Skip to content
Snippets Groups Projects
Commit 0832bc75 authored by Jörg Sachse's avatar Jörg Sachse
Browse files

test: replace legacy test suite with the updated test suite based on Docker and GitLab-CI

parent 71fbe73a
No related branches found
No related tags found
1 merge request!1Feature: GitLab-CI
---
# based on documentation available at
# https://ansible-lint.readthedocs.io/en/latest/configuring/
# exclude_paths included in this file are parsed relative to this file's location
# and not relative to the CWD of execution. CLI arguments passed to the --exclude
# option will be parsed relative to the CWD of execution.
exclude_paths:
- .cache/ # implicit unless exclude_paths is defined in config
- .git/
- .githooks/
- backups/
# parseable: true
# quiet: true
# verbosity: 1
# Mock modules or roles in order to pass ansible-playbook --syntax-check
#mock_modules:
# - zuul_return
# # note the foo.bar is invalid as being neither a module or a collection
# - fake_namespace.fake_collection.fake_module
# - fake_namespace.fake_collection.fake_module.fake_submodule
#mock_roles:
# - mocked_role
# - author.role_name # old standalone galaxy role
# - fake_namespace.fake_collection.fake_role # role within a collection
# Enable checking of loop variable prefixes in roles
loop_var_prefix: "{role}_"
# Enforce variable names to follow pattern below, in addition to Ansible own
# requirements, like avoiding python identifiers. To disable add `var-naming`
# to skip_list.
# var_naming_pattern: "^[a-z_][a-z0-9_]*$"
use_default_rules: true
# Load custom rules from this specific folder
# rulesdir:
# - ./rule/directory/
# This makes linter to fully ignore rules/tags listed below
skip_list:
- skip_this_tag
- git-latest
# Any rule that has the 'opt-in' tag will not be loaded unless its 'id' is
# mentioned in the enable_list:
enable_list:
- empty-string-compare # opt-in
- no-log-password # opt-in
- no-same-owner # opt-in
# add yaml here if you want to avoid ignoring yaml checks when yamllint
# library is missing. Normally its absence just skips using that rule.
- yaml
# Report only a subset of tags and fully ignore any others
# tags:
# - var-spacing
# This makes the linter display but not fail for rules/tags listed below:
warn_list:
- skip_this_tag
- git-latest
- experimental # experimental is included in the implicit list
# - role-name
# Offline mode disables installation of requirements.yml
offline: false
# Define required Ansible's variables to satisfy syntax check
#extra_vars:
# foo: bar
# multiline_string_variable: |
# line1
# line2
# complex_variable: ":{;\t$()"
# Uncomment to enforce action validation with tasks, usually is not
# needed as Ansible syntax check also covers it.
# skip_action_validation: false
# List of additional kind:pattern to be added at the top of the default
# match list, first match determines the file kind.
kinds:
# - playbook: "**/examples/*.{yml,yaml}"
# - galaxy: "**/folder/galaxy.yml"
# - tasks: "**/tasks/*.yml"
# - vars: "**/vars/*.yml"
# - meta: "**/meta/main.yml"
- yaml: "**/*.yaml-too"
# A pipeline is composed of independent jobs that run scripts, grouped into stages.
# Stages run in sequential order, but jobs within stages run in parallel.
#
# For more information, see: https://docs.gitlab.com/ee/ci/yaml/index.html#stages
stages: # List of stages for jobs, and their order of execution
- build
- test
- cleanup
variables:
IMAGE_TARGET: "$CI_REGISTRY_IMAGE/bullseye_ansible"
# CI_DEBUG_TRACE: "true"
default:
image:
name: "${IMAGE_TARGET}:latest"
before_script:
- source /opt/molecule/bin/activate
- ansible --version
- molecule --version
- docker --version
build-env-job: # This job runs in the build stage, which runs first.
stage: build
timeout: 30m
tags:
- "docker"
image:
name: gcr.io/kaniko-project/executor:debug
entrypoint: [""]
before_script: []
script:
- mkdir -p /kaniko/.docker
- echo "{\"auths\":{\"$CI_REGISTRY\":{\"auth\":\"$(printf "%s:%s" "$CI_REGISTRY_USER" "$CI_REGISTRY_PASSWORD" | base64 | tr -d '\n')\"},\"$(printf "%s" "$CI_DEPENDENCY_PROXY_SERVER" | cut -d':' -f1)\":{\"auth\":\"$(printf "%s:%s" "$CI_DEPENDENCY_PROXY_USER" "$CI_DEPENDENCY_PROXY_PASSWORD" | base64 | tr -d '\n')\"}}}" > /kaniko/.docker/config.json
- >-
/kaniko/executor
--context "${CI_PROJECT_DIR}"
--dockerfile "${CI_PROJECT_DIR}/molecule/default/Dockerfile"
--destination "${IMAGE_TARGET}:latest"
test-job: # This job runs in the test stage.
stage: test # It only starts when the job in the build stage completes successfully.
tags:
- "shell"
script:
# make sure that Ansible Vaults are present and can be decrypted
#- sudo chown -R lza /builds/sachse/
- echo "${VAULT_INSTALL_COMMON}" > ./lza_install_common.pass
- rm -rf ../ansible_vaults/
- git clone https://gitlab+deploy-token-25:${VAULT_ACCESS_TOKEN}@git.slub-dresden.de/slub-referat-2-3/ansible_vaults.git ../ansible_vaults/
#- sudo chmod o-w "${CI_PROJECT_DIR}"
# run Molecule tests
- molecule syntax --scenario-name default
- molecule lint --scenario-name default
- molecule converge --scenario-name default
- molecule idempotence --scenario-name default
#- molecule verify --scenario-name default
- molecule destroy --scenario-name default
cleanup-job:
stage: cleanup
tags:
- "docker"
script:
- rm -rf "%CACHE_PATH%/%CI_PIPELINE_ID%"
when: always
*******
Vagrant driver installation guide
*******
Requirements
============
* Vagrant
* Virtualbox, Parallels, VMware Fusion, VMware Workstation or VMware Desktop
Install
=======
Please refer to the `Virtual environment`_ documentation for installation best
practices. If not using a virtual environment, please consider passing the
widely recommended `'--user' flag`_ when invoking ``pip``.
.. _Virtual environment: https://virtualenv.pypa.io/en/latest/
.. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site
.. code-block:: bash
$ pip install 'molecule[vagrant]'
---
- name: Converge
hosts: all
roles:
- {role: "ansible_lza_proxy", become: true}
---
prerun: false
dependency:
name: galaxy
enabled: false
driver:
name: vagrant
provider:
name: virtualbox
lint: |
set -e
yamllint .
ansible-lint -x formatting
flake8 --ignore=E501
name: docker
platforms:
- name: molecule-test-proxy
box: debian/buster64
memory: 512
cpus: 1
- name: instance
dockerfile: ../resources/playbooks/Dockerfile
image: registry.git.slub-dresden.de/sachse/mytestrole/bullseye_ansible:latest
pre_build_image: false
provisioner:
name: ansible
log: true
lint:
name: ansible-lint
enabled: false
config_options:
defaults:
vault_identity_list: "@$HOME/.ansible/roles/molecule_prepare.pass, @$HOME/.ansible/roles/lza_install_common.pass, @$HOME/.ansible/roles/lza_server_hardening.pass, @$HOME/.ansible/roles/lza_proxy.pass"
vvv: false
playbooks:
#create: ../resources/playbooks/create.yml
#destroy: ../resources/playbooks/destroy.yml
converge: ../resources/playbooks/converge.yml
#prepare: ../resources/playbooks/prepare.yml
verify: ../resources/playbooks/verify.yml
verifier:
name: testinfra
env:
PYTHONWARNINGS: "ignore:.*U.*mode is deprecated:DeprecationWarning"
name: ansible
lint: |
set -e
flake8
options:
v: 1
yamllint .
ansible-lint -x no-loop-var-prefix,command-instead-of-module
---
- name: Prepare
hosts: all
gather_facts: true
pre_tasks:
- name: include vars
include_vars: "../../../ansible_vaults/molecule_prepare/{{ item }}"
loop:
- "prepare.vault"
- name: Install python for Ansible
raw: test -e /usr/bin/python || (apt -y update && apt install -y python-minimal)
become: true
changed_when: false
- name: create users (as deployed in production)
user:
name: "{{ item.name }}"
uid: "{{ item.uid }}"
create_home: "yes"
shell: "/bin/bash"
loop: "{{ vault_molecule_users | flatten(levels=1) }}"
become: true
- name: add nonfree repos
apt_repository:
repo: "deb http://ftp2.de.debian.org/debian/ buster main non-free contrib"
state: present
update-cache: "yes"
become: true
- name: Install required packages
apt:
name: [
'aptitude',
'gpg',
'less',
'libuser'
]
state: present
become: true
roles:
- {role: ansible_lza_install_common, become: true}
- {role: ansible_lza_server_hardening, become: true}
"""PyTest Fixtures."""
from __future__ import absolute_import
import os
import pytest
def pytest_runtest_setup(item):
"""Run tests only when under molecule with testinfra installed."""
try:
import testinfra
except ImportError:
pytest.skip("Test requires testinfra", allow_module_level=True)
if "MOLECULE_INVENTORY_FILE" in os.environ:
pytest.testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
os.environ["MOLECULE_INVENTORY_FILE"]
).get_hosts("all")
else:
pytest.skip(
"Test should run only from inside molecule.", allow_module_level=True
)
def test_hosts_file(host):
f = host.file('/etc/hosts')
assert f.exists
assert f.user == 'root'
assert f.group == 'root'
FROM debian:stable-slim
RUN adduser lza;
### configure SLUB Debian Repository
RUN apt-get update; \
apt-get install -y --no-install-recommends gnupg wget git python3 ansible sudo; \
wget -O - http://sdvdebianrepo.slub-dresden.de/deb-repository/pub.gpg.key | apt-key add - ; \
echo "deb http://sdvdebianrepo.slub-dresden.de/deb-repository bullseye main" > /etc/apt/sources.list.d/slub.list; \
apt-get update;
#apt-get -y --no-install-recommends install python3-pip python3-virtualenv;
RUN echo "lza ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/lza-user
#RUN mkdir /opt/venv/ && cd /opt/venv/; \
# virtualenv -p python3 molecule; \
# . /opt/venv/molecule/bin/activate; \
# pip3 install ansible molecule molecule-docker;
USER lza
This drectory contains shared playbooks and a shared Dockerfile.
Visit https://molecule.readthedocs.io/en/latest/examples.html#sharing-across-scenarios for details on sharing playbooks, tests etc. across multiple scenarios.
---
- name: Converge
hosts: all
tasks:
- name: "Include role"
ansible.builtin.include_role:
name: "ansible_lza_proxy"
---
# This is an example playbook to execute Ansible tests.
- name: Verify
hosts: all
gather_facts: false
tasks:
- name: Example assertion
ansible.builtin.assert:
that: true
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment