majic-ansible-roles Changeset

Changeset - 325b9d16a72b

Parent rev.

Child rev.

[Not reviewed]

0 8 0

Branko Majic (branko) - 5 years ago 2021-01-13 20:49:59
branko@majic.rs

MAR-151: Added support for Debian 10 Buster to common role:

- Updated tests.
- Updated role reference documentation.
- Updated role metadata information.
- Refactored IP plan for the test machines for better separation
between different types of machines and versions.
- Parametrised tests for limited connectivity using the maintenance
mode.
- Don't use MariaDB compat package in tests - name differs between
Debian 9 and Debian 10, and relevant parameter is already getting
tested properly using the remaining packages.

8 files changed with 87 insertions and 21 deletions:

docs/rolereference.rst

roles/common/meta/main.yml

roles/common/molecule/default/group_vars/parameters-optional.yml

roles/common/molecule/default/molecule.yml

roles/common/molecule/default/prepare.yml

roles/common/molecule/default/tests/test_maintenance_from_allowed_client.py

roles/common/molecule/default/tests/test_maintenance_from_disallowed_client.py

roles/common/molecule/default/tests/test_parameters_optional.py

0 comments (0 inline, 0 general)

docs/rolereference.rst

➞

Show inline comments

@@ @@ -460,12 +460,13 @@ Parameters @@
 Distribution compatibility
 ~~~~~~~~~~~~~~~~~~~~~~~~~~
 Role is compatible with the following distributions:
 - Debian 9 (Stretch)
 - Debian 10 (Buster)
 Examples
 ~~~~~~~~
 Here is an example configuration for setting-up some common users, groups, and

roles/common/meta/main.yml

➞

Show inline comments

@@ @@ -19,8 +19,8 @@ galaxy_info: @@
   description: Apply common configuration and hardening on server
   license: BSD
   min_ansible_version: 2.9
   platforms:
     - name: Debian
       versions:
         - 8
         - 9
         - 10

roles/common/molecule/default/group_vars/parameters-optional.yml

➞

Show inline comments

@@ @@ -28,13 +28,12 @@ os_groups: @@
     gid: 3001
   - name: group3
     gid: 3002
 common_packages:
   - units
   - gnutls-bin
   - libmariadbclient-dev-compat
   - emacs24-nox
 ca_certificates:
   cacert1: "{{ lookup('file', 'tests/data/x509/ca/level1.cert.pem') }}"
   cacert2: "{{ lookup('file', 'tests/data/x509/ca/level2.cert.pem') }}"
 extra_backup_patterns:
   - /home/user1

roles/common/molecule/default/molecule.yml

➞

Show inline comments

@@ @@ -54,25 +54,49 @@ platforms: @@
       - parameters-mandatory
     box: debian/contrib-stretch64
     memory: 256
     cpus: 1
     interfaces:
       - auto_config: true
-        ip: 10.31.127.5
+        ip: 10.31.127.11
         network_name: private_network
         type: static
   - name: parameters-optional-stretch64
     groups:
       - parameters-optional
     box: debian/contrib-stretch64
     memory: 256
     cpus: 1
     interfaces:
       - auto_config: true
         ip: 10.31.127.6
         ip: 10.31.127.12
         network_name: private_network
         type: static
   - name: parameters-mandatory-buster64
     groups:
       - parameters-mandatory
     box: debian/contrib-buster64
     memory: 256
     cpus: 1
     interfaces:
       - auto_config: true
         ip: 10.31.127.21
         network_name: private_network
         type: static
   - name: parameters-optional-buster64
     groups:
       - parameters-optional
     box: debian/contrib-buster64
     memory: 256
     cpus: 1
     interfaces:
       - auto_config: true
         ip: 10.31.127.22
         network_name: private_network
         type: static
 provisioner:
   name: ansible
   playbooks:

roles/common/molecule/default/prepare.yml

➞

Show inline comments

@@ @@ -48,13 +48,37 @@ @@
     - name: Install apt-cacher-ng
       apt:
         name: apt-cacher-ng
         state: present
 - hosts: all
 - hosts: client
   become: true
   tasks:
     - name: Install tool for testing TCP connectivity
       apt:
         name: hping3
         state: present
     - name: Set-up /etc/hosts with entries for all servers
       lineinfile:
         path: /etc/hosts
         regexp: "^{{ item.key }}"
         line: "{{ item.key }} {{ item.value }}"
         owner: root
         group: root
         mode: 0644
         state: present
       with_dict:
 .31.127.11: parameters-mandatory-stretch64
 .31.127.12: parameters-optional-stretch64
 .31.127.21: parameters-mandatory-buster64
 .31.127.22: parameters-optional-buster64
 - hosts: parameters-mandatory,parameters-optional
   become: true
   tasks:
     - name: Install tool for testing TCP connectivity
       apt:
         name: hping3
@@ @@ -69,14 +93,12 @@ @@
         group: root
         mode: 0644
         state: present
       with_dict:
 .31.127.3: client1
 .31.127.4: client2
 .31.127.5: parameters-mandatory
 .31.127.6: parameters-optional
 - hosts: parameters-mandatory,parameters-optional
   become: true
   tasks:
     - name: Remove the ss utility (see https://github.com/philpep/testinfra/pull/320)

roles/common/molecule/default/tests/test_maintenance_from_allowed_client.py

➞

Show inline comments

 import os
 import pytest
 import testinfra.utils.ansible_runner
 testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
     os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('client-allowed')
 def test_ssh_connectivity(host):
 @pytest.mark.parametrize("platform", [
     "stretch64",
     "buster64"
 ])
 def test_ssh_connectivity(host, platform):
     """
     Test if SSH server is reachable.
     """
     with host.sudo():
         ping = host.run('hping3 -S -p 22 -c 1 %s', 'parameters-mandatory')
+        ping = host.run('hping3 -S -p 22 -c 1 %s', 'parameters-mandatory-%s' % platform)
         assert ping.rc == 0
         ping = host.run('hping3 -S -p 22 -c 1 %s', 'parameters-optional')
+        ping = host.run('hping3 -S -p 22 -c 1 %s', 'parameters-optional-%s' % platform)
         assert ping.rc == 0
 def test_http_connectivity(host):
 @pytest.mark.parametrize("platform", [
     "stretch64",
     "buster64"
 ])
 def test_http_connectivity(host, platform):
     """
     Test if HTTP server is reachable.
     """
     with host.sudo():
         ping = host.run('hping3 -S -p 80 -c 1 %s', 'parameters-mandatory')
+        ping = host.run('hping3 -S -p 80 -c 1 %s', 'parameters-mandatory-%s' % platform)
         assert ping.rc == 0
         ping = host.run('hping3 -S -p 80 -c 1 %s', 'parameters-optional')
+        ping = host.run('hping3 -S -p 80 -c 1 %s', 'parameters-optional-%s' % platform)
         assert ping.rc == 0

roles/common/molecule/default/tests/test_maintenance_from_disallowed_client.py

➞

Show inline comments

 import os
 import pytest
 import testinfra.utils.ansible_runner
 testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
     os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('client-disallowed')
 def test_ssh_connectivity(host):
 @pytest.mark.parametrize("platform", [
     "stretch64",
     "buster64"
 ])
 def test_ssh_connectivity(host, platform):
     """
     Test if SSH server is reachable.
     """
     with host.sudo():
         ping = host.run('hping3 -S -p 22 -c 1 %s', 'parameters-mandatory')
+        ping = host.run('hping3 -S -p 22 -c 1 %s', 'parameters-mandatory-%s' % platform)
         assert ping.rc == 0
         ping = host.run('hping3 -S -p 22 -c 1 %s', 'parameters-optional')
+        ping = host.run('hping3 -S -p 22 -c 1 %s', 'parameters-optional-%s' % platform)
         assert ping.rc == 0
 def test_http_connectivity(host):
 @pytest.mark.parametrize("platform", [
     "stretch64",
     "buster64"
 ])
 def test_http_connectivity(host, platform):
     """
     Test if HTTP server is reachable.
     """
     with host.sudo():
         ping = host.run('hping3 -S -p 80 -c 1 %s', 'parameters-mandatory')
+        ping = host.run('hping3 -S -p 80 -c 1 %s', 'parameters-mandatory-%s' % platform)
         assert ping.rc == 0
         ping = host.run('hping3 -S -p 80 -c 1 %s', 'parameters-optional')
+        ping = host.run('hping3 -S -p 80 -c 1 %s', 'parameters-optional-%s' % platform)
         assert ping.rc != 0

roles/common/molecule/default/tests/test_parameters_optional.py

➞

Show inline comments

@@ @@ -36,20 +36,20 @@ def test_bash_prompt_content(host): @@
     assert "export PS1='\\[\\e]0;\\u@\\h: \\w\\a\\]${debian_chroot:+($debian_chroot)}\\[\\033[0;36m\\]\\u@\\h[test]:\\w\\$ \\[\\033[0m\\]'" in \
         config.content_string
     assert "export PS1='\\[\\e]0;\\u@\\h: \\w\\a\\]${debian_chroot:+($debian_chroot)}\\u@\\h[test]:\\w\\$ '" in config.content_string
-def test_common_installed_packages_common(host):
+def test_common_packages_are_installed(host):
     """
     Tests that user-provided common packages have been installed.
     """
     assert host.package('units').is_installed
     assert host.package('gnutls-bin').is_installed
-    assert host.package('libmariadbclient-dev-compat').is_installed
+    assert host.package('emacs24-nox').is_installed
 def test_ssh_login_mechanisms(host):
     """
     Tests available SSH login mechanisms (should be just public key).
     """

0 comments (0 inline, 0 general)