.com/shared-puppet-modules-group/tor", "issues_url": "https://gitlab.com/shared-puppet-modules-group/tor/issues", -- cgit v1.2.3 From 90cb24c6e0916b27eae744e5f6ecaa84a180517c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Louis-Philippe=20V=C3=A9ronneau?= Date: Fri, 12 Jan 2018 21:55:05 -0500 Subject: remove symbolic link since the Puppet Forge won't accept them --- spec/acceptance/nodesets/debian-8-x86_64-docker.yml | 19 ------------------- spec/acceptance/nodesets/default.yml | 20 +++++++++++++++++++- 2 files changed, 19 insertions(+), 20 deletions(-) delete mode 100644 spec/acceptance/nodesets/debian-8-x86_64-docker.yml mode change 120000 => 100644 spec/acceptance/nodesets/default.yml diff --git a/spec/acceptance/nodesets/debian-8-x86_64-docker.yml b/spec/acceptance/nodesets/debian-8-x86_64-docker.yml deleted file mode 100644 index f09ad62..0000000 --- a/spec/acceptance/nodesets/debian-8-x86_64-docker.yml +++ /dev/null @@ -1,19 +0,0 @@ -HOSTS: - debian-8-x64: - platform: debian-8-amd64 - image: debian:8 - hypervisor: docker - docker_preserve_image: true - docker_cmd: '["/sbin/init"]' - docker_image_commands: - - 'apt-get install -y wget locales-all puppet git' - - 'rm -f /usr/sbin/policy-rc.d' - -CONFIG: - type: foss - #log_level: verbose - #log_level: debug - -ssh: - password: root - auth_methods: ["password"] diff --git a/spec/acceptance/nodesets/default.yml b/spec/acceptance/nodesets/default.yml deleted file mode 120000 index b125a96..0000000 --- a/spec/acceptance/nodesets/default.yml +++ /dev/null @@ -1 +0,0 @@ -debian-8-x86_64-docker.yml \ No newline at end of file diff --git a/spec/acceptance/nodesets/default.yml b/spec/acceptance/nodesets/default.yml new file mode 100644 index 0000000..f09ad62 --- /dev/null +++ b/spec/acceptance/nodesets/default.yml @@ -0,0 +1,19 @@ +HOSTS: + debian-8-x64: + platform: debian-8-amd64 + image: debian:8 + hypervisor: docker + docker_preserve_image: true + docker_cmd: '["/sbin/init"]' + docker_image_commands: + - 'apt-get install -y wget locales-all puppet git' + - 'rm -f /usr/sbin/policy-rc.d' + +CONFIG: + type: foss + #log_level: verbose + #log_level: debug + +ssh: + password: root + auth_methods: ["password"] -- cgit v1.2.3