x/tripleo-ipa
Code Issues Proposed changes

Use podman for testing with molecule

Browse Source 
Change-Id: I9950d2eedb94abfd478456211800b4f8b5f78411
This commit is contained in:
Sagi Shnaidman 2021-10-18 12:32:38 +03:00
parent c3ee5fd647
commit d670474d36
13 changed files with 59 additions and 62 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
ansible-collections-requirements.yml
View File

@ -5,7 +5,6 @@ collections:
- name: https://github.com/ansible-collections/community.general
type: git
version: main
- community.docker
- ansible.posix
- ansible.netcommon
- openstack.cloud

2
molecule-requirements.txt
View File

@ -1,5 +1,5 @@
ansible-core>=2.11,<2.12.0
docker
molecule
molecule-docker
molecule-podman
testinfra

1
tox.ini
View File

@ -21,6 +21,7 @@ whitelist_externals =
tox
[testenv:molecule]
install_command = pip install {opts} {packages}
setenv =
ANSIBLE_FILTER_PLUGINS={toxinidir}/tripleo_ipa/ansible_plugins/filter
ANSIBLE_LIBRARY={toxinidir}/tripleo_ipa/roles.galaxy/config_template/library:{toxinidir}/tripleo_ipa/ansible_plugins/modules

6
tripleo_ipa/molecule/default/INSTALL.rst
View File

@ -1,11 +1,11 @@
*******
Docker driver installation guide
Podman driver installation guide
*******
Requirements
============
* Docker Engine
* Podman
Install
=======
@ -19,4 +19,4 @@ widely recommended `'--user' flag`_ when invoking ``pip``.
.. code-block:: bash
$ pip install 'molecule[docker]'
$ pip install 'molecule[podman]'

2
tripleo_ipa/molecule/default/converge.yml
View File

@ -18,7 +18,7 @@
hosts: all
vars:
ipa_domain: example.test
ipa_server_ip: 172.18.0.22
ipa_server_ip: 10.88.0.22
ipa_server_user: admin
ipa_server_password: password123
ipa_server_hostname: ipa.example.test

6
tripleo_ipa/molecule/default/molecule.yml
View File

@ -1,16 +1,14 @@
---
driver:
name: docker
name: podman
log: true
platforms:
- name: centos8
hostname: test-0.example.test
image: centos/centos:centos8
image: centos/centos:stream8
registry:
url: quay.io
security_opts:
- seccomp=unconfined
command: /sbin/init
tmpfs:
- /run

50
tripleo_ipa/molecule/default/prepare.yml
View File

@ -23,9 +23,10 @@
ipa_password: password123
- name: Download FreeIPA Container
community.docker.docker_image:
containers.podman.podman_image:
name: freeipa/freeipa-server:fedora-28
source: pull
pull: true
become: true
- name: Make IPA data dir
ansible.builtin.file:
@ -40,22 +41,17 @@
become: true
- name: Remove any old IPA container
community.docker.docker_container:
containers.podman.podman_container:
name: freeipa-server-container
state: absent
- name: Create network
community.docker.docker_network:
name: ipa_network
ipam_config:
- subnet: 172.18.0.0/16
become: true
- name: Configure FreeIPA
shell: >
docker run --name freeipa-server-container
sudo podman run -d --name freeipa-server-container
--sysctl net.ipv6.conf.lo.disable_ipv6=0
--security-opt seccomp=unconfined
--net ipa_network --ip 172.18.0.22
--ip 10.88.0.22
-e IPA_SERVER_IP={{ ansible_default_ipv4.address | default('127.0.0.1') }}
-e PASSWORD={{ ipa_password }}
-h ipa.{{ domain }}
@ -64,25 +60,39 @@
-v /tmp/ipa-data:/data:Z freeipa/freeipa-server:fedora-28 no-exit
-U -r {{ domain | upper }} --setup-dns --no-reverse --no-ntp
--forwarder={{ unbound_primary_nameserver_v4 | default('1.1.1.1') }}
--forwarder={{ unbound_secondary_nameserver_v4 | default('8.8.8.8') }} &
--forwarder={{ unbound_secondary_nameserver_v4 | default('8.8.8.8') }}
- name: Wait for FreeIPA server install
wait_for:
path: "/tmp/ipa-data/var/log/ipaserver-install.log"
search_regex: "(INFO The ipa-server-install command was successful|ERROR The ipa-server-install command failed)"
timeout: 900
become: true
- block:
- name: Wait for FreeIPA server install
wait_for:
path: "/tmp/ipa-data/var/log/ipaserver-install.log"
search_regex: "(INFO The ipa-server-install command was successful|ERROR The ipa-server-install command failed)"
timeout: 900
become: true
rescue:
- name: Get the last lines from IPA install
command: tail -50 /tmp/ipa-data/var/log/ipaserver-install.log
become: true
register: file_log
- name: Print info
debug:
msg: "{{ file_log.stdout }}"
- name: Fail task if timeout reached
fail:
msg: "Timeout of IPA server installation has been reached"
- name: Wait for FreeIPA LDAP port to open
wait_for:
host=172.18.0.22
host=10.88.0.22
port=389
delay=1
timeout=300
ignore_errors: true
- name: Check the status of ipactl to make sure all services are started
command: "docker exec freeipa-server-container ipactl status"
command: "sudo podman exec freeipa-server-container ipactl status"
retries: 10
delay: 3
register: result

2
tripleo_ipa/molecule/default/tests/test_default.py
View File

@ -47,7 +47,7 @@ def test_svc(host, svc):
@pytest.mark.parametrize('file, content', [
("/etc/ipa/default.conf", "ipa.example.test"),
("/etc/hosts", "test-0.example.test"),
("/etc/resolv.conf", "172.18.0.22"),
("/etc/resolv.conf", "10.88.0.22"),
("/etc/novajoin/krb5.keytab", "test-0.example.test"),
])
def test_files(host, file, content):

2
tripleo_ipa/molecule/deregister/converge.yml
View File

@ -18,7 +18,7 @@
hosts: all
vars:
ipa_domain: example.test
ipa_server_ip: 172.18.0.22
ipa_server_ip: 10.88.0.22
ipa_server_user: admin
ipa_server_password: password123
ipa_server_hostname: ipa.example.test

6
tripleo_ipa/molecule/deregister/molecule.yml
View File

@ -1,17 +1,15 @@
---
driver:
name: docker
name: podman
log: true
platforms:
- name: centos8
hostname: test-0.example.test
image: centos/centos:centos8
image: centos/centos:stream8
registry:
url: quay.io
security_opts:
- seccomp=unconfined
command: /sbin/init
tmpfs:
- /run

20
tripleo_ipa/molecule/deregister/prepare.yml
View File

@ -23,9 +23,10 @@
ipa_password: password123
- name: Download FreeIPA Container
community.docker.docker_image:
containers.podman.podman_image:
name: freeipa/freeipa-server:fedora-28
source: pull
pull: true
become: true
- name: Make IPA data dir
ansible.builtin.file:
@ -40,22 +41,17 @@
become: true
- name: Remove any old IPA container
community.docker.docker_container:
containers.podman.podman_container:
name: freeipa-server-container
state: absent
- name: Create network
community.docker.docker_network:
name: ipa_network
ipam_config:
- subnet: 172.18.0.0/16
become: true
- name: Configure FreeIPA
shell: >
docker run --name freeipa-server-container
sudo podman run -d --name freeipa-server-container
--sysctl net.ipv6.conf.lo.disable_ipv6=0
--security-opt seccomp=unconfined
--net ipa_network --ip 172.18.0.22
--ip 10.88.0.22
-e IPA_SERVER_IP={{ ansible_default_ipv4.address | default('127.0.0.1') }}
-e PASSWORD={{ ipa_password }}
-h ipa.{{ domain }}
@ -64,7 +60,7 @@
-v /tmp/ipa-data:/data:Z freeipa/freeipa-server:fedora-28 exit-on-finished
-U -r {{ domain | upper }} --setup-dns --no-reverse --no-ntp
--forwarder={{ unbound_primary_nameserver_v4 | default('1.1.1.1') }}
--forwarder={{ unbound_secondary_nameserver_v4 | default('8.8.8.8') }} &
--forwarder={{ unbound_secondary_nameserver_v4 | default('8.8.8.8') }}
- name: Wait for FreeIPA server install
wait_for:

2
zuul.d/base.yaml
View File

@ -12,5 +12,5 @@
- zuul.d/playbooks/run.yml
post-run:
- zuul.d/playbooks/post.yml
timeout: 3600
timeout: 5400
voting: true

21
zuul.d/playbooks/pre.yml
View File

@ -38,20 +38,15 @@
. {{ ansible_user_dir }}/test-python/bin/activate
pip freeze
# NOTE(cloudnull): This is being done because docker is not supported on RHEL-8
# and tests within this repo still require docker.
- name: Install gpg/container.io rpm
- name: Set containers module to 3.0
become: true
block:
- name: Import GPG key from docker.com
rpm_key:
state: present
key: https://download.docker.com/linux/centos/gpg
- name: Manually install containerd.io
package:
name: https://download.docker.com/linux/centos/7/x86_64/stable/Packages/containerd.io-1.2.6-3.3.el7.x86_64.rpm
shell: |
dnf module disable container-tools:rhel8 -y
dnf module enable container-tools:3.0 -y
dnf clean metadata
when:
- (ansible_distribution_major_version | int) >= 8
- (ansible_distribution_major_version | int) == 8
roles:
# docker is needed by multiple molecule scenarios
- role: ensure-docker
- role: ensure-podman