From 38c3569bdc6aa104a7481f9b7d7789d7b95da38d 2021-01-15 01:03:49 From: Branko Majic Date: 2021-01-15 01:03:49 Subject: [PATCH] MAR-151: Added support for Debian 10 Buster to wsgi_website role: - Updated role reference documentaiton. - Updated role meta information. - Updated tests. - Replace the installation of libmariadbclient-dev-compat library with atftp - the actual package is differently named under Debian Stretch and Debian Buster (which would complicate the test without any benefits). - Drop the fix for root mail alias in Vagrant image - seems it's no longer a problem. - Split-up the test for web application user since it's not possible to keep it all under one parametrised test due to differences in assigned system UID numbers for Debian Stretch and Debian Buster. - Make the test for web application user less dependant on what the actual UID number is in case of default value. By default user should be created as system user, which means its UID number should be less than 1000. --- diff --git a/docs/rolereference.rst b/docs/rolereference.rst index 80da48de196e17dcd42661cdbc74a6f80cf84176..37305b3e8ea787f36e798fc5f296218588c5cc9d 100644 --- a/docs/rolereference.rst +++ b/docs/rolereference.rst @@ -1965,6 +1965,7 @@ Distribution compatibility Role is compatible with the following distributions: - Debian 9 (Stretch) +- Debian 10 (Buster) Examples diff --git a/roles/wsgi_website/meta/main.yml b/roles/wsgi_website/meta/main.yml index 08485fffc36b50761e73d2982ceccaed48176f06..07cd96e8950bb60aa49492ac0e21a0c9f433cc9a 100644 --- a/roles/wsgi_website/meta/main.yml +++ b/roles/wsgi_website/meta/main.yml @@ -14,5 +14,5 @@ galaxy_info: platforms: - name: Debian versions: - - 8 - 9 + - 10 diff --git a/roles/wsgi_website/molecule/default/molecule.yml b/roles/wsgi_website/molecule/default/molecule.yml index 2205e11de17aea1981e7ebee66f382618fe62dcb..0d316bcb13e929e735898c93a59fa80e275bbafc 100644 --- a/roles/wsgi_website/molecule/default/molecule.yml +++ b/roles/wsgi_website/molecule/default/molecule.yml @@ -24,6 +24,16 @@ platforms: memory: 512 cpus: 1 + - name: wsgi-website-buster64 + groups: + - wsgi-website + - parameters-mandatory + - parameters-optional + - buster + box: debian/contrib-buster64 + memory: 512 + cpus: 1 + provisioner: name: ansible playbooks: diff --git a/roles/wsgi_website/molecule/default/playbook.yml b/roles/wsgi_website/molecule/default/playbook.yml index 1a765e1c3f03d599a6d779fbb4554b592dd9f1dd..050eb3cff86c503f7683717b46409c77366abc31 100644 --- a/roles/wsgi_website/molecule/default/playbook.yml +++ b/roles/wsgi_website/molecule/default/playbook.yml @@ -33,7 +33,7 @@ environment_variables: MY_ENV_VAR: "My environment variable" packages: - - "libmariadbclient-dev-compat" + - atftp - global proxy_headers: Accept-Encoding: '""' diff --git a/roles/wsgi_website/molecule/default/prepare.yml b/roles/wsgi_website/molecule/default/prepare.yml index a7790530dccd97a44846e449575c8282716fc350..d3bb1e7dc60ec7b34d46477c275f72d899700254 100644 --- a/roles/wsgi_website/molecule/default/prepare.yml +++ b/roles/wsgi_website/molecule/default/prepare.yml @@ -98,15 +98,6 @@ notify: - Restart Postfix - - name: Direct all mails from the root account to vagrant (Stretch image does not do that by default) - lineinfile: - path: /etc/aliases - regexp: "^root" - line: "root: vagrant" - state: present - notify: - - Generate aliases database - - name: Set-up group for an additional user group: name: user diff --git a/roles/wsgi_website/molecule/default/tests/test_default.py b/roles/wsgi_website/molecule/default/tests/test_default.py index 65c9066c8e48d4e4e043c560dc2dafdc3672a4f7..f3472421c998c5df9258710cc176f015cd9b8034 100644 --- a/roles/wsgi_website/molecule/default/tests/test_default.py +++ b/roles/wsgi_website/molecule/default/tests/test_default.py @@ -137,30 +137,6 @@ def test_profile_configuration(host, admin_user, expected_virtualenv_path): assert env.stdout == expected_virtualenv_path -@pytest.mark.parametrize("app_user, expected_uid, expected_group, expected_home", [ - ('web-parameters-mandatory', 999, 'web-parameters-mandatory', '/var/www/parameters-mandatory'), - ('web-parameters-optional_local', 5001, 'web-parameters-optional_local', '/var/www/parameters-optional.local'), - ('web-parameters-paste-req', 998, 'web-parameters-paste-req', '/var/www/parameters-paste-req'), -]) -def test_website_application_user(host, app_user, expected_uid, expected_group, expected_home): - """ - Tests if website application user has been created correctly. - """ - - user = host.user(app_user) - - assert user.exists - assert user.uid == expected_uid - assert user.group == expected_group - assert user.groups == [expected_group] - assert user.shell == '/bin/sh' - assert user.home == expected_home - - with host.sudo(): - umask = host.run("su -l " + app_user + " -c 'bash -c umask'") - assert umask.stdout == '0007\n' - - @pytest.mark.parametrize("expected_group", [ 'web-parameters-mandatory', 'web-parameters-optional_local', diff --git a/roles/wsgi_website/molecule/default/tests/test_parameters_mandatory.py b/roles/wsgi_website/molecule/default/tests/test_parameters_mandatory.py index 7bd0897532812014a3c3f64e6e9d00d74b198f84..9f8af8b4fcf0c275b6398951ef75316c810b1d38 100644 --- a/roles/wsgi_website/molecule/default/tests/test_parameters_mandatory.py +++ b/roles/wsgi_website/molecule/default/tests/test_parameters_mandatory.py @@ -40,3 +40,27 @@ def test_static_file_serving(host): assert page.rc == 0 assert "This is the WSGI application at parameters-mandatory." in page.stdout assert "Requested URL was: https://parameters-mandatory/media/media_file.txt" in page.stdout + + +def test_website_application_user(host): + """ + Tests if website application user has been created correctly. + """ + + app_user = "web-parameters-mandatory" + + expected_group = "web-parameters-mandatory" + expected_home = "/var/www/parameters-mandatory" + + user = host.user(app_user) + + assert user.exists + assert user.uid < 1000 + assert user.group == expected_group + assert user.groups == [expected_group] + assert user.shell == '/bin/sh' + assert user.home == expected_home + + with host.sudo(): + umask = host.run("su -l " + app_user + " -c 'bash -c umask'") + assert umask.stdout == '0007\n' diff --git a/roles/wsgi_website/molecule/default/tests/test_parameters_optional.py b/roles/wsgi_website/molecule/default/tests/test_parameters_optional.py index a9c707214221136d638865375f5eef231ae76ecd..67b24e70edf2594233fd452e224297fb2030d79c 100644 --- a/roles/wsgi_website/molecule/default/tests/test_parameters_optional.py +++ b/roles/wsgi_website/molecule/default/tests/test_parameters_optional.py @@ -12,7 +12,7 @@ def test_installed_packages(host): Tests if additional packages are installed. """ - assert host.package('libmariadbclient-dev-compat').is_installed + assert host.package('atftp').is_installed assert host.package('global').is_installed @@ -83,3 +83,28 @@ def test_nginx_rewrite_config(host): page = host.run('curl https://parameters-optional.local/rewrite2/some/other/path') assert page.rc == 0 assert "Requested URL was: https://parameters-optional.local/rewritten2/some/other/path" in page.stdout + + +def test_website_application_user(host): + """ + Tests if website application user has been created correctly. + """ + + app_user = "web-parameters-optional_local" + + expected_group = "web-parameters-optional_local" + expected_home = "/var/www/parameters-optional.local" + expected_uid = 5001 + + user = host.user(app_user) + + assert user.exists + assert user.uid == expected_uid + assert user.group == expected_group + assert user.groups == [expected_group] + assert user.shell == '/bin/sh' + assert user.home == expected_home + + with host.sudo(): + umask = host.run("su -l " + app_user + " -c 'bash -c umask'") + assert umask.stdout == '0007\n' diff --git a/roles/wsgi_website/molecule/default/tests/test_parameters_paste_req.py b/roles/wsgi_website/molecule/default/tests/test_parameters_paste_req.py index b6bf3065dacbe8ff2499296ea3e396c4ce6dbde1..f8f69f25815964b3727136ce7137772616554cd1 100644 --- a/roles/wsgi_website/molecule/default/tests/test_parameters_paste_req.py +++ b/roles/wsgi_website/molecule/default/tests/test_parameters_paste_req.py @@ -40,3 +40,27 @@ def test_static_file_serving(host): assert page.rc == 0 assert "This is the WSGI application at parameters-paste-req." in page.stdout assert "Requested URL was: https://parameters-paste-req/media/media_file.txt" in page.stdout + + +def test_website_application_user(host): + """ + Tests if website application user has been created correctly. + """ + + app_user = "web-parameters-paste-req" + + expected_group = "web-parameters-paste-req" + expected_home = "/var/www/parameters-paste-req" + + user = host.user(app_user) + + assert user.exists + assert user.uid < 1000 + assert user.group == expected_group + assert user.groups == [expected_group] + assert user.shell == '/bin/sh' + assert user.home == expected_home + + with host.sudo(): + umask = host.run("su -l " + app_user + " -c 'bash -c umask'") + assert umask.stdout == '0007\n' diff --git a/roles/wsgi_website/tasks/main.yml b/roles/wsgi_website/tasks/main.yml index 26dc82016907a4ffd88ed5b39be06fc0ff1bf54e..1c9b2cc6e97f48c3d04e323d4e7548b2a9f18ec4 100644 --- a/roles/wsgi_website/tasks/main.yml +++ b/roles/wsgi_website/tasks/main.yml @@ -81,13 +81,6 @@ notify: - Restart WSGI services -- name: Set-up MariaDB mysql_config symbolic link for compatibility (workaround for Debian bug 766996) - file: - src: "/usr/bin/mariadb_config" - dest: "/usr/bin/mysql_config" - state: link - when: "'libmariadb-client-lgpl-dev-compat' in packages" - # Ignore failures - the virtual environment might not have been # created yet. Don't use --version because Python 2 outputs to stderr, # and Python 3 outputs to stdout.