Use centralised Ansible test scripts
This patch consumes the centralised Ansible test scripts
implemented in https://review.openstack.org/381853
Combined backport of:
- https://review.openstack.org/382330
- https://review.openstack.org/388463
Depends-On: I5c1f2f0949d6b7ad7bfc4151257b081728ba956f
Depends-On: Ie379de765c6ebba958ce8e7f9dc27b7a3af74ff8
Change-Id: Ib7fe11b666322b11b1e30dea775304fd5d236f2f
(cherry picked from commit 90c363031e
)
This commit is contained in:
parent
72ef48fb12
commit
af2226fb35
|
@ -103,6 +103,7 @@
|
||||||
dest: /etc/apt/apt.conf.d/50unattended-upgrades
|
dest: /etc/apt/apt.conf.d/50unattended-upgrades
|
||||||
regexp: '^(\/\/)?Unattended-Upgrade::Mail "root";'
|
regexp: '^(\/\/)?Unattended-Upgrade::Mail "root";'
|
||||||
line: 'Unattended-Upgrade::Mail "root";'
|
line: 'Unattended-Upgrade::Mail "root";'
|
||||||
|
create: yes
|
||||||
when:
|
when:
|
||||||
- security_unattended_upgrades_enabled | bool
|
- security_unattended_upgrades_enabled | bool
|
||||||
- security_unattended_upgrades_notifications | bool
|
- security_unattended_upgrades_notifications | bool
|
||||||
|
|
|
@ -31,26 +31,36 @@
|
||||||
stat:
|
stat:
|
||||||
path: /etc/apt/apt.conf.d/20auto-upgrades
|
path: /etc/apt/apt.conf.d/20auto-upgrades
|
||||||
register: auto_upgrades_file
|
register: auto_upgrades_file
|
||||||
when: ansible_pkg_mgr == 'apt'
|
when:
|
||||||
|
- not check_mode
|
||||||
|
- ansible_pkg_mgr == 'apt'
|
||||||
- name: Slurp contents of 50unattended-upgrades file
|
- name: Slurp contents of 50unattended-upgrades file
|
||||||
slurp:
|
slurp:
|
||||||
src: /etc/apt/apt.conf.d/50unattended-upgrades
|
src: /etc/apt/apt.conf.d/50unattended-upgrades
|
||||||
register: unattended_upgrades_file_encoded
|
register: unattended_upgrades_file_encoded
|
||||||
when: ansible_pkg_mgr == 'apt'
|
when:
|
||||||
|
- not check_mode
|
||||||
|
- ansible_pkg_mgr == 'apt'
|
||||||
- name: Decode slurp'd 50-unattended-upgrades file
|
- name: Decode slurp'd 50-unattended-upgrades file
|
||||||
set_fact:
|
set_fact:
|
||||||
unattended_upgrades_file: "{{ unattended_upgrades_file_encoded.content | b64decode }}"
|
unattended_upgrades_file: "{{ unattended_upgrades_file_encoded.content | b64decode }}"
|
||||||
when: ansible_pkg_mgr == 'apt'
|
when:
|
||||||
|
- not check_mode
|
||||||
|
- ansible_pkg_mgr == 'apt'
|
||||||
- name: Ensure auto updates has been enabled
|
- name: Ensure auto updates has been enabled
|
||||||
assert:
|
assert:
|
||||||
that:
|
that:
|
||||||
- auto_upgrades_file.stat.exists
|
- auto_upgrades_file.stat.exists
|
||||||
when: ansible_pkg_mgr == 'apt'
|
when:
|
||||||
|
- not check_mode
|
||||||
|
- ansible_pkg_mgr == 'apt'
|
||||||
- name: Ensure that auto update notifications has been enabled
|
- name: Ensure that auto update notifications has been enabled
|
||||||
assert:
|
assert:
|
||||||
that:
|
that:
|
||||||
- "'\nUnattended-Upgrade::Mail \"root\";\n' in unattended_upgrades_file"
|
- "'\nUnattended-Upgrade::Mail \"root\";\n' in unattended_upgrades_file"
|
||||||
when: ansible_pkg_mgr == 'apt'
|
when:
|
||||||
|
- not check_mode
|
||||||
|
- ansible_pkg_mgr == 'apt'
|
||||||
roles:
|
roles:
|
||||||
- role: "openstack-ansible-security"
|
- role: "openstack-ansible-security"
|
||||||
vars:
|
vars:
|
||||||
|
|
|
@ -1,19 +0,0 @@
|
||||||
---
|
|
||||||
# Copyright 2015, Rackspace US, Inc.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
# you may not use this file except in compliance with the License.
|
|
||||||
# You may obtain a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
# See the License for the specific language governing permissions and
|
|
||||||
# limitations under the License.
|
|
||||||
|
|
||||||
- name: Playbook for role testing (check mode)
|
|
||||||
hosts: localhost
|
|
||||||
roles:
|
|
||||||
- role: "openstack-ansible-security"
|
|
67
tox.ini
67
tox.ini
|
@ -25,6 +25,8 @@ whitelist_externals =
|
||||||
setenv =
|
setenv =
|
||||||
PYTHONUNBUFFERED=1
|
PYTHONUNBUFFERED=1
|
||||||
ROLE_NAME=openstack-ansible-security
|
ROLE_NAME=openstack-ansible-security
|
||||||
|
TEST_CHECK_MODE=true
|
||||||
|
TEST_IDEMPOTENCE=true
|
||||||
VIRTUAL_ENV={envdir}
|
VIRTUAL_ENV={envdir}
|
||||||
WORKING_DIR={toxinidir}
|
WORKING_DIR={toxinidir}
|
||||||
|
|
||||||
|
@ -84,84 +86,41 @@ commands =
|
||||||
deps =
|
deps =
|
||||||
{[testenv]deps}
|
{[testenv]deps}
|
||||||
-rhttp://git.openstack.org/cgit/openstack/openstack-ansible-tests/plain/test-ansible-deps.txt?h=stable/newton
|
-rhttp://git.openstack.org/cgit/openstack/openstack-ansible-tests/plain/test-ansible-deps.txt?h=stable/newton
|
||||||
commands =
|
|
||||||
{[testenv:tests_clone]commands}
|
|
||||||
bash -c "{toxinidir}/tests/common/test-ansible-env-prep.sh"
|
|
||||||
|
|
||||||
|
|
||||||
[testenv:ansible-syntax]
|
[testenv:ansible-syntax]
|
||||||
deps =
|
deps =
|
||||||
{[testenv:ansible]deps}
|
{[testenv:ansible]deps}
|
||||||
commands =
|
commands =
|
||||||
{[testenv:ansible]commands}
|
{[testenv:tests_clone]commands}
|
||||||
ansible-playbook -i {toxinidir}/tests/inventory \
|
bash -c "{toxinidir}/tests/common/test-ansible-syntax.sh"
|
||||||
--syntax-check \
|
|
||||||
--list-tasks \
|
|
||||||
{toxinidir}/tests/test.yml
|
|
||||||
|
|
||||||
|
|
||||||
[testenv:ansible-lint]
|
[testenv:ansible-lint]
|
||||||
deps =
|
deps =
|
||||||
{[testenv:ansible]deps}
|
{[testenv:ansible]deps}
|
||||||
commands =
|
commands =
|
||||||
{[testenv:ansible]commands}
|
{[testenv:tests_clone]commands}
|
||||||
ansible-lint {toxinidir}
|
bash -c "{toxinidir}/tests/common/test-ansible-lint.sh"
|
||||||
|
|
||||||
|
|
||||||
[testenv:func_base]
|
|
||||||
# NOTE(odyssey4me): this target does not use constraints because
|
|
||||||
# it doesn't work in OpenStack-CI yet. Once that's fixed, we can
|
|
||||||
# drop the install_command.
|
|
||||||
install_command =
|
|
||||||
pip install -U --force-reinstall {opts} {packages}
|
|
||||||
|
|
||||||
|
|
||||||
[testenv:func_logs]
|
|
||||||
commands =
|
|
||||||
bash -c "{toxinidir}/tests/common/test-log-collect.sh"
|
|
||||||
|
|
||||||
|
|
||||||
[testenv:functional]
|
[testenv:functional]
|
||||||
# Ignore_errors is set to true so that the logs are collected at the
|
|
||||||
# end of the run. This will not produce a false positive. Any
|
|
||||||
# exception will be mark the run as failed and exit 1 after all of
|
|
||||||
# the commands have been iterated through.
|
|
||||||
ignore_errors = True
|
|
||||||
# NOTE(odyssey4me): this target does not use constraints because
|
|
||||||
# it doesn't work in OpenStack-CI yet. Once that's fixed, we can
|
|
||||||
# drop the install_command.
|
|
||||||
install_command =
|
|
||||||
{[testenv:func_base]install_command}
|
|
||||||
deps =
|
deps =
|
||||||
{[testenv:ansible]deps}
|
{[testenv:ansible]deps}
|
||||||
commands =
|
setenv =
|
||||||
{[testenv:ansible]commands}
|
{[testenv]setenv}
|
||||||
# NOTE(odyssey4me): We have to skip V-38462 as openstack-infra are now
|
# NOTE(odyssey4me): We have to skip V-38462 as openstack-infra are now
|
||||||
# building images with apt config
|
# building images with apt config
|
||||||
# Apt::Get::AllowUnauthenticated set to true.
|
# Apt::Get::AllowUnauthenticated set to true.
|
||||||
# NOTE(mhayden): Skipping V-38660 since openstack-infra has SNMP v1/2 in
|
# NOTE(mhayden): Skipping V-38660 since openstack-infra has SNMP v1/2 in
|
||||||
# the images. This can be added back in once
|
# the images. This can be added back in once
|
||||||
# https://review.openstack.org/#/c/354819/ merges.
|
# https://review.openstack.org/354819 merges.
|
||||||
# NOTE(mhayden): Skipping V-38620 since chrony cannot start with ntpd
|
# NOTE(mhayden): Skipping V-38620 since chrony cannot start with ntpd
|
||||||
# running in the gate images.
|
# running in the gate images.
|
||||||
ansible-playbook --check \
|
ANSIBLE_PARAMETERS=--skip-tags V-38462,V-38660,V-38620
|
||||||
-i {toxinidir}/tests/inventory \
|
commands =
|
||||||
-e "install_test_packages=True" \
|
{[testenv:tests_clone]commands}
|
||||||
--skip-tag V-38462,V-38660,V-38620 \
|
bash -c "{toxinidir}/tests/common/test-ansible-functional.sh"
|
||||||
{toxinidir}/tests/test_check.yml
|
|
||||||
ansible-playbook -i {toxinidir}/tests/inventory \
|
|
||||||
-e "install_test_packages=True" \
|
|
||||||
--skip-tag V-38462,V-38660,V-38620 \
|
|
||||||
{toxinidir}/tests/test.yml
|
|
||||||
bash -c 'ansible-playbook -i {toxinidir}/tests/inventory \
|
|
||||||
-e "install_test_packages=True" \
|
|
||||||
--skip-tag V-38462,V-38660,V-38620 \
|
|
||||||
{toxinidir}/tests/test.yml \
|
|
||||||
| tee /tmp/idempotence_test_output.txt'
|
|
||||||
bash -c 'grep -q "changed=0.*failed=0" /tmp/idempotence_test_output.txt \
|
|
||||||
&& (echo "Idempotence test: pass" && exit 0) \
|
|
||||||
|| (echo "Idempotence test: fail" && exit 1)'
|
|
||||||
{[testenv:func_logs]commands}
|
|
||||||
|
|
||||||
|
|
||||||
[testenv:linters]
|
[testenv:linters]
|
||||||
|
|
Loading…
Reference in New Issue