diff options
Diffstat (limited to 'code/environments/production/modules/unattended_upgrades/spec')
29 files changed, 1320 insertions, 0 deletions
diff --git a/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/archlinux-2-x64.yml b/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/archlinux-2-x64.yml new file mode 100644 index 0000000..89b6300 --- /dev/null +++ b/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/archlinux-2-x64.yml @@ -0,0 +1,13 @@ +--- +# This file is managed via modulesync +# https://github.com/voxpupuli/modulesync +# https://github.com/voxpupuli/modulesync_config +HOSTS: + archlinux-2-x64: + roles: + - master + platform: archlinux-2-x64 + box: archlinux/archlinux + hypervisor: vagrant +CONFIG: + type: foss diff --git a/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/centos-511-x64.yml b/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/centos-511-x64.yml new file mode 100644 index 0000000..089d646 --- /dev/null +++ b/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/centos-511-x64.yml @@ -0,0 +1,15 @@ +--- +# This file is managed via modulesync +# https://github.com/voxpupuli/modulesync +# https://github.com/voxpupuli/modulesync_config +HOSTS: + centos-511-x64: + roles: + - master + platform: el-5-x86_64 + box: puppetlabs/centos-5.11-64-nocm + hypervisor: vagrant +CONFIG: + type: foss +... +# vim: syntax=yaml diff --git a/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/centos-6-x64.yml b/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/centos-6-x64.yml new file mode 100644 index 0000000..16abc8f --- /dev/null +++ b/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/centos-6-x64.yml @@ -0,0 +1,15 @@ +--- +# This file is managed via modulesync +# https://github.com/voxpupuli/modulesync +# https://github.com/voxpupuli/modulesync_config +HOSTS: + centos-6-x64: + roles: + - master + platform: el-6-x86_64 + box: centos/6 + hypervisor: vagrant +CONFIG: + type: aio +... +# vim: syntax=yaml diff --git a/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/centos-66-x64-pe.yml b/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/centos-66-x64-pe.yml new file mode 100644 index 0000000..1e7aea6 --- /dev/null +++ b/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/centos-66-x64-pe.yml @@ -0,0 +1,17 @@ +--- +# This file is managed via modulesync +# https://github.com/voxpupuli/modulesync +# https://github.com/voxpupuli/modulesync_config +HOSTS: + centos-66-x64: + roles: + - master + - database + - dashboard + platform: el-6-x86_64 + box: puppetlabs/centos-6.6-64-puppet-enterprise + hypervisor: vagrant +CONFIG: + type: pe +... +# vim: syntax=yaml diff --git a/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/centos-66-x64.yml b/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/centos-66-x64.yml new file mode 100644 index 0000000..42455e7 --- /dev/null +++ b/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/centos-66-x64.yml @@ -0,0 +1,15 @@ +--- +# This file is managed via modulesync +# https://github.com/voxpupuli/modulesync +# https://github.com/voxpupuli/modulesync_config +HOSTS: + centos-66-x64: + roles: + - master + platform: el-6-x86_64 + box: puppetlabs/centos-6.6-64-nocm + hypervisor: vagrant +CONFIG: + type: foss +... +# vim: syntax=yaml diff --git a/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/centos-7-x64.yml b/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/centos-7-x64.yml new file mode 100644 index 0000000..e05a3ae --- /dev/null +++ b/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/centos-7-x64.yml @@ -0,0 +1,15 @@ +--- +# This file is managed via modulesync +# https://github.com/voxpupuli/modulesync +# https://github.com/voxpupuli/modulesync_config +HOSTS: + centos-7-x64: + roles: + - master + platform: el-7-x86_64 + box: centos/7 + hypervisor: vagrant +CONFIG: + type: aio +... +# vim: syntax=yaml diff --git a/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/centos-72-x64.yml b/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/centos-72-x64.yml new file mode 100644 index 0000000..85af89d --- /dev/null +++ b/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/centos-72-x64.yml @@ -0,0 +1,15 @@ +--- +# This file is managed via modulesync +# https://github.com/voxpupuli/modulesync +# https://github.com/voxpupuli/modulesync_config +HOSTS: + centos-72-x64: + roles: + - master + platform: el-7-x86_64 + box: puppetlabs/centos-7.2-64-nocm + hypervisor: vagrant +CONFIG: + type: foss +... +# vim: syntax=yaml diff --git a/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/debian-78-x64.yml b/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/debian-78-x64.yml new file mode 100644 index 0000000..6ef6de8 --- /dev/null +++ b/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/debian-78-x64.yml @@ -0,0 +1,15 @@ +--- +# This file is managed via modulesync +# https://github.com/voxpupuli/modulesync +# https://github.com/voxpupuli/modulesync_config +HOSTS: + debian-78-x64: + roles: + - master + platform: debian-7-amd64 + box: puppetlabs/debian-7.8-64-nocm + hypervisor: vagrant +CONFIG: + type: foss +... +# vim: syntax=yaml diff --git a/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/debian-82-x64.yml b/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/debian-82-x64.yml new file mode 100644 index 0000000..9897a8f --- /dev/null +++ b/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/debian-82-x64.yml @@ -0,0 +1,15 @@ +--- +# This file is managed via modulesync +# https://github.com/voxpupuli/modulesync +# https://github.com/voxpupuli/modulesync_config +HOSTS: + debian-82-x64: + roles: + - master + platform: debian-8-amd64 + box: puppetlabs/debian-8.2-64-nocm + hypervisor: vagrant +CONFIG: + type: foss +... +# vim: syntax=yaml diff --git a/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/ec2/amazonlinux-2016091.yml b/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/ec2/amazonlinux-2016091.yml new file mode 100644 index 0000000..19dd43e --- /dev/null +++ b/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/ec2/amazonlinux-2016091.yml @@ -0,0 +1,31 @@ +--- +# This file is managed via modulesync +# https://github.com/voxpupuli/modulesync +# https://github.com/voxpupuli/modulesync_config +# +# Additional ~/.fog config file with AWS EC2 credentials +# required. +# +# see: https://github.com/puppetlabs/beaker/blob/master/docs/how_to/hypervisors/ec2.md +# +# Amazon Linux is not a RHEL clone. +# +HOSTS: + amazonlinux-2016091-x64: + roles: + - master + platform: centos-6-x86_64 + hypervisor: ec2 + # refers to image_tempaltes.yaml AMI[vmname] entry: + vmname: amazonlinux-2016091-eu-central-1 + # refers to image_tempaltes.yaml entry inside AMI[vmname][:image]: + snapshot: aio + # t2.micro is free tier eligible (https://aws.amazon.com/en/free/): + amisize: t2.micro + # required so that beaker sanitizes sshd_config and root authorized_keys: + user: ec2-user +CONFIG: + type: aio + :ec2_yaml: spec/acceptance/nodesets/ec2/image_templates.yaml +... +# vim: syntax=yaml diff --git a/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/ec2/image_templates.yaml b/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/ec2/image_templates.yaml new file mode 100644 index 0000000..e50593e --- /dev/null +++ b/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/ec2/image_templates.yaml @@ -0,0 +1,34 @@ +# This file is managed via modulesync +# https://github.com/voxpupuli/modulesync +# https://github.com/voxpupuli/modulesync_config +# +# see also: https://github.com/puppetlabs/beaker/blob/master/docs/how_to/hypervisors/ec2.md +# +# Hint: image IDs (ami-*) for the same image are different per location. +# +AMI: + # Amazon Linux AMI 2016.09.1 (HVM), SSD Volume Type + amazonlinux-2016091-eu-central-1: + :image: + :aio: ami-af0fc0c0 + :region: eu-central-1 + # Red Hat Enterprise Linux 7.3 (HVM), SSD Volume Type + rhel-73-eu-central-1: + :image: + :aio: ami-e4c63e8b + :region: eu-central-1 + # SUSE Linux Enterprise Server 12 SP2 (HVM), SSD Volume Type + sles-12sp2-eu-central-1: + :image: + :aio: ami-c425e4ab + :region: eu-central-1 + # Ubuntu Server 16.04 LTS (HVM), SSD Volume Type + ubuntu-1604-eu-central-1: + :image: + :aio: ami-fe408091 + :region: eu-central-1 + # Microsoft Windows Server 2016 Base + windows-2016-base-eu-central-1: + :image: + :aio: ami-88ec20e7 + :region: eu-central-1 diff --git a/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/ec2/rhel-73-x64.yml b/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/ec2/rhel-73-x64.yml new file mode 100644 index 0000000..7fac823 --- /dev/null +++ b/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/ec2/rhel-73-x64.yml @@ -0,0 +1,29 @@ +--- +# This file is managed via modulesync +# https://github.com/voxpupuli/modulesync +# https://github.com/voxpupuli/modulesync_config +# +# Additional ~/.fog config file with AWS EC2 credentials +# required. +# +# see: https://github.com/puppetlabs/beaker/blob/master/docs/how_to/hypervisors/ec2.md +# +HOSTS: + rhel-73-x64: + roles: + - master + platform: el-7-x86_64 + hypervisor: ec2 + # refers to image_tempaltes.yaml AMI[vmname] entry: + vmname: rhel-73-eu-central-1 + # refers to image_tempaltes.yaml entry inside AMI[vmname][:image]: + snapshot: aio + # t2.micro is free tier eligible (https://aws.amazon.com/en/free/): + amisize: t2.micro + # required so that beaker sanitizes sshd_config and root authorized_keys: + user: ec2-user +CONFIG: + type: aio + :ec2_yaml: spec/acceptance/nodesets/ec2/image_templates.yaml +... +# vim: syntax=yaml diff --git a/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/ec2/sles-12sp2-x64.yml b/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/ec2/sles-12sp2-x64.yml new file mode 100644 index 0000000..8542154 --- /dev/null +++ b/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/ec2/sles-12sp2-x64.yml @@ -0,0 +1,29 @@ +--- +# This file is managed via modulesync +# https://github.com/voxpupuli/modulesync +# https://github.com/voxpupuli/modulesync_config +# +# Additional ~/.fog config file with AWS EC2 credentials +# required. +# +# see: https://github.com/puppetlabs/beaker/blob/master/docs/how_to/hypervisors/ec2.md +# +HOSTS: + sles-12sp2-x64: + roles: + - master + platform: sles-12-x86_64 + hypervisor: ec2 + # refers to image_tempaltes.yaml AMI[vmname] entry: + vmname: sles-12sp2-eu-central-1 + # refers to image_tempaltes.yaml entry inside AMI[vmname][:image]: + snapshot: aio + # t2.micro is free tier eligible (https://aws.amazon.com/en/free/): + amisize: t2.micro + # required so that beaker sanitizes sshd_config and root authorized_keys: + user: ec2-user +CONFIG: + type: aio + :ec2_yaml: spec/acceptance/nodesets/ec2/image_templates.yaml +... +# vim: syntax=yaml diff --git a/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/ec2/ubuntu-1604-x64.yml b/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/ec2/ubuntu-1604-x64.yml new file mode 100644 index 0000000..9cf59d5 --- /dev/null +++ b/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/ec2/ubuntu-1604-x64.yml @@ -0,0 +1,29 @@ +--- +# This file is managed via modulesync +# https://github.com/voxpupuli/modulesync +# https://github.com/voxpupuli/modulesync_config +# +# Additional ~/.fog config file with AWS EC2 credentials +# required. +# +# see: https://github.com/puppetlabs/beaker/blob/master/docs/how_to/hypervisors/ec2.md +# +HOSTS: + ubuntu-1604-x64: + roles: + - master + platform: ubuntu-16.04-amd64 + hypervisor: ec2 + # refers to image_tempaltes.yaml AMI[vmname] entry: + vmname: ubuntu-1604-eu-central-1 + # refers to image_tempaltes.yaml entry inside AMI[vmname][:image]: + snapshot: aio + # t2.micro is free tier eligible (https://aws.amazon.com/en/free/): + amisize: t2.micro + # required so that beaker sanitizes sshd_config and root authorized_keys: + user: ubuntu +CONFIG: + type: aio + :ec2_yaml: spec/acceptance/nodesets/ec2/image_templates.yaml +... +# vim: syntax=yaml diff --git a/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/ec2/windows-2016-base-x64.yml b/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/ec2/windows-2016-base-x64.yml new file mode 100644 index 0000000..0932e29 --- /dev/null +++ b/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/ec2/windows-2016-base-x64.yml @@ -0,0 +1,29 @@ +--- +# This file is managed via modulesync +# https://github.com/voxpupuli/modulesync +# https://github.com/voxpupuli/modulesync_config +# +# Additional ~/.fog config file with AWS EC2 credentials +# required. +# +# see: https://github.com/puppetlabs/beaker/blob/master/docs/how_to/hypervisors/ec2.md +# +HOSTS: + windows-2016-base-x64: + roles: + - master + platform: windows-2016-64 + hypervisor: ec2 + # refers to image_tempaltes.yaml AMI[vmname] entry: + vmname: windows-2016-base-eu-central-1 + # refers to image_tempaltes.yaml entry inside AMI[vmname][:image]: + snapshot: aio + # t2.micro is free tier eligible (https://aws.amazon.com/en/free/): + amisize: t2.micro + # required so that beaker sanitizes sshd_config and root authorized_keys: + user: ec2-user +CONFIG: + type: aio + :ec2_yaml: spec/acceptance/nodesets/ec2/image_templates.yaml +... +# vim: syntax=yaml diff --git a/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/fedora-24-x64.yml b/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/fedora-24-x64.yml new file mode 100644 index 0000000..820b62d --- /dev/null +++ b/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/fedora-24-x64.yml @@ -0,0 +1,15 @@ +--- +# This file is managed via modulesync +# https://github.com/voxpupuli/modulesync +# https://github.com/voxpupuli/modulesync_config +HOSTS: + fedora-24-x64: + roles: + - master + platform: fedora-24-x86_64 + box: fedora/24-cloud-base + hypervisor: vagrant +CONFIG: + type: aio +... +# vim: syntax=yaml diff --git a/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/fedora-25-x64.yml b/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/fedora-25-x64.yml new file mode 100644 index 0000000..54dd330 --- /dev/null +++ b/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/fedora-25-x64.yml @@ -0,0 +1,16 @@ +--- +# This file is managed via modulesync +# https://github.com/voxpupuli/modulesync +# https://github.com/voxpupuli/modulesync_config +# +HOSTS: + fedora-25-x64: + roles: + - master + platform: fedora-25-x86_64 + box: fedora/25-cloud-base + hypervisor: vagrant +CONFIG: + type: aio +... +# vim: syntax=yaml diff --git a/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/fedora-26-x64.yml b/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/fedora-26-x64.yml new file mode 100644 index 0000000..598822b --- /dev/null +++ b/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/fedora-26-x64.yml @@ -0,0 +1,16 @@ +--- +# This file is managed via modulesync +# https://github.com/voxpupuli/modulesync +# https://github.com/voxpupuli/modulesync_config +# +HOSTS: + fedora-26-x64: + roles: + - master + platform: fedora-26-x86_64 + box: fedora/26-cloud-base + hypervisor: vagrant +CONFIG: + type: aio +... +# vim: syntax=yaml diff --git a/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/fedora-27-x64.yml b/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/fedora-27-x64.yml new file mode 100644 index 0000000..c2b61eb --- /dev/null +++ b/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/fedora-27-x64.yml @@ -0,0 +1,18 @@ +--- +# This file is managed via modulesync +# https://github.com/voxpupuli/modulesync +# https://github.com/voxpupuli/modulesync_config +# +# platform is fedora 26 because there is no puppet-agent +# for fedora 27 as of 2017-11-17 +HOSTS: + fedora-27-x64: + roles: + - master + platform: fedora-26-x86_64 + box: fedora/27-cloud-base + hypervisor: vagrant +CONFIG: + type: aio +... +# vim: syntax=yaml diff --git a/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/ubuntu-server-1204-x64.yml b/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/ubuntu-server-1204-x64.yml new file mode 100644 index 0000000..29102c5 --- /dev/null +++ b/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/ubuntu-server-1204-x64.yml @@ -0,0 +1,15 @@ +--- +# This file is managed via modulesync +# https://github.com/voxpupuli/modulesync +# https://github.com/voxpupuli/modulesync_config +HOSTS: + ubuntu-server-1204-x64: + roles: + - master + platform: ubuntu-12.04-amd64 + box: puppetlabs/ubuntu-12.04-64-nocm + hypervisor: vagrant +CONFIG: + type: foss +... +# vim: syntax=yaml diff --git a/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/ubuntu-server-1404-x64.yml b/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/ubuntu-server-1404-x64.yml new file mode 100644 index 0000000..054e658 --- /dev/null +++ b/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/ubuntu-server-1404-x64.yml @@ -0,0 +1,15 @@ +--- +# This file is managed via modulesync +# https://github.com/voxpupuli/modulesync +# https://github.com/voxpupuli/modulesync_config +HOSTS: + ubuntu-server-1404-x64: + roles: + - master + platform: ubuntu-14.04-amd64 + box: puppetlabs/ubuntu-14.04-64-nocm + hypervisor: vagrant +CONFIG: + type: foss +... +# vim: syntax=yaml diff --git a/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/ubuntu-server-1604-x64.yml b/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/ubuntu-server-1604-x64.yml new file mode 100644 index 0000000..bc85e0e --- /dev/null +++ b/code/environments/production/modules/unattended_upgrades/spec/acceptance/nodesets/ubuntu-server-1604-x64.yml @@ -0,0 +1,15 @@ +--- +# This file is managed via modulesync +# https://github.com/voxpupuli/modulesync +# https://github.com/voxpupuli/modulesync_config +HOSTS: + ubuntu-server-1604-x64: + roles: + - master + platform: ubuntu-16.04-amd64 + box: puppetlabs/ubuntu-16.04-64-nocm + hypervisor: vagrant +CONFIG: + type: foss +... +# vim: syntax=yaml diff --git a/code/environments/production/modules/unattended_upgrades/spec/classes/coverage_spec.rb b/code/environments/production/modules/unattended_upgrades/spec/classes/coverage_spec.rb new file mode 100644 index 0000000..de44654 --- /dev/null +++ b/code/environments/production/modules/unattended_upgrades/spec/classes/coverage_spec.rb @@ -0,0 +1,4 @@ +require 'rspec-puppet' + +at_exit { RSpec::Puppet::Coverage.report! } +# vim: syntax=ruby diff --git a/code/environments/production/modules/unattended_upgrades/spec/classes/debian_spec.rb b/code/environments/production/modules/unattended_upgrades/spec/classes/debian_spec.rb new file mode 100644 index 0000000..c2d4ec2 --- /dev/null +++ b/code/environments/production/modules/unattended_upgrades/spec/classes/debian_spec.rb @@ -0,0 +1,146 @@ +require 'spec_helper' + +# rubocop:disable Style/RegexpLiteral +describe 'unattended_upgrades' do + let(:file_unattended) { '/etc/apt/apt.conf.d/50unattended-upgrades' } + let(:file_periodic) { '/etc/apt/apt.conf.d/10periodic' } + let(:file_options) { '/etc/apt/apt.conf.d/10options' } + + shared_examples 'Debian specs' do + let(:params) { {} } + + it { is_expected.to compile.with_all_deps } + + it do + is_expected.to create_file(file_periodic).with( + owner: 'root', + group: 'root', + mode: '0644' + ).with_content( + /APT::Periodic::Enable "1";/ + ).with_content( + /APT::Periodic::BackupArchiveInterval "0";/ + ).with_content( + /APT::Periodic::BackupLevel "3";/ + ).with_content( + /APT::Periodic::MaxAge "0";/ + ).with_content( + /APT::Periodic::MinAge "2";/ + ).with_content( + /APT::Periodic::MaxSize "0";/ + ).with_content( + /APT::Periodic::Update-Package-Lists "1";/ + ).with_content( + /APT::Periodic::Download-Upgradeable-Packages "0";/ + ).with_content( + /APT::Periodic::Download-Upgradeable-Packages-Debdelta "1";/ + ).with_content( + /APT::Periodic::Unattended-Upgrade "1";/ + ).with_content( + /APT::Periodic::AutocleanInterval "0";/ + ).with_content( + /APT::Periodic::Verbose "0";/ + ) + end + + it do + is_expected.to contain_apt__conf('auto-upgrades').with( + ensure: 'absent' + ) + end + it do + is_expected.to create_file(file_options).with( + owner: 'root', + group: 'root', + mode: '0644' + ).with_content( + /^Dpkg::Options\s{/ + ).with_content( + /^\s+\"--force-confdef\";/ + ).with_content( + /^\s+\"--force-confold\";/ + ).without_content( + /\"--force-confnew\";/ + ).without_content( + /\"--force-confmiss\";/ + ) + end + end + + on_supported_os.each do |os, facts| + context "on #{os}" do + let(:facts) do + facts.merge(fqdn: 'unattended-upgrades.example.com', + path: '/usr/lib64/qt-3.3/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/opt/puppetlabs/bin:/root/bin') + end + + if facts[:operatingsystem] == 'Debian' + it_behaves_like 'Debian specs' + + case facts[:lsbdistcodename] + when 'squeeze' + context 'with defaults on Debian 6 Squeeze' do + it do + is_expected.to create_file(file_unattended).with( + owner: 'root', + group: 'root', + mode: '0644' + ).with_content( + # This section varies for different releases + /\Unattended-Upgrade::Allowed-Origins\ {\n + \t"\${distro_id}\ \${distro_codename}-security";\n + \t"\${distro_id}\ \${distro_codename}-lts";\n + };/x + ) + end + end + when 'wheezy' + context 'with defaults on Debian 7 wheezy' do + it do + is_expected.to create_file(file_unattended).with( + owner: 'root', + group: 'root', + mode: '0644' + ).with_content( + # This section varies for different releases + /\Unattended-Upgrade::Origins-Pattern\ {\n + \t"origin=Debian,archive=oldoldstable,label=Debian-Security";\n + };/x + ) + end + end + when 'jessie' + context 'with defaults on Debian 8 Jessie' do + it do + is_expected.to create_file(file_unattended).with( + owner: 'root', + group: 'root', + mode: '0644' + ).with_content( + # This section varies for different releases + /\Unattended-Upgrade::Origins-Pattern\ {\n + \t"origin=Debian,archive=oldstable,label=Debian-Security";\n + };/x + ) + end + end + when 'stretch' + context 'with defaults on Debian 9 Stretch' do + it do + is_expected.to create_file(file_unattended).with( + owner: 'root', + group: 'root', + mode: '0644' + ).with_content( + # This section varies for different releases + /\Unattended-Upgrade::Origins-Pattern\ {\n + \t"origin=Debian,archive=stable,label=Debian-Security";\n + };/x + ) + end + end + end + end + end + end +end diff --git a/code/environments/production/modules/unattended_upgrades/spec/classes/other_debians_spec.rb b/code/environments/production/modules/unattended_upgrades/spec/classes/other_debians_spec.rb new file mode 100644 index 0000000..a4dcd2f --- /dev/null +++ b/code/environments/production/modules/unattended_upgrades/spec/classes/other_debians_spec.rb @@ -0,0 +1,128 @@ +require 'spec_helper' +describe 'unattended_upgrades' do + let(:file_unattended) { '/etc/apt/apt.conf.d/50unattended-upgrades' } + let(:file_periodic) { '/etc/apt/apt.conf.d/10periodic' } + let(:file_options) { '/etc/apt/apt.conf.d/10options' } + + context 'with defaults on Raspbian' do + let(:facts) do + { + os: { + name: 'Raspbian', + family: 'Debian', + release: { + full: '8.0' + } + }, + osfamily: 'Debian', + lsbdistid: 'Raspbian', + lsbdistcodename: 'jessie', + lsbrelease: '8.0' + } + end + + it do + is_expected.to create_file(file_unattended).with( + owner: 'root', + group: 'root', + mode: '0644' + ) + end + end + + context 'with defaults on Linux Mint 13 Maya' do + let(:facts) do + { + os: { + name: 'LinuxMint', + family: 'Debian', + release: { + full: '13' + } + }, + osfamily: 'Debian', + lsbdistid: 'LinuxMint', + lsbdistcodename: 'maya', + lsbdistrelease: '13', + lsbmajdistrelease: '13' + } + end + + it do + is_expected.to create_file(file_unattended).with( + 'owner' => 'root', + 'group' => 'root', + 'mode' => '0644' + ).with_content( + # This is the only section that's different for Ubuntu compared to Debian + %r{\Unattended-Upgrade::Allowed-Origins\ {\n + \t"Ubuntu\:precise-security";\n + };}x + ) + end + end + + context 'with defaults on Linux Mint 17.3 Rosa' do + let(:facts) do + { + os: { + name: 'LinuxMint', + family: 'Debian', + release: { + full: '17.3' + } + }, + osfamily: 'Debian', + lsbdistid: 'LinuxMint', + lsbdistcodename: 'rosa', + lsbdistrelease: '17.3', + lsbmajdistrelease: '17' + } + end + + it do + is_expected.to create_file(file_unattended).with( + 'owner' => 'root', + 'group' => 'root', + 'mode' => '0644' + ).with_content( + # This is the only section that's different for Ubuntu compared to Debian + %r{\Unattended-Upgrade::Allowed-Origins\ {\n + \t"Ubuntu\:trusty-security";\n + };}x + ) + end + end + + context 'with defaults on Linux Mint 18 Sarah' do + let(:facts) do + { + os: { + name: 'LinuxMint', + family: 'Debian', + release: { + full: '18' + } + }, + osfamily: 'Debian', + lsbdistid: 'LinuxMint', + lsbdistcodename: 'sarah', + lsbdistrelease: '18', + lsbmajdistrelease: '18' + } + end + + it do + is_expected.to create_file(file_unattended).with( + 'owner' => 'root', + 'group' => 'root', + 'mode' => '0644' + ).with_content( + # This is the only section that's different for Ubuntu compared to Debian + %r{\Unattended-Upgrade::Allowed-Origins\ {\n + \t"Ubuntu\:xenial-security";\n + };}x + ) + end + end +end diff --git a/code/environments/production/modules/unattended_upgrades/spec/classes/ubuntu_spec.rb b/code/environments/production/modules/unattended_upgrades/spec/classes/ubuntu_spec.rb new file mode 100644 index 0000000..6d756bb --- /dev/null +++ b/code/environments/production/modules/unattended_upgrades/spec/classes/ubuntu_spec.rb @@ -0,0 +1,131 @@ +require 'spec_helper' + +# rubocop:disable Style/RegexpLiteral +describe 'unattended_upgrades' do + let(:file_unattended) { '/etc/apt/apt.conf.d/50unattended-upgrades' } + let(:file_periodic) { '/etc/apt/apt.conf.d/10periodic' } + let(:file_options) { '/etc/apt/apt.conf.d/10options' } + + shared_examples 'Ubuntu specs' do + let(:params) { {} } + + it { is_expected.to compile.with_all_deps } + + it do + is_expected.to create_file(file_periodic).with( + owner: 'root', + group: 'root', + mode: '0644' + ).with_content( + /APT::Periodic::Enable "1";/ + ).with_content( + /APT::Periodic::BackupArchiveInterval "0";/ + ).with_content( + /APT::Periodic::BackupLevel "3";/ + ).with_content( + /APT::Periodic::MaxAge "0";/ + ).with_content( + /APT::Periodic::MinAge "2";/ + ).with_content( + /APT::Periodic::MaxSize "0";/ + ).with_content( + /APT::Periodic::Update-Package-Lists "1";/ + ).with_content( + /APT::Periodic::Download-Upgradeable-Packages "0";/ + ).with_content( + /APT::Periodic::Download-Upgradeable-Packages-Debdelta "1";/ + ).with_content( + /APT::Periodic::Unattended-Upgrade "1";/ + ).with_content( + /APT::Periodic::AutocleanInterval "0";/ + ).with_content( + /APT::Periodic::Verbose "0";/ + ) + end + + it do + is_expected.to contain_apt__conf('auto-upgrades').with( + ensure: 'absent' + ) + end + it do + is_expected.to create_file(file_options).with( + owner: 'root', + group: 'root', + mode: '0644' + ).with_content( + /^Dpkg::Options\s{/ + ).with_content( + /^\s+\"--force-confdef\";/ + ).with_content( + /^\s+\"--force-confold\";/ + ).without_content( + /\"--force-confnew\";/ + ).without_content( + /\"--force-confmiss\";/ + ) + end + end + + on_supported_os.each do |os, facts| + context "on #{os}" do + let(:facts) do + facts.merge(fqdn: 'unattended-upgrades.example.com', + path: '/usr/lib64/qt-3.3/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/opt/puppetlabs/bin:/root/bin') + end + + case facts[:operatingsystem] + when 'Ubuntu' + it_behaves_like 'Ubuntu specs' + case facts[:lsbdistcodename] + when 'precise' + context 'with defaults on Ubuntu 12.04 Precise' do + it do + is_expected.to create_file(file_unattended).with( + owner: 'root', + group: 'root', + mode: '0644' + ).with_content( + # This is the only section that's different for Ubuntu compared to Debian + /\Unattended-Upgrade::Allowed-Origins\ {\n + \t"\${distro_id}\:\${distro_codename}-security";\n + };/x + ) + end + end + when 'trusty' + context 'with defaults on Ubuntu 14.04 Trusty' do + it do + is_expected.to create_file(file_unattended).with( + owner: 'root', + group: 'root', + mode: '0644' + ).with_content( + # This is the only section that's different for Ubuntu compared to Debian + /\Unattended-Upgrade::Allowed-Origins\ {\n + \t"\${distro_id}\:\${distro_codename}-security";\n + };/x + ) + end + end + when 'xenial' + context 'with defaults on Ubuntu 16.04 Xenial' do + it do + is_expected.to create_file(file_unattended).with( + owner: 'root', + group: 'root', + mode: '0644' + ).with_content( + # This is the only section that's different for Ubuntu compared to Debian + /\Unattended-Upgrade::Allowed-Origins\ {\n + \t"\${distro_id}\:\${distro_codename}";\n + \t"\${distro_id}\:\${distro_codename}-security";\n + };/x + ) + end + end + end + end + end + end +end diff --git a/code/environments/production/modules/unattended_upgrades/spec/classes/unattended_upgrades_spec.rb b/code/environments/production/modules/unattended_upgrades/spec/classes/unattended_upgrades_spec.rb new file mode 100644 index 0000000..e79a680 --- /dev/null +++ b/code/environments/production/modules/unattended_upgrades/spec/classes/unattended_upgrades_spec.rb @@ -0,0 +1,436 @@ +require 'spec_helper' + +# rubocop:disable Style/RegexpLiteral +describe 'unattended_upgrades' do + let(:file_unattended) { '/etc/apt/apt.conf.d/50unattended-upgrades' } + let(:file_periodic) { '/etc/apt/apt.conf.d/10periodic' } + let(:file_options) { '/etc/apt/apt.conf.d/10options' } + + shared_examples 'basic specs' do + let(:params) { {} } + + context 'baseline specs' do + it { is_expected.to compile.with_all_deps } + + it do + is_expected.to contain_package('unattended-upgrades') + is_expected.to compile.with_all_deps + is_expected.to contain_class('unattended_upgrades::params') + is_expected.to contain_class('unattended_upgrades') + is_expected.to contain_class('apt') + end + + it do + is_expected.to contain_apt__conf('unattended-upgrades').with( + require: 'Package[unattended-upgrades]', + notify_update: false + ) + end + + it do + is_expected.to contain_apt__conf('periodic').with( + require: 'Package[unattended-upgrades]', + notify_update: false + ) + end + + it do + is_expected.to contain_apt__conf('options').with( + require: 'Package[unattended-upgrades]', + notify_update: false + ) + end + + it { is_expected.to create_file(file_unattended).without_content(/Unattended-Upgrade::Sender/) } + end + + context 'set all the things' do + let :params do + { + age: { 'min' => 1, 'max' => 20 }, + size: 1000, + update: 5, + upgradeable_packages: { + 'download_only' => 5, + 'debdelta' => 5 + }, + upgrade: 5, + auto: { + 'clean' => 5, + 'fix_interrupted_dpkg' => false, + 'remove' => false, + 'reboot' => true, + 'reboot_time' => '03:00' + }, + verbose: 1, + legacy_origin: true, + origins: %w[bananas], + blacklist: %w[foo bar], + minimal_steps: false, + install_on_shutdown: true, + mail: { + 'to' => 'root@localhost', + 'only_on_error' => true + }, + sender: 'root@server.example.com', + dl_limit: 70, + random_sleep: 300, + notify_update: true, + options: { + 'force_confdef' => false, + 'force_confold' => false, + 'force_confnew' => true, + 'force_confmiss' => true + } + } + end + + it { is_expected.to contain_package('unattended-upgrades') } + + it do + is_expected.to contain_apt__conf('unattended-upgrades').with( + require: 'Package[unattended-upgrades]', + notify_update: true + ) + end + + it do + is_expected.to contain_apt__conf('periodic').with( + require: 'Package[unattended-upgrades]', + notify_update: true + ) + end + + it do + is_expected.to contain_apt__conf('options').with( + require: 'Package[unattended-upgrades]', + notify_update: true + ) + end + + it do + is_expected.to create_file(file_unattended).with( + owner: 'root', + group: 'root', + mode: '0644' + ).with_content( + /Unattended-Upgrade::Allowed-Origins {\n\t"bananas";\n};/ + ).with_content( + /Unattended-Upgrade::Package-Blacklist {\n\t"foo";\n\t"bar";\n};/ + ).with_content( + /Unattended-Upgrade::AutoFixInterruptedDpkg "false";/ + ).with_content( + /Unattended-Upgrade::MinimalSteps "false";/ + ).with_content( + /Unattended-Upgrade::InstallOnShutdown "true";/ + ).with_content( + /Unattended-Upgrade::Remove-Unused-Dependencies "false";/ + ).with_content( + /Unattended-Upgrade::Automatic-Reboot "true";/ + ).with_content( + /Unattended-Upgrade::Automatic-Reboot-Time "03:00";/ + ).with_content( + /Unattended-Upgrade::Mail "root@localhost";/ + ).with_content( + /Unattended-Upgrade::Sender "root@server.example.com";/ + ).with_content( + /Unattended-Upgrade::MailOnlyOnError "true";/ + ).with_content( + /Acquire::http::Dl-Limit "70";/ + ) + end + + it do + is_expected.to create_file(file_periodic).with( + owner: 'root', + group: 'root', + mode: '0644' + ).with_content( + /APT::Periodic::Enable "1";/ + ).with_content( + /APT::Periodic::BackupArchiveInterval "0";/ + ).with_content( + /APT::Periodic::BackupLevel "3";/ + ).with_content( + /APT::Periodic::MaxAge "20";/ + ).with_content( + /APT::Periodic::MinAge "1";/ + ).with_content( + /APT::Periodic::MaxSize "1000";/ + ).with_content( + /APT::Periodic::Update-Package-Lists "5";/ + ).with_content( + /APT::Periodic::Download-Upgradeable-Packages "5";/ + ).with_content( + /APT::Periodic::Download-Upgradeable-Packages-Debdelta "5";/ + ).with_content( + /APT::Periodic::Unattended-Upgrade "5";/ + ).with_content( + /APT::Periodic::AutocleanInterval "5";/ + ).with_content( + /APT::Periodic::Verbose "1";/ + ).with_content( + /APT::Periodic::RandomSleep "300";/ + ) + end + + it do + is_expected.to create_file(file_options).with( + owner: 'root', + group: 'root', + mode: '0644' + ).with_content( + /^Dpkg::Options\s{/ + ).without_content( + /"--force-confdef";/ + ).without_content( + /"--force-confold";/ + ).with_content( + /^\s+"--force-confnew";/ + ).with_content( + /^\s+"--force-confmiss";/ + ) + end + it do + is_expected.to contain_apt__conf('auto-upgrades').with( + ensure: 'absent' + ) + end + end + + describe 'validation tests' do + context 'bad install_on_shutdown' do + let :params do + { + install_on_shutdown: 'foo' + } + end + + it do + expect do + subject.call + end.to raise_error(Puppet::Error, /got String/) + end + end + context 'bad legacy_origin' do + let :params do + { + legacy_origin: 'foo' + } + end + + it do + expect do + subject.call + end.to raise_error(Puppet::Error, /got String/) + end + end + context 'bad minimal_steps' do + let :params do + { + minimal_steps: 'foo' + } + end + + it do + expect do + subject.call + end.to raise_error(Puppet::Error, /got String/) + end + end + context 'bad blacklist' do + let :params do + { + blacklist: 'foo' + } + end + + it do + expect do + subject.call + end.to raise_error(Puppet::Error, /got String/) + end + end + context 'bad origins' do + let :params do + { + origins: 'foo' + } + end + + it do + expect do + subject.call + end.to raise_error(Puppet::Error, /got String/) + end + end + context 'bad auto' do + let :params do + { + auto: 'foo' + } + end + + it do + expect do + subject.call + end.to raise_error(Puppet::Error, /got String/) + end + end + context 'bad mail' do + let :params do + { + mail: 'foo' + } + end + + it do + expect do + subject.call + end.to raise_error(Puppet::Error, /got String/) + end + end + context 'bad backup' do + let :params do + { + backup: 'foo' + } + end + + it do + expect do + subject.call + end.to raise_error(Puppet::Error, /got String/) + end + end + context 'bad age' do + let :params do + { + age: 'foo' + } + end + + it do + expect do + subject.call + end.to raise_error(Puppet::Error, /got String/) + end + end + context 'bad size' do + let :params do + { + size: 'foo' + } + end + + it do + expect do + subject.call + end.to raise_error(Puppet::Error, /got String/) + end + end + context 'bad upgradeable_packages' do + let :params do + { + upgradeable_packages: 'foo' + } + end + + it do + expect do + subject.call + end.to raise_error(Puppet::Error, /got String/) + end + end + context 'bad mail[\'only_on_error\']' do + let :params do + { + mail: { 'only_on_error' => 'foo' } + } + end + + it do + expect do + subject.call + end.to raise_error(Puppet::Error, /got String/) + end + end + context 'bad options[\'force_confdef\']' do + let :params do + { + options: { 'force_confdef' => 'foo' } + } + end + + it do + expect do + subject.call + end.to raise_error(Puppet::Error, /got String/) + end + end + context 'bad options[\'force_confold\']' do + let :params do + { + options: { 'force_confold' => 'foo' } + } + end + + it do + expect do + subject.call + end.to raise_error(Puppet::Error, /got String/) + end + end + context 'bad options[\'force_confnew\']' do + let :params do + { + options: { 'force_confnew' => 'foo' } + } + end + + it do + expect do + subject.call + end.to raise_error(Puppet::Error, /got String/) + end + end + context 'bad options[\'force_confmiss\']' do + let :params do + { + options: { 'force_confmiss' => 'foo' } + } + end + + it do + expect do + subject.call + end.to raise_error(Puppet::Error, /got String/) + end + end + context 'bad options[\'invalid_key\']' do + let :params do + { + options: { 'invalid_key' => true } + } + end + + it do + expect do + subject.call + end.to raise_error(Puppet::Error, /unrecognized key 'invalid_key'/) + end + end + end + end + + on_supported_os.each do |os, facts| + context "on #{os}" do + let(:facts) do + facts.merge(fqdn: 'unattended-upgrades.example.com', + path: '/usr/lib64/qt-3.3/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/opt/puppetlabs/bin:/root/bin') + end + + it_behaves_like 'basic specs' + end + end +end diff --git a/code/environments/production/modules/unattended_upgrades/spec/default_facts.yml b/code/environments/production/modules/unattended_upgrades/spec/default_facts.yml new file mode 100644 index 0000000..13c4165 --- /dev/null +++ b/code/environments/production/modules/unattended_upgrades/spec/default_facts.yml @@ -0,0 +1,14 @@ +# This file is managed via modulesync +# https://github.com/voxpupuli/modulesync +# https://github.com/voxpupuli/modulesync_config +# +# use default_module_facts.yaml for module specific +# facts. +# +# Hint if using with rspec-puppet-facts ("on_supported_os.each"): +# if a same named fact exists in facterdb it will be overridden. +--- +concat_basedir: "/tmp" +ipaddress: "172.16.254.254" +is_pe: false +macaddress: "AA:AA:AA:AA:AA:AA" diff --git a/code/environments/production/modules/unattended_upgrades/spec/spec_helper.rb b/code/environments/production/modules/unattended_upgrades/spec/spec_helper.rb new file mode 100644 index 0000000..ea74a52 --- /dev/null +++ b/code/environments/production/modules/unattended_upgrades/spec/spec_helper.rb @@ -0,0 +1,35 @@ +require 'puppetlabs_spec_helper/module_spec_helper' +require 'rspec-puppet-facts' +include RspecPuppetFacts + +# This file is managed via modulesync +# https://github.com/voxpupuli/modulesync +# https://github.com/voxpupuli/modulesync_config + +if Dir.exist?(File.expand_path('../../lib', __FILE__)) + require 'coveralls' + require 'simplecov' + require 'simplecov-console' + SimpleCov.formatters = [ + SimpleCov::Formatter::HTMLFormatter, + SimpleCov::Formatter::Console + ] + SimpleCov.start do + track_files 'lib/**/*.rb' + add_filter '/spec' + add_filter '/vendor' + add_filter '/.vendor' + end +end + +RSpec.configure do |c| + default_facts = { + puppetversion: Puppet.version, + facterversion: Facter.version + } + default_facts.merge!(YAML.load(File.read(File.expand_path('../default_facts.yml', __FILE__)))) if File.exist?(File.expand_path('../default_facts.yml', __FILE__)) + default_facts.merge!(YAML.load(File.read(File.expand_path('../default_module_facts.yml', __FILE__)))) if File.exist?(File.expand_path('../default_module_facts.yml', __FILE__)) + c.default_facts = default_facts +end + +# vim: syntax=ruby |