From 6218ed1fdd86908b2eb507670692ee927d31b861 Mon Sep 17 00:00:00 2001 From: Bertrand Lanson Date: Fri, 1 Dec 2023 18:36:27 +0100 Subject: [PATCH] feat: add become: true, add vagrant tests, add systemd-resolved service check to avoid failure if service is not on host --- molecule/default_vagrant/converge.yml | 7 +++ molecule/default_vagrant/group_vars/all.yml | 2 + molecule/default_vagrant/molecule.yml | 35 ++++++++++++++ molecule/default_vagrant/requirements.yml | 3 ++ molecule/default_vagrant/verify.yml | 47 ++++++++++++++++++ .../with_custom_config_vagrant/converge.yml | 7 +++ .../group_vars/all.yml | 12 +++++ .../with_custom_config_vagrant/molecule.yml | 35 ++++++++++++++ .../requirements.yml | 3 ++ .../with_custom_config_vagrant/verify.yml | 48 +++++++++++++++++++ tasks/resolv_conf.yml | 1 + tasks/resolved_conf.yml | 1 + tasks/systemd.yml | 5 ++ 13 files changed, 206 insertions(+) create mode 100644 molecule/default_vagrant/converge.yml create mode 100644 molecule/default_vagrant/group_vars/all.yml create mode 100644 molecule/default_vagrant/molecule.yml create mode 100644 molecule/default_vagrant/requirements.yml create mode 100644 molecule/default_vagrant/verify.yml create mode 100644 molecule/with_custom_config_vagrant/converge.yml create mode 100644 molecule/with_custom_config_vagrant/group_vars/all.yml create mode 100644 molecule/with_custom_config_vagrant/molecule.yml create mode 100644 molecule/with_custom_config_vagrant/requirements.yml create mode 100644 molecule/with_custom_config_vagrant/verify.yml diff --git a/molecule/default_vagrant/converge.yml b/molecule/default_vagrant/converge.yml new file mode 100644 index 0000000..3f5973f --- /dev/null +++ b/molecule/default_vagrant/converge.yml @@ -0,0 +1,7 @@ +--- +- name: Converge + hosts: all + tasks: + - name: "Include ednxzu.dns_resolver_conf" + ansible.builtin.include_role: + name: "ednxzu.dns_resolver_conf" diff --git a/molecule/default_vagrant/group_vars/all.yml b/molecule/default_vagrant/group_vars/all.yml new file mode 100644 index 0000000..6305ef2 --- /dev/null +++ b/molecule/default_vagrant/group_vars/all.yml @@ -0,0 +1,2 @@ +--- +dns_resolv_conf_path: '/tmp' diff --git a/molecule/default_vagrant/molecule.yml b/molecule/default_vagrant/molecule.yml new file mode 100644 index 0000000..2b02360 --- /dev/null +++ b/molecule/default_vagrant/molecule.yml @@ -0,0 +1,35 @@ +--- +dependency: + name: galaxy + options: + requirements-file: ./requirements.yml +driver: + name: vagrant + provider: + name: libvirt +platforms: + - name: instance + box: generic/${MOLECULE_TEST_OS} + cpus: 4 + memory: 4096 +provisioner: + name: ansible + config_options: + defaults: + remote_tmp: /tmp/.ansible +verifier: + name: ansible +scenario: + name: default_vagrant + test_sequence: + - dependency + - cleanup + - destroy + - syntax + - create + - prepare + - converge + - idempotence + - verify + - cleanup + - destroy diff --git a/molecule/default_vagrant/requirements.yml b/molecule/default_vagrant/requirements.yml new file mode 100644 index 0000000..e9320f9 --- /dev/null +++ b/molecule/default_vagrant/requirements.yml @@ -0,0 +1,3 @@ +--- +# requirements file for molecule +roles: [] diff --git a/molecule/default_vagrant/verify.yml b/molecule/default_vagrant/verify.yml new file mode 100644 index 0000000..b5df94b --- /dev/null +++ b/molecule/default_vagrant/verify.yml @@ -0,0 +1,47 @@ +--- +- name: Verify + hosts: all + gather_facts: true + tasks: + - name: "Test: file /etc/hosts" + block: + - name: "Stat file /etc/hosts" + ansible.builtin.stat: + path: "/etc/hosts" + register: stat_etc_hosts + + - name: "Verify file /etc/hosts" + vars: + etc_hosts_group: + ubuntu: "adm" + debian: "root" + ansible.builtin.assert: + that: + - stat_etc_hosts.stat.exists + - stat_etc_hosts.stat.isreg + - stat_etc_hosts.stat.pw_name == 'root' + - stat_etc_hosts.stat.gr_name == etc_hosts_group[(ansible_distribution|lower)] + + - name: "Test: file /tmp/resolv.conf" + block: + - name: "Stat file /tmp/resolv.conf" + ansible.builtin.stat: + path: "/tmp/resolv.conf" + register: stat_tmp_resolv_conf + + - name: "Slurp file /tmp/resolv.conf" + ansible.builtin.slurp: + src: "/tmp/resolv.conf" + register: slurp_tmp_resolv_conf + + - name: "Verify file /tmp/resolv.conf" + ansible.builtin.assert: + that: + - stat_tmp_resolv_conf.stat.exists + - stat_tmp_resolv_conf.stat.isreg + - stat_tmp_resolv_conf.stat.pw_name == 'root' + - stat_tmp_resolv_conf.stat.gr_name == 'root' + - stat_tmp_resolv_conf.stat.mode == '0644' + - "'search local.lan' in (slurp_tmp_resolv_conf.content|b64decode)" + - "'nameserver 1.1.1.1' in (slurp_tmp_resolv_conf.content|b64decode)" + - "'nameserver 8.8.8.8' in (slurp_tmp_resolv_conf.content|b64decode)" diff --git a/molecule/with_custom_config_vagrant/converge.yml b/molecule/with_custom_config_vagrant/converge.yml new file mode 100644 index 0000000..3f5973f --- /dev/null +++ b/molecule/with_custom_config_vagrant/converge.yml @@ -0,0 +1,7 @@ +--- +- name: Converge + hosts: all + tasks: + - name: "Include ednxzu.dns_resolver_conf" + ansible.builtin.include_role: + name: "ednxzu.dns_resolver_conf" diff --git a/molecule/with_custom_config_vagrant/group_vars/all.yml b/molecule/with_custom_config_vagrant/group_vars/all.yml new file mode 100644 index 0000000..573e7d6 --- /dev/null +++ b/molecule/with_custom_config_vagrant/group_vars/all.yml @@ -0,0 +1,12 @@ +--- +dns_resolv_conf_disable_resolvectl: true +dns_resolv_conf_path: '/tmp' +dns_resolv_conf_nameservers: + - "10.1.20.53" + - "10.1.20.54" +dns_resolv_conf_domain: "" +dns_resolv_conf_search: + - "example.org" + - "az1.example.org" +dns_resolv_conf_sortlist: [] +dns_resolv_conf_options: [edns0, rotate] diff --git a/molecule/with_custom_config_vagrant/molecule.yml b/molecule/with_custom_config_vagrant/molecule.yml new file mode 100644 index 0000000..890cdd0 --- /dev/null +++ b/molecule/with_custom_config_vagrant/molecule.yml @@ -0,0 +1,35 @@ +--- +dependency: + name: galaxy + options: + requirements-file: ./requirements.yml +driver: + name: vagrant + provider: + name: libvirt +platforms: + - name: instance + box: generic/${MOLECULE_TEST_OS} + cpus: 4 + memory: 4096 +provisioner: + name: ansible + config_options: + defaults: + remote_tmp: /tmp/.ansible +verifier: + name: ansible +scenario: + name: with_custom_config_vagrant + test_sequence: + - dependency + - cleanup + - destroy + - syntax + - create + - prepare + - converge + - idempotence + - verify + - cleanup + - destroy diff --git a/molecule/with_custom_config_vagrant/requirements.yml b/molecule/with_custom_config_vagrant/requirements.yml new file mode 100644 index 0000000..e9320f9 --- /dev/null +++ b/molecule/with_custom_config_vagrant/requirements.yml @@ -0,0 +1,3 @@ +--- +# requirements file for molecule +roles: [] diff --git a/molecule/with_custom_config_vagrant/verify.yml b/molecule/with_custom_config_vagrant/verify.yml new file mode 100644 index 0000000..e55cbec --- /dev/null +++ b/molecule/with_custom_config_vagrant/verify.yml @@ -0,0 +1,48 @@ +--- +- name: Verify + hosts: all + gather_facts: true + tasks: + - name: "Test: file /etc/hosts" + block: + - name: "Stat file /etc/hosts" + ansible.builtin.stat: + path: "/etc/hosts" + register: stat_etc_hosts + + - name: "Verify file /etc/hosts" + vars: + etc_hosts_group: + ubuntu: "adm" + debian: "root" + ansible.builtin.assert: + that: + - stat_etc_hosts.stat.exists + - stat_etc_hosts.stat.isreg + - stat_etc_hosts.stat.pw_name == 'root' + - stat_etc_hosts.stat.gr_name == etc_hosts_group[(ansible_distribution|lower)] + + - name: "Test: file /tmp/resolv.conf" + block: + - name: "Stat file /tmp/resolv.conf" + ansible.builtin.stat: + path: "/tmp/resolv.conf" + register: stat_tmp_resolv_conf + + - name: "Slurp file /tmp/resolv.conf" + ansible.builtin.slurp: + src: "/tmp/resolv.conf" + register: slurp_tmp_resolv_conf + + - name: "Verify file /tmp/resolv.conf" + ansible.builtin.assert: + that: + - stat_tmp_resolv_conf.stat.exists + - stat_tmp_resolv_conf.stat.isreg + - stat_tmp_resolv_conf.stat.pw_name == 'root' + - stat_tmp_resolv_conf.stat.gr_name == 'root' + - stat_tmp_resolv_conf.stat.mode == '0644' + - "'search example.org az1.example.org' in (slurp_tmp_resolv_conf.content|b64decode)" + - "'nameserver 10.1.20.53' in (slurp_tmp_resolv_conf.content|b64decode)" + - "'nameserver 10.1.20.54' in (slurp_tmp_resolv_conf.content|b64decode)" + - "'options edns0 rotate' in (slurp_tmp_resolv_conf.content|b64decode)" diff --git a/tasks/resolv_conf.yml b/tasks/resolv_conf.yml index 69d355c..af45bbd 100644 --- a/tasks/resolv_conf.yml +++ b/tasks/resolv_conf.yml @@ -7,3 +7,4 @@ owner: root group: root mode: '0644' + become: true diff --git a/tasks/resolved_conf.yml b/tasks/resolved_conf.yml index 2398ecc..087a3f7 100644 --- a/tasks/resolved_conf.yml +++ b/tasks/resolved_conf.yml @@ -7,3 +7,4 @@ owner: root group: root mode: '0644' + become: true diff --git a/tasks/systemd.yml b/tasks/systemd.yml index 76b3e2f..b91f981 100644 --- a/tasks/systemd.yml +++ b/tasks/systemd.yml @@ -1,7 +1,12 @@ --- # task/systemd file for dns_resolver_conf +- name: "Populate service facts" + ansible.builtin.service_facts: + - name: "Configure systemd-resolved" ansible.builtin.service: name: systemd-resolved enabled: "{{ 'true' if not dns_resolv_conf_disable_resolvectl else 'false' }}" state: "{{ 'started' if not dns_resolv_conf_disable_resolvectl else 'stopped' }}" + when: "'systemd-resolved.service' in ansible_facts.services" + become: true