From 34dffc4a5ea3df3449c4b7611cf5633eeb76b1ed 2021-01-14 23:50:35 From: Branko Majic Date: 2021-01-14 23:50:35 Subject: [PATCH] MAR-151: Added support for Debian 10 Buster to web_server role: - Updated role reference documentaiton. - Updated role meta information. - Updated tests. - Refactor the code around handling of different directories and files for PHP 7.0 (Debian Stretch) and PHP 7.3 (Debian Buster). - Separate socket directory tests for WSGI and PHP applications (due to differences in paths for PHP in Debian Stretch and Debian Buster). --- diff --git a/docs/rolereference.rst b/docs/rolereference.rst index fa0623bd6e31e11aec7042e4aa1352af2c899da5..bdd111f21236b9a8b99cbf0cd1b894f152beabbc 100644 --- a/docs/rolereference.rst +++ b/docs/rolereference.rst @@ -1471,6 +1471,7 @@ Distribution compatibility Role is compatible with the following distributions: - Debian 9 (Stretch) +- Debian 10 (Buster) Examples diff --git a/roles/web_server/defaults/main.yml b/roles/web_server/defaults/main.yml index bb9b8f239b90623115e58dbd9b4f811f38756b5e..60a2304484423c214a452624bf8511c43cba243b 100644 --- a/roles/web_server/defaults/main.yml +++ b/roles/web_server/defaults/main.yml @@ -14,6 +14,14 @@ ECDHE-RSA-CHACHA20-POLY1305:\ !aNULL:!MD5:!EXPORT" # Internal parameters +php_fpm_service_name_per_release: + stretch: "php7.0-fpm" + buster: "php7.3-fpm" + +php_base_config_dir_per_release: + stretch: "/etc/php/7.0" + buster: "/etc/php/7.3" + php_fpm_package_name: "php-fpm" -php_fpm_service_name: "php7.0-fpm" -php_base_config_dir: "/etc/php/7.0" +php_fpm_service_name: "{{ php_fpm_service_name_per_release[ansible_distribution_release] }}" +php_base_config_dir: "{{ php_base_config_dir_per_release[ansible_distribution_release] }}" diff --git a/roles/web_server/meta/main.yml b/roles/web_server/meta/main.yml index 68857f44c56c6efd3da9b3388f65bbe7ff2b964e..c3c5e8ce9b562703d651dcf84f7d2111ef3cdd37 100644 --- a/roles/web_server/meta/main.yml +++ b/roles/web_server/meta/main.yml @@ -11,5 +11,5 @@ galaxy_info: platforms: - name: Debian versions: - - 8 - 9 + - 10 diff --git a/roles/web_server/molecule/default/molecule.yml b/roles/web_server/molecule/default/molecule.yml index b5aff6c4d0ff53a0bb1e7bb2b1e5def53906b37d..35080b25a761229a0b80d97b993d6afac38732e9 100644 --- a/roles/web_server/molecule/default/molecule.yml +++ b/roles/web_server/molecule/default/molecule.yml @@ -53,6 +53,45 @@ platforms: network_name: private_network type: static + - name: client1-buster + groups: + - client + - buster + box: debian/contrib-buster64 + memory: 256 + cpus: 1 + interfaces: + - auto_config: true + ip: 10.31.127.20 + network_name: private_network + type: static + + - name: parameters-mandatory-buster64 + groups: + - parameters-mandatory + - buster + box: debian/contrib-buster64 + memory: 512 + cpus: 1 + interfaces: + - auto_config: true + ip: 10.31.127.30 + network_name: private_network + type: static + + - name: parameters-optional-buster64 + groups: + - parameters-optional + - buster + box: debian/contrib-buster64 + memory: 512 + cpus: 1 + interfaces: + - auto_config: true + ip: 10.31.127.31 + network_name: private_network + type: static + provisioner: name: ansible playbooks: diff --git a/roles/web_server/molecule/default/prepare.yml b/roles/web_server/molecule/default/prepare.yml index 9fe2bab3e64646ef15e3abe42363b3c5c79eb123..b4d50897c455d4f3158ae1edd8effa4832d0e976 100644 --- a/roles/web_server/molecule/default/prepare.yml +++ b/roles/web_server/molecule/default/prepare.yml @@ -27,6 +27,10 @@ fqdn: parameters-mandatory - name: parameters-optional-stretch64_https fqdn: parameters-optional + - name: parameters-mandatory-buster64_https + fqdn: parameters-mandatory + - name: parameters-optional-buster64_https + fqdn: parameters-optional - name: Set-up link to generated X.509 material file: @@ -82,6 +86,29 @@ name: curl state: present +- hosts: buster + become: true + tasks: + + - name: Set-up the hosts file + lineinfile: + path: /etc/hosts + regexp: "^{{ item.key }}" + line: "{{ item.key }} {{ item.value }}" + owner: root + group: root + mode: 0644 + state: present + with_dict: + 10.31.127.20: "client1" + 10.31.127.30: "parameters-mandatory" + 10.31.127.31: "parameters-optional" + + - name: Install curl for testing redirects and webpage content + apt: + name: curl + state: present + - hosts: client become: true tasks: diff --git a/roles/web_server/molecule/default/tests/conftest.py b/roles/web_server/molecule/default/tests/conftest.py index d81cd069a323d5d7b4dbf07630418aeed55e0385..44c9df0434177d38ba64cb92e1261b70ee949884 100644 --- a/roles/web_server/molecule/default/tests/conftest.py +++ b/roles/web_server/molecule/default/tests/conftest.py @@ -10,7 +10,10 @@ def php_info(host): name, PHP-FPM service name, and PHP base configuration directory is based on Debian release. - Currently supports Debian 9 (Stretch). + Currently supports: + + - Debian 9 (Stretch) + - Debian 10 (Buster) Resulting information can be accessed through returned named tuple with the following properties: @@ -27,6 +30,8 @@ def php_info(host): if ansible_distribution_release == 'stretch': info = PHPInfo(fpm_package='php-fpm', fpm_service='php7.0-fpm', base_config_dir='/etc/php/7.0') + elif ansible_distribution_release == 'buster': + info = PHPInfo(fpm_package='php-fpm', fpm_service='php7.3-fpm', base_config_dir='/etc/php/7.3') else: raise Exception('The php_info pytest fixture does not support Debian release: %s' % ansible_distribution_release) diff --git a/roles/web_server/molecule/default/tests/test_default.py b/roles/web_server/molecule/default/tests/test_default.py index 90acc411737422242668eed5cc81fab88f6784d7..1bf6d170799c24aeaf6d247b17af3fec84c31820 100644 --- a/roles/web_server/molecule/default/tests/test_default.py +++ b/roles/web_server/molecule/default/tests/test_default.py @@ -2,8 +2,6 @@ import os import testinfra.utils.ansible_runner - -import pytest testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('parameters-*') @@ -164,17 +162,39 @@ def test_sockets(host): assert host.socket("tcp://443").is_listening -@pytest.mark.parametrize("application_type, tmpfiles_d_path", - [("wsgi", "/etc/tmpfiles.d/wsgi.conf"), - ("php", "/etc/tmpfiles.d/php7.0-fpm.conf")]) -def test_socket_directories(host, application_type, tmpfiles_d_path): +def test_wsgi_socket_directory(host): """ - Tests if directories containing sockets for WSGI and PHP apps are created - correctly. + Tests if directory containing socket for WSGI applications has + been created correctly. + """ + + socket_directory = "/run/wsgi" + tmpfiles_d_path = "/etc/tmpfiles.d/wsgi.conf" + tmpfiles_d_content = "d /run/wsgi/ 0750 root www-data - -" + + directory = host.file(socket_directory) + assert directory.is_directory + assert directory.user == 'root' + assert directory.group == 'www-data' + assert directory.mode == 0o750 + + config = host.file(tmpfiles_d_path) + assert config.is_file + assert config.user == 'root' + assert config.group == 'root' + assert config.mode == 0o644 + assert config.content_string == tmpfiles_d_content + + +def test_php_fpm_socket_directory(host, php_info): + """ + Tests if directory containing socket for WSGI applications has + been created correctly. """ - socket_directory = "/run/%s" % application_type - tmpfiles_d_content = "d /run/%s/ 0750 root www-data - -" % application_type + socket_directory = "/run/php" + tmpfiles_d_path = "/etc/tmpfiles.d/%s.conf" % php_info.fpm_service + tmpfiles_d_content = "d /run/php/ 0750 root www-data - -" directory = host.file(socket_directory) assert directory.is_directory