From e006d181a856644c63e08bfa957b39f4e1b6216f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Louis-Philippe=20V=C3=A9ronneau?= Date: Thu, 5 Oct 2017 17:13:44 -0400 Subject: listen_addresses is an array --- README | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README b/README index 188acca..e4b8f88 100644 --- a/README +++ b/README @@ -178,7 +178,7 @@ Configuring directories An example directory configuration: tor::daemon::directory { 'ssh_directory': - port => 80, listen_address => '192.168.0.1', + port => 80, listen_addresses => '192.168.0.1', port_front_page => '/etc/tor/tor.html' } -- cgit v1.2.3 From c3dd0d46949fd9bf7eff73ff3cc58c71a05936c0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Louis-Philippe=20V=C3=A9ronneau?= Date: Thu, 5 Oct 2017 17:25:24 -0400 Subject: concat::fragment does not have an 'ensure' var anymore --- manifests/daemon/base.pp | 1 - manifests/daemon/bridge.pp | 4 +--- manifests/daemon/control.pp | 1 - manifests/daemon/directory.pp | 1 - manifests/daemon/dns.pp | 4 +--- manifests/daemon/exit_policy.pp | 4 +--- manifests/daemon/hidden_service.pp | 4 +--- manifests/daemon/map_address.pp | 4 +--- manifests/daemon/relay.pp | 1 - manifests/daemon/snippet.pp | 4 +--- manifests/daemon/transparent.pp | 4 +--- 11 files changed, 7 insertions(+), 25 deletions(-) diff --git a/manifests/daemon/base.pp b/manifests/daemon/base.pp index c0c82ac..f3bbc37 100644 --- a/manifests/daemon/base.pp +++ b/manifests/daemon/base.pp @@ -56,7 +56,6 @@ class tor::daemon::base inherits tor::base { # config file headers concat::fragment { '00.header': - ensure => present, content => template('tor/torrc.header.erb'), order => 00, target => $tor::daemon::config_file, diff --git a/manifests/daemon/bridge.pp b/manifests/daemon/bridge.pp index 83d74e0..a448f82 100644 --- a/manifests/daemon/bridge.pp +++ b/manifests/daemon/bridge.pp @@ -2,11 +2,9 @@ define tor::daemon::bridge( $ip, $port, - $fingerprint = false, - $ensure = present ) { + $fingerprint = false ) { concat::fragment { "10.bridge.${name}": - ensure => $ensure, content => template('tor/torrc.bridge.erb'), order => 10, target => $tor::daemon::config_file, diff --git a/manifests/daemon/control.pp b/manifests/daemon/control.pp index ee425f3..4137c3e 100644 --- a/manifests/daemon/control.pp +++ b/manifests/daemon/control.pp @@ -19,7 +19,6 @@ define tor::daemon::control( } concat::fragment { '04.control': - ensure => $ensure, content => template('tor/torrc.control.erb'), order => 04, target => $tor::daemon::config_file, diff --git a/manifests/daemon/directory.pp b/manifests/daemon/directory.pp index e2e405d..fa7d52d 100644 --- a/manifests/daemon/directory.pp +++ b/manifests/daemon/directory.pp @@ -6,7 +6,6 @@ define tor::daemon::directory ( $ensure = present ) { concat::fragment { '06.directory': - ensure => $ensure, content => template('tor/torrc.directory.erb'), order => 06, target => $tor::daemon::config_file, diff --git a/manifests/daemon/dns.pp b/manifests/daemon/dns.pp index e8d4fc8..e2141c9 100644 --- a/manifests/daemon/dns.pp +++ b/manifests/daemon/dns.pp @@ -1,11 +1,9 @@ # DNS definition define tor::daemon::dns( $port = 0, - $listen_addresses = [], - $ensure = present ) { + $listen_addresses = [] ) { concat::fragment { "08.dns.${name}": - ensure => $ensure, content => template('tor/torrc.dns.erb'), order => '08', target => $tor::daemon::config_file, diff --git a/manifests/daemon/exit_policy.pp b/manifests/daemon/exit_policy.pp index df0fb99..c117d5d 100644 --- a/manifests/daemon/exit_policy.pp +++ b/manifests/daemon/exit_policy.pp @@ -2,11 +2,9 @@ define tor::daemon::exit_policy( $accept = [], $reject = [], - $reject_private = 1, - $ensure = present ) { + $reject_private = 1 ) { concat::fragment { "07.exit_policy.${name}": - ensure => $ensure, content => template('tor/torrc.exit_policy.erb'), order => 07, target => $tor::daemon::config_file, diff --git a/manifests/daemon/hidden_service.pp b/manifests/daemon/hidden_service.pp index 07121bd..4549cc7 100644 --- a/manifests/daemon/hidden_service.pp +++ b/manifests/daemon/hidden_service.pp @@ -2,8 +2,7 @@ define tor::daemon::hidden_service( $ports = [], $single_hop = false, - $data_dir = $tor::daemon::data_dir, - $ensure = present ) { + $data_dir = $tor::daemon::data_dir ) { if $single_hop { @@ -13,7 +12,6 @@ define tor::daemon::hidden_service( } concat::fragment { "05.hidden_service.${name}": - ensure => $ensure, content => template('tor/torrc.hidden_service.erb'), order => 05, target => $tor::daemon::config_file, diff --git a/manifests/daemon/map_address.pp b/manifests/daemon/map_address.pp index ac624a0..1829eae 100644 --- a/manifests/daemon/map_address.pp +++ b/manifests/daemon/map_address.pp @@ -1,11 +1,9 @@ # map address definition define tor::daemon::map_address( $address = '', - $newaddress = '', - $ensure = 'present') { + $newaddress = '' ) { concat::fragment { "08.map_address.${name}": - ensure => $ensure, content => template('tor/torrc.map_address.erb'), order => '08', target => $tor::daemon::config_file, diff --git a/manifests/daemon/relay.pp b/manifests/daemon/relay.pp index 555587c..115eb25 100644 --- a/manifests/daemon/relay.pp +++ b/manifests/daemon/relay.pp @@ -31,7 +31,6 @@ define tor::daemon::relay( } concat::fragment { '03.relay': - ensure => $ensure, content => template('tor/torrc.relay.erb'), order => 03, target => $tor::daemon::config_file, diff --git a/manifests/daemon/snippet.pp b/manifests/daemon/snippet.pp index 7e1494c..5a4c091 100644 --- a/manifests/daemon/snippet.pp +++ b/manifests/daemon/snippet.pp @@ -1,10 +1,8 @@ # Arbitrary torrc snippet definition define tor::daemon::snippet( - $content = '', - $ensure = present ) { + $content = '' ) { concat::fragment { "99.snippet.${name}": - ensure => $ensure, content => $content, order => 99, target => $tor::daemon::config_file, diff --git a/manifests/daemon/transparent.pp b/manifests/daemon/transparent.pp index 6ac7b44..7115fee 100644 --- a/manifests/daemon/transparent.pp +++ b/manifests/daemon/transparent.pp @@ -1,11 +1,9 @@ # Transparent proxy definition define tor::daemon::transparent( $port = 0, - $listen_addresses = [], - $ensure = present ) { + $listen_addresses = [] ) { concat::fragment { "09.transparent.${name}": - ensure => $ensure, content => template('tor/torrc.transparent.erb'), order => '09', target => $tor::daemon::config_file, -- cgit v1.2.3 From 26f56433a57aec688a18a964751cfe08b62d9bd8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Louis-Philippe=20V=C3=A9ronneau?= Date: Wed, 11 Oct 2017 15:35:21 -0400 Subject: puppet 4 needs arrays in templates to be marked as such --- templates/torrc.directory.erb | 2 +- templates/torrc.dns.erb | 2 +- templates/torrc.exit_policy.erb | 4 ++-- templates/torrc.global.erb | 2 +- templates/torrc.hidden_service.erb | 2 +- templates/torrc.relay.erb | 4 ++-- templates/torrc.socks.erb | 4 ++-- templates/torrc.transparent.erb | 2 +- 8 files changed, 11 insertions(+), 11 deletions(-) diff --git a/templates/torrc.directory.erb b/templates/torrc.directory.erb index c7dc4ab..2eaffb7 100644 --- a/templates/torrc.directory.erb +++ b/templates/torrc.directory.erb @@ -2,7 +2,7 @@ <% if @port != '0' -%> DirPort <%= @port %> <% end -%> -<% listen_addresses.each do |listen_address| -%> +<% Array(listen_addresses).each do |listen_address| -%> DirListenAddress <%= listen_address %> <% end -%> <% if @port_front_page != '' -%> diff --git a/templates/torrc.dns.erb b/templates/torrc.dns.erb index 57cf46d..2b9ff8e 100644 --- a/templates/torrc.dns.erb +++ b/templates/torrc.dns.erb @@ -1,5 +1,5 @@ # DNS DNSPort <%= @port %> -<% @listen_addresses.each do |listen_address| -%> +<% Array(@listen_addresses).each do |listen_address| -%> DNSListenAddress <%= listen_address %> <% end -%> diff --git a/templates/torrc.exit_policy.erb b/templates/torrc.exit_policy.erb index a30d43b..5481914 100644 --- a/templates/torrc.exit_policy.erb +++ b/templates/torrc.exit_policy.erb @@ -2,10 +2,10 @@ <% if @reject_private != '1' -%> ExitPolicyRejectPrivate <%= @reject_private %> <% end -%> -<% @accept.each do |policy| -%> +<% Array(@accept).each do |policy| -%> ExitPolicy accept <%= policy %> <% end -%> -<% @reject.each do |policy| -%> +<% Array(@reject).each do |policy| -%> ExitPolicy reject <%= policy %> <% end -%> diff --git a/templates/torrc.global.erb b/templates/torrc.global.erb index a02afc8..c29b76b 100644 --- a/templates/torrc.global.erb +++ b/templates/torrc.global.erb @@ -8,7 +8,7 @@ DataDirectory <%= v %> <% if (rules=scope.lookupvar('tor::daemon::log_rules')).empty? -%> Log notice syslog <% else -%> -<% rules.each do |log_rule| -%> +<% Array(rules).each do |log_rule| -%> Log <%= log_rule %> <% end -%> <% end -%> diff --git a/templates/torrc.hidden_service.erb b/templates/torrc.hidden_service.erb index 5b6afe1..6672937 100644 --- a/templates/torrc.hidden_service.erb +++ b/templates/torrc.hidden_service.erb @@ -6,7 +6,7 @@ SOCKSPort 0 # hidden service <%= @name %> HiddenServiceDir <%= @data_dir %>/<%= @name %> -<% @ports.each do |port| -%> +<% Array(@ports).each do |port| -%> HiddenServicePort <%= port %> <% end -%> diff --git a/templates/torrc.relay.erb b/templates/torrc.relay.erb index a286459..bfe982c 100644 --- a/templates/torrc.relay.erb +++ b/templates/torrc.relay.erb @@ -1,10 +1,10 @@ # relay <% if @port != 0 -%> ORPort <%= @port %> -<% @listen_addresses.each do |listen_address| -%> +<% Array(@listen_addresses).each do |listen_address| -%> ORListenAddress <%= @listen_address %> <% end -%> -<% @real_outbound_bindaddresses.each do |outbound_bindaddress| -%> +<% Array(@real_outbound_bindaddresses).each do |outbound_bindaddress| -%> OutboundBindAddress <%= @outbound_bindaddress %> <% end -%> <% if @nickname != '' -%> diff --git a/templates/torrc.socks.erb b/templates/torrc.socks.erb index 4bc3ddc..09e13ae 100644 --- a/templates/torrc.socks.erb +++ b/templates/torrc.socks.erb @@ -1,9 +1,9 @@ # socks SocksPort <%= @port %> -<% @listen_addresses.each do |listen_address| -%> +<% Array(@listen_addresses).each do |listen_address| -%> SocksListenAddress <%= listen_address %> <% end -%> -<% @policies.each do |policy| -%> +<% Array(@policies).each do |policy| -%> SocksPolicy <%= policy %> <% end -%> diff --git a/templates/torrc.transparent.erb b/templates/torrc.transparent.erb index c683150..19a40e1 100644 --- a/templates/torrc.transparent.erb +++ b/templates/torrc.transparent.erb @@ -1,5 +1,5 @@ # Transparent proxy TransPort <%= @port %> -<% @listen_addresses.each do |listen_address| -%> +<% Array(@listen_addresses).each do |listen_address| -%> TransListenAddress <%= listen_address %> <% end -%> -- cgit v1.2.3 From 10767a0016b0f46aceab9ac97738390035a112dc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Louis-Philippe=20V=C3=A9ronneau?= Date: Wed, 11 Oct 2017 15:52:10 -0400 Subject: copy CI infra from the shared apt module as-is --- .fixtures.yml | 6 ++ .gitlab-ci.yml | 39 ++++++++++ Gemfile | 22 ++++++ Rakefile | 19 +++++ spec/acceptance/apt_spec.rb | 21 ++++++ .../acceptance/nodesets/debian-8-x86_64-docker.yml | 19 +++++ spec/acceptance/nodesets/default.yml | 1 + spec/classes/init_spec.rb | 18 +++++ spec/defines/conf_spec.rb | 74 +++++++++++++++++++ spec/defines/preferences_snippet_spec.rb | 66 +++++++++++++++++ spec/spec_helper.rb | 12 +++ spec/spec_helper_acceptance.rb | 18 +++++ spec/unit/custom_facts_spec.rb | 86 ++++++++++++++++++++++ 13 files changed, 401 insertions(+) create mode 100644 .fixtures.yml create mode 100644 .gitlab-ci.yml create mode 100644 Gemfile create mode 100644 Rakefile create mode 100644 spec/acceptance/apt_spec.rb create mode 100644 spec/acceptance/nodesets/debian-8-x86_64-docker.yml create mode 120000 spec/acceptance/nodesets/default.yml create mode 100644 spec/classes/init_spec.rb create mode 100644 spec/defines/conf_spec.rb create mode 100644 spec/defines/preferences_snippet_spec.rb create mode 100644 spec/spec_helper.rb create mode 100644 spec/spec_helper_acceptance.rb create mode 100644 spec/unit/custom_facts_spec.rb diff --git a/.fixtures.yml b/.fixtures.yml new file mode 100644 index 0000000..99efd66 --- /dev/null +++ b/.fixtures.yml @@ -0,0 +1,6 @@ +fixtures: + repositories: + "common": + "repo": "https://gitlab.com/shared-puppet-modules-group/common.git" + symlinks: + "apt": "#{source_dir}" diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml new file mode 100644 index 0000000..05430fd --- /dev/null +++ b/.gitlab-ci.yml @@ -0,0 +1,39 @@ +image: ruby:2.1 +before_script: + - bundle install --jobs $(nproc) --without system_tests --path=/var/cache/gitlab-runner/ "${FLAGS[@]}" + +.job_template: &job_definition + script: + # don't fail on lint warnings + - bundle exec rake lint || /bin/true + - bundle exec rake syntax + - bundle exec rake validate + - bundle exec rake spec + +# Default debian jessie versions +test:puppet37: + variables: + PUPPET_VERSION: "~> 3.7.2" + FACTER_VERSION: '~> 2.2.0' + <<: *job_definition + +test:puppet38_future_parser: + variables: + PUPPET_VERSION: '~> 3.8' + FACTER_VERSION: '~> 2.2.0' + FUTURE_PARSER: 'yes' + <<: *job_definition + +# Default debia stretch versions +test:puppet45: + variables: + PUPPET_VERSION: "~> 4.5.2" + FACTER_VERSION: '~> 2.4.6' + <<: *job_definition + +# Latest greatest +test:puppet4x: + variables: + PUPPET_VERSION: "> 4" + FACTER_VERSION: '> 2' + <<: *job_definition diff --git a/Gemfile b/Gemfile new file mode 100644 index 0000000..226d7ae --- /dev/null +++ b/Gemfile @@ -0,0 +1,22 @@ +source "https://rubygems.org" + +group :development, :unit_tests do + gem "rake" + gem "rspec-puppet", "~> 2.1", :require => false + gem "rspec-core" + gem "puppetlabs_spec_helper" + gem "metadata-json-lint" + gem "rspec-puppet-facts" + gem "mocha" +end + +group :system_tests do + gem 'beaker' + gem 'beaker-rspec' + gem 'beaker_spec_helper' + gem 'serverspec' +end + +gem "puppet", ENV['PUPPET_VERSION'] || ENV['GEM_PUPPET_VERSION'] || ENV['PUPPET_GEM_VERSION'] || '~> 3.7.0' +gem "facter", ENV['FACTER_VERSION'] || ENV['GEM_FACTER_VERSION'] || ENV['FACTER_GEM_VERSION'] || '~> 2.2.0' + diff --git a/Rakefile b/Rakefile new file mode 100644 index 0000000..85326bb --- /dev/null +++ b/Rakefile @@ -0,0 +1,19 @@ +require 'puppetlabs_spec_helper/rake_tasks' +require 'puppet-lint/tasks/puppet-lint' +PuppetLint.configuration.send('disable_80chars') +PuppetLint.configuration.ignore_paths = ["spec/**/*.pp", "pkg/**/*.pp"] + +desc "Validate manifests, templates, and ruby files" +task :validate do + Dir['manifests/**/*.pp'].each do |manifest| + sh "puppet parser validate --noop #{manifest}" + end + Dir['spec/**/*.rb','lib/**/*.rb'].each do |ruby_file| + sh "ruby -c #{ruby_file}" unless ruby_file =~ /spec\/fixtures/ + end + Dir['templates/**/*.erb'].each do |template| + sh "erb -P -x -T '-' #{template} | ruby -c" + end +end + +task :test => [:lint, :syntax , :validate, :spec] diff --git a/spec/acceptance/apt_spec.rb b/spec/acceptance/apt_spec.rb new file mode 100644 index 0000000..a976a56 --- /dev/null +++ b/spec/acceptance/apt_spec.rb @@ -0,0 +1,21 @@ +require 'spec_helper_acceptance' + +describe 'apt class' do + + context 'default parameters' do + it 'should work idempotently with no errors' do + pp = <<-EOS + class { 'apt': } + EOS + + # Run it twice and test for idempotency + apply_manifest(pp, :catch_failures => true) + apply_manifest(pp, :catch_changes => true) + end + + describe package('apt') do + it { is_expected.to be_installed } + end + + end +end diff --git a/spec/acceptance/nodesets/debian-8-x86_64-docker.yml b/spec/acceptance/nodesets/debian-8-x86_64-docker.yml new file mode 100644 index 0000000..f09ad62 --- /dev/null +++ b/spec/acceptance/nodesets/debian-8-x86_64-docker.yml @@ -0,0 +1,19 @@ +HOSTS: + debian-8-x64: + platform: debian-8-amd64 + image: debian:8 + hypervisor: docker + docker_preserve_image: true + docker_cmd: '["/sbin/init"]' + docker_image_commands: + - 'apt-get install -y wget locales-all puppet git' + - 'rm -f /usr/sbin/policy-rc.d' + +CONFIG: + type: foss + #log_level: verbose + #log_level: debug + +ssh: + password: root + auth_methods: ["password"] diff --git a/spec/acceptance/nodesets/default.yml b/spec/acceptance/nodesets/default.yml new file mode 120000 index 0000000..b125a96 --- /dev/null +++ b/spec/acceptance/nodesets/default.yml @@ -0,0 +1 @@ +debian-8-x86_64-docker.yml \ No newline at end of file diff --git a/spec/classes/init_spec.rb b/spec/classes/init_spec.rb new file mode 100644 index 0000000..9ba554f --- /dev/null +++ b/spec/classes/init_spec.rb @@ -0,0 +1,18 @@ +require 'spec_helper' + +describe 'apt', :type => :class do + let :pre_condition do + 'class { "apt": }' + end + let(:facts) { { + :lsbdistid => 'Debian', + :osfamily => 'Debian', + :operatingsystem => 'Debian', + :debian_release => 'jessie', + :debian_codename => 'jessie', + :lsbdistcodename => 'jessie', + :virtual => 'physical', + :puppetversion => Puppet.version, } } + #it { is_expected.to compile.with_all_deps } + it { is_expected.to compile } +end diff --git a/spec/defines/conf_spec.rb b/spec/defines/conf_spec.rb new file mode 100644 index 0000000..cc4fb1f --- /dev/null +++ b/spec/defines/conf_spec.rb @@ -0,0 +1,74 @@ +require 'spec_helper' +describe 'apt::apt_conf', :type => :define do + let :pre_condition do + 'class { "apt": }' + end + let(:facts) { { + :lsbdistid => 'Debian', + :osfamily => 'Debian', + :operatingsystem => 'Debian', + :debian_release => 'jessie', + :debian_codename => 'jessie', + :lsbdistcodename => 'jessie', + :virtual => 'physical', + :puppetversion => Puppet.version, } } + let :title do + 'norecommends' + end + + describe "when creating an apt_conf snippet" do + let :default_params do + { + :ensure => 'present', + :content => "Apt::Install-Recommends 0;\nApt::AutoRemove::InstallRecommends 1;\n" + } + end + let :params do + default_params + end + let :filename do + "/etc/apt/apt.conf.d/norecommends" + end + + it { is_expected.to contain_file(filename).with({ + 'ensure' => 'present', + 'content' => /Apt::Install-Recommends 0;\nApt::AutoRemove::InstallRecommends 1;/, + 'owner' => 'root', + # default to '0', not 'root' + #'group' => 'root', + 'mode' => '0644', + }) + } + + end + + describe "when creating a preference without content" do + let :params do + { + :ensure => 'absent', + } + end + + it 'fails' do + expect { subject.call } .to raise_error(Puppet::Error, /One of \$source or \$content must be specified for apt_conf norecommends/) + end + end + + describe "when removing an apt preference" do + let :params do + { + :ensure => 'absent', + :content => "Apt::Install-Recommends 0;\nApt::AutoRemove::InstallRecommends 1;\n", + } + end + + let :filename do + "/etc/apt/apt.conf.d/norecommends" + end + + it { is_expected.to contain_file(filename).with({ + 'ensure' => 'absent', + }) + } + end +end diff --git a/spec/defines/preferences_snippet_spec.rb b/spec/defines/preferences_snippet_spec.rb new file mode 100644 index 0000000..012a5f6 --- /dev/null +++ b/spec/defines/preferences_snippet_spec.rb @@ -0,0 +1,66 @@ +require 'spec_helper' +describe 'apt::preferences_snippet', :type => :define do + let :pre_condition do + 'class { "apt": }' + end + let(:facts) { { + :lsbdistid => 'Debian', + :osfamily => 'Debian', + :operatingsystem => 'Debian', + :debian_release => 'jessie', + :debian_codename => 'jessie', + :lsbdistcodename => 'jessie', + :virtual => 'physical', + :puppetversion => Puppet.version, } } + let :title do + 'test' + end + + describe "when creating a preferences_snippet" do + let :default_params do + { + :ensure => 'present', + :release => "jessie-backports", + :priority => '999' + } + end + let :params do + default_params + end + let :filename do + "/etc/apt/preferences.d/test" + end + + it { is_expected.to contain_file(filename).with({ + 'ensure' => 'present', + 'content' => /Package: test\nPin: release a=jessie-backports\nPin-Priority: 999/, + 'owner' => 'root', + 'group' => '0', + 'mode' => '0644', + }) + } + + end + + describe "when using both pin and release parameters" do + let :default_params do + { + :ensure => 'present', + :priority => '999', + :release => "jessie-backports", + :pin => '1.0' + } + end + let :params do + default_params + end + let :filename do + "/etc/apt/preferences.d/test" + end + + it 'fails' do + expect { subject.call } .to raise_error(Puppet::Error, /apt::preferences_snippet requires either a 'pin' or 'release' argument, not both/) + end + end + +end diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb new file mode 100644 index 0000000..3cca63a --- /dev/null +++ b/spec/spec_helper.rb @@ -0,0 +1,12 @@ +# https://puppetlabs.com/blog/testing-modules-in-the-puppet-forge +require 'puppetlabs_spec_helper/module_spec_helper' + +fixture_path = File.expand_path(File.join(__FILE__, '..', 'fixtures')) + +RSpec.configure do |c| + + c.manifest_dir = File.join(fixture_path, 'manifests') + c.module_path = File.join(fixture_path, 'modules') + + c.color = true +end diff --git a/spec/spec_helper_acceptance.rb b/spec/spec_helper_acceptance.rb new file mode 100644 index 0000000..1ccd84d --- /dev/null +++ b/spec/spec_helper_acceptance.rb @@ -0,0 +1,18 @@ +require 'beaker-rspec' + +RSpec.configure do |c| + module_root = File.expand_path(File.join(File.dirname(__FILE__), '..')) + module_name = module_root.split('-').last + + # Readable test descriptions + c.formatter = :documentation + + # Configure all nodes in nodeset + c.before :suite do + # Install module and dependencies + puppet_module_install(:source => module_root, :module_name => module_name) + hosts.each do |host| + shell('git clone https://gitlab.com/shared-puppet-modules-group/common.git /etc/puppet/modules/common') + end + end +end diff --git a/spec/unit/custom_facts_spec.rb b/spec/unit/custom_facts_spec.rb new file mode 100644 index 0000000..9a28d92 --- /dev/null +++ b/spec/unit/custom_facts_spec.rb @@ -0,0 +1,86 @@ +require "spec_helper" + +describe "Facter::Util::Fact" do + before { + Facter.clear + } + + describe 'custom facts' do + + context 'Debian 7' do + before do + Facter.fact(:operatingsystem).stubs(:value).returns("Debian") + Facter.fact(:operatingsystemrelease).stubs(:value).returns("7.8") + Facter.fact(:lsbdistcodename).stubs(:value).returns("wheezy") + end + + it "debian_release = oldstable" do + expect(Facter.fact(:debian_release).value).to eq('oldstable') + end + + it "debian_codename = wheezy" do + expect(Facter.fact(:debian_codename).value).to eq('wheezy') + end + + it "debian_nextcodename = jessie" do + expect(Facter.fact(:debian_nextcodename).value).to eq('jessie') + end + + it "debian_nextrelease = stable" do + expect(Facter.fact(:debian_nextrelease).value).to eq('stable') + end + end + + context 'Debian 8' do + before do + Facter.fact(:operatingsystem).stubs(:value).returns("Debian") + Facter.fact(:operatingsystemrelease).stubs(:value).returns("8.0") + Facter.fact(:lsbdistcodename).stubs(:value).returns("jessie") + end + + it "debian_release = stable" do + expect(Facter.fact(:debian_release).value).to eq('stable') + end + + it "debian_codename = jessie" do + expect(Facter.fact(:debian_codename).value).to eq('jessie') + end + + it "debian_nextcodename = stretch" do + expect(Facter.fact(:debian_nextcodename).value).to eq('stretch') + end + + it "debian_nextrelease = testing" do + expect(Facter.fact(:debian_nextrelease).value).to eq('testing') + end + end + + context 'Ubuntu 15.10' do + before do + Facter.fact(:operatingsystem).stubs(:value).returns("Ubuntu") + Facter.fact(:operatingsystemrelease).stubs(:value).returns("15.10") + Facter.fact(:lsbdistcodename).stubs(:value).returns("wily") + end + + it "ubuntu_codename = wily" do + expect(Facter.fact(:ubuntu_codename).value).to eq('wily') + end + + it "ubuntu_nextcodename = xenial" do + expect(Facter.fact(:ubuntu_nextcodename).value).to eq('xenial') + end + end + end + + describe "Test 'apt_running' fact" do + it "should return true when apt-get is running" do + Facter::Util::Resolution.stubs(:exec).with("pgrep apt-get >/dev/null 2>&1 && echo true || echo false").returns("true") + expect(Facter.fact(:apt_running).value).to eq('true') + end + it "should return false when apt-get is not running" do + Facter::Util::Resolution.stubs(:exec).with("pgrep apt-get >/dev/null 2>&1 && echo true || echo false").returns("false") + expect(Facter.fact(:apt_running).value).to eq('false') + end + end + +end -- cgit v1.2.3 From 08888152bdf5e350021b1ccaec40d882225178a0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Louis-Philippe=20V=C3=A9ronneau?= Date: Wed, 11 Oct 2017 15:52:55 -0400 Subject: Puppet's version in Stretch is 4.8, not 4.5 --- .gitlab-ci.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 05430fd..611058c 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -24,10 +24,10 @@ test:puppet38_future_parser: FUTURE_PARSER: 'yes' <<: *job_definition -# Default debia stretch versions -test:puppet45: +# Default debian stretch versions +test:puppet48: variables: - PUPPET_VERSION: "~> 4.5.2" + PUPPET_VERSION: "~> 4.8.2" FACTER_VERSION: '~> 2.4.6' <<: *job_definition -- cgit v1.2.3 From a37622be65ff288f0b22ca0412521eb186a87e23 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Louis-Philippe=20V=C3=A9ronneau?= Date: Wed, 11 Oct 2017 15:58:41 -0400 Subject: add semantic puppet gem, as recommended by the error message on the CI --- Gemfile | 1 + 1 file changed, 1 insertion(+) diff --git a/Gemfile b/Gemfile index 226d7ae..cd1f56f 100644 --- a/Gemfile +++ b/Gemfile @@ -5,6 +5,7 @@ group :development, :unit_tests do gem "rspec-puppet", "~> 2.1", :require => false gem "rspec-core" gem "puppetlabs_spec_helper" + gem "semantic_puppet gem" gem "metadata-json-lint" gem "rspec-puppet-facts" gem "mocha" -- cgit v1.2.3 From 6b12caf4f6310bd6695ef5676387658fb444778a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Louis-Philippe=20V=C3=A9ronneau?= Date: Wed, 11 Oct 2017 16:05:28 -0400 Subject: remove apt-specific tests --- spec/acceptance/apt_spec.rb | 21 -------- spec/classes/init_spec.rb | 18 ------- spec/defines/conf_spec.rb | 74 --------------------------- spec/defines/preferences_snippet_spec.rb | 66 ------------------------ spec/unit/custom_facts_spec.rb | 86 -------------------------------- 5 files changed, 265 deletions(-) delete mode 100644 spec/acceptance/apt_spec.rb delete mode 100644 spec/classes/init_spec.rb delete mode 100644 spec/defines/conf_spec.rb delete mode 100644 spec/defines/preferences_snippet_spec.rb delete mode 100644 spec/unit/custom_facts_spec.rb diff --git a/spec/acceptance/apt_spec.rb b/spec/acceptance/apt_spec.rb deleted file mode 100644 index a976a56..0000000 --- a/spec/acceptance/apt_spec.rb +++ /dev/null @@ -1,21 +0,0 @@ -require 'spec_helper_acceptance' - -describe 'apt class' do - - context 'default parameters' do - it 'should work idempotently with no errors' do - pp = <<-EOS - class { 'apt': } - EOS - - # Run it twice and test for idempotency - apply_manifest(pp, :catch_failures => true) - apply_manifest(pp, :catch_changes => true) - end - - describe package('apt') do - it { is_expected.to be_installed } - end - - end -end diff --git a/spec/classes/init_spec.rb b/spec/classes/init_spec.rb deleted file mode 100644 index 9ba554f..0000000 --- a/spec/classes/init_spec.rb +++ /dev/null @@ -1,18 +0,0 @@ -require 'spec_helper' - -describe 'apt', :type => :class do - let :pre_condition do - 'class { "apt": }' - end - let(:facts) { { - :lsbdistid => 'Debian', - :osfamily => 'Debian', - :operatingsystem => 'Debian', - :debian_release => 'jessie', - :debian_codename => 'jessie', - :lsbdistcodename => 'jessie', - :virtual => 'physical', - :puppetversion => Puppet.version, } } - #it { is_expected.to compile.with_all_deps } - it { is_expected.to compile } -end diff --git a/spec/defines/conf_spec.rb b/spec/defines/conf_spec.rb deleted file mode 100644 index cc4fb1f..0000000 --- a/spec/defines/conf_spec.rb +++ /dev/null @@ -1,74 +0,0 @@ -require 'spec_helper' -describe 'apt::apt_conf', :type => :define do - let :pre_condition do - 'class { "apt": }' - end - let(:facts) { { - :lsbdistid => 'Debian', - :osfamily => 'Debian', - :operatingsystem => 'Debian', - :debian_release => 'jessie', - :debian_codename => 'jessie', - :lsbdistcodename => 'jessie', - :virtual => 'physical', - :puppetversion => Puppet.version, } } - let :title do - 'norecommends' - end - - describe "when creating an apt_conf snippet" do - let :default_params do - { - :ensure => 'present', - :content => "Apt::Install-Recommends 0;\nApt::AutoRemove::InstallRecommends 1;\n" - } - end - let :params do - default_params - end - let :filename do - "/etc/apt/apt.conf.d/norecommends" - end - - it { is_expected.to contain_file(filename).with({ - 'ensure' => 'present', - 'content' => /Apt::Install-Recommends 0;\nApt::AutoRemove::InstallRecommends 1;/, - 'owner' => 'root', - # default to '0', not 'root' - #'group' => 'root', - 'mode' => '0644', - }) - } - - end - - describe "when creating a preference without content" do - let :params do - { - :ensure => 'absent', - } - end - - it 'fails' do - expect { subject.call } .to raise_error(Puppet::Error, /One of \$source or \$content must be specified for apt_conf norecommends/) - end - end - - describe "when removing an apt preference" do - let :params do - { - :ensure => 'absent', - :content => "Apt::Install-Recommends 0;\nApt::AutoRemove::InstallRecommends 1;\n", - } - end - - let :filename do - "/etc/apt/apt.conf.d/norecommends" - end - - it { is_expected.to contain_file(filename).with({ - 'ensure' => 'absent', - }) - } - end -end diff --git a/spec/defines/preferences_snippet_spec.rb b/spec/defines/preferences_snippet_spec.rb deleted file mode 100644 index 012a5f6..0000000 --- a/spec/defines/preferences_snippet_spec.rb +++ /dev/null @@ -1,66 +0,0 @@ -require 'spec_helper' -describe 'apt::preferences_snippet', :type => :define do - let :pre_condition do - 'class { "apt": }' - end - let(:facts) { { - :lsbdistid => 'Debian', - :osfamily => 'Debian', - :operatingsystem => 'Debian', - :debian_release => 'jessie', - :debian_codename => 'jessie', - :lsbdistcodename => 'jessie', - :virtual => 'physical', - :puppetversion => Puppet.version, } } - let :title do - 'test' - end - - describe "when creating a preferences_snippet" do - let :default_params do - { - :ensure => 'present', - :release => "jessie-backports", - :priority => '999' - } - end - let :params do - default_params - end - let :filename do - "/etc/apt/preferences.d/test" - end - - it { is_expected.to contain_file(filename).with({ - 'ensure' => 'present', - 'content' => /Package: test\nPin: release a=jessie-backports\nPin-Priority: 999/, - 'owner' => 'root', - 'group' => '0', - 'mode' => '0644', - }) - } - - end - - describe "when using both pin and release parameters" do - let :default_params do - { - :ensure => 'present', - :priority => '999', - :release => "jessie-backports", - :pin => '1.0' - } - end - let :params do - default_params - end - let :filename do - "/etc/apt/preferences.d/test" - end - - it 'fails' do - expect { subject.call } .to raise_error(Puppet::Error, /apt::preferences_snippet requires either a 'pin' or 'release' argument, not both/) - end - end - -end diff --git a/spec/unit/custom_facts_spec.rb b/spec/unit/custom_facts_spec.rb deleted file mode 100644 index 9a28d92..0000000 --- a/spec/unit/custom_facts_spec.rb +++ /dev/null @@ -1,86 +0,0 @@ -require "spec_helper" - -describe "Facter::Util::Fact" do - before { - Facter.clear - } - - describe 'custom facts' do - - context 'Debian 7' do - before do - Facter.fact(:operatingsystem).stubs(:value).returns("Debian") - Facter.fact(:operatingsystemrelease).stubs(:value).returns("7.8") - Facter.fact(:lsbdistcodename).stubs(:value).returns("wheezy") - end - - it "debian_release = oldstable" do - expect(Facter.fact(:debian_release).value).to eq('oldstable') - end - - it "debian_codename = wheezy" do - expect(Facter.fact(:debian_codename).value).to eq('wheezy') - end - - it "debian_nextcodename = jessie" do - expect(Facter.fact(:debian_nextcodename).value).to eq('jessie') - end - - it "debian_nextrelease = stable" do - expect(Facter.fact(:debian_nextrelease).value).to eq('stable') - end - end - - context 'Debian 8' do - before do - Facter.fact(:operatingsystem).stubs(:value).returns("Debian") - Facter.fact(:operatingsystemrelease).stubs(:value).returns("8.0") - Facter.fact(:lsbdistcodename).stubs(:value).returns("jessie") - end - - it "debian_release = stable" do - expect(Facter.fact(:debian_release).value).to eq('stable') - end - - it "debian_codename = jessie" do - expect(Facter.fact(:debian_codename).value).to eq('jessie') - end - - it "debian_nextcodename = stretch" do - expect(Facter.fact(:debian_nextcodename).value).to eq('stretch') - end - - it "debian_nextrelease = testing" do - expect(Facter.fact(:debian_nextrelease).value).to eq('testing') - end - end - - context 'Ubuntu 15.10' do - before do - Facter.fact(:operatingsystem).stubs(:value).returns("Ubuntu") - Facter.fact(:operatingsystemrelease).stubs(:value).returns("15.10") - Facter.fact(:lsbdistcodename).stubs(:value).returns("wily") - end - - it "ubuntu_codename = wily" do - expect(Facter.fact(:ubuntu_codename).value).to eq('wily') - end - - it "ubuntu_nextcodename = xenial" do - expect(Facter.fact(:ubuntu_nextcodename).value).to eq('xenial') - end - end - end - - describe "Test 'apt_running' fact" do - it "should return true when apt-get is running" do - Facter::Util::Resolution.stubs(:exec).with("pgrep apt-get >/dev/null 2>&1 && echo true || echo false").returns("true") - expect(Facter.fact(:apt_running).value).to eq('true') - end - it "should return false when apt-get is not running" do - Facter::Util::Resolution.stubs(:exec).with("pgrep apt-get >/dev/null 2>&1 && echo true || echo false").returns("false") - expect(Facter.fact(:apt_running).value).to eq('false') - end - end - -end -- cgit v1.2.3 From 15d171a2bc2a76cb3d6f94fb1443e24e93a545e2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Louis-Philippe=20V=C3=A9ronneau?= Date: Wed, 11 Oct 2017 16:22:48 -0400 Subject: replace the apt deps in the CI by the tor ones --- .fixtures.yml | 6 +++--- spec/spec_helper_acceptance.rb | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.fixtures.yml b/.fixtures.yml index 99efd66..ba96496 100644 --- a/.fixtures.yml +++ b/.fixtures.yml @@ -1,6 +1,6 @@ fixtures: repositories: - "common": - "repo": "https://gitlab.com/shared-puppet-modules-group/common.git" + "concat": + "repo": "https://github.com/puppetlabs/puppetlabs-concat.git" symlinks: - "apt": "#{source_dir}" + "tor": "#{source_dir}" diff --git a/spec/spec_helper_acceptance.rb b/spec/spec_helper_acceptance.rb index 1ccd84d..e6a2cd8 100644 --- a/spec/spec_helper_acceptance.rb +++ b/spec/spec_helper_acceptance.rb @@ -12,7 +12,7 @@ RSpec.configure do |c| # Install module and dependencies puppet_module_install(:source => module_root, :module_name => module_name) hosts.each do |host| - shell('git clone https://gitlab.com/shared-puppet-modules-group/common.git /etc/puppet/modules/common') + shell('git clone https://github.com/puppetlabs/puppetlabs-concat.git /etc/puppet/modules/concat') end end end -- cgit v1.2.3 From 024e4d49d6a4afce4fa309c87c722763ac3ce706 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Louis-Philippe=20V=C3=A9ronneau?= Date: Wed, 11 Oct 2017 16:25:50 -0400 Subject: fix semantic_puppet gem name in Gemfile --- Gemfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile b/Gemfile index cd1f56f..7a16b94 100644 --- a/Gemfile +++ b/Gemfile @@ -5,7 +5,7 @@ group :development, :unit_tests do gem "rspec-puppet", "~> 2.1", :require => false gem "rspec-core" gem "puppetlabs_spec_helper" - gem "semantic_puppet gem" + gem "semantic_puppet" gem "metadata-json-lint" gem "rspec-puppet-facts" gem "mocha" -- cgit v1.2.3 From 382ae61aeecb8c07075809731a4a02629f349e81 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Louis-Philippe=20V=C3=A9ronneau?= Date: Wed, 11 Oct 2017 16:55:02 -0400 Subject: replace the shared concat module (deprecated) by the puppetlabs one --- README | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README b/README index e4b8f88..0ee45a3 100644 --- a/README +++ b/README @@ -40,7 +40,7 @@ Dependencies This module needs: -- the concat module: git://labs.riseup.net/shared-concat +- the concat module: https://github.com/puppetlabs/puppetlabs-concat.git Usage ===== -- cgit v1.2.3 From a8c13d73fbc7af65b5b6c5059e9d4246f5984472 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Louis-Philippe=20V=C3=A9ronneau?= Date: Wed, 11 Oct 2017 17:24:20 -0400 Subject: markdownify the README --- README | 214 ----------------------------------------------------------- README.md | 224 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 224 insertions(+), 214 deletions(-) delete mode 100644 README create mode 100644 README.md diff --git a/README b/README deleted file mode 100644 index 0ee45a3..0000000 --- a/README +++ /dev/null @@ -1,214 +0,0 @@ -puppet module for managing tor -============================== - -This module tries to manage tor, making sure it is installed, running, has munin -graphs if desired and allows for configuration of relays, hidden services, exit -policies, etc. - -! Upgrade Notice ! - - previously, if you did not set the $outbound_bindaddress variable, it was being - automatically set to the $listen_address variable. Now this is not being done - and instead you will need to set the $outbound_bindaddress explicitly for it to - be set. - - the tor::relay{} variables $bandwidth_rate and $bandwidth_burst were previously - used for the tor configuration variables RelayBandwidthRate and - RelayBandwidthBurst, these have been renamed to $relay_bandwidth_rate and - $relay_bandwidth_burst. If you were using these, please rename your variables in - your configuration. - - The variables $bandwidth_rate and $bandwidth_burst are now used for the tor - configuration variables BandwidthRate and BandwidthBurst. If you used - $bandwidth_rate or $bandwidth_burst please be aware that these values have - changed and adjust your configuration as necessary. - - The $tor_ensure_version was converted to a parameter for the tor and - tor::daemon classes. - - The $torsocks_ensure_version was converted to a parameter for the - tor::torsocks class. - - The options that used to be settable with the - tor::daemon::global_opts define now are parameters for the - tor::daemon class, and tor::daemon::global_opts was - removed accordingly. - - -Dependencies -============ - -This module needs: - -- the concat module: https://github.com/puppetlabs/puppetlabs-concat.git - -Usage -===== - -Installing tor --------------- - -To install tor, simply include the 'tor' class in your manifests: - - class { 'tor': } - -You can specify the $ensure_version class parameter to get a specific -version installed. - -However, if you want to make configuration changes to your tor daemon, you will -want to instead include the 'tor::daemon' class in your manifests, which will -inherit the 'tor' class from above: - - class { '::tor::daemon': } - -You have the following class parameters that you can specify: - -data_dir (default: '/var/lib/tor') -config_file (default: '/etc/tor/torrc') -use_bridges (default: 0) -automap_hosts_on_resolve (default: 0) -log_rules (default: ['notice file /var/log/tor/notices.log']) - -The data_dir will be used for the tor user's $HOME, and the tor DataDirectory -value. - -The config_file will be managed and the daemon restarted when -it changed. - -use_bridges and automap_hosts_on_resolve are used to set the -UseBridges and AutomapHostsOnResolve torrc settings. - -The log_rules can be an array of different Log lines, each will be added to the -config, for example the following will use syslog: - - class { '::tor::daemon': - log_rules => [ 'notice syslog' ], - } - -If you want to set specific options for the tor class, -you may pass them directly to the tor::daemon in your manifests, -e.g.: - - class { '::tor::daemon': - use_munin => true, - automap_hosts_on_resolve => 1, - } - -Configuring socks ------------------ - -To configure tor socks support, you can do the following: - - tor::daemon::socks { "listen_locally": listen_addresses => [ '127.0.0.1' ]; } - -this will setup the SocksListenAddress to be 127.0.0.1. You also can pass the -following options to tor::daemon::socks: - -$port = 0 - SocksPort -$listen_address - can pass multiple values to configure SocksListenAddress lines -$policies - can pass multiple values to configure SocksPolicy lines - -Installing torsocks -------------------- - -To install torsocks, simply include the 'torsocks' class in your manifests: - - class { 'tor::torsocks': } - -You can specify the $ensure_version class parameter to get a specific -version installed. - -Configuring relays -================== - -An example relay configuration: - - tor::daemon::relay { "foobar": - port => 9001, listen_addresses => '192.168.0.1', address => '192.168.0.1', - bandwidth_rate => '256', bandwidth_burst => '256', contact_info => "Foo ", - my_family => '' - } - -You have the following options that can be passed to a relay, with the defaults shown: - -$port = 0, -$listen_addresses = [], -$portforwarding = 0, # PortForwarding 0|1, set for opening ports at the router via UPnP. - # Requires 'tor-fw-helper' binary present. -$bandwidth_rate = '', # KB/s, defaulting to using tor's default: 5120KB/s -$bandwidth_burst = '', # KB/s, defaulting to using tor's default: 10240KB/s -$relay_bandwidth_rate = 0, # KB/s, 0 for no limit. -$relay_bandwidth_burst = 0, # KB/s, 0 for no limit. -$accounting_max = 0, # GB, 0 for no limit. -$accounting_start = [], -$contact_info = '', -$my_family = '', # TODO: autofill with other relays -$address = "tor.${domain}", -$bridge_relay = 0, -$ensure = present -$nickname = $name - -Configuring the control ------------------------ - -To pass parameters to configure the ControlPort and the HashedControlPassword, -you would do something like this: - - tor::daemon::control { "foo-control": - port => '80', hashed_control_password => '', - ensure => present -} - -Note: you must pass a hashed password to the control port, if you are going to -use it. - - -Configuring hidden services ---------------------------- - -To configure a tor hidden service you can do something like the following: - - tor::daemon::hidden_service { "hidden_ssh": ports => 22 } - -The HiddenServiceDir is set to the ${data_dir}/${name}. - -Configuring directories ------------------------ - -An example directory configuration: - - tor::daemon::directory { 'ssh_directory': - port => 80, listen_addresses => '192.168.0.1', - port_front_page => '/etc/tor/tor.html' - } - -Configuring exit policies --------------------------- - -To configure exit policies, you can do the following: - -tor::daemon::exit_policy { "ssh_exit_policy": - accept => "192.168.0.1:22", - reject => "*:*"; - } - } - - -Polipo -====== - -Polipo support can be enabled by doing: - - include tor::polipo - -this will inherit the tor class by default, remove privoxy if its installed, and -install polipo, making sure it is running. - - -Munin -===== - -If you are using munin, and have the puppet munin module installed, you can set -the use_munin parameter to true when defining the tor::daemon class to have -graphs setup for you. - diff --git a/README.md b/README.md new file mode 100644 index 0000000..8b1288d --- /dev/null +++ b/README.md @@ -0,0 +1,224 @@ +# tor + +#### Table of Contents + +* [Overview](#overview) + * [Upgrade Notice](#upgrade-notice) +* [Dependencies](#dependencies) +* [Usage](#usage) + * [Installing tor](#installing-tor) + * [Configuring SOCKS](#configuring-socks) + * [Installing torsocks](#installing-torsock) + * [Configuring relays](#configuring-relays) + * [Configuring the control](#configuring-control) + * [Configuring hidden services](#configuring-hidden-services) + * [Configuring directories](#configuring-directories) + * [Configuring exit policies](#configuring-exit-policies) +* [Polipo](#polipo) +* [Munin](#munin) + +# Overview + +This module tries to manage tor, making sure it is installed, running, has +munin graphs if desired and allows for configuration of relays, hidden services, +exit policies, etc. + +## Upgrade Notice + + * Previously, if you did not set the `$outbound_bindaddress` variable, it was + being automatically set to the `$listen_address variable`. Now this is not + being done and instead you will need to set the `$outbound_bindaddress` + explicitly for it to be set. + + * The `tor::relay{}` variables `$bandwidth_rate` and `$bandwidth_burst` were + previously used for the tor configuration variables `RelayBandwidthRate` and + `RelayBandwidthBurst`, these have been renamed to `$relay_bandwidth_rate` + and `$relay_bandwidth_burst`. If you were using these, please rename your + variables in your configuration. + + * The variables `$bandwidth_rate` and `$bandwidth_burst` are now used for the + tor configuration variables `BandwidthRate` and `BandwidthBurst`. If you + used `$bandwidth_rate` or `$bandwidth_burst` please be aware that these + values have changed and adjust your configuration as necessary. + + * The `$tor_ensure_version` was converted to a parameter for the tor and + `tor::daemon` classes. + + * The `$torsocks_ensure_version` was converted to a parameter for the + `tor::torsocks` class. + + * The options that used to be settable with the `tor::daemon::global_opts` + define now are parameters for the `tor::daemon class`, and + `tor::daemon::global_opts` was removed accordingly. + + +# Dependencies + +This module needs: + + * the [concat module](https://github.com/puppetlabs/puppetlabs-concat.git) + +# Usage + +## Installing tor + +To install tor, simply include the 'tor' class in your manifests: + + class { 'tor': } + +You can specify the `$ensure_version` class parameter to get a specific +version installed. + +However, if you want to make configuration changes to your tor daemon, you will +want to instead include the `tor::daemon` class in your manifests, which will +inherit the `tor` class from above: + + class { '::tor::daemon': } + +You have the following class parameters that you can specify: + + data_dir (default: '/var/lib/tor') + config_file (default: '/etc/tor/torrc') + use_bridges (default: 0) + automap_hosts_on_resolve (default: 0) + log_rules (default: ['notice file /var/log/tor/notices.log']) + +The `data_dir` will be used for the tor user's `$HOME`, and the tor +`DataDirectory` value. + +The `config_file` will be managed and the daemon restarted when it changed. + +`use_bridges` and `automap_hosts_on_resolve` are used to set the `UseBridges` +and `AutomapHostsOnResolve` torrc settings. + +The `log_rules` can be an array of different Log lines, each will be added to +the config, for example the following will use syslog: + + class { '::tor::daemon': + log_rules => [ 'notice syslog' ], + } + +If you want to set specific options for the tor class, you may pass them +directly to the tor::daemon in your manifests, e.g.: + + class { '::tor::daemon': + use_munin => true, + automap_hosts_on_resolve => 1, + } + +## Configuring SOCKS + +To configure tor socks support, you can do the following: + + tor::daemon::socks { "listen_locally": + listen_addresses => [ '127.0.0.1' ]; + } + +This will setup the `SocksListenAddress` to be `127.0.0.1`. You also can pass +the following options to `tor::daemon::socks`: + + $port = 0 - SocksPort + $listen_address - can pass multiple values to configure SocksListenAddress lines + $policies - can pass multiple values to configure SocksPolicy lines + +## Installing torsocks + +To install torsocks, simply include the `torsocks` class in your manifests: + + class { 'tor::torsocks': } + +You can specify the `$ensure_version` class parameter to get a specific +version installed. + +# Configuring relays + +An example relay configuration: + + tor::daemon::relay { "foobar": + port => '9001', + listen_addresses => '192.168.0.1', + address => '192.168.0.1', + bandwidth_rate => '256', + bandwidth_burst => '256', + contact_info => "Foo ", + my_family => ''; + } + +You have the following options that can be passed to a relay, with the defaults +shown: + + $port = 0, + $listen_addresses = [], + $portforwarding = 0, # PortForwarding 0|1, set for opening ports at the router via UPnP. + # Requires 'tor-fw-helper' binary present. + $bandwidth_rate = '', # KB/s, defaulting to using tor's default: 5120KB/s + $bandwidth_burst = '', # KB/s, defaulting to using tor's default: 10240KB/s + $relay_bandwidth_rate = 0, # KB/s, 0 for no limit. + $relay_bandwidth_burst = 0, # KB/s, 0 for no limit. + $accounting_max = 0, # GB, 0 for no limit. + $accounting_start = [], + $contact_info = '', + $my_family = '', # TODO: autofill with other relays + $address = "tor.${domain}", + $bridge_relay = 0, + $ensure = present + $nickname = $name + +## Configuring the control + +To pass parameters to configure the ControlPort and the HashedControlPassword, +you would do something like this: + + tor::daemon::control { "foo-control": + port => '80', + hashed_control_password => '', + ensure => present; + } + +Note: you must pass a hashed password to the control port, if you are going to +use it. + +## Configuring hidden services + +To configure a tor hidden service you can do something like the following: + + tor::daemon::hidden_service { "hidden_ssh": + ports => 22; + } + +The `HiddenServiceDir` is set to the `${data_dir}/${name}`. + +## Configuring directories + +An example directory configuration: + + tor::daemon::directory { 'ssh_directory': + port => '80', + listen_addresses => '192.168.0.1', + port_front_page => '/etc/tor/tor.html'; + } + +## Configuring exit policies + +To configure exit policies, you can do the following: + + tor::daemon::exit_policy { "ssh_exit_policy": + accept => "192.168.0.1:22", + reject => "*:*"; + } + + +# Polipo + +Polipo support can be enabled by doing: + + include tor::polipo + +This will inherit the `tor` class by default, remove `privoxy` if it's +installed, and install `polipo`, making sure it is running. + +# Munin + +If you are using `munin`, and have the puppet munin module installed, you can +set the `use_munin` parameter to `true` when defining the `tor::daemon` class +to have graphs setup for you. -- cgit v1.2.3 From 3a9a7cca01cdcdefc84256fdffbedfdaa3944f9c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Louis-Philippe=20V=C3=A9ronneau?= Date: Wed, 11 Oct 2017 17:30:17 -0400 Subject: a few markdown fixes --- README.md | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/README.md b/README.md index 8b1288d..2f2ebf2 100644 --- a/README.md +++ b/README.md @@ -8,7 +8,7 @@ * [Usage](#usage) * [Installing tor](#installing-tor) * [Configuring SOCKS](#configuring-socks) - * [Installing torsocks](#installing-torsock) + * [Installing torsocks](#installing-torsocks) * [Configuring relays](#configuring-relays) * [Configuring the control](#configuring-control) * [Configuring hidden services](#configuring-hidden-services) @@ -134,15 +134,15 @@ version installed. An example relay configuration: - tor::daemon::relay { "foobar": - port => '9001', - listen_addresses => '192.168.0.1', - address => '192.168.0.1', - bandwidth_rate => '256', - bandwidth_burst => '256', - contact_info => "Foo ", - my_family => ''; - } + tor::daemon::relay { "foobar": + port => '9001', + listen_addresses => '192.168.0.1', + address => '192.168.0.1', + bandwidth_rate => '256', + bandwidth_burst => '256', + contact_info => "Foo ", + my_family => ''; + } You have the following options that can be passed to a relay, with the defaults shown: @@ -166,8 +166,8 @@ shown: ## Configuring the control -To pass parameters to configure the ControlPort and the HashedControlPassword, -you would do something like this: +To pass parameters to configure the `ControlPort` and the +`HashedControlPassword`, you would do something like this: tor::daemon::control { "foo-control": port => '80', -- cgit v1.2.3 From 682cc7622e033575d6238c5792f135fce05b13c3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Louis-Philippe=20V=C3=A9ronneau?= Date: Wed, 18 Oct 2017 16:09:14 -0400 Subject: add support for Server Transport Plugins --- manifests/daemon/transport_plugin.pp | 17 +++++++++++++++++ templates/torrc.transport_plugin.pp | 10 ++++++++++ 2 files changed, 27 insertions(+) create mode 100644 manifests/daemon/transport_plugin.pp create mode 100644 templates/torrc.transport_plugin.pp diff --git a/manifests/daemon/transport_plugin.pp b/manifests/daemon/transport_plugin.pp new file mode 100644 index 0000000..f0ba41f --- /dev/null +++ b/manifests/daemon/transport_plugin.pp @@ -0,0 +1,17 @@ +# transport plugin +define tor::daemon::transport_plugin( + $servertransport_plugin = '', + $servertransport_listenaddr = '', + $servertransport_options = '', + $ext_port = '' ) { + + if $port == $ext_port { + fail('ORPort and ExtORPort values cannot be the same') + } + + concat::fragment { "11.transport_plugin": + content => template('tor/torrc.transport_plugin.erb'), + order => 11, + target => $tor::daemon::config_file, + } +} diff --git a/templates/torrc.transport_plugin.pp b/templates/torrc.transport_plugin.pp new file mode 100644 index 0000000..6adf00e --- /dev/null +++ b/templates/torrc.transport_plugin.pp @@ -0,0 +1,10 @@ +# transport plugin +<% if @servertransport_plugin != '' -%> +ServerTransportPlugin <%= @servertransport_plugin %> +<% if @servertransport_listenaddr != '' -%> +ServerTransportListenAddr <%= @servertransport_listenaddr %> +<% if @servertransport_options != '' -%> +ServerTransportOptions <%= @servertransport_options %> +<% if @ext_port != '' -%> +ExtORPort <%= @ext_port %> +<% end -%> -- cgit v1.2.3 From 354a87462f346ce6da31c52857f21a923d798445 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Louis-Philippe=20V=C3=A9ronneau?= Date: Wed, 25 Oct 2017 15:51:22 -0400 Subject: remove the port check, since we can't access a variable in another define without creating a fact --- manifests/daemon/transport_plugin.pp | 4 ---- 1 file changed, 4 deletions(-) diff --git a/manifests/daemon/transport_plugin.pp b/manifests/daemon/transport_plugin.pp index f0ba41f..7242e5e 100644 --- a/manifests/daemon/transport_plugin.pp +++ b/manifests/daemon/transport_plugin.pp @@ -5,10 +5,6 @@ define tor::daemon::transport_plugin( $servertransport_options = '', $ext_port = '' ) { - if $port == $ext_port { - fail('ORPort and ExtORPort values cannot be the same') - } - concat::fragment { "11.transport_plugin": content => template('tor/torrc.transport_plugin.erb'), order => 11, -- cgit v1.2.3 From 2785024a9b2bb49847d8cc77e0691b70cbb3fd5c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Louis-Philippe=20V=C3=A9ronneau?= Date: Wed, 25 Oct 2017 15:58:32 -0400 Subject: fix syntax error in transport_plugin template --- templates/torrc.transport_plugin.pp | 3 +++ 1 file changed, 3 insertions(+) diff --git a/templates/torrc.transport_plugin.pp b/templates/torrc.transport_plugin.pp index 6adf00e..d57f0e8 100644 --- a/templates/torrc.transport_plugin.pp +++ b/templates/torrc.transport_plugin.pp @@ -1,10 +1,13 @@ # transport plugin <% if @servertransport_plugin != '' -%> ServerTransportPlugin <%= @servertransport_plugin %> +<% end -%> <% if @servertransport_listenaddr != '' -%> ServerTransportListenAddr <%= @servertransport_listenaddr %> +<% end -%> <% if @servertransport_options != '' -%> ServerTransportOptions <%= @servertransport_options %> +<% end -%> <% if @ext_port != '' -%> ExtORPort <%= @ext_port %> <% end -%> -- cgit v1.2.3 From 47342c072a8d39d8680b7a9b60ffc5ff674840a1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Louis-Philippe=20V=C3=A9ronneau?= Date: Wed, 18 Oct 2017 14:01:32 -0400 Subject: '[]' is not a proper default for AccountingStart, use tor's default instead --- manifests/daemon/relay.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/daemon/relay.pp b/manifests/daemon/relay.pp index 115eb25..056bbf6 100644 --- a/manifests/daemon/relay.pp +++ b/manifests/daemon/relay.pp @@ -14,7 +14,7 @@ define tor::daemon::relay( $relay_bandwidth_burst = 0, # GB, 0 for no limit $accounting_max = 0, - $accounting_start = [], + $accounting_start = "month 1 0:00", $contact_info = '', # TODO: autofill with other relays $my_family = '', -- cgit v1.2.3 From 1e885d3d5987f4b4cec42e883db5b3f444350c1f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Louis-Philippe=20V=C3=A9ronneau?= Date: Wed, 1 Nov 2017 16:31:55 -0400 Subject: templates are ERB files, not PP --- templates/torrc.transport_plugin.erb | 13 +++++++++++++ templates/torrc.transport_plugin.pp | 13 ------------- 2 files changed, 13 insertions(+), 13 deletions(-) create mode 100644 templates/torrc.transport_plugin.erb delete mode 100644 templates/torrc.transport_plugin.pp diff --git a/templates/torrc.transport_plugin.erb b/templates/torrc.transport_plugin.erb new file mode 100644 index 0000000..d57f0e8 --- /dev/null +++ b/templates/torrc.transport_plugin.erb @@ -0,0 +1,13 @@ +# transport plugin +<% if @servertransport_plugin != '' -%> +ServerTransportPlugin <%= @servertransport_plugin %> +<% end -%> +<% if @servertransport_listenaddr != '' -%> +ServerTransportListenAddr <%= @servertransport_listenaddr %> +<% end -%> +<% if @servertransport_options != '' -%> +ServerTransportOptions <%= @servertransport_options %> +<% end -%> +<% if @ext_port != '' -%> +ExtORPort <%= @ext_port %> +<% end -%> diff --git a/templates/torrc.transport_plugin.pp b/templates/torrc.transport_plugin.pp deleted file mode 100644 index d57f0e8..0000000 --- a/templates/torrc.transport_plugin.pp +++ /dev/null @@ -1,13 +0,0 @@ -# transport plugin -<% if @servertransport_plugin != '' -%> -ServerTransportPlugin <%= @servertransport_plugin %> -<% end -%> -<% if @servertransport_listenaddr != '' -%> -ServerTransportListenAddr <%= @servertransport_listenaddr %> -<% end -%> -<% if @servertransport_options != '' -%> -ServerTransportOptions <%= @servertransport_options %> -<% end -%> -<% if @ext_port != '' -%> -ExtORPort <%= @ext_port %> -<% end -%> -- cgit v1.2.3 From 4b234d7eb2c42f1c8c8e872e64c619f08bdaa304 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Louis-Philippe=20V=C3=A9ronneau?= Date: Wed, 1 Nov 2017 16:33:03 -0400 Subject: follow puppet syntax guide (and make the CI shutup) --- manifests/daemon/transport_plugin.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/daemon/transport_plugin.pp b/manifests/daemon/transport_plugin.pp index 7242e5e..1921282 100644 --- a/manifests/daemon/transport_plugin.pp +++ b/manifests/daemon/transport_plugin.pp @@ -5,7 +5,7 @@ define tor::daemon::transport_plugin( $servertransport_options = '', $ext_port = '' ) { - concat::fragment { "11.transport_plugin": + concat::fragment { '11.transport_plugin': content => template('tor/torrc.transport_plugin.erb'), order => 11, target => $tor::daemon::config_file, -- cgit v1.2.3 From d5c17a1c842bbec4d0172895d715f5ce48fb7068 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Louis-Philippe=20V=C3=A9ronneau?= Date: Wed, 1 Nov 2017 16:47:02 -0400 Subject: *ListenAddress (OR, DNS, Trans, etc.) are deprecated since 0.2.3.x-alpha --- README.md | 17 ++++++----------- manifests/daemon/directory.pp | 1 - manifests/daemon/dns.pp | 3 +-- manifests/daemon/relay.pp | 1 - manifests/daemon/socks.pp | 1 - manifests/daemon/transparent.pp | 3 +-- templates/torrc.directory.erb | 3 --- templates/torrc.dns.erb | 3 --- templates/torrc.relay.erb | 2 -- templates/torrc.socks.erb | 3 --- templates/torrc.transparent.erb | 3 --- 11 files changed, 8 insertions(+), 32 deletions(-) diff --git a/README.md b/README.md index 2f2ebf2..7186ab7 100644 --- a/README.md +++ b/README.md @@ -25,6 +25,10 @@ exit policies, etc. ## Upgrade Notice + * All of the `listen_address` variables have been deprecated, since they have + been deprecated in tor since 0.2.3.x-alpha. Please read the new tor man page + if you were using those variables. + * Previously, if you did not set the `$outbound_bindaddress` variable, it was being automatically set to the `$listen_address variable`. Now this is not being done and instead you will need to set the `$outbound_bindaddress` @@ -111,16 +115,10 @@ directly to the tor::daemon in your manifests, e.g.: To configure tor socks support, you can do the following: tor::daemon::socks { "listen_locally": - listen_addresses => [ '127.0.0.1' ]; + port => 0, + policies => 'your super policy'; } -This will setup the `SocksListenAddress` to be `127.0.0.1`. You also can pass -the following options to `tor::daemon::socks`: - - $port = 0 - SocksPort - $listen_address - can pass multiple values to configure SocksListenAddress lines - $policies - can pass multiple values to configure SocksPolicy lines - ## Installing torsocks To install torsocks, simply include the `torsocks` class in your manifests: @@ -136,7 +134,6 @@ An example relay configuration: tor::daemon::relay { "foobar": port => '9001', - listen_addresses => '192.168.0.1', address => '192.168.0.1', bandwidth_rate => '256', bandwidth_burst => '256', @@ -148,7 +145,6 @@ You have the following options that can be passed to a relay, with the defaults shown: $port = 0, - $listen_addresses = [], $portforwarding = 0, # PortForwarding 0|1, set for opening ports at the router via UPnP. # Requires 'tor-fw-helper' binary present. $bandwidth_rate = '', # KB/s, defaulting to using tor's default: 5120KB/s @@ -194,7 +190,6 @@ An example directory configuration: tor::daemon::directory { 'ssh_directory': port => '80', - listen_addresses => '192.168.0.1', port_front_page => '/etc/tor/tor.html'; } diff --git a/manifests/daemon/directory.pp b/manifests/daemon/directory.pp index fa7d52d..3eaef9f 100644 --- a/manifests/daemon/directory.pp +++ b/manifests/daemon/directory.pp @@ -1,7 +1,6 @@ # directory advertising define tor::daemon::directory ( $port = 0, - $listen_addresses = [], $port_front_page = '/etc/tor/tor-exit-notice.html', $ensure = present ) { diff --git a/manifests/daemon/dns.pp b/manifests/daemon/dns.pp index e2141c9..599abd8 100644 --- a/manifests/daemon/dns.pp +++ b/manifests/daemon/dns.pp @@ -1,7 +1,6 @@ # DNS definition define tor::daemon::dns( - $port = 0, - $listen_addresses = [] ) { + $port = 0 ) { concat::fragment { "08.dns.${name}": content => template('tor/torrc.dns.erb'), diff --git a/manifests/daemon/relay.pp b/manifests/daemon/relay.pp index 056bbf6..fa908f5 100644 --- a/manifests/daemon/relay.pp +++ b/manifests/daemon/relay.pp @@ -1,7 +1,6 @@ # relay definition define tor::daemon::relay( $port = 0, - $listen_addresses = [], $outbound_bindaddresses = [], $portforwarding = 0, # KB/s, defaulting to using tor's default: 5120KB/s diff --git a/manifests/daemon/socks.pp b/manifests/daemon/socks.pp index 54c8b6a..cb130d9 100644 --- a/manifests/daemon/socks.pp +++ b/manifests/daemon/socks.pp @@ -1,7 +1,6 @@ # socks definition define tor::daemon::socks( $port = 0, - $listen_addresses = [], $policies = [] ) { concat::fragment { '02.socks': diff --git a/manifests/daemon/transparent.pp b/manifests/daemon/transparent.pp index 7115fee..90c0142 100644 --- a/manifests/daemon/transparent.pp +++ b/manifests/daemon/transparent.pp @@ -1,7 +1,6 @@ # Transparent proxy definition define tor::daemon::transparent( - $port = 0, - $listen_addresses = [] ) { + $port = 0 ) { concat::fragment { "09.transparent.${name}": content => template('tor/torrc.transparent.erb'), diff --git a/templates/torrc.directory.erb b/templates/torrc.directory.erb index 2eaffb7..d70ab39 100644 --- a/templates/torrc.directory.erb +++ b/templates/torrc.directory.erb @@ -2,9 +2,6 @@ <% if @port != '0' -%> DirPort <%= @port %> <% end -%> -<% Array(listen_addresses).each do |listen_address| -%> -DirListenAddress <%= listen_address %> -<% end -%> <% if @port_front_page != '' -%> DirPortFrontPage <%= @port_front_page %> <%- end -%> diff --git a/templates/torrc.dns.erb b/templates/torrc.dns.erb index 2b9ff8e..a89ba31 100644 --- a/templates/torrc.dns.erb +++ b/templates/torrc.dns.erb @@ -1,5 +1,2 @@ # DNS DNSPort <%= @port %> -<% Array(@listen_addresses).each do |listen_address| -%> -DNSListenAddress <%= listen_address %> -<% end -%> diff --git a/templates/torrc.relay.erb b/templates/torrc.relay.erb index bfe982c..27e35d6 100644 --- a/templates/torrc.relay.erb +++ b/templates/torrc.relay.erb @@ -1,8 +1,6 @@ # relay <% if @port != 0 -%> ORPort <%= @port %> -<% Array(@listen_addresses).each do |listen_address| -%> -ORListenAddress <%= @listen_address %> <% end -%> <% Array(@real_outbound_bindaddresses).each do |outbound_bindaddress| -%> OutboundBindAddress <%= @outbound_bindaddress %> diff --git a/templates/torrc.socks.erb b/templates/torrc.socks.erb index 09e13ae..c6aba60 100644 --- a/templates/torrc.socks.erb +++ b/templates/torrc.socks.erb @@ -1,8 +1,5 @@ # socks SocksPort <%= @port %> -<% Array(@listen_addresses).each do |listen_address| -%> -SocksListenAddress <%= listen_address %> -<% end -%> <% Array(@policies).each do |policy| -%> SocksPolicy <%= policy %> <% end -%> diff --git a/templates/torrc.transparent.erb b/templates/torrc.transparent.erb index 19a40e1..c57d138 100644 --- a/templates/torrc.transparent.erb +++ b/templates/torrc.transparent.erb @@ -1,5 +1,2 @@ # Transparent proxy TransPort <%= @port %> -<% Array(@listen_addresses).each do |listen_address| -%> -TransListenAddress <%= listen_address %> -<% end -%> -- cgit v1.2.3 From 76ab876ae0e660e1f68e2d8432b865f8e7915da7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Louis-Philippe=20V=C3=A9ronneau?= Date: Wed, 1 Nov 2017 16:53:28 -0400 Subject: remove missing end in modified template --- templates/torrc.relay.erb | 1 - 1 file changed, 1 deletion(-) diff --git a/templates/torrc.relay.erb b/templates/torrc.relay.erb index 27e35d6..7735b47 100644 --- a/templates/torrc.relay.erb +++ b/templates/torrc.relay.erb @@ -1,7 +1,6 @@ # relay <% if @port != 0 -%> ORPort <%= @port %> -<% end -%> <% Array(@real_outbound_bindaddresses).each do |outbound_bindaddress| -%> OutboundBindAddress <%= @outbound_bindaddress %> <% end -%> -- cgit v1.2.3 From 7170dae37787ad213ace30648a5929a1171f7529 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Louis-Philippe=20V=C3=A9ronneau?= Date: Wed, 1 Nov 2017 17:06:53 -0400 Subject: document the new transport plugin mechanism --- README.md | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/README.md b/README.md index 7186ab7..b44f7e3 100644 --- a/README.md +++ b/README.md @@ -14,6 +14,7 @@ * [Configuring hidden services](#configuring-hidden-services) * [Configuring directories](#configuring-directories) * [Configuring exit policies](#configuring-exit-policies) + * [Configuring transport plugins](#configuring-transport-plugins) * [Polipo](#polipo) * [Munin](#munin) @@ -202,6 +203,23 @@ To configure exit policies, you can do the following: reject => "*:*"; } +## Configuring transport plugins + +To configure transport plugins, you can do the following: + + tor::daemon::transport_plugins { "obfs4": + ext_port => '80', + servertransport_plugin => 'obfs4 exec /usr/bin/obfs4proxy', + } + +If you wish to use `obfs4proxy`, you will also need to install the required +Debian package, as the puppet module will not do it for you. + +Other options for transport plugins are also available but not defined by +default: + + $servertransport_listenaddr #Set a different address for the transport plugin mechanism + $servertransport_options #Pass a k=v parameters to the transport proxy # Polipo -- cgit v1.2.3 From 01cfa7e013179f17d981ef8ca9822a8c3bd727ff Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Sat, 7 Oct 2017 13:39:12 -0400 Subject: add v3 hidden service support --- README.md | 10 +++++++++- manifests/daemon/hidden_service.pp | 2 ++ templates/torrc.hidden_service.erb | 8 ++++++++ 3 files changed, 19 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index b44f7e3..2cf89df 100644 --- a/README.md +++ b/README.md @@ -183,7 +183,15 @@ To configure a tor hidden service you can do something like the following: ports => 22; } -The `HiddenServiceDir` is set to the `${data_dir}/${name}`. +The `HiddenServiceDir` is set to the `${data_dir}/${name}`, but you can override +it with the parameter `datadir`. + +If you wish to enable v3-style hidden services to correspond with the v2-style +hidden services (the same configuration will be applied to both), you can pass +the parameter `v3 => true`. The default is `false`. + +If you wish to enable single-hop onion addresses, you can enable them by +passing `single_hop => true`. The default is `false`. ## Configuring directories diff --git a/manifests/daemon/hidden_service.pp b/manifests/daemon/hidden_service.pp index 4549cc7..9e053cc 100644 --- a/manifests/daemon/hidden_service.pp +++ b/manifests/daemon/hidden_service.pp @@ -2,9 +2,11 @@ define tor::daemon::hidden_service( $ports = [], $single_hop = false, + $v3 = false, $data_dir = $tor::daemon::data_dir ) { + if $single_hop { file { "${$data_dir}/${$name}/onion_service_non_anonymous": ensure => 'present', diff --git a/templates/torrc.hidden_service.erb b/templates/torrc.hidden_service.erb index 6672937..c7dbe9e 100644 --- a/templates/torrc.hidden_service.erb +++ b/templates/torrc.hidden_service.erb @@ -10,3 +10,11 @@ HiddenServiceDir <%= @data_dir %>/<%= @name %> HiddenServicePort <%= port %> <% end -%> +<% if @v3 != false %> +# hidden service v3 static +HiddenServiceDir <%= @data_dir %>/<%= @name -%>3 +HiddenServiceVersion 3 +<% Array(@ports).each do |port| -%> +HiddenServicePort <%= port %> +<% end -%> +<% end -%> -- cgit v1.2.3 From b0b9bf0f275897b131eaf03434f17dd17400caaa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Louis-Philippe=20V=C3=A9ronneau?= Date: Fri, 12 Jan 2018 15:24:41 -0500 Subject: add metadata.json file to publish the module on the forge --- metadata.json | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 metadata.json diff --git a/metadata.json b/metadata.json new file mode 100644 index 0000000..7fd5fed --- /dev/null +++ b/metadata.json @@ -0,0 +1,29 @@ +{ + "name": "tor", + "version": "1.0.0", + "author": "SMASH", + "summary": "This project tracks the tor puppet module that manages the tor onion routing system.", + "license": "GPL-3.0-or-later", + "source": "https://gitlab.com/shared-puppet-modules-group/tor", + "project_page": "https://gitlab.com/shared-puppet-modules-group/tor", + "issues_url": "https://gitlab.com/shared-puppet-modules-group/tor/issues", + "dependencies": [ + { "name":"puppetlabs/concat" } + ], + "operatingsystem_support": [ + { + "operatingsystem": "Debian", + "operatingsystemrelease": [ + "8", + "9" + ] + } + ], + "requirements": [ + { + "name": "puppet", + "version_requirement": "4.X" + } + ], + "description": "This module tries to manage tor, making sure it is installed, running, has munin graphs if desired and allows for configuration of relays, hidden services, exit policies, etc." +} -- cgit v1.2.3 From 50fa6fc4876c23c3bb85860be61636832604bc78 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Louis-Philippe=20V=C3=A9ronneau?= Date: Fri, 12 Jan 2018 15:30:10 -0500 Subject: fix metadata.json to fix CI --- metadata.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/metadata.json b/metadata.json index 7fd5fed..b882949 100644 --- a/metadata.json +++ b/metadata.json @@ -1,5 +1,5 @@ { - "name": "tor", + "name": "smash-tor", "version": "1.0.0", "author": "SMASH", "summary": "This project tracks the tor puppet module that manages the tor onion routing system.", -- cgit v1.2.3 From dfdfd35c4045f4f1c31e3f8e7ab40b4b57db8746 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Louis-Philippe=20V=C3=A9ronneau?= Date: Fri, 12 Jan 2018 15:41:53 -0500 Subject: use old SPDX license notation to fix CI --- metadata.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/metadata.json b/metadata.json index b882949..72e3701 100644 --- a/metadata.json +++ b/metadata.json @@ -3,7 +3,7 @@ "version": "1.0.0", "author": "SMASH", "summary": "This project tracks the tor puppet module that manages the tor onion routing system.", - "license": "GPL-3.0-or-later", + "license": "GPL-3.0", "source": "https://gitlab.com/shared-puppet-modules-group/tor", "project_page": "https://gitlab.com/shared-puppet-modules-group/tor", "issues_url": "https://gitlab.com/shared-puppet-modules-group/tor/issues", -- cgit v1.2.3 From 90cb24c6e0916b27eae744e5f6ecaa84a180517c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Louis-Philippe=20V=C3=A9ronneau?= Date: Fri, 12 Jan 2018 21:55:05 -0500 Subject: remove symbolic link since the Puppet Forge won't accept them --- spec/acceptance/nodesets/debian-8-x86_64-docker.yml | 19 ------------------- spec/acceptance/nodesets/default.yml | 20 +++++++++++++++++++- 2 files changed, 19 insertions(+), 20 deletions(-) delete mode 100644 spec/acceptance/nodesets/debian-8-x86_64-docker.yml mode change 120000 => 100644 spec/acceptance/nodesets/default.yml diff --git a/spec/acceptance/nodesets/debian-8-x86_64-docker.yml b/spec/acceptance/nodesets/debian-8-x86_64-docker.yml deleted file mode 100644 index f09ad62..0000000 --- a/spec/acceptance/nodesets/debian-8-x86_64-docker.yml +++ /dev/null @@ -1,19 +0,0 @@ -HOSTS: - debian-8-x64: - platform: debian-8-amd64 - image: debian:8 - hypervisor: docker - docker_preserve_image: true - docker_cmd: '["/sbin/init"]' - docker_image_commands: - - 'apt-get install -y wget locales-all puppet git' - - 'rm -f /usr/sbin/policy-rc.d' - -CONFIG: - type: foss - #log_level: verbose - #log_level: debug - -ssh: - password: root - auth_methods: ["password"] diff --git a/spec/acceptance/nodesets/default.yml b/spec/acceptance/nodesets/default.yml deleted file mode 120000 index b125a96..0000000 --- a/spec/acceptance/nodesets/default.yml +++ /dev/null @@ -1 +0,0 @@ -debian-8-x86_64-docker.yml \ No newline at end of file diff --git a/spec/acceptance/nodesets/default.yml b/spec/acceptance/nodesets/default.yml new file mode 100644 index 0000000..f09ad62 --- /dev/null +++ b/spec/acceptance/nodesets/default.yml @@ -0,0 +1,19 @@ +HOSTS: + debian-8-x64: + platform: debian-8-amd64 + image: debian:8 + hypervisor: docker + docker_preserve_image: true + docker_cmd: '["/sbin/init"]' + docker_image_commands: + - 'apt-get install -y wget locales-all puppet git' + - 'rm -f /usr/sbin/policy-rc.d' + +CONFIG: + type: foss + #log_level: verbose + #log_level: debug + +ssh: + password: root + auth_methods: ["password"] -- cgit v1.2.3