3ad24ae893
This allows to have a cleaner workspace and enables further work on tests refactoring. Change-Id: Ibc9eaaba779568eee0107784553cab7d0e66a034
167 lines
5.4 KiB
YAML
167 lines
5.4 KiB
YAML
---
|
|
# Copyright 2017, Logan Vig <logan2211@gmail.com>
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
- name: Fail if sshd is running in the containers
|
|
hosts: all_containers:alt_containers
|
|
gather_facts: false
|
|
become: true
|
|
tasks:
|
|
- name: Ensure sshd is not running
|
|
ansible.builtin.command: pgrep sshd
|
|
register: sshd_pgrep
|
|
failed_when: "sshd_pgrep.rc == 0"
|
|
changed_when: false
|
|
|
|
# The container3 ping validates I75f9d0f55ecd875caa1bf608a77c92f950b679a1
|
|
- name: Test the connection plugin container awareness functions
|
|
hosts: all_containers:alt_containers
|
|
gather_facts: false
|
|
become: true
|
|
tasks:
|
|
- name: Test container ping
|
|
ansible.builtin.ping:
|
|
|
|
# Test for I56d8afddbccf01f2944d2fdd505b601a4b048374
|
|
- name: Test delegation in the container aware connection plugin
|
|
hosts: localhost
|
|
gather_facts: false
|
|
become: true
|
|
tasks:
|
|
- name: Test container delegation without templating
|
|
ansible.builtin.command: hostnamectl --transient
|
|
delegate_to: container1
|
|
register: delegated
|
|
failed_when: delegated.stdout != 'container1'
|
|
changed_when: false
|
|
- name: Test container delegation using templating
|
|
ansible.builtin.command: hostnamectl --transient
|
|
delegate_to: "{{ groups['all_containers'][1] }}"
|
|
register: delegated
|
|
failed_when: delegated.stdout != 'container2'
|
|
changed_when: false
|
|
|
|
# Test for conditional delegation Ief2fecbc266adcc816336b601253d3e90c39c32b
|
|
- name: Test conditional delegation
|
|
hosts: container1
|
|
gather_facts: false
|
|
become: true
|
|
vars:
|
|
delegate_control: "target-host"
|
|
tasks:
|
|
- name: Test conditional delegation
|
|
ansible.builtin.command: hostnamectl --transient
|
|
register: delegated
|
|
failed_when: delegated.stdout != 'container1'
|
|
changed_when: false
|
|
delegate_to: "{{ (delegate_control == 'deployment-host') | ternary('localhost', inventory_hostname) }}"
|
|
|
|
# Test for If594914df53efacc6d5bba148f4f46280f5a117d
|
|
- name: Test delegation between container physical_hosts
|
|
hosts: fakecontainer
|
|
gather_facts: false
|
|
become: true
|
|
tasks:
|
|
- name: Test delegation between containers on different hosts
|
|
ansible.builtin.ping:
|
|
delegate_to: "{{ groups['all_containers'][0] }}"
|
|
|
|
- name: Test container_user attribute
|
|
hosts: container1
|
|
user: root
|
|
tasks:
|
|
- name: Ensure container alt user
|
|
ansible.builtin.user:
|
|
name: testing
|
|
group: users
|
|
- name: Execute command with container_user set
|
|
ansible.builtin.command: whoami
|
|
vars:
|
|
container_user: testing
|
|
ansible_become: false
|
|
register: whoami_output
|
|
changed_when: false
|
|
failed_when:
|
|
- whoami_output.stdout != 'testing'
|
|
|
|
# Test for I69f2eed35859bdc149e5ed21441eab7c8a8352cf
|
|
- name: Create SSH certificate keys
|
|
hosts: localhost
|
|
become: true
|
|
tags:
|
|
- always
|
|
- sshd-ca
|
|
tasks:
|
|
- name: "Create ssh certificates to auth with"
|
|
ansible.builtin.include_role:
|
|
name: openstack.osa.ssh_keypairs
|
|
vars:
|
|
ssh_keypairs_setup_host: localhost
|
|
ssh_keypairs_dir: /etc/openstack_deploy/ssh_keypairs/
|
|
ssh_keypairs:
|
|
- name: "plugins-{{ inventory_hostname }}"
|
|
cert:
|
|
signed_by: "OpenStack-Ansible-SSH-Signing-Key"
|
|
principals: "test-plugins"
|
|
valid_from: "always"
|
|
valid_to: "forever"
|
|
ssh_keypairs_install_keys:
|
|
keys:
|
|
- cert: "plugins-{{ inventory_hostname }}"
|
|
dest: "{{ lookup('env', 'HOME') }}/.ssh/id_rsa"
|
|
ssh_keypairs_install_authorities: false
|
|
|
|
- name: Reinstall openssh-server for delegation to unknown inventory host
|
|
hosts: container3
|
|
tasks:
|
|
- name: Uninstall OpenSSH server
|
|
ansible.builtin.package:
|
|
name: "{{ openssh_server_package }}"
|
|
state: absent
|
|
- name: Install OpenSSH server
|
|
ansible.builtin.package:
|
|
name: "{{ openssh_server_package }}"
|
|
state: present
|
|
- name: Start OpenSSH server
|
|
ansible.builtin.systemd:
|
|
name: "{{ openssh_server_service }}"
|
|
enabled: true
|
|
masked: false
|
|
daemon_reload: true
|
|
state: restarted
|
|
- name: Add SSH CA to the container
|
|
ansible.builtin.include_role:
|
|
name: openstack.osa.ssh_keypairs
|
|
vars:
|
|
ssh_keypairs_setup_host: localhost
|
|
ssh_keypairs_dir: /etc/openstack_deploy/ssh_keypairs/
|
|
ssh_keypairs_install_keypairs: false
|
|
ssh_keypairs_install_ca:
|
|
- name: "OpenStack-Ansible-SSH-Signing-Key"
|
|
ssh_keypairs_principals:
|
|
- user: "root"
|
|
principals:
|
|
- "test-plugins"
|
|
|
|
- name: Test delegation to host not in inventory
|
|
hosts: container1
|
|
remote_user: root
|
|
tasks:
|
|
- name: Test container delegation without using inventory name
|
|
ansible.builtin.command: hostnamectl --transient
|
|
delegate_to: 10.100.100.4
|
|
register: delegated
|
|
failed_when: delegated.stdout != 'container3'
|
|
changed_when: false
|