diff options
Diffstat (limited to 'ansible')
12 files changed, 170 insertions, 3 deletions
diff --git a/ansible/infrastructure.yml b/ansible/infrastructure.yml index e49ee919..ce4d4d72 100644 --- a/ansible/infrastructure.yml +++ b/ansible/infrastructure.yml @@ -28,4 +28,4 @@ name: certificates tasks_from: upload_root_ca.yml vars: - certificates_local_dir: certs + certificates_local_dir: "{{ playbook_dir }}/certs" diff --git a/ansible/roles/certificates/.yamllint b/ansible/roles/certificates/.yamllint new file mode 100644 index 00000000..e8e79a57 --- /dev/null +++ b/ansible/roles/certificates/.yamllint @@ -0,0 +1,11 @@ +extends: default + +rules: + braces: + max-spaces-inside: 1 + level: error + brackets: + max-spaces-inside: 1 + level: error + line-length: disable +# truthy: disable diff --git a/ansible/roles/certificates/defaults/main.yml b/ansible/roles/certificates/defaults/main.yml index 260ba966..ad3422c9 100644 --- a/ansible/roles/certificates/defaults/main.yml +++ b/ansible/roles/certificates/defaults/main.yml @@ -1,4 +1,4 @@ --- # Generate certs to local current dir where ansible in run (= playbook_dir) # After ansible run, dir can be deleted but idempotence is lost and certs are re-generated in next run -certificates_local_dir: certs +certificates_local_dir: "{{ playbook_dir }}/certs" diff --git a/ansible/roles/certificates/molecule/default/.gitignore b/ansible/roles/certificates/molecule/default/.gitignore new file mode 100644 index 00000000..df912870 --- /dev/null +++ b/ansible/roles/certificates/molecule/default/.gitignore @@ -0,0 +1 @@ +certs/ diff --git a/ansible/roles/certificates/molecule/default/group_vars/all.yml b/ansible/roles/certificates/molecule/default/group_vars/all.yml new file mode 100644 index 00000000..6e528ae0 --- /dev/null +++ b/ansible/roles/certificates/molecule/default/group_vars/all.yml @@ -0,0 +1,7 @@ +--- +certificates: + organization_name: MoleculeTesters + state_or_province_name: Poland + country_name: PL + locality_name: Krakow +app_data_path: /opt/moleculetestapp diff --git a/ansible/roles/certificates/molecule/default/host_vars/infrastructure-server.yml b/ansible/roles/certificates/molecule/default/host_vars/infrastructure-server.yml new file mode 100644 index 00000000..67b7ac9e --- /dev/null +++ b/ansible/roles/certificates/molecule/default/host_vars/infrastructure-server.yml @@ -0,0 +1,2 @@ +--- +cluster_ip: 1.2.3.4 diff --git a/ansible/roles/certificates/molecule/default/molecule.yml b/ansible/roles/certificates/molecule/default/molecule.yml new file mode 100644 index 00000000..50c862b7 --- /dev/null +++ b/ansible/roles/certificates/molecule/default/molecule.yml @@ -0,0 +1,71 @@ +--- +dependency: + name: galaxy +driver: + name: docker +lint: + name: yamllint +platforms: + - name: infrastructure-server + image: molecule-${PREBUILD_PLATFORM_DISTRO:-centos}:${PREBUILD_DISTRO_VERSION:-centos7.6} + pre_build_image: true + privileged: true + command: ${MOLECULE_DOCKER_COMMAND:-""} + env: + container: docker + groups: + - infrastructure + + - name: kubernetes-node-1 + image: molecule-${PREBUILD_PLATFORM_DISTRO:-centos}:${PREBUILD_DISTRO_VERSION:-centos7.6} + pre_build_image: true + privileged: true + command: ${MOLECULE_DOCKER_COMMAND:-""} + env: + container: docker + groups: + - kubernetes +provisioner: + name: ansible + log: true + lint: + name: ansible-lint + env: + ANSIBLE_ROLES_PATH: ../../../../test/roles + ANSIBLE_LIBRARY: ../../../../library + inventory: + links: + group_vars: ../../../../group_vars/ +scenario: + name: default + test_sequence: + - lint + - cleanup + - destroy + - dependency + - syntax + - create + - prepare + - converge + # - idempotence + # --> Action: 'idempotence' + # ERROR: Idempotence test failed because of the following tasks: + # * [infrastructure-server -> localhost] => certificates : Generate an OpenSSL CSR. + # * [infrastructure-server -> localhost] => certificates : Generate root CA certificate + # * [infrastructure-server] => certificates : Upload certificates to infrastructure server + # * [infrastructure-server] => certificates : Copy root certificate + # * [infrastructure-server] => certificates : Extract root certificate + # * [infrastructure-server] => docker : Setup docker dns settings + # * [kubernetes-node-1] => certificates : Copy root certificate + # * [kubernetes-node-1] => certificates : Extract root certificate + # * [kubernetes-node-1] => certificates : Extract root certificate + - side_effect + - verify + - cleanup + - destroy +verifier: + name: testinfra + options: + verbose: true + lint: + name: flake8 diff --git a/ansible/roles/certificates/molecule/default/playbook.yml b/ansible/roles/certificates/molecule/default/playbook.yml new file mode 100644 index 00000000..5dcd42ee --- /dev/null +++ b/ansible/roles/certificates/molecule/default/playbook.yml @@ -0,0 +1,17 @@ +--- +- name: Infra + hosts: infrastructure + roles: + - certificates + - docker # docker role needed here just because of docker restart handler + +- name: Kube + hosts: kubernetes + roles: + - docker # docker role needed here just because of docker restart handler + tasks: + - include_role: + name: certificates + tasks_from: upload_root_ca.yml + vars: + certificates_local_dir: certs diff --git a/ansible/roles/certificates/molecule/default/prepare.yml b/ansible/roles/certificates/molecule/default/prepare.yml new file mode 100644 index 00000000..8df759c9 --- /dev/null +++ b/ansible/roles/certificates/molecule/default/prepare.yml @@ -0,0 +1,5 @@ +--- +- name: Prepare infra + hosts: all + roles: + - prepare-docker diff --git a/ansible/roles/certificates/molecule/default/tests/test_default.py b/ansible/roles/certificates/molecule/default/tests/test_default.py new file mode 100644 index 00000000..d4314e56 --- /dev/null +++ b/ansible/roles/certificates/molecule/default/tests/test_default.py @@ -0,0 +1,20 @@ +import os +import pytest + +import testinfra.utils.ansible_runner + +testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( + os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') + + +@pytest.mark.parametrize('cert_file', [ + 'rootCA.crt' +]) +def test_cert_file_installed(host, cert_file): + os = host.system_info.distribution + if os == "centos": + f = host.file('/etc/pki/ca-trust/source/anchors/' + cert_file) + + assert f.exists + assert f.user == 'root' + assert f.group == 'root' diff --git a/ansible/roles/certificates/molecule/default/tests/test_infrastructure.py b/ansible/roles/certificates/molecule/default/tests/test_infrastructure.py new file mode 100644 index 00000000..56b12935 --- /dev/null +++ b/ansible/roles/certificates/molecule/default/tests/test_infrastructure.py @@ -0,0 +1,33 @@ +import os +import pytest + +import testinfra.utils.ansible_runner + +testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( + os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('infrastructure') + + +@pytest.fixture +def group_vars(host): + all_file = "file=group_vars/all.yml name=all" + return host.ansible("include_vars", all_file)["ansible_facts"]["all"] + + +@pytest.mark.parametrize('cert_file', [ + 'nexus_server.crt', + 'nexus_server.csr', + 'nexus_server.key', + 'rootCA.crt', + 'rootCA.csr', + 'rootCA.key' +]) +def test_generated_cert_files_copied_to_infra(host, cert_file, group_vars): + f = host.file(group_vars["app_data_path"] + '/certs/' + cert_file) + assert f.exists + assert f.user == 'root' + assert f.group == 'root' + + # Verify cert files content locally is as in node + with open("certs/" + cert_file) as local_cert_file: + local_content = local_cert_file.read().strip() + assert local_content == f.content_string diff --git a/ansible/roles/nexus/tasks/configure.yml b/ansible/roles/nexus/tasks/configure.yml index 7e6c20e0..1a885dbd 100644 --- a/ansible/roles/nexus/tasks/configure.yml +++ b/ansible/roles/nexus/tasks/configure.yml @@ -20,7 +20,7 @@ body: name: configure type: groovy - content: "{{ lookup('file', 'files/configure.groovy') }}" + content: "{{ lookup('file', '{{ role_path }}/files/configure.groovy') }}" status_code: [204] - name: "execute configuration script" uri: |