Puppet
From GarrettHoneycutt
(Difference between revisions)
| Line 95: | Line 95: | ||
79 auth any | 79 auth any | ||
</source> | </source> | ||
| + | |||
| + | = Spec tests = | ||
| + | Spec tests are unit tests that allow you to test what should be present in the catalog. | ||
| + | |||
| + | Tim's tutorial - http://rspec-puppet.com/ | ||
| + | |||
| + | == Setup == | ||
| + | Install Puppet | ||
| + | |||
| + | Install some other tools | ||
| + | <pre> | ||
| + | sudo gem install -V puppet-lint puppetlabs_spec_helper rake rspec-puppet bundler librarian-puppet-simple --no-ri --no-rdoc | ||
| + | </pre> | ||
| + | |||
| + | == Testing == | ||
| + | You must be in the directory of the module you are testing. | ||
| + | |||
| + | === rake spec === | ||
| + | <pre>SPEC_OPTS="--format documentation" bundle exec rake spec</pre> | ||
| + | |||
| + | This actually runs the equivalent of <pre>rake spec_prep; rake spec_standalone; rake spec_clean</pre> | ||
| + | |||
| + | You can see these commands by typing <pre>rake -T</pre> | ||
| + | |||
| + | If your tests need to download dependencies, you might want to use <pre>rake spec_prep</pre> once and then type <pre>SPEC_OPTS="--format documentation" bundle exec rake spec_standalone</pre> so you do not incur the cost of re-downloading stuff every time you want to run a test. | ||
| + | |||
| + | == Dependencies / Fixtures == | ||
| + | These should all be noted in your <tt>Modulefile</tt> and must be listed in <tt>.fixtures.yml</tt>. [https://github.com/ghoneycutt/puppet-module-dnsclient/blob/master/.fixtures.yml example] | ||
| + | |||
| + | == Examples == | ||
| + | [https://github.com/ghoneycutt/puppet-module-common/tree/master/spec puppet-module-common] has many different types of spec tests. | ||
Revision as of 15:52, 7 November 2013
Contents |
Cheat Sheet
http://docs.puppetlabs.com/puppet_core_types_cheatsheet.pdf
Removing certs during provisioning process
It is generally advantageous to remove a cert, if it exists, with the name of a system that you are provisioning. If not, then when you reinstall a system with the same name you would have to remove the old cert manually. This involves configuring auth.conf to allow for a HTTP request and the query itself.
query to remove cert
PUPPETCA=puppetca.example.com curl -k -X DELETE -H "Accept :pson" https://${PUPPETCA}:8140/production/certificate_status/`hostname -f`
auth.conf
The important part are lines 51 - 57
1 # THIS FILE IS MANAGED BY PUPPET 2 # ANY CHANGES WILL BE OVERWRITTEN 3 # 4 # 5 # The ACL are checked in order of appearance in this file. 6 # # 7 # # For details on auth.conf syntax see: 8 # # http://docs.puppetlabs.com/guides/rest_auth_conf.html 9 # # 10 # ### Authenticated ACL - those applies only when the client 11 # ### has a valid certificate and is thus authenticated 12 path ~ ^/catalog/([^/]+)$ 13 method find 14 auth yes 15 allow $1 16 17 path ~ ^/node/([^/]+)$ 18 method find 19 auth yes 20 allow $1 21 22 path /certificate_revocation_list/ca 23 method find 24 auth yes 25 allow * 26 27 path /report 28 method save 29 auth yes 30 allow * 31 32 path /file 33 auth yes 34 allow * 35 36 path /certificate/ca 37 method find 38 auth any 39 allow * 40 41 path /certificate/ 42 method find 43 auth any 44 allow * 45 46 path /certificate_request 47 method find, save 48 auth any 49 allow * 50 51 # Allows nodes to clean up certificates of any node. This is being triggered 52 # at provisioning time in kickstart to remove the old certificate, since a new 53 # one is generated when the system is provisioned. 54 path /certificate_status/ 55 auth any 56 method find, save, destroy 57 allow *.example.com,pe-internal-dashboard 58 59 path /facts 60 method find, search 61 auth any 62 allow * 63 64 # allow all puppet systems to save facts 65 path /facts 66 method save 67 auth yes 68 allow puppetmaster.example.com,puppet1.example.com,puppet2.example.com,puppet3.example.com,puppetdb.example.com 69 70 # allow anyone to see if a puppet master is alive. 71 # used for load balancer health checks 72 path /status/no_key 73 method find 74 auth any 75 allow * 76 77 78 path / 79 auth any
Spec tests
Spec tests are unit tests that allow you to test what should be present in the catalog.
Tim's tutorial - http://rspec-puppet.com/
Setup
Install Puppet
Install some other tools
sudo gem install -V puppet-lint puppetlabs_spec_helper rake rspec-puppet bundler librarian-puppet-simple --no-ri --no-rdoc
Testing
You must be in the directory of the module you are testing.
rake spec
SPEC_OPTS="--format documentation" bundle exec rake specThis actually runs the equivalent of
rake spec_prep; rake spec_standalone; rake spec_cleanYou can see these commands by typing
rake -TIf your tests need to download dependencies, you might want to use
rake spec_preponce and then type
SPEC_OPTS="--format documentation" bundle exec rake spec_standaloneso you do not incur the cost of re-downloading stuff every time you want to run a test.
Dependencies / Fixtures
These should all be noted in your Modulefile and must be listed in .fixtures.yml. example
Examples
puppet-module-common has many different types of spec tests.