(BKR-1600) Default puppet settings to main section

[joshcooper]

If puppet.conf contained a setting without a preceding section, as can happen
due to PUP-4755, then the 'lay_down_new_puppet_conf' method created a 'global'
section for that setting, however, that is not a valid puppet section name.

Specify the default section name as 'main' so it matches puppet's behavior.

[GabrielNagy]

This is still failing on 040_ValidateSignCert.rb for me (agent version: 1.10.15, server version: 2.8.1).

RuntimeError: PuppetAcceptance::DSL::Helpers.with_puppet_running_on failed (check backtrace for location) because: Host 'al8q80h7j3al08l.delivery.puppetlabs.net' exited with 1 running:
 puppet agent --test
Last 10 lines of output were:
	Warning: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [unable to get local issuer certificate for /CN=pe-compiler5-prod.ops.puppetlabs.net]
	Error: /File[/opt/puppetlabs/puppet/cache/facts.d]: Failed to generate additional resources using 'eval_generate': SSL_connect returned=1 errno=0 state=error: certificate verify failed: [unable to get local issuer certificate for /CN=pe-compiler-prod-6.ops.puppetlabs.net]
	Error: /File[/opt/puppetlabs/puppet/cache/facts.d]: Could not evaluate: Could not retrieve file metadata for puppet:///pluginfacts: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [unable to get local issuer certificate for /CN=pe-compiler5-prod.ops.puppetlabs.net]
	Info: Retrieving plugin
	Error: /File[/opt/puppetlabs/puppet/cache/lib]: Failed to generate additional resources using 'eval_generate': SSL_connect returned=1 errno=0 state=error: certificate verify failed: [unable to get local issuer certificate for /CN=pe-compiler5-prod.ops.puppetlabs.net]
	Error: /File[/opt/puppetlabs/puppet/cache/lib]: Could not evaluate: Could not retrieve file metadata for puppet:///plugins: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [unable to get local issuer certificate for /CN=pe-compiler5-prod.ops.puppetlabs.net]
	Error: Could not retrieve catalog from remote server: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [unable to get local issuer certificate for /CN=pe-compiler5-prod.ops.puppetlabs.net]
	Warning: Not using cache on failed catalog
	Error: Could not retrieve catalog; skipping run
	Error: Could not send report: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [unable to get local issuer certificate for /CN=pe-compiler5-prod.ops.puppetlabs.net]

I'll try to check this further.

[GabrielNagy]

Reverting the hostname setting part fixed this: e685f3a#diff-b33b2ccf419a7e2febd4be50ced7c892R22

Looks like when --section main is specified, the option is written at the beginning of the file, outside of any section (hence "global").
When any other section name is specified (i.e. --section user), the option is written correctly under [user].

@joshcooper, what do you think? Can we use [agent] instead of [main] to write this option? Documentation says [agent] is used by the puppet-agent command which fits this scenario.

[joshcooper]

I don't think we can use [agent] because other commands like puppet filebucket or file catalog find won't see the setting. I'll take a look at this further.

[joshcooper]

Looks like when --section main is specified, the option is written at the beginning of the file, outside of any section (hence "global").

This is expected in puppet 4.x, since we only fixed the issue in 5.x (to ensure a section is always added).

 uwhbosqjxymx2px.delivery.puppetlabs.net (uwhbosqjxymx2px.delivery.puppetlabs.net) 14:50:41$ cat /etc/puppetlabs/puppet/puppet.conf
      server = uwhbosqjxymx2px.delivery.puppetlabs.net
      # This file can be used to override the default puppet settings.
      # See the following links for more details on what settings are available:
      # - https://docs.puppetlabs.com/puppet/latest/reference/config_important_settings.html
      # - https://docs.puppetlabs.com/puppet/latest/reference/config_about_settings.html
      # - https://docs.puppetlabs.com/puppet/latest/reference/config_file_main.html
      # - https://docs.puppetlabs.com/puppet/latest/reference/configuration.html
      [master]
      vardir = /opt/puppetlabs/server/data/puppetserver
      logdir = /var/log/puppetlabs/puppetserver
      rundir = /var/run/puppetlabs/puppetserver
      pidfile = /var/run/puppetlabs/puppetserver/puppetserver.pid
      codedir = /etc/puppetlabs/code

When the with_puppet_running_on method is called, beaker-puppet (with this PR) should successfully read the existing file, and temporarily create a new file containing the existing settings plus the settings passed to with_puppet_running_on:

 uwhbosqjxymx2px.delivery.puppetlabs.net (uwhbosqjxymx2px.delivery.puppetlabs.net) 14:50:42$ cat /etc/puppetlabs/puppet/puppet.conf
      [main]
      server = uwhbosqjxymx2px.delivery.puppetlabs.net

      [master]
      vardir = /opt/puppetlabs/server/data/puppetserver
      logdir = /var/log/puppetlabs/puppetserver
      rundir = /var/run/puppetlabs/puppetserver
      pidfile = /var/run/puppetlabs/puppetserver/puppetserver.pid
      codedir = /etc/puppetlabs/code

      [main]
      dns_alt_names = puppet,uwhbosqjxymx2px,uwhbosqjxymx2px.delivery.puppetlabs.net
      server = uwhbosqjxymx2px.delivery.puppetlabs.net
      autosign = true

This is how I'm testing this:

$ git checkout 4.10.x
...
$ git rev-parse HEAD
102e667405d2024836593dac873cad70c583fdcc
$ cd acceptance
$ export BEAKER_PUPPET_VERSION=git://github.com/joshcooper/beaker-puppet#default_main
$ bundle update
...
Using beaker-puppet 1.18.4 from git://github.com/joshcooper/beaker-puppet (at default_main@3270aa3)
...
$ bundle exec rake ci:test:aio BEAKER_HOSTS=redhat7-64m-redhat7-64a SHA=ba7dbfda9b0c13308d327957e1c8c84b25a399a0 SERVER_VERSION=2.8.1 TESTS=tests/server_list_setting.rb
...
.bundle/ruby/2.3.0/bundler/gems/beaker-puppet-3270aa3978e4/setup/common/040_ValidateSignCert.rb passed in 59.71 seconds
...

I get similar results with a different test:

$ bx rake ci:test:aio BEAKER_HOSTS=redhat7-64m-redhat7-64a SHA=ba7dbfda9b0c13308d327957e1c8c84b25a399a0 SERVER_VERSION=2.8.1 TESTS=tests/pluginsync/7316_apps_should_be_available_via_pluginsync.rb

[GabrielNagy]

@joshcooper you're right... the only thing I was missing was the bundle update step, I thought setting the beaker_puppet path would suffice.

I can confirm this works. Thanks! 👍