Verified Commit 3b61a047 authored by Pierre-Louis Bonicoli's avatar Pierre-Louis Bonicoli 🏗
Browse files

Merge branch 'enable_zuul_job'

parents d2732e67 5aafd651
......@@ -2,6 +2,8 @@
# Based on ansible-lint config
extends: default
ignore: .tox
rules:
braces:
max-spaces-inside: 1
......
......@@ -165,3 +165,29 @@ burp_clients:
options:
compression: 'gzip0'
```
# Functional tests
The tests require `tox` and either Docker or Kubernetes.
## Docker
The following command allows to run the tests using Docker:
tox -e py38-ansible29-molecule-docker
## Kubernetes
### Requirements
`jmespath` and `openshift` Python packages are required on Ansible controller.
### Execution
With Kubernetes, the following command allows to run the tests:
tox -e py38-ansible29-molecule-k8s
The following command can be used in order to specify the path of the `kubeconfig` file:
KUBECONFIG=/path/to/kubeconfig.yaml TOX_TESTENV_PASSENV=KUBECONFIG tox -e py38-ansible29-molecule-k8s
pytestdebug.log
/k8s/.kube/
---
dependency:
name: galaxy
lint: |
set -e
yamllint --strict .
ansible-lint
flake8
# 2 hosts must be defined in plaforms entry: molecule-burp-server and
# molecule-burp-client
provisioner:
name: ansible
playbooks:
prepare: ../common/prepare.yml
converge: ../common/converge.yml
config_options:
defaults:
any_errors_fatal: true
inventory:
group_vars:
all:
ansible_python_interpreter: /usr/bin/python3
dh_param: |
-----BEGIN DH PARAMETERS-----
MIIBCAKCAQEA6pHZF7WhpXa2td3M8YjydkMlGkyaLx4ZwPi/+u74m9wDxH4ee0nv
VPJkjw6kleyhcQ1LYJ73cBVqy3m5XGE0h4GdrosikN+G2ieMJC5X5ABSKMst9SS1
I+AJHtO3oYi8KYceAOYSiSgNB0aIuCPdCGU03dBZic1KtDKGh2jA+EyXZrQIy9hS
nrA0NXx1obmYDqBnbIwtfWcT907Qi9uSUtyKAHJIDTYPs0sFRw4GiCIeGVvlNWcR
FMtc98YkavW9+6h0EY6ItwfL2dWDy3bdZ5DWhA1+k40dUEiPZWHITLO9RJowSUdf
BruD9drj92v11PPTvS8RneFWW/6v/2vkmwIBAg==
-----END DH PARAMETERS-----
host_vars:
molecule-burp-client:
canary: foobar
canary_path: '/home/{{ test_user }}/data/canary'
test_user: testuser
verifier:
name: testinfra
directory: ../common/tests/
......@@ -9,7 +9,7 @@
CA: '{{ ca["content"] | b64decode }}'
cert: '{{ server_cert["content"] | b64decode }}'
key: '{{ server_key["content"] | b64decode }}'
DH: '{{ dh["content"] | b64decode }}'
DH: '{{ dh_param }}'
pre_tasks:
- name: Fetch CA
slurp:
......@@ -26,11 +26,6 @@
src: /tmp/server_privatekey.pem
register: server_key
- name: Fetch DH param
slurp:
src: /tmp/dhparams.pem
register: dh
- name: Fetch client certificate
slurp:
src: /tmp/client.pem
......@@ -41,7 +36,7 @@
src: /tmp/client_privatekey.pem
register: client_key
roles:
- role: burp
- role: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') | basename }}"
type: server
become: yes
......@@ -54,7 +49,7 @@
CA: '{{ hostvars["molecule-burp-server"]["ca"]["content"] | b64decode }}'
cert: '{{ hostvars["molecule-burp-server"]["server_cert"]["content"] | b64decode }}'
key: '{{ hostvars["molecule-burp-server"]["server_key"]["content"] | b64decode }}'
DH: '{{ hostvars["molecule-burp-server"]["dh"]["content"] | b64decode }}'
DH: '{{ dh_param }}'
burp_clients:
_server: *burp_server
testuser:
......@@ -77,6 +72,6 @@
options:
compression: gzip0
roles:
- role: burp
- role: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') | basename }}"
type: client
become: yes
......@@ -2,19 +2,15 @@
- hosts: molecule-burp-server
tasks:
- name: install pyopenssl
package:
apt:
name: python3-openssl
- name: Generate DH Parameters (2048 bits)
openssl_dhparam:
path: /tmp/dhparams.pem
size: 2048
cache_valid_time: 86400
- name: Generate privatekeys
openssl_privatekey:
path: '/tmp/{{ item }}_privatekey.pem'
type: RSA
size: 1024
size: 2048
loop:
- ca
- server
......
......@@ -17,9 +17,9 @@ practices.
.. code-block:: bash
$ pip install -r molecule/requirements.txt
$ pip install molecule[docker] -r molecule/requirements.txt
Usage
=====
$ molecule test
$ molecule --base-config molecule/base.yml test
---
dependency:
name: galaxy
driver:
name: docker
lint: |
set -e
yamllint --strict .
ansible-lint
flake8
platforms:
- name: molecule-burp-server
image: debian:stretch
image: debian:buster
command: /sbin/init
security_opts: ['seccomp=unconfined']
tmpfs: ['/tmp', '/run', '/run/lock']
volumes: ['/sys/fs/cgroup:/sys/fs/cgroup:ro']
networks: [{name: burp_network}] # don't use default network in order to allow DNS resolution between containers
- name: molecule-burp-client
image: debian:stretch
image: debian:buster
command: /sbin/init
security_opts: ['seccomp=unconfined']
tmpfs: ['/tmp', '/run', '/run/lock']
volumes: ['/sys/fs/cgroup:/sys/fs/cgroup:ro']
networks: [{name: burp_network}]
provisioner:
name: ansible
config_options:
defaults:
any_errors_fatal: true
inventory:
group_vars:
all:
ansible_python_interpreter: /usr/bin/python3
host_vars:
molecule-burp-client:
canary: foobar
canary_path: '/home/{{ test_user }}/data/canary'
test_user: testuser
verifier:
name: testinfra
---
- name: Create
hosts: localhost
connection: local
gather_facts: false
tasks:
- name: Create molecule instance(s)
k8s:
definition:
apiVersion: v1
kind: pod
metadata:
name: '{{ item.pod|default(item.name) }}'
namespace: '{{ item.namespace|default(lookup("env", "K8S_NAMESPACE")) }}'
labels:
app: '{{ item.pod|default(item.name) }}'
spec:
hostname: '{{ item.name }}' # required for the Pod’s A or AAAA record to be created
containers:
- name: '{{ item.name }}'
image: '{{ item.image }}'
imagePullPolicy: '{{ item.image_pull | default("IfNotPresent") }}'
command: '{{ item.command | default(["/bin/sh", "-c"]) }}'
args: >-
{{ [] if item.command|default(false) else (item.args | default(["while true; do sleep 30; done;"])) }}
workingDir: '{{ item.working_dir | default("/tmp") }}'
restartPolicy: 'Never'
resources:
requests: '{{ "memory: { " + item.memory + "Mi" + " }" if item.memory|default(false) else "{}" }}'
limits: '{{ "memory: { " + item.memory + "Mi" + " }" if item.memory|default(false) else "{}" }}'
volumeMounts: '{{ item.volumeMounts | default([]) }}'
volumes: '{{ item.volumes | default([]) }}'
wait: true
loop: "{{ molecule_yml.platforms }}"
loop_control:
label: '{{ item.name }}'
register: server
- name: Create headless service(s)
vars:
explicit_pods: '{{ molecule_yml.platforms|json_query("[?pod].{pod: pod, namespace: namespace}") }}'
implicit_pods: '{{ molecule_yml.platforms|json_query("[?!pod].{pod: name, namespace: namespace}") }}'
pods: '{{ explicit_pods | union(implicit_pods) | list }}'
k8s:
definition:
apiVersion: v1
kind: Service
metadata:
name: '{{ item.pod|default(item.name) }}'
namespace: '{{ item.namespace|default(lookup("env", "K8S_NAMESPACE"), true) }}'
spec:
clusterIP: None
selector:
app: '{{ item.pod|default(item.name) }}'
loop: '{{ pods }}'
- vars:
# use system python in order to be able to use apt python module
ansible_python_interpreter: /usr/bin/python3
block:
- name: Add apt keys
apt_key:
url: 'https://packages.cloud.google.com/apt/doc/apt-key.gpg'
register: apt_keys_res
until: apt_keys_res is success
- name: Add apt repositories
apt_repository:
repo: 'deb https://apt.kubernetes.io/ kubernetes-xenial main'
register: apt_repository_res
until: apt_repository_res is success
- name: Install kubectl Debian package
apt:
name: kubectl
cache_valid_time: 86400
register: apt_install_kubectl_res
until: apt_install_kubectl_res is success
---
- name: Destroy
hosts: localhost
connection: local
gather_facts: false
vars:
explicit_pods: '{{ molecule_yml.platforms|json_query("[?pod].{pod: pod, namespace: namespace}") }}'
implicit_pods: '{{ molecule_yml.platforms|json_query("[?!pod].{pod: name, namespace: namespace}") }}'
pods: '{{ explicit_pods | union(implicit_pods) | list }}'
tasks:
- name: Destroy headless service(s)
k8s:
name: '{{ item.pod|default(item.name) }}'
api_version: v1
kind: Service
namespace: '{{ item.namespace|default(lookup("env", "K8S_NAMESPACE"), true) }}'
state: absent
wait: true
loop: '{{ pods }}'
- name: Destroy molecule instance(s)
k8s:
name: '{{ item.pod }}'
api_version: v1
kind: Pod
namespace: '{{ item.namespace|default(lookup("env", "K8S_NAMESPACE"), true) }}'
state: absent
wait: true
loop: '{{ pods }}'
loop_control:
label: '{{ item.pod }}'
---
driver:
name: delegated
# options:
# ansible_connection_options:
# ansible_connection: kubectl
provisioner:
name: ansible
inventory:
group_vars:
all:
ansible_connection: kubectl
platforms:
- name: molecule-burp-server
image: quay.io/pilou/test:latest
command: [/sbin/init]
volumeMounts: &volumeMounts
- mountPath: /tmp
name: tmpfs-tmp
- mountPath: /run
name: tmpfs-run
- mountPath: /run/lock
name: tmpfs-lock
- mountPath: /sys/fs/cgroup
name: cgroup
volumes: &volumes
- name: tmpfs-tmp
emptyDir:
medium: Memory
- name: tmpfs-run
emptyDir:
medium: Memory
- name: tmpfs-lock
emptyDir:
medium: Memory
- name: cgroup
hostPath:
path: /sys/fs/cgroup
type: Directory
- name: molecule-burp-client
image: quay.io/pilou/test:latest
command: [/sbin/init]
volumeMounts: *volumeMounts
volumes: *volumes
molecule[docker]
testinfra
yamllint
ansible-lint
......
[build-system]
requires = [
"pip >= 19.3.1",
"setuptools >= 41.4.0",
"setuptools_scm >= 3.3.3",
"setuptools_scm_git_archive >= 1.1",
"wheel >= 0.33.6",
]
build-backend = "setuptools.build_meta"
---
- name: Check that kill is installed
apt:
pkg: procps # kill is used in systemd unit
cache_valid_time: 86400
- name: include distribution specific variables
include_vars: '{{ item }}'
with_first_found:
......@@ -99,8 +104,15 @@
<<: *owner-file
notify: 'reload burp service'
- name: 'Workaround for #532 (fix not available in Debian Stretch)'
include: 'server_workaround_#532.yml'
when: ansible_os_family == 'Debian'
- name: 'Workaround for #532 (fix not available in Debian Stretch)'
include: 'server_workaround_#532.yml'
when: ansible_os_family == 'Debian'
- include_tasks: '{{ ansible_service_mgr }}/enable_burp.yml'
- include_tasks: '{{ ansible_service_mgr }}/enable_burp.yml'
- name: Wait and check that service is started
wait_for:
host: "{{ '::1' if ansible_all_ipv6_addresses else '127.0.0.1' }}"
port: '{{ burp.port }}'
timeout: 10
connect_timeout: 2
[tox]
minversion = 3.9.0
envlist =
py38-ansible29-molecule-{docker,k8s}
skipdist = True
skip_missing_interpreters = True
isolated_build = True
[testenv]
setenv =
PYTHONDONTWRITEBYTECODE=1
# github.com/jedisct1/libsodium#837 has been fixed and released (1.0.18) but PyNaCl still embeds a previous version.
# There is no wheel for aarch64: don't try to build an unbuildable version.
deps =
https://github.com/pyca/pynacl/archive/b17f41b94f23faae96f939cd226f1487399a440b.zip ; platform_machine=="aarch64"
ansible29: ansible>=2.9,<2.10
docker: molecule[docker]
k8s: molecule
k8s: jmespath
k8s: openshift
-rmolecule/requirements.txt
commands =
docker: molecule --base-config molecule/base.yml test --scenario-name default
k8s: molecule --debug --base-config molecule/base.yml test --scenario-name k8s
---
- job:
name: tox-py38-ansible29-molecule
parent: tox-pods # from gitlab.com/pilou-/zuul-project-config
timeout: 3600 # seconds
vars:
tox_envlist: py38-ansible29-molecule-k8s
tox_install_siblings: false
nodeset:
nodes:
- name: molecule
label: ansible-roles
- project:
check:
jobs:
- tox-py38-ansible29-molecule
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment