recordsansible
/
ara-infra
Code Issues Proposed changes

Remove roles and integration tests from ara-infra, move them to ara 

Now that ara-{clients,server,plugins} have been merged back into
ara, it's easier to keep everything in the same repository.

The roles and integration tests have already been moved to the ara
repository so we can remove this now.

Change-Id: I8baf5701abb4bd030c5f0b321790482e0f9c229b
This commit is contained in:
David Moreau Simard 2019-03-04 11:35:26 -05:00
parent 6132dd9222
commit 4548c10ba1
No known key found for this signature in database
GPG Key ID: CBEB466764A9E621
46 changed files with 22 additions and 2037 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

99
.zuul.d/zuul.yaml
View File

@ -1,99 +0,0 @@
- nodeset:
name: ara-infra-fedora-28
nodes:
- name: infra.recordsansible.org
label: fedora-28
- job:
name: ara-infra-website
parent: base
nodeset: ara-infra-fedora-28
pre-run: tests/website-pre.yaml
run: playbooks/website.yaml
post-run: tests/website-post.yaml
success-url: logs/build/
- job:
name: ara-component-integration-base
parent: base
vars:
integration_ansible_name: "{{ ansible_user_dir }}/src/github.com/ansible/ansible"
integration_ansible_version: null
required-projects:
- openstack/ara-infra
- openstack/ara-server
- openstack/ara-plugins
- openstack/ara-clients
run: playbooks/integration-tests.yaml
post-run: tests/integration-post.yaml
- job:
name: ara-integration-fedora-devel
parent: ara-component-integration-base
nodeset: fedora-latest
required-projects:
- name: github.com/ansible/ansible
override-checkout: devel
- job:
name: ara-integration-fedora-2.7
parent: ara-component-integration-base
nodeset: fedora-latest
required-projects:
- name: github.com/ansible/ansible
override-checkout: stable-2.7
- job:
name: ara-integration-ubuntu-2.6
parent: ara-component-integration-base
nodeset: ubuntu-bionic
required-projects:
- name: github.com/ansible/ansible
override-checkout: stable-2.6
- job:
name: ara-server-role-integration-base
parent: base
files:
- playbooks/*
- roles/ara_frontend_nginx/*
- roles/ara_server/*
- ara/*
- tests/*
- .zuul.d/*
- setup.py
- setup.cfg
- requirements.txt
- test-requirements.txt
required-projects:
- openstack/ara-server
pre-run: tests/role-integration-pre.yaml
run: playbooks/ara-server.yaml
- job:
name: ara-server-role-integration-ubuntu
parent: ara-server-role-integration-base
nodeset: ubuntu-bionic
- job:
name: ara-server-role-integration-fedora
parent: ara-server-role-integration-base
nodeset: fedora-latest
- project:
check:
jobs:
- ara-infra-website
- ara-integration-fedora-2.7
- ara-integration-fedora-devel:
voting: false
- ara-integration-ubuntu-2.6
- ara-server-role-integration-ubuntu
- ara-server-role-integration-fedora
gate:
jobs:
- ara-infra-website
- ara-integration-fedora-2.7
- ara-integration-ubuntu-2.6
- ara-server-role-integration-ubuntu
- ara-server-role-integration-fedora

22
.zuul.yaml Normal file
View File

@ -0,0 +1,22 @@
- nodeset:
name: ara-infra-fedora-28
nodes:
- name: infra.recordsansible.org
label: fedora-28
- job:
name: ara-infra-website
parent: base
nodeset: ara-infra-fedora-28
pre-run: tests/website-pre.yaml
run: playbooks/website.yaml
post-run: tests/website-post.yaml
success-url: logs/build/
- project:
check:
jobs:
- ara-infra-website
gate:
jobs:
- ara-infra-website

7
playbooks/ara-server.yaml
View File

@ -1,7 +0,0 @@
- name: Deploy ara-server
hosts: all
gather_facts: yes
vars:
ansible_python_interpreter: /usr/bin/python3
roles:
- ara_server

7
playbooks/integration-tests.yaml
View File

@ -1,7 +0,0 @@
- name: Run ARA integration tests
hosts: all
gather_facts: yes
tasks:
- name: Include the integration-tests role
include_role:
name: integration-tests

30
roles/ara_frontend_nginx/README.rst
View File

@ -1,30 +0,0 @@
ansible-role-ara-frontend-nginx
===============================
Ansible role to install and configure nginx to serve instances of ara-server
and ara-web.
While this role can be used by itself, it is meant to be used alongside the
Ansible roles for ara-server and ara-web.
It is currently tested and supported against Ubuntu 18.04 and Fedora 29.
Copyright
=========
::
Copyright (c) 2019 Red Hat, Inc.
ARA Records Ansible is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
ARA Records Ansible is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with ARA Records Ansible. If not, see <http://www.gnu.org/licenses/>.

24
roles/ara_frontend_nginx/handlers/main.yaml
View File

@ -1,24 +0,0 @@
---
# Copyright (c) 2019 Red Hat, Inc.
#
# This file is part of ARA Records Ansible.
#
# ARA Records Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# ARA Records Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with ARA Records Ansible. If not, see <http://www.gnu.org/licenses/>.
- name: restart nginx
become: true
service:
name: nginx
state: restarted
when: ara_nginx_enabled is not changed

36
roles/ara_frontend_nginx/meta/main.yaml
View File

@ -1,36 +0,0 @@
---
# Copyright (c) 2019 Red Hat, Inc.
#
# This file is part of ARA Records Ansible.
#
# ARA Records Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# ARA Records Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with ARA Records Ansible. If not, see <http://www.gnu.org/licenses/>.
galaxy_info:
author: David Moreau-Simard
description: Role to set up nginx for ara-server and ara-web
license: GPLv3
min_ansible_version: 2.7
platforms:
- name: Fedora
versions:
- 29
- name: Ubuntu
versions:
- bionic
galaxy_tags:
- ansible
- ara
- ara-server
dependencies: []

65
roles/ara_frontend_nginx/tasks/main.yaml
View File

@ -1,65 +0,0 @@
---
# Copyright (c) 2019 Red Hat, Inc.
#
# This file is part of ARA Records Ansible.
#
# ARA Records Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# ARA Records Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with ARA Records Ansible. If not, see <http://www.gnu.org/licenses/>.
- name: Include OS family/distribution specific variables
include_vars: "{{ item }}"
with_first_found:
- "{{ ansible_distribution }}.yaml"
- "{{ ansible_os_family }}.yaml"
- become: yes
block:
- name: Install nginx
package:
name: nginx
state: present
- name: Set selinux boolean to allow nginx to reverse proxy
seboolean:
name: httpd_can_network_connect
state: yes
persistent: yes
when: ansible_os_family == "RedHat"
- when:
- ara_server_frontend_fqdn is defined
- ara_server_wsgi_bind is defined
- ara_server_www_dir is defined
block:
- name: Set up the ara-server nginx vhost
template:
src: "{{ ara_nginx_server_vhost | default('ara-server.conf.j2') }}"
dest: "{{ ara_nginx_config_path }}/ara-server.conf"
notify:
- restart nginx
- name: Enable the nginx configuration on Debian-like systems
file:
src: "{{ ara_nginx_config_path }}/ara-server.conf"
dest: /etc/nginx/sites-enabled/ara-server.conf
state: link
when: ansible_os_family == 'Debian'
notify:
- restart nginx
- name: Enable and start nginx
service:
name: nginx
state: started
enabled: yes
register: ara_nginx_enabled

41
roles/ara_frontend_nginx/templates/ara-server.conf.j2
View File

@ -1,41 +0,0 @@
upstream ara_server {
# fail_timeout=0 means we always retry an upstream even if it failed
# to return a good HTTP response
server {{ ara_server_wsgi_bind }} fail_timeout=0;
}
server {
listen 80;
keepalive_timeout 5;
server_name {{ ara_server_frontend_fqdn }};
access_log /var/log/nginx/{{ ara_server_frontend_fqdn }}_access.log;
error_log /var/log/nginx/{{ ara_server_frontend_fqdn }}_error.log;
# /static contains files from "ara-manage collectstatic"
location /static {
alias {{ ara_server_www_dir }}/static;
expires 1;
access_log off;
add_header Cache-Control "public";
}
# There's nothing at /, redirect it to the actual API for convenience
location / {
return 301 http://{{ ara_server_frontend_fqdn }}/api/v1/;
}
location /api/v1/ {
# checks if the file exists, if not found proxy to app
try_files $uri @proxy_to_app;
}
location @proxy_to_app {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://ara_server;
}
}

21
roles/ara_frontend_nginx/vars/Fedora.yaml
View File

@ -1,21 +0,0 @@
---
# Copyright (c) 2019 Red Hat, Inc.
#
# This file is part of ARA Records Ansible.
#
# ARA Records Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# ARA Records Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with ARA Records Ansible. If not, see <http://www.gnu.org/licenses/>.
ara_nginx_user: nginx
ara_nginx_group: nginx
ara_nginx_config_path: /etc/nginx/conf.d

21
roles/ara_frontend_nginx/vars/Ubuntu.yaml
View File

@ -1,21 +0,0 @@
---
# Copyright (c) 2019 Red Hat, Inc.
#
# This file is part of ARA Records Ansible.
#
# ARA Records Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# ARA Records Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with ARA Records Ansible. If not, see <http://www.gnu.org/licenses/>.
ara_nginx_user: www-data
ara_nginx_group: www-data
ara_nginx_config_path: /etc/nginx/sites-available

73
roles/ara_server/README.rst
View File

@ -1,73 +0,0 @@
ansible-role-ara-server
=======================
This Ansible role provides a framework for installing one or many instances of
`ara-server <https://github.com/openstack/ara-server>`_ in a variety of
opinionated deployment topologies.
It is currently tested and supported against Ubuntu 18.04 and Fedora 29.
Role Variables
==============
See ``defaults/main.yaml``.
TL;DR
=====
This is what the role does by default out of the box:
- Installs required packages
- Creates a user for running ara-server
- Creates standard directories (``/var/lib/ara``, ``/etc/ara``, ``/var/log/ara``, ``/var/www/ara-server``)
- Retrieves ara-server from source
- Installs ara-server in a virtualenv
- Generates a random secret key if none are provided or already configured
- Configures ``/etc/ara/settings.yaml``
- Runs SQL migrations (``ara-manage migrate``)
- Installs gunicorn in the same virtualenv as ara-server
- Sets up a systemd unit file for running ara-server with gunicorn
- Collects static files (``ara-manage collectstatic``) into ``/var/www/ara-server``
- Includes the ``ara_frontend_nginx`` role to install and configure nginx as a reverse proxy to gunicorn
About deployment topologies
===========================
This Ansible role is designed to support different opinionated topologies that
can be selected with role variables.
For example, the following role variables are used to provide the topology from
the ``TL;DR`` above:
- ``ara_server_install_method: source``
- ``ara_server_wsgi_server: gunicorn``
- ``ara_server_database_engine: django.db.backends.sqlite3``
- ``ara_server_frontend_server: nginx``
The intent is that as the role gains support for other install methods,
wsgi servers, frontend servers or database engines, it will be possible to
mix and match according to preference or requirements.
Perhaps ara-server could be installed from pypi and run with uwsgi, nginx and mysql.
Or maybe it could be installed from distribution packages and set up to run with apache, mod_wsgi and postgresql.
Or any combination of any of those.
Copyright
=========
::
Copyright (c) 2019 Red Hat, Inc.
ARA Records Ansible is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
ARA Records Ansible is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with ARA Records Ansible. If not, see <http://www.gnu.org/licenses/>.

171
roles/ara_server/defaults/main.yaml
View File

@ -1,171 +0,0 @@
---
# Copyright (c) 2019 Red Hat, Inc.
#
# This file is part of ARA Records Ansible.
#
# ARA Records Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# ARA Records Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with ARA Records Ansible. If not, see <http://www.gnu.org/licenses/>.
####################################
# ara-server installation settings
####################################
# User that runs the ara-server process and owns the files for the installation.
ara_server_user: ara
# Group for that user
ara_server_group: ara
# Root directories in which data, configuration and logs will be stored
ara_server_home_dir: /var/lib/ara # git repos, virtualenvs, sqlite db
ara_server_config_dir: /etc/ara # settings.yaml
ara_server_log_dir: /var/log/ara # logs
ara_server_www_dir: /var/www/ara-server # django collectstatic assets (html/css/js)
# Whether or not ara-server should be installed in a virtual environment.
# Running ara-server in a virtualenv is recommended to avoid conflicting with
# system-wide python packages.
ara_server_venv: true
# Location where the virtualenv will be stored
ara_server_venv_path: "{{ ara_server_home_dir }}/venv/ara-server"
# How ara-server will be installed
# source (default): installs from a local or remote git repository specified by ara_server_source
# pypi (planned): installs from pypi
ara_server_install_method: source
# Version of ara-server to install
# This can be a git ref (tag, branch, commit) when installing from source or
# it can be a version number released to PyPi.
# When using "latest" as the source version, HEAD will be used
# When using "latest" as the pypi version, the latest release will be used
ara_server_install_version: latest
# The source where the git repository can be cloned from.
# Can be an URL to a git repository or the path to a local repository on disk.
ara_server_source: "https://git.openstack.org/openstack/ara-server"
# Location where ara-server will be checked out when installing from source
ara_server_source_checkout: "{{ ara_server_home_dir }}/git/ara-server"
# The WSGI server for running ara-server's django application
# - gunicorn (default)
# - uwsgi (planned)
# - mod_wsgi (planned)
ara_server_wsgi_server: gunicorn
# Address and port on which the wsgi server will bind
ara_server_wsgi_bind: "127.0.0.1:8000"
# The frontend server for serving the ara-server wsgi
# - nginx (default)
# - apache (planned)
ara_server_frontend_server: nginx
# The domain the frontend server will be listening on
ara_server_frontend_fqdn: api.ara.example.org
####################################
# ara-server configuration settings
# For more information, see documentation: https://ara-server.readthedocs.io/en/latest/configuring.html
####################################
# ARA_BASE_DIR - Default directory for storing data and configuration
ara_server_base_dir: "{{ ara_server_home_dir }}/server"
# ARA_SETTINGS - Path to an ara-server configuration file
ara_server_settings: "{{ ara_server_config_dir }}/settings.yaml"
# ARA_ENV - Environment to load configuration for
ara_server_env: default
# ARA_LOG_LEVEL - Log level of the different components
ara_server_log_level: INFO
# ARA_LOGGING - Python logging configuration
ara_server_logging:
disable_existing_loggers: false
formatters:
normal:
format: '%(asctime)s %(levelname)s %(name)s: %(message)s'
handlers:
console:
class: logging.handlers.TimedRotatingFileHandler
formatter: normal
level: "{{ ara_server_log_level }}"
filename: "{{ ara_server_log_dir }}/server.log"
when: 'midnight'
interval: 1
backupCount: 30
loggers:
ara:
handlers:
- console
level: "{{ ara_server_log_level }}"
propagate: 0
root:
handlers:
- console
level: "{{ ara_server_log_level }}"
version: 1
# ARA_CORS_ORIGIN_ALLOW_ALL - django-cors-headerss CORS_ORIGIN_WHITELIST_ALLOW_ALL setting
ara_server_cors_origin_allow_all: false
# ARA_CORS_ORIGIN_WHITELIST - django-cors-headerss CORS_ORIGIN_WHITELIST setting
ara_server_cors_origin_whitelist:
- "127.0.0.1:8000"
- "localhost:3000"
# ARA_SERVER_ALLOWED_HOSTS - Djangos ALLOWED_HOSTS setting
ara_server_allowed_hosts:
- "127.0.0.1"
- "localhost"
- "::1"
# ARA_DEBUG - Django's DEBUG setting
ara_server_debug: false
# ARA_SECRET_KEY - Django's SECRET_KEY setting
# Note: If no key is provided, a random one will be generated once and persisted
ara_server_secret_key: null
# ARA_STATIC_ROOT - Djangos STATIC_ROOT setting
ara_server_static_root: "{{ ara_server_www_dir }}/static"
# ARA_STATIC_URL - Django's STATIC_URL setting
ara_server_static_url: "/static/"
# ARA_MEDIA_ROOT - Django's MEDIA_ROOT setting
ara_server_media_root: "{{ ara_server_www_dir }}/media"
# ARA_MEDIA_URL - Django's MEDIA_URL setting
ara_server_media_url: "/media/"
# ARA_DATABASE_ENGINE - Djangos ENGINE database setting
ara_server_database_engine: django.db.backends.sqlite3
# ARA_DATABASE_NAME - Djangos NAME database setting
ara_server_database_name: "{{ ara_server_home_dir }}/server/ansible.sqlite"
# ARA_DATABASE_USER - Djangos USER database setting
ara_server_database_user: null
# ARA_DATABASE_PASSWORD - Djangos PASSWORD database setting
ara_server_database_password: null
# ARA_DATABASE_HOST - Djangos HOST database setting
ara_server_database_host: null
# ARA_DATABASE_PORT - Djangos PORT database setting
ara_server_database_port: null

14
roles/ara_server/files/ara-gunicorn.te
View File

@ -1,14 +0,0 @@
module ara-gunicorn 1.0;
require {
type var_lib_t;
type postgresql_db_t;
type init_t;
class file { execute execute_no_trans getattr open read map };
class lnk_file { getattr read };
}
#============= init_t ==============
allow init_t postgresql_db_t:file { getattr open read };
allow init_t var_lib_t:file { execute execute_no_trans map };
allow init_t var_lib_t:lnk_file { getattr read };

30
roles/ara_server/handlers/main.yaml
View File

@ -1,30 +0,0 @@
---
# Copyright (c) 2019 Red Hat, Inc.
#
# This file is part of ARA Records Ansible.
#
# ARA Records Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# ARA Records Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with ARA Records Ansible. If not, see <http://www.gnu.org/licenses/>.
- name: restart ara-server
become: true
service:
name: ara-server
state: restarted
when: ara_server_service_enabled is not changed
# Is there a better way ? Static files are not created with the httpd context
- name: restore selinux context for static files
become: true
command: "restorecon -Rv {{ ara_server_www_dir }}"
when: ansible_os_family == "RedHat"

36
roles/ara_server/meta/main.yaml
View File

@ -1,36 +0,0 @@
---
# Copyright (c) 2019 Red Hat, Inc.
#
# This file is part of ARA Records Ansible.
#
# ARA Records Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# ARA Records Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with ARA Records Ansible. If not, see <http://www.gnu.org/licenses/>.
galaxy_info:
author: David Moreau-Simard
description: Role to set up ara-server
license: GPLv3
min_ansible_version: 2.7
platforms:
- name: Fedora
versions:
- 29
- name: Ubuntu
versions:
- bionic
galaxy_tags:
- ansible
- ara
- ara-server
dependencies: []

104
roles/ara_server/tasks/config.yaml
View File

@ -1,104 +0,0 @@
---
# Copyright (c) 2019 Red Hat, Inc.
#
# This file is part of ARA Records Ansible.
#
# ARA Records Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# ARA Records Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with ARA Records Ansible. If not, see <http://www.gnu.org/licenses/>.
- become: yes
become_user: "{{ ara_server_user }}"
block:
- name: Verify if a configuration file exists
stat:
path: "{{ ara_server_settings }}"
register: settings_stat
# If no secret key has been provided and this isn't the first time we are
# running, recover the secret key from the existing configuration file.
- when:
- ara_server_secret_key is none
- settings_stat.stat.exists
block:
- name: Read the configuration file
command: cat "{{ ara_server_settings }}"
changed_when: false
no_log: yes
register: settings_contents
- name: Recover existing secret key
vars:
config: "{{ settings_contents.stdout | from_yaml }}"
set_fact:
ara_server_secret_key: "{{ config[ara_server_env]['SECRET_KEY'] }}"
no_log: yes
# If no secret key has been provided and this is the first time we are
# running, generate a new random secret key that will be persisted in the
# configuration file.
- when:
- ara_server_secret_key is none
- not settings_stat.stat.exists
block:
- name: Generate a random secret key
environment:
PATH: "{{ path_with_virtualenv | default(omit) }}"
command: python3 -c "from django.utils.crypto import get_random_string; print(get_random_string(length=50))"
no_log: yes
register: generated_key
- name: Set ara_server_secret_key
set_fact:
ara_server_secret_key: "{{ generated_key.stdout }}"
no_log: yes
- name: Reconcile configuration
vars:
reconciled_configuration:
ALLOWED_HOSTS: "{{ ara_server_allowed_hosts }}"
BASE_DIR: "{{ ara_server_base_dir }}"
CORS_ORIGIN_ALLOW_ALL: "{{ ara_server_cors_origin_allow_all }}"
CORS_ORIGIN_WHITELIST: "{{ ara_server_cors_origin_whitelist }}"
DATABASES:
default:
ENGINE: "{{ ara_server_database_engine }}"
NAME: "{{ ara_server_database_name }}"
USER: "{{ ara_server_database_user }}"
PASSWORD: "{{ ara_server_database_password }}"
HOST: "{{ ara_server_database_host }}"
PORT: "{{ ara_server_database_port }}"
DEBUG: "{{ ara_server_debug }}"
LOGGING: "{{ ara_server_logging }}"
LOG_LEVEL: "{{ ara_server_log_level }}"
MEDIA_ROOT: "{{ ara_server_media_root }}"
MEDIA_URL: "{{ ara_server_media_url }}"
STATIC_ROOT: "{{ ara_server_static_root }}"
STATIC_URL: "{{ ara_server_static_url }}"
SECRET_KEY: "{{ ara_server_secret_key }}"
set_fact:
ara_server_configuration: "{'{{ ara_server_env }}': {{ reconciled_configuration }} }"
- name: Configure ara-server
become: yes
copy:
content: |
---
# Managed by the ara_server Ansible role
{{ ara_server_configuration | to_nice_yaml(indent=2) }}
dest: "{{ ara_server_settings }}"
owner: "{{ ara_server_user }}"
group: "{{ ara_server_group }}"
mode: 0750
notify:
- restart ara-server
no_log: yes

34
roles/ara_server/tasks/database_engine/django.db.backends.sqlite3.yaml
View File

@ -1,34 +0,0 @@
---
# Copyright (c) 2019 Red Hat, Inc.
#
# This file is part of ARA Records Ansible.
#
# ARA Records Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# ARA Records Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with ARA Records Ansible. If not, see <http://www.gnu.org/licenses/>.
- become: yes
become_user: "{{ ara_server_user }}"
block:
- name: Ensure the database directory exists
file:
path: "{{ ara_server_database_name | dirname }}"
state: directory
owner: "{{ ara_server_user }}"
group: "{{ ara_server_group }}"
mode: 0750
- name: Run SQL migrations
environment:
ARA_SETTINGS: "{{ ara_server_settings }}"
PATH: "{{ path_with_virtualenv | default(omit) }}"
command: ara-manage migrate

55
roles/ara_server/tasks/install/source.yaml
View File

@ -1,55 +0,0 @@
---
# Copyright (c) 2019 Red Hat, Inc.
#
# This file is part of ARA Records Ansible.
#
# ARA Records Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# ARA Records Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with ARA Records Ansible. If not, see <http://www.gnu.org/licenses/>.
# Zuul takes care of preparing the source repository but we need to make it
# available to the ara user.
- when: zuul is defined
become: yes
block:
- name: Ensure git checkout directory exists
become_user: "{{ ara_server_user }}"
file:
path: "{{ ara_server_source_checkout | dirname }}"
state: directory
# Files will be owned by the Zuul user but allow for reading, we don't need
# to adjust permissions for this.
- name: Copy Zuul git repository for ara-server
command: "cp -r {{ ansible_user_dir }}/src/git.openstack.org/openstack/ara-server {{ ara_server_source_checkout }}"
- become: yes
become_user: "{{ ara_server_user }}"
block:
- name: Prepare git repository for ara-server
git:
repo: "{{ ara_server_source }}"
dest: "{{ ara_server_source_checkout }}"
version: "{{ (ara_server_install_version == 'latest') | ternary('HEAD', ara_server_install_version) }}"
when: zuul is not defined
- name: Install ara-server
pip:
name: "{{ ara_server_source_checkout }}"
state: present
virtualenv: "{{ ara_server_venv | bool | ternary(ara_server_venv_path, omit) }}"
virtualenv_python: python3
- name: Prefix the virtualenv bin directory to PATH
set_fact:
path_with_virtualenv: "{{ ara_server_venv_path }}/bin:{{ ansible_env.PATH }}"
when: ara_server_venv | bool

55
roles/ara_server/tasks/main.yaml
View File

@ -1,55 +0,0 @@
---
# Copyright (c) 2019 Red Hat, Inc.
#
# This file is part of ARA Records Ansible.
#
# ARA Records Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# ARA Records Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with ARA Records Ansible. If not, see <http://www.gnu.org/licenses/>.
- name: Set up pre-requirements
include_tasks: pre-requirements.yaml
- name: Include ara-server installation
include_tasks: "install/{{ ara_server_install_method }}.yaml"
- name: Include ara-server configuration
include_tasks: config.yaml
- name: Include database engine configuration
include_tasks: "database_engine/{{ ara_server_database_engine }}.yaml"
- name: Include backend server installation
include_tasks: "wsgi_server/{{ ara_server_wsgi_server }}.yaml"
- name: Create web asset directory
become: yes
file:
path: "{{ ara_server_www_dir }}"
state: directory
owner: "{{ ara_server_user }}"
group: "{{ ara_server_group }}"
mode: 0755
- name: Collect static files
become: yes
become_user: "{{ ara_server_user }}"
environment:
ARA_SETTINGS: "{{ ara_server_settings }}"
PATH: "{{ path_with_virtualenv | default(omit) }}"
command: ara-manage collectstatic --clear --no-input
notify:
- restore selinux context for static files
- name: Include frontend server installation
include_role:
name: "ara_frontend_{{ ara_server_frontend_server }}"

63
roles/ara_server/tasks/pre-requirements.yaml
View File

@ -1,63 +0,0 @@
---
# Copyright (c) 2019 Red Hat, Inc.
#
# This file is part of ARA Records Ansible.
#
# ARA Records Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# ARA Records Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with ARA Records Ansible. If not, see <http://www.gnu.org/licenses/>.
# The ansible_python_version fact might end up retrieving the version of
# python2 so we need to explicitely get the version of python 3 available.
- name: Validate availability of Python 3.6
command: /usr/bin/python3 -c 'import sys; print(".".join(map(str, sys.version_info[:2])))'
changed_when: false
failed_when: false
register: python_version
- name: Fail pre-emptively if running Python <3.6
fail:
msg: "Python >=3.6 is required to run ara-server"
when: python_version.stdout is version('3.6', '<') or python_version.rc != 0
- name: Include OS family/distribution specific variables
include_vars: "{{ item }}"
with_first_found:
- "{{ ansible_distribution }}.yaml"
- "{{ ansible_os_family }}.yaml"
- become: true
block:
- name: Install required packages
package:
name: "{{ ara_server_required_packages }}"
state: present
- name: Create user for ara-server
user:
name: "{{ ara_server_user }}"
comment: User for ARA Records Ansible
shell: /sbin/nologin
home: "{{ ara_server_home_dir }}"
- name: Ensure required directories are created with the right permissions
file:
path: "{{ item }}"
state: directory
owner: "{{ ara_server_user }}"
group: "{{ ara_server_group }}"
mode: 0750
loop:
- "{{ ara_server_home_dir }}"
- "{{ ara_server_base_dir }}"
- "{{ ara_server_config_dir }}"
- "{{ ara_server_log_dir }}"

64
roles/ara_server/tasks/wsgi_server/gunicorn.yaml
View File

@ -1,64 +0,0 @@
---
# Copyright (c) 2019 Red Hat, Inc.
#
# This file is part of ARA Records Ansible.
#
# ARA Records Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# ARA Records Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with ARA Records Ansible. If not, see <http://www.gnu.org/licenses/>.
- become: yes
become_user: "{{ ara_server_user }}"
block:
- name: Install gunicorn
pip:
name: gunicorn
state: present
virtualenv: "{{ ara_server_venv | bool | ternary(ara_server_venv_path, omit) }}"
virtualenv_python: python3
- when: ansible_os_family == "RedHat"
block:
- name: Transfer gunicorn selinux type enforcement file
copy:
src: ara-gunicorn.te
dest: "{{ ara_server_home_dir }}/ara-gunicorn.te"
- name: Compile ara-gunicorn selinux module
command: "checkmodule -M -m -o {{ ara_server_home_dir }}/ara-gunicorn.mod {{ ara_server_home_dir }}/ara-gunicorn.te"
- name: Compile ara-gunicorn selinux policy package
command: "semodule_package -o {{ ara_server_home_dir }}/ara-gunicorn.pp -m {{ ara_server_home_dir }}/ara-gunicorn.mod"
- become: yes
block:
- name: Install selinux policy package
command: "semodule -i {{ ara_server_home_dir }}/ara-gunicorn.pp"
when: ansible_os_family == "RedHat"
- name: Set up systemd unit file for gunicorn
template:
src: ara-server.service.j2
dest: /etc/systemd/system/ara-server.service
owner: root
group: root
mode: 0644
notify:
- restart ara-server
- name: Enable and start ara-server with gunicorn
service:
name: ara-server
state: started
enabled: yes
daemon_reload: yes
register: ara_server_service_enabled

22
roles/ara_server/templates/ara-server.service.j2
View File

@ -1,22 +0,0 @@
[Unit]
Description=ARA Records Ansible API server with gunicorn
After=network.target
[Service]
PIDFile=/run/ara-server/pid
User={{ ara_server_user }}
Group={{ ara_server_group }}
RuntimeDirectory=ara-server
WorkingDirectory={{ ara_server_home_dir }}
Environment=ARA_SETTINGS={{ ara_server_settings }}
{% if ara_server_venv %}
ExecStart={{ ara_server_venv_path }}/bin/gunicorn --pid /run/ara-server/pid --workers=4 --bind {{ ara_server_wsgi_bind }} ara.server.wsgi
{% else %}
ExecStart=gunicorn --pid /run/ara-server/pid --workers=4 --bind {{ ara_server_wsgi_bind }} ara.server.wsgi
{% endif %}
ExecReload=/bin/kill -s HUP $MAINPID
ExecStop=/bin/kill -s TERM $MAINPID
PrivateTmp=true
[Install]
WantedBy=multi-user.target

23
roles/ara_server/vars/Fedora.yaml
View File

@ -1,23 +0,0 @@
---
# Copyright (c) 2019 Red Hat, Inc.
#
# This file is part of ARA Records Ansible.
#
# ARA Records Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# ARA Records Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with ARA Records Ansible. If not, see <http://www.gnu.org/licenses/>.
ara_server_required_packages:
- git
- python3-virtualenv
- libselinux-python
- policycoreutils-python-utils

21
roles/ara_server/vars/Ubuntu.yaml
View File

@ -1,21 +0,0 @@
---
# Copyright (c) 2019 Red Hat, Inc.
#
# This file is part of ARA Records Ansible.
#
# ARA Records Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# ARA Records Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with ARA Records Ansible. If not, see <http://www.gnu.org/licenses/>.
ara_server_required_packages:
- git
- python3-venv

37
roles/integration-tests/defaults/main.yaml
View File

@ -1,37 +0,0 @@
---
# Copyright (c) 2018 Red Hat, Inc.
#
# This file is part of ARA Records Ansible.
#
# ARA is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# ARA is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with ARA. If not, see <http://www.gnu.org/licenses/>.
# Root directory where integration tests will prepare and store data
integration_root: "/tmp/ara-integration-tests"
# Directory where the virtualenv will be created
integration_virtualenv: "{{ integration_root }}/venv"
# Directory where ARA_BASE_DIR will be set
integration_data: "{{ integration_root }}/data"
# Whether the root directory should be cleaned up between runs
integration_cleanup: true
# Name of the Ansible package
# This can be "ansible" which will use pip or it could be something like
# /home/user/git/ansible as well as git+https://github.com/ansible/ansible
integration_ansible_name: ansible
# Version of Ansible from pypi to install
integration_ansible_version: latest

139
roles/integration-tests/tasks/main.yaml
View File

@ -1,139 +0,0 @@
---
# Copyright (c) 2018 Red Hat, Inc.
#
# This file is part of ARA Records Ansible.
#
# ARA is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# ARA is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with ARA. If not, see <http://www.gnu.org/licenses/>.
- name: Clean up integration test root
file:
path: "{{ integration_root }}"
state: absent
when: integration_cleanup | bool
- name: Create integration test root
file:
path: "{{ integration_root }}"
state: directory
# Zuul already prepares the src repository on the remote node
- name: Symlink Zuul repositories to integration test root
file:
src: "{{ item }}"
dest: "{{ integration_root }}/{{ item | basename }}"
state: link
loop:
- "{{ ansible_user_dir }}/src/git.openstack.org/openstack/ara-infra"
- "{{ ansible_user_dir }}/src/git.openstack.org/openstack/ara-clients"
- "{{ ansible_user_dir }}/src/git.openstack.org/openstack/ara-plugins"
- "{{ ansible_user_dir }}/src/git.openstack.org/openstack/ara-server"
when: zuul is defined
- when: zuul is not defined
block:
- name: Prepare git repositories when not using Zuul
git:
repo: "{{ item }}"
dest: "{{ integration_root }}/{{ item | basename }}"
depth: 1
force: yes
loop:
- "https://git.openstack.org/openstack/ara-clients"
- "https://git.openstack.org/openstack/ara-plugins"
- "https://git.openstack.org/openstack/ara-server"
# git rev-parse --show-toplevel returns the root git directory
# We are synchronizing the current repository rather than cloning it in
# order to be able to test local (unmerged) code if necessary.
- name: Synchronize ara-infra to integration root
synchronize:
src: "{{ lookup('pipe', 'git rev-parse --show-toplevel') }}"
dest: "{{ integration_root }}/"
delete: yes
# If a version is not explicitly set we want to make sure to
# completely omit the version argument to pip, as it will be coming
# from the long-form integration_ansible_name variable. Additionally, if
# the version is the special value "latest", then we also want to omit
# any version number, but also set the package state to "latest".
- name: Set Ansible version for installation
set_fact:
_install_ansible_version: "{{ integration_ansible_version }}"
when: integration_ansible_version not in ("", "latest")
- name: Set Ansible package state for installation
set_fact:
_install_ansible_state: latest
when: integration_ansible_version == "latest"
- name: Initialize virtual environment with Ansible
pip:
name: "{{ integration_ansible_name }}"
version: "{{ _install_ansible_version | default(omit, True) }}"
state: "{{ _install_ansible_state | default(omit, True) }}"
virtualenv: "{{ integration_virtualenv }}"
virtualenv_python: python3
- name: Install ARA packages in virtual environment for integration tests
pip:
name:
- "{{ integration_root }}/ara-clients"
- "{{ integration_root }}/ara-plugins"
- "{{ integration_root }}/ara-server"
state: present
virtualenv: "{{ integration_virtualenv }}"
virtualenv_python: python3
- name: Get ARA plugins directory
command: "{{ integration_root }}/venv/bin/python -m ara.plugins"
register: ara_plugins
# These aren't in the same task (i.e, with loop) so we can tell individual test
# runs apart easily rather than keeping all the output bundled in a single task.
# TODO: Add validation for the tests
- environment:
ANSIBLE_CALLBACK_PLUGINS: "{{ ara_plugins.stdout }}/callback"
ANSIBLE_ACTION_PLUGINS: "{{ ara_plugins.stdout }}/action"
ARA_DEBUG: true
ARA_LOG_LEVEL: DEBUG
ARA_BASE_DIR: "{{ integration_data }}"
ARA_SECRET_KEY: testing
vars:
ansible_playbook: "{{ integration_virtualenv }}/bin/ansible-playbook -vvv"
test_root: "{{ integration_root }}/ara-infra/tests/integration"
block:
# smoke.yaml tests setting ara_playbook_name in one of three plays
- name: Run smoke.yaml integration test
command: "{{ ansible_playbook }} {{ test_root }}/smoke.yaml"
- name: Run hosts.yaml integration test
command: "{{ ansible_playbook }} {{ test_root }}/hosts.yaml"
- name: Run import.yaml integration test
command: "{{ ansible_playbook }} {{ test_root }}/import.yaml"
# Tests setting ara_playbook_name as an extra var
- name: Run failed.yaml integration test
command: >
{{ ansible_playbook }} {{ test_root }}/failed.yaml -e ara_playbook_name="Failed playbook"
ignore_errors: yes
- name: Run incomplete.yaml integration test
shell: |
{{ ansible_playbook }} {{ test_root }}/incomplete.yaml &
sleep 5
kill $!
args:
executable: /bin/bash
ignore_errors: yes

37
tests/integration-post.yaml
View File

@ -1,37 +0,0 @@
---
# Copyright (c) 2018 Red Hat, Inc.
#
# This file is part of ARA Records Ansible.
#
# ARA is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# ARA is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with ARA. If not, see <http://www.gnu.org/licenses/>.
- name: Integration tests post-run
hosts: all
gather_facts: yes
tasks:
- name: Create server log directory
file:
path: "{{ ansible_user_dir }}/workspace/logs"
state: directory
recurse: yes
- name: Recover integration test data
command: cp -rp /tmp/ara-integration-tests/data {{ ansible_user_dir }}/workspace/logs/data
- name: Upload log artifacts
synchronize:
src: "{{ ansible_user_dir }}/workspace/logs"
dest: "{{ zuul.executor.log_root }}"
mode: pull
verify_host: true

25
tests/integration/failed.yaml
View File

@ -1,25 +0,0 @@
---
# Copyright (c) 2018 Red Hat, Inc.
#
# This file is part of ARA Records Ansible.
#
# ARA is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# ARA is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with ARA. If not, see <http://www.gnu.org/licenses/>.
- name: Failed playbook
hosts: localhost
tasks:
- fail:
msg: "This is a failed playbook"
tags:
- skip_ansible_lint

48
tests/integration/hosts.yaml
View File

@ -1,48 +0,0 @@
---
# Copyright (c) 2018 Red Hat, Inc.
#
# This file is part of ARA Records Ansible.
#
# ARA is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# ARA is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with ARA. If not, see <http://www.gnu.org/licenses/>.
- name: Create fake hosts for host tests
hosts: localhost
gather_facts: yes
tasks:
- name: Add fake hosts in inventory
add_host:
name: "{{ item }}"
ansible_host: "127.0.0.1"
ansible_connection: "local"
with_items:
- host1
- host2
- host3
- name: ARA Hosts test play
hosts: all
gather_facts: yes
tasks:
- name: Ping
ping:
- name: Do something only on host1
set_fact:
something: 'done'
when: inventory_hostname == 'host1'
- name: Fail something only on host2
command: /bin/false
when: inventory_hostname == 'host2'
ignore_errors: true

20
tests/integration/import.yaml
View File

@ -1,20 +0,0 @@
---
# Copyright (c) 2018 Red Hat, Inc.
#
# This file is part of ARA Records Ansible.
#
# ARA is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# ARA is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with ARA. If not, see <http://www.gnu.org/licenses/>.
- import_playbook: imported.yaml

34
tests/integration/imported.yaml
View File

@ -1,34 +0,0 @@
---
# Copyright (c) 2018 Red Hat, Inc.
#
# This file is part of ARA Records Ansible.
#
# ARA is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# ARA is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with ARA. If not, see <http://www.gnu.org/licenses/>.
# Tests for the new import tasks from Ansible 2.4
- name: Import a role
hosts: localhost
gather_facts: no
tasks:
- name: Import role
import_role:
name: imported-role
- name: Include a role
hosts: localhost
gather_facts: no
tasks:
- name: Include role
include_role:
name: imported-role

34
tests/integration/include_role.yaml
View File

@ -1,34 +0,0 @@
---
# Copyright (c) 2018 Red Hat, Inc.
#
# This file is part of ARA Records Ansible.
#
# ARA is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# ARA is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with ARA. If not, see <http://www.gnu.org/licenses/>.
# Tests for https://github.com/ansible/ansible/issues/30385
- name: Test include role without static
hosts: localhost
gather_facts: no
tasks:
- name: Include role without static
include_role:
name: included-role
- name: Test include role with static
hosts: localhost
gather_facts: no
tasks:
- name: Include role with static
include_role:
name: included-role

27
tests/integration/incomplete.yaml
View File

@ -1,27 +0,0 @@
---
# Copyright (c) 2018 Red Hat, Inc.
#
# This file is part of ARA Records Ansible.
#
# ARA is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# ARA is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with ARA. If not, see <http://www.gnu.org/licenses/>.
- name: Incomplete playbook
hosts: localhost
gather_facts: no
tasks:
- debug:
msg: "This playbook is meant to be interrupted"
- name: Sleep for thirty seconds
command: sleep 30
changed_when: false

20
tests/integration/roles/imported-role/defaults/main.yaml
View File

@ -1,20 +0,0 @@
---
# Copyright (c) 2018 Red Hat, Inc.
#
# This file is part of ARA Records Ansible.
#
# ARA is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# ARA is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with ARA. If not, see <http://www.gnu.org/licenses/>.
role_message: "This message is from an imported role"
task_message: "This message is from an imported task in an imported role"

20
tests/integration/roles/imported-role/tasks/imported-task.yaml
View File

@ -1,20 +0,0 @@
---
# Copyright (c) 2018 Red Hat, Inc.
#
# This file is part of ARA Records Ansible.
#
# ARA is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# ARA is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with ARA. If not, see <http://www.gnu.org/licenses/>.
- debug:
msg: "{{ task_message }}"

23
tests/integration/roles/imported-role/tasks/main.yaml
View File

@ -1,23 +0,0 @@
---
# Copyright (c) 2018 Red Hat, Inc.
#
# This file is part of ARA Records Ansible.
#
# ARA is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# ARA is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with ARA. If not, see <http://www.gnu.org/licenses/>.
- name: Import task
import_tasks: imported-task.yaml
- name: Include task
include_tasks: imported-task.yaml

20
tests/integration/roles/included-role/defaults/main.yaml
View File

@ -1,20 +0,0 @@
---
# Copyright (c) 2018 Red Hat, Inc.
#
# This file is part of ARA Records Ansible.
#
# ARA is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# ARA is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with ARA. If not, see <http://www.gnu.org/licenses/>.
role_message: "This message is from an included role"
task_message: "This message is from an included task in an included role"

20
tests/integration/roles/included-role/tasks/included-task.yaml
View File

@ -1,20 +0,0 @@
---
# Copyright (c) 2018 Red Hat, Inc.
#
# This file is part of ARA Records Ansible.
#
# ARA is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# ARA is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with ARA. If not, see <http://www.gnu.org/licenses/>.
- debug:
msg: "{{ task_message }}"

20
tests/integration/roles/included-role/tasks/main.yaml
View File

@ -1,20 +0,0 @@
---
# Copyright (c) 2018 Red Hat, Inc.
#
# This file is part of ARA Records Ansible.
#
# ARA is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# ARA is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with ARA. If not, see <http://www.gnu.org/licenses/>.
- debug:
msg: "{{ role_message }}"

29
tests/integration/roles/smoke-tests/defaults/main.yaml
View File

@ -1,29 +0,0 @@
---
# Copyright (c) 2018 Red Hat, Inc.
#
# This file is part of ARA Records Ansible.
#
# ARA is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# ARA is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with ARA. If not, see <http://www.gnu.org/licenses/>.
list_items:
- one
- two
dict_items:
one:
name: "key-one"
value: "value-one"
two:
name: "key-two"
value: "value-two"

199
tests/integration/roles/smoke-tests/tasks/ara-ops.yaml
View File

@ -1,199 +0,0 @@
---
# Copyright (c) 2018 Red Hat, Inc.
#
# This file is part of ARA Records Ansible.
#
# ARA is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# ARA is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with ARA. If not, see <http://www.gnu.org/licenses/>.
# Ensure no_log is respected
- name: Print normal data
debug:
msg: "normal data"
- name: Print confidential data
debug:
msg: "confidential data"
no_log: "yes"
# ARA record and read modules specific tests
- name: Record data with no type
ara_record:
key: "notype"
value: "text"
register: notype
- name: Validate notype key
assert:
that:
- notype.key == "notype"
- notype.value == "text"
- notype.type == "text"
- name: Update notype key with specified playbook
ara_record:
playbook_id: "{{ notype.playbook_id }}"
key: "notype"
value: "updated text"
type: "text"
register: notype_update
- name: Validate notype key
assert:
that:
- notype_update.key == "notype"
- notype_update.value == "updated text"
- notype_update.type == "text"
- name: Record data with text type
ara_record:
key: "foo"
value: "bar"
type: "text"
- name: Update existing key's value and type
ara_record:
key: "foo"
value: "http://barfoo"
type: "url"
register: foo
- name: Validate foo key
assert:
that:
- foo.key == "foo"
- foo.value == "http://barfoo"
- foo.type == "url"
- name: Add another k/v pair with ara_record
ara_record:
key: "bar"
value: '{ "foo": "bar" }'
type: "json"
register: bar
- name: Validate bar key
assert:
that:
- bar.key == "bar"
- "bar.value == '{ \"foo\": \"bar\" }'"
- bar.type == "json"
- name: Record a list value
vars:
someitems:
- one
- two
- three
- go
ara_record:
key: "somelist"
value: "{{ someitems }}"
type: "list"
register: somelist
- name: Validate somelist key
vars:
someitems:
- one
- two
- three
- go
assert:
that:
- somelist.key == "somelist"
- somelist.value == someitems
- somelist.type == "list"
- name: Record a dict value
vars:
dictdata:
foo: "bar"
bar: "foo"
ara_record:
key: "somedict"
value: "{{ dictdata }}"
type: "dict"
register: somedict
- name: Validate somedict key
vars:
dictdata:
foo: "bar"
bar: "foo"
assert:
that:
- somedict.key == "somedict"
- somedict.value == dictdata
- somedict.type == "dict"
- name: Record a list as a text type
vars:
list:
- foo
- bar
ara_record:
key: "list_as_text"
value: "{{ list }}"
type: "text"
register: list_as_text
# The key is still recorded as an actual list, however, it will be rendered
# as text in the UI.
- name: Validate list_as_text key
vars:
list:
- foo
- bar
assert:
that:
- list_as_text.key == "list_as_text"
- list_as_text.value == list
- list_as_text.value != "[u'foo', u'bar']"
- list_as_text.type == "text"
# Things that should fail
- name: Record with no key
ara_record:
value: "value"
ignore_errors: "yes"
register: nokey
- name: Validate nokey failure
assert:
that:
- nokey.failed
- name: Record with no value
ara_record:
key: "key"
ignore_errors: "yes"
register: novalue
- name: Validate novalue failure
assert:
that:
- novalue.failed
- name: Record with invalid type
ara_record:
key: "key"
value: "value"
type: "hadoop"
ignore_errors: "yes"
register: invalid
- name: Validate invalid failure
assert:
that:
- invalid.failed

23
tests/integration/roles/smoke-tests/tasks/main.yaml
View File

@ -1,23 +0,0 @@
---
# Copyright (c) 2018 Red Hat, Inc.
#
# This file is part of ARA Records Ansible.
#
# ARA is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# ARA is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with ARA. If not, see <http://www.gnu.org/licenses/>.
- name: Deferred setup
setup:
- include_tasks: ara-ops.yaml
- include_tasks: test-ops.yaml

56
tests/integration/roles/smoke-tests/tasks/test-ops.yaml
View File

@ -1,56 +0,0 @@
---
# Copyright (c) 2018 Red Hat, Inc.
#
# This file is part of ARA Records Ansible.
#
# ARA is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# ARA is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with ARA. If not, see <http://www.gnu.org/licenses/>.
# Tests some things around blocks, failures and rescues
- block:
- name: Debug message
debug:
msg: "Successful debug task"
- name: Return false
command: /bin/false
- name: Command that should not run
debug:
msg: "This should never run"
rescue:
- name: Rescue task
debug:
msg: "Rescue was called successfully"
always:
- name: Task that should always run
debug:
msg: "This should always be printed"
- name: Test a skipped task
debug:
msg: "This is skipped"
when: false
- name: Test with_items
debug:
msg: "{{ item }}"
with_items: "{{ list_items }}"
- name: Test with_dict
debug:
msg: "{{ item.value.name }}: {{ item.value.value }}"
with_dict: "{{ dict_items }}"
- name: Test for XSS
command: echo "<script>alert(document.cookie)</script>"
changed_when: False

55
tests/integration/smoke.yaml
View File

@ -1,55 +0,0 @@
---
# Copyright (c) 2018 Red Hat, Inc.
#
# This file is part of ARA Records Ansible.
#
# ARA is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# ARA is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with ARA. If not, see <http://www.gnu.org/licenses/>.
- name: ARA Tasks test play
hosts: localhost
gather_facts: no
vars:
ara_playbook_name: Smoke tests
tasks:
- name: ARA Integration test
debug:
msg: "ARA Integration test"
tags:
- tagged
roles:
- { role: "smoke-tests" }
- name: Add a host with non-ascii characters
hosts: localhost
gather_facts: no
tasks:
- name: Add a host with non-ascii character
add_host:
name: "höstñämë"
ansible_host: "127.0.0.1"
ansible_connection: "local"
tags:
- untag
- verytag
- name: Play with non-ascii characters - ä, ö, ü
hosts: höstñämë
gather_facts: yes
tasks:
- name: Task with non-ascii characters - ä, ö, ü
debug:
msg: "This is a task result with non-ascii characters: ä, ö, ü"
tags:
- untag
- verytag

35
tests/role-integration-pre.yaml
View File

@ -1,35 +0,0 @@
---
# Copyright (c) 2018 Red Hat, Inc.
#
# This file is part of ARA Records Ansible.
#
# ARA is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# ARA is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with ARA. If not, see <http://www.gnu.org/licenses/>.
- name: Role integration pre-run
hosts: all
gather_facts: yes
tasks:
# The images built with diskimage-builder by the OpenStack infrastructure
# currently installs the virtualenv packages on Fedora and adds them to the
# exclude list in /etc/dnf/dnf.conf.
# Work around this since it prevents the role from working properly.
# When it attempts to install python3-virtualenv, it won't be found because of the exclude.
# Reference: https://github.com/openstack/diskimage-builder/blob/5b1844acf99d3797b1bbe02601e5ce94308cab55/diskimage_builder/elements/pip-and-virtualenv/install.d/pip-and-virtualenv-source-install/04-install-pip#L134
- name: Remove DNF excludes for Fedora
become: yes
lineinfile:
path: /etc/dnf/dnf.conf
regexp: "^exclude="
state: absent
when: ansible_distribution == "Fedora"