--- # Copyright 2015, Rackspace US, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - name: Test whether the role produced expected results hosts: localhost user: root become: true tasks: - name: List the running LXC containers present on the host command: lxc-ls -1 --fancy --fancy-format name,ipv4 --running register: lxc_container_list tags: - skip_ansible_lint - name: Verify that the expected containers are present with the correct addresses # Example stdout: # NAME IPV4 # --------------------------------------- # container1 172.16.12.3, 10.100.100.2 # container2 10.100.100.3, 172.16.12.4 assert: that: - lxc_container_list.stdout | search("container1\s+(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3},\s+)*10.100.100.2(,\s+\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})*\s+") - lxc_container_list.stdout | search("container2\s+(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3},\s+)*10.100.100.3(,\s+\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})*\s+") - lxc_container_list.stdout | search("container3\s+(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3},\s+)*10.100.100.4(,\s+\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})*\s+") - name: Check for the presence of the right app armor profile for container1 command: grep "^{{ (hostvars[physical_host | default('localhost')]['ansible_distribution_version'] == '18.04') | ternary('lxc.apparmor.profile', 'lxc.aa_profile') }} = lxc-openstack$" /var/lib/lxc/container1/config register: container1_profile failed_when: container1_profile.rc != 0 tags: - skip_ansible_lint - name: Check for the presence of the right app armor profile for container2 command: "grep -E '^{{ (hostvars[physical_host | default('localhost')]['ansible_distribution_version'] == '18.04') | ternary('lxc.apparmor.profile', 'lxc.aa_profile') }} = {{ (lxc_container_backing_store == 'overlayfs') | ternary('lxc-openstack', 'unconfined') }}$' /var/lib/lxc/container2/config" register: container2_profile failed_when: container2_profile.rc != 0 tags: - skip_ansible_lint - name: Check for the lack of presence of an aa_profile for container3 command: grep "{{ (hostvars[physical_host | default('localhost')]['ansible_distribution_version'] == '18.04') | ternary('lxc.apparmor.profile', 'lxc.aa_profile') }}" /var/lib/lxc/container3/config register: container3_profile failed_when: container3_profile.rc == 0 tags: - skip_ansible_lint - name: Check for the presence of the right bound mount for container1 command: grep "lxc.mount.entry = /openstack/container1 opt/test1 none bind,create=dir 0 0" /var/lib/lxc/container1/config tags: - skip_ansible_lint - name: Check for the presence of the right bound mount for container2 command: grep "lxc.mount.entry = {{ development_repo_directory }} {{ development_repo_directory | relpath('/') }} none bind,create=dir 0 0" /var/lib/lxc/container2/config tags: - skip_ansible_lint - name: Check for the presence of the default bound mount for container3 command: grep "lxc.mount.entry = /openstack/backup/container3" /var/lib/lxc/container3/config tags: - skip_ansible_lint vars_files: - common/test-vars.yml - name: Check for the bind mount in container1 hosts: container1 remote_user: root tasks: - name: Check for the presence of /opt/test1 command: ls -1 /opt/test1 register: container1_test_dir failed_when: container1_test_dir.rc != 0 tags: - skip_ansible_lint - name: Test the containers themselves hosts: all_containers remote_user: root tasks: - name: Open /etc/environment file slurp: src: /etc/environment register: environment_file - name: Set /etc/environment contents fact set_fact: environment_content: "{{ environment_file.content | b64decode }}" - name: Check /etc/enviroment matches expectations assert: that: - "'foo=bar' in environment_content" - name: Test connectivity to external address command: ping -i 5 -c 6 git.openstack.org register: ping_external_address failed_when: false tags: - skip_ansible_lint - name: Verify connectivity to external address assert: that: - ping_external_address.rc == 0 # TODO(evrardjp): Move this to testinfra - name: Apply a sysctl to test if it can be applied consistenty hosts: container3 tasks: - name: Allow consuming apps to bind on non local addresses sysctl: name: net.ipv4.ip_nonlocal_bind value: 1 sysctl_set: yes state: present - name: Bump the container state hosts: localhost user: root become: true tasks: - name: Stop container command: "lxc-stop -n container3" register: container_stop changed_when: container_stop.rc == 0 failed_when: not container_stop.rc in [0, 2] until: container_stop.rc in [0, 2] retries: 3 delay: 2 - name: Start container command: "lxc-start -d -n container3" register: container_start changed_when: container_start.rc == 0 until: container_start | success retries: 3 delay: 2 - name: Check if the sysctl was well applied hosts: container3 tasks: - name: Check the sysctl is persistent command: sysctl -n net.ipv4.ip_nonlocal_bind register: nonlocalbind changed_when: false - debug: var: nonlocalbind - name: Verify the sysctl is set assert: that: - "'1' in nonlocalbind.stdout" - name: Test journal linking hosts: all_containers user: root become: true gather_facts: false tasks: - name: Get container machine-id command: "cat /etc/machine-id" changed_when: false register: container_machine_id - name: Stat linked journal on the host stat: path: "/var/log/journal/{{ container_machine_id.stdout.strip() }}/system.journal" register: journal_stat delegate_to: "{{ physical_host }}" - name: Check for linked journal fail: msg: >- Container journal [/var/log/journal/{{ container_machine_id.stdout.strip() }}] not found when: - not journal_stat.stat.exists