From df8f08bb17c1cb0c8f7d94125234ec63ec7e2913 Mon Sep 17 00:00:00 2001 From: Lukas Bezdicka Date: Fri, 27 Feb 2015 15:34:38 +0100 Subject: [PATCH] Update ntp to c1eef64924a51a5fb7281a4ccd0f098f0effd270 c1eef64924a51a5fb7281a4ccd0f098f0effd270 Merge pull request #248 from hunner/bump_deps 6ba70b0902dc1959e9e33360a1e3216dac2d1177 Merge pull request #247 from hunner/TelekomCloud-feature/no_ulc_by_default da041cc4807bdc35e2a17bb81bf9d3ec108e77da Bump stdlib to 4.5.0 fff6956fbff23a67d0cd3ad5a061e68721c223d6 No Undisciplined Local Clock by default b214c795aac7308fa007ff851987b2ea732494b3 Merge pull request #246 from hunner/genome-vendor-fudge ed2fa1e426ec2410d0af1e4d38c81b2c6d11b61d Add readme 5f2d844af55f828371bc3e5357edf178cd52805b Add fudge option e4c2072fd9c6ef45f43c737e0c2cb8bc57cb743a Merge pull request #244 from hunner/debian_defaults 8dca18854b135fe79dbbc8217196447770527d06 Update to debian wheezy defaults 73d02145e406e2e104210ea9064c9039dbab7fbf Merge pull request #243 from hunner/udlc 21a7191c8c1942253993471f8a47ea63fe57244c Merge pull request #245 from hunner/pe32 429e7c59a69c5890abe9d03594d22e9423cf980e Fix PR #235 and make udlc configurable 655d966c119b0a109e8a7906b507ebee7d3b7d87 (MODULES-1796) Fix stdlib 3.2.0 compatibility 4acfa3ba0955c9f46a250025c1d9dd757d176486 Merge pull request #235 from guessi/fix_virtual_detection f878fa0de260a50e8004d293169b1b1ef859da7a Merge pull request #238 from ccin2p3/broadcast_and_auth 05b6a27be2ca2fc011eace13782d958cf6fe4999 Merge pull request #242 from psoloway/readme-overhaul ad419f029fa3335c45aa701a82e65131ced3f95f Update the README Table of Contents 7443778cf08f399457b579789021bbcf8a90a53f Merge pull request #241 from psoloway/readme-overhaul 5b9e8a567f5cdfafea5c095a6d57a6bc818f6469 General stye & content overhaul 955ef51110f1f01d56bc23548a7c0fbf8a0684ee Merge pull request #240 from cmurphy/rspec 81913cb53094caa5bcc0535b81fd1aa36d0250f1 Pin rspec gems d7a80297295ea15284cf319a15784b277e6d9b51 fix `is_virtual` detection issue ab5804ca01ba696bfe6fd88e07464586f04f52b6 Pull Request #238 add the two options "broadcastclient" and "disable auth" e57ad70b51b6cf14d207f5adc7ebae120dae6d43 Merge pull request #236 from hunner/fix_233 e33e0ee33cd3ff2919a41af7356890256a74ee73 These tests are better covered by the existing unit tests. 6e56c0714542fa221e0c55b05f43d5d1a6d74ee7 Merge pull request #232 from jamesdobson/bug/master/invalid_logfile_parameter 3de8b3b49b82b3921aa70e3856d2e3f822b2065a Merge pull request #234 from bastelfreak/update-readme 2be76487f49ab11901f80405ecceda9ee8f7c157 extend Readme for a simple client 9f2dd0dc01023ed7b80a4f628764db7280cfa1cd Merge pull request #233 from juniorsysadmin/package-manage-parameter 5d821a823f733a35b1c803bbf934110958c9ef25 (MODULES-1479) Add package_manage parameter 3a4342e8a7f98fdd5cbefbb92e47a56689e56b09 Fixing logfile parameter. 15bd6289502d50f4ea58dd63b6f3bc9882dd2196 Merge pull request #229 from cmurphy/master 879782ec0a4f41e4b0ade1dad1a1659260a21035 Add IntelliJ files to the ignore list d9cd2a00d846340d6b5d6a8021e0d412033f4ed6 Merge pull request #227 from laurenrother/summary d593de1ae868c8af0d518b28f04645a5e19be012 Merge pull request #228 from cmurphy/master 68e5db9a36cde90b238ba862c3401b52cf42c741 Add json gem ad9609050cbe61ab298f1ab813dffccbde11088b Update .travis.yml, Gemfile, Rakefile, and CONTRIBUTING.md 5d2344137225ab07a17d418471f32fd8f153b8ea dd metadata summary per FM-1523 00b34f3cf36dc931f8d3a88aa9170a59069b5b90 Merge pull request #226 from mhaskel/MODULES-207 7cd29cc154199db84f8c8ae918ebb4e7cdc564d1 There are no setup-requirements for puppetlabs-ntp 1e9866871118b046633fc640372d0fe79df0ba3d Merge pull request #225 from mhaskel/test 948d05302197d1d3f4b3c5acbae35e5a6d10b9ef Merge remote-tracking branch 'upstream/3.3.x' into test 1f519f719552aedc98b6995e42d23201a0286a58 Merge pull request #224 from cyberious/3.3.x f31b1956d7d87b6dc73f5a672ecade5d4a82a704 add support for solaris given the ssl cert issue d0fe294e00a920affae18da8d099119921d1dd85 Merge pull request #223 from mhaskel/spec_helper_fix 0718d95ebcc3e3c6c28a32c79428a7deaaf45dc6 stdlib installation wasn't working bb52d23512a6ecda35cd70e9b6b15d7cb29787bf Merge pull request #222 from mhaskel/limitations fa30e141512b76bdb21a075e7893796b9ebed5e6 Limitations was out of date. cc1c8666be7c2a760a9cc239d0a4dcaff95f2d7f Merge pull request #221 from mhaskel/moar_sles12 9753f95cc83bf5c455d6a5ae61f7da4c76b53868 Updated testing and support for sles12 4fd50935a66c05b7c4c06082a26d367a114e3456 Merge pull request #220 from cyberious/Sles12 252d5b37293a23f641d0c619a516a65499360f92 Updated testing and support for sles12 7a20fb66a27535db8981d35c24a7e4f16dc615e4 Merge pull request #219 from mhaskel/3.3.0-prep 00e30e0871ffdb36bd6cc57b058ea9c32a0dfdf2 Merge pull request #218 from mhaskel/test ca7be1d52ef74919e21475b48e1ce2c6a3a916fa 3.3.0 prep 5a63a510de6c4698de8e8756f6f4ff715bdbe205 Merge remote-tracking branch 'upstream/3.2.x' into test 177aebfeb6e0c5be48b8b4ec6558133cbfebf56c Merge pull request #217 from cyberious/Sles12 be63c07457905a3b7b671842d720bc0fc9069c1b Fix spec tests and update to use stdlib 3.2.x branch for spec acceptance testing 8491dd63a921f64bdda4d88843c9d06ffa42e894 Add SLES12 support as it has changed to Systemd a607bd41557da1def74cc21f8112a1b5e9e8d0d9 Merge pull request #216 from mhaskel/test e5cd001704b19e314e7ad4cac6e1bd6835d43925 Merge pull request #215 from mhaskel/3.2.1-prep d55e3723ff744a664e3c42faaf4bbaaf725498a4 Missed some EL7 platforms dcbefaa7c96a5636a495257248531c8a913c0aa6 Merge pull request #214 from mhaskel/3.2.1-prep 9596d3c392d2ee3d362824c03be68f69c2024d51 3.2.1 prep --- Puppetfile | 2 +- ntp/.gitignore | 2 + ntp/.travis.yml | 2 +- ntp/CHANGELOG.md | 32 ++++ ntp/CONTRIBUTING.md | 22 +-- ntp/Gemfile | 16 +- ntp/README.markdown | 164 ++++++++++++-------- ntp/Rakefile | 2 +- ntp/manifests/init.pp | 8 + ntp/manifests/install.pp | 8 +- ntp/manifests/params.pp | 36 +++-- ntp/metadata.json | 21 ++- ntp/spec/acceptance/nodesets/sles-12-64.yml | 20 +++ ntp/spec/acceptance/ntp_install_spec.rb | 6 +- ntp/spec/acceptance/ntp_parameters_spec.rb | 6 +- ntp/spec/acceptance/ntp_service_spec.rb | 74 ++++++--- ntp/spec/classes/ntp_spec.rb | 77 +++++++-- ntp/spec/spec_helper_acceptance.rb | 17 +- ntp/templates/ntp.conf.erb | 20 ++- 19 files changed, 374 insertions(+), 161 deletions(-) create mode 100644 ntp/spec/acceptance/nodesets/sles-12-64.yml diff --git a/Puppetfile b/Puppetfile index 55e31636e..cde2aeae6 100644 --- a/Puppetfile +++ b/Puppetfile @@ -119,7 +119,7 @@ mod 'nssdb', :git => 'https://github.com/rcritten/puppet-nssdb.git' mod 'ntp', - :commit => '8f697e32bc279b36ada752273e6c788716b95315', + :commit => 'c1eef64924a51a5fb7281a4ccd0f098f0effd270', :git => 'https://github.com/puppetlabs/puppetlabs-ntp' mod 'openstack_extras', diff --git a/ntp/.gitignore b/ntp/.gitignore index b5b7a00d6..b5db85e05 100644 --- a/ntp/.gitignore +++ b/ntp/.gitignore @@ -5,3 +5,5 @@ spec/fixtures/ .vagrant/ .bundle/ coverage/ +.idea/ +*.iml diff --git a/ntp/.travis.yml b/ntp/.travis.yml index a40ae502e..6cf8b0044 100644 --- a/ntp/.travis.yml +++ b/ntp/.travis.yml @@ -1,6 +1,6 @@ --- language: ruby -bundler_args: --without development +bundler_args: --without system_tests script: "bundle exec rake validate && bundle exec rake lint && bundle exec rake spec SPEC_OPTS='--format documentation'" matrix: fast_finish: true diff --git a/ntp/CHANGELOG.md b/ntp/CHANGELOG.md index a0e0d6b09..45db969d1 100644 --- a/ntp/CHANGELOG.md +++ b/ntp/CHANGELOG.md @@ -1,3 +1,35 @@ +## 2015-xx-xx - Supported Release 4.0.0 +### Summary +This release drops puppet 2.7 support and older stdlib support. + +#### Backwards-incompatible changes +- UDLC (Undisciplined local clock) is now no longer enabled by default on anything (previous was enabled on non-virtual). +- Puppet 2.7 no longer supported +- puppetlabs-stdlib less than 4.5.0 no longer supported +- TODO: The `keys_file` parent directory is no longer managed by puppet + +#### Features +- TODO + +#### Bugfixes +- TODO + +##2014-11-04 - Supported Release 3.3.0 +###Summary + +This release adds support for SLES 12. + +####Features +- Added support for SLES 12 + +##2014-10-02 - Supported Release 3.2.1 +###Summary + +This is a bug-fix release addressing the security concerns of setting /etc/ntp to mode 0755 recursively. + +####Bugfixes +- Do not recursively set ownership/mode of /etc/ntp + ##2014-09-10 - Supported Release 3.2.0 ###Summary diff --git a/ntp/CONTRIBUTING.md b/ntp/CONTRIBUTING.md index e1288478a..f1cbde4bb 100644 --- a/ntp/CONTRIBUTING.md +++ b/ntp/CONTRIBUTING.md @@ -41,11 +41,9 @@ Checklist (and a short version for the impatient) * Pre-requisites: - - Sign the [Contributor License Agreement](https://cla.puppetlabs.com/) - - Make sure you have a [GitHub account](https://github.com/join) - - [Create a ticket](http://projects.puppetlabs.com/projects/modules/issues/new), or [watch the ticket](http://projects.puppetlabs.com/projects/modules/issues) you are patching for. + - [Create a ticket](https://tickets.puppetlabs.com/secure/CreateIssue!default.jspa), or [watch the ticket](https://tickets.puppetlabs.com/browse/) you are patching for. * Preferred method: @@ -94,17 +92,7 @@ The long version whitespace or other "whitespace errors". You can do this by running "git diff --check" on your changes before you commit. - 2. Sign the Contributor License Agreement - - Before we can accept your changes, we do need a signed Puppet - Labs Contributor License Agreement (CLA). - - You can access the CLA via the [Contributor License Agreement link](https://cla.puppetlabs.com/) - - If you have any questions about the CLA, please feel free to - contact Puppet Labs via email at cla-submissions@puppetlabs.com. - - 3. Sending your patches + 2. Sending your patches To submit your changes via a GitHub pull request, we _highly_ recommend that you have them on a topic branch, instead of @@ -124,7 +112,7 @@ The long version in order to open a pull request. - 4. Update the related GitHub issue. + 3. Update the related GitHub issue. If there is a GitHub issue associated with the change you submitted, then you should update the ticket to include the @@ -220,14 +208,12 @@ review. Additional Resources ==================== -* [Getting additional help](http://projects.puppetlabs.com/projects/puppet/wiki/Getting_Help) +* [Getting additional help](http://puppetlabs.com/community/get-help) * [Writing tests](http://projects.puppetlabs.com/projects/puppet/wiki/Development_Writing_Tests) * [Patchwork](https://patchwork.puppetlabs.com) -* [Contributor License Agreement](https://projects.puppetlabs.com/contributor_licenses/sign) - * [General GitHub documentation](http://help.github.com/) * [GitHub pull request documentation](http://help.github.com/send-pull-requests/) diff --git a/ntp/Gemfile b/ntp/Gemfile index e960f7c4b..62c569397 100644 --- a/ntp/Gemfile +++ b/ntp/Gemfile @@ -1,15 +1,19 @@ source ENV['GEM_SOURCE'] || "https://rubygems.org" -group :development, :test do +group :development, :unit_tests do gem 'rake', :require => false - gem 'rspec-puppet', :require => false + gem 'rspec-core', '3.1.7', :require => false + gem 'rspec-puppet', '~> 1.0', :require => false gem 'puppetlabs_spec_helper', :require => false - gem 'serverspec', :require => false gem 'puppet-lint', :require => false - gem 'beaker', :require => false - gem 'beaker-rspec', :require => false - gem 'pry', :require => false gem 'simplecov', :require => false + gem 'puppet_facts', :require => false + gem 'json', :require => false +end + +group :system_tests do + gem 'beaker-rspec', :require => false + gem 'serverspec', :require => false end if facterversion = ENV['FACTER_GEM_VERSION'] diff --git a/ntp/README.markdown b/ntp/README.markdown index 630d70dd6..f7209ef9c 100644 --- a/ntp/README.markdown +++ b/ntp/README.markdown @@ -5,9 +5,6 @@ 1. [Overview](#overview) 2. [Module Description - What the module does and why it is useful](#module-description) 3. [Setup - The basics of getting started with ntp](#setup) - * [What ntp affects](#what-ntp-affects) - * [Setup requirements](#setup-requirements) - * [Beginning with ntp](#beginning-with-ntp) 4. [Usage - Configuration options and additional functionality](#usage) 5. [Reference - An under-the-hood peek at what the module is doing and how](#reference) 5. [Limitations - OS compatibility, etc.](#limitations) @@ -23,16 +20,9 @@ The ntp module handles installing, configuring, and running NTP across a range o ##Setup -###What ntp affects - -* ntp package. -* ntp configuration file. -* ntp service. - ###Beginning with ntp -`include '::ntp'` is enough to get you up and running. If you wish to pass in -parameters specifying which servers to use, then: +`include '::ntp'` is enough to get you up and running. If you wish to pass in parameters specifying which servers to use, then: ```puppet class { '::ntp': @@ -42,8 +32,7 @@ class { '::ntp': ##Usage -All interaction with the ntp module can do be done through the main ntp class. -This means you can simply toggle the options in `::ntp` to have full functionality of the module. +All interaction with the ntp module can be done through the main ntp class. This means you can simply toggle the options in `::ntp` to have full functionality of the module. ###I just want NTP, what's the minimum I need? @@ -68,9 +57,25 @@ class { '::ntp': } ``` +###I just want to install a client that can't be queried + +```puppet +class { '::ntp': + servers => ['ntp1.corp.com', 'ntp2.corp.com'], + restrict => [ + 'default ignore', + '-6 default ignore', + '127.0.0.1', + '-6 ::1', + 'ntp1.corp.com nomodify notrap nopeer noquery', + 'ntp1.corp.com nomodify notrap nopeer noquery' + ], +} +``` + ###I only want to listen on specific interfaces, not on 0.0.0.0 -Restricting this is especially useful on Openstack nodes which may have numerous virtual interfaces. +Restricting ntp to a specific interface is especially useful on Openstack nodes which may have numerous virtual interfaces. ```puppet class { '::ntp': @@ -89,6 +94,14 @@ class { '::ntp': } ``` +###I'd like to configure and run ntp, but I don't need to install it. + +```puppet +class { '::ntp': + package_manage => false, +} +``` + ###Looks great! But I'd like a different template; we need to do something unique here. ```puppet @@ -116,137 +129,150 @@ class { '::ntp': ###Parameters -The following parameters are available in the ntp module: +The following parameters are available in the `::ntp` class: ####`autoupdate` -**Deprecated:** This parameter determined whether the ntp module should be -automatically updated to the latest version available. Replaced by `package_ensure`. +**Deprecated; replaced by the `package_ensure` parameter**. Tells Puppet whether to keep the ntp module updated to the latest version available. Valid options: 'true' or 'false'. Default value: 'false' + +####`broadcastclient` + +Enable reception of broadcast server messages to any local interface. ####`config` -Sets the file that ntp configuration is written into. +Specifies a file for ntp's configuration info. Valid options: string containing an absolute path. Default value: '/etc/ntp.conf' (or '/etc/inet/ntp.conf' on Solaris) ####`config_template` -Determines which template Puppet should use for the ntp configuration. +Specifies a file to act as a template for the config file. Valid options: string containing a path (absolute, or relative to the module path). Default value: 'ntp/ntp.conf.erb' + +####`disable_auth` + +Do not require cryptographic authentication for broadcast client, multicast +client and symmetric passive associations. ####`disable_monitor` -Disables monitoring of ntp. +Tells Puppet whether to refrain from monitoring the NTP service. Valid options: 'true' or 'false'. Default value: 'false' ####`driftfile` -Sets the location of the drift file for ntp. +Specifies an NTP driftfile. Valid options: string containing an absolute path. Default value: '/var/lib/ntp/drift' (except on AIX and Solaris) + +#### `fudge` + +Used to provide additional information for individual clock drivers. Valid options: array containing strings that follow the `fudge` command. Default value: [ ] ####`iburst_enable` -Set the iburst option in the ntp configuration. If enabled the option is set for every ntp peer. +Specifies whether to enable the iburst option for every NTP peer. Valid options: 'true' or 'false'. Default value: 'false' (except on AIX and Debian) ####`interfaces` -Sets the list of interfaces NTP will listen on. This parameter must be an array. +Specifies one or more network interfaces for NTP to listen on. Valid options: array. Default value: [ ] ####`keys_controlkey` -The key to use as the control key. +Provides a control key to be used by NTP. Valid options: string. Default value: ' ' ####`keys_enable` -Whether the ntp keys functionality is enabled. +Tells Puppet whether to enable key-based authentication. Valid options: 'true' or 'false'. Default value: 'false' ####`keys_file` -Location of the keys file. +Specifies an NTP keys file. Valid options: string containing an absolute path. Default value: '/etc/ntp/keys' (except on AIX, SLES, and Solaris) ####`keys_requestkey` -Which of the keys is the request key. +Provides a request key to be used by NTP. Valid options: string. Default value: ' ' + +#### `keys_trusted`: +Provides one or more keys to be trusted by NTP. Valid options: array of keys. Default value: [ ] -#### `keys_trusted` +#### `logfile` -Array of trusted keys. +Specifies a log file for NTP to use instead of syslog. Valid options: string containing an absolute path. Default value: ' ' ####`package_ensure` -Sets the ntp package to be installed. Can be set to 'present', 'latest', or a specific version. +Tells Puppet whether the NTP package should be installed, and what version. Valid options: 'present', 'latest', or a specific version number. Default value: 'present' + +####`package_manage` + +Tells Puppet whether to manage the NTP package. Valid options: 'true' or 'false'. Default value: 'true' ####`package_name` -Determines the name of the package to install. +Tells Puppet what NTP package to manage. Valid options: string. Default value: 'ntp' (except on AIX and Solaris) ####`panic` -Determines if ntp should 'panic' in the event of a very large clock skew. -This defaults to false for virtual machines, as they don't do a great job with keeping time. +Specifies whether NTP should "panic" in the event of a very large clock skew. Valid options: 'true' or 'false'. Default value: 'true' (except on virtual machines, where major time shifts are normal) ####`preferred_servers` -List of ntp servers to prefer. Will append 'prefer' for any server in this list -that also appears in the servers list. +Specifies one or more preferred peers. Puppet will append 'prefer' to each matching item in the `servers` array. Valid options: array. Default value: [ ] ####`restrict` -Sets the restrict options in the ntp configuration. The lines are -prefixed with 'restrict', so you just need to list the rest of the restriction. +Specifies one or more `restrict` options for the NTP configuration. Puppet will prefix each item with 'restrict', so you only need to list the content of the restriction. Valid options: array. Default value for most operating systems: + +~~~~ +[ + 'default kod nomodify notrap nopeer noquery', + '-6 default kod nomodify notrap nopeer noquery', + '127.0.0.1', + '-6 ::1', +] +~~~~ + +Default value for AIX systems: + +~~~~ +[ + 'default nomodify notrap nopeer noquery', + '127.0.0.1', +] +~~~~ ####`servers` -Selects the servers to use for ntp peers. +Specifies one or more servers to be used as NTP peers. Valid options: array. Default value: varies by operating system ####`service_enable` -Determines if the service should be enabled at boot. +Tells Puppet whether to enable the NTP service at boot. Valid options: 'true' or 'false'. Default value: 'true' ####`service_ensure` -Determines if the service should be running or not. +Tells Puppet whether the NTP service should be running. Valid options: 'running' or 'stopped'. Default value: 'running' ####`service_manage` -Selects whether Puppet should manage the service. +Tells Puppet whether to manage the NTP service. Valid options: 'true' or 'false'. Default value: 'true' ####`service_name` -Selects the name of the ntp service for Puppet to manage. +Tells Puppet what NTP service to manage. Valid options: string. Default value: varies by operating system ####`udlc` -Enables configs for undisciplined local clock, regardless of -status as a virtual machine. - +Specifies whether to configure ntp to use the undisciplined local clock as a time source. Valid options: 'true' or 'false'. Default value: 'false' ##Limitations -This module has been built on and tested against Puppet 2.7 and higher. - -The module has been tested on: - -* RedHat Enterprise Linux 5/6 -* Debian 6/7 -* CentOS 5/6 -* Ubuntu 12.04 -* Gentoo -* Arch Linux -* FreeBSD -* Solaris 11 -* AIX 5.3, 6.1, 7.1 - -Testing on other platforms has been light and cannot be guaranteed. +This module has been tested on [all PE-supported platforms](https://forge.puppetlabs.com/supported#compat-matrix), and no issues have been identified. ##Development -Puppet Labs modules on the Puppet Forge are open projects, and community -contributions are essential for keeping them great. We can’t access the -huge number of platforms and myriad of hardware, software, and deployment -configurations that Puppet is intended to serve. +Puppet Labs modules on the Puppet Forge are open projects, and community contributions are essential for keeping them great. We can’t access the huge number of platforms and myriad of hardware, software, and deployment configurations that Puppet is intended to serve. -We want to keep it as easy as possible to contribute changes so that our -modules work in your environment. There are a few guidelines that we need -contributors to follow so that we can have a chance of keeping on top of things. +We want to keep it as easy as possible to contribute changes so that our modules work in your environment. There are a few guidelines that we need contributors to follow so that we can have a chance of keeping on top of things. -You can read the complete module contribution guide [on the Puppet Labs wiki.](http://projects.puppetlabs.com/projects/module-site/wiki/Module_contributing) +For more information, see our [module contribution guide.](https://docs.puppetlabs.com/forge/contributing.html) ###Contributors -The list of contributors can be found at: [https://github.com/puppetlabs/puppetlabs-ntp/graphs/contributors](https://github.com/puppetlabs/puppetlabs-ntp/graphs/contributors) +To see who's already involved, see the [list of contributors.](https://github.com/puppetlabs/puppetlabs-ntp/graphs/contributors) diff --git a/ntp/Rakefile b/ntp/Rakefile index 5868545f2..e3be95b0b 100644 --- a/ntp/Rakefile +++ b/ntp/Rakefile @@ -2,9 +2,9 @@ require 'puppetlabs_spec_helper/rake_tasks' require 'puppet-lint/tasks/puppet-lint' PuppetLint.configuration.fail_on_warnings +PuppetLint.configuration.send('relative') PuppetLint.configuration.send('disable_80chars') PuppetLint.configuration.send('disable_class_inherits_from_params_class') -PuppetLint.configuration.send('disable_class_parameter_defaults') PuppetLint.configuration.send('disable_documentation') PuppetLint.configuration.send('disable_single_quote_string_with_variables') PuppetLint.configuration.ignore_paths = ["spec/**/*.pp", "pkg/**/*.pp"] diff --git a/ntp/manifests/init.pp b/ntp/manifests/init.pp index 2cbc462fd..14adf5952 100644 --- a/ntp/manifests/init.pp +++ b/ntp/manifests/init.pp @@ -1,8 +1,11 @@ class ntp ( $autoupdate = $ntp::params::autoupdate, + $broadcastclient = $ntp::params::broadcastclient, $config = $ntp::params::config, $config_template = $ntp::params::config_template, + $disable_auth = $ntp::params::disable_auth, $disable_monitor = $ntp::params::disable_monitor, + $fudge = $ntp::params::fudge, $driftfile = $ntp::params::driftfile, $logfile = $ntp::params::logfile, $iburst_enable = $ntp::params::iburst_enable, @@ -12,6 +15,7 @@ $keys_requestkey = $ntp::params::keys_requestkey, $keys_trusted = $ntp::params::keys_trusted, $package_ensure = $ntp::params::package_ensure, + $package_manage = $ntp::params::package_manage, $package_name = $ntp::params::package_name, $panic = $ntp::params::panic, $preferred_servers = $ntp::params::preferred_servers, @@ -25,8 +29,10 @@ $udlc = $ntp::params::udlc ) inherits ntp::params { + validate_bool($broadcastclient) validate_absolute_path($config) validate_string($config_template) + validate_bool($disable_auth) validate_bool($disable_monitor) validate_absolute_path($driftfile) if $logfile { validate_absolute_path($logfile) } @@ -36,12 +42,14 @@ validate_re($keys_requestkey, ['^\d+$', '']) validate_array($keys_trusted) validate_string($package_ensure) + validate_bool($package_manage) validate_array($package_name) validate_bool($panic) validate_array($preferred_servers) validate_array($restrict) validate_array($interfaces) validate_array($servers) + validate_array($fudge) validate_bool($service_enable) validate_string($service_ensure) validate_bool($service_manage) diff --git a/ntp/manifests/install.pp b/ntp/manifests/install.pp index 237f4c1c0..49f4044bf 100644 --- a/ntp/manifests/install.pp +++ b/ntp/manifests/install.pp @@ -1,8 +1,12 @@ # class ntp::install inherits ntp { - package { $package_name: - ensure => $package_ensure, + if $package_manage { + + package { $package_name: + ensure => $package_ensure, + } + } } diff --git a/ntp/manifests/params.pp b/ntp/manifests/params.pp index a3cde9ea5..47a898001 100644 --- a/ntp/manifests/params.pp +++ b/ntp/manifests/params.pp @@ -15,10 +15,17 @@ $service_manage = true $udlc = false $interfaces = [] + $disable_auth = false + $broadcastclient = false + + # Allow a list of fudge options + $fudge = [] # On virtual machines allow large clock skews. - $panic = str2bool($::is_virtual) ? { - true => false, + # TODO Change this to str2bool($::is_virtual) when stdlib dependency is >= 4.0.0 + # NOTE The "x${var}" is just to avoid lint quoted variable warning. + $panic = "x${::is_virtual}" ? { + 'xtrue' => false, default => true, } @@ -28,6 +35,11 @@ $default_package_name = ['ntp'] $default_service_name = 'ntpd' + $package_manage = $::osfamily ? { + 'FreeBSD' => false, + default => true, + } + case $::osfamily { 'AIX': { $config = $default_config @@ -53,10 +65,10 @@ $driftfile = $default_driftfile $package_name = $default_package_name $restrict = [ - 'default kod nomodify notrap nopeer noquery', + '-4 kod nomodify notrap nopeer noquery', '-6 default kod nomodify notrap nopeer noquery', '127.0.0.1', - '-6 ::1', + '::1', ] $service_name = 'ntp' $iburst_enable = true @@ -87,8 +99,15 @@ ] } 'Suse': { + if $::operatingsystem == 'SLES' and $::operatingsystemmajrelease == '12' + { + $service_name = 'ntpd' + $keys_file = '/etc/ntp.keys' + } else{ + $service_name = 'ntp' + $keys_file = $default_keys_file + } $config = $default_config - $keys_file = $default_keys_file $driftfile = '/var/lib/ntp/drift/ntp.drift' $package_name = $default_package_name $restrict = [ @@ -97,7 +116,6 @@ '127.0.0.1', '-6 ::1', ] - $service_name = 'ntp' $iburst_enable = false $servers = [ '0.opensuse.pool.ntp.org', @@ -168,7 +186,7 @@ '3.pool.ntp.org', ] } - # Gentoo was added as its own $::osfamily in Facter 1.7.0 + # Gentoo was added as its own $::osfamily in Facter 1.7.0 'Gentoo': { $config = $default_config $keys_file = $default_keys_file @@ -190,8 +208,8 @@ ] } 'Linux': { - # Account for distributions that don't have $::osfamily specific settings. - # Before Facter 1.7.0 Gentoo did not have its own $::osfamily + # Account for distributions that don't have $::osfamily specific settings. + # Before Facter 1.7.0 Gentoo did not have its own $::osfamily case $::operatingsystem { 'Gentoo': { $config = $default_config diff --git a/ntp/metadata.json b/ntp/metadata.json index 48fdafde2..962d11e4a 100644 --- a/ntp/metadata.json +++ b/ntp/metadata.json @@ -1,8 +1,8 @@ { "name": "puppetlabs-ntp", - "version": "3.2.0", + "version": "3.3.0", "author": "Puppet Labs", - "summary": "NTP Module", + "summary": "Installs, configures, and manages the NTP service.", "license": "Apache Version 2.0", "source": "https://github.com/puppetlabs/puppetlabs-ntp", "project_page": "https://github.com/puppetlabs/puppetlabs-ntp", @@ -20,27 +20,32 @@ "operatingsystem": "CentOS", "operatingsystemrelease": [ "5", - "6" + "6", + "7" ] }, { "operatingsystem": "OracleLinux", "operatingsystemrelease": [ "5", - "6" + "6", + "7" ] }, { "operatingsystem": "Scientific", "operatingsystemrelease": [ "5", - "6" + "6", + "7" ] }, { "operatingsystem": "SLES", "operatingsystemrelease": [ - "11 SP1" + "10 SP4", + "11 SP1", + "12" ] }, { @@ -76,7 +81,7 @@ "requirements": [ { "name": "pe", - "version_requirement": "3.x" + "version_requirement": ">= 3.7.0 < 4.0.0" }, { "name": "puppet", @@ -85,6 +90,6 @@ ], "description": "NTP Module for Debian, Ubuntu, CentOS, RHEL, OEL, Fedora, FreeBSD, ArchLinux and Gentoo.", "dependencies": [ - {"name":"puppetlabs/stdlib","version_requirement":">= 3.2.0 < 5.0.0"} + {"name":"puppetlabs/stdlib","version_requirement":">= 4.5.0 < 5.0.0"} ] } diff --git a/ntp/spec/acceptance/nodesets/sles-12-64.yml b/ntp/spec/acceptance/nodesets/sles-12-64.yml new file mode 100644 index 000000000..00c147a8f --- /dev/null +++ b/ntp/spec/acceptance/nodesets/sles-12-64.yml @@ -0,0 +1,20 @@ +--- +HOSTS: + czriitzephrrlzw: + roles: + - master + - database + - dashboard + - agent + - default + platform: sles-12-x86_64 + template: sles-12-x86_64 + hypervisor: vcloud +CONFIG: + nfs_server: none + consoleport: 443 + datastore: instance0 + folder: Delivery/Quality Assurance/Enterprise/Dynamic + resourcepool: delivery/Quality Assurance/Enterprise/Dynamic + pooling_api: http://vcloud.delivery.puppetlabs.net/ + pe_dir: http://enterprise.delivery.puppetlabs.net/3.4/preview diff --git a/ntp/spec/acceptance/ntp_install_spec.rb b/ntp/spec/acceptance/ntp_install_spec.rb index 1c81fb005..29aac2246 100644 --- a/ntp/spec/acceptance/ntp_install_spec.rb +++ b/ntp/spec/acceptance/ntp_install_spec.rb @@ -22,7 +22,11 @@ packagename = 'service/network/ntp' end else - packagename = 'ntp' + if fact('operatingsystem') == 'SLES' and fact('operatingsystemmajrelease') == '12' + servicename = 'ntpd' + else + servicename = 'ntp' + end end describe 'ntp::install class', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do diff --git a/ntp/spec/acceptance/ntp_parameters_spec.rb b/ntp/spec/acceptance/ntp_parameters_spec.rb index 675cf81e4..e4c230d7e 100644 --- a/ntp/spec/acceptance/ntp_parameters_spec.rb +++ b/ntp/spec/acceptance/ntp_parameters_spec.rb @@ -22,7 +22,11 @@ packagename = 'service/network/ntp' end else - packagename = 'ntp' + if fact('operatingsystem') == 'SLES' and fact('operatingsystemmajrelease') == '12' + servicename = 'ntpd' + else + servicename = 'ntp' + end end if (fact('osfamily') == 'Solaris') diff --git a/ntp/spec/acceptance/ntp_service_spec.rb b/ntp/spec/acceptance/ntp_service_spec.rb index 83c279758..73edd656d 100644 --- a/ntp/spec/acceptance/ntp_service_spec.rb +++ b/ntp/spec/acceptance/ntp_service_spec.rb @@ -1,16 +1,35 @@ require 'spec_helper_acceptance' +require 'specinfra' case fact('osfamily') -when 'RedHat', 'FreeBSD', 'Linux', 'Gentoo' - servicename = 'ntpd' -when 'Solaris' - servicename = 'network/ntp' -when 'AIX' - servicename = 'xntpd' -else - servicename = 'ntp' + when 'RedHat', 'FreeBSD', 'Linux', 'Gentoo' + servicename = 'ntpd' + when 'Solaris' + servicename = 'network/ntp' + when 'AIX' + servicename = 'xntpd' + else + if fact('operatingsystem') == 'SLES' and fact('operatingsystemmajrelease') == '12' + servicename = 'ntpd' + else + servicename = 'ntp' + end +end +shared_examples 'running' do + describe service(servicename) do + if !(fact('operatingsystem') == 'SLES' && fact('operatingsystemmajrelease') == '12') + it { should be_running } + it { should be_enabled } + else + # hack until we either update SpecInfra or come up with alternative + it { + output = shell('service ntpd status') + expect(output.stdout).to match(/Active\:\s+active\s+\(running\)/) + expect(output.stdout).to match(/^\s+Loaded.*enabled\)$/) + } + end + end end - describe 'ntp::service class', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do describe 'basic test' do it 'sets up the service' do @@ -19,10 +38,7 @@ class { 'ntp': } }, :catch_failures => true) end - describe service(servicename) do - it { should be_enabled } - it { should be_running } - end + it_should_behave_like 'running' end describe 'service parameters' do @@ -37,29 +53,37 @@ class { 'ntp': EOS apply_manifest(pp, :catch_failures => true) end - - describe service(servicename) do - it { should be_running } - it { should be_enabled } - end + it_should_behave_like 'running' end +end - describe 'service is unmanaged' do - it 'shouldnt stop the service' do - pp = <<-EOS +describe 'service is unmanaged' do + it 'shouldnt stop the service' do + pp = <<-EOS class { 'ntp': service_enable => false, service_ensure => stopped, service_manage => false, service_name => '#{servicename}' } - EOS - apply_manifest(pp, :catch_failures => true) - end + EOS + apply_manifest(pp, :catch_failures => true) + end - describe service(servicename) do + describe service(servicename) do + if !(fact('operatingsystem') == 'SLES' && fact('operatingsystemmajrelease') == '12') it { should be_running } it { should be_enabled } + else + # hack until we either update SpecInfra or come up with alternative + output = shell('service ntpd status', :acceptable_exit_codes => [0, 3]) + it 'should be disabled' do + expect(output.stdout).to match(/^\s+Loaded.*disabled\)$/) + end + it 'should be stopped' do + expect(output.stdout).to match(/Active\:\s+inactive/) + end end end end + diff --git a/ntp/spec/classes/ntp_spec.rb b/ntp/spec/classes/ntp_spec.rb index 809bc12f5..4864e8883 100644 --- a/ntp/spec/classes/ntp_spec.rb +++ b/ntp/spec/classes/ntp_spec.rb @@ -9,6 +9,10 @@ let :facts do super().merge({ :osfamily => 'Linux', :operatingsystem => 'Gentoo' }) end + elsif system == 'Suse' + let :facts do + super().merge({ :osfamily => system,:operatingsystem => 'SLES',:operatingsystemmajrelease => '11' }) + end else let :facts do super().merge({ :osfamily => system }) @@ -122,23 +126,76 @@ } end end + describe 'with parameter disable_auth' do + context 'when set to true' do + let(:params) {{ + :disable_auth => true, + }} + + it 'should contain disable auth setting' do + should contain_file('/etc/ntp.conf').with({ + 'content' => /^disable auth\n/, + }) + end + end + context 'when set to false' do + let(:params) {{ + :disable_auth => false, + }} + + it 'should not contain disable auth setting' do + should_not contain_file('/etc/ntp.conf').with({ + 'content' => /^disable auth\n/, + }) + end + end + end + describe 'with parameter broadcastclient' do + context 'when set to true' do + let(:params) {{ + :broadcastclient => true, + }} + + it 'should contain broadcastclient setting' do + should contain_file('/etc/ntp.conf').with({ + 'content' => /^broadcastclient\n/, + }) + end + end + context 'when set to false' do + let(:params) {{ + :broadcastclient => false, + }} + + it 'should not contain broadcastclient setting' do + should_not contain_file('/etc/ntp.conf').with({ + 'content' => /^broadcastclient\n/, + }) + end + end + end describe "ntp::install on #{system}" do - let(:params) {{ :package_ensure => 'present', :package_name => ['ntp'], }} + let(:params) {{ :package_ensure => 'present', :package_name => ['ntp'], :package_manage => true, }} it { should contain_package('ntp').with( :ensure => 'present' )} describe 'should allow package ensure to be overridden' do - let(:params) {{ :package_ensure => 'latest', :package_name => ['ntp'] }} + let(:params) {{ :package_ensure => 'latest', :package_name => ['ntp'], :package_manage => true, }} it { should contain_package('ntp').with_ensure('latest') } end describe 'should allow the package name to be overridden' do - let(:params) {{ :package_ensure => 'present', :package_name => ['hambaby'] }} + let(:params) {{ :package_ensure => 'present', :package_name => ['hambaby'], :package_manage => true, }} it { should contain_package('hambaby') } end + + describe 'should allow the package to be unmanaged' do + let(:params) {{ :package_manage => false, :package_name => ['ntp'], }} + it { should_not contain_package('ntp') } + end end describe 'ntp::service' do @@ -214,22 +271,22 @@ :servers => ['a', 'b', 'c', 'd'], :logfile => '/var/log/foobar.log', }} - + it 'should contain logfile setting' do should contain_file('/etc/ntp.conf').with({ - 'content' => /^logfile = \/var\/log\/foobar\.log\n/, + 'content' => /^logfile \/var\/log\/foobar\.log\n/, }) end end - + context 'when set to false' do let(:params) {{ :servers => ['a', 'b', 'c', 'd'], }} - + it 'should not contain a logfile line' do should_not contain_file('/etc/ntp.conf').with({ - 'content' => /logfile =/, + 'content' => /logfile /, }) end end @@ -289,13 +346,13 @@ describe "on osfamily Suse" do let :facts do - super().merge({ :osfamily => 'Suse' }) + super().merge({ :osfamily => 'Suse', :operatingsystem => 'SLES',:operatingsystemmajrelease => '11' }) end it 'uses the opensuse ntp servers by default' do should contain_file('/etc/ntp.conf').with({ 'content' => /server \d.opensuse.pool.ntp.org/, - }) + }) end end diff --git a/ntp/spec/spec_helper_acceptance.rb b/ntp/spec/spec_helper_acceptance.rb index 07c47c601..1a4bea19a 100644 --- a/ntp/spec/spec_helper_acceptance.rb +++ b/ntp/spec/spec_helper_acceptance.rb @@ -1,20 +1,29 @@ require 'beaker-rspec' -UNSUPPORTED_PLATFORMS = [ 'windows', 'Darwin' ] +UNSUPPORTED_PLATFORMS = ['windows', 'Darwin'] unless ENV['RS_PROVISION'] == 'no' or ENV['BEAKER_provision'] == 'no' # This will install the latest available package on el and deb based # systems fail on windows and osx, and install via gem on other *nixes - foss_opts = { :default_action => 'gem_install' } + foss_opts = {:default_action => 'gem_install'} - if default.is_pe?; then install_pe; else install_puppet( foss_opts ); end + if default.is_pe?; then + install_pe; + else + install_puppet(foss_opts); + end hosts.each do |host| unless host.is_pe? on host, "/bin/echo '' > #{host['hieraconf']}" end on host, "mkdir -p #{host['distmoduledir']}" - on host, puppet('module install puppetlabs-stdlib'), { :acceptable_exit_codes => [0,1] } + if host['platform'] =~ /sles-12/i || host['platform'] =~ /solaris-11/i + apply_manifest_on(host, 'package{"git":}') + on host, 'git clone -b 4.3.x https://github.com/puppetlabs/puppetlabs-stdlib /etc/puppetlabs/puppet/modules/stdlib' + else + on host, puppet('module install puppetlabs-stdlib'), {:acceptable_exit_codes => [0, 1]} + end end end diff --git a/ntp/templates/ntp.conf.erb b/ntp/templates/ntp.conf.erb index 99f43d7e0..2393087f1 100644 --- a/ntp/templates/ntp.conf.erb +++ b/ntp/templates/ntp.conf.erb @@ -9,6 +9,9 @@ tinker panic 0 <% if @disable_monitor == true -%> disable monitor <% end -%> +<% if @disable_auth == true -%> +disable auth +<% end -%> <% if @restrict != [] -%> # Permit time synchronization with our time source, but do not @@ -27,15 +30,19 @@ interface listen <%= interface %> <% end -%> <% end -%> +<% if @broadcastclient == true -%> +broadcastclient +<% end -%> + <% [@servers].flatten.each do |server| -%> server <%= server %><% if @iburst_enable == true -%> iburst<% end %><% if @preferred_servers.include?(server) -%> prefer<% end %> <% end -%> -<% if scope.lookupvar('::is_virtual') == "false" or @udlc -%> +<% if @udlc -%> # Undisciplined Local Clock. This is a fake driver intended for backup -# and when no outside source of synchronized time is available. -server 127.127.1.0 -fudge 127.127.1.0 stratum 10 +# and when no outside source of synchronized time is available. +server 127.127.1.0 +fudge 127.127.1.0 stratum 10 restrict 127.127.1.0 <% end -%> @@ -44,7 +51,7 @@ driftfile <%= @driftfile %> <% unless @logfile.nil? -%> # Logfile -logfile = <%= @logfile %> +logfile <%= @logfile %> <% end -%> <% if @keys_enable -%> @@ -60,3 +67,6 @@ controlkey <%= @keys_controlkey %> <% end -%> <% end -%> +<% [@fudge].flatten.each do |entry| -%> +fudge <%= entry %> +<% end -%>