(CAT-2111) - Add puppet-modulebuilder deps first to pdk #922
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Prior to this commit, pathspec (which is a runtime dependency of puppet-modubuilder) was added as a component after the puppet-modulebuilder gem, which I don't believe is correct. This commit updates the puppet-modulebuilder gem to be pulled in after its dependencies.
david22swan
approved these changes
Oct 22, 2024
david22swan
changed the title
|
Test validation proof: #########################
# BEFORE airgapping
#########################
# download the PDK
/var/folders/b7/dgmr_0jd1g5cx8phg63sjxhm0000gs/T/orbstack-open-terminal_55F1E633.sh; exit
Last login: Mon Oct 21 18:12:30 on ttys024
gavin.didrichsen@DEV-Didrichsen ~ % /var/folders/b7/dgmr_0jd1g5cx8phg63sjxhm0000
gs/T/orbstack-open-terminal_55F1E633.sh; exit
[gavin.didrichsen@rocky9-airgap gavin.didrichsen]$ sudo su - root
[root@rocky9-airgap ~]# curl -JLO http://builds.delivery.puppetlabs.net/pdk/d3cecd4e63534039d620f244bce6dba8e298123b/artifacts/el/9/products/x86_64/pdk-3.3.0.1.17.gd3cecd4-1.el9.x86_64.rpm
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 87.6M 100 87.6M 0 0 391k 0 0:03:49 0:03:49 --:--:-- 442k
# (2) verify connectivity to outside world
[root@rocky9-airgap ~]# curl -I www.google.com
HTTP/1.1 200 OK
Content-Type: text/html; charset=ISO-8859-1
Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-8DSodNlLWEcDvWzS3T_vBQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
Date: Tue, 22 Oct 2024 13:17:52 GMT
Server: gws
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Transfer-Encoding: chunked
Expires: Tue, 22 Oct 2024 13:17:52 GMT
Cache-Control: private
Set-Cookie: AEC=AVYB7coccynW2CnBp2_oioHYZ1HrbB62U1Or626Tpio1E2DsQQ4B_q6r2pM; expires=Sun, 20-Apr-2025 13:17:52 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
# Install nftables so that we can apply firewall rules
[root@rocky9-airgap ~]# dnf install nftables
# Verify no rules yet applied
[root@rocky9-airgap ~]# nft list ruleset
# Create rules only allowing port 22 so that we can ssh onto VM
[root@rocky9-airgap ~]# vi airgap.nft
[root@rocky9-airgap ~]# cat airgap.nft
table inet filter {
chain output {
type filter hook output priority 0; policy accept;
# Allow outgoing SSH connections
tcp dport 22 accept
# Allow established and related connections
ct state established,related accept
# Drop all other outgoing traffic
drop
}
}
# apply the rules
[root@rocky9-airgap ~]# nft -f airgap.nft
#########################
# AFTER airgapping
#########################
# verify the airgap rules have been applied
[root@rocky9-airgap ~]# nft list ruleset
table inet filter {
chain output {
type filter hook output priority filter; policy accept;
tcp dport 22 accept
ct state established,related accept
drop
}
}
# verify no connection to outside world
[root@rocky9-airgap ~]# curl -I www.google.com
curl: (6) Could not resolve host: www.google.com
# install pdk via rpm
[root@rocky9-airgap ~]# which pdk
-bash: which: command not found
[root@rocky9-airgap ~]# rpm -i pdk-3.3.0.1.17.gd3cecd4-1.el9.x86_64.rpm
warning: pdk-3.3.0.1.17.gd3cecd4-1.el9.x86_64.rpm: Header V4 RSA/SHA512 Signature, key ID 9e61ef26: NOKEY
[root@rocky9-airgap ~]# pdk --version
3.3.0 (gd3cecd4)
[root@rocky9-airgap ~]#
# create a new module
[root@rocky9-airgap ~]#
[root@rocky9-airgap ~]# pdk new module airgapper
pdk (INFO): Creating new module: airgapper
We need to create the metadata.json file for this module, so we're going to ask you 4 questions.
If the question is not applicable to this module, accept the default option shown after each question. You can modify any answers at any time by manually updating the metadata.json file.
[Q 1/4] If you have a Puppet Forge username, add it here.
We can use this to upload your module to the Forge when it's complete.
--> root
[Q 2/4] Who wrote this module?
This is used to credit the module's author.
--> root
[Q 3/4] What license does this module code fall under?
This should be an identifier from https://spdx.org/licenses/. Common values are "Apache-2.0", "MIT", or "proprietary".
--> Apache-2.0
[Q 4/4] What operating systems does this module support?
Use the up and down keys to move between the choices, space to select and enter to continue.
--> RedHat based Linux, Debian based Linux, Windows
Metadata will be generated based on this information, continue? Yes
pdk (INFO): Using the default template-url and template-ref.
pdk (INFO): Module 'airgapper' generated at path '/root/airgapper'.
pdk (INFO): In your module directory, add classes with the 'pdk new class' command.
# create a class
[root@rocky9-airgap ~]# cd airgapper/
[root@rocky9-airgap airgapper]# pdk new class airgapper::hello
---------------Files added--------------
/root/airgapper/spec/classes/hello_spec.rb
/root/airgapper/manifests/hello.pp
----------------------------------------
# run pdk validate
[root@rocky9-airgap airgapper]# pdk validate
pdk (INFO): Using Ruby 3.2.5
pdk (INFO): Using Puppet 8.9.0
pdk (INFO): Running all available validators...
pdk (INFO): Validator 'puppet-plan-syntax' skipped for '/root/airgapper'. No files matching '["plans/**/*.pp"]' found to validate.
pdk (INFO): Validator 'puppet-epp' skipped for '/root/airgapper'. No files matching '["**/*.epp"]' found to validate.
pdk (INFO): Validator 'task-metadata-lint' skipped for '/root/airgapper'. No files matching '["tasks/*.json"]' found to validate.
┌ [✔] Running metadata validators ...
├── [✔] Checking metadata syntax (metadata.json tasks/*.json).
└── [✔] Checking module metadata style (metadata.json).
┌ [✔] Running puppet validators ...
├── [✔] Checking Puppet manifest syntax (**/*.pp).
└── [✔] Checking Puppet manifest style (**/*.pp).
┌ [✔] Running ruby validators ...
└── [✔] Checking Ruby code style (**/**.rb).
┌ [✔] Running tasks validators ...
├── [✔] Checking task names (tasks/**/*).
└── [✔] Checking task metadata style (tasks/*.json).
┌ [✔] Running yaml validators ...
└── [✔] Checking YAML syntax (**/*.yaml **/*.yml).
# run pdk test unit
[root@rocky9-airgap airgapper]# pdk test unit
pdk (INFO): Using Ruby 3.2.5
pdk (INFO): Using Puppet 8.9.0
[✔] Preparing to run the unit tests.
/opt/puppetlabs/pdk/private/ruby/3.2.5/bin/ruby -I/opt/puppetlabs/pdk/share/cache/ruby/3.2.0/gems/rspec-core-3.13.2/lib:/opt/puppetlabs/pdk/share/cache/ruby/3.2.0/gems/rspec-support-3.13.1/lib /opt/puppetlabs/pdk/share/cache/ruby/3.2.0/gems/rspec-core-3.13.2/exe/rspec --pattern spec/\{aliases,classes,defines,functions,hosts,integration,plans,tasks,type_aliases,types,unit\}/\*\*/\*_spec.rb --format progress
No facts were found in the FacterDB for Facter v4.5.1 on {"os.name"=>"CentOS", "os.release.full"=>"/^8/", "os.hardware"=>"x86_64"}, using v4.5.2 instead
No facts were found in the FacterDB for Facter v4.5.1 on {"os.name"=>"CentOS", "os.release.full"=>"/^9/", "os.hardware"=>"x86_64"}, using v4.5.2 instead
No facts were found in the FacterDB for Facter v4.5.1 on {"os.name"=>"OracleLinux", "os.release.full"=>"/^7/", "os.hardware"=>"x86_64"}, using v4.2.2 instead
No facts were found in the FacterDB for Facter v4.5.1 on {"os.name"=>"RedHat", "os.release.full"=>"/^7/", "os.hardware"=>"x86_64"}, using v4.2.13 instead
No facts were found in the FacterDB for Facter v4.5.1 on {"os.name"=>"RedHat", "os.release.full"=>"/^8/", "os.hardware"=>"x86_64"}, using v4.5.2 instead
No facts were found in the FacterDB for Facter v4.5.1 on {"os.name"=>"RedHat", "os.release.full"=>"/^9/", "os.hardware"=>"x86_64"}, using v4.5.2 instead
No facts were found in the FacterDB for Facter v4.5.1 on {"os.name"=>"Scientific", "os.release.full"=>"/^7/", "os.hardware"=>"x86_64"}, using v4.2.2 instead
No facts were found in the FacterDB for Facter v4.5.1 on {"os.name"=>"Rocky", "os.release.full"=>"/^8/", "os.hardware"=>"x86_64"}, using v4.5.0 instead
No facts were found in the FacterDB for Facter v4.5.1 on {"os.name"=>"AlmaLinux", "os.release.full"=>"/^8/", "os.hardware"=>"x86_64"}, using v4.5.2 instead
No facts were found in the FacterDB for Facter v4.5.1 on {"os.name"=>"Debian", "os.release.full"=>"/^11/", "os.hardware"=>"x86_64"}, using v4.5.2 instead
No facts were found in the FacterDB for Facter v4.5.1 on {"os.name"=>"Debian", "os.release.full"=>"/^12/", "os.hardware"=>"x86_64"}, using v4.5.2 instead
No facts were found in the FacterDB for Facter v4.5.1 on {"os.name"=>"Ubuntu", "os.release.full"=>"/^18\\.04/", "os.hardware"=>"x86_64"}, using v4.5.0 instead
No facts were found in the FacterDB for Facter v4.5.1 on {"os.name"=>"Ubuntu", "os.release.full"=>"/^20\\.04/", "os.hardware"=>"x86_64"}, using v4.5.0 instead
No facts were found in the FacterDB for Facter v4.5.1 on {"os.name"=>"Ubuntu", "os.release.full"=>"/^22\\.04/", "os.hardware"=>"x86_64"}, using v4.5.2 instead
No facts were found in the FacterDB for Facter v4.5.1 on {"os.name"=>"windows", "os.release.full"=>"\"2019\"", "os.hardware"=>"x86_64"}, using v4.5.2 instead
No facts were found in the FacterDB for Facter v4.5.1 on {"os.name"=>"windows", "os.release.full"=>"\"2022\"", "os.hardware"=>"x86_64"}, using v4.5.2 instead
No facts were found in the FacterDB for Facter v4.5.1 on {"os.name"=>"windows", "os.release.full"=>"\"10\"", "os.hardware"=>"x86_64"}, using v4.5.2 instead
No facts were found in the FacterDB for Facter v4.5.1 on {"os.name"=>"windows", "os.release.full"=>"\"11\"", "os.hardware"=>"x86_64"}, using v4.5.2 instead
Run options: exclude {:bolt=>true}
....................
Coverage Report:
Total resources: 0
Touched resources: 0
Resource coverage: 100.00%
Finished in 1.47 seconds (files took 1.89 seconds to load)
20 examples, 0 failures
[root@rocky9-airgap airgapper]# |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Prior to this PR, pathspec (which is a runtime dependency of puppet-modubuilder) was added as a component after the puppet-modulebuilder gem, which I don't believe is correct.
This PR updates the puppet-modulebuilder gem to be pulled in after its dependencies.
https://jenkins-platform.delivery.puppetlabs.net/view/vanagon-generic-builder/job/platform_vanagon-generic-builder_vanagon-packaging_generic-builder/3304/