Merge "Add system-config-run-eavesdrop"

2018-08-30 18:38:18 +00:00 · 2018-08-30 18:38:18 +00:00 · 2a51a493e0
commit 2a51a493e0
parent 94ea02f635 09b1ff4bc3
7 changed files with 55 additions and 20 deletions
--- a/.zuul.yaml
+++ b/.zuul.yaml
@ -131,14 +131,6 @@
          label: ubuntu-bionic
        - name: centos7
          label: centos-7
-      groups:
-        # We test puppet installation on this group.  Note bionic not
-        # in here as we have no bionic puppeted nodes (yet?)
-        - name: puppet
-          nodes:
-            - trusty
-            - xenial
-            - centos7
    host-vars:
      trusty:
        ansible_python_interpreter: python2
@ -153,6 +145,21 @@
      - roles/.*
      - testinfra/.*

+- job:
+    name: system-config-run-eavesdrop
+    nodeset:
+      nodes:
+        - name: bridge.openstack.org
+          label: ubuntu-bionic
+        - name: eavesdrop01.openstack.org
+          label: ubuntu-xenial
+    pre-run: playbooks/zuul/run-base-pre.yaml
+    run: playbooks/zuul/run-base.yaml
+    files:
+      - .zuul.yaml
+      - playbooks/group_vars/eavesdrop.yaml
+      - testinfra/test_eavesdrop.py
+
 - project:
    templates:
      - system-config-zuul-role-integration
@ -163,6 +170,7 @@
        - puppet-beaker-rspec-puppet-4-infra-system-config
        - puppet-beaker-rspec-puppet-4-centos-7-infra-system-config
        - system-config-run-base
+        - system-config-run-eavesdrop
    gate:
      jobs:
        - puppet-beaker-rspec-infra-system-config
@ -170,3 +178,4 @@
        - puppet-beaker-rspec-puppet-4-infra-system-config
        - puppet-beaker-rspec-puppet-4-centos-7-infra-system-config
        - system-config-run-base
+        - system-config-run-eavesdrop
--- a/inventory/groups.yaml
+++ b/inventory/groups.yaml
@ -32,7 +32,7 @@ groups:
  ns: inventory_hostname.startswith('ns')
  paste: inventory_hostname.startswith('paste')
  pbx: inventory_hostname.startswith('pbx')
-  puppet: not inventory_hostname.startswith('bridge')
+  puppet: not (inventory_hostname.startswith('bridge') or inventory_hostname.startswith('bionic'))
  refstack: inventory_hostname.startswith('refstack')
  review-dev: inventory_hostname is match('review-dev\d+\.openstack\.org')
  review: inventory_hostname is match('review\d+\.openstack\.org')
--- a/playbooks/zuul/run-base.yaml
+++ b/playbooks/zuul/run-base.yaml
@ -12,17 +12,17 @@
        write_inventory_dest: /etc/ansible/hosts/inventory.yaml
        write_inventory_exclude_hostvars:
          - ansible_user
-    - name: Update ansible.cfg to use job inventory
-      ini_file:
-        path: /etc/ansible/ansible.cfg
-        section: defaults
-        option: inventory
-        value: /etc/ansible/hosts/inventory.yaml
    - name: Set up /opt/system-config repo
      git:
        repo: /home/zuul/src/git.openstack.org/openstack-infra/system-config
        dest: /opt/system-config
        force: yes
+    - name: Update ansible.cfg to use job inventory
+      ini_file:
+        path: /etc/ansible/ansible.cfg
+        section: defaults
+        option: inventory
+        value: /etc/ansible/hosts/inventory.yaml,/opt/system-config/inventory/groups.yaml
    - name: Make host_vars directory
      file:
        path: "/etc/ansible/hosts/host_vars"
@ -42,6 +42,8 @@
        dest: "/etc/ansible/hosts/{{ item }}"
      loop:
        - group_vars/all.yaml
+    - name: Display group membership
+      command: ansible localhost -m debug -a 'var=groups'
    - name: Run base.yaml
      command: ansible-playbook /home/zuul/src/git.openstack.org/openstack-infra/system-config/playbooks/base.yaml
    - name: Run testinfra to validate configuration
@ -49,4 +51,3 @@
        name: tox
      vars:
        tox_envlist: testinfra
-        tox_extra_args: testinfra/test_base.py
--- a/test-requirements.txt
+++ b/test-requirements.txt
@ -8,6 +8,3 @@ ansible-lint
 openstacksdk
 zuul-sphinx>=0.2.3
 testinfra
-# pytest-xdist is a plugin for pytest which allows parallel execution,
-# used by testinfra
-pytest-xdist
--- a/testinfra/test_base.py
+++ b/testinfra/test_base.py
@ -15,6 +15,9 @@
 import socket


+testinfra_hosts = ['all']
+
+
 def get_ips(value, family=None):
    ret = set()
    try:
--- a/testinfra/test_eavesdrop.py
+++ b/testinfra/test_eavesdrop.py
@ -0,0 +1,25 @@
+# Copyright 2018 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+
+testinfra_hosts = ['eavesdrop01.openstack.org']
+
+
+def test_eavesdrop(host):
+    rules = host.iptables.rules()
+    rules = [x.strip() for x in rules]
+
+    web = ('-A openstack-INPUT -p tcp -m state --state NEW'
+           ' -m tcp --dport 80 -j ACCEPT')
+    assert web in rules
--- a/tox.ini
+++ b/tox.ini
@ -32,7 +32,7 @@ deps = -r{toxinidir}/doc/requirements.txt
 commands = sphinx-build -W -E -b html doc/source doc/build/html

 [testenv:testinfra]
-commands = py.test -n 5 --junit-xml junit.xml --connection=ansible --ansible-inventory=/etc/ansible/hosts/inventory.yaml --hosts=all -v {posargs}
+commands = py.test --junit-xml junit.xml --connection=ansible --ansible-inventory=/etc/ansible/hosts/inventory.yaml -v testinfra {posargs}

 [flake8]
 show-source = True