Merge pull request #193 from ekohl/os-support

Drop Ubuntu 14.04 & add Debian 9/10 / Fedora 29/30 support

Author: bastelfreak

.sync.yml

@@ -2,7 +2,9 @@
 .travis.yml:
   docker_sets:
     - set: centos7-64
-    - set: ubuntu1404-64
+    - set: debian9-64
+    - set: fedora29-64
+    - set: fedora30-64
     - set: ubuntu1604-64
     - set: ubuntu1804-64
   secure: "n/CVUS2upgv5DifCm/YsjBxR/11bdTRDYi1x9QK6ILa32+6ngVV2RQaIMXXJfJKYIPT8/O21tpc9C7fOBRGhRpNbl0usfvqsZS0C9UkpEx6AqT7lcRzj6pLrNn3IuChhZ0tQjNiKp9LxVTzltxr5uTFwKKCE4o534v/DLAzkzq5EAZuBWpRS1rcVHQA3o0767Gu3601yyYkZj9ySDH5RpbSdTCcNkTzwtFhr2NEvVb+2FI0RhchDSqPBfNWHV4Hn3dKuL42MNC2zjd2FYFpC8F27OXk/erUZIOZFfpZuIWypjSimfVC95a2Nb8kfQotTvQxUI1fwiB01ibUQGGkJj+mh7Utg/byBrbijpJnWRR7TT6oQ1NbIUHVXcqE1tfpbCBZ4Ws2Hqji0QoGc0fMrkt1NVlZlgbVrb9t+ctb1QcLaEPI+1Zf2a3AZhXOKA1EGx2W5DTQSWSPv57BUtFPICZENQi/ats30h+0FwtN7rjfx8Q6BIGO2D5JODI6eJC0nLNaL5UaPA0pjGRsNlZWoUzieuKG08G/rQtj/8jLq/3eLICv1cbfvj7lDPc0thPwXdrPIC9nLSisb/wdLufpqXsFku9TeBqrRHfQWImybcv7JRAeZZeHEo+tvFvZg5MSAEiPmz8zIOJOKhuMKEXlOmALmSjEhW6Ca5r7xuQ5Qwm0="

.travis.yml

@@ -33,11 +33,27 @@ matrix:
     services: docker
   - rvm: 2.5.3
     bundler_args: --without development release
-    env: PUPPET_INSTALL_TYPE=agent BEAKER_IS_PE=no BEAKER_PUPPET_COLLECTION=puppet5 BEAKER_debug=true BEAKER_setfile=ubuntu1404-64 BEAKER_HYPERVISOR=docker CHECK=beaker
+    env: PUPPET_INSTALL_TYPE=agent BEAKER_IS_PE=no BEAKER_PUPPET_COLLECTION=puppet5 BEAKER_debug=true BEAKER_setfile=debian9-64 BEAKER_HYPERVISOR=docker CHECK=beaker
     services: docker
   - rvm: 2.5.3
     bundler_args: --without development release
-    env: PUPPET_INSTALL_TYPE=agent BEAKER_IS_PE=no BEAKER_PUPPET_COLLECTION=puppet6 BEAKER_debug=true BEAKER_setfile=ubuntu1404-64 BEAKER_HYPERVISOR=docker CHECK=beaker
+    env: PUPPET_INSTALL_TYPE=agent BEAKER_IS_PE=no BEAKER_PUPPET_COLLECTION=puppet6 BEAKER_debug=true BEAKER_setfile=debian9-64 BEAKER_HYPERVISOR=docker CHECK=beaker
+    services: docker
+  - rvm: 2.5.3
+    bundler_args: --without development release
+    env: PUPPET_INSTALL_TYPE=agent BEAKER_IS_PE=no BEAKER_PUPPET_COLLECTION=puppet5 BEAKER_debug=true BEAKER_setfile=fedora29-64 BEAKER_HYPERVISOR=docker CHECK=beaker
+    services: docker
+  - rvm: 2.5.3
+    bundler_args: --without development release
+    env: PUPPET_INSTALL_TYPE=agent BEAKER_IS_PE=no BEAKER_PUPPET_COLLECTION=puppet6 BEAKER_debug=true BEAKER_setfile=fedora29-64 BEAKER_HYPERVISOR=docker CHECK=beaker
+    services: docker
+  - rvm: 2.5.3
+    bundler_args: --without development release
+    env: PUPPET_INSTALL_TYPE=agent BEAKER_IS_PE=no BEAKER_PUPPET_COLLECTION=puppet5 BEAKER_debug=true BEAKER_setfile=fedora30-64 BEAKER_HYPERVISOR=docker CHECK=beaker
+    services: docker
+  - rvm: 2.5.3
+    bundler_args: --without development release
+    env: PUPPET_INSTALL_TYPE=agent BEAKER_IS_PE=no BEAKER_PUPPET_COLLECTION=puppet6 BEAKER_debug=true BEAKER_setfile=fedora30-64 BEAKER_HYPERVISOR=docker CHECK=beaker
     services: docker
   - rvm: 2.5.3
     bundler_args: --without development release

README.md

@@ -24,21 +24,6 @@ The module can integrate with [stahnma/epel](https://forge.puppetlabs.com/stahnm
 to set up the repo by setting the `configure_epel` parameter to `true` (the default for RedHat) and
 installing the module.
 
-On Debian Jessie the module assumes the package certbot is available. This
-package can be found in jessie-backports. When using
-[puppetlabs/apt](https://forge.puppet.com/puppetlabs/apt) the following code
-can be used:
-
-```puppet
-include apt
-include apt::backports
-apt::pin { 'jessie-backports-letsencrypt':
-  release  => 'jessie-backports',
-  packages => prefix(['acme', 'cryptography', 'openssl', 'psutil', 'setuptools', 'pyasn1', 'pkg-resources'], 'python-'),
-  priority => 700,
-}
-```
-
 ## Usage
 
 ### Setting up the Let's Encrypt client
@@ -171,7 +156,7 @@ Example:
 
 ```puppet
 class { 'letsencrypt::plugin::dns_rfc2136':
-  server     => '1.2.3.4',
+  server     => '192.0.2.1',
   key_name   => 'certbot',
   key_secret => '[...]==',
 }

manifests/params.pp

@@ -1,3 +1,5 @@
+# @summary Default parameters
+# @api private
 class letsencrypt::params {
   $agree_tos           = true
   $unsafe_registration = false
@@ -14,55 +16,51 @@
     'server' => 'https://acme-v01.api.letsencrypt.org/directory',
   }
 
-  if $facts['operatingsystem'] == 'Debian' and versioncmp($facts['operatingsystemrelease'], '8') >= 0 {
+  if $facts['osfamily'] == 'Debian' {
     $install_method = 'package'
     $package_name = 'certbot'
     $package_command = 'certbot'
     $config_dir = '/etc/letsencrypt'
-  } elsif $facts['operatingsystem'] == 'Ubuntu' and versioncmp($facts['operatingsystemrelease'], '16.04') == 0 {
-    $install_method = 'package'
-    $package_name = 'letsencrypt'
-    $package_command = 'letsencrypt'
-    $config_dir = '/etc/letsencrypt'
-  } elsif $facts['operatingsystem'] == 'Ubuntu' and versioncmp($facts['operatingsystemrelease'], '18.04') >= 0 {
-    $install_method = 'package'
-    $package_name = 'certbot'
-    $package_command = 'certbot'
-    $config_dir = '/etc/letsencrypt'
-  } elsif $facts['osfamily'] == 'RedHat' and versioncmp($facts['operatingsystemmajrelease'], '7') >= 0 {
+    $dns_rfc2136_package_name = 'python3-certbot-dns-rfc2136'
+  } elsif $facts['osfamily'] == 'RedHat' {
     $install_method = 'package'
     $package_name = 'certbot'
     $package_command = 'certbot'
     $config_dir = '/etc/letsencrypt'
+    if $facts['operatingsystemmajrelease'] == '7' {
+      $dns_rfc2136_package_name = 'python2-certbot-dns-rfc2136'
+    } else {
+      $dns_rfc2136_package_name = 'python3-certbot-dns-rfc2136'
+    }
   } elsif $facts['osfamily'] == 'Gentoo' {
     $install_method = 'package'
     $package_name = 'app-crypt/certbot'
     $package_command = 'certbot'
     $config_dir = '/etc/letsencrypt'
+    $dns_rfc2136_package_name = undef
   } elsif $facts['osfamily'] == 'OpenBSD' {
     $install_method = 'package'
     $package_name = 'certbot'
     $package_command = 'certbot'
     $config_dir = '/etc/letsencrypt'
+    $dns_rfc2136_package_name = undef
   } elsif $facts['osfamily'] == 'FreeBSD' {
     $install_method = 'package'
     $package_name = 'py27-certbot'
     $package_command = 'certbot'
     $config_dir = '/usr/local/etc/letsencrypt'
+    $dns_rfc2136_package_name = undef
   } else {
     $install_method = 'vcs'
     $package_name = 'letsencrypt'
     $package_command = 'letsencrypt'
     $config_dir = '/etc/letsencrypt'
+    $dns_rfc2136_package_name = undef
   }
 
   $config_file = "${config_dir}/cli.ini"
 
-  if $facts['osfamily'] == 'RedHat' {
-    $configure_epel = $facts['os']['name'] != 'Fedora'
-  } else {
-    $configure_epel = false
-  }
+  $configure_epel = $facts['osfamily'] == 'RedHat' and $facts['os']['name'] != 'Fedora'
 
   $cron_owner_group = $facts['osfamily'] ? {
     'OpenBSD' =>  'wheel',

manifests/plugin/dns_rfc2136.pp

@@ -19,22 +19,25 @@
 #   Number of seconds to wait for the DNS server to propagate the DNS-01 challenge.
 # [*manage_package*]
 #   Manage the plugin package.
+# [*package_name*]
+#   The name of the package to install when $manage_package is true.
 # [*config_dir*]
 #   The path to the configuration directory.
 #
 class letsencrypt::plugin::dns_rfc2136 (
   Stdlib::Host $server,
   String[1] $key_name,
   String[1] $key_secret,
-  String[1] $key_algorithm         = $letsencrypt::params::dns_rfc2136_algorithm,
-  Stdlib::Port $port               = $letsencrypt::params::dns_rfc2136_port,
-  Integer $propagation_seconds     = $letsencrypt::params::dns_rfc2136_propagation_seconds,
+  String[1] $key_algorithm         = $letsencrypt::dns_rfc2136_algorithm,
+  Stdlib::Port $port               = $letsencrypt::dns_rfc2136_port,
+  Integer $propagation_seconds     = $letsencrypt::dns_rfc2136_propagation_seconds,
   Stdlib::Absolutepath $config_dir = $letsencrypt::config_dir,
-  Boolean $manage_package          = $letsencrypt::params::dns_rfc2136_manage_package,
+  Boolean $manage_package          = $letsencrypt::dns_rfc2136_manage_package,
+  String $package_name             = $letsencrypt::dns_rfc2136_package_name,
 ) {
 
-  if ($manage_package) {
-    package { 'python2-certbot-dns-rfc2136':
+  if $manage_package {
+    package { $package_name:
       ensure => installed,
     }
   }

metadata.json

@@ -29,21 +29,22 @@
     {
       "operatingsystem": "Fedora",
       "operatingsystemrelease": [
-        "29"
+        "29",
+        "30"
       ]
     },
     {
       "operatingsystem": "Ubuntu",
       "operatingsystemrelease": [
-        "14.04",
         "16.04",
         "18.04"
       ]
     },
     {
       "operatingsystem": "Debian",
       "operatingsystemrelease": [
-        "8"
+        "9",
+        "10"
       ]
     },
     {

spec/acceptance/letsencrypt_plugin_dns_rfc2136_spec.rb

@@ -0,0 +1,49 @@
+require 'spec_helper_acceptance'
+
+describe 'letsencrypt::plugin::dns_rfc2136' do
+  supported = case fact('os.family')
+              when 'Debian'
+                # Debian 9 has it in backports, Ubuntu started shipping in Bionic
+                fact('os.release.major') != '9' && fact('os.release.major') != '16.04'
+              when 'RedHat'
+                true
+              else
+                false
+              end
+
+  context 'with defaults values' do
+    pp = <<-PUPPET
+      class { 'letsencrypt' :
+        email  => '[email protected]',
+        config => {
+          'server' => 'https://acme-staging.api.letsencrypt.org/directory',
+        },
+      }
+      class { 'letsencrypt::plugin::dns_rfc2136':
+        server     => '192.0.2.1',
+        key_name   => 'certbot',
+        key_secret => 'secret',
+      }
+    PUPPET
+
+    if supported
+      it 'installs letsencrypt and dns rfc2136 plugin without error' do
+        apply_manifest(pp, catch_failures: true)
+      end
+      it 'installs letsencrypt and dns rfc2136 idempotently' do
+        apply_manifest(pp, catch_changes: true)
+      end
+
+      describe file('/etc/letsencrypt/dns-rfc2136.ini') do
+        it { is_expected.to be_file }
+        it { is_expected.to be_owned_by 'root' }
+        it { is_expected.to be_grouped_into 'root' }
+        it { is_expected.to be_mode 400 }
+      end
+    else
+      it 'fails to install' do
+        apply_manifest(pp, expect_failures: true)
+      end
+    end
+  end
+end

spec/classes/letsencrypt_spec.rb

@@ -64,23 +64,17 @@
             end
 
             if facts[:osfamily] == 'RedHat'
-              if facts[:operatingsystem] == 'Fedora'
-                is_expected.not_to contain_class('epel')
-              else
+              if epel
                 is_expected.to contain_class('epel').that_comes_before('Package[letsencrypt]')
+              else
+                is_expected.not_to contain_class('epel')
               end
-              is_expected.to contain_class('letsencrypt::install').with(install_method: 'package')
+              is_expected.to contain_class('letsencrypt::install').with(install_method: 'package').with(package_name: 'certbot')
               is_expected.to contain_class('letsencrypt').with(package_command: 'certbot')
               is_expected.to contain_package('letsencrypt').with(name: 'certbot')
               is_expected.to contain_file('/etc/letsencrypt').with(ensure: 'directory')
-            elsif facts[:operatingsystem] == 'Debian'
-              is_expected.to contain_class('letsencrypt::install').with(install_method: 'package')
-              is_expected.to contain_file('/etc/letsencrypt').with(ensure: 'directory')
-            elsif facts[:operatingsystem] == 'Ubuntu' && facts[:operatingsystemmajrelease] == '14.04'
-              is_expected.to contain_class('letsencrypt::install').with(install_method: 'vcs')
-              is_expected.to contain_file('/etc/letsencrypt').with(ensure: 'directory')
-            elsif facts[:operatingsystem] == 'Ubuntu'
-              is_expected.to contain_class('letsencrypt::install').with(install_method: 'package')
+            elsif facts[:osfamily] == 'Debian'
+              is_expected.to contain_class('letsencrypt::install').with(install_method: 'package').with(package_name: 'certbot')
               is_expected.to contain_file('/etc/letsencrypt').with(ensure: 'directory')
             elsif facts[:operatingsystem] == 'Gentoo'
               is_expected.to contain_class('letsencrypt::install').with(install_method: 'package').with(package_name: 'app-crypt/certbot')