19 files changed, 228 insertions, 10 deletions

diff --git a/ansible/roles/nfs/molecule/default/cleanup.yml b/ansible/roles/nfs/molecule/default/cleanup.yml
new file mode 100644
index 00000000..a085bd5a
--- /dev/null
+++ b/ansible/roles/nfs/molecule/default/cleanup.yml
@@ -0,0 +1,6 @@
+---
+- name: Cleanup
+  hosts: all
+  ignore_unreachable: true
+  roles:
+    - cleanup-nfs
diff --git a/ansible/roles/nfs/molecule/default/host_vars/kubernetes-node-1.yml b/ansible/roles/nfs/molecule/default/host_vars/kubernetes-node-1.yml
new file mode 100644
index 00000000..27a521b7
--- /dev/null
+++ b/ansible/roles/nfs/molecule/default/host_vars/kubernetes-node-1.yml
@@ -0,0 +1,2 @@
+---
+cluster_ip: "{{ ansible_default_ipv4.address }}"
diff --git a/ansible/roles/nfs/molecule/default/host_vars/kubernetes-node-2.yml b/ansible/roles/nfs/molecule/default/host_vars/kubernetes-node-2.yml
new file mode 100644
index 00000000..27a521b7
--- /dev/null
+++ b/ansible/roles/nfs/molecule/default/host_vars/kubernetes-node-2.yml
@@ -0,0 +1,2 @@
+---
+cluster_ip: "{{ ansible_default_ipv4.address }}"
diff --git a/ansible/roles/nfs/molecule/default/molecule.yml b/ansible/roles/nfs/molecule/default/molecule.yml
index 71e08d03..f6610ece 100644
--- a/ansible/roles/nfs/molecule/default/molecule.yml
+++ b/ansible/roles/nfs/molecule/default/molecule.yml
@@ -14,6 +14,7 @@ platforms:
     groups:
       - kubernetes
       - nfs-server
+    purge_networks: true
     networks:
       - name: nfs-net
     volumes:
@@ -27,15 +28,21 @@ platforms:
     command: ${MOLECULE_DOCKER_COMMAND:-""}
     groups:
       - kubernetes
+    purge_networks: true
     networks:
       - name: nfs-net
     volumes:
       - /sys/fs/cgroup:/sys/fs/cgroup:ro
 provisioner:
   name: ansible
+  playbooks:
+    cleanup: cleanup.yml
+  env:
+    ANSIBLE_ROLES_PATH: "../../../../test/roles"
   inventory:
     links:
       group_vars: ../../../../group_vars
+      host_vars: host_vars
   lint:
     name: ansible-lint
 verifier:
diff --git a/ansible/roles/nfs/molecule/default/tests/test_kubernetes-server.py b/ansible/roles/nfs/molecule/default/tests/test_kubernetes-server.py
index b702a73d..0e3710cf 100644
--- a/ansible/roles/nfs/molecule/default/tests/test_kubernetes-server.py
+++ b/ansible/roles/nfs/molecule/default/tests/test_kubernetes-server.py
@@ -1,5 +1,6 @@
 import os
 
+import testinfra
 import testinfra.utils.ansible_runner
 
 testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
@@ -7,9 +8,11 @@ testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
 
 
 def test_nfs_mount(host):
+    node1_ip = testinfra.get_host("docker://kubernetes-node-1").interface(
+        "eth0").addresses[0]
     mp = host.mount_point("/dockerdata-nfs")
     assert mp.exists
-    assert mp.filesystem == "nfs"
-    assert mp.device == "kubernetes-node-1:/dockerdata-nfs"
+    assert mp.filesystem == "nfs" or mp.filesystem == "nfs4"
+    assert mp.device == node1_ip + ":/dockerdata-nfs"
     assert host.file("/etc/fstab").\
-        contains("kubernetes-node-1:/dockerdata-nfs /dockerdata-nfs nfs")
+        contains(node1_ip + ":/dockerdata-nfs /dockerdata-nfs nfs")
diff --git a/ansible/roles/nfs/molecule/default/tests/test_nfs-server.py b/ansible/roles/nfs/molecule/default/tests/test_nfs-server.py
index 078c653e..88ba0a61 100644
--- a/ansible/roles/nfs/molecule/default/tests/test_nfs-server.py
+++ b/ansible/roles/nfs/molecule/default/tests/test_nfs-server.py
@@ -1,6 +1,7 @@
 import os
 import pytest
 
+import testinfra
 import testinfra.utils.ansible_runner
 
 testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
@@ -19,7 +20,9 @@ def test_svc(host, svc):
 
 
 def test_exports(host):
-    f = host.file("/etc/exports")
+    node2_ip = testinfra.get_host("docker://kubernetes-node-2").interface(
+        "eth0").addresses[0]
+    f = host.file("/etc/exports.d/dockerdata-nfs.exports")
     assert f.exists
     assert f.content_string == \
-        """/dockerdata-nfs  kubernetes-node-2(rw,sync,no_root_squash,no_subtree_check)"""  # noqa: E501
+        """/dockerdata-nfs  """ + node2_ip + """(rw,sync,no_root_squash,no_subtree_check)"""  # noqa: E501
diff --git a/ansible/roles/nfs/tasks/main.yml b/ansible/roles/nfs/tasks/main.yml
index e7580b66..1d848876 100644
--- a/ansible/roles/nfs/tasks/main.yml
+++ b/ansible/roles/nfs/tasks/main.yml
@@ -23,7 +23,7 @@
     - name: Add hosts to exports
       template:
         src: exports.j2
-        dest: /etc/exports
+        dest: /etc/exports.d/dockerdata-nfs.exports
       notify:
         - reload nfs
   when:
@@ -35,7 +35,7 @@
 - name: Mount dockerdata-nfs
   mount:
     path: "{{ nfs_mount_path }}"
-    src: "{{ hostvars[groups['nfs-server'].0].ansible_host | default(hostvars[groups['nfs-server'].0].inventory_hostname) }}:{{ nfs_mount_path }}"
+    src: "{{ hostvars[groups['nfs-server'].0].cluster_ip }}:{{ nfs_mount_path }}"
     fstype: nfs
     state: mounted
   when:
diff --git a/ansible/roles/nfs/templates/exports.j2 b/ansible/roles/nfs/templates/exports.j2
index 465c9d21..f49c4999 100644
--- a/ansible/roles/nfs/templates/exports.j2
+++ b/ansible/roles/nfs/templates/exports.j2
@@ -1,3 +1,3 @@
 {% for host in groups.kubernetes | difference(groups['nfs-server']) -%}
-    {{ nfs_mount_path }}  {{ hostvars[host].ansible_host | default(hostvars[host].inventory_hostname) }}(rw,sync,no_root_squash,no_subtree_check)
+    {{ nfs_mount_path }}  {{ hostvars[host].cluster_ip }}(rw,sync,no_root_squash,no_subtree_check)
 {% endfor %}
diff --git a/ansible/roles/rancher/.yamllint b/ansible/roles/rancher/.yamllint
new file mode 100644
index 00000000..ad0be760
--- /dev/null
+++ b/ansible/roles/rancher/.yamllint
@@ -0,0 +1,11 @@
+extends: default
+
+rules:
+  braces:
+    max-spaces-inside: 1
+    level: error
+  brackets:
+    max-spaces-inside: 1
+    level: error
+  line-length: disable
+  truthy: disable
diff --git a/ansible/roles/rancher/defaults/main.yml b/ansible/roles/rancher/defaults/main.yml
index 8edc5180..6ab52e64 100644
--- a/ansible/roles/rancher/defaults/main.yml
+++ b/ansible/roles/rancher/defaults/main.yml
@@ -2,3 +2,5 @@
 rancher_server_url: "http://{{ hostvars[groups.infrastructure.0].ansible_host }}:8080"
 rancher_remove_other_env: true
 rancher_redeploy_k8s_env: true
+rancher_cluster_health_state: healthy
+rancher_cluster_health_check_retries: 30
diff --git a/ansible/roles/rancher/molecule/default/cleanup.yml b/ansible/roles/rancher/molecule/default/cleanup.yml
new file mode 100644
index 00000000..13b48278
--- /dev/null
+++ b/ansible/roles/rancher/molecule/default/cleanup.yml
@@ -0,0 +1,14 @@
+---
+- name: Cleanup host
+  hosts: localhost
+  roles:
+    - role: cleanup-containers
+      vars:
+        container_list:
+          - rancher-agent
+          - rancher-server
+          # For some reason getting error "Device busy error" when trying to delete directory with root privileges and rancher-containers not anymore running.
+          # - role: cleanup-directories
+          #  vars:
+          #    directories_files_list_to_remove:
+          #      - /var/lib/rancher/
diff --git a/ansible/roles/rancher/molecule/default/group_vars/all.yml b/ansible/roles/rancher/molecule/default/group_vars/all.yml
new file mode 100644
index 00000000..107377cf
--- /dev/null
+++ b/ansible/roles/rancher/molecule/default/group_vars/all.yml
@@ -0,0 +1,2 @@
+---
+app_name: molecule-test-app
diff --git a/ansible/roles/rancher/molecule/default/molecule.yml b/ansible/roles/rancher/molecule/default/molecule.yml
new file mode 100644
index 00000000..e6152d55
--- /dev/null
+++ b/ansible/roles/rancher/molecule/default/molecule.yml
@@ -0,0 +1,91 @@
+---
+dependency:
+  name: galaxy
+driver:
+  name: docker
+lint:
+  name: yamllint
+platforms:
+  - name: infrastructure-server
+    image: molecule-${PREBUILD_PLATFORM_DISTRO:-centos}:${PREBUILD_DISTRO_VERSION:-centos7.6}
+    pre_build_image: true
+    privileged: true
+    override_command: false
+    restart_policy: unless-stopped
+    env:
+      container: docker
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - /var/lib/rancher:/var/lib/rancher:ro
+    groups:
+      - infrastructure
+    networks:
+      - name: rancher
+
+  - name: kubernetes-node-1
+    image: molecule-${PREBUILD_PLATFORM_DISTRO:-centos}:${PREBUILD_DISTRO_VERSION:-centos7.6}
+    pre_build_image: true
+    privileged: true
+    override_command: false
+    restart_policy: unless-stopped
+    env:
+      container: docker
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - /var/lib/rancher:/var/lib/rancher:ro
+    groups:
+      - kubernetes
+    networks:
+      - name: rancher
+
+provisioner:
+  name: ansible
+  env:
+    ANSIBLE_ROLES_PATH: ../../../../test/roles
+    ANSIBLE_LIBRARY: ../../../../library
+  inventory:
+    links:
+      group_vars: ../../../../group_vars
+    # 1) When running with molecule-dev container, use this definition and comment out localhost under host_vars (2)
+    hosts:
+      all:
+        hosts:
+          localhost:
+            ansible_connection: ssh
+            ansible_host: ${LOCALHOST_ANSIBLE_HOST:-""}
+            ansible_user: ${LOCALHOST_ANSIBLE_USER:-""}
+            ansible_password: ${LOCALHOST_ANSIBLE_PASSWORD:-""}
+            ansible_sudo_pass: ${LOCALHOST_ANSIBLE_SUDO_PASS:-""}
+            # end of 1)
+            # 2) When running with native molecule installation, use this definition and comment out hosts section under inventory (1)
+            # host_vars:
+            # localhost:
+            #   ansible_sudo_pass: ${LOCALHOST_ANSIBLE_SUDO_PASS:-""}
+            #   ansible_ssh_pass: ${LOCALHOST_ANSIBLE_PASSWORD:-""}
+            # End of 2)
+  lint:
+    name: ansible-lint
+scenario:
+  name: default
+  test_sequence:
+    - lint
+    - cleanup
+    - destroy
+    - dependency
+    - syntax
+    - create
+    - prepare
+    - converge
+    # - idempotence
+    # --> Action: 'idempotence'
+    # ERROR: Idempotence test failed because of the following tasks:
+    # * [infrastructure-server] => rancher : Create rancher kubernetes environment
+    # * [kubernetes-node-1] => rancher : Add Rancher Agent
+    - side_effect
+    - verify
+    - cleanup
+    - destroy
+verifier:
+  name: testinfra
+  lint:
+    name: flake8
diff --git a/ansible/roles/rancher/molecule/default/playbook.yml b/ansible/roles/rancher/molecule/default/playbook.yml
new file mode 100644
index 00000000..e0ef086c
--- /dev/null
+++ b/ansible/roles/rancher/molecule/default/playbook.yml
@@ -0,0 +1,28 @@
+---
+- name: Converge rancher master
+  hosts: infrastructure
+  roles:
+    - prepare-common  # molecule specific role needed here to populate cluster_ip
+    - role: rancher
+      vars:
+        mode: server
+        rancher_server_url: "http://{{ cluster_ip }}:8080"
+
+- name: Converge rancher agent
+  hosts: kubernetes
+  roles:
+    - role: rancher
+      vars:
+        mode: agent
+
+- name: Wait for Kubernetes environment to be healthy
+  hosts: infrastructure
+  roles:
+    - role: rancher
+      vars:
+        mode: health
+        rancher_server_url: "http://{{ cluster_ip }}:8080"
+        # Do not get rancher cluster healthy in this env (to be checked),
+        # but it's enough in molecule test to verify we get this unhealthy response
+        rancher_cluster_health_state: unhealthy
+        rancher_cluster_health_check_retries: 40
diff --git a/ansible/roles/rancher/molecule/default/prepare.yml b/ansible/roles/rancher/molecule/default/prepare.yml
new file mode 100644
index 00000000..90159c6c
--- /dev/null
+++ b/ansible/roles/rancher/molecule/default/prepare.yml
@@ -0,0 +1,5 @@
+---
+- name: Prepare kube nodes
+  hosts: kubernetes
+  roles:
+    - prepare-docker
diff --git a/ansible/roles/rancher/tasks/rancher_health.yml b/ansible/roles/rancher/tasks/rancher_health.yml
index b0323739..b6e8d68b 100644
--- a/ansible/roles/rancher/tasks/rancher_health.yml
+++ b/ansible/roles/rancher/tasks/rancher_health.yml
@@ -3,6 +3,6 @@
   uri:
     url: "{{ rancher_server_url }}/v2-beta/projects/{{ k8s_env_id }}"
   register: env_info
-  retries: 30
+  retries: "{{ rancher_cluster_health_check_retries }}"
   delay: 15
-  until: "env_info.json.healthState == 'healthy'"
+  until: env_info.json.healthState == rancher_cluster_health_state
diff --git a/ansible/test/roles/cleanup-containers/tasks/main.yml b/ansible/test/roles/cleanup-containers/tasks/main.yml
new file mode 100644
index 00000000..3a800c9e
--- /dev/null
+++ b/ansible/test/roles/cleanup-containers/tasks/main.yml
@@ -0,0 +1,6 @@
+---
+- name: Remove containers
+  docker_container:
+    name: "{{ item }}"
+    state: absent
+  loop: "{{ container_list }}"
diff --git a/ansible/test/roles/cleanup-nfs/tasks/main.yml b/ansible/test/roles/cleanup-nfs/tasks/main.yml
new file mode 100644
index 00000000..e0ca4a41
--- /dev/null
+++ b/ansible/test/roles/cleanup-nfs/tasks/main.yml
@@ -0,0 +1,5 @@
+- name: "Unmount /dockerdata-nfs if mounted"
+  ignore_errors: true
+  mount:
+    path: /dockerdata-nfs
+    state: unmounted
diff --git a/ansible/test/roles/prepare-common/tasks/main.yml b/ansible/test/roles/prepare-common/tasks/main.yml
new file mode 100644
index 00000000..11dcbe71
--- /dev/null
+++ b/ansible/test/roles/prepare-common/tasks/main.yml
@@ -0,0 +1,31 @@
+---
+- name: Fetch docker host ip
+  block:
+    - name: Get docker host ip to access host where container running (as dood)
+      shell: |
+        set -o pipefail
+        ip route | awk '/default/ { print $3 }'
+      args:
+        executable: /bin/bash
+      register: ip
+      changed_when: false
+
+    - name: "set docker host ip {{ ip.stdout }} for cluster_ip"
+      set_fact:
+        cluster_ip: "{{ ip.stdout }}"
+  when: inventory_hostname != 'localhost'
+
+- name: Set fact for localhost OS
+  block:
+    - name: set localhost fact
+      set_fact:
+        localhost_ansible_os_family: "{{ hostvars['localhost'].ansible_os_family }}"
+
+    - name: debug
+      debug:
+        var: localhost_ansible_os_family
+  when: hostvars['localhost'].ansible_os_family is defined
+
+- name: debug
+  debug:
+    var: ansible_os_family
\ No newline at end of file