From d0e45c50137aa0f96735f692df1ccdd156078243 2023-11-28 22:45:53 From: Branko Majic Date: 2023-11-28 22:45:53 Subject: [PATCH] MAR-189: Added support for Debian 11 Bullseye to common role: - Drop the architecture suffix from all machines. - Introduced a hack/patch for Ferm utility that disables use of legacy iptables tools. - Minor fixes around package name differences compared to older distribution. - Use versioned binary name for Python 2.7.. Bullseye does not default/have /usr/bin/python pointing to Python 2.7 binary. --- diff --git a/roles/common/molecule/default/group_vars/parameters-optional.yml b/roles/common/molecule/default/group_vars/parameters-optional.yml index 347d85e99d96e0c386197303afd709822b25b834..067b0ba528a1e897e79274c12beff5df569c3a19 100644 --- a/roles/common/molecule/default/group_vars/parameters-optional.yml +++ b/roles/common/molecule/default/group_vars/parameters-optional.yml @@ -31,7 +31,7 @@ os_groups: common_packages: - units - gnutls-bin - - emacs24-nox + - emacs-nox ca_certificates: cacert1: "{{ lookup('file', 'tests/data/x509/ca/level1.cert.pem') }}" cacert2: "{{ lookup('file', 'tests/data/x509/ca/level2.cert.pem') }}" diff --git a/roles/common/molecule/default/molecule.yml b/roles/common/molecule/default/molecule.yml index 08f2811066a62eb21206d296091679cd58501cf0..5e9ba0ff6a0680584d3347cd83f44095549f4721 100644 --- a/roles/common/molecule/default/molecule.yml +++ b/roles/common/molecule/default/molecule.yml @@ -49,7 +49,7 @@ platforms: network_name: private_network type: static - - name: parameters-mandatory-buster64 + - name: parameters-mandatory-buster groups: - parameters-mandatory box: debian/contrib-buster64 @@ -61,7 +61,7 @@ platforms: network_name: private_network type: static - - name: parameters-optional-buster64 + - name: parameters-optional-buster groups: - parameters-optional box: debian/contrib-buster64 @@ -73,6 +73,30 @@ platforms: network_name: private_network type: static + - name: parameters-mandatory-bullseye + groups: + - parameters-mandatory + box: debian/bullseye64 + memory: 256 + cpus: 1 + interfaces: + - auto_config: true + ip: 192.168.56.31 + network_name: private_network + type: static + + - name: parameters-optional-bullseye + groups: + - parameters-optional + box: debian/bullseye64 + memory: 256 + cpus: 1 + interfaces: + - auto_config: true + ip: 192.168.56.32 + network_name: private_network + type: static + provisioner: name: ansible playbooks: diff --git a/roles/common/molecule/default/prepare.yml b/roles/common/molecule/default/prepare.yml index 99cc75c7f74f6be712c3b4b7dfdf1ed88a62c709..a13d2267859b029b8eb759d4e1d6af3e3c95f513 100644 --- a/roles/common/molecule/default/prepare.yml +++ b/roles/common/molecule/default/prepare.yml @@ -70,8 +70,10 @@ mode: 0644 state: present with_dict: - 192.168.56.21: parameters-mandatory-buster64 - 192.168.56.22: parameters-optional-buster64 + 192.168.56.21: parameters-mandatory-buster + 192.168.56.22: parameters-optional-buster + 192.168.56.31: parameters-mandatory-bullseye + 192.168.56.32: parameters-optional-bullseye - hosts: parameters-mandatory,parameters-optional become: true diff --git a/roles/common/molecule/default/tests/test_default.py b/roles/common/molecule/default/tests/test_default.py index 2ac64f0afdb080238fa54237d5652c7e1b7416a2..c6fb18454d112e87e5e471f1599783557e3598b5 100644 --- a/roles/common/molecule/default/tests/test_default.py +++ b/roles/common/molecule/default/tests/test_default.py @@ -338,9 +338,12 @@ def test_pipreqcheck_virtualenv_packages(host, pip_path, expected_packages): expected_packages = sorted([p.lower() for p in expected_packages]) actual_packages = sorted(packages.stdout.lower().strip().split("\n")) - # This is a dummy distro-provided package ignored by the pip-tools. + # This is a dummy distro-provided package ignored by the + # pip-tools. pkg-resources on Buster, pkg_resources on Bullseye. if "pkg-resources==0.0.0" in actual_packages: actual_packages.remove("pkg-resources==0.0.0") + if "pkg_resources==0.0.0" in actual_packages: + actual_packages.remove("pkg_resources==0.0.0") assert actual_packages == expected_packages @@ -397,7 +400,7 @@ def test_pipreqcheck_virtualenv_python_version(host, python_path, expected_major @pytest.mark.parametrize('wrong_python_path', [ '/var/lib/pipreqcheck/virtualenv/bin/python3', - '/var/lib/pipreqcheck/virtualenv-py3/bin/python2', + '/var/lib/pipreqcheck/virtualenv-py3/bin/python2.7', ]) def test_pipreqcheck_virtualenv_wrong_python_version_not_present(host, wrong_python_path): """ diff --git a/roles/common/molecule/default/tests/test_maintenance_from_allowed_client.py b/roles/common/molecule/default/tests/test_maintenance_from_allowed_client.py index b59542bf3f798e888345d66dd9c40fdf3a470e72..509c02dc56c8370ede0755198165b43ca626f335 100644 --- a/roles/common/molecule/default/tests/test_maintenance_from_allowed_client.py +++ b/roles/common/molecule/default/tests/test_maintenance_from_allowed_client.py @@ -10,7 +10,8 @@ testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( @pytest.mark.parametrize("platform", [ - "buster64" + "buster", + "bullseye" ]) def test_ssh_connectivity(host, platform): """ @@ -27,7 +28,8 @@ def test_ssh_connectivity(host, platform): @pytest.mark.parametrize("platform", [ - "buster64" + "buster", + "bullseye" ]) def test_http_connectivity(host, platform): """ diff --git a/roles/common/molecule/default/tests/test_maintenance_from_disallowed_client.py b/roles/common/molecule/default/tests/test_maintenance_from_disallowed_client.py index f27380313ff69478e78595df3a03b0379eef1ced..5e6979aad57c6886f1dfe12aad418749a7cf9cee 100644 --- a/roles/common/molecule/default/tests/test_maintenance_from_disallowed_client.py +++ b/roles/common/molecule/default/tests/test_maintenance_from_disallowed_client.py @@ -10,7 +10,8 @@ testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( @pytest.mark.parametrize("platform", [ - "buster64" + "buster", + "bullseye" ]) def test_ssh_connectivity(host, platform): """ @@ -27,7 +28,8 @@ def test_ssh_connectivity(host, platform): @pytest.mark.parametrize("platform", [ - "buster64" + "buster", + "bullseye" ]) def test_http_connectivity(host, platform): """ diff --git a/roles/common/molecule/default/tests/test_parameters_optional.py b/roles/common/molecule/default/tests/test_parameters_optional.py index 9b3c3bc7880009fd9c644580e7aa11c8806be117..32a93270c2d861d77d73cd01655599fddfef510d 100644 --- a/roles/common/molecule/default/tests/test_parameters_optional.py +++ b/roles/common/molecule/default/tests/test_parameters_optional.py @@ -46,7 +46,7 @@ def test_common_packages_are_installed(host): assert host.package('units').is_installed assert host.package('gnutls-bin').is_installed - assert host.package('emacs24-nox').is_installed + assert host.package('emacs-nox').is_installed def test_ssh_login_mechanisms(host): diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml index 8aeed417f2087920bd0b7a044bf0387947860bb5..2e54e87a4654998d4c63d135e4e4bac404243d60 100644 --- a/roles/common/tasks/main.yml +++ b/roles/common/tasks/main.yml @@ -80,7 +80,10 @@ owner: root group: root mode: 0640 - when: root_bashrc_stat.stat.checksum == "b737c392222ddac2271cc8d0d8cc0308d08cf458" + # Checksums: buster, bullseye + when: | + root_bashrc_stat.stat.checksum == "b737c392222ddac2271cc8d0d8cc0308d08cf458" or + root_bashrc_stat.stat.checksum == "1a422a148ad225aa5ba33f8dafd2b7cfcdbd701f" - name: Install sudo apt: @@ -104,7 +107,7 @@ owner: root group: root mode: 0644 - when: "'emacs24' in common_packages or 'emacs24-nox' in common_packages" + when: "['emacs24', 'emacs24-nox', 'emacs25', 'emacs25-nox', 'emacs', 'emacs-nox'] | intersect(common_packages) | length > 0" - name: Set-up operating system groups group: @@ -183,6 +186,15 @@ name: ferm state: present +- name: Prevent ferm from using legacy iptables tools + lineinfile: + path: "/usr/sbin/ferm" + regexp: "legacy_name.*=" + line: " my $legacy_name = $1 . '-do-not-use-legacy-' . $2;" + state: present + notify: + - Restart ferm + - name: Configure ferm init script coniguration file copy: src: "ferm" @@ -323,8 +335,8 @@ with_items: - name: pipreqcheck virtualenv_path: "/var/lib/pipreqcheck/virtualenv" - python_path: "/usr/bin/python" - creates: "/var/lib/pipreqcheck/virtualenv/bin/python2" + python_path: "/usr/bin/python2.7" + creates: "/var/lib/pipreqcheck/virtualenv/bin/python2.7" - name: pipreqcheck-py3 virtualenv_path: "/var/lib/pipreqcheck/virtualenv-py3" python_path: "/usr/bin/python3"