diff --git a/molecule/default/verify.yml b/molecule/default/verify.yml index ec450ea..239a83e 100644 --- a/molecule/default/verify.yml +++ b/molecule/default/verify.yml @@ -4,3 +4,114 @@ gather_facts: true become: true tasks: + - name: "Test: keepalived_script user and group" + block: + - name: "Getent user keepalived_script" + ansible.builtin.getent: + database: passwd + key: keepalived_script + register: keepalived_script_user + + - name: "Getent group keepalived_script" + ansible.builtin.getent: + database: group + key: keepalived_script + register: keepalived_script_group + + - name: "Verify keepalived_script user and group" + ansible.builtin.assert: + that: + - not keepalived_script_user.failed + - not keepalived_script_group.failed + - "'keepalived_script' in keepalived_script_user.ansible_facts.getent_passwd.keys()" + - "'/home/keepalived_script' in keepalived_script_user.ansible_facts.getent_passwd['keepalived_script']" + - "'/bin/false' in keepalived_script_user.ansible_facts.getent_passwd['keepalived_script']" + - "'keepalived_script' in keepalived_script_group.ansible_facts.getent_group.keys()" + + - name: "Test: directory /etc/keepalived" + block: + - name: "Stat directory /etc/keepalived" + ansible.builtin.stat: + path: "/etc/keepalived" + register: stat_etc_keepalived + + - name: "Stat file /etc/keepalived/keepalived.env" + ansible.builtin.stat: + path: "/etc/keepalived/keepalived.env" + register: stat_etc_keepalived_keepalived_env + + - name: "Stat file /etc/keepalived/keepalived.conf" + ansible.builtin.stat: + path: "/etc/keepalived/keepalived.conf" + register: stat_etc_keepalived_keepalived_conf + + - name: "Slurp file /etc/keepalived/keepalived.conf" + ansible.builtin.slurp: + src: "/etc/keepalived/keepalived.conf" + register: slurp_etc_keepalived_keepalived_conf + + - name: "Verify directory /etc/keepalived" + ansible.builtin.assert: + that: + - stat_etc_keepalived.stat.exists + - stat_etc_keepalived.stat.isdir + - stat_etc_keepalived.stat.pw_name == 'root' + - stat_etc_keepalived.stat.gr_name == 'root' + - stat_etc_keepalived.stat.mode == '0755' + - stat_etc_keepalived_keepalived_env.stat.exists + - stat_etc_keepalived_keepalived_env.stat.isreg + - stat_etc_keepalived_keepalived_env.stat.pw_name == 'root' + - stat_etc_keepalived_keepalived_env.stat.gr_name == 'root' + - stat_etc_keepalived_keepalived_env.stat.mode == '0600' + - stat_etc_keepalived_keepalived_conf.stat.exists + - stat_etc_keepalived_keepalived_conf.stat.isreg + - stat_etc_keepalived_keepalived_conf.stat.pw_name == 'root' + - stat_etc_keepalived_keepalived_conf.stat.gr_name == 'root' + - stat_etc_keepalived_keepalived_conf.stat.mode == '0600' + - slurp_etc_keepalived_keepalived_conf.content != '' + + - name: "Test: service haproxy" + block: + - name: "Get service keepalived" + ansible.builtin.service_facts: + + - name: "Stat file /etc/systemd/system/keepalived.service" + ansible.builtin.stat: + path: "/etc/systemd/system/keepalived.service" + register: stat_etc_systemd_system_keepalived_service + + - name: "Slurp file /etc/systemd/system/keepalived.service" + ansible.builtin.slurp: + src: "/etc/systemd/system/keepalived.service" + register: slurp_etc_systemd_system_keepalived_service + + - name: "Verify service keepalived" + vars: + keepalived_expected_service_file: | + # Ansible managed: Do NOT edit this file manually! + [Unit] + Description=Keepalive Daemon (LVS and VRRP) + After=network-online.target + Wants=network-online.target + ConditionFileNotEmpty=/etc/keepalived/keepalived.conf + + [Service] + # Type=notify + EnvironmentFile=-/etc/keepalived/keepalived.env + ExecStart=/usr/local/sbin/keepalived -f /etc/keepalived/keepalived.conf --dont-fork $DAEMON_ARGS + ExecReload=/bin/kill -HUP $MAINPID + + [Install] + WantedBy=multi-user.target + ansible.builtin.assert: + that: + - stat_etc_systemd_system_keepalived_service.stat.exists + - stat_etc_systemd_system_keepalived_service.stat.isreg + - stat_etc_systemd_system_keepalived_service.stat.pw_name == 'root' + - stat_etc_systemd_system_keepalived_service.stat.gr_name == 'root' + - stat_etc_systemd_system_keepalived_service.stat.mode == '0644' + - (slurp_etc_systemd_system_keepalived_service.content|b64decode) == keepalived_expected_service_file + - ansible_facts.services['keepalived.service'] is defined + - ansible_facts.services['keepalived.service']['source'] == 'systemd' + - ansible_facts.services['keepalived.service']['state'] == 'running' + - ansible_facts.services['keepalived.service']['status'] == 'enabled' diff --git a/tasks/configure.yml b/tasks/configure.yml index 6f6c7d2..a3190d0 100644 --- a/tasks/configure.yml +++ b/tasks/configure.yml @@ -5,11 +5,11 @@ block: - name: "Create keepalived environment file" ansible.builtin.template: - src: keepalived.j2 - dest: "/etc/default/keepalived" + src: keepalived.env.j2 + dest: "{{ deploy_keepalived_config_dir }}/keepalived.env" owner: "{{ deploy_keepalived_user }}" group: "{{ deploy_keepalived_group }}" - mode: "0644" + mode: "0600" - name: "Copy keepalived.conf template" ansible.builtin.template: diff --git a/templates/keepalived.j2 b/templates/keepalived.env.j2 similarity index 100% rename from templates/keepalived.j2 rename to templates/keepalived.env.j2 diff --git a/templates/keepalived.service.j2 b/templates/keepalived.service.j2 index 38d378a..7c16d10 100644 --- a/templates/keepalived.service.j2 +++ b/templates/keepalived.service.j2 @@ -1,3 +1,4 @@ +# {{ ansible_managed }} [Unit] Description=Keepalive Daemon (LVS and VRRP) After=network-online.target @@ -6,7 +7,7 @@ ConditionFileNotEmpty={{ deploy_keepalived_config_dir }}/keepalived.conf [Service] # Type=notify -EnvironmentFile=-/etc/default/{{ deploy_keepalived_service_name }} +EnvironmentFile=-{{ deploy_keepalived_config_dir }}/keepalived.env ExecStart={{ deploy_keepalived_path }} -f {{ deploy_keepalived_config_dir }}/keepalived.conf --dont-fork $DAEMON_ARGS ExecReload=/bin/kill -HUP $MAINPID