Implemented chroot feature for RHEL/CentOS7
This commit is contained in:
committed by
Cedric DEFORTIS
parent
f2c32aaf37
commit
bcaafc05e1
+101
-17
@@ -7,17 +7,21 @@ describe 'bind' do
|
||||
let (:facts) {facts}
|
||||
case facts[:os]['family']
|
||||
when 'Debian'
|
||||
expected_bind_pkg = 'bind9'
|
||||
expected_bind_service = 'bind9'
|
||||
expected_named_conf = '/etc/bind/named.conf'
|
||||
expected_confdir = '/etc/bind'
|
||||
expected_default_zones_include = '/etc/bind/named.conf.default-zones'
|
||||
expected_bind_pkg = 'bind9'
|
||||
expected_bind_service = 'bind9'
|
||||
expected_bind_chroot_pkg = nil
|
||||
expected_bind_chroot_service = nil
|
||||
expected_named_conf = '/etc/bind/named.conf'
|
||||
expected_confdir = '/etc/bind'
|
||||
expected_default_zones_include= '/etc/bind/named.conf.default-zones'
|
||||
when 'RedHat'
|
||||
expected_bind_pkg = 'bind'
|
||||
expected_bind_service = 'named'
|
||||
expected_named_conf = '/etc/named.conf'
|
||||
expected_confdir = '/etc/named'
|
||||
expected_default_zones_include = '/etc/named.default-zones.conf'
|
||||
expected_bind_pkg = 'bind'
|
||||
expected_bind_service = 'named'
|
||||
expected_bind_chroot_pkg = 'bind-chroot'
|
||||
expected_bind_chroot_service = 'named-chroot'
|
||||
expected_named_conf = '/etc/named.conf'
|
||||
expected_confdir = '/etc/named'
|
||||
expected_default_zones_include= '/etc/named.default-zones.conf'
|
||||
end
|
||||
context 'with defaults for all parameters' do
|
||||
it { is_expected.to contain_class('bind::defaults') }
|
||||
@@ -42,13 +46,6 @@ describe 'bind' do
|
||||
end
|
||||
it { is_expected.to contain_file('/usr/local/bin/rndc-helper') }
|
||||
|
||||
case facts[:os]['family']
|
||||
when 'RedHat'
|
||||
it { is_expected.to contain_file(expected_default_zones_include) }
|
||||
when 'Debian'
|
||||
it { is_expected.not_to contain_file(expected_default_zones_include) }
|
||||
end
|
||||
|
||||
it { is_expected.to contain_concat("#{expected_confdir}/acls.conf") }
|
||||
it { is_expected.to contain_concat("#{expected_confdir}/keys.conf") }
|
||||
it { is_expected.to contain_concat("#{expected_confdir}/views.conf") }
|
||||
@@ -84,6 +81,93 @@ describe 'bind' do
|
||||
name: expected_bind_service
|
||||
})
|
||||
end
|
||||
case facts[:os]['family']
|
||||
when 'RedHat'
|
||||
it { is_expected.to contain_file(expected_default_zones_include) }
|
||||
it { is_expected.not_to contain_service('bind-no-chroot') }
|
||||
when 'Debian'
|
||||
it { is_expected.not_to contain_file(expected_default_zones_include) }
|
||||
end
|
||||
end
|
||||
context 'with chroot enabled' do
|
||||
let(:params) do
|
||||
{
|
||||
chroot: true,
|
||||
default_zones_include: '/etc/named/default-zones.conf'
|
||||
}
|
||||
end
|
||||
if not (facts[:os]['name'] == 'CentOS' && facts[:os]['release']['major'] == '7')
|
||||
it { is_expected.to compile.and_raise_error(/Chroot for bind is not supported on your OS/) }
|
||||
else
|
||||
it { is_expected.to compile.with_all_deps }
|
||||
it { is_expected.to contain_class('bind::defaults') }
|
||||
it { is_expected.to contain_class('bind::keydir') }
|
||||
it { is_expected.to contain_class('bind::updater') }
|
||||
it { is_expected.to contain_class('bind') }
|
||||
it { is_expected.to compile.with_all_deps }
|
||||
it do
|
||||
is_expected.to contain_package('bind').with({
|
||||
ensure: 'latest',
|
||||
name: expected_bind_chroot_pkg
|
||||
})
|
||||
end
|
||||
it { is_expected.to contain_file('/usr/local/bin/dnssec-init') }
|
||||
it do
|
||||
is_expected.to contain_bind__key('rndc-key').with(
|
||||
algorithm: 'hmac-md5',
|
||||
secret_bits: '512',
|
||||
keydir: expected_confdir,
|
||||
keyfile: 'rndc.key'
|
||||
)
|
||||
end
|
||||
it { is_expected.to contain_file('/usr/local/bin/rndc-helper') }
|
||||
|
||||
case facts[:os]['family']
|
||||
when 'RedHat'
|
||||
it { is_expected.to contain_file('/etc/named/default-zones.conf') }
|
||||
when 'Debian'
|
||||
it { is_expected.not_to contain_file(expected_default_zones_include) }
|
||||
end
|
||||
|
||||
it { is_expected.to contain_concat("#{expected_confdir}/acls.conf") }
|
||||
it { is_expected.to contain_concat("#{expected_confdir}/keys.conf") }
|
||||
it { is_expected.to contain_concat("#{expected_confdir}/views.conf") }
|
||||
it { is_expected.to contain_concat("#{expected_confdir}/servers.conf") }
|
||||
it { is_expected.to contain_concat("#{expected_confdir}/logging.conf") }
|
||||
it { is_expected.to contain_concat("#{expected_confdir}/view-mappings.txt") }
|
||||
it { is_expected.to contain_concat("#{expected_confdir}/domain-mappings.txt") }
|
||||
|
||||
it do
|
||||
is_expected.to contain_concat__fragment('bind-logging-header').with(
|
||||
order: '00-header',
|
||||
target: "#{expected_confdir}/logging.conf",
|
||||
content: "logging {\n"
|
||||
)
|
||||
end
|
||||
it do
|
||||
is_expected.to contain_concat__fragment('bind-logging-footer').with(
|
||||
order: '99-footer',
|
||||
target: "#{expected_confdir}/logging.conf",
|
||||
content: "};\n"
|
||||
)
|
||||
end
|
||||
it { is_expected.to contain_file(expected_named_conf).that_requires('Package[bind]') }
|
||||
it { is_expected.to contain_file(expected_named_conf).that_notifies('Service[bind]') }
|
||||
it do
|
||||
is_expected.to contain_service('bind-no-chroot').with({
|
||||
ensure: 'stopped',
|
||||
enable: false,
|
||||
name: expected_bind_service
|
||||
})
|
||||
end
|
||||
it do
|
||||
is_expected.to contain_service('bind').with({
|
||||
ensure: 'running',
|
||||
enable: true,
|
||||
name: expected_bind_chroot_service
|
||||
})
|
||||
end
|
||||
end
|
||||
end
|
||||
context 'with tkey-* parameters' do
|
||||
let(:params) do
|
||||
|
||||
Reference in New Issue
Block a user