Since the beaker jobs are being run on xenial, we need a special nodeset
for it, otherwise beaker gives an error:
beaker-hostgenerator was not able to use this value as input.
Exiting with an Error.
We also want to install puppet from the Ubuntu repos rather than from
puppetlabs, since puppetlabs doesn't support puppet 3 for Xenial. For
centos we can keep the install process the same.
This patch includes additional fixes for issues that were probably
present when the tests were first merged:
- make sure the irc pip package is installed by the puppet class
- use double quotes for the channels.yaml fixture so properly render the
newline characters
- add "access" and "global" sections to the channels.yaml fixture since
accessbot will otherwise be unable to parse the file
- remove spec assertions about the accessbot process, because if it was
successful it should have exited during the puppet run, and in fact if
it didn't exit the puppet run would have failed.
- correct the group name the spec is asserting of the config file
Additionally, out of band from this patch, the nick 'accessbot-test' is
nowregistered on freenode. If it's not registered, it becomes stuck in
the irc infinite loop without performing any actions. This does not mean
it has any permissions to make any real access changes.
Change-Id: Ifd2244ae9dd212b2475f9cd6adb994bc058a4769
Depends-On: I23d0a9c0f4b6ecbb3403447adb03e845d2695366
Order of those parameters is changed
to follow Puppet Style Guide recommendation [0].
Moreover, it will allow to an user to find much faster
a variable in a list of variables.
[0]. https://docs.puppetlabs.com/guides/style_guide.html
Change-Id: I4dc302b7d1aa13b5bd02eb5c5c52b79fd4beebdc
In preparation for puppet 4, the puppet-lint-empty_string-check gem
helps find where empty strings are assigned to variables because how
empty strings are evaluated changes in puppet 4, so the easiest thing
is to just remove usage of them.
More importantly, it is not appropriate to set defaults for parameters
that are, realistically, required. If the users leaves these parameters
blank, puppet will apply most resources successfully but fail
mysteriously on the Exec['run_accessbot'] resource, causing the user to
spend additional time debugging. If no defaults are provided in the
puppet class, puppet fill fail with a message stating that the user
must supply values. This "fail fast" approach is much preferred to
debugging obtuse python tracebacks.
This change is technically backwards-incompatible. However, it will not
break Infra because we are already supplying these parameters via
system-config/modules/openstack_project/manifests/eavesdrop.pp. If
there are other users using this module and they are not passing in
these parameters, then their accessbots cannot possibly be running.
An alternative approach is to supply undef as parameter defaults. This
will allow the puppet-lint gem to pass, but does not help the user at
all.
Change-Id: I046340b852e7e8983b741e5bad415678977bea0d
Run it whenever there is a change to the YAML channel config.
The script will ensure everyone listed in global has those perms
and anyone else found with access on a channel will be left as-is
except that their access will be limited to the relevant mask.
Move it and the previous change to add a permission checking
script into a new module, 'accessbot'.
Support SSL in both scripts.
Add a 1 second sleep in the check script to avoid flood protection.
Add all known channels to the channel config.
Closes-Bug: 1190296
Change-Id: I5072cb56ae83a70f4fa955362b8db909b2956d70
Monty Taylor