From 4ab640d59e2b6da5d6f32b195c4db0a546abe150 Mon Sep 17 00:00:00 2001 From: Tim Meusel Date: Fri, 20 Jun 2025 22:27:29 +0200 Subject: [PATCH 01/12] Docker tests: Switch from puppetserver to openvoxserver --- spec/Dockerfile.puppetdb | 2 +- spec/Dockerfile.puppetserver | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/spec/Dockerfile.puppetdb b/spec/Dockerfile.puppetdb index 8469550f3..61faf40fc 100644 --- a/spec/Dockerfile.puppetdb +++ b/spec/Dockerfile.puppetdb @@ -1,4 +1,4 @@ -FROM puppet/puppetdb:7.2.0 +FROM ghcr.io/openvoxproject/openvoxdb:latest # Use our own certs so this doesn't have to wait for puppetserver startup COPY fixtures/ssl/ca.pem /opt/puppetlabs/server/data/puppetdb/certs/certs/ca.pem diff --git a/spec/Dockerfile.puppetserver b/spec/Dockerfile.puppetserver index eeba947eb..ed9fd43f9 100644 --- a/spec/Dockerfile.puppetserver +++ b/spec/Dockerfile.puppetserver @@ -1,4 +1,4 @@ -FROM puppet/puppetserver:edge +FROM ghcr.io/openvoxproject/openvoxserver:latest ARG hostname="boltserver" ENV PUPPETSERVER_HOSTNAME "$hostname" From 5cdfb74b1fb76f0a1e86d16d84d2843494e706e5 Mon Sep 17 00:00:00 2001 From: Tim Meusel Date: Fri, 20 Jun 2025 22:38:27 +0200 Subject: [PATCH 02/12] Docker tests: Replace puppet 6 with puppet 8 container --- documentation/experimental_features.md | 6 +++--- spec/docker-compose.yml | 6 +++--- spec/fixtures/inventory/docker.yaml | 2 +- spec/integration/apply_spec.rb | 6 +++--- spec/integration/device_spec.rb | 4 ++-- spec/integration/parallel_spec.rb | 2 +- spec/lib/bolt_spec/conn.rb | 2 +- 7 files changed, 14 insertions(+), 14 deletions(-) diff --git a/documentation/experimental_features.md b/documentation/experimental_features.md index 6af691521..174d19f2b 100644 --- a/documentation/experimental_features.md +++ b/documentation/experimental_features.md @@ -224,13 +224,13 @@ specify the option on the command line as `--stream`. Bolt streams results back they are received, with the target's safe name (the URI without the password included) and the stream (either 'out' or 'err') appended to the message, like so: ``` -Started on docker://puppet_6_node... +Started on docker://puppet_8_node... Started on docker://puppet_7_node... [docker://puppet_7_node] out: Hello! -[docker://puppet_6_node] out: Hello! +[docker://puppet_8_node] out: Hello! Finished on docker://puppet_7_node: Hello! -Finished on docker://puppet_6_node: +Finished on docker://puppet_8_node: Hello! ``` diff --git a/spec/docker-compose.yml b/spec/docker-compose.yml index 8cf91350a..df3ce355d 100644 --- a/spec/docker-compose.yml +++ b/spec/docker-compose.yml @@ -6,12 +6,12 @@ services: ports: - "20022:22" - puppet_6_node: + puppet_8_node: build: context: . args: - PUPPET_COLLECTION: puppet6 - container_name: puppet_6_node + PUPPET_COLLECTION: puppet8 + container_name: puppet_8_node ports: - "20024:22" diff --git a/spec/fixtures/inventory/docker.yaml b/spec/fixtures/inventory/docker.yaml index d91adaea6..9736ff5c7 100644 --- a/spec/fixtures/inventory/docker.yaml +++ b/spec/fixtures/inventory/docker.yaml @@ -8,7 +8,7 @@ groups: config: ssh: port: 20022 - - name: puppet_6_node + - name: puppet_8_node config: ssh: port: 20024 diff --git a/spec/integration/apply_spec.rb b/spec/integration/apply_spec.rb index 04a30c4f9..ff2353c4a 100644 --- a/spec/integration/apply_spec.rb +++ b/spec/integration/apply_spec.rb @@ -214,13 +214,13 @@ results.each do |result| expect(result['status']).to eq('success') report = result['value']['report'] - expect(report['resource_statuses']).to include(/Notify\[Hello puppet_[5-7]_node\]/) + expect(report['resource_statuses']).to include(/Notify\[Hello puppet_[7-8]_node\]/) end end - # Run on puppet_6_node and puppet_7_node only, as deferred requires >= 6. + # Run on puppet_8_node and puppet_7_node only, as deferred requires >= 6. it 'applies the deferred type' do - result = run_cli_json(%w[plan run basic::defer -t puppet_6_node,puppet_7_node], project: project) + result = run_cli_json(%w[plan run basic::defer -t puppet_8_node,puppet_7_node], project: project) expect(result).not_to include('kind') expect(result[0]['status']).to eq('success') resources = result[0]['value']['report']['resource_statuses'] diff --git a/spec/integration/device_spec.rb b/spec/integration/device_spec.rb index a77036b3d..68cabc884 100644 --- a/spec/integration/device_spec.rb +++ b/spec/integration/device_spec.rb @@ -28,7 +28,7 @@ 'transport' => 'remote', 'remote' => { 'remote-transport' => 'fake', - 'run-on' => 'puppet_6_node', + 'run-on' => 'puppet_8_node', 'path' => device_path } } @@ -77,7 +77,7 @@ expect(results).not_to include('kind') expect(results.dig(0, 'value', 'report', 'resource_statuses')).to include('Fake_device[key1]') - content = run_cli_json(['command', 'run', "cat '#{device_path}'", '-t', 'puppet_6_node'], project: @project) + content = run_cli_json(['command', 'run', "cat '#{device_path}'", '-t', 'puppet_8_node'], project: @project) expect(content.dig('items', 0, 'value', 'stdout')).to eq({ key1: 'val1' }.to_json) diff --git a/spec/integration/parallel_spec.rb b/spec/integration/parallel_spec.rb index d693007e1..12a161dd3 100644 --- a/spec/integration/parallel_spec.rb +++ b/spec/integration/parallel_spec.rb @@ -246,7 +246,7 @@ { "action" => "run_task", "object" => "error::fail", "result_set" => - [{ "target" => 'puppet_6_node', + [{ "target" => 'puppet_8_node', "action" => "task", "object" => "error::fail", "status" => "failure", diff --git a/spec/lib/bolt_spec/conn.rb b/spec/lib/bolt_spec/conn.rb index 5ed54a14c..6829cf5d0 100644 --- a/spec/lib/bolt_spec/conn.rb +++ b/spec/lib/bolt_spec/conn.rb @@ -92,7 +92,7 @@ def docker_inventory(root: false) 'name' => 'nix_agents', 'targets' => [ { - 'name' => 'puppet_6_node', + 'name' => 'puppet_8_node', 'config' => { 'ssh' => { 'port' => 20024 } } }, { From da12c15ac5a85a88aeb33ca8d2d3b6dcb81c9f77 Mon Sep 17 00:00:00 2001 From: Robert Waffen Date: Tue, 24 Jun 2025 13:03:36 +0200 Subject: [PATCH 03/12] fix: update docker setup --- spec/Dockerfile | 24 ++++++++++++++++++----- spec/Dockerfile.puppetdb | 8 -------- spec/Dockerfile.puppetserver | 22 --------------------- spec/docker-compose.yml | 37 ++++++++++++++++++------------------ 4 files changed, 37 insertions(+), 54 deletions(-) delete mode 100644 spec/Dockerfile.puppetdb delete mode 100644 spec/Dockerfile.puppetserver diff --git a/spec/Dockerfile b/spec/Dockerfile index 8bfb0bb09..233508461 100644 --- a/spec/Dockerfile +++ b/spec/Dockerfile @@ -1,10 +1,19 @@ -FROM rastasheep/ubuntu-sshd:18.04 +FROM ubuntu:24.04 ARG PUPPET_COLLECTION # Install required packages -RUN apt-get update -RUN apt-get -y install apt-transport-https locales sudo tree wget +RUN apt update && \ + apt install -y --no-install-recommends \ + openssh-server \ + libssl-dev \ + sudo && \ + locales \ + wget \ + apt-transport-https \ + tree && \ + apt-get clean && \ + rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* # Set the locale RUN locale-gen en_US.UTF-8 @@ -15,7 +24,7 @@ ENV LANGUAGE=en_US.UTF-8 # Install the puppet-agent package # sudo is important here so puppet is added to the path RUN if [ -n "$PUPPET_COLLECTION" ]; then \ - wget -q https://apt.puppetlabs.com/${PUPPET_COLLECTION}-release-bionic.deb \ + && wget -q https://apt.voxpupuli.org/${PUPPET_COLLECTION}-release-ubuntu24.04.deb \ && sudo dpkg -i ${PUPPET_COLLECTION}-release-bionic.deb \ && sudo apt-get update \ && sudo apt-get -y install puppet-agent ; \ @@ -47,4 +56,9 @@ RUN chmod 600 /home/test/.ssh/authorized_keys RUN chown -R test:sudo /home/test # Run the sshd service in the background -CMD [ "/usr/sbin/sshd", "-D" ] +RUN echo "PubkeyAuthentication yes" >> /etc/ssh/sshd_config.d/pubkey_auth.conf && \ + echo "LogLevel VERBOSE" >> /etc/ssh/sshd_config.d/log_level.conf + +EXPOSE 22 + +CMD ["/usr/sbin/sshd", "-D", "-e"] diff --git a/spec/Dockerfile.puppetdb b/spec/Dockerfile.puppetdb deleted file mode 100644 index 61faf40fc..000000000 --- a/spec/Dockerfile.puppetdb +++ /dev/null @@ -1,8 +0,0 @@ -FROM ghcr.io/openvoxproject/openvoxdb:latest - -# Use our own certs so this doesn't have to wait for puppetserver startup -COPY fixtures/ssl/ca.pem /opt/puppetlabs/server/data/puppetdb/certs/certs/ca.pem -COPY fixtures/ssl/cert.pem /opt/puppetlabs/server/data/puppetdb/certs/certs/server.crt -COPY fixtures/ssl/key.pem /opt/puppetlabs/server/data/puppetdb/certs/private_keys/pdb.pem -COPY fixtures/ssl/key.pem /opt/puppetlabs/server/data/puppetdb/certs/private_keys/server.key -COPY fixtures/ssl/crl.pem /opt/puppetlabs/server/data/puppetdb/certs/ca/ca_crl.pem diff --git a/spec/Dockerfile.puppetserver b/spec/Dockerfile.puppetserver deleted file mode 100644 index ed9fd43f9..000000000 --- a/spec/Dockerfile.puppetserver +++ /dev/null @@ -1,22 +0,0 @@ -FROM ghcr.io/openvoxproject/openvoxserver:latest - -ARG hostname="boltserver" -ENV PUPPETSERVER_HOSTNAME "$hostname" -ENV PUPPET_STORECONFIGS false -ENV PUPPET_REPORTS log - -# Use our own certs and disable the CA -COPY fixtures/ssl/ca.pem /etc/puppetlabs/puppet/ssl/certs/ca.pem -COPY fixtures/ssl/cert.pem /etc/puppetlabs/puppet/ssl/certs/"$hostname".pem -COPY fixtures/ssl/key.pem /etc/puppetlabs/puppet/ssl/private_keys/"$hostname".pem -COPY fixtures/ssl/crl.pem /etc/puppetlabs/puppet/ssl/crl.pem -COPY fixtures/ssl/ca.cfg /etc/puppetlabs/puppetserver/services.d/ca.cfg - -RUN chown -R puppet:puppet /etc/puppetlabs/puppet/ssl - -RUN /opt/puppetlabs/bin/puppet config set certname "$hostname" -RUN /opt/puppetlabs/bin/puppet config set server "$hostname" - -# Skip the normal bootstrapping and just run puppet-server -ENTRYPOINT ["/opt/puppetlabs/bin/puppetserver"] -CMD ["foreground"] diff --git a/spec/docker-compose.yml b/spec/docker-compose.yml index df3ce355d..0f61ce7f1 100644 --- a/spec/docker-compose.yml +++ b/spec/docker-compose.yml @@ -25,34 +25,33 @@ services: - "20025:22" postgres: - image: postgres:11.11 + image: docker.io/postgres:17-alpine + hostname: postgres environment: - POSTGRES_PASSWORD: puppetdb - POSTGRES_USER: puppetdb - POSTGRES_DB: puppetdb + POSTGRES_DB: openvoxdb + POSTGRES_USER: openvoxdb + POSTGRES_PASSWORD: openvoxdb volumes: - ./fixtures/puppetdb/custom_source:/docker-entrypoint-initdb.d + restart: always - puppetdb: - build: - context: . - dockerfile: Dockerfile.puppetdb - depends_on: - - postgres - - puppetserver + openvoxdb: + image: ghcr.io/openvoxproject/openvoxdb:latest + hostname: pdb environment: - USE_PUPPETSERVER: 'false' CERTNAME: pdb + restart: always ports: - "18081:8081" - puppetserver: - build: - context: . - dockerfile: Dockerfile.puppetserver - image: puppet-server - ports: - - "8140:8140" + openvoxserver: + image: ghcr.io/openvoxproject/openvoxserver:latest + hostname: puppet + environment: + OPENVOXSERVER_HOSTNAME: puppet + restart: always volumes: - ./fixtures/modules:/etc/puppetlabs/code/modules - ./fixtures/bolt_server/projects:/etc/puppetlabs/code/projects + ports: + - 8140:8140 From ba5d58a372eece92b8ba9dbe35b4078fc71b9972 Mon Sep 17 00:00:00 2001 From: Robert Waffen Date: Tue, 24 Jun 2025 13:07:32 +0200 Subject: [PATCH 04/12] fix: remove typo --- spec/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/Dockerfile b/spec/Dockerfile index 233508461..1ff62e37d 100644 --- a/spec/Dockerfile +++ b/spec/Dockerfile @@ -7,7 +7,7 @@ RUN apt update && \ apt install -y --no-install-recommends \ openssh-server \ libssl-dev \ - sudo && \ + sudo \ locales \ wget \ apt-transport-https \ From b1a6157d9f53c42bd7f8f2eac9f043ba68889126 Mon Sep 17 00:00:00 2001 From: Robert Waffen Date: Tue, 24 Jun 2025 13:58:12 +0200 Subject: [PATCH 05/12] fix: set openvox collection --- spec/docker-compose.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/spec/docker-compose.yml b/spec/docker-compose.yml index 0f61ce7f1..952ead8e8 100644 --- a/spec/docker-compose.yml +++ b/spec/docker-compose.yml @@ -10,7 +10,7 @@ services: build: context: . args: - PUPPET_COLLECTION: puppet8 + PUPPET_COLLECTION: openvox8 container_name: puppet_8_node ports: - "20024:22" @@ -19,7 +19,7 @@ services: build: context: . args: - PUPPET_COLLECTION: puppet7 + PUPPET_COLLECTION: openvox7 container_name: puppet_7_node ports: - "20025:22" From 8ccda88cadad2e24e41b5c1c40c60b8f5bcb8833 Mon Sep 17 00:00:00 2001 From: Robert Waffen Date: Tue, 24 Jun 2025 14:02:20 +0200 Subject: [PATCH 06/12] fix: remove typo --- spec/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/spec/Dockerfile b/spec/Dockerfile index 1ff62e37d..a283c936b 100644 --- a/spec/Dockerfile +++ b/spec/Dockerfile @@ -24,10 +24,10 @@ ENV LANGUAGE=en_US.UTF-8 # Install the puppet-agent package # sudo is important here so puppet is added to the path RUN if [ -n "$PUPPET_COLLECTION" ]; then \ - && wget -q https://apt.voxpupuli.org/${PUPPET_COLLECTION}-release-ubuntu24.04.deb \ + wget -q https://apt.voxpupuli.org/${PUPPET_COLLECTION}-release-ubuntu24.04.deb \ && sudo dpkg -i ${PUPPET_COLLECTION}-release-bionic.deb \ && sudo apt-get update \ - && sudo apt-get -y install puppet-agent ; \ + && sudo apt-get -y install puppet-agent \ fi # Add 'bolt' user From 621faf8ba13e1cc0a71c1f2ed10854e87d11ab27 Mon Sep 17 00:00:00 2001 From: Robert Waffen Date: Tue, 24 Jun 2025 14:09:14 +0200 Subject: [PATCH 07/12] fix: fix apt setup --- spec/Dockerfile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/spec/Dockerfile b/spec/Dockerfile index a283c936b..62bc1f508 100644 --- a/spec/Dockerfile +++ b/spec/Dockerfile @@ -25,9 +25,9 @@ ENV LANGUAGE=en_US.UTF-8 # sudo is important here so puppet is added to the path RUN if [ -n "$PUPPET_COLLECTION" ]; then \ wget -q https://apt.voxpupuli.org/${PUPPET_COLLECTION}-release-ubuntu24.04.deb \ - && sudo dpkg -i ${PUPPET_COLLECTION}-release-bionic.deb \ - && sudo apt-get update \ - && sudo apt-get -y install puppet-agent \ + && sudo apt install -y /${PUPPET_COLLECTION}-release-ubuntu24.04.deb \ + && sudo apt update \ + && sudo apt install -y openvox-agent ; \ fi # Add 'bolt' user From f9971257fa1692522d738b936817a1f707e56384 Mon Sep 17 00:00:00 2001 From: Robert Waffen Date: Tue, 24 Jun 2025 14:17:22 +0200 Subject: [PATCH 08/12] fix: add useradd --- spec/Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/spec/Dockerfile b/spec/Dockerfile index 62bc1f508..c9e279714 100644 --- a/spec/Dockerfile +++ b/spec/Dockerfile @@ -5,6 +5,7 @@ ARG PUPPET_COLLECTION # Install required packages RUN apt update && \ apt install -y --no-install-recommends \ + adduser \ openssh-server \ libssl-dev \ sudo \ From bbbe230f7fa746af9712829eb7d5b115d6e520f6 Mon Sep 17 00:00:00 2001 From: Robert Waffen Date: Tue, 24 Jun 2025 14:53:01 +0200 Subject: [PATCH 09/12] fix: add ca-certificates --- spec/Dockerfile | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/spec/Dockerfile b/spec/Dockerfile index c9e279714..fb223c701 100644 --- a/spec/Dockerfile +++ b/spec/Dockerfile @@ -3,18 +3,19 @@ FROM ubuntu:24.04 ARG PUPPET_COLLECTION # Install required packages -RUN apt update && \ - apt install -y --no-install-recommends \ +RUN apt update \ + && apt install -y --no-install-recommends \ adduser \ + ca-certificates \ openssh-server \ libssl-dev \ sudo \ locales \ wget \ apt-transport-https \ - tree && \ - apt-get clean && \ - rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* + tree \ + && apt-get clean \ + && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* # Set the locale RUN locale-gen en_US.UTF-8 From c1cf5d67dec64e6833254e3fb81a89b81407aa97 Mon Sep 17 00:00:00 2001 From: Robert Waffen Date: Fri, 27 Jun 2025 11:10:49 +0200 Subject: [PATCH 10/12] fix: update Ubuntu version in CI workflow to 24.04 --- .github/workflows/apply.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/apply.yaml b/.github/workflows/apply.yaml index ab91575a2..ed1f5782f 100644 --- a/.github/workflows/apply.yaml +++ b/.github/workflows/apply.yaml @@ -26,7 +26,7 @@ jobs: name: Tests strategy: matrix: - os: [ubuntu-22.04, windows-latest] + os: [ubuntu-24.04, windows-latest] ruby: [3.1] runs-on: ${{ matrix.os }} steps: @@ -48,11 +48,11 @@ jobs: - name: Install modules if: steps.modules.outputs.cache-hit != 'true' run: bundle exec r10k puppetfile install - - if: matrix.os == 'ubuntu-22.04' + - if: matrix.os == 'ubuntu-24.04' uses: ./.github/actions/sudo_setup - if: matrix.os == 'windows-latest' uses: ./.github/actions/windows_agent_setup - - if: matrix.os == 'ubuntu-22.04' + - if: matrix.os == 'ubuntu-24.04' name: Run tests run: bundle exec rake ci:apply:linux - if: matrix.os == 'windows-latest' From 542c698d78b16f82227a10bd22ac099e8a8513c2 Mon Sep 17 00:00:00 2001 From: Robert Waffen Date: Fri, 27 Jun 2025 11:11:10 +0200 Subject: [PATCH 11/12] fix: add depends_on and healthcheck for service stability in docker-compose --- spec/docker-compose.yml | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) diff --git a/spec/docker-compose.yml b/spec/docker-compose.yml index 952ead8e8..cb356d586 100644 --- a/spec/docker-compose.yml +++ b/spec/docker-compose.yml @@ -1,10 +1,13 @@ -version: "3" services: ubuntu_node: build: . container_name: ubuntu_node ports: - "20022:22" + depends_on: + openvoxserver: + condition: service_healthy + restart: always puppet_8_node: build: @@ -14,6 +17,10 @@ services: container_name: puppet_8_node ports: - "20024:22" + depends_on: + openvoxserver: + condition: service_healthy + restart: always puppet_7_node: build: @@ -23,6 +30,10 @@ services: container_name: puppet_7_node ports: - "20025:22" + depends_on: + openvoxserver: + condition: service_healthy + restart: always postgres: image: docker.io/postgres:17-alpine @@ -34,6 +45,11 @@ services: volumes: - ./fixtures/puppetdb/custom_source:/docker-entrypoint-initdb.d restart: always + healthcheck: + test: ["CMD-SHELL", "sh -c 'pg_isready -U openvoxdb -d openvoxdb'"] + interval: 10s + timeout: 3s + retries: 3 openvoxdb: image: ghcr.io/openvoxproject/openvoxdb:latest @@ -41,6 +57,10 @@ services: environment: CERTNAME: pdb restart: always + depends_on: + openvoxserver: + condition: service_healthy + restart: always ports: - "18081:8081" From 8cef72fb3cac85c70f02894c96b8bf55d5c8cdba Mon Sep 17 00:00:00 2001 From: Robert Waffen Date: Fri, 27 Jun 2025 11:14:32 +0200 Subject: [PATCH 12/12] fix: remove restart policy for services becaus it doesnt work --- spec/docker-compose.yml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/spec/docker-compose.yml b/spec/docker-compose.yml index cb356d586..b830e13f5 100644 --- a/spec/docker-compose.yml +++ b/spec/docker-compose.yml @@ -7,7 +7,6 @@ services: depends_on: openvoxserver: condition: service_healthy - restart: always puppet_8_node: build: @@ -20,7 +19,6 @@ services: depends_on: openvoxserver: condition: service_healthy - restart: always puppet_7_node: build: @@ -33,7 +31,6 @@ services: depends_on: openvoxserver: condition: service_healthy - restart: always postgres: image: docker.io/postgres:17-alpine @@ -60,7 +57,6 @@ services: depends_on: openvoxserver: condition: service_healthy - restart: always ports: - "18081:8081"