Skip to content

Commit

Permalink
raise default version to 1.16.0
Browse files Browse the repository at this point in the history 
this fixes the acceptance tests. But there is a bigger issue here.
The code in manifests/init.pp is not idempotent:
```
 String[1] $nginx_version                                = pick(fact('nginx_version'), '1.6.0'),
```
Turns out on the first run the fact might not be set yet leading to a pre 1.15.0 compatible
configuration on systems wich ship a newer version of nginx. Leading to
```
nginx: [emerg] unknown directive "ssl" in /etc/nginx/sites-enabled/www.puppetlabs.com.conf:25
```
  • Loading branch information
@TheMeier
TheMeier committed Jun 3, 2024
1 parent bbfff0a commit b92035f
Show file tree
Hide file tree
Showing 5 changed files with 5 additions and 4 deletions.
1 change: 1 addition & 0 deletions .rspec
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,3 +3,4 @@

--format documentation
--color
--fail-fast
2 changes: 1 addition & 1 deletion REFERENCE.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -281,7 +281,7 @@ already installed. If the fact is unavailable, it defaults to '1.6.0'.
You may need to set this manually to get a working and idempotent
configuration.

Default value: `pick(fact('nginx_version'), '1.6.0')`
Default value: `pick(fact('nginx_version'), '1.16.0')`

##### <a name="-nginx--debug_connections"></a>`debug_connections`

Expand Down
2 changes: 1 addition & 1 deletion manifests/init.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -240,7 +240,7 @@
Hash $nginx_upstreams = {},
Nginx::UpstreamDefaults $nginx_upstreams_defaults = {},
Boolean $purge_passenger_repo = true,
String[1] $nginx_version = pick(fact('nginx_version'), '1.6.0'),
String[1] $nginx_version = pick(fact('nginx_version'), '1.16.0'),

### END Hiera Lookups ###
) inherits nginx::params {
Expand Down
2 changes: 1 addition & 1 deletion spec/acceptance/nginx_mail_spec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -80,7 +80,7 @@ class { 'nginx':
it { is_expected.to be_listening }
end

context 'when configured for nginx 1.14' do
context 'when configured for nginx 1.14', if: !%w[Debian Archlinux].include?(fact('os.family')) do
it 'runs successfully' do

Check failure on line 84 in spec/acceptance/nginx_mail_spec.rb

View workflow job for this annotation

GitHub Actions / Puppet / Puppet 8 - Rocky 8 

nginx::resource::mailhost define: actualy test the mail module when configured for nginx 1.14 runs successfully

Failure/Error: apply_manifest(pp, catch_failures: true)
Beaker::Host::CommandFailure:
  Host 'rocky8-64-puppet8.example.com' exited with 6 running:
   puppet apply --verbose --detailed-exitcodes /tmp/apply_manifest_082330914.uXZLa8.pp
  Last 10 lines of output were:
  	Jun 03 08:23:41 rocky8-64-puppet8.example.com nginx[3192]: nginx: configuration file /etc/nginx/nginx.conf test failed
  	Jun 03 08:23:41 rocky8-64-puppet8.example.com systemd[1]: nginx.service: Control process exited, code=exited status=1
  	Jun 03 08:23:41 rocky8-64-puppet8.example.com systemd[1]: nginx.service: Failed with result 'exit-code'.
  	Jun 03 08:23:41 rocky8-64-puppet8.example.com systemd[1]: Failed to start The nginx HTTP and reverse proxy server.
  	
  	�[mNotice: /Stage[main]/Nginx::Service/Service[nginx]: Triggered 'refresh' from 1 event
  	Info: Class[Nginx::Service]: Unscheduling all events on Class[Nginx::Service]
  	Info: Class[Nginx]: Unscheduling all events on Class[Nginx]
  	Info: Stage[main]: Unscheduling all events on Stage[main]
  	�[mNotice: Applied catalog in 8.85 seconds

Check failure on line 84 in spec/acceptance/nginx_mail_spec.rb

View workflow job for this annotation

GitHub Actions / Puppet / Puppet 7 - Rocky 8 

nginx::resource::mailhost define: actualy test the mail module when configured for nginx 1.14 runs successfully

Failure/Error: apply_manifest(pp, catch_failures: true)
Beaker::Host::CommandFailure:
  Host 'rocky8-64-puppet7.example.com' exited with 6 running:
   puppet apply --verbose --detailed-exitcodes /tmp/apply_manifest_082317199.frJjzh.pp
  Last 10 lines of output were:
  	Jun 03 08:23:25 rocky8-64-puppet7.example.com nginx[3206]: nginx: configuration file /etc/nginx/nginx.conf test failed
  	Jun 03 08:23:25 rocky8-64-puppet7.example.com systemd[1]: nginx.service: Control process exited, code=exited status=1
  	Jun 03 08:23:25 rocky8-64-puppet7.example.com systemd[1]: nginx.service: Failed with result 'exit-code'.
  	Jun 03 08:23:25 rocky8-64-puppet7.example.com systemd[1]: Failed to start The nginx HTTP and reverse proxy server.
  	
  	�[mNotice: /Stage[main]/Nginx::Service/Service[nginx]: Triggered 'refresh' from 1 event
  	Info: Class[Nginx::Service]: Unscheduling all events on Class[Nginx::Service]
  	Info: Class[Nginx]: Unscheduling all events on Class[Nginx]
  	Info: Stage[main]: Unscheduling all events on Stage[main]
  	�[mNotice: Applied catalog in 6.65 seconds

Check failure on line 84 in spec/acceptance/nginx_mail_spec.rb

View workflow job for this annotation

GitHub Actions / Puppet / Puppet 8 - AlmaLinux 8 

nginx::resource::mailhost define: actualy test the mail module when configured for nginx 1.14 runs successfully

Failure/Error: apply_manifest(pp, catch_failures: true)
Beaker::Host::CommandFailure:
  Host 'almalinux8-64-puppet8.example.com' exited with 6 running:
   puppet apply --verbose --detailed-exitcodes /tmp/apply_manifest_082320359.0k9l3f.pp
  Last 10 lines of output were:
  	Jun 03 08:23:27 almalinux8-64-puppet8.example.com nginx[3448]: nginx: configuration file /etc/nginx/nginx.conf test failed
  	Jun 03 08:23:27 almalinux8-64-puppet8.example.com systemd[1]: nginx.service: Control process exited, code=exited status=1
  	Jun 03 08:23:27 almalinux8-64-puppet8.example.com systemd[1]: nginx.service: Failed with result 'exit-code'.
  	Jun 03 08:23:27 almalinux8-64-puppet8.example.com systemd[1]: Failed to start The nginx HTTP and reverse proxy server.
  	
  	�[mNotice: /Stage[main]/Nginx::Service/Service[nginx]: Triggered 'refresh' from 1 event
  	Info: Class[Nginx::Service]: Unscheduling all events on Class[Nginx::Service]
  	Info: Class[Nginx]: Unscheduling all events on Class[Nginx]
  	Info: Stage[main]: Unscheduling all events on Stage[main]
  	�[mNotice: Applied catalog in 5.54 seconds

Check failure on line 84 in spec/acceptance/nginx_mail_spec.rb

View workflow job for this annotation

GitHub Actions / Puppet / Puppet 7 - AlmaLinux 8 

nginx::resource::mailhost define: actualy test the mail module when configured for nginx 1.14 runs successfully

Failure/Error: apply_manifest(pp, catch_failures: true)
Beaker::Host::CommandFailure:
  Host 'almalinux8-64-puppet7.example.com' exited with 6 running:
   puppet apply --verbose --detailed-exitcodes /tmp/apply_manifest_082309692.4pdTho.pp
  Last 10 lines of output were:
  	Jun 03 08:23:16 almalinux8-64-puppet7.example.com nginx[3459]: nginx: configuration file /etc/nginx/nginx.conf test failed
  	Jun 03 08:23:16 almalinux8-64-puppet7.example.com systemd[1]: nginx.service: Control process exited, code=exited status=1
  	Jun 03 08:23:16 almalinux8-64-puppet7.example.com systemd[1]: nginx.service: Failed with result 'exit-code'.
  	Jun 03 08:23:16 almalinux8-64-puppet7.example.com systemd[1]: Failed to start The nginx HTTP and reverse proxy server.
  	
  	�[mNotice: /Stage[main]/Nginx::Service/Service[nginx]: Triggered 'refresh' from 1 event
  	Info: Class[Nginx::Service]: Unscheduling all events on Class[Nginx::Service]
  	Info: Class[Nginx]: Unscheduling all events on Class[Nginx]
  	Info: Stage[main]: Unscheduling all events on Stage[main]
  	�[mNotice: Applied catalog in 4.86 seconds
pp = "
if fact('os.family') == 'RedHat' {
Expand Down
2 changes: 1 addition & 1 deletion spec/defines/resource_server_spec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -672,7 +672,7 @@
facts[:nginx_version] ? facts.delete(:nginx_version) : facts
end

it { is_expected.to contain_concat__fragment("#{title}-ssl-header").with_content(%r{ ssl on;}) }
it { is_expected.to contain_concat__fragment("#{title}-ssl-header").with_content(%r{ listen *:443 ssl;}) }

Check failure on line 675 in spec/defines/resource_server_spec.rb

View workflow job for this annotation

GitHub Actions / Puppet / 8 (Ruby 3.2) 

nginx::resource::server on virtuozzolinux-7-x86_64 with Facter 3.14.5 and Puppet 8.6.0 os-independent items server_ssl_header template content with ssl without a value for the nginx_version fact do is expected to contain Concat::Fragment[www.rspec.example.com-ssl-header] with content =~ /  listen       *:443 ssl;/

Failure/Error: it { is_expected.to contain_concat__fragment("#{title}-ssl-header").with_content(%r{  listen       *:443 ssl;}) }

  expected that the catalogue would contain Concat::Fragment[www.rspec.example.com-ssl-header] with content set to /  listen       *:443 ssl;/ but it is set to "# MANAGED BY PUPPET\nserver {\n  listen       *:443 ssl;\n  listen       [::]:443 ssl default ipv6only=on;\n\n\n  server_name  www.rspec.example.com;\n\n  ssl_certificate           /tmp/dummy.crt;\n  ssl_certificate_key       /tmp/dummy.key;\n\n  index  index.html index.htm index.php;\n  access_log            /var/log/nginx/ssl-www.rspec.example.com.access.log;\n  error_log             /var/log/nginx/ssl-www.rspec.example.com.error.log;\n  \n"
  Diff:
  @@ -1,15 +1,29 @@
  -(?-mix:  listen       *:443 ssl;)
  +# MANAGED BY PUPPET
  +server {
  +  listen       *:443 ssl;
  +  listen       [::]:443 ssl default ipv6only=on;
  +
  +
  +  server_name  www.rspec.example.com;
  +
  +  ssl_certificate           /tmp/dummy.crt;
  +  ssl_certificate_key       /tmp/dummy.key;
  +
  +  index  index.html index.htm index.php;
  +  access_log            /var/log/nginx/ssl-www.rspec.example.com.access.log;
  +  error_log             /var/log/nginx/ssl-www.rspec.example.com.error.log;
  +

Check failure on line 675 in spec/defines/resource_server_spec.rb

View workflow job for this annotation

GitHub Actions / Puppet / 8 (Ruby 3.2) 

nginx::resource::server on almalinux-8-x86_64 with Facter 4.2.14 and Puppet 8.6.0 os-independent items server_ssl_header template content with ssl without a value for the nginx_version fact do is expected to contain Concat::Fragment[www.rspec.example.com-ssl-header] with content =~ /  listen       *:443 ssl;/

Failure/Error: it { is_expected.to contain_concat__fragment("#{title}-ssl-header").with_content(%r{  listen       *:443 ssl;}) }

  expected that the catalogue would contain Concat::Fragment[www.rspec.example.com-ssl-header] with content set to /  listen       *:443 ssl;/ but it is set to "# MANAGED BY PUPPET\nserver {\n  listen       *:443 ssl;\n  listen       [::]:443 ssl default ipv6only=on;\n\n\n  server_name  www.rspec.example.com;\n\n  ssl_certificate           /tmp/dummy.crt;\n  ssl_certificate_key       /tmp/dummy.key;\n\n  index  index.html index.htm index.php;\n  access_log            /var/log/nginx/ssl-www.rspec.example.com.access.log;\n  error_log             /var/log/nginx/ssl-www.rspec.example.com.error.log;\n  \n"
  Diff:
  @@ -1,15 +1,29 @@
  -(?-mix:  listen       *:443 ssl;)
  +# MANAGED BY PUPPET
  +server {
  +  listen       *:443 ssl;
  +  listen       [::]:443 ssl default ipv6only=on;
  +
  +
  +  server_name  www.rspec.example.com;
  +
  +  ssl_certificate           /tmp/dummy.crt;
  +  ssl_certificate_key       /tmp/dummy.key;
  +
  +  index  index.html index.htm index.php;
  +  access_log            /var/log/nginx/ssl-www.rspec.example.com.access.log;
  +  error_log             /var/log/nginx/ssl-www.rspec.example.com.error.log;
  +

Check failure on line 675 in spec/defines/resource_server_spec.rb

View workflow job for this annotation

GitHub Actions / Puppet / 8 (Ruby 3.2) 

nginx::resource::server on almalinux-9-x86_64 with Facter 4.2.14 and Puppet 8.6.0 os-independent items server_ssl_header template content with ssl without a value for the nginx_version fact do is expected to contain Concat::Fragment[www.rspec.example.com-ssl-header] with content =~ /  listen       *:443 ssl;/

Failure/Error: it { is_expected.to contain_concat__fragment("#{title}-ssl-header").with_content(%r{  listen       *:443 ssl;}) }

  expected that the catalogue would contain Concat::Fragment[www.rspec.example.com-ssl-header] with content set to /  listen       *:443 ssl;/ but it is set to "# MANAGED BY PUPPET\nserver {\n  listen       *:443 ssl;\n  listen       [::]:443 ssl default ipv6only=on;\n\n\n  server_name  www.rspec.example.com;\n\n  ssl_certificate           /tmp/dummy.crt;\n  ssl_certificate_key       /tmp/dummy.key;\n\n  index  index.html index.htm index.php;\n  access_log            /var/log/nginx/ssl-www.rspec.example.com.access.log;\n  error_log             /var/log/nginx/ssl-www.rspec.example.com.error.log;\n  \n"
  Diff:
  @@ -1,15 +1,29 @@
  -(?-mix:  listen       *:443 ssl;)
  +# MANAGED BY PUPPET
  +server {
  +  listen       *:443 ssl;
  +  listen       [::]:443 ssl default ipv6only=on;
  +
  +
  +  server_name  www.rspec.example.com;
  +
  +  ssl_certificate           /tmp/dummy.crt;
  +  ssl_certificate_key       /tmp/dummy.key;
  +
  +  index  index.html index.htm index.php;
  +  access_log            /var/log/nginx/ssl-www.rspec.example.com.access.log;
  +  error_log             /var/log/nginx/ssl-www.rspec.example.com.error.log;
  +

Check failure on line 675 in spec/defines/resource_server_spec.rb

View workflow job for this annotation

GitHub Actions / Puppet / 7 (Ruby 2.7) 

nginx::resource::server on virtuozzolinux-7-x86_64 with Facter 3.14.5 and Puppet 7.30.0 os-independent items server_ssl_header template content with ssl without a value for the nginx_version fact do is expected to contain Concat::Fragment[www.rspec.example.com-ssl-header] with content =~ /  listen       *:443 ssl;/

Failure/Error: it { is_expected.to contain_concat__fragment("#{title}-ssl-header").with_content(%r{  listen       *:443 ssl;}) }

  expected that the catalogue would contain Concat::Fragment[www.rspec.example.com-ssl-header] with content set to /  listen       *:443 ssl;/ but it is set to "# MANAGED BY PUPPET\nserver {\n  listen       *:443 ssl;\n  listen       [::]:443 ssl default ipv6only=on;\n\n\n  server_name  www.rspec.example.com;\n\n  ssl_certificate           /tmp/dummy.crt;\n  ssl_certificate_key       /tmp/dummy.key;\n\n  index  index.html index.htm index.php;\n  access_log            /var/log/nginx/ssl-www.rspec.example.com.access.log;\n  error_log             /var/log/nginx/ssl-www.rspec.example.com.error.log;\n  \n"
  Diff:
  @@ -1,15 +1,29 @@
  -(?-mix:  listen       *:443 ssl;)
  +# MANAGED BY PUPPET
  +server {
  +  listen       *:443 ssl;
  +  listen       [::]:443 ssl default ipv6only=on;
  +
  +
  +  server_name  www.rspec.example.com;
  +
  +  ssl_certificate           /tmp/dummy.crt;
  +  ssl_certificate_key       /tmp/dummy.key;
  +
  +  index  index.html index.htm index.php;
  +  access_log            /var/log/nginx/ssl-www.rspec.example.com.access.log;
  +  error_log             /var/log/nginx/ssl-www.rspec.example.com.error.log;
  +

Check failure on line 675 in spec/defines/resource_server_spec.rb

View workflow job for this annotation

GitHub Actions / Puppet / 7 (Ruby 2.7) 

nginx::resource::server on almalinux-8-x86_64 with Facter 4.2.14 and Puppet 7.30.0 os-independent items server_ssl_header template content with ssl without a value for the nginx_version fact do is expected to contain Concat::Fragment[www.rspec.example.com-ssl-header] with content =~ /  listen       *:443 ssl;/

Failure/Error: it { is_expected.to contain_concat__fragment("#{title}-ssl-header").with_content(%r{  listen       *:443 ssl;}) }

  expected that the catalogue would contain Concat::Fragment[www.rspec.example.com-ssl-header] with content set to /  listen       *:443 ssl;/ but it is set to "# MANAGED BY PUPPET\nserver {\n  listen       *:443 ssl;\n  listen       [::]:443 ssl default ipv6only=on;\n\n\n  server_name  www.rspec.example.com;\n\n  ssl_certificate           /tmp/dummy.crt;\n  ssl_certificate_key       /tmp/dummy.key;\n\n  index  index.html index.htm index.php;\n  access_log            /var/log/nginx/ssl-www.rspec.example.com.access.log;\n  error_log             /var/log/nginx/ssl-www.rspec.example.com.error.log;\n  \n"
  Diff:
  @@ -1,15 +1,29 @@
  -(?-mix:  listen       *:443 ssl;)
  +# MANAGED BY PUPPET
  +server {
  +  listen       *:443 ssl;
  +  listen       [::]:443 ssl default ipv6only=on;
  +
  +
  +  server_name  www.rspec.example.com;
  +
  +  ssl_certificate           /tmp/dummy.crt;
  +  ssl_certificate_key       /tmp/dummy.key;
  +
  +  index  index.html index.htm index.php;
  +  access_log            /var/log/nginx/ssl-www.rspec.example.com.access.log;
  +  error_log             /var/log/nginx/ssl-www.rspec.example.com.error.log;
  +

Check failure on line 675 in spec/defines/resource_server_spec.rb

View workflow job for this annotation

GitHub Actions / Puppet / 7 (Ruby 2.7) 

nginx::resource::server on almalinux-9-x86_64 with Facter 4.2.14 and Puppet 7.30.0 os-independent items server_ssl_header template content with ssl without a value for the nginx_version fact do is expected to contain Concat::Fragment[www.rspec.example.com-ssl-header] with content =~ /  listen       *:443 ssl;/

Failure/Error: it { is_expected.to contain_concat__fragment("#{title}-ssl-header").with_content(%r{  listen       *:443 ssl;}) }

  expected that the catalogue would contain Concat::Fragment[www.rspec.example.com-ssl-header] with content set to /  listen       *:443 ssl;/ but it is set to "# MANAGED BY PUPPET\nserver {\n  listen       *:443 ssl;\n  listen       [::]:443 ssl default ipv6only=on;\n\n\n  server_name  www.rspec.example.com;\n\n  ssl_certificate           /tmp/dummy.crt;\n  ssl_certificate_key       /tmp/dummy.key;\n\n  index  index.html index.htm index.php;\n  access_log            /var/log/nginx/ssl-www.rspec.example.com.access.log;\n  error_log             /var/log/nginx/ssl-www.rspec.example.com.error.log;\n  \n"
  Diff:
  @@ -1,15 +1,29 @@
  -(?-mix:  listen       *:443 ssl;)
  +# MANAGED BY PUPPET
  +server {
  +  listen       *:443 ssl;
  +  listen       [::]:443 ssl default ipv6only=on;
  +
  +
  +  server_name  www.rspec.example.com;
  +
  +  ssl_certificate           /tmp/dummy.crt;
  +  ssl_certificate_key       /tmp/dummy.key;
  +
  +  index  index.html index.htm index.php;
  +  access_log            /var/log/nginx/ssl-www.rspec.example.com.access.log;
  +  error_log             /var/log/nginx/ssl-www.rspec.example.com.error.log;
  +
end

context 'with fact nginx_version=1.14.1' do
Expand Down

0 comments on commit b92035f

Please sign in to comment.