diff --git a/.github/workflows/apply.yaml b/.github/workflows/apply.yaml index ab91575a2..ed1f5782f 100644 --- a/.github/workflows/apply.yaml +++ b/.github/workflows/apply.yaml @@ -26,7 +26,7 @@ jobs: name: Tests strategy: matrix: - os: [ubuntu-22.04, windows-latest] + os: [ubuntu-24.04, windows-latest] ruby: [3.1] runs-on: ${{ matrix.os }} steps: @@ -48,11 +48,11 @@ jobs: - name: Install modules if: steps.modules.outputs.cache-hit != 'true' run: bundle exec r10k puppetfile install - - if: matrix.os == 'ubuntu-22.04' + - if: matrix.os == 'ubuntu-24.04' uses: ./.github/actions/sudo_setup - if: matrix.os == 'windows-latest' uses: ./.github/actions/windows_agent_setup - - if: matrix.os == 'ubuntu-22.04' + - if: matrix.os == 'ubuntu-24.04' name: Run tests run: bundle exec rake ci:apply:linux - if: matrix.os == 'windows-latest' diff --git a/documentation/experimental_features.md b/documentation/experimental_features.md index 6af691521..174d19f2b 100644 --- a/documentation/experimental_features.md +++ b/documentation/experimental_features.md @@ -224,13 +224,13 @@ specify the option on the command line as `--stream`. Bolt streams results back they are received, with the target's safe name (the URI without the password included) and the stream (either 'out' or 'err') appended to the message, like so: ``` -Started on docker://puppet_6_node... +Started on docker://puppet_8_node... Started on docker://puppet_7_node... [docker://puppet_7_node] out: Hello! -[docker://puppet_6_node] out: Hello! +[docker://puppet_8_node] out: Hello! Finished on docker://puppet_7_node: Hello! -Finished on docker://puppet_6_node: +Finished on docker://puppet_8_node: Hello! ``` diff --git a/spec/Dockerfile b/spec/Dockerfile index 8bfb0bb09..fb223c701 100644 --- a/spec/Dockerfile +++ b/spec/Dockerfile @@ -1,10 +1,21 @@ -FROM rastasheep/ubuntu-sshd:18.04 +FROM ubuntu:24.04 ARG PUPPET_COLLECTION # Install required packages -RUN apt-get update -RUN apt-get -y install apt-transport-https locales sudo tree wget +RUN apt update \ + && apt install -y --no-install-recommends \ + adduser \ + ca-certificates \ + openssh-server \ + libssl-dev \ + sudo \ + locales \ + wget \ + apt-transport-https \ + tree \ + && apt-get clean \ + && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* # Set the locale RUN locale-gen en_US.UTF-8 @@ -15,10 +26,10 @@ ENV LANGUAGE=en_US.UTF-8 # Install the puppet-agent package # sudo is important here so puppet is added to the path RUN if [ -n "$PUPPET_COLLECTION" ]; then \ - wget -q https://apt.puppetlabs.com/${PUPPET_COLLECTION}-release-bionic.deb \ - && sudo dpkg -i ${PUPPET_COLLECTION}-release-bionic.deb \ - && sudo apt-get update \ - && sudo apt-get -y install puppet-agent ; \ + wget -q https://apt.voxpupuli.org/${PUPPET_COLLECTION}-release-ubuntu24.04.deb \ + && sudo apt install -y /${PUPPET_COLLECTION}-release-ubuntu24.04.deb \ + && sudo apt update \ + && sudo apt install -y openvox-agent ; \ fi # Add 'bolt' user @@ -47,4 +58,9 @@ RUN chmod 600 /home/test/.ssh/authorized_keys RUN chown -R test:sudo /home/test # Run the sshd service in the background -CMD [ "/usr/sbin/sshd", "-D" ] +RUN echo "PubkeyAuthentication yes" >> /etc/ssh/sshd_config.d/pubkey_auth.conf && \ + echo "LogLevel VERBOSE" >> /etc/ssh/sshd_config.d/log_level.conf + +EXPOSE 22 + +CMD ["/usr/sbin/sshd", "-D", "-e"] diff --git a/spec/Dockerfile.puppetdb b/spec/Dockerfile.puppetdb deleted file mode 100644 index 8469550f3..000000000 --- a/spec/Dockerfile.puppetdb +++ /dev/null @@ -1,8 +0,0 @@ -FROM puppet/puppetdb:7.2.0 - -# Use our own certs so this doesn't have to wait for puppetserver startup -COPY fixtures/ssl/ca.pem /opt/puppetlabs/server/data/puppetdb/certs/certs/ca.pem -COPY fixtures/ssl/cert.pem /opt/puppetlabs/server/data/puppetdb/certs/certs/server.crt -COPY fixtures/ssl/key.pem /opt/puppetlabs/server/data/puppetdb/certs/private_keys/pdb.pem -COPY fixtures/ssl/key.pem /opt/puppetlabs/server/data/puppetdb/certs/private_keys/server.key -COPY fixtures/ssl/crl.pem /opt/puppetlabs/server/data/puppetdb/certs/ca/ca_crl.pem diff --git a/spec/Dockerfile.puppetserver b/spec/Dockerfile.puppetserver deleted file mode 100644 index eeba947eb..000000000 --- a/spec/Dockerfile.puppetserver +++ /dev/null @@ -1,22 +0,0 @@ -FROM puppet/puppetserver:edge - -ARG hostname="boltserver" -ENV PUPPETSERVER_HOSTNAME "$hostname" -ENV PUPPET_STORECONFIGS false -ENV PUPPET_REPORTS log - -# Use our own certs and disable the CA -COPY fixtures/ssl/ca.pem /etc/puppetlabs/puppet/ssl/certs/ca.pem -COPY fixtures/ssl/cert.pem /etc/puppetlabs/puppet/ssl/certs/"$hostname".pem -COPY fixtures/ssl/key.pem /etc/puppetlabs/puppet/ssl/private_keys/"$hostname".pem -COPY fixtures/ssl/crl.pem /etc/puppetlabs/puppet/ssl/crl.pem -COPY fixtures/ssl/ca.cfg /etc/puppetlabs/puppetserver/services.d/ca.cfg - -RUN chown -R puppet:puppet /etc/puppetlabs/puppet/ssl - -RUN /opt/puppetlabs/bin/puppet config set certname "$hostname" -RUN /opt/puppetlabs/bin/puppet config set server "$hostname" - -# Skip the normal bootstrapping and just run puppet-server -ENTRYPOINT ["/opt/puppetlabs/bin/puppetserver"] -CMD ["foreground"] diff --git a/spec/docker-compose.yml b/spec/docker-compose.yml index 8cf91350a..b830e13f5 100644 --- a/spec/docker-compose.yml +++ b/spec/docker-compose.yml @@ -1,58 +1,73 @@ -version: "3" services: ubuntu_node: build: . container_name: ubuntu_node ports: - "20022:22" + depends_on: + openvoxserver: + condition: service_healthy - puppet_6_node: + puppet_8_node: build: context: . args: - PUPPET_COLLECTION: puppet6 - container_name: puppet_6_node + PUPPET_COLLECTION: openvox8 + container_name: puppet_8_node ports: - "20024:22" + depends_on: + openvoxserver: + condition: service_healthy puppet_7_node: build: context: . args: - PUPPET_COLLECTION: puppet7 + PUPPET_COLLECTION: openvox7 container_name: puppet_7_node ports: - "20025:22" + depends_on: + openvoxserver: + condition: service_healthy postgres: - image: postgres:11.11 + image: docker.io/postgres:17-alpine + hostname: postgres environment: - POSTGRES_PASSWORD: puppetdb - POSTGRES_USER: puppetdb - POSTGRES_DB: puppetdb + POSTGRES_DB: openvoxdb + POSTGRES_USER: openvoxdb + POSTGRES_PASSWORD: openvoxdb volumes: - ./fixtures/puppetdb/custom_source:/docker-entrypoint-initdb.d + restart: always + healthcheck: + test: ["CMD-SHELL", "sh -c 'pg_isready -U openvoxdb -d openvoxdb'"] + interval: 10s + timeout: 3s + retries: 3 - puppetdb: - build: - context: . - dockerfile: Dockerfile.puppetdb - depends_on: - - postgres - - puppetserver + openvoxdb: + image: ghcr.io/openvoxproject/openvoxdb:latest + hostname: pdb environment: - USE_PUPPETSERVER: 'false' CERTNAME: pdb + restart: always + depends_on: + openvoxserver: + condition: service_healthy ports: - "18081:8081" - puppetserver: - build: - context: . - dockerfile: Dockerfile.puppetserver - image: puppet-server - ports: - - "8140:8140" + openvoxserver: + image: ghcr.io/openvoxproject/openvoxserver:latest + hostname: puppet + environment: + OPENVOXSERVER_HOSTNAME: puppet + restart: always volumes: - ./fixtures/modules:/etc/puppetlabs/code/modules - ./fixtures/bolt_server/projects:/etc/puppetlabs/code/projects + ports: + - 8140:8140 diff --git a/spec/fixtures/inventory/docker.yaml b/spec/fixtures/inventory/docker.yaml index d91adaea6..9736ff5c7 100644 --- a/spec/fixtures/inventory/docker.yaml +++ b/spec/fixtures/inventory/docker.yaml @@ -8,7 +8,7 @@ groups: config: ssh: port: 20022 - - name: puppet_6_node + - name: puppet_8_node config: ssh: port: 20024 diff --git a/spec/integration/apply_spec.rb b/spec/integration/apply_spec.rb index 04a30c4f9..ff2353c4a 100644 --- a/spec/integration/apply_spec.rb +++ b/spec/integration/apply_spec.rb @@ -214,13 +214,13 @@ results.each do |result| expect(result['status']).to eq('success') report = result['value']['report'] - expect(report['resource_statuses']).to include(/Notify\[Hello puppet_[5-7]_node\]/) + expect(report['resource_statuses']).to include(/Notify\[Hello puppet_[7-8]_node\]/) end end - # Run on puppet_6_node and puppet_7_node only, as deferred requires >= 6. + # Run on puppet_8_node and puppet_7_node only, as deferred requires >= 6. it 'applies the deferred type' do - result = run_cli_json(%w[plan run basic::defer -t puppet_6_node,puppet_7_node], project: project) + result = run_cli_json(%w[plan run basic::defer -t puppet_8_node,puppet_7_node], project: project) expect(result).not_to include('kind') expect(result[0]['status']).to eq('success') resources = result[0]['value']['report']['resource_statuses'] diff --git a/spec/integration/device_spec.rb b/spec/integration/device_spec.rb index a77036b3d..68cabc884 100644 --- a/spec/integration/device_spec.rb +++ b/spec/integration/device_spec.rb @@ -28,7 +28,7 @@ 'transport' => 'remote', 'remote' => { 'remote-transport' => 'fake', - 'run-on' => 'puppet_6_node', + 'run-on' => 'puppet_8_node', 'path' => device_path } } @@ -77,7 +77,7 @@ expect(results).not_to include('kind') expect(results.dig(0, 'value', 'report', 'resource_statuses')).to include('Fake_device[key1]') - content = run_cli_json(['command', 'run', "cat '#{device_path}'", '-t', 'puppet_6_node'], project: @project) + content = run_cli_json(['command', 'run', "cat '#{device_path}'", '-t', 'puppet_8_node'], project: @project) expect(content.dig('items', 0, 'value', 'stdout')).to eq({ key1: 'val1' }.to_json) diff --git a/spec/integration/parallel_spec.rb b/spec/integration/parallel_spec.rb index d693007e1..12a161dd3 100644 --- a/spec/integration/parallel_spec.rb +++ b/spec/integration/parallel_spec.rb @@ -246,7 +246,7 @@ { "action" => "run_task", "object" => "error::fail", "result_set" => - [{ "target" => 'puppet_6_node', + [{ "target" => 'puppet_8_node', "action" => "task", "object" => "error::fail", "status" => "failure", diff --git a/spec/lib/bolt_spec/conn.rb b/spec/lib/bolt_spec/conn.rb index 5ed54a14c..6829cf5d0 100644 --- a/spec/lib/bolt_spec/conn.rb +++ b/spec/lib/bolt_spec/conn.rb @@ -92,7 +92,7 @@ def docker_inventory(root: false) 'name' => 'nix_agents', 'targets' => [ { - 'name' => 'puppet_6_node', + 'name' => 'puppet_8_node', 'config' => { 'ssh' => { 'port' => 20024 } } }, {