bb76ea23f5
Some sysctl can be applied to containers, so we add a test to prove our containers can do it. Change-Id: I40e2f0af00d6d763efcbb07306791d3cd3feff0d Fixes-Bug: #1685677
133 lines
4.9 KiB
YAML
133 lines
4.9 KiB
YAML
---
|
|
# Copyright 2015, Rackspace US, Inc.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
- name: Test whether the role produced expected results
|
|
hosts: localhost
|
|
user: root
|
|
become: true
|
|
tasks:
|
|
- name: List the running LXC containers present on the host
|
|
command: lxc-ls -1 --fancy --fancy-format name,ipv4 --running
|
|
register: lxc_container_list
|
|
|
|
- name: Verify that the expected containers are present with the correct addresses
|
|
# Example stdout:
|
|
# NAME IPV4
|
|
# ---------------------------------------
|
|
# container1 172.16.12.3, 10.100.100.2
|
|
# container2 10.100.100.3, 172.16.12.4
|
|
assert:
|
|
that:
|
|
- lxc_container_list.stdout | search("container1\s+(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3},\s+)*10.100.100.2(,\s+\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})*\s+")
|
|
- lxc_container_list.stdout | search("container2\s+(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3},\s+)*10.100.100.3(,\s+\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})*\s+")
|
|
- lxc_container_list.stdout | search("container3\s+(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3},\s+)*10.100.100.4(,\s+\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})*\s+")
|
|
|
|
- name: Check for the presence of the right aa_profile for container1
|
|
command: grep "^lxc.aa_profile = lxc-openstack$" /var/lib/lxc/container1/config
|
|
register: container1_profile
|
|
failed_when: container1_profile.rc != 0
|
|
|
|
- name: Check for the presence of the right aa_profile for container2
|
|
command: grep "^lxc.aa_profile = unconfined$" /var/lib/lxc/container2/config
|
|
register: container2_profile
|
|
failed_when: container2_profile.rc != 0
|
|
|
|
- name: Check for the lack of presence of an aa_profile for container3
|
|
command: grep "lxc.aa_profile" /var/lib/lxc/container3/config
|
|
register: container3_profile
|
|
failed_when: container3_profile.rc == 0
|
|
|
|
- name: Check for the presence of the right bound mount for container1
|
|
command: grep "lxc.mount.entry = /openstack/container1 opt/test1 none bind 0 0" /var/lib/lxc/container1/config
|
|
|
|
- name: Check for the presence of the right bound mount for container2
|
|
command: grep "lxc.mount.entry = {{ development_repo_directory }} {{ development_repo_directory | relpath('/') }} none bind 0 0" /var/lib/lxc/container2/config
|
|
|
|
- name: Check for the presence of the default bound mount for container3
|
|
command: grep "lxc.mount.entry = /openstack/backup/container3" /var/lib/lxc/container3/config
|
|
|
|
vars_files:
|
|
- common/test-vars.yml
|
|
|
|
- name: Check for the bind mount in container1
|
|
hosts: container1
|
|
remote_user: root
|
|
tasks:
|
|
- name: Check for the presence of /opt/test1
|
|
command: ls -1 /opt/test1
|
|
register: container1_test_dir
|
|
failed_when: container1_test_dir.rc != 0
|
|
|
|
- name: Test the containers themselves
|
|
hosts: all_containers
|
|
remote_user: root
|
|
tasks:
|
|
- name: Open /etc/environment file
|
|
slurp:
|
|
src: /etc/environment
|
|
register: environment_file
|
|
- name: Set /etc/environment contents fact
|
|
set_fact:
|
|
environment_content: "{{ environment_file.content | b64decode }}"
|
|
- name: Check /etc/enviroment matches expectations
|
|
assert:
|
|
that:
|
|
- "'foo=bar' in environment_content"
|
|
- name: Test connectivity to external address
|
|
shell: ping -i 5 -c 6 8.8.8.8
|
|
register: ping_external_address
|
|
failed_when: false
|
|
- name: Verify connectivity to external address
|
|
assert:
|
|
that:
|
|
- ping_external_address.rc == 0
|
|
|
|
# TODO(evrardjp): Move this to testinfra
|
|
- name: Apply a sysctl to test if it can be applied consistenty
|
|
hosts: container3
|
|
tasks:
|
|
- name: Allow consuming apps to bind on non local addresses
|
|
sysctl:
|
|
name: net.ipv4.ip_nonlocal_bind
|
|
value: 1
|
|
sysctl_set: yes
|
|
state: present
|
|
|
|
- name: Bump the container state
|
|
hosts: localhost
|
|
user: root
|
|
become: true
|
|
tasks:
|
|
- name: Stop container
|
|
command: "lxc-stop -n container3"
|
|
changed_when: false
|
|
- name: Start container
|
|
command: "lxc-start -d -n container3"
|
|
changed_when: false
|
|
|
|
- name: Check if the sysctl was well applied
|
|
hosts: container3
|
|
tasks:
|
|
- name: Check the sysctl is persistent
|
|
command: sysctl -n net.ipv4.ip_nonlocal_bind
|
|
register: nonlocalbind
|
|
changed_when: false
|
|
- debug:
|
|
var: nonlocalbind
|
|
- name: Verify the sysctl is set
|
|
assert:
|
|
that:
|
|
- "'1' in nonlocalbind.stdout"
|