ansible-roles/provision_ansible_user
ansible-roles/provision_ansible_user
4
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

tests failing because of what appears to be a bug in molecule, added debian 12 support

Browse Source
This commit is contained in:
Bertrand Lanson 2023-07-12 22:35:33 +02:00
parent 933bc54430
commit cc383f95b3
9 changed files with 97 additions and 89 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

82
.gitlab-ci.yml
View File

@ -1,82 +0,0 @@
---
stages:
- verify
- test-default
- test-with-ssh-keys
image:
name: registry.ednz.fr/forge/ansible-runner
variables:
ANSIBLE_HOST_KEY_CHECKING: 'false'
ANSIBLE_FORCE_COLOR: 'true'
ANSIBLE_PYTHON_INTERPRETER: /usr/bin/python3
DOCKER_AUTH_CONFIG: $CI_DOCKER_AUTH_CONFIG
.stage-test-default:
stage: test-default
.stage-test-with-ssh-keys:
stage: test-with-ssh-keys
.variables-ubuntu-2004:
variables:
MOLECULE_TEST_OS: "ubuntu2004"
.variables-ubuntu-2204:
variables:
MOLECULE_TEST_OS: "ubuntu2204"
.variables-debian-11:
variables:
MOLECULE_TEST_OS: "debian11"
.script-molecule-test-default:
script:
- molecule test
.script-molecule-test-with-ssh-keys:
script:
- molecule test -s with_ssh_keys
ansible-verify:
stage: verify
script:
- yamllint . -c .yamllint
- ansible-lint
ansible-test-ubuntu-2004-default:
extends:
- .stage-test-default
- .variables-ubuntu-2004
- .script-molecule-test-default
ansible-test-ubuntu-2204-default:
extends:
- .stage-test-default
- .variables-ubuntu-2204
- .script-molecule-test-default
ansible-test-debian-11-default:
extends:
- .stage-test-default
- .variables-debian-11
- .script-molecule-test-default
ansible-test-ubuntu-2004-with-ssh-keys:
extends:
- .stage-test-with-ssh-keys
- .variables-ubuntu-2004
- .script-molecule-test-with-ssh-keys
ansible-test-ubuntu-2204-with-ssh-keys:
extends:
- .stage-test-with-ssh-keys
- .variables-ubuntu-2204
- .script-molecule-test-with-ssh-keys
ansible-test-debian-11-with-ssh-keys:
extends:
- .stage-test-with-ssh-keys
- .variables-debian-11
- .script-molecule-test-with-ssh-keys

2
LICENSE
View File

@ -1,6 +1,6 @@
The MIT License (MIT) The MIT License (MIT)
Copyright (c) 2017 Jeff Geerling Copyright (c) 2017 Bertrand Lanson
Permission is hereby granted, free of charge, to any person obtaining a copy of Permission is hereby granted, free of charge, to any person obtaining a copy of
this software and associated documentation files (the "Software"), to deal in this software and associated documentation files (the "Software"), to deal in

4
README.md
View File

@ -1,6 +1,6 @@
Provision ansible user provision_ansible_user
========= =========
> This repository is only a mirror. Development and testing is done on a private gitlab server. > This repository is only a mirror. Development and testing is done on a private gitea server.
This role configures the ansible service user on **debian-based** distributions. This role configures the ansible service user on **debian-based** distributions.

1
meta/main.yml
View File

@ -15,6 +15,7 @@ galaxy_info:
- name: Debian - name: Debian
versions: versions:
- bullseye - bullseye
- bookworm
galaxy_tags: galaxy_tags:
- 'ubuntu' - 'ubuntu'
- 'debian' - 'debian'

3
molecule/default/group_vars/all.yml Normal file
View File

@ -0,0 +1,3 @@
---
provision_ansible_user_name: deploy
provision_ansible_user_group: deploy

2
molecule/default/molecule.yml
View File

@ -20,7 +20,7 @@ provisioner:
defaults: defaults:
remote_tmp: /tmp/.ansible remote_tmp: /tmp/.ansible
verifier: verifier:
name: testinfra name: ansible
scenario: scenario:
name: default name: default
test_sequence: test_sequence:

67
molecule/default/verify.yml Normal file
View File

@ -0,0 +1,67 @@
---
- name: Verify
hosts: all
gather_facts: false
tasks:
- name: "Test: file /etc/hosts"
block:
- name: "Stat file /etc/hosts"
ansible.builtin.stat:
path: "/etc/hosts"
register: stat_etc_hosts
- name: "Verify file /etc/hosts"
ansible.builtin.assert:
that:
- stat_etc_hosts.stat.exists
- stat_etc_hosts.stat.isreg
- stat_etc_hosts.stat.pw_name == 'root'
- stat_etc_hosts.stat.gr_name == 'root'
- name: "Test: ansible user and group"
block:
- name: "Getent user ansible"
ansible.builtin.getent:
database: passwd
key: deploy
register: ansible_user
- name: "Getent group consul"
ansible.builtin.getent:
database: group
key: deploy
register: ansible_group
- name: "Verify ansible user and group"
ansible.builtin.assert:
that:
- not ansible_user.failed
- not ansible_group.failed
- "'deploy' in ansible_user.ansible_facts.getent_passwd.keys()"
- "'/opt/deploy' in ansible_user.ansible_facts.getent_passwd['deploy']"
- "'/bin/bash' in ansible_user.ansible_facts.getent_passwd['deploy']"
- "'deploy' in ansible_group.ansible_facts.getent_group.keys()"
- name: "Test: ansible sudo permissions"
block:
- name: "Stat file /etc/sudoers.d/deploy"
ansible.builtin.stat:
path: "/etc/sudoers.d"
register: stat_etc_sudoers_d_ansible
- name: "Verify file /etc/sudoers.d/deploy"
ansible.builtin.assert:
that:
- not stat_etc_sudoers_d_ansible.stat.exists
- name: "Test: ansible authorized_keys"
block:
- name: "Stat file /opt/deploy/.ssh/authorized_keys"
ansible.builtin.stat:
path: "/opt/deploy/.ssh/authorized_keys"
register: stat_opt_ansible_ssh_authorized_keys
- name: "Verify file /opt/deploy/.ssh/authorized_keys"
ansible.builtin.assert:
that:
- not stat_opt_ansible_ssh_authorized_keys.stat.exists

4
molecule/with_ssh_keys/group_vars/all.yml
View File

@ -1,6 +1,6 @@
--- ---
provision_ansible_user_name: ansible provision_ansible_user_name: deploy
provision_ansible_user_group: ansible provision_ansible_user_group: deploy
provision_ansible_user_password: "*" provision_ansible_user_password: "*"
provision_ansible_user_is_system: true provision_ansible_user_is_system: true
provision_ansible_user_home: /opt/{{ provision_ansible_user_name }} provision_ansible_user_home: /opt/{{ provision_ansible_user_name }}

19
molecule/with_ssh_keys/verify.yml Normal file
View File

@ -0,0 +1,19 @@
---
- name: Verify
hosts: all
gather_facts: false
tasks:
- name: "Test: file /etc/hosts"
block:
- name: "Stat file /etc/hosts"
ansible.builtin.stat:
path: "/etc/hosts"
register: stat_etc_hosts
- name: "Verify file /etc/hosts"
ansible.builtin.assert:
that:
- stat_etc_hosts.stat.exists
- stat_etc_hosts.stat.isreg
- stat_etc_hosts.stat.pw_name == 'root'
- stat_etc_hosts.stat.gr_name == 'root'