forked from freeipa/ansible-freeipa
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
upstream ci: Add support for testing ipaserver deployment
This patch provides the base for testing ipaserver role using Azure's infrastructure. By using containers prepared to thave FreeIPA installed, but unconfigured, allows the use of a test matrix to test the behavior of modules in differnt IPA configurations. It also improves tests by allowing the creation of a test matrix of FreeIPA deployment. A new pipeline script is provided, which can be used as a standalone pipeline, os as part of an existing pipeline. The script 'tests/server_role/inventory.py' is used to create inventory files for the tests, which should be executed using the existing 'install-server.yml' playbook. More information on how to generate different inventories can be found in the accompanying README file 'tests/server_role/README.md'.
- Loading branch information
Showing
5 changed files
with
257 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,53 @@ | ||
--- | ||
schedules: | ||
- cron: "0 19 * * *" | ||
displayName: Nightly Builds | ||
branches: | ||
include: | ||
- master | ||
always: true | ||
|
||
trigger: none | ||
|
||
pool: | ||
vmImage: 'ubuntu-22.04' | ||
|
||
stages: | ||
|
||
# Fedora | ||
|
||
- stage: FedoraLatest_Ansible_Core_2_15 | ||
dependsOn: [] | ||
jobs: | ||
- template: templates/deployment_tests.yml | ||
parameters: | ||
build_number: $(Build.BuildNumber) | ||
scenario: fedora-latest | ||
ansible_version: "-core >=2.15,<2.16" | ||
|
||
- stage: FedoraLatest_Ansible_Core_2_16 | ||
dependsOn: [] | ||
jobs: | ||
- template: templates/deployment_tests.yml | ||
parameters: | ||
build_number: $(Build.BuildNumber) | ||
scenario: fedora-latest | ||
ansible_version: "-core >=2.16,<2.17" | ||
|
||
#- stage: FedoraLatest_Ansible_Core_2_17 | ||
# dependsOn: [] | ||
# jobs: | ||
# - template: templates/deployment_tests.yml | ||
# parameters: | ||
# build_number: $(Build.BuildNumber) | ||
# scenario: fedora-latest | ||
# ansible_version: "-core >=2.17,<2.18" | ||
|
||
- stage: FedoraLatest_Ansible_latest | ||
dependsOn: [] | ||
jobs: | ||
- template: templates/deployment_tests.yml | ||
parameters: | ||
build_number: $(Build.BuildNumber) | ||
scenario: fedora-latest | ||
ansible_version: "" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,70 @@ | ||
--- | ||
parameters: | ||
- name: scenario | ||
type: string | ||
default: fedora-latest | ||
- name: ansible_version | ||
type: string | ||
default: "" | ||
- name: python_version | ||
type: string | ||
default: 3.x | ||
- name: build_number | ||
type: string | ||
|
||
jobs: | ||
- job: Test_Deployment | ||
displayName: Run deployment tests ${{ parameters.scenario }} | ||
timeoutInMinutes: 240 | ||
steps: | ||
- task: UsePythonVersion@0 | ||
inputs: | ||
versionSpec: '${{ parameters.python_version }}' | ||
|
||
- script: | | ||
pip install "ansible${{ parameters.ansible_version }}" | ||
retryCountOnTaskFailure: 5 | ||
displayName: Install Ansible | ||
- script: ansible-galaxy collection install community.docker ansible.posix | ||
retryCountOnTaskFailure: 5 | ||
displayName: Install Ansible collections | ||
|
||
- script: pip install -r requirements-tests.txt | ||
retryCountOnTaskFailure: 5 | ||
displayName: Install dependencies | ||
|
||
- script: | | ||
rm -rf ~/.ansible/plugins ~/.ansible/roles | ||
ln -snf "$(realpath plugins)" ~/.ansible/plugins | ||
ln -snf "$(realpath roles)" ~/.ansible/roles | ||
ls -l ~/.ansible | ||
docker pull ${SCENARIO_IMAGE} | ||
env: | ||
SCENARIO_IMAGE: quay.io/ansible-freeipa/upstream-tests:raw-${{ parameters.scenario }} | ||
retryCountOnTaskFailure: 5 | ||
displayName: Setup test environment | ||
- script: tests/server_role/inventory.py | tee inventory.yml | ||
displayName: Create inventory files | ||
|
||
- script: | | ||
# remove stray container | ||
docker rm --force ${{ parameters.scenario }} >&2 2>/dev/null | ||
# run test | ||
docker run -d --privileged --name ${IPA_CONTAINER} --hostname ${IPA_HOSTNAME} ${SCENARIO_IMAGE} | ||
ansible-playbook -i inventory.yml tests/server_role/ipv6config.yml | ||
ansible-playbook -i inventory.yml playbooks/install-server.yml | ||
# Run tests to verify installation | ||
ansible-playbook -i inventory.yml tests/user/test_user.yml | ||
displayName: Run deployment tests | ||
env: | ||
SCENARIO_IMAGE: quay.io/ansible-freeipa/upstream-tests:raw-${{ parameters.scenario }} | ||
IPA_CONTAINER: ipaserver_test_container | ||
IPA_HOSTNAME: ipaserver.test.local | ||
- task: PublishTestResults@2 | ||
inputs: | ||
mergeTestResults: true | ||
testRunTitle: DeploymentTests-Build${{ parameters.build_number }} | ||
condition: succeededOrFailed() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
This file should include how to test ipaserver. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,111 @@ | ||
#!/usr/bin/env python | ||
"""Dynamic inventory to test ipaserver role.""" | ||
|
||
import os | ||
import sys | ||
from collections import namedtuple | ||
|
||
try: | ||
import yaml | ||
|
||
inventory_to_string = yaml.dump | ||
except ImportError: | ||
import json | ||
|
||
inventory_to_string = json.dumps | ||
|
||
Config = namedtuple( | ||
"Config", | ||
""" | ||
engine | ||
container | ||
hostname | ||
ipa_domain | ||
ipa_realm | ||
setup_kra | ||
setup_dns | ||
dns_no_forwarders | ||
dns_auto_reverse | ||
setup_adtrust | ||
ipa_netbios_name | ||
""", | ||
) | ||
|
||
|
||
def to_boolean(value): | ||
return value.lower() == "true" | ||
|
||
|
||
def get_inventory_data(config): | ||
"""Generate inventory based on given configuration.""" | ||
return { | ||
"all": { | ||
"children": { | ||
"ipaserver": { | ||
"hosts": { | ||
"ipa_server": { | ||
"ansible_connection": config.engine, | ||
"ansible_host": config.container, | ||
}, | ||
}, | ||
"vars": { | ||
# KRA | ||
"ipaserver_setup_kra": config.setup_kra, | ||
# DNS | ||
"ipaserver_setup_dns": config.setup_dns, | ||
"ipaserver_no_forwarders": config.dns_no_forwarders, | ||
"ipaserver_auto_reverse": config.dns_auto_reverse, | ||
# AD Trust | ||
"ipaserver_setup_adtrust": config.setup_adtrust, | ||
"ipaserver_netbios_name": config.ipa_netbios_name, | ||
# adjtimex fails on container, so do not set ntp | ||
"ipaclient_no_ntp": True, | ||
# server configuration | ||
"ipaserver_hostname": config.hostname, | ||
}, | ||
}, | ||
}, | ||
"vars": { | ||
# server/realm | ||
"ipaserver_domain": config.ipa_domain, | ||
"ipaserver_realm": config.ipa_realm, | ||
# passwords | ||
"ipaadmin_password": "SomeADMINpassword", | ||
"ipadm_password": "SomeDMpassword", | ||
}, | ||
}, | ||
} | ||
|
||
|
||
def gen_default_inventory(): | ||
default_hostname = "ipaserver.test.local" | ||
ipa_hostname = os.environ.get("IPA_HOSTNAME", default_hostname).split(".") | ||
|
||
setup_dns = to_boolean(os.environ.get("SETUP_DNS", "False")) | ||
|
||
config = Config( | ||
engine=( | ||
"containers.podman.podman" | ||
if "--podman" in sys.argv | ||
else "community.docker.docker" | ||
), | ||
container=os.environ.get("IPA_CONTAINER", "ipaserver_test_container"), | ||
hostname=".".join(ipa_hostname), | ||
ipa_domain=os.environ.get("IPA_DOMAIN", ".".join(ipa_hostname[1:])), | ||
ipa_realm=os.environ.get( | ||
"IPA_REALM", ".".join(ipa_hostname[1:]).upper() | ||
), | ||
setup_kra=to_boolean(os.environ.get("SETUP_KRA", "False")), | ||
setup_dns=setup_dns, | ||
dns_no_forwarders=os.environ.get("DNS_NO_FORWARDERS", setup_dns), | ||
dns_auto_reverse=os.environ.get("DNS_AUTO_REVERSE", setup_dns), | ||
setup_adtrust=to_boolean(os.environ.get("SETUP_ADTRUST", "False")), | ||
ipa_netbios_name=os.environ.get("IPA_NETBIOS_NAME", "IPA"), | ||
) | ||
print(inventory_to_string(get_inventory_data(config))) | ||
|
||
|
||
if "--matrix" in sys.argv: # pylint: disable=no-else-raise | ||
raise NotImplementedError("Test matrix not implemented yet.") | ||
else: | ||
gen_default_inventory() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
--- | ||
- name: Configure IPv6 | ||
hosts: ipaserver | ||
become: true | ||
gather_facts: false | ||
|
||
tasks: | ||
# IPA depends on IPv6 and without it dirsrv service won't start. | ||
- name: Ensure IPv6 is ENABLED | ||
Check failure on line 9 in tests/server_role/ipv6config.yml GitHub Actions / Verify ansible-lintsyntax-check[unknown-module]
|
||
ansible.posix.sysctl: | ||
name: "{{ item.name }}" | ||
value: "{{ item.value }}" | ||
sysctl_set: yes | ||
state: present | ||
reload: yes | ||
with_items: | ||
- name: net.ipv6.conf.all.disable_ipv6 | ||
value: 0 | ||
- name: net.ipv6.conf.lo.disable_ipv6 | ||
value: 0 | ||
- name: net.ipv6.conf.eth0.disable_ipv6 | ||
value: 1 |