Fix SSL in beaker tests

The snakeoil package uses the host's fqdn for the cert's CN, which means trying to use '127.0.0.1' as the JJB URL will fail with an SSL error, and the curl tests will also fail. JJB also doesn't have --insecure or --cafle options, so it gets a SSL_CERTIFICATE_VERIFY_FAILED when trying to run. Use the fqdn everywhere instead of the localhost address, and add the snakeoil certs to the system's trusted bundle. Change-Id: Iac97910b0d04eada62dd161341ee246a9cf3ebf8
2017-06-11 16:14:30 +02:00 · 2017-06-11 16:14:30 +02:00 · c476756cd6
commit c476756cd6
parent 3a1e5525fd
4 changed files with 9 additions and 16 deletions
--- a/spec/acceptance/fixtures/master.pp
+++ b/spec/acceptance/fixtures/master.pp
@ -1,7 +1,6 @@
 class { '::jenkins::jenkinsuser': }

 class { '::jenkins::master':
-  vhost_name              => '127.0.0.1',
  jenkins_ssh_private_key => file('/tmp/jenkins-ssh-keys/ssh_rsa_key'),
  jenkins_ssh_public_key  => file('/tmp/jenkins-ssh-keys/ssh_rsa_key.pub'),
  require                 => Class['::jenkins::jenkinsuser'],
--- a/spec/acceptance/fixtures/preconditions.pp
+++ b/spec/acceptance/fixtures/preconditions.pp
@ -37,3 +37,10 @@ ssh_keygen { 'ssh_rsa_key':
  ssh_directory => $ssh_key_directory,
  require       => File[$ssh_key_directory],
 }
+
+# JJB doesn't have a --insecure or --capath, so add the snakeoil certs to the system trust store
+exec { 'trust snake oil':
+  command => '/bin/cp /etc/ssl/certs/ssl-cert-snakeoil.pem /usr/local/share/ca-certificates/ubuntu.crt && /usr/sbin/update-ca-certificates',
+  require => Package['ssl-cert'],
+}
+
--- a/spec/acceptance/fixtures/slave.pp
+++ b/spec/acceptance/fixtures/slave.pp
@ -3,7 +3,7 @@ class { '::jenkins::slave':
 }

 class { '::jenkins::job_builder':
-  url                         => 'https://127.0.0.1',
+  url                         => "https://${::fqdn}",
  username                    => 'jenkins',
  password                    => 'secret',
  jenkins_jobs_update_timeout => 1200,
--- a/spec/acceptance/master_spec.rb
+++ b/spec/acceptance/master_spec.rb
@ -29,20 +29,7 @@ describe 'puppet-jenkins master module', :if => ['debian', 'ubuntu'].include?(os
  end

  describe 'required services' do
-    describe command('curl http://127.0.0.1 --verbose') do
-      its(:stdout) { should contain('302 Found') }
-      its(:stdout) { should contain('The document has moved') }
-    end
-
-    describe command('curl http://127.0.0.1 --insecure --location --verbose') do
-      its(:stdout) { should contain('Jenkins') }
-    end
-
-    describe command('curl https://127.0.0.1 --insecure') do
-      its(:stdout) { should contain('Jenkins') }
-    end
-
-    describe command('curl 127.0.0.1:8080') do
+    describe command('curl https://`hostname -f`/login --insecure --location --verbose') do
      its(:stdout) { should contain('Jenkins') }
    end
  end