From cc383f95b32704f81e5133010c1ff5887568af05 Mon Sep 17 00:00:00 2001 From: Bertrand Lanson Date: Wed, 12 Jul 2023 22:35:33 +0200 Subject: [PATCH] tests failing because of what appears to be a bug in molecule, added debian 12 support --- .gitlab-ci.yml | 82 ----------------------- LICENSE | 2 +- README.md | 6 +- meta/main.yml | 1 + molecule/default/group_vars/all.yml | 3 + molecule/default/molecule.yml | 2 +- molecule/default/verify.yml | 67 ++++++++++++++++++ molecule/with_ssh_keys/group_vars/all.yml | 4 +- molecule/with_ssh_keys/verify.yml | 19 ++++++ 9 files changed, 97 insertions(+), 89 deletions(-) delete mode 100644 .gitlab-ci.yml create mode 100644 molecule/default/group_vars/all.yml create mode 100644 molecule/default/verify.yml create mode 100644 molecule/with_ssh_keys/verify.yml diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml deleted file mode 100644 index 1769576..0000000 --- a/.gitlab-ci.yml +++ /dev/null @@ -1,82 +0,0 @@ ---- -stages: - - verify - - test-default - - test-with-ssh-keys - -image: - name: registry.ednz.fr/forge/ansible-runner - -variables: - ANSIBLE_HOST_KEY_CHECKING: 'false' - ANSIBLE_FORCE_COLOR: 'true' - ANSIBLE_PYTHON_INTERPRETER: /usr/bin/python3 - DOCKER_AUTH_CONFIG: $CI_DOCKER_AUTH_CONFIG - -.stage-test-default: - stage: test-default - -.stage-test-with-ssh-keys: - stage: test-with-ssh-keys - -.variables-ubuntu-2004: - variables: - MOLECULE_TEST_OS: "ubuntu2004" - -.variables-ubuntu-2204: - variables: - MOLECULE_TEST_OS: "ubuntu2204" - -.variables-debian-11: - variables: - MOLECULE_TEST_OS: "debian11" - -.script-molecule-test-default: - script: - - molecule test - -.script-molecule-test-with-ssh-keys: - script: - - molecule test -s with_ssh_keys - -ansible-verify: - stage: verify - script: - - yamllint . -c .yamllint - - ansible-lint - -ansible-test-ubuntu-2004-default: - extends: - - .stage-test-default - - .variables-ubuntu-2004 - - .script-molecule-test-default - -ansible-test-ubuntu-2204-default: - extends: - - .stage-test-default - - .variables-ubuntu-2204 - - .script-molecule-test-default - -ansible-test-debian-11-default: - extends: - - .stage-test-default - - .variables-debian-11 - - .script-molecule-test-default - -ansible-test-ubuntu-2004-with-ssh-keys: - extends: - - .stage-test-with-ssh-keys - - .variables-ubuntu-2004 - - .script-molecule-test-with-ssh-keys - -ansible-test-ubuntu-2204-with-ssh-keys: - extends: - - .stage-test-with-ssh-keys - - .variables-ubuntu-2204 - - .script-molecule-test-with-ssh-keys - -ansible-test-debian-11-with-ssh-keys: - extends: - - .stage-test-with-ssh-keys - - .variables-debian-11 - - .script-molecule-test-with-ssh-keys diff --git a/LICENSE b/LICENSE index 9ef042d..c9a37e5 100644 --- a/LICENSE +++ b/LICENSE @@ -1,6 +1,6 @@ The MIT License (MIT) -Copyright (c) 2017 Jeff Geerling +Copyright (c) 2017 Bertrand Lanson Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in diff --git a/README.md b/README.md index be1e763..ee0224f 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ -Provision ansible user +provision_ansible_user ========= -> This repository is only a mirror. Development and testing is done on a private gitlab server. +> This repository is only a mirror. Development and testing is done on a private gitea server. This role configures the ansible service user on **debian-based** distributions. @@ -130,4 +130,4 @@ MIT / BSD Author Information ------------------ -This role was created by Bertrand Lanson in 2023. \ No newline at end of file +This role was created by Bertrand Lanson in 2023. diff --git a/meta/main.yml b/meta/main.yml index 987b506..2c2eed8 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -15,6 +15,7 @@ galaxy_info: - name: Debian versions: - bullseye + - bookworm galaxy_tags: - 'ubuntu' - 'debian' diff --git a/molecule/default/group_vars/all.yml b/molecule/default/group_vars/all.yml new file mode 100644 index 0000000..4f82a3e --- /dev/null +++ b/molecule/default/group_vars/all.yml @@ -0,0 +1,3 @@ +--- +provision_ansible_user_name: deploy +provision_ansible_user_group: deploy diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index 7a62eb2..49efc7f 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -20,7 +20,7 @@ provisioner: defaults: remote_tmp: /tmp/.ansible verifier: - name: testinfra + name: ansible scenario: name: default test_sequence: diff --git a/molecule/default/verify.yml b/molecule/default/verify.yml new file mode 100644 index 0000000..09c0ecf --- /dev/null +++ b/molecule/default/verify.yml @@ -0,0 +1,67 @@ +--- +- name: Verify + hosts: all + gather_facts: false + tasks: + - name: "Test: file /etc/hosts" + block: + - name: "Stat file /etc/hosts" + ansible.builtin.stat: + path: "/etc/hosts" + register: stat_etc_hosts + + - name: "Verify file /etc/hosts" + ansible.builtin.assert: + that: + - stat_etc_hosts.stat.exists + - stat_etc_hosts.stat.isreg + - stat_etc_hosts.stat.pw_name == 'root' + - stat_etc_hosts.stat.gr_name == 'root' + + - name: "Test: ansible user and group" + block: + - name: "Getent user ansible" + ansible.builtin.getent: + database: passwd + key: deploy + register: ansible_user + + - name: "Getent group consul" + ansible.builtin.getent: + database: group + key: deploy + register: ansible_group + + - name: "Verify ansible user and group" + ansible.builtin.assert: + that: + - not ansible_user.failed + - not ansible_group.failed + - "'deploy' in ansible_user.ansible_facts.getent_passwd.keys()" + - "'/opt/deploy' in ansible_user.ansible_facts.getent_passwd['deploy']" + - "'/bin/bash' in ansible_user.ansible_facts.getent_passwd['deploy']" + - "'deploy' in ansible_group.ansible_facts.getent_group.keys()" + + - name: "Test: ansible sudo permissions" + block: + - name: "Stat file /etc/sudoers.d/deploy" + ansible.builtin.stat: + path: "/etc/sudoers.d" + register: stat_etc_sudoers_d_ansible + + - name: "Verify file /etc/sudoers.d/deploy" + ansible.builtin.assert: + that: + - not stat_etc_sudoers_d_ansible.stat.exists + + - name: "Test: ansible authorized_keys" + block: + - name: "Stat file /opt/deploy/.ssh/authorized_keys" + ansible.builtin.stat: + path: "/opt/deploy/.ssh/authorized_keys" + register: stat_opt_ansible_ssh_authorized_keys + + - name: "Verify file /opt/deploy/.ssh/authorized_keys" + ansible.builtin.assert: + that: + - not stat_opt_ansible_ssh_authorized_keys.stat.exists diff --git a/molecule/with_ssh_keys/group_vars/all.yml b/molecule/with_ssh_keys/group_vars/all.yml index 0cd9858..de080fe 100644 --- a/molecule/with_ssh_keys/group_vars/all.yml +++ b/molecule/with_ssh_keys/group_vars/all.yml @@ -1,6 +1,6 @@ --- -provision_ansible_user_name: ansible -provision_ansible_user_group: ansible +provision_ansible_user_name: deploy +provision_ansible_user_group: deploy provision_ansible_user_password: "*" provision_ansible_user_is_system: true provision_ansible_user_home: /opt/{{ provision_ansible_user_name }} diff --git a/molecule/with_ssh_keys/verify.yml b/molecule/with_ssh_keys/verify.yml new file mode 100644 index 0000000..bf52da2 --- /dev/null +++ b/molecule/with_ssh_keys/verify.yml @@ -0,0 +1,19 @@ +--- +- name: Verify + hosts: all + gather_facts: false + tasks: + - name: "Test: file /etc/hosts" + block: + - name: "Stat file /etc/hosts" + ansible.builtin.stat: + path: "/etc/hosts" + register: stat_etc_hosts + + - name: "Verify file /etc/hosts" + ansible.builtin.assert: + that: + - stat_etc_hosts.stat.exists + - stat_etc_hosts.stat.isreg + - stat_etc_hosts.stat.pw_name == 'root' + - stat_etc_hosts.stat.gr_name == 'root'