Merge branch 'devel' into 'production'

Devel

See merge request !29

.devcontainer/devcontainer.json

-// For format details, see https://aka.ms/devcontainer.json. For config options, see the README at:
-// https://github.com/microsoft/vscode-dev-containers/tree/v0.140.1/containers/puppet
 {
 	"name": "Puppet Development Kit (Community)",
 	"dockerFile": "Dockerfile",
 
-	// Set *default* container specific settings.json values on container create.
 	"settings": {
-		"terminal.integrated.shell.linux": "/bin/bash"
+		"terminal.integrated.profiles.linux": {
+			"bash": {
+				"path": "bash",
+			}
+		}
 	},
 
-	// Add the IDs of extensions you want installed when the container is created.
 	"extensions": [
 		"puppet.puppet-vscode",
 		"rebornix.Ruby"
 	]
-
-	// Use 'forwardPorts' to make a list of ports inside the container available locally.
-	// "forwardPorts": [],
-
-	// Use 'postCreateCommand' to run commands after the container is created.
-	// "postCreateCommand": "pdk --version",
 }

.rubocop.yml

@@ -4,7 +4,7 @@ require:
 - rubocop-rspec
 AllCops:
   DisplayCopNames: true
-  TargetRubyVersion: '2.4'
+  TargetRubyVersion: '2.5'
   Include:
   - "**/*.rb"
   Exclude:

Gemfile

@@ -13,28 +13,39 @@ def location_for(place_or_version, fake_version = nil)
   end
 end
 
-ruby_version_segments = Gem::Version.new(RUBY_VERSION.dup).segments
-minor_version = ruby_version_segments[0..1].join('.')
-
 group :development do
-  gem "json", '= 2.0.4',                                         require: false if Gem::Requirement.create('~> 2.4.2').satisfied_by?(Gem::Version.new(RUBY_VERSION.dup))
-  gem "json", '= 2.1.0',                                         require: false if Gem::Requirement.create(['>= 2.5.0', '< 2.7.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup))
-  gem "json", '= 2.3.0',                                         require: false if Gem::Requirement.create(['>= 2.7.0', '< 2.8.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup))
-  gem "puppet-module-posix-default-r#{minor_version}", '~> 1.0', require: false, platforms: [:ruby]
-  gem "puppet-module-posix-dev-r#{minor_version}", '~> 1.0',     require: false, platforms: [:ruby]
-  gem "puppet-module-win-default-r#{minor_version}", '~> 1.0',   require: false, platforms: [:mswin, :mingw, :x64_mingw]
-  gem "puppet-module-win-dev-r#{minor_version}", '~> 1.0',       require: false, platforms: [:mswin, :mingw, :x64_mingw]
-  gem "puppet-lint-absolute_classname-check", '3.0.1',           require: false
-  gem "puppet-lint-absolute_template_path", '1.0.1',             require: false
-  gem "puppet-lint-empty_trailing_lines", '0.0.1',               require: false
-  gem "puppet-lint-file_ensure-check", '1.0.0',                  require: false
-  gem "puppet-lint-strict_indent-check", '2.0.8',                require: false
-  gem "puppet-lint-trailing_comma-check", '0.4.2',               require: false
-  gem "puppet-lint-unquoted_string-check", '2.1.0',              require: false
+  gem "json", '= 2.1.0',                                  require: false if Gem::Requirement.create(['>= 2.5.0', '< 2.7.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup))
+  gem "json", '= 2.3.0',                                  require: false if Gem::Requirement.create(['>= 2.7.0', '< 3.0.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup))
+  gem "json", '= 2.5.1',                                  require: false if Gem::Requirement.create(['>= 3.0.0', '< 3.0.5']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup))
+  gem "json", '= 2.6.1',                                  require: false if Gem::Requirement.create(['>= 3.1.0', '< 3.1.3']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup))
+  gem "json", '= 2.6.3',                                  require: false if Gem::Requirement.create(['>= 3.2.0', '< 4.0.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup))
+  gem "voxpupuli-puppet-lint-plugins", '~> 3.1',          require: false
+  gem "facterdb", '~> 1.18',                              require: false
+  gem "metadata-json-lint", '>= 2.0.2', '< 4.0.0',        require: false
+  gem "puppetlabs_spec_helper", '>= 3.0.0', '< 5.0.0',    require: false
+  gem "rspec-puppet-facts", '~> 2.0',                     require: false
+  gem "codecov", '~> 0.2',                                require: false
+  gem "dependency_checker", '~> 0.2',                     require: false
+  gem "parallel_tests", '~> 3.4',                         require: false
+  gem "pry", '~> 0.10',                                   require: false
+  gem "simplecov-console", '~> 0.5',                      require: false
+  gem "puppet-debugger", '~> 1.0',                        require: false
+  gem "rubocop", '= 1.6.1',                               require: false
+  gem "rubocop-performance", '= 1.9.1',                   require: false
+  gem "rubocop-rspec", '= 2.0.1',                         require: false
+  gem "rb-readline", '= 0.5.5',                           require: false, platforms: [:mswin, :mingw, :x64_mingw]
+  gem "concurrent-ruby", '< 1.2.0',                       require: false
+  gem "puppet-lint-absolute_classname-check", '>= 3.0.1', require: false
+  gem "puppet-lint-absolute_template_path", '>= 1.0.1',   require: false
+  gem "puppet-lint-empty_trailing_lines", '>= 0.0.1',     require: false
+  gem "puppet-lint-file_ensure-check", '>= 1.0.0',        require: false
+  gem "puppet-lint-strict_indent-check", '>= 2.0.8',      require: false
+  gem "puppet-lint-trailing_comma-check", '>= 0.4.3',     require: false
+  gem "puppet-lint-unquoted_string-check", '>= 2.1.0',    require: false
 end
 group :system_tests do
-  gem "puppet-module-posix-system-r#{minor_version}", '~> 1.0', require: false, platforms: [:ruby]
-  gem "puppet-module-win-system-r#{minor_version}", '~> 1.0',   require: false, platforms: [:mswin, :mingw, :x64_mingw]
+  gem "puppet_litmus", '< 1.0.0', require: false, platforms: [:ruby]
+  gem "serverspec", '~> 2.41',    require: false
 end
 
 puppet_version = ENV['PUPPET_GEM_VERSION']

Rakefile

@@ -43,6 +43,7 @@ end
 
 PuppetLint.configuration.send('disable_relative')
 
+
 if Bundler.rubygems.find_name('github_changelog_generator').any?
   GitHubChangelogGenerator::RakeTask.new :changelog do |config|
     raise "Set CHANGELOG_GITHUB_TOKEN environment variable eg 'export CHANGELOG_GITHUB_TOKEN=valid_token_here'" if Rake.application.top_level_tasks.include? "changelog" and ENV['CHANGELOG_GITHUB_TOKEN'].nil?

manifests/aes_sw.pp

 class aes::aes_sw {
-
   $examadm_user = examadm
   $examadm_group = $examadm_user
   $examadm_home = "/home/${examadm_user}"
@@ -37,11 +36,12 @@ class aes::aes_sw {
 
   file { "${examadm_home}/.ssh/authorized_keys":
     ensure  => file,
-    mode   => '0600',
-    owner  => $examadm_user,
-    group  => $examadm_group,
+    mode    => '0600',
+    owner   => $examadm_user,
+    group   => $examadm_group,
     content => @(SSHPUBKEY),
-command="/home/examadm/tal-cli/source/scripts/tal-export.py --format ics --lookback 90 --lookahead 180",no-pty,no-user-rc,no-port-forwarding,no-agent-forwarding,no-X11-forwarding ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDJW4LP0av20r7lPXNgsftF9oaAXK41AvHyuHwybciZC/QBfTcmYif83563cTg0OzR/p+OSobiDM0odaaFYtP/8xbuVRz87X5bGYm2m8yHHqPxobHkT5g/faMkl9Fef+Al4EsT5tiaYMOhG2lj8XRYuwAb7qjoz3FFbs8TEPE7Sv+4BUCCH94taCuNYLXSxN1EXvw7VW6Ld5QXRFP53l2QUeTqE9oSii3BVrXlqqrLvNV/7nwdwyse4uhff4QrM9o4oc9FaQr8PLlPGxdlbSfIQJMVzHGpeDu0WLw+NqtLO1hsdlvQm7GrT/v8N7GJNKlsvhwnwUuMhTrB0yPMbbub1 klaar36@upp
+      command="/home/examadm/tal-cli/source/scripts/tal-export.py --format ics --lookback 90 --lookahead 180",no-pty,no-user-rc,no-port-forwarding,no-agent-forwarding,no-X11-forwarding ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDJW4LP0av20r7lPXNgsftF9oaAXK41AvHyuHwybciZC/QBfTcmYif83563cTg0OzR/p+OSobiDM0odaaFYtP/8xbuVRz87X5bGYm2m8yHHqPxobHkT5g/faMkl9Fef+Al4EsT5tiaYMOhG2lj8XRYuwAb7qjoz3FFbs8TEPE7Sv+4BUCCH94taCuNYLXSxN1EXvw7VW6Ld5QXRFP53l2QUeTqE9oSii3BVrXlqqrLvNV/7nwdwyse4uhff4QrM9o4oc9FaQr8PLlPGxdlbSfIQJMVzHGpeDu0WLw+NqtLO1hsdlvQm7GrT/v8N7GJNKlsvhwnwUuMhTrB0yPMbbub1 klaar36@upp
+      command="/home/examadm/tal-cli/source/scripts/tal-export.py --written --format ics --lookback 90 --lookahead 180",no-pty,no-user-rc,no-port-forwarding,no-agent-forwarding,no-X11-forwarding ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILZ8aEAXw0tRcYrk1aqldepuC6tmdUYZuM270QdDF79o tal written exams to ics
     | SSHPUBKEY
   }
 
@@ -51,7 +51,7 @@ command="/home/examadm/tal-cli/source/scripts/tal-export.py --format ics --lookb
     group   => root,
     mode    => '0644',
     content => @(LOGINSERVICE),
-    [Unit]
+          [Unit]
     Description=AES Login server
     After=network.target
 
@@ -78,7 +78,7 @@ command="/home/examadm/tal-cli/source/scripts/tal-export.py --format ics --lookb
     group   => root,
     mode    => '0644',
     content => @(MSSERVICE),
-    [Unit]
+          [Unit]
     Description=AES Exam server
     After=network.target
 
@@ -99,7 +99,7 @@ command="/home/examadm/tal-cli/source/scripts/tal-export.py --format ics --lookb
     group   => root,
     mode    => '0700',
     content => @(MSCRON),
-    #!/bin/sh
+          #!/bin/sh
     /usr/bin/systemctl restart aes_ms
     | MSCRON
   }
@@ -110,7 +110,7 @@ command="/home/examadm/tal-cli/source/scripts/tal-export.py --format ics --lookb
     group   => root,
     mode    => '0700',
     content => @(MSCRON),
-    #!/bin/sh
+          #!/bin/sh
     /usr/bin/systemctl restart aes_login
     | MSCRON
   }

manifests/auth.pp

-class aes::auth(
+class aes::auth (
   Optional[String] $keytab_production = undef,
   Optional[String] $keytab_devel = undef
 ) {
-
   $auth_user = auth
   $auth_group = $auth_user
   $auth_home = "/srv/${auth_user}"
@@ -47,7 +46,7 @@ class aes::auth(
     comment    => 'Authentication server for AES',
     managehome => false,
     membership => inclusive,
-    groups     => [ 'aes_local_auth' ],
+    groups     => ['aes_local_auth'],
     system     => true,
     shell      => '/sbin/nologin',
   }
@@ -110,7 +109,7 @@ class aes::auth(
 
   exec { 'update-auth-repo' :
     command     => "/opt/utils/update_repo.sh ${auth_home}/src https://oauth2:F-agHaRXCdyFy38q4c-N@gitlab.liu.se/upp-aes/communication.git ${server_type}",
-    environment => [ "REPO_USER=${auth_user}", "REPO_GROUP=${auth_group}", "REPO_ON_UPDATE=${auth_home}/on_update.sh" ],
+    environment => ["REPO_USER=${auth_user}", "REPO_GROUP=${auth_group}", "REPO_ON_UPDATE=${auth_home}/on_update.sh"],
     # This command will need to run "on_update" as root in order to restart the service.
     user        => root,
     group       => root,

manifests/auth_keydb.pp

 class aes::auth_keydb {
-
   $keydb_user = auth_keydb
   $keydb_group = $keydb_user
   $keydb_home = "/srv/${keydb_user}"
@@ -20,7 +19,7 @@ class aes::auth_keydb {
     comment    => 'Authentication server for AES',
     managehome => false,
     membership => inclusive,
-    groups     => [ 'aes_local_auth' ],
+    groups     => ['aes_local_auth'],
     system     => true,
     shell      => '/sbin/nologin',
   }
@@ -50,7 +49,7 @@ class aes::auth_keydb {
 
   exec { 'update-keydb-repo' :
     command     => "/opt/utils/update_repo.sh ${keydb_home}/src https://oauth2:F-agHaRXCdyFy38q4c-N@gitlab.liu.se/upp-aes/communication.git ${server_type}",
-    environment => [ "REPO_USER=${keydb_user}", "REPO_GROUP=${keydb_group}", "REPO_ON_UPDATE=${keydb_home}/on_update.sh" ],
+    environment => ["REPO_USER=${keydb_user}", "REPO_GROUP=${keydb_group}", "REPO_ON_UPDATE=${keydb_home}/on_update.sh"],
     # This command will need to run "on_update" as root in order to restart the service.
     user        => root,
     group       => root,
@@ -76,4 +75,4 @@ class aes::auth_keydb {
   service { 'aes_temp_userdb' :
     ensure => 'running',
   }
-}
+}
\ No newline at end of file

manifests/broker.pp

 class aes::broker {
-
   $broker_user = broker
   $broker_group = $broker_user
   $broker_home = "/srv/${broker_user}"
@@ -90,7 +89,7 @@ class aes::broker {
 
   exec { 'update-broker-repo' :
     command     => "/opt/utils/update_repo.sh ${broker_home}/src https://oauth2:F-agHaRXCdyFy38q4c-N@gitlab.liu.se/upp-aes/communication.git ${server_type}",
-    environment => [ "REPO_USER=${broker_user}", "REPO_GROUP=${broker_group}", "REPO_ON_UPDATE=${broker_home}/on_update.sh" ],
+    environment => ["REPO_USER=${broker_user}", "REPO_GROUP=${broker_group}", "REPO_ON_UPDATE=${broker_home}/on_update.sh"],
     # This command will need to run "on_update" as root in order to restart the service.
     user        => root,
     group       => root,

manifests/examfiles.pp

 class aes::examfiles {
-
   include users::micis03
   include users::jondy94
   include users::andma54
@@ -32,5 +31,4 @@ class aes::examfiles {
     owner  => root,
     group  => liuitdrs,
   }
-
 }

manifests/init.pp

@@ -108,7 +108,7 @@ class aes {
 
   ::server_firewall::rules_file { '45-permit_squid.rules':
     content => @(EOF),
-    service squid is tcp/3128
+          service squid is tcp/3128
     service sclogin is tcp/23431
     service aesmsi is tcp/23816
     service aesmso is tcp/23817
@@ -123,5 +123,4 @@ class aes {
     end policy
     |-EOF
   }
-
 }

manifests/latex.pp

 class aes::latex {
-
   package {
     [
       'texlive',
@@ -15,6 +14,4 @@ class aes::latex {
     ]:
       ensure  => installed,
   }
-
-
 }

manifests/opendsa.pp

 class aes::opendsa {
-
   $opendsa_user = opendsa
   $opendsa_group = $opendsa_user
   $opendsa_home = "/srv/${opendsa_user}"
@@ -41,7 +40,7 @@ class aes::opendsa {
 
   exec { 'update-repo':
     command     => "/opt/utils/update_repo.sh ${opendsa_home}/OpenDSA https://oauth2:taNPRZid9Hv6jJtdW_T8@gitlab.liu.se/opendsa/OpenDSA.git exam",
-    environment => [ "REPO_USER=${opendsa_user}", "REPO_GROUP=${opendsa_group}", "REPO_ON_UPDATE=${opendsa_home}/on_update.sh" ],
+    environment => ["REPO_USER=${opendsa_user}", "REPO_GROUP=${opendsa_group}", "REPO_ON_UPDATE=${opendsa_home}/on_update.sh"],
     # This command will need to run "on_update" as root in order to restart the service.
     user        => root,
     group       => root,
@@ -63,5 +62,4 @@ class aes::opendsa {
   }
 
   # Ändra TDDD86-raden i rules.d/opendsa till "TDDD86[AB]_191219"
-
 }

manifests/squid_filter.pp

 class aes::squid_filter {
-
   package { 'squid' :
     ensure => 'present',
   }
@@ -65,5 +64,4 @@ class aes::squid_filter {
     ensure => 'running',
     enable => true,
   }
-
 }

manifests/tal_cli.pp

-class aes::tal_cli(
+class aes::tal_cli (
   Optional[String] $credentials = undef
 ) {
-
   file { '/home/examadm/tal-cli' :
     ensure => directory,
     owner  => examadm,
@@ -43,9 +42,30 @@ class aes::tal_cli(
 
   exec { 'update-tal-repo' :
     command     => '/opt/utils/update_repo.sh /home/examadm/tal-cli/source https://oauth2:glpat-bfpVssm_zFmt1YRW7cLz@gitlab.liu.se/upp-aes/tal-cli.git master',
-    environment => [ 'REPO_ON_UPDATE=/home/examadm/tal-cli/on_update.sh' ],
+    environment => ['REPO_ON_UPDATE=/home/examadm/tal-cli/on_update.sh'],
     user        => examadm,
     group       => examadm,
     cwd         => '/home/examadm/tal-cli',
   }
+
+  file { '/etc/cron.daily/tal-remind' :
+    ensure  => file,
+    owner   => 'root',
+    group   => 'root',
+    mode    => '0700',
+    content => @(END),
+    #!/bin/bash
+    if [ "$(hostname)" = "aes-devel.edu.liu.se" ]
+    then
+        TO="klas.arvidsson@liu.se"
+    else
+        TO="inrapportering@ida.liu.se"
+    fi
+    if [ -e /home/examadm/ENABLE_TAL_REMINDERS ]
+    then
+        sudo -u examadm /home/examadm/tal-cli/scripts/tal-remind.py --to ${TO} --send
+        sudo -u examadm /home/examadm/tal-cli/scripts/tal-remind.py --to ${TO} --computer-exam --send
+    fi
+    | END
+  }
 }

metadata.json

@@ -26,7 +26,7 @@
       "version_requirement": ">= 6.21.0 < 8.0.0"
     }
   ],
-  "pdk-version": "2.2.0",
+  "pdk-version": "2.6.1",
   "template-url": "https://gitlab.it.liu.se/puppet-infra/pdk-templates.git#liu",
-  "template-ref": "heads/liu-0-gd8925d4"
+  "template-ref": "heads/liu-0-g09dd5f0"
 }