summaryrefslogtreecommitdiffstats
path: root/ansible
diff options
context:
space:
mode:
Diffstat (limited to 'ansible')
-rw-r--r--ansible/roles/firewall/.yamllint11
-rw-r--r--ansible/roles/firewall/molecule/default/Dockerfile.j214
-rw-r--r--ansible/roles/firewall/molecule/default/molecule.yml33
-rw-r--r--ansible/roles/firewall/molecule/default/playbook.yml5
-rw-r--r--ansible/roles/firewall/molecule/default/prepare.yml5
-rw-r--r--ansible/roles/firewall/molecule/default/tests/test_default.py18
-rw-r--r--ansible/roles/package-repository/.yamllint13
-rw-r--r--ansible/roles/package-repository/molecule/default/Dockerfile.j214
-rw-r--r--ansible/roles/package-repository/molecule/default/molecule.yml46
-rw-r--r--ansible/roles/package-repository/molecule/default/playbook.yml5
-rw-r--r--ansible/roles/package-repository/molecule/default/tests/test_default.py11
-rw-r--r--ansible/roles/package-repository/molecule/default/tests/test_infrastructure-server.py16
-rw-r--r--ansible/roles/package-repository/molecule/default/tests/test_kubernetes-node-1.py16
-rw-r--r--ansible/roles/package-repository/tasks/main.yml5
-rw-r--r--ansible/roles/setup/.yamllint13
-rw-r--r--ansible/roles/setup/defaults/main.yml2
-rw-r--r--ansible/roles/setup/molecule/default/Dockerfile.j214
-rw-r--r--ansible/roles/setup/molecule/default/molecule.yml20
-rw-r--r--ansible/roles/setup/molecule/default/playbook.yml5
-rw-r--r--ansible/roles/setup/molecule/default/tests/test_default.py30
-rw-r--r--ansible/roles/setup/tasks/main.yml1
-rw-r--r--ansible/test/roles/prepare-firewall/defaults/main.yml5
-rw-r--r--ansible/test/roles/prepare-firewall/tasks/main.yml11
23 files changed, 307 insertions, 6 deletions
diff --git a/ansible/roles/firewall/.yamllint b/ansible/roles/firewall/.yamllint
new file mode 100644
index 00000000..ad0be760
--- /dev/null
+++ b/ansible/roles/firewall/.yamllint
@@ -0,0 +1,11 @@
+extends: default
+
+rules:
+ braces:
+ max-spaces-inside: 1
+ level: error
+ brackets:
+ max-spaces-inside: 1
+ level: error
+ line-length: disable
+ truthy: disable
diff --git a/ansible/roles/firewall/molecule/default/Dockerfile.j2 b/ansible/roles/firewall/molecule/default/Dockerfile.j2
new file mode 100644
index 00000000..e6aa95d3
--- /dev/null
+++ b/ansible/roles/firewall/molecule/default/Dockerfile.j2
@@ -0,0 +1,14 @@
+# Molecule managed
+
+{% if item.registry is defined %}
+FROM {{ item.registry.url }}/{{ item.image }}
+{% else %}
+FROM {{ item.image }}
+{% endif %}
+
+RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \
+ elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python*-dnf bash && dnf clean all; \
+ elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl bash && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \
+ elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml && zypper clean -a; \
+ elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates; \
+ elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates && xbps-remove -O; fi
diff --git a/ansible/roles/firewall/molecule/default/molecule.yml b/ansible/roles/firewall/molecule/default/molecule.yml
new file mode 100644
index 00000000..81ace9ce
--- /dev/null
+++ b/ansible/roles/firewall/molecule/default/molecule.yml
@@ -0,0 +1,33 @@
+---
+dependency:
+ name: galaxy
+driver:
+ name: docker
+lint:
+ name: yamllint
+platforms:
+ - name: centos7
+ image: couchbase/centos7-systemd
+ privileged: true
+ command: ""
+ volumes:
+ - /sys/fs/cgroup:/sys/fs/cgroup:ro
+
+ - name: ubuntu18
+ image: solita/ubuntu-systemd:18.04
+ command: /sbin/init
+ privileged: true
+ volumes:
+ - /lib/modules:/lib/modules:ro
+provisioner:
+ name: ansible
+ env:
+ ANSIBLE_ROLES_PATH: ../../../../test/roles
+ lint:
+ name: ansible-lint
+verifier:
+ name: testinfra
+ options:
+ verbose: true
+ lint:
+ name: flake8
diff --git a/ansible/roles/firewall/molecule/default/playbook.yml b/ansible/roles/firewall/molecule/default/playbook.yml
new file mode 100644
index 00000000..73b20eac
--- /dev/null
+++ b/ansible/roles/firewall/molecule/default/playbook.yml
@@ -0,0 +1,5 @@
+---
+- name: Converge
+ hosts: all
+ roles:
+ - role: firewall
diff --git a/ansible/roles/firewall/molecule/default/prepare.yml b/ansible/roles/firewall/molecule/default/prepare.yml
new file mode 100644
index 00000000..5e0e9a33
--- /dev/null
+++ b/ansible/roles/firewall/molecule/default/prepare.yml
@@ -0,0 +1,5 @@
+---
+- name: Prepare
+ hosts: all
+ roles:
+ - prepare-firewall
diff --git a/ansible/roles/firewall/molecule/default/tests/test_default.py b/ansible/roles/firewall/molecule/default/tests/test_default.py
new file mode 100644
index 00000000..a346cb57
--- /dev/null
+++ b/ansible/roles/firewall/molecule/default/tests/test_default.py
@@ -0,0 +1,18 @@
+import os
+
+import testinfra.utils.ansible_runner
+
+testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
+ os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all')
+
+
+def test_firewall_service_disabled(host):
+ distribution = host.system_info.distribution
+ if distribution == "centos":
+ svc = "firewalld"
+ elif distribution == "ubuntu":
+ svc = "ufw"
+ service = host.service(svc)
+
+ assert not service.is_running
+ assert not service.is_enabled
diff --git a/ansible/roles/package-repository/.yamllint b/ansible/roles/package-repository/.yamllint
new file mode 100644
index 00000000..3a2255e4
--- /dev/null
+++ b/ansible/roles/package-repository/.yamllint
@@ -0,0 +1,13 @@
+extends: default
+
+rules:
+ braces:
+ max-spaces-inside: 1
+ level: error
+ brackets:
+ max-spaces-inside: 1
+ level: error
+ line-length: disable
+ # NOTE(retr0h): Templates no longer fail this lint rule.
+ # Uncomment if running old Molecule templates.
+ # truthy: disable
diff --git a/ansible/roles/package-repository/molecule/default/Dockerfile.j2 b/ansible/roles/package-repository/molecule/default/Dockerfile.j2
new file mode 100644
index 00000000..0a605536
--- /dev/null
+++ b/ansible/roles/package-repository/molecule/default/Dockerfile.j2
@@ -0,0 +1,14 @@
+# Molecule managed
+
+{% if item.registry is defined %}
+FROM {{ item.registry.url }}/{{ item.image }}
+{% else %}
+FROM {{ item.image }}
+{% endif %}
+
+RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \
+ elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python2-dnf bash && dnf clean all; \
+ elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl bash && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \
+ elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml && zypper clean -a; \
+ elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates; \
+ elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates && xbps-remove -O; fi
diff --git a/ansible/roles/package-repository/molecule/default/molecule.yml b/ansible/roles/package-repository/molecule/default/molecule.yml
new file mode 100644
index 00000000..df2024d7
--- /dev/null
+++ b/ansible/roles/package-repository/molecule/default/molecule.yml
@@ -0,0 +1,46 @@
+---
+dependency:
+ name: galaxy
+driver:
+ name: docker
+lint:
+ name: yamllint
+platforms:
+ - name: infrastructure-server
+ image: ${PLATFORM_DISTRO:-centos}:${DISTRO_VERSION:-7}
+ groups:
+ - infrastructure
+ # By design certain file like /etc/resolv.conf cannot be edited in docker
+ # container. To enable role to "edit" /etc/resolv.conf define value already to same.
+ dns_servers:
+ - 6.5.4.3
+
+ - name: kubernetes-node-1
+ image: ${PLATFORM_DISTRO:-centos}:${DISTRO_VERSION:-7}
+ groups:
+ - kubernetes
+ # By design certain file like /etc/resolv.conf cannot be edited in docker
+ # container. To enable role to "edit" /etc/resolv.conf define value already to same.
+ dns_servers:
+ - 6.5.4.3
+
+provisioner:
+ name: ansible
+ lint:
+ name: ansible-lint
+ inventory:
+ host_vars:
+ infrastructure-server:
+ cluster_ip: 6.5.4.3
+ group_vars:
+ all:
+ app_name: moleculetestapp
+ app_data_path: "/opt/{{ app_name }}"
+scenario:
+ name: default
+verifier:
+ name: testinfra
+ options:
+ verbose: true
+ lint:
+ name: flake8
diff --git a/ansible/roles/package-repository/molecule/default/playbook.yml b/ansible/roles/package-repository/molecule/default/playbook.yml
new file mode 100644
index 00000000..0b9c72f0
--- /dev/null
+++ b/ansible/roles/package-repository/molecule/default/playbook.yml
@@ -0,0 +1,5 @@
+---
+- name: Converge
+ hosts: all
+ roles:
+ - package-repository
diff --git a/ansible/roles/package-repository/molecule/default/tests/test_default.py b/ansible/roles/package-repository/molecule/default/tests/test_default.py
new file mode 100644
index 00000000..34884cfe
--- /dev/null
+++ b/ansible/roles/package-repository/molecule/default/tests/test_default.py
@@ -0,0 +1,11 @@
+import os
+
+import testinfra.utils.ansible_runner
+
+testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
+ os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all')
+
+
+def test_etc_resolv_conf_file(host):
+ f = host.file('/etc/resolv.conf')
+ assert f.contains("nameserver 6.5.4.3")
diff --git a/ansible/roles/package-repository/molecule/default/tests/test_infrastructure-server.py b/ansible/roles/package-repository/molecule/default/tests/test_infrastructure-server.py
new file mode 100644
index 00000000..63588e26
--- /dev/null
+++ b/ansible/roles/package-repository/molecule/default/tests/test_infrastructure-server.py
@@ -0,0 +1,16 @@
+import os
+
+import testinfra.utils.ansible_runner
+
+testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
+ os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('infrastructure-server')
+
+
+def test_onap_repo(host):
+ fc = host.file('/etc/yum.repos.d/moleculetestapp.repo').content_string
+ expected_content = """[moleculetestapp]
+baseurl = file:///opt/moleculetestapp/pkg/rhel
+enabled = 1
+gpgcheck = 0
+name = MOLECULETESTAPP offline repository"""
+ assert fc == expected_content
diff --git a/ansible/roles/package-repository/molecule/default/tests/test_kubernetes-node-1.py b/ansible/roles/package-repository/molecule/default/tests/test_kubernetes-node-1.py
new file mode 100644
index 00000000..eab7d065
--- /dev/null
+++ b/ansible/roles/package-repository/molecule/default/tests/test_kubernetes-node-1.py
@@ -0,0 +1,16 @@
+import os
+
+import testinfra.utils.ansible_runner
+
+testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
+ os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('kubernetes-node-1')
+
+
+def test_onap_repo(host):
+ fc = host.file('/etc/yum.repos.d/moleculetestapp.repo').content_string
+ expected_content = """[moleculetestapp]
+baseurl = http://repo.infra-server/rhel
+enabled = 1
+gpgcheck = 0
+name = MOLECULETESTAPP offline repository"""
+ assert fc == expected_content
diff --git a/ansible/roles/package-repository/tasks/main.yml b/ansible/roles/package-repository/tasks/main.yml
index 4949345a..599e1052 100644
--- a/ansible/roles/package-repository/tasks/main.yml
+++ b/ansible/roles/package-repository/tasks/main.yml
@@ -5,7 +5,6 @@
path: /etc/resolv.conf
state: present
insertbefore: BOF
- become: true
- name: Disable all OS default repositories
block:
@@ -20,7 +19,7 @@
- name: Backup repo files
copy:
- remote_src: yes
+ remote_src: true
src: "{{ item.path }}"
dest: "{{ item.path }}.disabled"
loop: "{{ repo_files.files }}"
@@ -32,7 +31,6 @@
state: absent
loop: "{{ repo_files.files }}"
when: "(item.path | basename | splitext)[0] not in package_repositories_names"
- become: yes
- name: Add application offline package repository
yum_repository:
@@ -44,4 +42,3 @@
enabled: "{{ item.enabled | default(false) }}"
state: "{{ item.state | default('present') }}"
loop: "{{ package_repositories }}"
- become: true
diff --git a/ansible/roles/setup/.yamllint b/ansible/roles/setup/.yamllint
new file mode 100644
index 00000000..3a2255e4
--- /dev/null
+++ b/ansible/roles/setup/.yamllint
@@ -0,0 +1,13 @@
+extends: default
+
+rules:
+ braces:
+ max-spaces-inside: 1
+ level: error
+ brackets:
+ max-spaces-inside: 1
+ level: error
+ line-length: disable
+ # NOTE(retr0h): Templates no longer fail this lint rule.
+ # Uncomment if running old Molecule templates.
+ # truthy: disable
diff --git a/ansible/roles/setup/defaults/main.yml b/ansible/roles/setup/defaults/main.yml
index e7e89721..050589e7 100644
--- a/ansible/roles/setup/defaults/main.yml
+++ b/ansible/roles/setup/defaults/main.yml
@@ -1,3 +1,3 @@
---
ssh_dir: ~/.ssh
-offline_ssh_key_file_name: offline_ssh_key \ No newline at end of file
+offline_ssh_key_file_name: offline_ssh_key
diff --git a/ansible/roles/setup/molecule/default/Dockerfile.j2 b/ansible/roles/setup/molecule/default/Dockerfile.j2
new file mode 100644
index 00000000..0a605536
--- /dev/null
+++ b/ansible/roles/setup/molecule/default/Dockerfile.j2
@@ -0,0 +1,14 @@
+# Molecule managed
+
+{% if item.registry is defined %}
+FROM {{ item.registry.url }}/{{ item.image }}
+{% else %}
+FROM {{ item.image }}
+{% endif %}
+
+RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \
+ elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python2-dnf bash && dnf clean all; \
+ elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl bash && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \
+ elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml && zypper clean -a; \
+ elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates; \
+ elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates && xbps-remove -O; fi
diff --git a/ansible/roles/setup/molecule/default/molecule.yml b/ansible/roles/setup/molecule/default/molecule.yml
new file mode 100644
index 00000000..1e9a4c19
--- /dev/null
+++ b/ansible/roles/setup/molecule/default/molecule.yml
@@ -0,0 +1,20 @@
+---
+dependency:
+ name: galaxy
+driver:
+ name: docker
+lint:
+ name: yamllint
+platforms:
+ - name: instance
+ image: ${PLATFORM_DISTRO:-centos}:${DISTRO_VERSION:-7}
+provisioner:
+ name: ansible
+ lint:
+ name: ansible-lint
+scenario:
+ name: default
+verifier:
+ name: testinfra
+ lint:
+ name: flake8
diff --git a/ansible/roles/setup/molecule/default/playbook.yml b/ansible/roles/setup/molecule/default/playbook.yml
new file mode 100644
index 00000000..19a90501
--- /dev/null
+++ b/ansible/roles/setup/molecule/default/playbook.yml
@@ -0,0 +1,5 @@
+---
+- name: Converge
+ hosts: all
+ roles:
+ - role: setup
diff --git a/ansible/roles/setup/molecule/default/tests/test_default.py b/ansible/roles/setup/molecule/default/tests/test_default.py
new file mode 100644
index 00000000..6bf6b6ba
--- /dev/null
+++ b/ansible/roles/setup/molecule/default/tests/test_default.py
@@ -0,0 +1,30 @@
+import os
+import pytest
+from os.path import expanduser
+
+import testinfra.utils.ansible_runner
+
+testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
+ os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all')
+
+
+@pytest.fixture
+def get_vars(host):
+ defaults_files = "file=../../defaults/main.yml name=role_defaults"
+ ansible_vars = host.ansible(
+ "include_vars",
+ defaults_files)["ansible_facts"]["role_defaults"]
+ return ansible_vars
+
+
+def test_authorized_keys(host, get_vars):
+ public_key_file = get_vars['offline_ssh_key_file_name'] + '.pub'
+ with open(expanduser("~") + '/.ssh/' + public_key_file, 'r') as pkf:
+ public_key_content = pkf.read().strip()
+
+ f = host.file('/root/.ssh/authorized_keys')
+ assert f.exists
+ assert f.user == 'root'
+ assert f.group == 'root'
+ assert oct(f.mode) == '0o600'
+ assert f.content_string == public_key_content
diff --git a/ansible/roles/setup/tasks/main.yml b/ansible/roles/setup/tasks/main.yml
index 5ffcbab9..1003370b 100644
--- a/ansible/roles/setup/tasks/main.yml
+++ b/ansible/roles/setup/tasks/main.yml
@@ -25,6 +25,5 @@
user: root
state: present
key: "{{ lookup('file', public_key) }}"
- become: true
vars:
public_key: "{{ ssh_dir }}/{{ offline_ssh_key_file_name }}.pub"
diff --git a/ansible/test/roles/prepare-firewall/defaults/main.yml b/ansible/test/roles/prepare-firewall/defaults/main.yml
new file mode 100644
index 00000000..b450099a
--- /dev/null
+++ b/ansible/test/roles/prepare-firewall/defaults/main.yml
@@ -0,0 +1,5 @@
+---
+firewall:
+ package_name:
+ RedHat: 'firewalld'
+ Debian: 'ufw'
diff --git a/ansible/test/roles/prepare-firewall/tasks/main.yml b/ansible/test/roles/prepare-firewall/tasks/main.yml
new file mode 100644
index 00000000..a997d14f
--- /dev/null
+++ b/ansible/test/roles/prepare-firewall/tasks/main.yml
@@ -0,0 +1,11 @@
+---
+- name: Install firewall
+ package:
+ name: "{{ firewall.package_name[ansible_facts.os_family] }}"
+ state: present
+
+- name: Start and enable firewall
+ service:
+ name: "{{ firewall.package_name[ansible_facts.os_family] }}"
+ state: started
+ enabled: true