majic-ansible-roles Changeset

Changeset - 3a02e5b774b2

Parent rev.

Child rev.

[Not reviewed]

0 3 0

Branko Majic (branko) - 6 years ago 2020-01-07 22:34:33
branko@majic.rs

MAR-148: Clean-up TODO entries for the common role coming from bugs in earlier versions of software:

- Switch to using the systemd task for reloads.
- Add back validation of pipreqcheck activation script file
permissions.
- Add back validation of missing ntp/ntpdate packages.

3 files changed with 5 insertions and 18 deletions:

roles/common/handlers/main.yml

roles/common/molecule/default/tests/test_default.py

roles/common/molecule/default/tests/test_parameters_mandatory.py

0 comments (0 inline, 0 general)

roles/common/handlers/main.yml

➞

Show inline comments

@@ @@ -7,40 +7,33 @@ @@
     #   This task is invoked only if user is very specific about requiring to
     #   run the handlers manually as a way to bring the system to consistency
     #   after interrupted runs.
     - skip_ansible_lint
 - name: Restart SSH
   service:
     name: ssh
     state: restarted
 - name: Update CA certificate cache
   command: "/usr/sbin/update-ca-certificates --fresh"
   tags:
     # [ANSIBLE0012] Commands should not change things if nothing needs doing
     #   This task is invoked only if user is very specific about requiring to
     #   run the handlers manually as a way to bring the system to consistency
     #   after interrupted runs.
     - skip_ansible_lint
 - name: Restart ferm
   service:
     name: ferm
     state: restarted
 # @TODO: Replace this with use of systemd module once Ansible is upgraded to
 # version 2.2+.
 - name: Reload systemd
   command: "systemctl daemon-reload"
   tags:
     # [ANSIBLE0012] Commands should not change things if nothing needs doing
     #   This task is invoked only if user is very specific about requiring to
     #   run the handlers manually as a way to bring the system to consistency
     #   after interrupted runs.
     - skip_ansible_lint
   systemd:
     daemon_reload: true
 - name: Restart NTP server
   service:
     name: ntp
     state: restarted
   when: ntp_servers | length > 0

roles/common/molecule/default/tests/test_default.py

➞

Show inline comments

@@ @@ -229,51 +229,49 @@ def test_check_certificate_crontab(host): @@
     assert check_certificate_crontab.is_file
     assert check_certificate_crontab.user == 'root'
     assert check_certificate_crontab.group == 'root'
     assert check_certificate_crontab.mode == 0o644
     assert "0 0 * * * nobody /usr/local/bin/check_certificate.sh -q expiration" in check_certificate_crontab.content
 @pytest.mark.parametrize('virtualenv_activate_path', [
     '/var/lib/pipreqcheck/virtualenv/bin/activate',
     '/var/lib/pipreqcheck/virtualenv-py3/bin/activate',
 ])
 def test_pipreqcheck_virtualenv(host, virtualenv_activate_path):
     """
     Tests creation of Python virtual environment used for performing pip
     requirements upgrade checks.
     """
     with host.sudo():
         virtualenv_activate = host.file(virtualenv_activate_path)
         assert virtualenv_activate.is_file
         assert virtualenv_activate.user == 'pipreqcheck'
         assert virtualenv_activate.group == 'pipreqcheck'
         # @TODO: Possibly due to some timing issues, this file might
         # sometimes end-up being 0640, sometimes 0644.
         # assert virtualenv_activate.mode == 0o644
         assert virtualenv_activate.mode == 0o644
 @pytest.mark.parametrize('config_dir', [
     '/etc/pip_check_requirements_upgrades',
     '/etc/pip_check_requirements_upgrades-py3',
 ])
 def test_pipreqcheck_directories(host, config_dir):
     """
     Tests creation of directories used for storing configuration used by script
     that performs pip requirements upgrade checks.
     """
     with host.sudo():
         pipreqcheck_config_directory = host.file(config_dir)
         assert pipreqcheck_config_directory.is_directory
         assert pipreqcheck_config_directory.user == 'root'
         assert pipreqcheck_config_directory.group == 'pipreqcheck'
         assert pipreqcheck_config_directory.mode == 0o750
         pipreqcheck_config_directory_pipreqcheck = host.file(os.path.join(config_dir, 'pipreqcheck'))
         assert pipreqcheck_config_directory_pipreqcheck.is_directory
         assert pipreqcheck_config_directory_pipreqcheck.user == 'root'
         assert pipreqcheck_config_directory_pipreqcheck.group == 'pipreqcheck'
         assert pipreqcheck_config_directory_pipreqcheck.mode == 0o750

roles/common/molecule/default/tests/test_parameters_mandatory.py

➞

Show inline comments

@@ @@ -112,38 +112,34 @@ def test_pipreqcheck_virtualenv_user(host): @@
     user = host.user('pipreqcheck')
     assert user.exists
     assert user.home == '/var/lib/pipreqcheck'
     assert user.uid == 1001
     assert user.group == 'pipreqcheck'
     assert user.groups == ['pipreqcheck']
 def test_backup_configuration_absent(host):
     """
     Tests if backup configuration is absent. This should be the case when only
     mandatory parameters are provided.
     """
     with host.sudo():
         assert not host.file('/etc/duply/main/patterns/common').exists
 def test_ntp_software_not_installed(host):
     """
     Tests if NTP packages are absent.
     """
     # @TODO: This throws an exception. It seems version of Testinfra
     # used cannot properly check for absence of package.
     # assert not host.package('ntp').is_installed
     # assert not host.package('ntpdate').is_installed
     pass
     assert not host.package('ntp').is_installed
     assert not host.package('ntpdate').is_installed
 def test_ntp_listening_interfaces(host):
     """
     Tests if NTP server is not listening.
     """
     assert not host.socket('udp://:::123').is_listening

0 comments (0 inline, 0 general)