Kevin Carter 88bf46c65c
Add osquery testing
Change-Id: Ia8249da40bf5eb0e09b5d7811eb126b60dc5dc73
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
2018-10-17 13:58:03 -05:00

159 lines
5.5 KiB
YAML

---
# Copyright 2018, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- import_playbook: run-setup.yml
- name: Basic setup
hosts: "all"
become: true
environment:
# ZUUL_PROJECT is used by tests/get-ansible-role-requirements to
# determine when CI provided repos should be used.
ZUUL_PROJECT: "{{ zuul.project.short_name }}"
ANSIBLE_PACKAGE: "{{ ansible_package | default('') }}"
ANSIBLE_HOST_KEY_CHECKING: "False"
ANSIBLE_LOG_PATH: "/tmp/osquery-logs/ansible-osquery-test.log"
vars:
inventory_file: "inventory/test-{{ (contianer_inventory | bool) | ternary('container', 'metal') }}-inventory.yml"
pre_tasks:
- name: Create swap file
command: "dd if=/dev/zero of=/swap.img bs=1M count=4096"
args:
creates: /swap.img
register: swap_create
- name: Format the swap file
command: mkswap /swap.img
when:
- swap_create is changed
tags:
- swap-format
- skip_ansible_lint
- name: Enable swap file
command: swapon /swap.img
failed_when: false
tags:
- swap-format
- skip_ansible_lint
- name: Set system swappiness
sysctl:
name: vm.swappiness
value: 10
state: present
reload: "yes"
sysctl_file: /etc/sysctl.d/99-elasticsearch.conf
- name: Create tmp osquery dir
file:
path: "/tmp/osquery-logs"
state: directory
- name: Flush iptables rules
command: "{{ item }}"
args:
creates: "/tmp/osquery-logs/iptables.flushed"
with_items:
- "iptables -F"
- "iptables -X"
- "iptables -t nat -F"
- "iptables -t nat -X"
- "iptables -t mangle -F"
- "iptables -t mangle -X"
- "iptables -P INPUT ACCEPT"
- "iptables -P FORWARD ACCEPT"
- "iptables -P OUTPUT ACCEPT"
- "touch /tmp/osquery-logs/iptables.flushed"
- name: First ensure apt cache is always refreshed
apt:
update_cache: yes
when:
- ansible_pkg_mgr == 'apt'
tasks:
- name: Run embedded ansible installation
become: yes
become_user: root
command: "./bootstrap-embedded-ansible.sh"
args:
chdir: "src/{{ current_test_repo }}/osquery"
- name: Run ansible-galaxy (tests)
become: yes
become_user: root
command: "/root/ansible25/bin/ansible-galaxy install --force --ignore-errors --roles-path=/root/ansible25/repositories/roles -r ansible-role-requirements.yml"
args:
chdir: "src/{{ current_test_repo }}/osquery/tests"
- name: Run ansible-galaxy (osquery)
become: yes
become_user: root
command: "/root/ansible25/bin/ansible-galaxy install --force --ignore-errors --roles-path=/root/ansible25/repositories/roles -r ansible-role-requirements.yml"
args:
chdir: "src/{{ current_test_repo }}/osquery"
- name: Run environment setup
become: yes
become_user: root
command: "/root/ansible25/bin/ansible-playbook -i {{ inventory_file }} -e @test-vars.yml _key-setup.yml"
environment:
ANSIBLE_ACTION_PLUGINS: "/root/ansible25/repositories/ansible-config_template/action"
ANSIBLE_CONNECTION_PLUGINS: "/root/ansible25/repositories/openstack-ansible-plugins/connection"
ANSIBLE_LOG_PATH: "/tmp/osquery-logs/ansible-osquery-test-container-setup.log"
ANSIBLE_ROLES_PATH: /root/ansible25/repositories/roles
args:
chdir: "src/{{ current_test_repo }}/osquery/tests"
when:
- ansible_service_mgr != 'systemd' or
not (contianer_inventory | bool)
- name: Run environment setup
become: yes
become_user: root
command: "/root/ansible25/bin/ansible-playbook -i {{ inventory_file }} -e @test-vars.yml _container-setup.yml"
environment:
ANSIBLE_ACTION_PLUGINS: "/root/ansible25/repositories/ansible-config_template/action"
ANSIBLE_CONNECTION_PLUGINS: "/root/ansible25/repositories/openstack-ansible-plugins/connection"
ANSIBLE_LOG_PATH: "/tmp/osquery-logs/ansible-osquery-test-container-setup.log"
ANSIBLE_ROLES_PATH: /root/ansible25/repositories/roles
args:
chdir: "src/{{ current_test_repo }}/osquery/tests"
when:
- ansible_service_mgr == 'systemd'
- contianer_inventory | bool
- name: Wait 15 seconds
command: "sleep 15"
changed_when: false
when:
- ansible_service_mgr == 'systemd'
- name: Run functional test
become: yes
become_user: root
command: "/root/ansible25/bin/ansible-playbook -i tests/{{ inventory_file }} -e @tests/test-vars.yml site.yml"
environment:
ANSIBLE_ACTION_PLUGINS: "/root/ansible25/repositories/ansible-config_template/action"
ANSIBLE_CONNECTION_PLUGINS: "/root/ansible25/repositories/openstack-ansible-plugins/connection"
ANSIBLE_LOG_PATH: "/tmp/osquery-logs/ansible-osquery-test-deployment.log"
ANSIBLE_ROLES_PATH: /root/ansible25/repositories/roles
args:
chdir: "src/{{ current_test_repo }}/osquery"