ansible-collections/hcp-ansible
ansible-collections/hcp-ansible
4
0
Fork 0
Code Issues 3 Pull Requests Actions Packages Projects 1 Releases Wiki Activity
2c9f538cef
hcp-ansible/molecule/nomad_with_acl_enabled/verify.yml
Bertrand Lanson 2c9f538cef
All checks were successful
development / Check commit compliance (push) Successful in 6s
Details
feat(roles): integrate nomad role to hashistack collection
2024-07-19 23:32:24 +02:00

186 lines
7.2 KiB
YAML
Raw Blame History

---
- name: Verify
hosts: all
gather_facts: true
become: true
tasks:
- name: "Test: nomad user and group"
block:
- name: "Getent user nomad"
ansible.builtin.getent:
database: passwd
key: nomad
register: nomad_user
- name: "Getent group nomad"
ansible.builtin.getent:
database: group
key: nomad
register: nomad_group
- name: "Verify nomad user and group"
ansible.builtin.assert:
that:
- not nomad_user.failed
- not nomad_group.failed
- "'nomad' in nomad_user.ansible_facts.getent_passwd.keys()"
- "'/home/nomad' in nomad_user.ansible_facts.getent_passwd['nomad']"
- "'/bin/false' in nomad_user.ansible_facts.getent_passwd['nomad']"
- "'nomad' in nomad_group.ansible_facts.getent_group.keys()"
- name: "Test: binary /usr/local/bin/nomad"
block:
- name: "Stat binary /usr/local/bin/nomad"
ansible.builtin.stat:
path: "/usr/local/bin/nomad"
register: stat_usr_local_bin_nomad
- name: "Verify binary /usr/local/bin/nomad"
ansible.builtin.assert:
that:
- stat_usr_local_bin_nomad.stat.exists
- stat_usr_local_bin_nomad.stat.isreg
- stat_usr_local_bin_nomad.stat.pw_name == 'root'
- stat_usr_local_bin_nomad.stat.gr_name == 'root'
- stat_usr_local_bin_nomad.stat.mode == '0755'
- name: "Test: directory /etc/nomad.d"
block:
- name: "Stat directory /etc/nomad.d"
ansible.builtin.stat:
path: "/etc/nomad.d"
register: stat_etc_nomad_d
- name: "Stat file /etc/nomad.d/nomad.env"
ansible.builtin.stat:
path: "/etc/nomad.d/nomad.env"
register: stat_etc_nomad_d_nomad_env
- name: "Stat file /etc/nomad.d/nomad.json"
ansible.builtin.stat:
path: "/etc/nomad.d/nomad.json"
register: stat_etc_nomad_d_nomad_json
- name: "Slurp file /etc/nomad.d/nomad.json"
ansible.builtin.slurp:
src: "/etc/nomad.d/nomad.json"
register: slurp_etc_nomad_d_nomad_json
- name: "Verify directory /etc/nomad.d"
ansible.builtin.assert:
that:
- stat_etc_nomad_d.stat.exists
- stat_etc_nomad_d.stat.isdir
- stat_etc_nomad_d.stat.pw_name == 'nomad'
- stat_etc_nomad_d.stat.gr_name == 'nomad'
- stat_etc_nomad_d.stat.mode == '0755'
- stat_etc_nomad_d_nomad_env.stat.exists
- stat_etc_nomad_d_nomad_env.stat.isreg
- stat_etc_nomad_d_nomad_env.stat.pw_name == 'nomad'
- stat_etc_nomad_d_nomad_env.stat.gr_name == 'nomad'
- stat_etc_nomad_d_nomad_env.stat.mode == '0600'
- stat_etc_nomad_d_nomad_json.stat.exists
- stat_etc_nomad_d_nomad_json.stat.isreg
- stat_etc_nomad_d_nomad_json.stat.pw_name == 'nomad'
- stat_etc_nomad_d_nomad_json.stat.gr_name == 'nomad'
- stat_etc_nomad_d_nomad_json.stat.mode == '0600'
- slurp_etc_nomad_d_nomad_json.content != ''
- name: "Test: directory /opt/nomad"
block:
- name: "Stat directory /opt/nomad"
ansible.builtin.stat:
path: "/opt/nomad"
register: stat_opt_nomad
- name: "Verify directory /opt/nomad"
ansible.builtin.assert:
that:
- stat_opt_nomad.stat.exists
- stat_opt_nomad.stat.isdir
- stat_opt_nomad.stat.pw_name == 'nomad'
- stat_opt_nomad.stat.gr_name == 'nomad'
- stat_opt_nomad.stat.mode == '0755'
- name: "Test: service nomad"
block:
- name: "Get service nomad"
ansible.builtin.service_facts:
- name: "Stat file /etc/systemd/system/nomad.service"
ansible.builtin.stat:
path: "/etc/systemd/system/nomad.service"
register: stat_etc_systemd_system_nomad_service
- name: "Slurp file /etc/systemd/system/nomad.service"
ansible.builtin.slurp:
src: "/etc/systemd/system/nomad.service"
register: slurp_etc_systemd_system_nomad_service
- name: "Verify service nomad"
ansible.builtin.assert:
that:
- stat_etc_systemd_system_nomad_service.stat.exists
- stat_etc_systemd_system_nomad_service.stat.isreg
- stat_etc_systemd_system_nomad_service.stat.pw_name == 'root'
- stat_etc_systemd_system_nomad_service.stat.gr_name == 'root'
- stat_etc_systemd_system_nomad_service.stat.mode == '0644'
- slurp_etc_systemd_system_nomad_service.content != ''
- ansible_facts.services['nomad.service'] is defined
- ansible_facts.services['nomad.service']['source'] == 'systemd'
- ansible_facts.services['nomad.service']['state'] == 'running'
- ansible_facts.services['nomad.service']['status'] == 'enabled'
- name: "Test: bootstrap acl nomad"
block:
- name: "Command nomad acl bootstrap"
ansible.builtin.command: "nomad acl bootstrap -json"
environment:
NOMAD_ADDR: "http://{{ ansible_default_ipv4.address }}:4646"
changed_when: false
register: nomad_acl_bootstrap
- name: "Test: interaction nomad"
vars:
acl_token: "{{ nomad_acl_bootstrap.stdout|from_json|json_query('SecretID') }}"
block:
- name: "Command nomad var put"
ansible.builtin.command: "nomad var put secret/foobar foo=bar"
environment:
NOMAD_ADDR: "http://{{ ansible_default_ipv4.address }}:4646"
NOMAD_TOKEN: "{{ acl_token }}"
changed_when: false
register: nomad_var_put
- name: "Command nomad var get"
ansible.builtin.command: "nomad var get secret/foobar"
environment:
NOMAD_ADDR: "http://{{ ansible_default_ipv4.address }}:4646"
NOMAD_TOKEN: "{{ acl_token }}"
changed_when: false
register: nomad_var_get
- name: "Command nomad var purge"
ansible.builtin.command: "nomad var purge secret/foobar"
environment:
NOMAD_ADDR: "http://{{ ansible_default_ipv4.address }}:4646"
NOMAD_TOKEN: "{{ acl_token }}"
changed_when: false
register: nomad_var_purge
- name: "Command nomad server members"
ansible.builtin.command: "nomad server members"
environment:
NOMAD_ADDR: "http://{{ ansible_default_ipv4.address }}:4646"
NOMAD_TOKEN: "{{ acl_token }}"
changed_when: false
register: nomad_server_members
- name: "Verify nomad interaction"
ansible.builtin.assert:
that:
- "'instance.global' in nomad_server_members.stdout"
- "'\"Items\": {\n \"foo\": \"bar\"\n }' in nomad_var_put.stdout"
- "'\"Items\": {\n \"foo\": \"bar\"\n }' in nomad_var_get.stdout"
- nomad_var_purge.stdout == 'Successfully purged variable \"secret/foobar\"!'
Reference in New Issue View Git Blame Copy Permalink