diff --git a/.gitignore b/.gitignore index 7cc873fb..9436b367 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,123 @@ -*.swp +# Byte-compiled / optimized / DLL files +__pycache__/ +*.py[cod] +*$py.class + +# C extensions +*.so + +# Distribution / packaging +.Python +env/ +build/ +develop-eggs/ +dist/ +downloads/ +eggs/ +.eggs/ +lib/ +lib64/ +parts/ +sdist/ +var/ +wheels/ +*.egg-info/ +.installed.cfg +*.egg + +# PyInstaller +# Usually these files are written by a python script from a packager +# before PyInstaller builds the exe, so as to inject date/other infos into it. +*.manifest +*.spec + +# Installer logs +pip-log.txt +pip-delete-this-directory.txt + +# Unit test / coverage reports +htmlcov/ +.tox/ +.coverage +.coverage.* +.cache +nosetests.xml +coverage.xml +*.cover +.hypothesis/ .kitchen +.kitchen.local.yml +kitchen.local.yml +junit-*.xml + +# Translations +*.mo +*.pot + +# Django stuff: +*.log +local_settings.py + +# Flask stuff: +instance/ +.webassets-cache + +# Scrapy stuff: +.scrapy + +# Sphinx documentation +docs/_build/ + +# PyBuilder +target/ + +# Jupyter Notebook +.ipynb_checkpoints + +# pyenv +.python-version + +# celery beat schedule file +celerybeat-schedule + +# SageMath parsed files +*.sage.py + +# dotenv +.env + +# virtualenv +.venv +venv/ +ENV/ + +# Spyder project settings +.spyderproject +.spyproject + +# Rope project settings +.ropeproject + +# mkdocs documentation +/site + +# mypy +.mypy_cache/ + +# Bundler +.bundle/ +Gemfile.lock + +# copied `.md` files used for conversion to `.rst` using `m2r` +docs/*.md + +# Vim +*.sw? + +## Collected when centralising formulas (check and sort) +# `collectd-formula` +.pytest_cache/ +/.idea/ +Dockerfile.*_* +ignore/ +tmp/ diff --git a/.kitchen.docker.yml b/.kitchen.docker.yml index cbcba82f..f6c458a3 100644 --- a/.kitchen.docker.yml +++ b/.kitchen.docker.yml @@ -3,4 +3,4 @@ driver: name: docker hostname: salt-formula.ci.local use_sudo: true - require_chef_omnibus: false \ No newline at end of file + require_chef_omnibus: false diff --git a/.kitchen.yml b/.kitchen.yml deleted file mode 100644 index 8430134a..00000000 --- a/.kitchen.yml +++ /dev/null @@ -1,59 +0,0 @@ ---- -driver: - name: docker - use_sudo: false - privileged: true - hostname: salt-formula.ci.local - require_chef_omnibus: false - -platforms: - - name: ubuntu-18.04 - driver_config: - provision_command: - - apt-get update && apt-get install -y locales ifupdown - - locale-gen en_US.UTF-8 - - update-locale LANG=en_US.UTF-8 - - mkdir -p /run/sshd - run_command: /lib/systemd/systemd - - name: debian-9 - driver_config: - provision_command: - - apt-get update && apt-get install -y locales ifupdown - - locale-gen en_US.UTF-8 - run_command: /lib/systemd/systemd - - name: centos-7 -# driver_config: -# run_command: /lib/systemd/systemd - -provisioner: - name: salt_solo - salt_install: bootstrap - salt_bootstrap_url: https://bootstrap.saltstack.com - salt_version: latest - salt_pillar_root: pillar.example - log_level: <%= ENV['SALT_DEBUG_LEVEL'] || 'info' %> - formula: tomcat - state_top: - base: - '*': - - tomcat -suites: - - name: tomcat_install - provisioner: - state_top: - base: - '*': - - tomcat - - tomcat.native - - tomcat.config - - - name: tomcat_extend - provisioner: - state_top: - base: - '*': - - tomcat.manager - - tomcat.vhosts - - tomcat.expires - - tomcat.context - - tomcat.cluster diff --git a/.rubocop.yml b/.rubocop.yml new file mode 100644 index 00000000..999681bb --- /dev/null +++ b/.rubocop.yml @@ -0,0 +1,25 @@ +# -*- coding: utf-8 -*- +# vim: ft=yaml +--- +# General overrides used across formulas in the org +Layout/LineLength: + # Increase from default of `80` + # Based on https://github.com/PyCQA/flake8-bugbear#opinionated-warnings (`B950`) + Max: 88 +Metrics/BlockLength: + ExcludedMethods: + - control + - describe + # Increase from default of `25` + Max: 30 + +# General settings across all cops in this formula +AllCops: + # Files to ignore completely + Exclude: + - test/integration/**/serverspec/* + +# Any offenses that should be fixed, e.g. collected via. `rubocop --auto-gen-config` +Style/FormatStringToken: + Exclude: + - test/integration/tomcat_install/controls/yaml_dump_spec.rb diff --git a/.salt-lint b/.salt-lint new file mode 100644 index 00000000..3715677b --- /dev/null +++ b/.salt-lint @@ -0,0 +1,14 @@ +# -*- coding: utf-8 -*- +# vim: ft=yaml +--- +exclude_paths: [] +rules: {} +skip_list: + # Using `salt-lint` for linting other files as well, such as Jinja macros/templates + - 205 # Use ".sls" as a Salt State file extension + # Skipping `207` and `208` because `210` is sufficient, at least for the time-being + # I.e. Allows 3-digit unquoted codes to still be used, such as `644` and `755` + - 207 # File modes should always be encapsulated in quotation marks + - 208 # File modes should always contain a leading zero +tags: [] +verbosity: 1 diff --git a/.travis.yml b/.travis.yml index 74248322..e6890903 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,27 +1,123 @@ -language: ruby +# -*- coding: utf-8 -*- +# vim: ft=yaml +--- +## Machine config +os: 'linux' +arch: 'amd64' +dist: 'bionic' +version: '~> 1.0' -rvm: - - 2.2.6 +## Language and cache config +language: 'ruby' +cache: 'bundler' -sudo: required -services: +## Services config +services: - docker -env: - matrix: - - INSTANCE: install-ubuntu-1804 - - INSTANCE: install-centos-7 - - INSTANCE: install-debian-9 - - INSTANCE: extend-ubuntu-1804 - - INSTANCE: extend-centos-7 - - INSTANCE: extend-debian-9 +## Script to run for the test stage +script: + - bin/kitchen verify "${INSTANCE}" -# https://github.com/zuazo/kitchen-in-travis-native/issues/1#issuecomment-142455888 -before_script: sudo iptables -L DOCKER || sudo iptables -N DOCKER +## Stages and jobs matrix +stages: + - test + - name: 'release' + if: 'branch = master AND type != pull_request' +jobs: + include: + ## Define the test stage that runs the linters (and testing matrix, if applicable) -install: - # setup ci for test formula - - export BUNDLE_GEMFILE=$PWD/Gemfile - - bundle install + # Run all of the linters in a single job + - language: 'node_js' + node_js: 'lts/*' + env: 'Lint' + name: 'Lint: salt-lint, yamllint, rubocop, shellcheck & commitlint' + before_install: 'skip' + script: + # Install and run `salt-lint` + - pip install --user salt-lint + - git ls-files -- '*.sls' '*.jinja' '*.j2' '*.tmpl' '*.tst' + | xargs salt-lint + # Install and run `yamllint` + # Need at least `v1.17.0` for the `yaml-files` setting + - pip install --user yamllint>=1.17.0 + - yamllint -s . + # Install and run `rubocop` + - gem install rubocop + - rubocop -d + # Run `shellcheck` (already pre-installed in Travis) + - shellcheck --version + - git ls-files -- '*.sh' '*.bash' '*.ksh' + | xargs shellcheck + # Install and run `commitlint` + - npm i -D @commitlint/config-conventional + @commitlint/travis-cli + - commitlint-travis -script: bundle exec kitchen verify ${INSTANCE} + ## Define the rest of the matrix based on Kitchen testing + # Make sure the instances listed below match up with + # the `platforms` defined in `kitchen.yml` + # - env: INSTANCE=tomcat-install-debian-10-master-py3 + - env: INSTANCE=tomcat-install-ubuntu-1804-master-py3 + # - env: INSTANCE=tomcat-extend-ubuntu-1804-master-py3 + # - env: INSTANCE=tomcat-install-centos-8-master-py3 + - env: INSTANCE=tomcat-install-fedora-31-master-py3 + - env: INSTANCE=tomcat-install-opensuse-leap-151-master-py3 + # - env: INSTANCE=tomcat-install-amazonlinux-2-master-py3 + # - env: INSTANCE=tomcat-install-arch-base-latest-master-py2 + # - env: INSTANCE=tomcat-install-debian-10-3000-1-py3 + # - env: INSTANCE=tomcat-install-ubuntu-1804-3000-1-py3 + # - env: INSTANCE=tomcat-install-centos-8-3000-1-py3 + # - env: INSTANCE=tomcat-install-fedora-31-3000-1-py3 + # - env: INSTANCE=tomcat-install-opensuse-leap-151-3000-1-py3 + - env: INSTANCE=tomcat-install-amazonlinux-2-3000-1-py3 + # - env: INSTANCE=tomcat-install-arch-base-latest-3000-1-py2 + # - env: INSTANCE=tomcat-install-debian-10-2019-2-py3 + - env: INSTANCE=tomcat-install-debian-9-2019-2-py3 + # - env: INSTANCE=tomcat-install-ubuntu-1804-2019-2-py3 + # - env: INSTANCE=tomcat-install-ubuntu-1604-2019-2-py3 + # - env: INSTANCE=tomcat-install-centos-8-2019-2-py3 + - env: INSTANCE=tomcat-install-centos-7-2019-2-py3 + # - env: INSTANCE=tomcat-install-fedora-31-2019-2-py3 + # - env: INSTANCE=tomcat-install-opensuse-leap-151-2019-2-py3 + # - env: INSTANCE=tomcat-install-amazonlinux-2-2019-2-py3 + # - env: INSTANCE=tomcat-install-ubuntu-1804-2019-2-py2 + # - env: INSTANCE=tomcat-install-amazonlinux-1-2019-2-py2 + # - env: INSTANCE=tomcat-install-arch-base-latest-2019-2-py2 + # - env: INSTANCE=tomcat-install-centos-7-2018-3-py3 + # - env: INSTANCE=tomcat-install-fedora-30-2018-3-py3 + # - env: INSTANCE=tomcat-install-debian-9-2018-3-py2 + # - env: INSTANCE=tomcat-install-debian-8-2018-3-py2 + # - env: INSTANCE=tomcat-install-ubuntu-1804-2018-3-py2 + # - env: INSTANCE=tomcat-install-ubuntu-1604-2018-3-py2 + # - env: INSTANCE=tomcat-install-centos-6-2018-3-py2 + # - env: INSTANCE=tomcat-install-opensuse-leap-151-2018-3-py2 + # - env: INSTANCE=tomcat-install-amazonlinux-1-2018-3-py2 + # - env: INSTANCE=tomcat-install-arch-base-latest-2018-3-py2 + + ## Define the release stage that runs `semantic-release` + - stage: 'release' + language: 'node_js' + node_js: 'lts/*' + env: 'Release' + name: 'Run semantic-release inc. file updates to AUTHORS, CHANGELOG & FORMULA' + before_install: 'skip' + script: + # Update `AUTHORS.md` + - export MAINTAINER_TOKEN=${GH_TOKEN} + - go get github.com/myii/maintainer + - maintainer contributor + + # Install all dependencies required for `semantic-release` + - npm i -D @semantic-release/changelog@3 + @semantic-release/exec@3 + @semantic-release/git@7 + deploy: + provider: 'script' + # Opt-in to `dpl v2` to complete the Travis build config validation (beta) + # * https://docs.travis-ci.com/user/build-config-validation + # Deprecated `skip_cleanup` can now be avoided, `cleanup: false` is by default + edge: true + # Run `semantic-release` + script: 'npx semantic-release@15.14' diff --git a/.yamllint b/.yamllint new file mode 100644 index 00000000..61c747d3 --- /dev/null +++ b/.yamllint @@ -0,0 +1,37 @@ +# -*- coding: utf-8 -*- +# vim: ft=yaml +--- +# Extend the `default` configuration provided by `yamllint` +extends: default + +# Files to ignore completely +# 1. All YAML files under directory `node_modules/`, introduced during the Travis run +# 2. Any SLS files under directory `test/`, which are actually state files +# 3. Any YAML files under directory `.kitchen/`, introduced during local testing +ignore: | + node_modules/ + test/**/states/**/*.sls + .kitchen/ + tomcat/osmap.yaml + +yaml-files: + # Default settings + - '*.yaml' + - '*.yml' + - .salt-lint + - .yamllint + # SaltStack Formulas additional settings + - '*.example' + - test/**/*.sls + +rules: + empty-values: + forbid-in-block-mappings: true + forbid-in-flow-mappings: true + line-length: + # Increase from default of `80` + # Based on https://github.com/PyCQA/flake8-bugbear#opinionated-warnings (`B950`) + max: 88 + octal-values: + forbid-implicit-octal: true + forbid-explicit-octal: true diff --git a/FORMULA b/FORMULA new file mode 100644 index 00000000..6a4b9f84 --- /dev/null +++ b/FORMULA @@ -0,0 +1,9 @@ +name: tomcat +os: Debian, Ubuntu, Raspbian, RedHat, Fedora, CentOS, Amazon, Suse, openSUSE, Gentoo, Funtoo, Arch, Manjaro, Alpine, FreeBSD, OpenBSD, Solaris, SmartOS, Windows, MacOS +os_family: Debian, RedHat, Suse, Gentoo, Arch, Alpine, FreeBSD, OpenBSD, Solaris, Windows, MacOS +version: 0.16.0 +release: 1 +minimum_version: 2017.7 +summary: tomcat formula +description: Formula to set up and configure tomcat webserver +top_level_dir: tomcat diff --git a/Gemfile b/Gemfile index 30fbf145..8da7a69a 100644 --- a/Gemfile +++ b/Gemfile @@ -1,18 +1,11 @@ -source 'https://rubygems.org' - -gem 'codeclimate-test-reporter', group: :test, require: nil -gem 'rake' -gem 'berkshelf', '~> 4.0' +# frozen_string_literal: true -group :integration do - gem 'test-kitchen' - gem 'kitchen-salt' - gem 'kitchen-inspec' -end - -group :docker do - gem 'kitchen-docker' -end +source 'https://rubygems.org' -# vi: set ft=ruby : -gem "kitchen-vagrant" \ No newline at end of file +gem 'kitchen-docker', '>= 2.9' +gem 'kitchen-inspec', '>= 1.1' +gem 'kitchen-salt', '>= 0.6.0' +# Latest versions of `train` cause failure when running `kitchen verify` +# Downgrading to `3.2.0` until this is fixed upstream +# https://github.com/inspec/train/pull/544#issuecomment-566055052 +gem 'train', '3.2.0' diff --git a/README.rst b/README.rst deleted file mode 100644 index 41975bea..00000000 --- a/README.rst +++ /dev/null @@ -1,62 +0,0 @@ -====== -tomcat -====== - -Formula to set up and configure tomcat webserver - -.. note:: - - See the full `Salt Formulas installation and usage instructions - `_. - -Available states -================ - -.. contents:: - :local: - -``tomcat`` ----------- - -Installs Tomcat and starts the service. The main configuration files are -not changed, and the distro's defaults are preserved as they come in the -package. - -``tomcat.config`` ------------------- - -Configures the configuration file. Sane defaults are provided for the major -Linux distros (Debian, RedHat, Arch) and their derivatives. - -``tomcat.native`` ------------------ - -Installs Apache Portable Runtime for Tomcat. Depends on ``tomcat.config`` -to manage the configuration. - -``tomcat.manager`` ------------------ - -Installs the host-manager and manager web applications for Apache Tomcat. - -``tomcat.vhosts`` ------------------- - -Configures Tomcat name-based virtual hosts using data from Pillar. - -``tomcat.expires`` ------------------- - -Configures Tomcat simple TCP cluster using data from Pillar. - -``tomcat.cluster`` ------------------- - -Enables Tomcats' ExpiresFilter using data from Pillar. - -``tomcat.context`` ------------------- - -Configures context element in the ``$CATALINA_BASE/conf/context.xml`` file: -the information in this file will be loaded by all web applications. -(Check the ``context`` examples in the ``pillar.example`` file for more information. diff --git a/Rakefile b/Rakefile index 340c55e8..5f66771d 100644 --- a/Rakefile +++ b/Rakefile @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'rake' require 'rake/testtask' require 'bundler/setup' @@ -28,4 +30,4 @@ begin Kitchen::RakeTasks.new rescue LoadError puts '>>>>> Kitchen gem not loaded, omitting tasks' unless ENV['CI'] -end \ No newline at end of file +end diff --git a/bin/kitchen b/bin/kitchen new file mode 100755 index 00000000..dcfdb4ca --- /dev/null +++ b/bin/kitchen @@ -0,0 +1,32 @@ +#!/usr/bin/env ruby +# frozen_string_literal: true + +# +# This file was generated by Bundler. +# +# The application 'kitchen' is installed as part of a gem, and +# this file is here to facilitate running it. +# + +require 'pathname' +ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../Gemfile', + Pathname.new(__FILE__).realpath) + +bundle_binstub = File.expand_path('bundle', __dir__) + +if File.file?(bundle_binstub) + if File.read(bundle_binstub, 300) =~ /This file was generated by Bundler/ + load(bundle_binstub) + else + abort( + 'Your `bin/bundle` was not generated by Bundler, '\ + 'so this binstub cannot run. Replace `bin/bundle` by running '\ + '`bundle binstubs bundler --force`, then run this command again.' + ) + end +end + +require 'rubygems' +require 'bundler/setup' + +load Gem.bin_path('test-kitchen', 'kitchen') diff --git a/commitlint.config.js b/commitlint.config.js new file mode 100644 index 00000000..2f9d1aa0 --- /dev/null +++ b/commitlint.config.js @@ -0,0 +1,3 @@ +module.exports = { + extends: ['@commitlint/config-conventional'], +}; diff --git a/docs/README.rst b/docs/README.rst new file mode 100644 index 00000000..41e0af9e --- /dev/null +++ b/docs/README.rst @@ -0,0 +1,145 @@ +.. _readme: + +tomcat +====== + +|img_travis| |img_sr| + +.. |img_travis| image:: https://travis-ci.com/saltstack-formulas/tomcat-formula.svg?branch=master + :alt: Travis CI Build Status + :scale: 100% + :target: https://travis-ci.com/saltstack-formulas/tomcat-formula +.. |img_sr| image:: https://img.shields.io/badge/%20%20%F0%9F%93%A6%F0%9F%9A%80-semantic--release-e10079.svg + :alt: Semantic Release + :scale: 100% + :target: https://github.com/semantic-release/semantic-release + +Formula to set up and configure tomcat webserver + +.. contents:: **Table of Contents** + +General notes +------------- + +See the full `SaltStack Formulas installation and usage instructions +`_. + +If you are interested in writing or contributing to formulas, please pay attention to the `Writing Formula Section +`_. + +If you want to use this formula, please pay attention to the ``FORMULA`` file and/or ``git tag``, +which contains the currently released version. This formula is versioned according to `Semantic Versioning `_. + +See `Formula Versioning Section `_ for more details. + +If you need (non-default) configuration, please pay attention to the ``pillar.example`` file and/or `Special notes`_ section. + +Contributing to this repo +------------------------- + +**Commit message formatting is significant!!** + +Please see `How to contribute `_ for more details. + +Special notes +------------- + +None + +Available states +---------------- + +.. contents:: + :local: + +``tomcat`` +^^^^^^^^^^ + +Installs Tomcat and starts the service. The main configuration files are +not changed, and the distro's defaults are preserved as they come in the +package. + +``tomcat.config`` +^^^^^^^^^^^^^^^^^ + +Configures the configuration file. Sane defaults are provided for the major +Linux distros (Debian, RedHat, Arch) and their derivatives. + +``tomcat.native`` +^^^^^^^^^^^^^^^^^ + +Installs Apache Portable Runtime for Tomcat. Depends on ``tomcat.config`` +to manage the configuration. + +``tomcat.manager`` +^^^^^^^^^^^^^^^^^^ + +Installs the host-manager and manager web applications for Apache Tomcat. + +``tomcat.vhosts`` +^^^^^^^^^^^^^^^^^ + +Configures Tomcat name-based virtual hosts using data from Pillar. + +``tomcat.expires`` +^^^^^^^^^^^^^^^^^^ + +Configures Tomcat simple TCP cluster using data from Pillar. + +``tomcat.cluster`` +^^^^^^^^^^^^^^^^^^ + +Enables Tomcats' ExpiresFilter using data from Pillar. + +``tomcat.context`` +^^^^^^^^^^^^^^^^^^ + +Configures context element in the ``$CATALINA_BASE/conf/context.xml`` file: +the information in this file will be loaded by all web applications. +(Check the ``context`` examples in the ``pillar.example`` file for more information. + +Testing +------- + +Linux testing is done with ``kitchen-salt``. + +Requirements +^^^^^^^^^^^^ + +* Ruby +* Docker + +.. code-block:: bash + + $ gem install bundler + $ bundle install + $ bin/kitchen test [platform] + +Where ``[platform]`` is the platform name defined in ``kitchen.yml``, +e.g. ``debian-9-2019-2-py3``. + +``bin/kitchen converge`` +^^^^^^^^^^^^^^^^^^^^^^^^ + +Creates the docker instance and runs the ``TEMPLATE`` main state, ready for testing. + +``bin/kitchen verify`` +^^^^^^^^^^^^^^^^^^^^^^ + +Runs the ``inspec`` tests on the actual instance. + +``bin/kitchen destroy`` +^^^^^^^^^^^^^^^^^^^^^^^ + +Removes the docker instance. + +``bin/kitchen test`` +^^^^^^^^^^^^^^^^^^^^ + +Runs all of the stages above in one go: i.e. ``destroy`` + ``converge`` + ``verify`` + ``destroy``. + +``bin/kitchen login`` +^^^^^^^^^^^^^^^^^^^^^ + +Gives you SSH access to the instance for manual testing. + diff --git a/kitchen.yml b/kitchen.yml new file mode 100644 index 00000000..4dc88243 --- /dev/null +++ b/kitchen.yml @@ -0,0 +1,212 @@ +# -*- coding: utf-8 -*- +# vim: ft=yaml +--- +# For help on this file's format, see https://kitchen.ci/ +driver: + name: docker + use_sudo: false + privileged: true + run_command: /lib/systemd/systemd + +# Make sure the platforms listed below match up with +# the `env.matrix` instances defined in `.travis.yml` +platforms: + ## SALT `master` + - name: debian-10-master-py3 + driver: + image: netmanagers/salt-master-py3:debian-10 + - name: ubuntu-1804-master-py3 + driver: + image: netmanagers/salt-master-py3:ubuntu-18.04 + - name: centos-8-master-py3 + driver: + image: netmanagers/salt-master-py3:centos-8 + - name: fedora-31-master-py3 + driver: + image: netmanagers/salt-master-py3:fedora-31 + - name: opensuse-leap-151-master-py3 + driver: + image: netmanagers/salt-master-py3:opensuse-leap-15.1 + run_command: /usr/lib/systemd/systemd + # Workaround to avoid intermittent failures on `opensuse-leap-15.1`: + # => SCP did not finish successfully (255): (Net::SCP::Error) + transport: + max_ssh_sessions: 1 + - name: amazonlinux-2-master-py3 + driver: + image: netmanagers/salt-master-py3:amazonlinux-2 + - name: arch-base-latest-master-py2 + driver: + image: netmanagers/salt-master-py2:arch-base-latest + run_command: /usr/lib/systemd/systemd + + ## SALT `3000.1` + - name: debian-10-3000-1-py3 + driver: + image: netmanagers/salt-3000.1-py3:debian-10 + - name: ubuntu-1804-3000-1-py3 + driver: + image: netmanagers/salt-3000.1-py3:ubuntu-18.04 + - name: centos-8-3000-1-py3 + driver: + image: netmanagers/salt-3000.1-py3:centos-8 + - name: fedora-31-3000-1-py3 + driver: + image: netmanagers/salt-3000.1-py3:fedora-31 + - name: opensuse-leap-151-3000-1-py3 + driver: + image: netmanagers/salt-3000.1-py3:opensuse-leap-15.1 + run_command: /usr/lib/systemd/systemd + # Workaround to avoid intermittent failures on `opensuse-leap-15.1`: + # => SCP did not finish successfully (255): (Net::SCP::Error) + transport: + max_ssh_sessions: 1 + - name: amazonlinux-2-3000-1-py3 + driver: + image: netmanagers/salt-3000.1-py3:amazonlinux-2 + - name: arch-base-latest-3000-1-py2 + driver: + image: netmanagers/salt-3000.1-py2:arch-base-latest + run_command: /usr/lib/systemd/systemd + + ## SALT `2019.2` + - name: debian-10-2019-2-py3 + driver: + image: netmanagers/salt-2019.2-py3:debian-10 + - name: debian-9-2019-2-py3 + driver: + image: netmanagers/salt-2019.2-py3:debian-9 + - name: ubuntu-1804-2019-2-py3 + driver: + image: netmanagers/salt-2019.2-py3:ubuntu-18.04 + - name: ubuntu-1604-2019-2-py3 + driver: + image: netmanagers/salt-2019.2-py3:ubuntu-16.04 + - name: centos-8-2019-2-py3 + driver: + image: netmanagers/salt-2019.2-py3:centos-8 + - name: centos-7-2019-2-py3 + driver: + image: netmanagers/salt-2019.2-py3:centos-7 + - name: fedora-31-2019-2-py3 + driver: + image: netmanagers/salt-2019.2-py3:fedora-31 + - name: opensuse-leap-151-2019-2-py3 + driver: + image: netmanagers/salt-2019.2-py3:opensuse-leap-15.1 + run_command: /usr/lib/systemd/systemd + # Workaround to avoid intermittent failures on `opensuse-leap-15.1`: + # => SCP did not finish successfully (255): (Net::SCP::Error) + transport: + max_ssh_sessions: 1 + - name: amazonlinux-2-2019-2-py3 + driver: + image: netmanagers/salt-2019.2-py3:amazonlinux-2 + - name: ubuntu-1804-2019-2-py2 + driver: + image: netmanagers/salt-2019.2-py2:ubuntu-18.04 + - name: amazonlinux-1-2019-2-py2 + driver: + image: netmanagers/salt-2019.2-py2:amazonlinux-1 + run_command: /sbin/init + - name: arch-base-latest-2019-2-py2 + driver: + image: netmanagers/salt-2019.2-py2:arch-base-latest + run_command: /usr/lib/systemd/systemd + + ## SALT `2018.3` + - name: centos-7-2018-3-py3 + driver: + image: netmanagers/salt-2018.3-py3:centos-7 + - name: fedora-30-2018-3-py3 + driver: + image: netmanagers/salt-2018.3-py3:fedora-30 + - name: debian-9-2018-3-py2 + driver: + image: netmanagers/salt-2018.3-py2:debian-9 + - name: debian-8-2018-3-py2 + driver: + image: netmanagers/salt-2018.3-py2:debian-8 + - name: ubuntu-1804-2018-3-py2 + driver: + image: netmanagers/salt-2018.3-py2:ubuntu-18.04 + - name: ubuntu-1604-2018-3-py2 + driver: + image: netmanagers/salt-2018.3-py2:ubuntu-16.04 + - name: centos-6-2018-3-py2 + driver: + image: netmanagers/salt-2018.3-py2:centos-6 + run_command: /sbin/init + - name: opensuse-leap-151-2018-3-py2 + driver: + image: netmanagers/salt-2018.3-py2:opensuse-leap-15.1 + run_command: /usr/lib/systemd/systemd + # Workaround to avoid intermittent failures on `opensuse-leap-15.1`: + # => SCP did not finish successfully (255): (Net::SCP::Error) + transport: + max_ssh_sessions: 1 + - name: amazonlinux-1-2018-3-py2 + driver: + image: netmanagers/salt-2018.3-py2:amazonlinux-1 + run_command: /sbin/init + - name: arch-base-latest-2018-3-py2 + driver: + image: netmanagers/salt-2018.3-py2:arch-base-latest + run_command: /usr/lib/systemd/systemd + +provisioner: + name: salt_solo + log_level: debug + salt_install: none + require_chef: false + formula: tomcat + salt_copy_filter: + - .kitchen + - .git + +verifier: + # https://www.inspec.io/ + name: inspec + sudo: true + # cli, documentation, html, progress, json, json-min, json-rspec, junit + reporter: + - cli + +suites: + - name: tomcat_install + provisioner: + state_top: + base: + '*': + - tomcat.yaml_dump + - tomcat + pillars: + top.sls: + base: + '*': + - tomcat + pillars_from_files: + tomcat.sls: pillar.example + verifier: + inspec_tests: + - path: test/integration/tomcat_install + - name: tomcat_extend + provisioner: + state_top: + base: + '*': + - tomcat.manager + - tomcat.vhosts + - tomcat.expires + - tomcat.context + - tomcat.cluster + pillars: + top.sls: + base: + '*': + - tomcat + pillars_from_files: + tomcat.sls: pillar.example + verifier: + inspec_tests: + - path: test/integration/tomcat_extend diff --git a/pillar.example b/pillar.example index 88ca3254..f361249b 100644 --- a/pillar.example +++ b/pillar.example @@ -1,211 +1,216 @@ -{% set host_name = salt['grains.get']('hostname') %} -{% set id = ['example.com','example.net'] %} - +# -*- coding: utf-8 -*- +# vim: ft=yaml +--- tomcat: - # The Tomcat version can be overridden like so. - # ver: 7 - security: 'no' - # The Java home directory can be overridden like so. - # java_home: '/usr/lib/jvm/default-java' + # The Tomcat version can be overridden like so. + # ver: 7 + security: 'no' + # The Java home directory can be overridden like so. + # java_home: '/usr/lib/jvm/default-java' - # Any parameter you may pass to the java app, you can pass it here, - # without the preceding dash. The template builds the correct JAVA_OPTS - # line, adding the dash. - # Java's parameter don't follow a pattern (that I can see), so I think it's - # the best way to build the string of opts. - java_opts: - - 'Djava.awt.headless=true' - - 'Xmx128m' - - 'XX:MaxPermSize=256m' + # Any parameter you may pass to the java app, you can pass it here, + # without the preceding dash. The template builds the correct JAVA_OPTS + # line, adding the dash. + # Java's parameter don't follow a pattern (that I can see), so I think it's + # the best way to build the string of opts. + java_opts: + - 'Djava.awt.headless=true' + - 'Xmx128m' + - 'XX:MaxPermSize=256m' # Change paths to correct locations - - 'Dlog4j.configuration=file:/tmp/log4j.properties' - - 'Dlogback.configurationFile=/tmp/logback.xml' - jsp_compiler: javac - logfile_days: 14 - logfile_compress: 1 - authbind: no - expires_when: '2 weeks' + - 'Dlog4j.configuration=file:/tmp/log4j.properties' + - 'Dlogback.configurationFile=/tmp/logback.xml' + jsp_compiler: javac + logfile_days: 14 + logfile_compress: 1 + authbind: 'no' + expires_when: '2 weeks' - ##important: False for Travis CI and maybe MacOS - service_running: False + # important: false for Travis CI and maybe MacOS + service_running: false - limit: - soft: 64000 - hard: 64000 - connectors: - example_connector: - port: 8443 - protocol: 'org.apache.coyote.http11.Http11Protocol' - connectionTimeout: 20000 - URIEncoding: 'UTF-8' - redirectPort: 8443 - maxHttpHeaderSize: 8192 - maxThreads: 150 - minSpareThreads: 25 - enableLookups: 'false' - disableUploadTimeout: 'true' - acceptCount: 100 - scheme: https - secure: 'true' - clientAuth: 'false' - sslProtocol: TLS - SSLEnabled: 'false' - #Change to realpath before setting "SSLEnabled: 'true'" - keystoreFile: '/path/to/keystoreFile' - keystorePass: 'somerandomtext' - sites: - {{ id[0] }}: #unique; used as salt ID and in template as {{ host_name }} if name is not declared - name: {{ host_name }} #for "Host name=" in server.xml. If not declared ID declaration will be used - appBase: ../webapps/myapp - path: '' - docBase: ../webapps/myapp - alias: www.{{ id[0] }} - host_parameters: - unpackWARs: "true" - autoDeploy: "true" - deployXML: "false" - reloadable: "true" - debug: 0 - {{ id[1] }}: - appBase: ../webapps/myapp2 - path: '' - docBase: ../webapps/myapp2 - alias: www.{{ id[1] }} - host_parameters: - unpackWARs: "true" - autoDeploy: "true" - reloadable: "true" - debug: 0 - valves: - - className: org.apache.catalina.valves.AccessLogValve - directory: logs - prefix: localhost_access_log. - fileDateFormat: yyyy-MM-dd-HH - suffix: .log - pattern: '%h %l %u %t "%m http://%v%U %H" %s %b "%{Referer}i" "%{User-Agent}i" %D' - - className: org.apache.catalina.authenticator.SingleSignOn - manager: - # This now supports multiple user acccounts and variable roles. + limit: + soft: 64000 + hard: 64000 + connectors: + example_connector: + port: 8443 + protocol: 'org.apache.coyote.http11.Http11Protocol' + connectionTimeout: 20000 + URIEncoding: 'UTF-8' + redirectPort: 8443 + maxHttpHeaderSize: 8192 + maxThreads: 150 + minSpareThreads: 25 + enableLookups: 'false' + disableUploadTimeout: 'true' + acceptCount: 100 + scheme: https + secure: 'true' + clientAuth: 'false' + sslProtocol: TLS + SSLEnabled: 'false' + # Change to realpath before setting "SSLEnabled: 'true'" + keystoreFile: '/path/to/keystoreFile' + keystorePass: 'somerandomtext' + sites: + # unique; used as salt ID and in template as `host_name` if + # `name` is not declared + example.com: + # for "Host name=" in server.xml. If not declared ID declaration will be used + name: 'tomcat-server' + appBase: ../webapps/myapp + path: '' + docBase: ../webapps/myapp + alias: www.example.com + host_parameters: + unpackWARs: "true" + autoDeploy: "true" + deployXML: "false" + reloadable: "true" + debug: 0 + example.net: + appBase: ../webapps/myapp2 + path: '' + docBase: ../webapps/myapp2 + alias: www.example.net + host_parameters: + unpackWARs: "true" + autoDeploy: "true" + reloadable: "true" + debug: 0 + valves: + - className: org.apache.catalina.valves.AccessLogValve + directory: logs + prefix: localhost_access_log. + fileDateFormat: yyyy-MM-dd-HH + suffix: .log + pattern: >- + %h %l %u %t "%m http://%v%U %H" %s %b + "%{Referer}i" "%{User-Agent}i" %D + - className: org.apache.catalina.authenticator.SingleSignOn + manager: + # This now supports multiple user acccounts and variable roles. + roles: + - manager-gui + - manager-script + - manager-jmx + - manager-status + users: + saltuser1: + passwd: RfgpE2iQwD + roles: manager-gui,manager-script,manager-jmx,manager-status + saltuser2: + passwd: RfgpE2iQwD + # Alternatively, roles can also be a list roles: - manager-gui - manager-script - manager-jmx - manager-status - users: - saltuser1: - passwd: RfgpE2iQwD - roles: manager-gui,manager-script,manager-jmx,manager-status - saltuser2: - passwd: RfgpE2iQwD - # Alternatively, roles can also be a list - roles: - - manager-gui - - manager-script - - manager-jmx - - manager-status - context: - # Let's you define multiple elements in the global context.xml file. - # The state does not try to be clever about the correctness of what you add here, - # just iterates over the dictionary of and generates entries - # in the file. Ie, the lines below will generate: - # - # - # - # - # - # - # - - Environment: - env.first: - name: env.first - value: first.text - type: java.lang.String - override: true - env.second: - name: env.second - value: second.value - type: some.other.type - override: false - Listener: - first: - className: org.apache.catalina.security.SecurityListener - second: - className: org.apache.catalina.core.AprLifecycleListener - SSLEngine: on - Resource: - jdbc: - name: jdbc/__postgres - auth: Container - type: javax.sql.DataSource - driverClassName: org.postgresql.Driver - url: jdbc:postgresql://db.server/dbname - user: dbuser - password: aycaramba! - maxActive: 20 - maxIdle: 10 - maxWait: -1 - ResourceLink: - any_name_here_will_be_ignored: - name: linkToGlobalResource - global: simpleValue - type: java.lang.Integer - other_contexts: - 'other-contexts': # will be available at 'tomcat.conf_dir/Catalina/localhost/context' - params: # parameters to the context itself. - docBase: /path/to/webapp - debug: 1 - reloadable: 'true' - crossContext: 'true' - elements: # elements take the same form as the default 'context' section above. - Resource: - jdbc: - name: jdbc/__postgres - auth: Container - type: javax.sql.DataSource - driverClassName: org.postgresql.Driver - url: jdbc:postgresql://db.server/dbname - user: dbuser - password: aycaramba! - maxActive: 20 - maxIdle: 10 - maxWait: -1 - - Resources: - PostResources: - className: org.apache.catalina.webresources.DirResourceSet - base: "/var/lib/tomcat8/appconfig" - webAppMount: "/WEB-INF/classes" - + context: + # Let's you define multiple elements in the global context.xml file. + # The state does not try to be clever about the correctness of what you add here, + # just iterates over the dictionary of and generates entries + # in the file. Ie, the lines below will generate: + # + # + # + # + # + # + # + Environment: + env.first: + name: env.first + value: first.text + type: java.lang.String + override: true + env.second: + name: env.second + value: second.value + type: some.other.type + override: false + Listener: + first: + className: org.apache.catalina.security.SecurityListener + second: + className: org.apache.catalina.core.AprLifecycleListener + SSLEngine: 'on' + Resource: + jdbc: + name: jdbc/__postgres + auth: Container + type: javax.sql.DataSource + driverClassName: org.postgresql.Driver + url: jdbc:postgresql://db.server/dbname + user: dbuser + password: aycaramba! + maxActive: 20 + maxIdle: 10 + maxWait: -1 + ResourceLink: + any_name_here_will_be_ignored: + name: linkToGlobalResource + global: simpleValue + type: java.lang.Integer + other_contexts: + # will be available at 'tomcat.conf_dir/Catalina/localhost/context' + 'other-contexts': + # parameters to the context itself. + params: + docBase: /path/to/webapp + debug: 1 + reloadable: 'true' + crossContext: 'true' + # elements take the same form as the default 'context' section above. + elements: + Resource: + jdbc: + name: jdbc/__postgres + auth: Container + type: javax.sql.DataSource + driverClassName: org.postgresql.Driver + url: jdbc:postgresql://db.server/dbname + user: dbuser + password: aycaramba! + maxActive: 20 + maxIdle: 10 + maxWait: -1 + Resources: + PostResources: + className: org.apache.catalina.webresources.DirResourceSet + base: "/var/lib/tomcat8/appconfig" + webAppMount: "/WEB-INF/classes" diff --git a/pre-commit_semantic-release.sh b/pre-commit_semantic-release.sh new file mode 100755 index 00000000..ba805352 --- /dev/null +++ b/pre-commit_semantic-release.sh @@ -0,0 +1,30 @@ +#!/bin/sh + +############################################################################### +# (A) Update `FORMULA` with `${nextRelease.version}` +############################################################################### +sed -i -e "s_^\(version:\).*_\1 ${1}_" FORMULA + + +############################################################################### +# (B) Use `m2r` to convert automatically produced `.md` docs to `.rst` +############################################################################### + +# Install `m2r` +sudo -H pip install m2r + +# Copy and then convert the `.md` docs +cp ./*.md docs/ +cd docs/ || exit +m2r --overwrite ./*.md + +# Change excess `H1` headings to `H2` in converted `CHANGELOG.rst` +sed -i -e '/^=.*$/s/=/-/g' CHANGELOG.rst +sed -i -e '1,4s/-/=/g' CHANGELOG.rst + +# Use for debugging output, when required +# cat AUTHORS.rst +# cat CHANGELOG.rst + +# Return back to the main directory +cd .. diff --git a/release-rules.js b/release-rules.js new file mode 100644 index 00000000..c63c850d --- /dev/null +++ b/release-rules.js @@ -0,0 +1,18 @@ +// No release is triggered for the types commented out below. +// Commits using these types will be incorporated into the next release. +// +// NOTE: Any changes here must be reflected in `CONTRIBUTING.md`. +module.exports = [ + {breaking: true, release: 'major'}, + // {type: 'build', release: 'patch'}, + // {type: 'chore', release: 'patch'}, + // {type: 'ci', release: 'patch'}, + {type: 'docs', release: 'patch'}, + {type: 'feat', release: 'minor'}, + {type: 'fix', release: 'patch'}, + {type: 'perf', release: 'patch'}, + {type: 'refactor', release: 'patch'}, + {type: 'revert', release: 'patch'}, + {type: 'style', release: 'patch'}, + {type: 'test', release: 'patch'}, +]; diff --git a/release.config.js b/release.config.js new file mode 100644 index 00000000..6af7aa8f --- /dev/null +++ b/release.config.js @@ -0,0 +1,106 @@ +module.exports = { + branch: 'master', + plugins: [ + ['@semantic-release/commit-analyzer', { + preset: 'angular', + releaseRules: './release-rules.js', + }], + '@semantic-release/release-notes-generator', + ['@semantic-release/changelog', { + changelogFile: 'CHANGELOG.md', + changelogTitle: '# Changelog', + }], + ['@semantic-release/exec', { + prepareCmd: 'sh ./pre-commit_semantic-release.sh ${nextRelease.version}', + }], + ['@semantic-release/git', { + assets: ['*.md', 'docs/*.rst', 'FORMULA'], + }], + '@semantic-release/github', + ], + generateNotes: { + preset: 'angular', + writerOpts: { + // Required due to upstream bug preventing all types being displayed. + // Bug: https://github.com/conventional-changelog/conventional-changelog/issues/317 + // Fix: https://github.com/conventional-changelog/conventional-changelog/pull/410 + transform: (commit, context) => { + const issues = [] + + commit.notes.forEach(note => { + note.title = `BREAKING CHANGES` + }) + + // NOTE: Any changes here must be reflected in `CONTRIBUTING.md`. + if (commit.type === `feat`) { + commit.type = `Features` + } else if (commit.type === `fix`) { + commit.type = `Bug Fixes` + } else if (commit.type === `perf`) { + commit.type = `Performance Improvements` + } else if (commit.type === `revert`) { + commit.type = `Reverts` + } else if (commit.type === `docs`) { + commit.type = `Documentation` + } else if (commit.type === `style`) { + commit.type = `Styles` + } else if (commit.type === `refactor`) { + commit.type = `Code Refactoring` + } else if (commit.type === `test`) { + commit.type = `Tests` + } else if (commit.type === `build`) { + commit.type = `Build System` + // } else if (commit.type === `chore`) { + // commit.type = `Maintenance` + } else if (commit.type === `ci`) { + commit.type = `Continuous Integration` + } else { + return + } + + if (commit.scope === `*`) { + commit.scope = `` + } + + if (typeof commit.hash === `string`) { + commit.shortHash = commit.hash.substring(0, 7) + } + + if (typeof commit.subject === `string`) { + let url = context.repository + ? `${context.host}/${context.owner}/${context.repository}` + : context.repoUrl + if (url) { + url = `${url}/issues/` + // Issue URLs. + commit.subject = commit.subject.replace(/#([0-9]+)/g, (_, issue) => { + issues.push(issue) + return `[#${issue}](${url}${issue})` + }) + } + if (context.host) { + // User URLs. + commit.subject = commit.subject.replace(/\B@([a-z0-9](?:-?[a-z0-9/]){0,38})/g, (_, username) => { + if (username.includes('/')) { + return `@${username}` + } + + return `[@${username}](${context.host}/${username})` + }) + } + } + + // remove references that already appear in the subject + commit.references = commit.references.filter(reference => { + if (issues.indexOf(reference.issue) === -1) { + return true + } + + return false + }) + + return commit + }, + }, + }, +}; diff --git a/test/integration/tomcat_extend/README.md b/test/integration/tomcat_extend/README.md new file mode 100644 index 00000000..c0f5e1b4 --- /dev/null +++ b/test/integration/tomcat_extend/README.md @@ -0,0 +1,50 @@ +# InSpec Profile: `tomcat_extend` + +This shows the implementation of the `tomcat_extend` InSpec [profile](https://github.com/inspec/inspec/blob/master/docs/profiles.md). + +## Verify a profile + +InSpec ships with built-in features to verify a profile structure. + +```bash +$ inspec check tomcat_extend +Summary +------- +Location: tomcat_extend +Profile: profile +Controls: 4 +Timestamp: 2019-06-24T23:09:01+00:00 +Valid: true + +Errors +------ + +Warnings +-------- +``` + +## Execute a profile + +To run all **supported** controls on a local machine use `inspec exec /path/to/profile`. + +```bash +$ inspec exec tomcat_extend +.. + +Finished in 0.0025 seconds (files took 0.12449 seconds to load) +8 examples, 0 failures +``` + +## Execute a specific control from a profile + +To run one control from the profile use `inspec exec /path/to/profile --controls name`. + +```bash +$ inspec exec tomcat_extend --controls package +. + +Finished in 0.0025 seconds (files took 0.12449 seconds to load) +1 examples, 0 failures +``` + +See an [example control here](https://github.com/inspec/inspec/blob/master/examples/profile/controls/example.rb). diff --git a/test/integration/tomcat_extend/inspec.yml b/test/integration/tomcat_extend/inspec.yml new file mode 100644 index 00000000..886f4086 --- /dev/null +++ b/test/integration/tomcat_extend/inspec.yml @@ -0,0 +1,18 @@ +# -*- coding: utf-8 -*- +# vim: ft=yaml +--- +name: tomcat_extend +title: tomcat formula +maintainer: SaltStack Formulas +license: Apache-2.0 +summary: Verify that the extended tomcat configuration takes place correctly +supports: + - platform-name: debian + - platform-name: ubuntu + - platform-name: centos + - platform-name: fedora + - platform-name: opensuse + - platform-name: suse + - platform-name: freebsd + - platform-name: amazon + - platform-name: arch diff --git a/test/integration/tomcat_install/README.md b/test/integration/tomcat_install/README.md new file mode 100644 index 00000000..2f6c6d9b --- /dev/null +++ b/test/integration/tomcat_install/README.md @@ -0,0 +1,50 @@ +# InSpec Profile: `tomcat_install` + +This shows the implementation of the `tomcat_install` InSpec [profile](https://github.com/inspec/inspec/blob/master/docs/profiles.md). + +## Verify a profile + +InSpec ships with built-in features to verify a profile structure. + +```bash +$ inspec check tomcat_install +Summary +------- +Location: tomcat_install +Profile: profile +Controls: 4 +Timestamp: 2019-06-24T23:09:01+00:00 +Valid: true + +Errors +------ + +Warnings +-------- +``` + +## Execute a profile + +To run all **supported** controls on a local machine use `inspec exec /path/to/profile`. + +```bash +$ inspec exec tomcat_install +.. + +Finished in 0.0025 seconds (files took 0.12449 seconds to load) +8 examples, 0 failures +``` + +## Execute a specific control from a profile + +To run one control from the profile use `inspec exec /path/to/profile --controls name`. + +```bash +$ inspec exec tomcat_install --controls package +. + +Finished in 0.0025 seconds (files took 0.12449 seconds to load) +1 examples, 0 failures +``` + +See an [example control here](https://github.com/inspec/inspec/blob/master/examples/profile/controls/example.rb). diff --git a/test/integration/tomcat_install/controls/packages_spec.rb b/test/integration/tomcat_install/controls/packages_spec.rb new file mode 100644 index 00000000..a5190b70 --- /dev/null +++ b/test/integration/tomcat_install/controls/packages_spec.rb @@ -0,0 +1,20 @@ +# frozen_string_literal: true + +control 'Tomcat packages' do + title 'should be installed' + + # Overide by platform + packages = + case platform[:family] + when 'debian' + %w[tomcat8 haveged] + when 'redhat', 'fedora', 'suse' + %w[tomcat] + end + + packages.each do |p| + describe package(p) do + it { should be_installed } + end + end +end diff --git a/test/integration/tomcat_install/controls/services_spec.rb b/test/integration/tomcat_install/controls/services_spec.rb new file mode 100644 index 00000000..088a70e6 --- /dev/null +++ b/test/integration/tomcat_install/controls/services_spec.rb @@ -0,0 +1,23 @@ +# frozen_string_literal: true + +control 'Tomcat services' do + impact 0.5 + title 'should be installed, enabled and running' + + # Overide by platform + services = + case platform[:family] + when 'debian' + %w[tomcat8 haveged] + when 'redhat', 'fedora', 'suse' + %w[tomcat] + end + + services.each do |s| + describe service(s) do + it { should be_installed } + it { should be_enabled } + it { should be_running } unless %w[haveged].include?(s) + end + end +end diff --git a/test/integration/tomcat_install/controls/yaml_dump_spec.rb b/test/integration/tomcat_install/controls/yaml_dump_spec.rb new file mode 100644 index 00000000..b27838a2 --- /dev/null +++ b/test/integration/tomcat_install/controls/yaml_dump_spec.rb @@ -0,0 +1,533 @@ +# frozen_string_literal: true + +control 'Tomcat `map.jinja` YAML dump' do + title 'should contain the lines' + + yaml_dump = "---\n" + yaml_dump += + case platform[:family] + when 'debian' + <<~YAML_DUMP.chomp + authbind: 'no' + catalina_base: /usr/share/tomcat + catalina_home: /usr/share/tomcat + catalina_pid: /var/run/tomcat.pid + catalina_tmpdir: /var/cache/tomcat/temp + cluster: + simple: true + conf_dir: /etc/tomcat8 + connectors: + example_connector: + port: 8443 + protocol: org.apache.coyote.http11.Http11Protocol + connectionTimeout: 20000 + URIEncoding: UTF-8 + redirectPort: 8443 + maxHttpHeaderSize: 8192 + maxThreads: 150 + minSpareThreads: 25 + enableLookups: 'false' + disableUploadTimeout: 'true' + acceptCount: 100 + scheme: https + secure: 'true' + clientAuth: 'false' + sslProtocol: TLS + SSLEnabled: 'false' + keystoreFile: /path/to/keystoreFile + keystorePass: somerandomtext + context: + Environment: + env.first: + name: env.first + value: first.text + type: java.lang.String + override: true + env.second: + name: env.second + value: second.value + type: some.other.type + override: false + Listener: + first: + className: org.apache.catalina.security.SecurityListener + second: + className: org.apache.catalina.core.AprLifecycleListener + SSLEngine: 'on' + Resource: + jdbc: + name: jdbc/__postgres + auth: Container + type: javax.sql.DataSource + driverClassName: org.postgresql.Driver + url: jdbc:postgresql://db.server/dbname + user: dbuser + password: aycaramba! + maxActive: 20 + maxIdle: 10 + maxWait: -1 + ResourceLink: + any_name_here_will_be_ignored: + name: linkToGlobalResource + global: simpleValue + type: java.lang.Integer + expires_when: 2 weeks + group: tomcat8 + haveged_enabled: true + id: + - example.com + - example.net + java_home: /usr/lib/jvm/default-java + java_opts: + - Djava.awt.headless=true + - Xmx128m + - XX:MaxPermSize=256m + - Dlog4j.configuration=file:/tmp/log4j.properties + - Dlogback.configurationFile=/tmp/logback.xml + jsp_compiler: javac + jvm_tmp: /tmp/tomcat + limit: + hard: 64000 + soft: 64000 + logfile_compress: 1 + logfile_days: 14 + main_config: /etc/default/tomcat8 + main_config_template: salt://tomcat/files/tomcat-default-Debian.template + manager: + roles: + - manager-gui + - manager-script + - manager-jmx + - manager-status + users: + saltuser1: + passwd: RfgpE2iQwD + roles: manager-gui,manager-script,manager-jmx,manager-status + saltuser2: + passwd: RfgpE2iQwD + roles: + - manager-gui + - manager-script + - manager-jmx + - manager-status + manager_pkg: tomcat8-admin + native_pkg: libtcnative-1 + other_contexts: + other-contexts: + params: + docBase: /path/to/webapp + debug: 1 + reloadable: 'true' + crossContext: 'true' + elements: + Resource: + jdbc: + name: jdbc/__postgres + auth: Container + type: javax.sql.DataSource + driverClassName: org.postgresql.Driver + url: jdbc:postgresql://db.server/dbname + user: dbuser + password: aycaramba! + maxActive: 20 + maxIdle: 10 + maxWait: -1 + Resources: + PostResources: + className: org.apache.catalina.webresources.DirResourceSet + base: /var/lib/tomcat8/appconfig + webAppMount: /WEB-INF/classes + pkg: tomcat8 + resources: {} + security: 'no' + service: tomcat8 + service_enabled: true + service_running: false + sites: + example.com: + name: tomcat-server + appBase: ../webapps/myapp + path: '' + docBase: ../webapps/myapp + alias: www.example.com + host_parameters: + unpackWARs: 'true' + autoDeploy: 'true' + deployXML: 'false' + reloadable: 'true' + debug: 0 + example.net: + appBase: ../webapps/myapp2 + path: '' + docBase: ../webapps/myapp2 + alias: www.example.net + host_parameters: + unpackWARs: 'true' + autoDeploy: 'true' + reloadable: 'true' + debug: 0 + valves: + - className: org.apache.catalina.valves.AccessLogValve + directory: logs + prefix: localhost_access_log. + fileDateFormat: yyyy-MM-dd-HH + suffix: .log + pattern: '%h %l %u %t "%m http://%v%U %H" %s %b "%{Referer}i" + "%{User-Agent}i" %D' + - className: org.apache.catalina.authenticator.SingleSignOn + user: tomcat8 + ver: 8 + with_haveged: true + YAML_DUMP + when 'redhat', 'fedora' + <<~YAML_DUMP.chomp + authbind: 'no' + catalina_base: /usr/share/tomcat + catalina_home: /usr/share/tomcat + catalina_pid: /var/run/tomcat.pid + catalina_tmpdir: /var/cache/tomcat/temp + cluster: + simple: true + conf_dir: /etc/tomcat + connectors: + example_connector: + port: 8443 + protocol: org.apache.coyote.http11.Http11Protocol + connectionTimeout: 20000 + URIEncoding: UTF-8 + redirectPort: 8443 + maxHttpHeaderSize: 8192 + maxThreads: 150 + minSpareThreads: 25 + enableLookups: 'false' + disableUploadTimeout: 'true' + acceptCount: 100 + scheme: https + secure: 'true' + clientAuth: 'false' + sslProtocol: TLS + SSLEnabled: 'false' + keystoreFile: /path/to/keystoreFile + keystorePass: somerandomtext + context: + Environment: + env.first: + name: env.first + value: first.text + type: java.lang.String + override: true + env.second: + name: env.second + value: second.value + type: some.other.type + override: false + Listener: + first: + className: org.apache.catalina.security.SecurityListener + second: + className: org.apache.catalina.core.AprLifecycleListener + SSLEngine: 'on' + Resource: + jdbc: + name: jdbc/__postgres + auth: Container + type: javax.sql.DataSource + driverClassName: org.postgresql.Driver + url: jdbc:postgresql://db.server/dbname + user: dbuser + password: aycaramba! + maxActive: 20 + maxIdle: 10 + maxWait: -1 + ResourceLink: + any_name_here_will_be_ignored: + name: linkToGlobalResource + global: simpleValue + type: java.lang.Integer + expires_when: 2 weeks + group: tomcat + haveged_enabled: false + id: + - example.com + - example.net + java_home: /usr/lib/jvm/jre + java_opts: + - Djava.awt.headless=true + - Xmx128m + - XX:MaxPermSize=256m + - Dlog4j.configuration=file:/tmp/log4j.properties + - Dlogback.configurationFile=/tmp/logback.xml + jsp_compiler: javac + jvm_tmp: /tmp/tomcat + limit: + hard: 64000 + soft: 64000 + logfile_compress: 1 + logfile_days: 14 + main_config: /etc/sysconfig/tomcat + main_config_template: salt://tomcat/files/tomcat-default-CentOS.template + manager: + roles: + - manager-gui + - manager-script + - manager-jmx + - manager-status + users: + saltuser1: + passwd: RfgpE2iQwD + roles: manager-gui,manager-script,manager-jmx,manager-status + saltuser2: + passwd: RfgpE2iQwD + roles: + - manager-gui + - manager-script + - manager-jmx + - manager-status + manager_pkg: tomcat-admin-webapps + native_pkg: tomcat-native + other_contexts: + other-contexts: + params: + docBase: /path/to/webapp + debug: 1 + reloadable: 'true' + crossContext: 'true' + elements: + Resource: + jdbc: + name: jdbc/__postgres + auth: Container + type: javax.sql.DataSource + driverClassName: org.postgresql.Driver + url: jdbc:postgresql://db.server/dbname + user: dbuser + password: aycaramba! + maxActive: 20 + maxIdle: 10 + maxWait: -1 + Resources: + PostResources: + className: org.apache.catalina.webresources.DirResourceSet + base: /var/lib/tomcat8/appconfig + webAppMount: /WEB-INF/classes + pkg: tomcat + resources: {} + security: 'no' + service: tomcat + service_enabled: true + service_running: false + sites: + example.com: + name: tomcat-server + appBase: ../webapps/myapp + path: '' + docBase: ../webapps/myapp + alias: www.example.com + host_parameters: + unpackWARs: 'true' + autoDeploy: 'true' + deployXML: 'false' + reloadable: 'true' + debug: 0 + example.net: + appBase: ../webapps/myapp2 + path: '' + docBase: ../webapps/myapp2 + alias: www.example.net + host_parameters: + unpackWARs: 'true' + autoDeploy: 'true' + reloadable: 'true' + debug: 0 + valves: + - className: org.apache.catalina.valves.AccessLogValve + directory: logs + prefix: localhost_access_log. + fileDateFormat: yyyy-MM-dd-HH + suffix: .log + pattern: '%h %l %u %t "%m http://%v%U %H" %s %b "%{Referer}i" + "%{User-Agent}i" %D' + - className: org.apache.catalina.authenticator.SingleSignOn + user: tomcat + ver: 7 + with_haveged: false + YAML_DUMP + when 'suse' + <<~YAML_DUMP.chomp + authbind: 'no' + catalina_base: /usr/share/tomcat + catalina_home: /usr/share/tomcat + catalina_pid: /var/run/tomcat.pid + catalina_tmpdir: /var/cache/tomcat/temp + cluster: + simple: true + conf_dir: /etc/tomcat + connectors: + example_connector: + port: 8443 + protocol: org.apache.coyote.http11.Http11Protocol + connectionTimeout: 20000 + URIEncoding: UTF-8 + redirectPort: 8443 + maxHttpHeaderSize: 8192 + maxThreads: 150 + minSpareThreads: 25 + enableLookups: 'false' + disableUploadTimeout: 'true' + acceptCount: 100 + scheme: https + secure: 'true' + clientAuth: 'false' + sslProtocol: TLS + SSLEnabled: 'false' + keystoreFile: /path/to/keystoreFile + keystorePass: somerandomtext + context: + Environment: + env.first: + name: env.first + value: first.text + type: java.lang.String + override: true + env.second: + name: env.second + value: second.value + type: some.other.type + override: false + Listener: + first: + className: org.apache.catalina.security.SecurityListener + second: + className: org.apache.catalina.core.AprLifecycleListener + SSLEngine: 'on' + Resource: + jdbc: + name: jdbc/__postgres + auth: Container + type: javax.sql.DataSource + driverClassName: org.postgresql.Driver + url: jdbc:postgresql://db.server/dbname + user: dbuser + password: aycaramba! + maxActive: 20 + maxIdle: 10 + maxWait: -1 + ResourceLink: + any_name_here_will_be_ignored: + name: linkToGlobalResource + global: simpleValue + type: java.lang.Integer + expires_when: 2 weeks + group: tomcat + haveged_enabled: false + id: + - example.com + - example.net + java_home: /usr/lib/jvm/jre + java_opts: + - Djava.awt.headless=true + - Xmx128m + - XX:MaxPermSize=256m + - Dlog4j.configuration=file:/tmp/log4j.properties + - Dlogback.configurationFile=/tmp/logback.xml + jsp_compiler: javac + jvm_tmp: /tmp/tomcat + limit: + hard: 64000 + soft: 64000 + logfile_compress: 1 + logfile_days: 14 + main_config: /etc/sysconfig/tomcat + main_config_template: salt://tomcat/files/tomcat-default-CentOS.template + manager: + roles: + - manager-gui + - manager-script + - manager-jmx + - manager-status + users: + saltuser1: + passwd: RfgpE2iQwD + roles: manager-gui,manager-script,manager-jmx,manager-status + saltuser2: + passwd: RfgpE2iQwD + roles: + - manager-gui + - manager-script + - manager-jmx + - manager-status + manager_pkg: tomcat-admin-webapps + native_pkg: libtcnative-1-0 + other_contexts: + other-contexts: + params: + docBase: /path/to/webapp + debug: 1 + reloadable: 'true' + crossContext: 'true' + elements: + Resource: + jdbc: + name: jdbc/__postgres + auth: Container + type: javax.sql.DataSource + driverClassName: org.postgresql.Driver + url: jdbc:postgresql://db.server/dbname + user: dbuser + password: aycaramba! + maxActive: 20 + maxIdle: 10 + maxWait: -1 + Resources: + PostResources: + className: org.apache.catalina.webresources.DirResourceSet + base: /var/lib/tomcat8/appconfig + webAppMount: /WEB-INF/classes + pkg: tomcat + resources: {} + security: 'no' + service: tomcat + service_enabled: true + service_running: false + sites: + example.com: + name: tomcat-server + appBase: ../webapps/myapp + path: '' + docBase: ../webapps/myapp + alias: www.example.com + host_parameters: + unpackWARs: 'true' + autoDeploy: 'true' + deployXML: 'false' + reloadable: 'true' + debug: 0 + example.net: + appBase: ../webapps/myapp2 + path: '' + docBase: ../webapps/myapp2 + alias: www.example.net + host_parameters: + unpackWARs: 'true' + autoDeploy: 'true' + reloadable: 'true' + debug: 0 + valves: + - className: org.apache.catalina.valves.AccessLogValve + directory: logs + prefix: localhost_access_log. + fileDateFormat: yyyy-MM-dd-HH + suffix: .log + pattern: '%h %l %u %t "%m http://%v%U %H" %s %b "%{Referer}i" + "%{User-Agent}i" %D' + - className: org.apache.catalina.authenticator.SingleSignOn + user: tomcat + ver: 8 + with_haveged: false + YAML_DUMP + end + + describe file('/tmp/salt_yaml_dump.yaml') do + its('content') { should include yaml_dump } + end +end diff --git a/test/integration/tomcat_install/inspec.yml b/test/integration/tomcat_install/inspec.yml new file mode 100644 index 00000000..f7a8285e --- /dev/null +++ b/test/integration/tomcat_install/inspec.yml @@ -0,0 +1,18 @@ +# -*- coding: utf-8 -*- +# vim: ft=yaml +--- +name: tomcat_install +title: tomcat formula +maintainer: SaltStack Formulas +license: Apache-2.0 +summary: Verify that the tomcat formula is setup and configured correctly +supports: + - platform-name: debian + - platform-name: ubuntu + - platform-name: centos + - platform-name: fedora + - platform-name: opensuse + - platform-name: suse + - platform-name: freebsd + - platform-name: amazon + - platform-name: arch diff --git a/test/shared/spec_helper.rb b/test/shared/spec_helper.rb index d62fc6df..8783d38f 100644 --- a/test/shared/spec_helper.rb +++ b/test/shared/spec_helper.rb @@ -1,9 +1,11 @@ -require "serverspec" -require "pathname" +# frozen_string_literal: true + +require 'serverspec' +require 'pathname' # Set backend type set :backend, :exec RSpec.configure do |c| - c.path = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + c.path = '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin' end diff --git a/tomcat/codenamemap.yaml b/tomcat/codenamemap.yaml index 1579a27d..9e4d1498 100644 --- a/tomcat/codenamemap.yaml +++ b/tomcat/codenamemap.yaml @@ -1,3 +1,6 @@ +# -*- coding: utf-8 -*- +# vim: ft=yaml +--- trusty: ver: 7 pkg: tomcat7 diff --git a/tomcat/defaults.yaml b/tomcat/defaults.yaml index d1c45175..e08d0aea 100644 --- a/tomcat/defaults.yaml +++ b/tomcat/defaults.yaml @@ -1,5 +1,6 @@ # -*- coding: utf-8 -*- # vim: ft=yaml +--- tomcat: pkg: tomcat ver: 7 @@ -9,7 +10,7 @@ tomcat: main_config: /etc/sysconfig/tomcat service: tomcat service_enabled: true - service_running: true #reserved for Travis CI and maybe MacOS + service_running: true # reserved for Travis CI and maybe MacOS user: tomcat group: tomcat java_home: /usr/lib/jvm/jre @@ -25,8 +26,8 @@ tomcat: sites: {} resources: {} - #Relocated from pillar.example - id: ['example.com','example.net'] + # Relocated from pillar.example + id: ['example.com', 'example.net'] jvm_tmp: /tmp/tomcat cluster: simple: true @@ -34,5 +35,5 @@ tomcat: catalina_base: /usr/share/tomcat catalina_home: /usr/share/tomcat catalina_pid: /var/run/tomcat.pid - #Used by generic 'tomcat-default-CentOS.template' + # Used by generic 'tomcat-default-CentOS.template' catalina_tmpdir: /var/cache/tomcat/temp diff --git a/tomcat/init.sls b/tomcat/init.sls index ff7d8a69..0b59c6c9 100644 --- a/tomcat/init.sls +++ b/tomcat/init.sls @@ -46,7 +46,7 @@ tomcat package installed and service running: - watch: - pkg: tomcat package installed and service running {% if grains.os == 'MacOS' %} - - unless: {{tomcat.ver|int > 8 }} ##no plist file shipped with Tomcat9 + - unless: {{ tomcat.ver|int > 8 }} ##no plist file shipped with Tomcat9 {% elif tomcat.with_haveged %} # To install haveged in centos you need the EPEL repository # There is no haveged in MacOS @@ -60,5 +60,5 @@ tomcat haveged package installed and service running: - watch: - pkg: tomcat haveged package installed and service running - require_in: - - service: tomcat package installed and service running + - service: tomcat package installed and service running {% endif %} diff --git a/tomcat/native.sls b/tomcat/native.sls index 320df65c..75482654 100644 --- a/tomcat/native.sls +++ b/tomcat/native.sls @@ -19,5 +19,5 @@ tomcat 200_server_xml: tomcat /usr/lib/libtcnative-1.so: file.symlink: - name: /usr/lib/libtcnative-1.so - - target: /usr/lib/{{grains['cpuarch']}}-linux-gnu/libtcnative-1.so + - target: /usr/lib/{{ grains['cpuarch'] }}-linux-gnu/libtcnative-1.so {% endif %} diff --git a/tomcat/osmap.yaml b/tomcat/osmap.yaml index 9e797f8f..bc5bcd98 100644 --- a/tomcat/osmap.yaml +++ b/tomcat/osmap.yaml @@ -1,5 +1,6 @@ # -*- coding: utf-8 -*- # vim: ft=yaml +--- Debian: ver: 8 pkg: tomcat8 @@ -51,18 +52,20 @@ Arch: catalina_pid: /var/run/tomcat8.pid catalina_base: /usr/share/tomcat8 catalina_home: /usr/share/tomcat8 - #Not used on Arch - manager_pkg: + # Not used on Arch + manager_pkg: '' - {%- if grains.os == 'MacOS' %} +{%- if grains.os == 'MacOS' %} +{%- if salt['cmd.run']('/usr/libexec/java_home -F', output_loglevel="quiet") == 0 %} +{%- set darwin_javahome = salt['cmd.run']('/usr/libexec/java_home') %} +{%- else %} +{%- set darwin_javahome = "" %} +{%- endif %} MacOS: - {% if salt['cmd.run']('/usr/libexec/java_home -F', output_loglevel="quiet") == 0 %} - {% set darwin_javahome = salt['cmd.run']('/usr/libexec/java_home') %} - {% else %} - {% set darwin_javahome = "" %} - {% endif %} + # yamllint disable rule:line-length user: {{ salt['pillar.get']('tomcat:user', salt['cmd.run']("stat -f '%Su' /dev/console")) }} group: {{ salt['pillar.get']('tomcat:group', salt['cmd.run']("stat -f '%Sg' /dev/console")) }} + # yamllint enable rule:line-length java_home: {{ darwin_javahome }} service: homebrew.mxcl.tomcat @@ -78,13 +81,13 @@ MacOS: catalina_home: /usr/local/opt/tomcat/libexec catalina_tmpdir: /usr/local/opt/tomcat/libexec/temp - #Not used on Darwin - manager_pkg: + # Not used on Darwin + manager_pkg: '' with_haveged: false haveged_enabled: false - #Not verified on Darwin + # Not verified on Darwin cluster: simple: false - {% endif %} +{%- endif %} diff --git a/tomcat/yaml_dump/init.sls b/tomcat/yaml_dump/init.sls new file mode 100644 index 00000000..6a088011 --- /dev/null +++ b/tomcat/yaml_dump/init.sls @@ -0,0 +1,16 @@ +# -*- coding: utf-8 -*- +# vim: ft=sls +--- +{#- Get the `tplroot` from `tpldir` #} +{%- set tplroot = tpldir.split('/')[0] %} +{%- from tplroot ~ "/map.jinja" import tomcat as map with context %} + +{%- set output_file = '/tmp/salt_yaml_dump.yaml' %} + +yaml-dump-{{ tplroot }}: + file.managed: + - name: {{ output_file }} + - source: salt://{{ tplroot }}/yaml_dump/yaml_dump.jinja + - template: jinja + - context: + map: {{ map | yaml }} diff --git a/tomcat/yaml_dump/yaml_dump.jinja b/tomcat/yaml_dump/yaml_dump.jinja new file mode 100644 index 00000000..300b464e --- /dev/null +++ b/tomcat/yaml_dump/yaml_dump.jinja @@ -0,0 +1,4 @@ +# yamllint disable rule:indentation rule:line-length +# {{ grains.get('osfinger', grains.os) }}-{{ grains.saltversion }}-py{{ grains.pythonversion[0] }} +--- +{{ map|yaml(False)|trim }}