diff --git a/.gitignore b/.gitignore index 30c0c3ef..5421f904 100644 --- a/.gitignore +++ b/.gitignore @@ -61,15 +61,11 @@ ChangeLog releasenotes/build # Test temp files -tests/plugins -tests/playbooks -tests/test.retry +tests/common +tests/*.retry # Vagrant artifacts .vagrant -# Auto-generated documentation -doc/source/auto_* -doc/source/rhel7/auto_* -doc/source/rhel7/domains/auto_* - +# Git clones +openstack-ansible-ops diff --git a/Vagrantfile b/Vagrantfile index 09adb7ba..436f4593 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -1,51 +1,35 @@ -# Runs the role against Ubuntu 14.04, 16.04 and CentOS 7 -# for local testing purposes +# Verify whether required plugins are installed. +required_plugins = [ "vagrant-disksize" ] +required_plugins.each do |plugin| + if not Vagrant.has_plugin?(plugin) + raise "The vagrant plugin #{plugin} is required. Please run `vagrant plugin install #{plugin}`" + end +end -Vagrant.configure("2") do |config| - - config.vm.define "ubuntu1404" do |trusty| - trusty.vm.box = "ubuntu/trusty64" - trusty.vm.hostname = "sec-ansible-test-ubuntu1404" - - trusty.vm.provision "ansible" do |ansible| - # ansible.verbose = "vvv" - ansible.playbook = "tests/vagrant.yml" - # we'll skip V-38496 because Vagrant itself creates the user that causes - # this to fail - ansible.skip_tags = ['V-38496'] - # we need to run as sudo for a lot of the checks ansible-security runs - ansible.raw_arguments = ['-s'] - end +Vagrant.configure(2) do |config| + config.vm.provider "virtualbox" do |v| + v.memory = 2048 + v.cpus = 2 end - config.vm.define "ubuntu1604" do |trusty| - trusty.vm.box = "ubuntu/xenial64" - trusty.vm.hostname = "sec-ansible-test-ubuntu1604" + config.vm.provision "shell", + privileged: false, + inline: <<-SHELL + cd /vagrant + ./run_tests.sh + SHELL - trusty.vm.provision "ansible" do |ansible| - # ansible.verbose = "vvv" - ansible.playbook = "tests/vagrant.yml" - # we'll skip V-38496 because Vagrant itself creates the user that causes - # this to fail - ansible.skip_tags = ['V-38496'] - # we need to run as sudo for a lot of the checks ansible-security runs - ansible.raw_arguments = ['-s'] - end + config.vm.define "ubuntu1604" do |xenial| + xenial.disksize.size = "40GB" + xenial.vm.box = "ubuntu/xenial64" + end + + config.vm.define "opensuse422" do |leap422| + leap422.vm.box = "opensuse/openSUSE-42.2-x86_64" end config.vm.define "centos7" do |centos7| centos7.vm.box = "centos/7" - centos7.vm.hostname = "sec-ansible-test-centos-7" - - centos7.vm.provision "ansible" do |ansible| - # ansible.verbose = "vvv" - ansible.playbook = "tests/vagrant.yml" - # we'll skip V-38496 because Vagrant itself creates the user that causes - # this to fail - ansible.skip_tags = ['V-38496'] - # we need to run as sudo for a lot of the checks ansible-security runs - ansible.raw_arguments = ['-s'] - end end -end +end diff --git a/doc/.gitignore b/doc/.gitignore new file mode 100644 index 00000000..f2fc794d --- /dev/null +++ b/doc/.gitignore @@ -0,0 +1,5 @@ +# Auto-generated documentation +source/auto_* +source/rhel7/auto_* +source/rhel7/domains/auto_* + diff --git a/run_tests.sh b/run_tests.sh index 561b5bd0..969e3db0 100755 --- a/run_tests.sh +++ b/run_tests.sh @@ -12,62 +12,58 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +# +# Note: +# This file is maintained in the openstack-ansible-tests repository. +# https://git.openstack.org/cgit/openstack/openstack-ansible-tests/tree/run_tests.sh +# If you need to modify this file, update the one in the openstack-ansible-tests +# repository and then update this file as well. The purpose of this file is to +# prepare the host and then execute all the tox tests. +# -set -xeuo pipefail +## Shell Opts ---------------------------------------------------------------- +set -xeu -FUNCTIONAL_TEST=${FUNCTIONAL_TEST:-true} +## Vars ---------------------------------------------------------------------- -# Install pip. -if ! which pip; then - curl --silent --show-error --retry 5 \ - https://bootstrap.pypa.io/get-pip.py | sudo python2.7 -fi +export WORKING_DIR=${WORKING_DIR:-$(pwd)} -# Install bindep and tox with pip. -sudo pip install bindep tox +## Main ---------------------------------------------------------------------- -## Bindep pre-requisites -# Fedora requires the redhat-lsb-core package. -# CentOS 7 requires two additional packages: -# redhat-lsb-core - for bindep profile support -# epel-release - required to install python-ndg_httpsclient/python2-pyasn1 -if [ -e /etc/fedora-release ]; then - sudo dnf -y install redhat-lsb-core -elif [ -e /etc/centos-release ]; then - sudo yum -y install redhat-lsb-core epel-release -fi +source /etc/os-release || source /usr/lib/os-release -# Get a list of packages to install with bindep. If packages need to be -# installed, bindep exits with an exit code of 1. -BINDEP_PKGS=$(bindep -b -f bindep.txt test || true) -echo "Packages to install: ${BINDEP_PKGS}" +install_pkg_deps() { + pkg_deps="git" -# Install a list of OS packages provided by bindep. -if which apt-get; then - sudo apt-get update - DEBIAN_FRONTEND=noninteractive \ - sudo apt-get -q --option "Dpkg::Options::=--force-confold" \ - --assume-yes install $BINDEP_PKGS -elif [ -e /etc/fedora-release ]; then - if [[ ${#BINDEP_PKGS} > 0 ]]; then - sudo dnf install -y $BINDEP_PKGS + case ${ID,,} in + *suse*) pkg_mgr_cmd="zypper -n in" ;; + centos|rhel) pkg_mgr_cmd="yum install -y" ;; + fedora) pkg_mgr_cmd="dnf -y install" ;; + ubuntu|debian) pkg_mgr_cmd="apt-get install -y" ;; + *) echo "unsupported distribution: ${ID,,}"; exit 1 ;; + esac + + eval sudo $pkg_mgr_cmd $pkg_deps +} + +git_clone_repo() { + if [[ ! -d tests/common ]]; then + # The tests repo doesn't need a clone, we can just + # symlink it. + if [[ "$(basename ${WORKING_DIR})" == "openstack-ansible-tests" ]]; then + ln -s ${WORKING_DIR} ${WORKING_DIR}/tests/common + else + git clone \ + https://git.openstack.org/openstack/openstack-ansible-tests \ + tests/common + fi fi -elif [ -e /etc/centos-release]; then - # Don't run yum with an empty list of packages. - # It will fail and cause the script to exit with an error. - if [[ ${#BINDEP_PKGS} > 0 ]]; then - sudo yum install -y $BINDEP_PKGS - fi -fi +} + +install_pkg_deps + +git_clone_repo + +# start executing the main test script +source tests/common/run_tests_common.sh -# Loop through each tox environment and run tests. -for tox_env in $(awk -F= '/envlist/ { gsub(",", " "); print $2 }' tox.ini); do - echo "Executing tox environment: ${tox_env}" - if [[ ${tox_env} == ansible-functional ]]; then - if ${FUNCTIONAL_TEST}; then - tox -e ${tox_env} - fi - else - tox -e ${tox_env} - fi -done diff --git a/tests/vagrant.yml b/tests/vagrant.yml deleted file mode 100644 index 5d648c4a..00000000 --- a/tests/vagrant.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- -# Copyright 2016, HPE, VMWare -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: Playbook for role testing - hosts: all - roles: - - role: "../../../ansible-hardening"