Use centralised Ansible test scripts

This patch consumes the centralised Ansible test scripts
implemented in https://review.openstack.org/381853

Combined backport of:
- https://review.openstack.org/382330
- https://review.openstack.org/388463

Depends-On: I5c1f2f0949d6b7ad7bfc4151257b081728ba956f
Depends-On: Ie379de765c6ebba958ce8e7f9dc27b7a3af74ff8
Change-Id: Ib7fe11b666322b11b1e30dea775304fd5d236f2f
(cherry picked from commit 90c363031e)
This commit is contained in:
Major Hayden 2016-10-10 08:56:20 -05:00 committed by Jesse Pretorius
parent 72ef48fb12
commit af2226fb35
4 changed files with 29 additions and 78 deletions

View File

@ -103,6 +103,7 @@
dest: /etc/apt/apt.conf.d/50unattended-upgrades
regexp: '^(\/\/)?Unattended-Upgrade::Mail "root";'
line: 'Unattended-Upgrade::Mail "root";'
create: yes
when:
- security_unattended_upgrades_enabled | bool
- security_unattended_upgrades_notifications | bool

View File

@ -31,26 +31,36 @@
stat:
path: /etc/apt/apt.conf.d/20auto-upgrades
register: auto_upgrades_file
when: ansible_pkg_mgr == 'apt'
when:
- not check_mode
- ansible_pkg_mgr == 'apt'
- name: Slurp contents of 50unattended-upgrades file
slurp:
src: /etc/apt/apt.conf.d/50unattended-upgrades
register: unattended_upgrades_file_encoded
when: ansible_pkg_mgr == 'apt'
when:
- not check_mode
- ansible_pkg_mgr == 'apt'
- name: Decode slurp'd 50-unattended-upgrades file
set_fact:
unattended_upgrades_file: "{{ unattended_upgrades_file_encoded.content | b64decode }}"
when: ansible_pkg_mgr == 'apt'
when:
- not check_mode
- ansible_pkg_mgr == 'apt'
- name: Ensure auto updates has been enabled
assert:
that:
- auto_upgrades_file.stat.exists
when: ansible_pkg_mgr == 'apt'
when:
- not check_mode
- ansible_pkg_mgr == 'apt'
- name: Ensure that auto update notifications has been enabled
assert:
that:
- "'\nUnattended-Upgrade::Mail \"root\";\n' in unattended_upgrades_file"
when: ansible_pkg_mgr == 'apt'
when:
- not check_mode
- ansible_pkg_mgr == 'apt'
roles:
- role: "openstack-ansible-security"
vars:

View File

@ -1,19 +0,0 @@
---
# Copyright 2015, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Playbook for role testing (check mode)
hosts: localhost
roles:
- role: "openstack-ansible-security"

67
tox.ini
View File

@ -25,6 +25,8 @@ whitelist_externals =
setenv =
PYTHONUNBUFFERED=1
ROLE_NAME=openstack-ansible-security
TEST_CHECK_MODE=true
TEST_IDEMPOTENCE=true
VIRTUAL_ENV={envdir}
WORKING_DIR={toxinidir}
@ -84,84 +86,41 @@ commands =
deps =
{[testenv]deps}
-rhttp://git.openstack.org/cgit/openstack/openstack-ansible-tests/plain/test-ansible-deps.txt?h=stable/newton
commands =
{[testenv:tests_clone]commands}
bash -c "{toxinidir}/tests/common/test-ansible-env-prep.sh"
[testenv:ansible-syntax]
deps =
{[testenv:ansible]deps}
commands =
{[testenv:ansible]commands}
ansible-playbook -i {toxinidir}/tests/inventory \
--syntax-check \
--list-tasks \
{toxinidir}/tests/test.yml
{[testenv:tests_clone]commands}
bash -c "{toxinidir}/tests/common/test-ansible-syntax.sh"
[testenv:ansible-lint]
deps =
{[testenv:ansible]deps}
commands =
{[testenv:ansible]commands}
ansible-lint {toxinidir}
[testenv:func_base]
# NOTE(odyssey4me): this target does not use constraints because
# it doesn't work in OpenStack-CI yet. Once that's fixed, we can
# drop the install_command.
install_command =
pip install -U --force-reinstall {opts} {packages}
[testenv:func_logs]
commands =
bash -c "{toxinidir}/tests/common/test-log-collect.sh"
{[testenv:tests_clone]commands}
bash -c "{toxinidir}/tests/common/test-ansible-lint.sh"
[testenv:functional]
# Ignore_errors is set to true so that the logs are collected at the
# end of the run. This will not produce a false positive. Any
# exception will be mark the run as failed and exit 1 after all of
# the commands have been iterated through.
ignore_errors = True
# NOTE(odyssey4me): this target does not use constraints because
# it doesn't work in OpenStack-CI yet. Once that's fixed, we can
# drop the install_command.
install_command =
{[testenv:func_base]install_command}
deps =
{[testenv:ansible]deps}
commands =
{[testenv:ansible]commands}
setenv =
{[testenv]setenv}
# NOTE(odyssey4me): We have to skip V-38462 as openstack-infra are now
# building images with apt config
# Apt::Get::AllowUnauthenticated set to true.
# NOTE(mhayden): Skipping V-38660 since openstack-infra has SNMP v1/2 in
# the images. This can be added back in once
# https://review.openstack.org/#/c/354819/ merges.
# https://review.openstack.org/354819 merges.
# NOTE(mhayden): Skipping V-38620 since chrony cannot start with ntpd
# running in the gate images.
ansible-playbook --check \
-i {toxinidir}/tests/inventory \
-e "install_test_packages=True" \
--skip-tag V-38462,V-38660,V-38620 \
{toxinidir}/tests/test_check.yml
ansible-playbook -i {toxinidir}/tests/inventory \
-e "install_test_packages=True" \
--skip-tag V-38462,V-38660,V-38620 \
{toxinidir}/tests/test.yml
bash -c 'ansible-playbook -i {toxinidir}/tests/inventory \
-e "install_test_packages=True" \
--skip-tag V-38462,V-38660,V-38620 \
{toxinidir}/tests/test.yml \
| tee /tmp/idempotence_test_output.txt'
bash -c 'grep -q "changed=0.*failed=0" /tmp/idempotence_test_output.txt \
&& (echo "Idempotence test: pass" && exit 0) \
|| (echo "Idempotence test: fail" && exit 1)'
{[testenv:func_logs]commands}
ANSIBLE_PARAMETERS=--skip-tags V-38462,V-38660,V-38620
commands =
{[testenv:tests_clone]commands}
bash -c "{toxinidir}/tests/common/test-ansible-functional.sh"
[testenv:linters]