Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[WIP] Switch to Puppet data types #244

Closed
wants to merge 1 commit into from
Closed

[WIP] Switch to Puppet data types #244

wants to merge 1 commit into from

Conversation

wyardley
Copy link
Contributor

@wyardley wyardley commented Oct 9, 2017
edited
Loading

This adds Puppet 4 data types.

bastelfreak
bastelfreak reviewed Oct 9, 2017
View reviewed changes
.fixtures.yml Outdated
@@ -2,10 +2,10 @@ fixtures:
repositories:
stdlib:
repo: git://github.com/puppetlabs/puppetlabs-stdlib
ref: '4.6.0'
ref: '4.20.0'
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

IMO we should unpin the modules here. In general we test against master to find breaking changes before they are released.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@bastelfreak works for me, I'll adjust in #242

wyardley
wyardley commented Oct 9, 2017
View reviewed changes
spec/defines/openvpn_server_spec.rb
@@ -166,7 +166,7 @@
'key_cn' => 'yolo',
'key_name' => 'burp',
'key_ou' => 'NSA',
'verb' => 'mute',
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@luxflux do you know why verb is 'mute' here? It seems like mute is a separate param, and the docs suggest that verb should be an int as in the client?

Copy link
Contributor

@luxflux luxflux Oct 11, 2017
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, this seems to be wrong. Let's use an integer...
From https://openvpn.net/index.php/open-source/documentation/manuals/65-openvpn-20x-manpage.html:

--verb n
Set output verbosity to n (default=1). Each level shows all info from the previous levels. Level 3 is recommended if you want a good summary of what's happening without being swamped by output.
0 -- No output except fatal errors.
1 to 4 -- Normal usage range.
5 -- Output R and W characters to the console for each packet read and write, uppercase is used for TCP/UDP packets and lowercase is used for TUN/TAP packets.
6 to 11 -- Debug info range (see errlevel.h for additional information on debug levels).

I think we need we need to update this line as well.

luxflux
luxflux previously requested changes Oct 11, 2017
View reviewed changes
spec/defines/openvpn_server_spec.rb
@@ -166,7 +166,7 @@
'key_cn' => 'yolo',
'key_name' => 'burp',
'key_ou' => 'NSA',
'verb' => 'mute',
Copy link
Contributor

@luxflux luxflux Oct 11, 2017
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, this seems to be wrong. Let's use an integer...
From https://openvpn.net/index.php/open-source/documentation/manuals/65-openvpn-20x-manpage.html:

--verb n
Set output verbosity to n (default=1). Each level shows all info from the previous levels. Level 3 is recommended if you want a good summary of what's happening without being swamped by output.
0 -- No output except fatal errors.
1 to 4 -- Normal usage range.
5 -- Output R and W characters to the console for each packet read and write, uppercase is used for TCP/UDP packets and lowercase is used for TUN/TAP packets.
6 to 11 -- Debug info range (see errlevel.h for additional information on debug levels).

I think we need we need to update this line as well.

@wyardley
Copy link
Contributor Author

@luxflux edited that other line as well. The bulk of the tests currently fail with the same error, if you get a sec, could you see what I need to adjust?

Puppet::Error:
        Could not find resource 'Openvpn::Ca[winterthur]' for relationship on 'Openvpn::Client[winti-client1]'

I think the ordering on / from the base class is not needed, though maybe that's part of the problem?

@luxflux
Copy link
Contributor

luxflux commented Oct 12, 2017

@wyardley I'm not used to the Puppet data types. But what I can say is that a openvpn::client needs a openvpn::ca to work (directories, signing CA, ...) and that there is quite some magic involved here because a openvpn::ca may be used by multiple servers. To cover this, there is this pick statement in client.pp.

Does this help?

@wyardley
Copy link
Contributor Author

@juniorsysadmin any thoughts on the test failures here?

@juniorsysadmin
Copy link
Member

@wyardley Hmm, I was going to suggest re-arrangement of pre_condition to be first in the defined types but that shouldn't have an effect. I take it you have tried sprinkling

Puppet::Util::Log.level = :debug
Puppet::Util::Log.newdestination(:console)

in the rspec, and turning off parallel rspec to see if that is helpful in finding the problem?

bastelfreak
bastelfreak reviewed Nov 17, 2017
View reviewed changes
manifests/ca.pp
$key_name = '',
$key_ou = '',
$tls_auth = false,
String $country,
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

datatypes \o/

bastelfreak
bastelfreak reviewed Nov 17, 2017
View reviewed changes
manifests/server.pp
if $extca_server_key_file == undef { fail('extca_server_key_file has to be specified in extca mode') }
if $extca_dh_file == undef and !$remote and $tls_server { fail('cant enable tls_server: missing extca_dh_file') }
if $extca_tls_auth_key_file == undef and !$remote and $tls_auth { fail('cant enable tls_auth: missing extca_tls_auth_key_file') }
if $extca_ca_cert_file == undef {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How do you like this?

unless $extca_ca_cert_file {}

This is maybe easier to read?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I prefer that syntax myself, though I know others don't. I'm wondering if those sort of changes are best made after we at least get the tests passing w/ the updated code, and maybe in a separate PR?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I was actually having the exact same thought, though, when I was rebasing it.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yeah, we should not clutter up this PR.

@wyardley wyardley dismissed luxflux’s stale review December 7, 2017 07:13

should be re-reviewed

@wyardley
Copy link
Contributor Author

wyardley commented Dec 7, 2017

I've rebased again, however, not sure how much time I'll be able to devote to this (it's not a module I use), and the tests still have the same failures. Is anyone interested in taking a deeper look into the test failures, or should I close this?

@wyardley
Copy link
Contributor Author

I'm going to close this; agree with some comments that this is too much all at once, and not that familiar with the module, so I'll let someone else pick up this torch if they're interested.

@wyardley wyardley closed this Dec 13, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bastelfreak bastelfreak bastelfreak left review comments

@luxflux luxflux luxflux left review comments

Assignees
No one assigned
Labels
backwards-incompatible tests-fail
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@wyardley @luxflux @juniorsysadmin @bastelfreak