diff options
Diffstat (limited to 'ansible')
46 files changed, 688 insertions, 59 deletions
diff --git a/ansible/ansible.cfg b/ansible/ansible.cfg index 0978b814..b92f885f 100644 --- a/ansible/ansible.cfg +++ b/ansible/ansible.cfg @@ -1,9 +1,9 @@ [defaults] - # Define any custom roles used by applications installed by installer # this parameter is telling ansible what additional folder it should # browse while looking up for roles code # relative path ./application is mapped into ansible container under # /ansible/application where application roles should be found roles_path = /ansible/application +# Set log file log_path = /ansible/log/ansible.log diff --git a/ansible/infrastructure.yml b/ansible/infrastructure.yml index 7fdbd2e1..2322c8bb 100644 --- a/ansible/infrastructure.yml +++ b/ansible/infrastructure.yml @@ -8,20 +8,20 @@ - name: Setup infrastructure servers hosts: infrastructure roles: - - chrony - package-repository-check - certificates - docker - dns - vncserver - nginx + - chrony - nexus - name: Setup base for Kubernetes nodes hosts: kubernetes:!infrastructure roles: - - chrony - package-repository-check + - chrony - docker tasks: - include_role: diff --git a/ansible/roles/application/molecule/ubuntu/molecule.yml b/ansible/roles/application/molecule/ubuntu/molecule.yml new file mode 100644 index 00000000..2fde35a2 --- /dev/null +++ b/ansible/roles/application/molecule/ubuntu/molecule.yml @@ -0,0 +1,64 @@ +--- +dependency: + name: galaxy +driver: + name: docker +lint: + name: yamllint +platforms: + - name: instance + image: ubuntu:18.04 + dockerfile: ../default/Dockerfile.j2 +provisioner: + name: ansible + env: + ANSIBLE_ROLES_PATH: ../../../../test/roles + inventory: + group_vars: + all: + app_name: moleculetestapp + app_data_path: "/opt/{{ app_name }}" + app_helm_release_name: "{{ app_name }}" + app_kubernetes_namespace: "{{ app_name }}" + app_helm_charts_install_directory: application/helm_charts + app_helm_plugins_directory: "{{ app_helm_charts_install_directory}}/helm/plugins/" + app_helm_charts_infra_directory: "{{ app_data_path }}/helm_charts" + helm_bin_dir: /usr/local/bin + app_helm_build_targets: + - all + - onap + app_helm_chart_name: "{{ app_name }}" + lint: + name: ansible-lint + playbooks: + prepare: ../default/prepare.yml + converge: ../default/playbook.yml + cleanup: ../default/cleanup.yml +scenario: + name: ubuntu + test_sequence: + - lint + - cleanup + - destroy + - dependency + - syntax + - create + - prepare + - converge + # - idempotence + # --> Action: 'idempotence' + # ERROR: Idempotence test failed because of the following tasks: + # * [instance] => application : Get helm dir + # * [instance] => application : Helm init and upgrade + # * [instance] => application : Helm Serve + # * [instance] => application : Helm Add Repo + # * [instance] => application : Helm Install application moleculetestapp + - side_effect + - verify + - cleanup + - destroy +verifier: + name: testinfra + lint: + name: flake8 + directory: ../default/tests/ diff --git a/ansible/roles/application/tasks/install.yml b/ansible/roles/application/tasks/install.yml index bee01e17..5cffdd07 100644 --- a/ansible/roles/application/tasks/install.yml +++ b/ansible/roles/application/tasks/install.yml @@ -49,6 +49,8 @@ - name: Build local helm repository make: chdir: "{{ app_helm_charts_infra_directory }}" + params: + SKIP_LINT: "TRUE" target: "{{ item }}" loop: "{{ app_helm_build_targets }}" environment: diff --git a/ansible/roles/certificates/defaults/main.yml b/ansible/roles/certificates/defaults/main.yml index ad3422c9..a8bc1769 100644 --- a/ansible/roles/certificates/defaults/main.yml +++ b/ansible/roles/certificates/defaults/main.yml @@ -2,3 +2,11 @@ # Generate certs to local current dir where ansible in run (= playbook_dir) # After ansible run, dir can be deleted but idempotence is lost and certs are re-generated in next run certificates_local_dir: "{{ playbook_dir }}/certs" +root_ca_path: + RedHat: "/etc/pki/ca-trust/source/anchors/" + Debian: "/usr/local/share/ca-certificates/" +extract_root_cert: + RedHat: + update_command: /usr/bin/update-ca-trust extract + Debian: + update_command: update-ca-certificates diff --git a/ansible/roles/certificates/handlers/main.yml b/ansible/roles/certificates/handlers/main.yml index 579b5228..ed80f53f 100644 --- a/ansible/roles/certificates/handlers/main.yml +++ b/ansible/roles/certificates/handlers/main.yml @@ -1,5 +1,5 @@ --- - name: Extract root certificate - command: /usr/bin/update-ca-trust extract + command: "{{ extract_root_cert[ansible_os_family].update_command }}" changed_when: true # this handler is executed just when there is a new cert notify: Restart Docker diff --git a/ansible/roles/certificates/molecule/default/tests/test_default.py b/ansible/roles/certificates/molecule/default/tests/test_default.py index d4314e56..16931fb7 100644 --- a/ansible/roles/certificates/molecule/default/tests/test_default.py +++ b/ansible/roles/certificates/molecule/default/tests/test_default.py @@ -12,8 +12,10 @@ testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( ]) def test_cert_file_installed(host, cert_file): os = host.system_info.distribution - if os == "centos": + if (os == "centos"): f = host.file('/etc/pki/ca-trust/source/anchors/' + cert_file) + if (os == "ubuntu"): + f = host.file('/usr/local/share/ca-certificates/' + cert_file) assert f.exists assert f.user == 'root' diff --git a/ansible/roles/certificates/molecule/default/tests/test_infrastructure.py b/ansible/roles/certificates/molecule/default/tests/test_infrastructure.py index 56b12935..6a0aec03 100644 --- a/ansible/roles/certificates/molecule/default/tests/test_infrastructure.py +++ b/ansible/roles/certificates/molecule/default/tests/test_infrastructure.py @@ -27,7 +27,13 @@ def test_generated_cert_files_copied_to_infra(host, cert_file, group_vars): assert f.user == 'root' assert f.group == 'root' + os = host.system_info.distribution + if (os == "centos"): + node_directory = "certs/" + elif (os == "ubuntu"): + node_directory = "../default/certs/" + # Verify cert files content locally is as in node - with open("certs/" + cert_file) as local_cert_file: + with open(node_directory + cert_file) as local_cert_file: local_content = local_cert_file.read().strip() assert local_content == f.content_string diff --git a/ansible/roles/certificates/molecule/ubuntu/.gitignore b/ansible/roles/certificates/molecule/ubuntu/.gitignore new file mode 100644 index 00000000..df912870 --- /dev/null +++ b/ansible/roles/certificates/molecule/ubuntu/.gitignore @@ -0,0 +1 @@ +certs/ diff --git a/ansible/roles/certificates/molecule/ubuntu/group_vars b/ansible/roles/certificates/molecule/ubuntu/group_vars new file mode 120000 index 00000000..5ce8257f --- /dev/null +++ b/ansible/roles/certificates/molecule/ubuntu/group_vars @@ -0,0 +1 @@ +../default/group_vars/
\ No newline at end of file diff --git a/ansible/roles/certificates/molecule/ubuntu/host_vars b/ansible/roles/certificates/molecule/ubuntu/host_vars new file mode 120000 index 00000000..a7046132 --- /dev/null +++ b/ansible/roles/certificates/molecule/ubuntu/host_vars @@ -0,0 +1 @@ +../default/host_vars/
\ No newline at end of file diff --git a/ansible/roles/certificates/molecule/ubuntu/molecule.yml b/ansible/roles/certificates/molecule/ubuntu/molecule.yml new file mode 100644 index 00000000..051379df --- /dev/null +++ b/ansible/roles/certificates/molecule/ubuntu/molecule.yml @@ -0,0 +1,69 @@ +--- +dependency: + name: galaxy +driver: + name: docker +lint: + name: yamllint +platforms: + - name: infrastructure-server + image: molecule-${PREBUILD_PLATFORM_DISTRO:-ubuntu}:${PREBUILD_DISTRO_VERSION:-18.04} + pre_build_image: true + privileged: true + command: ${MOLECULE_DOCKER_COMMAND:-""} + groups: + - infrastructure + - name: kubernetes-node-1 + image: molecule-${PREBUILD_PLATFORM_DISTRO:-ubuntu}:${PREBUILD_DISTRO_VERSION:-18.04} + pre_build_image: true + privileged: true + command: ${MOLECULE_DOCKER_COMMAND:-""} + groups: + - kubernetes +provisioner: + name: ansible + log: true + lint: + name: ansible-lint + env: + ANSIBLE_ROLES_PATH: ../../../../test/roles + ANSIBLE_LIBRARY: ../../../../library + playbooks: + converge: ../default/playbook.yml + inventory: + links: + group_vars: ../../../../group_vars/ +scenario: + name: ubuntu + test_sequence: + - lint + - cleanup + - destroy + - dependency + - syntax + - create + - prepare + - converge + # - idempotence + # --> Action: 'idempotence' + # ERROR: Idempotence test failed because of the following tasks: + # * [infrastructure-server -> localhost] => certificates : Generate an OpenSSL CSR. + # * [infrastructure-server -> localhost] => certificates : Generate root CA certificate + # * [infrastructure-server] => certificates : Upload certificates to infrastructure server + # * [infrastructure-server] => certificates : Copy root certificate + # * [infrastructure-server] => certificates : Extract root certificate + # * [infrastructure-server] => docker : Setup docker dns settings + # * [kubernetes-node-1] => certificates : Copy root certificate + # * [kubernetes-node-1] => certificates : Extract root certificate + # * [kubernetes-node-1] => certificates : Extract root certificate + - side_effect + - verify + - cleanup + - destroy +verifier: + name: testinfra + options: + verbose: true + lint: + name: flake8 + directory: ../default/tests diff --git a/ansible/roles/certificates/tasks/upload_root_ca.yml b/ansible/roles/certificates/tasks/upload_root_ca.yml index df50b693..d73446b4 100644 --- a/ansible/roles/certificates/tasks/upload_root_ca.yml +++ b/ansible/roles/certificates/tasks/upload_root_ca.yml @@ -2,6 +2,6 @@ - name: Copy root certificate copy: src: "{{ certificates_local_dir }}/rootCA.crt" - dest: /etc/pki/ca-trust/source/anchors/ + dest: "{{ root_ca_path[ansible_os_family] }}" notify: # handler is triggered just when file is changed - Extract root certificate diff --git a/ansible/roles/chrony/tasks/main.yml b/ansible/roles/chrony/tasks/main.yml index 69a11587..ae95c8e7 100644 --- a/ansible/roles/chrony/tasks/main.yml +++ b/ansible/roles/chrony/tasks/main.yml @@ -1,4 +1,10 @@ --- +- name: Install Chrony - Ubuntu + package: + name: "chrony" + state: present + when: ansible_distribution in ["Ubuntu","Debian"] + - name: Check if server mode set_fact: chrony_mode: 'server' diff --git a/ansible/roles/dns/molecule/ubuntu/group_vars b/ansible/roles/dns/molecule/ubuntu/group_vars new file mode 120000 index 00000000..e04e088f --- /dev/null +++ b/ansible/roles/dns/molecule/ubuntu/group_vars @@ -0,0 +1 @@ +../../../../group_vars/
\ No newline at end of file diff --git a/ansible/roles/dns/molecule/ubuntu/molecule.yml b/ansible/roles/dns/molecule/ubuntu/molecule.yml new file mode 100644 index 00000000..5428c04a --- /dev/null +++ b/ansible/roles/dns/molecule/ubuntu/molecule.yml @@ -0,0 +1,42 @@ +--- +dependency: + name: galaxy +driver: + name: docker +lint: + name: yamllint +platforms: + - name: infrastructure-server + image: molecule-${PREBUILD_PLATFORM_DISTRO:-ubuntu}:${PREBUILD_DISTRO_VERSION:-18.04} + pre_build_image: True + privileged: true + override_command: False + groups: + - infrastructure + volumes: + - /var/lib/docker +provisioner: + name: ansible + lint: + name: ansible-lint + env: + ANSIBLE_ROLES_PATH: ../../../../test/roles + ANSIBLE_LIBRARY: ../../../../library + playbooks: + prepare: ../default/prepare.yml + converge: ../default/playbook.yml + cleanup: ../default/cleanup.yml + inventory: + host_vars: + infrastructure-server: + cluster_ip: 127.0.0.1 + group_vars: + all: + app_name: onap + app_data_path: "/opt/{{ app_name }}" +scenario: + name: ubuntu +verifier: + name: testinfra + lint: + name: flake8 diff --git a/ansible/roles/dns/tasks/main.yml b/ansible/roles/dns/tasks/main.yml index 8a7f8bca..bfdd83b4 100644 --- a/ansible/roles/dns/tasks/main.yml +++ b/ansible/roles/dns/tasks/main.yml @@ -4,6 +4,12 @@ path: "{{ app_data_path }}/cfg" state: directory +- name: Stop systemd-resolved daemon - Ubuntu + systemd: + name: systemd-resolved + state: stopped + when: ansible_distribution in ["Ubuntu","Debian"] + - name: Create simulated hostnames file template: src: simulated_hosts.j2 diff --git a/ansible/roles/docker/defaults/main.yml b/ansible/roles/docker/defaults/main.yml index 1922f64b..33a86e2d 100644 --- a/ansible/roles/docker/defaults/main.yml +++ b/ansible/roles/docker/defaults/main.yml @@ -2,3 +2,11 @@ docker: log_max_size: 100m log_max_file: 3 +packages: + RedHat: + - python-docker-py + - python-jsonpointer + Debian: + - python3-docker + - python3-json-pointer + - iproute2 diff --git a/ansible/roles/docker/molecule/default/molecule.yml b/ansible/roles/docker/molecule/default/molecule.yml index 1e800ee9..efa7f0ae 100644 --- a/ansible/roles/docker/molecule/default/molecule.yml +++ b/ansible/roles/docker/molecule/default/molecule.yml @@ -29,6 +29,8 @@ provisioner: host_vars: infrastructure-server: cluster_ip: 1.2.3.4 +scenario: + name: default verifier: name: testinfra options: diff --git a/ansible/roles/docker/molecule/default/tests/test_default.py b/ansible/roles/docker/molecule/default/tests/test_default.py index a8adeb65..a73572fd 100644 --- a/ansible/roles/docker/molecule/default/tests/test_default.py +++ b/ansible/roles/docker/molecule/default/tests/test_default.py @@ -1,5 +1,6 @@ import os import pytest +import json import testinfra.utils.ansible_runner @@ -23,13 +24,9 @@ def test_docker_daemon_file(host): assert f.exists assert f.user == 'root' assert f.group == 'root' - assert f.content_string == """{ - "log-opts": { - "max-size": "100m", - "max-file": "3" - }, - "dns": [ - "1.2.3.4" - ], - "log-driver": "json-file" -}""" + print(f.content_string) + json_data = json.loads(f.content_string) + assert json_data["log-driver"] == "json-file" + assert json_data["log-opts"]["max-size"] == "100m" + assert json_data["log-opts"]["max-file"] == "3" + assert json_data["dns"][0] == "1.2.3.4" diff --git a/ansible/roles/docker/molecule/ubuntu/molecule.yml b/ansible/roles/docker/molecule/ubuntu/molecule.yml new file mode 100644 index 00000000..8325ffb3 --- /dev/null +++ b/ansible/roles/docker/molecule/ubuntu/molecule.yml @@ -0,0 +1,46 @@ +--- +dependency: + name: galaxy +driver: + name: docker +lint: + name: yamllint +platforms: + - name: infrastructure-server + image: molecule-${PREBUILD_PLATFORM_DISTRO:-ubuntu}:${PREBUILD_DISTRO_VERSION:-18.04} + pre_build_image: true + privileged: true + command: ${MOLECULE_DOCKER_COMMAND:-""} + groups: + - infrastructure + networks: + - name: docker_install + purge_networks: true + volumes: + - /var/lib/docker +provisioner: + name: ansible + lint: + name: ansible-lint + playbooks: + prepare: ../default/prepare.yml + converge: ../default/playbook.yml + env: + ANSIBLE_ROLES_PATH: ../../../../test/roles + ANSIBLE_LIBRARY: ../../../../library + inventory: + host_vars: + infrastructure-server: + cluster_ip: 1.2.3.4 + remote_tmp: $HOME/.ansible/tmp +scenario: + name: ubuntu +verifier: + name: testinfra + options: + verbose: true + lint: + name: flake8 + options: + ignore: W291 # trailing whitespace + directory: ../default/tests/ diff --git a/ansible/roles/docker/tasks/main.yml b/ansible/roles/docker/tasks/main.yml index cd731b11..60060826 100644 --- a/ansible/roles/docker/tasks/main.yml +++ b/ansible/roles/docker/tasks/main.yml @@ -6,16 +6,11 @@ notify: - Restart Docker -- name: Install docker python module +- name: Install required packages package: - name: 'python-docker-py' - state: present - - -- name: Install python jsonpointer module - package: - name: 'python-jsonpointer' + name: "{{ item }}" state: present + loop: "{{ packages[ansible_os_family] }}" - name: Ensure /etc/docker exists file: diff --git a/ansible/roles/helm/molecule/default/molecule.yml b/ansible/roles/helm/molecule/default/molecule.yml index 869f87f6..0d46c2d4 100644 --- a/ansible/roles/helm/molecule/default/molecule.yml +++ b/ansible/roles/helm/molecule/default/molecule.yml @@ -26,6 +26,8 @@ provisioner: app_name: onap app_data_path: "/opt/{{ app_name }}" helm_bin_dir: /usr/local/bin +scenario: + name: default verifier: name: testinfra lint: diff --git a/ansible/roles/helm/molecule/ubuntu/group_vars b/ansible/roles/helm/molecule/ubuntu/group_vars new file mode 120000 index 00000000..5ce8257f --- /dev/null +++ b/ansible/roles/helm/molecule/ubuntu/group_vars @@ -0,0 +1 @@ +../default/group_vars/
\ No newline at end of file diff --git a/ansible/roles/helm/molecule/ubuntu/molecule.yml b/ansible/roles/helm/molecule/ubuntu/molecule.yml new file mode 100644 index 00000000..a375a32d --- /dev/null +++ b/ansible/roles/helm/molecule/ubuntu/molecule.yml @@ -0,0 +1,38 @@ +--- +dependency: + name: galaxy +driver: + name: docker +lint: + name: yamllint +platforms: + - name: infrastructure-server + image: molecule-${PREBUILD_PLATFORM_DISTRO:-ubuntu}:${PREBUILD_DISTRO_VERSION:-18.04} + pre_build_image: True + privileged: true + override_command: False + groups: + - infrastructure +provisioner: + name: ansible + lint: + name: ansible-lint + env: + ANSIBLE_ROLES_PATH: ../../../../test/roles + ANSIBLE_LIBRARY: ../../../../library + playbooks: + prepare: ../default/prepare.yml + converge: ../default/playbook.yml + inventory: + group_vars: + all: + app_name: onap + app_data_path: "/opt/{{ app_name }}" + helm_bin_dir: /usr/local/bin +scenario: + name: ubuntu +verifier: + name: testinfra + lint: + name: flake8 + directory: ../default/tests diff --git a/ansible/roles/kubectl/molecule/default/molecule.yml b/ansible/roles/kubectl/molecule/default/molecule.yml index bffb29e6..040564e2 100644 --- a/ansible/roles/kubectl/molecule/default/molecule.yml +++ b/ansible/roles/kubectl/molecule/default/molecule.yml @@ -25,6 +25,8 @@ provisioner: all: app_name: onap app_data_path: "/opt/{{ app_name }}" +scenario: + name: default verifier: name: testinfra lint: diff --git a/ansible/roles/kubectl/molecule/ubuntu/molecule.yml b/ansible/roles/kubectl/molecule/ubuntu/molecule.yml new file mode 100644 index 00000000..1b2c9f0e --- /dev/null +++ b/ansible/roles/kubectl/molecule/ubuntu/molecule.yml @@ -0,0 +1,37 @@ +--- +dependency: + name: galaxy +driver: + name: docker +lint: + name: yamllint +platforms: + - name: infrastructure-server + image: molecule-${PREBUILD_PLATFORM_DISTRO:-ubuntu}:${PREBUILD_DISTRO_VERSION:-18.04} + pre_build_image: True + privileged: true + override_command: False + groups: + - infrastructure +provisioner: + name: ansible + lint: + name: ansible-lint + env: + ANSIBLE_ROLES_PATH: ../../../../test/roles + ANSIBLE_LIBRARY: ../../../../library + playbooks: + prepare: ../default/prepare.yml + converge: ../default/playbook.yml + inventory: + group_vars: + all: + app_name: onap + app_data_path: "/opt/{{ app_name }}" +scenario: + name: ubuntu +verifier: + name: testinfra + lint: + name: flake8 + directory: ../default/tests/ diff --git a/ansible/roles/nexus/molecule/default/molecule.yml b/ansible/roles/nexus/molecule/default/molecule.yml index 63c47724..e38640d4 100644 --- a/ansible/roles/nexus/molecule/default/molecule.yml +++ b/ansible/roles/nexus/molecule/default/molecule.yml @@ -24,6 +24,8 @@ provisioner: group_vars: ../../../../group_vars lint: name: ansible-lint +scenario: + name: default verifier: name: testinfra lint: diff --git a/ansible/roles/nexus/molecule/ubuntu/molecule.yml b/ansible/roles/nexus/molecule/ubuntu/molecule.yml new file mode 100644 index 00000000..9955e7d5 --- /dev/null +++ b/ansible/roles/nexus/molecule/ubuntu/molecule.yml @@ -0,0 +1,36 @@ +--- +dependency: + name: galaxy +driver: + name: docker +lint: + name: yamllint +platforms: + - name: infrastructure-server + image: molecule-${PREBUILD_PLATFORM_DISTRO:-ubuntu}:${PREBUILD_DISTRO_VERSION:-18.04} + pre_build_image: true + privileged: true + override_command: false + volumes: + - /var/lib/docker + groups: + - infrastructure +provisioner: + name: ansible + env: + ANSIBLE_ROLES_PATH: ../../../../test/roles + inventory: + links: + group_vars: ../../../../group_vars + lint: + name: ansible-lint + playbooks: + prepare: ../default/prepare.yml + converge: ../default/playbook.yml + cleanup: ../default/cleanup.yml +scenario: + name: ubuntu +verifier: + name: testinfra + lint: + name: flake8 diff --git a/ansible/roles/nfs/defaults/main.yml b/ansible/roles/nfs/defaults/main.yml index bce98da6..adeaf919 100644 --- a/ansible/roles/nfs/defaults/main.yml +++ b/ansible/roles/nfs/defaults/main.yml @@ -2,7 +2,18 @@ nfs_packages: RedHat: - nfs-utils + Debian: + - nfs-common + - nfs-kernel-server nfs_services: RedHat: - rpcbind - nfs-server + Debian: + - rpcbind + - nfs-kernel-server +nfs_destination: + RedHat: + - "/etc/exports.d/dockerdata-nfs.exports" + Debian: + - "/etc/exports" diff --git a/ansible/roles/nfs/molecule/default/molecule.yml b/ansible/roles/nfs/molecule/default/molecule.yml index a8ca6a30..9af32360 100644 --- a/ansible/roles/nfs/molecule/default/molecule.yml +++ b/ansible/roles/nfs/molecule/default/molecule.yml @@ -43,6 +43,8 @@ provisioner: host_vars: host_vars lint: name: ansible-lint +scenario: + name: default verifier: name: testinfra lint: diff --git a/ansible/roles/nfs/molecule/default/tests/test_default.py b/ansible/roles/nfs/molecule/default/tests/test_default.py index 48139898..dc808753 100644 --- a/ansible/roles/nfs/molecule/default/tests/test_default.py +++ b/ansible/roles/nfs/molecule/default/tests/test_default.py @@ -7,10 +7,13 @@ testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') -@pytest.mark.parametrize('pkg', [ - 'nfs-utils' +@pytest.mark.parametrize('distro,pkg', [ + ('centos', 'nfs-utils'), + ('ubuntu', 'nfs-common'), + ('ubuntu', 'nfs-kernel-server') ]) -def test_pkg(host, pkg): - package = host.package(pkg) - - assert package.is_installed +def test_pkg(host, distro, pkg): + os = host.system_info.distribution + if distro == os: + package = host.package(pkg) + assert package.is_installed diff --git a/ansible/roles/nfs/molecule/default/tests/test_nfs-server.py b/ansible/roles/nfs/molecule/default/tests/test_nfs-server.py index 88ba0a61..e35e21c3 100644 --- a/ansible/roles/nfs/molecule/default/tests/test_nfs-server.py +++ b/ansible/roles/nfs/molecule/default/tests/test_nfs-server.py @@ -20,9 +20,14 @@ def test_svc(host, svc): def test_exports(host): + os = host.system_info.distribution + if (os == "centos"): + host_file = "/etc/exports.d/dockerdata-nfs.exports" + elif (os == "ubuntu"): + host_file = "/etc/exports" node2_ip = testinfra.get_host("docker://kubernetes-node-2").interface( "eth0").addresses[0] - f = host.file("/etc/exports.d/dockerdata-nfs.exports") + f = host.file(host_file) assert f.exists assert f.content_string == \ """/dockerdata-nfs """ + node2_ip + """(rw,sync,no_root_squash,no_subtree_check)""" # noqa: E501 diff --git a/ansible/roles/nfs/molecule/ubuntu/molecule.yml b/ansible/roles/nfs/molecule/ubuntu/molecule.yml new file mode 100644 index 00000000..3fe393fc --- /dev/null +++ b/ansible/roles/nfs/molecule/ubuntu/molecule.yml @@ -0,0 +1,54 @@ +--- +dependency: + name: galaxy +driver: + name: docker +lint: + name: yamllint +platforms: + - name: kubernetes-node-1 + image: molecule-${PREBUILD_PLATFORM_DISTRO:-ubuntu}:${PREBUILD_DISTRO_VERSION:-18.04} + pre_build_image: true + privileged: true + command: ${MOLECULE_DOCKER_COMMAND:-""} + groups: + - kubernetes + - nfs-server + purge_networks: true + networks: + - name: nfs-net + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro + - /dockerdata-nfs + - name: kubernetes-node-2 + image: molecule-${PREBUILD_PLATFORM_DISTRO:-ubuntu}:${PREBUILD_DISTRO_VERSION:-18.04} + pre_build_image: true + privileged: true + command: ${MOLECULE_DOCKER_COMMAND:-""} + groups: + - kubernetes + purge_networks: true + networks: + - name: nfs-net + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro +provisioner: + name: ansible + env: + ANSIBLE_ROLES_PATH: "../../../../test/roles" + inventory: + links: + group_vars: ../../../../group_vars + host_vars: ../default/host_vars + lint: + name: ansible-lint + playbooks: + prepare: ../default/prepare.yml + converge: ../default/playbook.yml +scenario: + name: ubuntu +verifier: + name: testinfra + lint: + name: flake8 + directory: ../default/tests diff --git a/ansible/roles/nfs/tasks/main.yml b/ansible/roles/nfs/tasks/main.yml index 1d848876..cc5290db 100644 --- a/ansible/roles/nfs/tasks/main.yml +++ b/ansible/roles/nfs/tasks/main.yml @@ -23,7 +23,8 @@ - name: Add hosts to exports template: src: exports.j2 - dest: /etc/exports.d/dockerdata-nfs.exports + dest: "{{ item }}" + loop: "{{ nfs_destination[ansible_os_family] }}" notify: - reload nfs when: diff --git a/ansible/roles/nginx/defaults/main.yml b/ansible/roles/nginx/defaults/main.yml index c2f1e05c..1269783d 100644 --- a/ansible/roles/nginx/defaults/main.yml +++ b/ansible/roles/nginx/defaults/main.yml @@ -5,7 +5,9 @@ simulated_hosts: nexus: all_simulated_hosts: "{{ simulated_hosts.git + simulated_hosts.http + simulated_hosts.nexus }}" - +package_type: + RedHat: rpm + Debian: deb nginx: ports: - "80:80" @@ -16,7 +18,7 @@ nginx: - "{{ app_data_path }}/certs:/etc/nginx/certs:ro" - "{{ app_data_path }}/git-repo:/srv/git:rw" - "{{ app_data_path }}/http:/srv/http:rw" - - "{{ app_data_path }}/pkg/rpm:/srv/http/repo.infra-server/rpm:rw" + - "{{ app_data_path }}/pkg/{{ package_type[ansible_os_family] }}:/srv/http/repo.infra-server/{{ package_type[ansible_os_family] }}:rw" - "{{ app_data_path }}/pkg/ubuntu/xenial:/srv/http/repo.infra-server/ubuntu/xenial:rw" - /var/log/nginx:/var/log/nginx:rw # Default rule for tarball naming translation diff --git a/ansible/roles/nginx/molecule/ubuntu/molecule.yml b/ansible/roles/nginx/molecule/ubuntu/molecule.yml new file mode 100644 index 00000000..9955e7d5 --- /dev/null +++ b/ansible/roles/nginx/molecule/ubuntu/molecule.yml @@ -0,0 +1,36 @@ +--- +dependency: + name: galaxy +driver: + name: docker +lint: + name: yamllint +platforms: + - name: infrastructure-server + image: molecule-${PREBUILD_PLATFORM_DISTRO:-ubuntu}:${PREBUILD_DISTRO_VERSION:-18.04} + pre_build_image: true + privileged: true + override_command: false + volumes: + - /var/lib/docker + groups: + - infrastructure +provisioner: + name: ansible + env: + ANSIBLE_ROLES_PATH: ../../../../test/roles + inventory: + links: + group_vars: ../../../../group_vars + lint: + name: ansible-lint + playbooks: + prepare: ../default/prepare.yml + converge: ../default/playbook.yml + cleanup: ../default/cleanup.yml +scenario: + name: ubuntu +verifier: + name: testinfra + lint: + name: flake8 diff --git a/ansible/roles/package-repository/handlers/main.yml b/ansible/roles/package-repository/handlers/main.yml new file mode 100644 index 00000000..304cc873 --- /dev/null +++ b/ansible/roles/package-repository/handlers/main.yml @@ -0,0 +1,6 @@ +--- +- name: Restart NetworkManager + systemd: + name: NetworkManager + state: restarted + when: ansible_connection != 'docker' diff --git a/ansible/roles/package-repository/tasks/main.yml b/ansible/roles/package-repository/tasks/main.yml index 7dc2e76f..e2a5fd46 100644 --- a/ansible/roles/package-repository/tasks/main.yml +++ b/ansible/roles/package-repository/tasks/main.yml @@ -1,4 +1,20 @@ --- +- name: Disable DNS management in Network Manager + ini_file: + path: /etc/NetworkManager/NetworkManager.conf + state: present + no_extra_spaces: true + section: main + option: dns + value: none + owner: root + group: root + mode: 0644 + backup: false + when: ansible_os_family == 'RedHat' + notify: + - Restart NetworkManager + - name: Setup resolv.conf for node to find package repository by name from infra lineinfile: line: "nameserver {{ hostvars[groups.infrastructure[0]].cluster_ip }}" diff --git a/ansible/roles/resource-data/molecule/ubuntu/group_vars b/ansible/roles/resource-data/molecule/ubuntu/group_vars new file mode 120000 index 00000000..5ce8257f --- /dev/null +++ b/ansible/roles/resource-data/molecule/ubuntu/group_vars @@ -0,0 +1 @@ +../default/group_vars/
\ No newline at end of file diff --git a/ansible/roles/resource-data/molecule/ubuntu/molecule.yml b/ansible/roles/resource-data/molecule/ubuntu/molecule.yml new file mode 100644 index 00000000..7f0eb4e4 --- /dev/null +++ b/ansible/roles/resource-data/molecule/ubuntu/molecule.yml @@ -0,0 +1,51 @@ +--- +dependency: + name: galaxy +driver: + name: docker +lint: + name: yamllint +platforms: + + - name: resource-host + image: molecule-${PREBUILD_PLATFORM_DISTRO:-ubuntu}:${PREBUILD_DISTRO_VERSION:-18.04} + pre_build_image: true + privileged: true + command: ${MOLECULE_DOCKER_COMMAND:-""} + groups: + - resources + networks: + - name: resource-data + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro + # - ${HOME}/resource-data:/data:rw # mount fs from host to get nfs exportfs task working + + - name: infrastructure-server + image: molecule-${PREBUILD_PLATFORM_DISTRO:-ubuntu}:${PREBUILD_DISTRO_VERSION:-18.04} + pre_build_image: true + privileged: true + command: ${MOLECULE_DOCKER_COMMAND:-""} + groups: + - infrastructure + networks: + - name: resource-data + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro + +provisioner: + name: ansible + log: true + lint: + name: ansible-lint + env: + ANSIBLE_ROLES_PATH: ../../../../test/roles/ + playbooks: + prepare: ../default/prepare.yml + converge: ../default/playbook.yml +scenario: + name: ubuntu +verifier: + name: testinfra + lint: + name: flake8 + directory: ../default/tests diff --git a/ansible/roles/setup/molecule/ubuntu/molecule.yml b/ansible/roles/setup/molecule/ubuntu/molecule.yml new file mode 100644 index 00000000..16dcedf7 --- /dev/null +++ b/ansible/roles/setup/molecule/ubuntu/molecule.yml @@ -0,0 +1,24 @@ +--- +dependency: + name: galaxy +driver: + name: docker +lint: + name: yamllint +platforms: + - name: instance + image: ${PLATFORM_DISTRO:-ubuntu}:${DISTRO_VERSION:-18.04} + dockerfile: ../default/Dockerfile.j2 +provisioner: + name: ansible + lint: + name: ansible-lint + playbooks: + converge: ../default/playbook.yml +scenario: + name: ubuntu +verifier: + name: testinfra + lint: + name: flake8 + directory: ../default/tests/ diff --git a/ansible/test/images/docker/ubuntu/Dockerfile b/ansible/test/images/docker/ubuntu/Dockerfile index 54416374..6dd079ad 100644 --- a/ansible/test/images/docker/ubuntu/Dockerfile +++ b/ansible/test/images/docker/ubuntu/Dockerfile @@ -4,8 +4,11 @@ FROM ubuntu:${RELEASE} # Systemd requires this env for ConditionVirtualization setting in unit files ENV container docker -# Python2.7 required by ansible -RUN apt-get update && apt-get -y install dbus systemd python openssh-server +# Install necessary packages +RUN apt-get update && apt-get -y install dbus systemd openssh-server iproute2 python3-docker + +# Create symlink python3 -> python +RUN ln -s /usr/bin/python3 /usr/bin/python EXPOSE 22 diff --git a/ansible/test/roles/prepare-docker-dind/tasks/main.yml b/ansible/test/roles/prepare-docker-dind/tasks/main.yml index c0bf1543..50efe143 100644 --- a/ansible/test/roles/prepare-docker-dind/tasks/main.yml +++ b/ansible/test/roles/prepare-docker-dind/tasks/main.yml @@ -1,24 +1,6 @@ --- -# Needed because host system has all mounts by default to shared, and -# some things may depend on mounts being shared if we run docker inside -# test env. -- name: "Make all mounts shared" - command: "mount --make-rshared /" - args: - warn: false +- include: rhel.yml + when: ansible_distribution in ["CentOS","Red Hat Enterprise Linux"] -- name: "Enable docker repository" - yum_repository: - name: "Docker" - description: Docker-ce repository - enabled: yes - baseurl: "https://download.docker.com/linux/centos/7/$basearch/stable" - gpgcheck: yes - gpgkey: https://download.docker.com/linux/centos/gpg - -- name: "Install docker" - package: - name: "docker-ce-{{ docker_version }}" - state: present - allow_downgrade: true - notify: Restart docker +- include: ubuntu.yml + when: ansible_distribution in ["Ubuntu","Debian"]
\ No newline at end of file diff --git a/ansible/test/roles/prepare-docker-dind/tasks/rhel.yml b/ansible/test/roles/prepare-docker-dind/tasks/rhel.yml new file mode 100644 index 00000000..4184ef05 --- /dev/null +++ b/ansible/test/roles/prepare-docker-dind/tasks/rhel.yml @@ -0,0 +1,24 @@ +--- +# Needed because host system has all mounts by default to shared, and +# some things may depend on mounts being shared if we run docker inside +# test env. +- name: "Make all mounts shared" + command: "mount --make-rshared /" + args: + warn: false + +- name: "Enable docker repository - yum" + yum_repository: + name: "Docker" + description: Docker-ce repository + enabled: yes + baseurl: "https://download.docker.com/linux/centos/7/$basearch/stable" + gpgcheck: yes + gpgkey: https://download.docker.com/linux/centos/gpg + +- name: "Install docker" + package: + name: "docker-ce-{{ docker_version }}" + state: present + allow_downgrade: true + notify: Restart docker diff --git a/ansible/test/roles/prepare-docker-dind/tasks/ubuntu.yml b/ansible/test/roles/prepare-docker-dind/tasks/ubuntu.yml new file mode 100644 index 00000000..a41c4c20 --- /dev/null +++ b/ansible/test/roles/prepare-docker-dind/tasks/ubuntu.yml @@ -0,0 +1,33 @@ +--- +# Needed because host system has all mounts by default to shared, and +# some things may depend on mounts being shared if we run docker inside +# test env. +- name: "Make all mounts shared" + command: "mount --make-rshared /" + args: + warn: false + +- name: "Install GNUPG for apt-key" + package: + name: "gnupg" + state: present + +- name: "Add an apt key" + apt_key: + url: https://download.docker.com/linux/ubuntu/gpg + id: 9DC858229FC7DD38854AE2D88D81803C0EBFCD88 + state: present + +- name: "Enable docker repository - apt" + apt_repository: + repo: "deb [arch=amd64] https://download.docker.com/linux/ubuntu bionic stable" + state: present + validate_certs: true + filename: "Docker" + +- name: "Install docker - apt" + apt: + name: "docker-ce" + state: present + update_cache: true + notify: Restart docker |