From d670474d361e35b8c8313df6d9a353da193857b7 Mon Sep 17 00:00:00 2001 From: Sagi Shnaidman Date: Mon, 18 Oct 2021 12:32:38 +0300 Subject: [PATCH] Use podman for testing with molecule Change-Id: I9950d2eedb94abfd478456211800b4f8b5f78411 --- ansible-collections-requirements.yml | 1 - molecule-requirements.txt | 2 +- tox.ini | 1 + tripleo_ipa/molecule/default/INSTALL.rst | 6 +-- tripleo_ipa/molecule/default/converge.yml | 2 +- tripleo_ipa/molecule/default/molecule.yml | 6 +-- tripleo_ipa/molecule/default/prepare.yml | 50 +++++++++++-------- .../molecule/default/tests/test_default.py | 2 +- tripleo_ipa/molecule/deregister/converge.yml | 2 +- tripleo_ipa/molecule/deregister/molecule.yml | 6 +-- tripleo_ipa/molecule/deregister/prepare.yml | 20 +++----- zuul.d/base.yaml | 2 +- zuul.d/playbooks/pre.yml | 21 +++----- 13 files changed, 59 insertions(+), 62 deletions(-) diff --git a/ansible-collections-requirements.yml b/ansible-collections-requirements.yml index 12bf5c7..ec295b9 100644 --- a/ansible-collections-requirements.yml +++ b/ansible-collections-requirements.yml @@ -5,7 +5,6 @@ collections: - name: https://github.com/ansible-collections/community.general type: git version: main - - community.docker - ansible.posix - ansible.netcommon - openstack.cloud diff --git a/molecule-requirements.txt b/molecule-requirements.txt index 8b84339..9f246b5 100644 --- a/molecule-requirements.txt +++ b/molecule-requirements.txt @@ -1,5 +1,5 @@ ansible-core>=2.11,<2.12.0 docker molecule -molecule-docker +molecule-podman testinfra diff --git a/tox.ini b/tox.ini index 6c18d67..a9f258c 100644 --- a/tox.ini +++ b/tox.ini @@ -21,6 +21,7 @@ whitelist_externals = tox [testenv:molecule] +install_command = pip install {opts} {packages} setenv = ANSIBLE_FILTER_PLUGINS={toxinidir}/tripleo_ipa/ansible_plugins/filter ANSIBLE_LIBRARY={toxinidir}/tripleo_ipa/roles.galaxy/config_template/library:{toxinidir}/tripleo_ipa/ansible_plugins/modules diff --git a/tripleo_ipa/molecule/default/INSTALL.rst b/tripleo_ipa/molecule/default/INSTALL.rst index 6a44bde..fc3b865 100644 --- a/tripleo_ipa/molecule/default/INSTALL.rst +++ b/tripleo_ipa/molecule/default/INSTALL.rst @@ -1,11 +1,11 @@ ******* -Docker driver installation guide +Podman driver installation guide ******* Requirements ============ -* Docker Engine +* Podman Install ======= @@ -19,4 +19,4 @@ widely recommended `'--user' flag`_ when invoking ``pip``. .. code-block:: bash - $ pip install 'molecule[docker]' + $ pip install 'molecule[podman]' diff --git a/tripleo_ipa/molecule/default/converge.yml b/tripleo_ipa/molecule/default/converge.yml index 87c538c..c868cc8 100644 --- a/tripleo_ipa/molecule/default/converge.yml +++ b/tripleo_ipa/molecule/default/converge.yml @@ -18,7 +18,7 @@ hosts: all vars: ipa_domain: example.test - ipa_server_ip: 172.18.0.22 + ipa_server_ip: 10.88.0.22 ipa_server_user: admin ipa_server_password: password123 ipa_server_hostname: ipa.example.test diff --git a/tripleo_ipa/molecule/default/molecule.yml b/tripleo_ipa/molecule/default/molecule.yml index 52e36af..601d369 100644 --- a/tripleo_ipa/molecule/default/molecule.yml +++ b/tripleo_ipa/molecule/default/molecule.yml @@ -1,16 +1,14 @@ --- driver: - name: docker + name: podman log: true platforms: - name: centos8 hostname: test-0.example.test - image: centos/centos:centos8 + image: centos/centos:stream8 registry: url: quay.io - security_opts: - - seccomp=unconfined command: /sbin/init tmpfs: - /run diff --git a/tripleo_ipa/molecule/default/prepare.yml b/tripleo_ipa/molecule/default/prepare.yml index ab450d8..6d06523 100644 --- a/tripleo_ipa/molecule/default/prepare.yml +++ b/tripleo_ipa/molecule/default/prepare.yml @@ -23,9 +23,10 @@ ipa_password: password123 - name: Download FreeIPA Container - community.docker.docker_image: + containers.podman.podman_image: name: freeipa/freeipa-server:fedora-28 - source: pull + pull: true + become: true - name: Make IPA data dir ansible.builtin.file: @@ -40,22 +41,17 @@ become: true - name: Remove any old IPA container - community.docker.docker_container: + containers.podman.podman_container: name: freeipa-server-container state: absent - - - name: Create network - community.docker.docker_network: - name: ipa_network - ipam_config: - - subnet: 172.18.0.0/16 + become: true - name: Configure FreeIPA shell: > - docker run --name freeipa-server-container + sudo podman run -d --name freeipa-server-container --sysctl net.ipv6.conf.lo.disable_ipv6=0 --security-opt seccomp=unconfined - --net ipa_network --ip 172.18.0.22 + --ip 10.88.0.22 -e IPA_SERVER_IP={{ ansible_default_ipv4.address | default('127.0.0.1') }} -e PASSWORD={{ ipa_password }} -h ipa.{{ domain }} @@ -64,25 +60,39 @@ -v /tmp/ipa-data:/data:Z freeipa/freeipa-server:fedora-28 no-exit -U -r {{ domain | upper }} --setup-dns --no-reverse --no-ntp --forwarder={{ unbound_primary_nameserver_v4 | default('1.1.1.1') }} - --forwarder={{ unbound_secondary_nameserver_v4 | default('8.8.8.8') }} & + --forwarder={{ unbound_secondary_nameserver_v4 | default('8.8.8.8') }} - - name: Wait for FreeIPA server install - wait_for: - path: "/tmp/ipa-data/var/log/ipaserver-install.log" - search_regex: "(INFO The ipa-server-install command was successful|ERROR The ipa-server-install command failed)" - timeout: 900 - become: true + - block: + - name: Wait for FreeIPA server install + wait_for: + path: "/tmp/ipa-data/var/log/ipaserver-install.log" + search_regex: "(INFO The ipa-server-install command was successful|ERROR The ipa-server-install command failed)" + timeout: 900 + become: true + rescue: + - name: Get the last lines from IPA install + command: tail -50 /tmp/ipa-data/var/log/ipaserver-install.log + become: true + register: file_log + + - name: Print info + debug: + msg: "{{ file_log.stdout }}" + + - name: Fail task if timeout reached + fail: + msg: "Timeout of IPA server installation has been reached" - name: Wait for FreeIPA LDAP port to open wait_for: - host=172.18.0.22 + host=10.88.0.22 port=389 delay=1 timeout=300 ignore_errors: true - name: Check the status of ipactl to make sure all services are started - command: "docker exec freeipa-server-container ipactl status" + command: "sudo podman exec freeipa-server-container ipactl status" retries: 10 delay: 3 register: result diff --git a/tripleo_ipa/molecule/default/tests/test_default.py b/tripleo_ipa/molecule/default/tests/test_default.py index f52960b..79b0676 100644 --- a/tripleo_ipa/molecule/default/tests/test_default.py +++ b/tripleo_ipa/molecule/default/tests/test_default.py @@ -47,7 +47,7 @@ def test_svc(host, svc): @pytest.mark.parametrize('file, content', [ ("/etc/ipa/default.conf", "ipa.example.test"), ("/etc/hosts", "test-0.example.test"), - ("/etc/resolv.conf", "172.18.0.22"), + ("/etc/resolv.conf", "10.88.0.22"), ("/etc/novajoin/krb5.keytab", "test-0.example.test"), ]) def test_files(host, file, content): diff --git a/tripleo_ipa/molecule/deregister/converge.yml b/tripleo_ipa/molecule/deregister/converge.yml index 81cdd6d..cae68e8 100644 --- a/tripleo_ipa/molecule/deregister/converge.yml +++ b/tripleo_ipa/molecule/deregister/converge.yml @@ -18,7 +18,7 @@ hosts: all vars: ipa_domain: example.test - ipa_server_ip: 172.18.0.22 + ipa_server_ip: 10.88.0.22 ipa_server_user: admin ipa_server_password: password123 ipa_server_hostname: ipa.example.test diff --git a/tripleo_ipa/molecule/deregister/molecule.yml b/tripleo_ipa/molecule/deregister/molecule.yml index 0909b45..6a4a41e 100644 --- a/tripleo_ipa/molecule/deregister/molecule.yml +++ b/tripleo_ipa/molecule/deregister/molecule.yml @@ -1,17 +1,15 @@ --- driver: - name: docker + name: podman log: true platforms: - name: centos8 hostname: test-0.example.test - image: centos/centos:centos8 + image: centos/centos:stream8 registry: url: quay.io - security_opts: - - seccomp=unconfined command: /sbin/init tmpfs: - /run diff --git a/tripleo_ipa/molecule/deregister/prepare.yml b/tripleo_ipa/molecule/deregister/prepare.yml index e98bc77..04aad11 100644 --- a/tripleo_ipa/molecule/deregister/prepare.yml +++ b/tripleo_ipa/molecule/deregister/prepare.yml @@ -23,9 +23,10 @@ ipa_password: password123 - name: Download FreeIPA Container - community.docker.docker_image: + containers.podman.podman_image: name: freeipa/freeipa-server:fedora-28 - source: pull + pull: true + become: true - name: Make IPA data dir ansible.builtin.file: @@ -40,22 +41,17 @@ become: true - name: Remove any old IPA container - community.docker.docker_container: + containers.podman.podman_container: name: freeipa-server-container state: absent - - - name: Create network - community.docker.docker_network: - name: ipa_network - ipam_config: - - subnet: 172.18.0.0/16 + become: true - name: Configure FreeIPA shell: > - docker run --name freeipa-server-container + sudo podman run -d --name freeipa-server-container --sysctl net.ipv6.conf.lo.disable_ipv6=0 --security-opt seccomp=unconfined - --net ipa_network --ip 172.18.0.22 + --ip 10.88.0.22 -e IPA_SERVER_IP={{ ansible_default_ipv4.address | default('127.0.0.1') }} -e PASSWORD={{ ipa_password }} -h ipa.{{ domain }} @@ -64,7 +60,7 @@ -v /tmp/ipa-data:/data:Z freeipa/freeipa-server:fedora-28 exit-on-finished -U -r {{ domain | upper }} --setup-dns --no-reverse --no-ntp --forwarder={{ unbound_primary_nameserver_v4 | default('1.1.1.1') }} - --forwarder={{ unbound_secondary_nameserver_v4 | default('8.8.8.8') }} & + --forwarder={{ unbound_secondary_nameserver_v4 | default('8.8.8.8') }} - name: Wait for FreeIPA server install wait_for: diff --git a/zuul.d/base.yaml b/zuul.d/base.yaml index b3f4e4f..6d1d5fe 100644 --- a/zuul.d/base.yaml +++ b/zuul.d/base.yaml @@ -12,5 +12,5 @@ - zuul.d/playbooks/run.yml post-run: - zuul.d/playbooks/post.yml - timeout: 3600 + timeout: 5400 voting: true diff --git a/zuul.d/playbooks/pre.yml b/zuul.d/playbooks/pre.yml index 861187f..8f51acc 100644 --- a/zuul.d/playbooks/pre.yml +++ b/zuul.d/playbooks/pre.yml @@ -38,20 +38,15 @@ . {{ ansible_user_dir }}/test-python/bin/activate pip freeze - # NOTE(cloudnull): This is being done because docker is not supported on RHEL-8 - # and tests within this repo still require docker. - - name: Install gpg/container.io rpm + - name: Set containers module to 3.0 become: true - block: - - name: Import GPG key from docker.com - rpm_key: - state: present - key: https://download.docker.com/linux/centos/gpg - - name: Manually install containerd.io - package: - name: https://download.docker.com/linux/centos/7/x86_64/stable/Packages/containerd.io-1.2.6-3.3.el7.x86_64.rpm + shell: | + dnf module disable container-tools:rhel8 -y + dnf module enable container-tools:3.0 -y + dnf clean metadata when: - - (ansible_distribution_major_version | int) >= 8 + - (ansible_distribution_major_version | int) == 8 + roles: # docker is needed by multiple molecule scenarios - - role: ensure-docker + - role: ensure-podman