Merge pull request #23 from jordiprats/master

changed randomize default for centos 6
NTTCom-MS · Jul 12, 2017 · 3f4c151 · 3f4c151
2 parents ddc8169 + d3d4116
commit 3f4c151
Show file tree

Hide file tree

Showing 8 changed files with 27 additions and 15 deletions.
diff --git a/.travis.yml b/.travis.yml
@@ -23,11 +23,6 @@ matrix:
     dist: trusty
     bundler_args:
     script: bundle exec rake validate
-  - rvm: default
-    env: BEAKER_set="centos5-docker"
-    dist: trusty
-    bundler_args:
-    script: sudo service docker restart ; sleep 10 && bundle exec rspec spec/acceptance/*_spec.rb
   - rvm: default
     env: BEAKER_set="centos6-docker"
     dist: trusty

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,8 +1,16 @@
 # CHANGELOG
 
+## 0.2.19
+
+* changed default randomize_va_space to 2 for CentOS 6
+
+## 0.2.18
+
+* bugfix **sysctl::randomize_va_space** can be set to 0, 1 and 2
+
 ## 0.2.16
 
-* dirty hack to be able to disable a given sysctl setting already configured 
+* dirty hack to be able to disable a given sysctl setting already configured
 
 ## 0.2.15
 

diff --git a/manifests/init.pp b/manifests/init.pp
@@ -14,7 +14,7 @@
               $ipv4_tcp_syncookies                    = true,
               $disable_netfilter_on_bridges           = true,
               $execshield                             = true,
-              $randomize_va_space                     = true,
+              $randomize_va_space                     = $sysctl::params::randomize_va_space_default,
               $suid_dumpable                          = false,
               $shmall                                 = '4294967296',
               $shmmax                                 = '68719476736',
@@ -50,9 +50,9 @@
   }
 
   concat::fragment{ 'base sysctl':
+    order   => '00',
     target  => '/etc/sysctl.conf',
     content => template("${module_name}/sysctlbase.erb"),
-    order   => '00',
   }
 
   class { 'sysctl::service':

diff --git a/manifests/params.pp b/manifests/params.pp
@@ -9,10 +9,12 @@
         /^[5-6].*$/:
         {
           $sysctlreload='sysctl -e -p'
+          $randomize_va_space_default='2'
         }
         /^7.*$/:
         {
           $sysctlreload='sysctl -e --system'
+          $randomize_va_space_default='1'
         }
         default: { fail("Unsupported RHEL/CentOS version! - ${::operatingsystemrelease}")  }
       }
@@ -28,6 +30,7 @@
           /^1[46].*$/:
           {
             $sysctlreload='sysctl -e --system'
+            $randomize_va_space_default='1'
           }
           default: { fail("Unsupported Ubuntu version! - ${::operatingsystemrelease}")  }
         }

diff --git a/metadata.json b/metadata.json
@@ -1,15 +1,15 @@
 {
   "name": "eyp-sysctl",
-  "version": "0.2.17",
+  "version": "0.2.19",
   "author": "eyp",
   "summary": "configure and manage sysctl",
   "license": "Apache-2.0",
   "source": "https://github.com/NTTCom-MS/eyp-sysctl",
-  "project_page": null,
+  "project_page": "https://github.com/NTTCom-MS/eyp-sysctl",
   "issues_url": "https://github.com/NTTCom-MS/eyp-sysctl/issues",
   "dependencies": [
-    {"name":"puppetlabs/stdlib","version_requirement":">= 1.0.0"},
-    {"name":"puppetlabs/concat","version_requirement":">= 1.2.3"},
+    {"name":"puppetlabs/stdlib","version_requirement":">= 1.0.0 < 9.9.9"},
+    {"name":"puppetlabs/concat","version_requirement":">= 1.2.3 < 9.9.9"},
     {"name":"eyp/eyplib","version_requirement":">= 0.1.5 < 0.2.0"}
   ],
   "operatingsystem_support": [
@@ -33,5 +33,11 @@
       "operatingsystem": "Ubuntu",
       "operatingsystemrelease": [ "14.04", "16.04" ]
     }
+  ],
+  "requirements": [
+    {
+      "name": "puppet",
+      "version_requirement": ">= 3.8.0"
+    }
   ]
 }
diff --git a/spec/acceptance/nodesets/centos5-docker.yml b/spec/acceptance/nodesets/centos5-docker.yml
@@ -5,7 +5,7 @@ HOSTS:
       strict_variables:
     platform: el-5-x86_64
     hypervisor : docker
-    image: tianon/centos:5.10
+    image: jordiprats/centos5:5.11
     docker_preserve_image: true
     docker_cmd: '["/sbin/init"]'
     docker_image_commands:

diff --git a/spec/acceptance/nodesets/ubuntu16-docker.yml b/spec/acceptance/nodesets/ubuntu16-docker.yml
@@ -9,7 +9,7 @@ HOSTS:
     docker_cmd: '["/sbin/init"]'
     docker_preserve_image: true
     docker_image_commands:
-      - 'apt-get install gcc make tar wget -y'
+      - 'apt-get install net-tools gcc make tar wget -y'
 CONFIG:
   type: foss
   log_level: debug
diff --git a/templates/sysctlbase.erb b/templates/sysctlbase.erb
@@ -29,7 +29,7 @@ kernel.shmall = <%= @shmall %>
 
 #kernel
 kernel.exec-shield = <%= scope.function_bool2num([@execshield]) %>
-kernel.randomize_va_space = <%= scope.function_bool2num([@randomize_va_space]) %>
+kernel.randomize_va_space = <%= @randomize_va_space %>
 
 # to defend against certain types of IPv4 protocol attacks
 net.ipv4.ip_forward = <%= scope.function_bool2num([@ipv4_ip_forward]) %>