template tests for ansible
This commit is contained in:
parent
d0df63a6e9
commit
33b1f444b7
@ -1,82 +0,0 @@
|
|||||||
---
|
|
||||||
stages:
|
|
||||||
- verify
|
|
||||||
- test-default
|
|
||||||
- test-with-ssh-keys
|
|
||||||
|
|
||||||
image:
|
|
||||||
name: registry.ednz.fr/forge/ansible-runner
|
|
||||||
|
|
||||||
variables:
|
|
||||||
ANSIBLE_HOST_KEY_CHECKING: 'false'
|
|
||||||
ANSIBLE_FORCE_COLOR: 'true'
|
|
||||||
ANSIBLE_PYTHON_INTERPRETER: /usr/bin/python3
|
|
||||||
DOCKER_AUTH_CONFIG: $CI_DOCKER_AUTH_CONFIG
|
|
||||||
|
|
||||||
.stage-test-default:
|
|
||||||
stage: test-default
|
|
||||||
|
|
||||||
.stage-test-with-ssh-keys:
|
|
||||||
stage: test-with-ssh-keys
|
|
||||||
|
|
||||||
.variables-ubuntu-2004:
|
|
||||||
variables:
|
|
||||||
MOLECULE_TEST_OS: "ubuntu2004"
|
|
||||||
|
|
||||||
.variables-ubuntu-2204:
|
|
||||||
variables:
|
|
||||||
MOLECULE_TEST_OS: "ubuntu2204"
|
|
||||||
|
|
||||||
.variables-debian-11:
|
|
||||||
variables:
|
|
||||||
MOLECULE_TEST_OS: "debian11"
|
|
||||||
|
|
||||||
.script-molecule-test-default:
|
|
||||||
script:
|
|
||||||
- molecule test
|
|
||||||
|
|
||||||
.script-molecule-test-with-ssh-keys:
|
|
||||||
script:
|
|
||||||
- molecule test -s with_ssh_keys
|
|
||||||
|
|
||||||
ansible-verify:
|
|
||||||
stage: verify
|
|
||||||
script:
|
|
||||||
- yamllint . -c .yamllint
|
|
||||||
- ansible-lint
|
|
||||||
|
|
||||||
ansible-test-ubuntu-2004-default:
|
|
||||||
extends:
|
|
||||||
- .stage-test-default
|
|
||||||
- .variables-ubuntu-2004
|
|
||||||
- .script-molecule-test-default
|
|
||||||
|
|
||||||
ansible-test-ubuntu-2204-default:
|
|
||||||
extends:
|
|
||||||
- .stage-test-default
|
|
||||||
- .variables-ubuntu-2204
|
|
||||||
- .script-molecule-test-default
|
|
||||||
|
|
||||||
ansible-test-debian-11-default:
|
|
||||||
extends:
|
|
||||||
- .stage-test-default
|
|
||||||
- .variables-debian-11
|
|
||||||
- .script-molecule-test-default
|
|
||||||
|
|
||||||
ansible-test-ubuntu-2004-with-ssh-keys:
|
|
||||||
extends:
|
|
||||||
- .stage-test-with-ssh-keys
|
|
||||||
- .variables-ubuntu-2004
|
|
||||||
- .script-molecule-test-with-ssh-keys
|
|
||||||
|
|
||||||
ansible-test-ubuntu-2204-with-ssh-keys:
|
|
||||||
extends:
|
|
||||||
- .stage-test-with-ssh-keys
|
|
||||||
- .variables-ubuntu-2204
|
|
||||||
- .script-molecule-test-with-ssh-keys
|
|
||||||
|
|
||||||
ansible-test-debian-11-with-ssh-keys:
|
|
||||||
extends:
|
|
||||||
- .stage-test-with-ssh-keys
|
|
||||||
- .variables-debian-11
|
|
||||||
- .script-molecule-test-with-ssh-keys
|
|
@ -18,153 +18,50 @@
|
|||||||
- stat_etc_hosts.stat.pw_name == 'root'
|
- stat_etc_hosts.stat.pw_name == 'root'
|
||||||
- stat_etc_hosts.stat.gr_name == 'root'
|
- stat_etc_hosts.stat.gr_name == 'root'
|
||||||
|
|
||||||
- name: "Test: consul user and group"
|
- name: "Test: ansible user and group"
|
||||||
block:
|
block:
|
||||||
- name: "Getent user consul"
|
- name: "Getent user ansible"
|
||||||
ansible.builtin.getent:
|
ansible.builtin.getent:
|
||||||
database: passwd
|
database: passwd
|
||||||
key: consul
|
key: deploy
|
||||||
register: consul_user
|
register: ansible_user
|
||||||
|
|
||||||
- name: "Getent group consul"
|
- name: "Getent group ansible"
|
||||||
ansible.builtin.getent:
|
ansible.builtin.getent:
|
||||||
database: group
|
database: group
|
||||||
key: consul
|
key: deploy
|
||||||
register: consul_group
|
register: ansible_group
|
||||||
|
|
||||||
- name: "Verify consul user and group"
|
- name: "Verify ansible user and group"
|
||||||
ansible.builtin.assert:
|
ansible.builtin.assert:
|
||||||
that:
|
that:
|
||||||
- not consul_user.failed
|
- not ansible_user.failed
|
||||||
- not consul_group.failed
|
- not ansible_group.failed
|
||||||
- "'consul' in consul_user.ansible_facts.getent_passwd.keys()"
|
- "'deploy' in ansible_user.ansible_facts.getent_passwd.keys()"
|
||||||
- "'/home/consul' in consul_user.ansible_facts.getent_passwd['consul']"
|
- "'/opt/deploy' in ansible_user.ansible_facts.getent_passwd['deploy']"
|
||||||
- "'/bin/false' in consul_user.ansible_facts.getent_passwd['consul']"
|
- "'/bin/bash' in ansible_user.ansible_facts.getent_passwd['deploy']"
|
||||||
- "'consul' in consul_group.ansible_facts.getent_group.keys()"
|
- "'deploy' in ansible_group.ansible_facts.getent_group.keys()"
|
||||||
|
|
||||||
- name: "Test: directory /etc/consul.d"
|
- name: "Test: ansible sudo permissions"
|
||||||
block:
|
block:
|
||||||
- name: "Stat directory /etc/consul.d"
|
- name: "Stat file /etc/sudoers.d/deploy"
|
||||||
ansible.builtin.stat:
|
ansible.builtin.stat:
|
||||||
path: "/etc/consul.d"
|
path: "/etc/sudoers.d"
|
||||||
register: stat_etc_consul_d
|
register: stat_etc_sudoers_d_ansible
|
||||||
|
|
||||||
- name: "Stat file /etc/consul.d/consul.env"
|
- name: "Verify file /etc/sudoers.d/deploy"
|
||||||
ansible.builtin.stat:
|
|
||||||
path: "/etc/consul.d/consul.env"
|
|
||||||
register: stat_etc_consul_d_consul_env
|
|
||||||
|
|
||||||
- name: "Stat file /etc/consul.d/consul.json"
|
|
||||||
ansible.builtin.stat:
|
|
||||||
path: "/etc/consul.d/consul.json"
|
|
||||||
register: stat_etc_consul_d_consul_json
|
|
||||||
|
|
||||||
- name: "Slurp file /etc/consul.d/consul.json"
|
|
||||||
ansible.builtin.slurp:
|
|
||||||
src: "/etc/consul.d/consul.json"
|
|
||||||
register: slurp_etc_consul_d_consul_json
|
|
||||||
|
|
||||||
- name: "Verify directory /etc/consul.d"
|
|
||||||
ansible.builtin.assert:
|
ansible.builtin.assert:
|
||||||
that:
|
that:
|
||||||
- stat_etc_consul_d.stat.exists
|
- not stat_etc_sudoers_d_ansible.stat.exists
|
||||||
- stat_etc_consul_d.stat.isdir
|
|
||||||
- stat_etc_consul_d.stat.pw_name == 'consul'
|
|
||||||
- stat_etc_consul_d.stat.gr_name == 'consul'
|
|
||||||
- stat_etc_consul_d.stat.mode == '0755'
|
|
||||||
- stat_etc_consul_d_consul_env.stat.exists
|
|
||||||
- stat_etc_consul_d_consul_env.stat.isreg
|
|
||||||
- stat_etc_consul_d_consul_env.stat.pw_name == 'consul'
|
|
||||||
- stat_etc_consul_d_consul_env.stat.gr_name == 'consul'
|
|
||||||
- stat_etc_consul_d_consul_env.stat.mode == '0600'
|
|
||||||
- stat_etc_consul_d_consul_json.stat.exists
|
|
||||||
- stat_etc_consul_d_consul_json.stat.isreg
|
|
||||||
- stat_etc_consul_d_consul_json.stat.pw_name == 'consul'
|
|
||||||
- stat_etc_consul_d_consul_json.stat.gr_name == 'consul'
|
|
||||||
- stat_etc_consul_d_consul_json.stat.mode == '0600'
|
|
||||||
- slurp_etc_consul_d_consul_json.content != ''
|
|
||||||
|
|
||||||
- name: "Test: directory /opt/consul"
|
- name: "Test: ansible authorized_keys"
|
||||||
block:
|
block:
|
||||||
- name: "Stat directory /opt/consul"
|
- name: "Stat file /opt/deploy/.ssh/authorized_keys"
|
||||||
ansible.builtin.stat:
|
ansible.builtin.stat:
|
||||||
path: "/opt/consul"
|
path: "/opt/deploy/.ssh/authorized_keys"
|
||||||
register: stat_opt_consul
|
register: stat_opt_ansible_ssh_authorized_keys
|
||||||
|
|
||||||
- name: "Verify directory /opt/consul"
|
- name: "Verify file /opt/deploy/.ssh/authorized_keys"
|
||||||
ansible.builtin.assert:
|
ansible.builtin.assert:
|
||||||
that:
|
that:
|
||||||
- stat_opt_consul.stat.exists
|
- not stat_opt_ansible_ssh_authorized_keys.stat.exists
|
||||||
- stat_opt_consul.stat.isdir
|
|
||||||
- stat_opt_consul.stat.pw_name == 'consul'
|
|
||||||
- stat_opt_consul.stat.gr_name == 'consul'
|
|
||||||
- stat_opt_consul.stat.mode == '0755'
|
|
||||||
|
|
||||||
- name: "Test: service consul"
|
|
||||||
block:
|
|
||||||
- name: "Get service consul"
|
|
||||||
ansible.builtin.service_facts:
|
|
||||||
|
|
||||||
- name: "Stat file /etc/systemd/system/consul.service"
|
|
||||||
ansible.builtin.stat:
|
|
||||||
path: "/etc/systemd/system/consul.service"
|
|
||||||
register: stat_etc_systemd_system_consul_service
|
|
||||||
|
|
||||||
- name: "Slurp file /etc/systemd/system/consul.service"
|
|
||||||
ansible.builtin.slurp:
|
|
||||||
src: "/etc/systemd/system/consul.service"
|
|
||||||
register: slurp_etc_systemd_system_consul_service
|
|
||||||
|
|
||||||
- name: "Verify service consul"
|
|
||||||
ansible.builtin.assert:
|
|
||||||
that:
|
|
||||||
- stat_etc_systemd_system_consul_service.stat.exists
|
|
||||||
- stat_etc_systemd_system_consul_service.stat.isreg
|
|
||||||
- stat_etc_systemd_system_consul_service.stat.pw_name == 'root'
|
|
||||||
- stat_etc_systemd_system_consul_service.stat.gr_name == 'root'
|
|
||||||
- stat_etc_systemd_system_consul_service.stat.mode == '0644'
|
|
||||||
- slurp_etc_systemd_system_consul_service.content != ''
|
|
||||||
- ansible_facts.services['consul.service'] is defined
|
|
||||||
- ansible_facts.services['consul.service']['source'] == 'systemd'
|
|
||||||
- ansible_facts.services['consul.service']['state'] == 'running'
|
|
||||||
- ansible_facts.services['consul.service']['status'] == 'enabled'
|
|
||||||
|
|
||||||
- name: "Test: interaction consul"
|
|
||||||
vars:
|
|
||||||
acl_token: "1a1f2ce5-3730-47de-9a9c-89e037376bab"
|
|
||||||
block:
|
|
||||||
- name: "Command consul kv put"
|
|
||||||
ansible.builtin.command: "consul kv put foo bar"
|
|
||||||
environment:
|
|
||||||
CONSUL_HTTP_TOKEN: "{{ acl_token }}"
|
|
||||||
changed_when: false
|
|
||||||
register: consul_kv_put
|
|
||||||
|
|
||||||
- name: "Command consul kv get"
|
|
||||||
ansible.builtin.command: "consul kv get foo"
|
|
||||||
environment:
|
|
||||||
CONSUL_HTTP_TOKEN: "{{ acl_token }}"
|
|
||||||
changed_when: false
|
|
||||||
register: consul_kv_get
|
|
||||||
|
|
||||||
- name: "Command consul kv delete"
|
|
||||||
ansible.builtin.command: "consul kv delete foo"
|
|
||||||
environment:
|
|
||||||
CONSUL_HTTP_TOKEN: "{{ acl_token }}"
|
|
||||||
changed_when: false
|
|
||||||
register: consul_kv_delete
|
|
||||||
|
|
||||||
- name: "Command consul members"
|
|
||||||
ansible.builtin.command: "consul members"
|
|
||||||
environment:
|
|
||||||
CONSUL_HTTP_TOKEN: "{{ acl_token }}"
|
|
||||||
changed_when: false
|
|
||||||
register: consul_members
|
|
||||||
|
|
||||||
- name: "Verify consul interaction"
|
|
||||||
ansible.builtin.assert:
|
|
||||||
that:
|
|
||||||
- "'instance' in consul_members.stdout"
|
|
||||||
- consul_kv_put.stdout == 'Success! Data written to: foo'
|
|
||||||
- consul_kv_get.stdout == 'bar'
|
|
||||||
- consul_kv_delete.stdout == 'Success! Deleted key: foo'
|
|
||||||
|
67
molecule/with_ssh_keys/verify.yml
Normal file
67
molecule/with_ssh_keys/verify.yml
Normal file
@ -0,0 +1,67 @@
|
|||||||
|
---
|
||||||
|
- name: Verify
|
||||||
|
hosts: all
|
||||||
|
gather_facts: false
|
||||||
|
tasks:
|
||||||
|
- name: "Test: file /etc/hosts"
|
||||||
|
block:
|
||||||
|
- name: "Stat file /etc/hosts"
|
||||||
|
ansible.builtin.stat:
|
||||||
|
path: "/etc/hosts"
|
||||||
|
register: stat_etc_hosts
|
||||||
|
|
||||||
|
- name: "Verify file /etc/hosts"
|
||||||
|
ansible.builtin.assert:
|
||||||
|
that:
|
||||||
|
- stat_etc_hosts.stat.exists
|
||||||
|
- stat_etc_hosts.stat.isreg
|
||||||
|
- stat_etc_hosts.stat.pw_name == 'root'
|
||||||
|
- stat_etc_hosts.stat.gr_name == 'root'
|
||||||
|
|
||||||
|
- name: "Test: ansible user and group"
|
||||||
|
block:
|
||||||
|
- name: "Getent user ansible"
|
||||||
|
ansible.builtin.getent:
|
||||||
|
database: passwd
|
||||||
|
key: deploy
|
||||||
|
register: ansible_user
|
||||||
|
|
||||||
|
- name: "Getent group ansible"
|
||||||
|
ansible.builtin.getent:
|
||||||
|
database: group
|
||||||
|
key: deploy
|
||||||
|
register: ansible_group
|
||||||
|
|
||||||
|
- name: "Verify ansible user and group"
|
||||||
|
ansible.builtin.assert:
|
||||||
|
that:
|
||||||
|
- not ansible_user.failed
|
||||||
|
- not ansible_group.failed
|
||||||
|
- "'deploy' in ansible_user.ansible_facts.getent_passwd.keys()"
|
||||||
|
- "'/opt/deploy' in ansible_user.ansible_facts.getent_passwd['deploy']"
|
||||||
|
- "'/bin/bash' in ansible_user.ansible_facts.getent_passwd['deploy']"
|
||||||
|
- "'deploy' in ansible_group.ansible_facts.getent_group.keys()"
|
||||||
|
|
||||||
|
- name: "Test: ansible sudo permissions"
|
||||||
|
block:
|
||||||
|
- name: "Stat file /etc/sudoers.d/deploy"
|
||||||
|
ansible.builtin.stat:
|
||||||
|
path: "/etc/sudoers.d"
|
||||||
|
register: stat_etc_sudoers_d_ansible
|
||||||
|
|
||||||
|
- name: "Verify file /etc/sudoers.d/deploy"
|
||||||
|
ansible.builtin.assert:
|
||||||
|
that:
|
||||||
|
- not stat_etc_sudoers_d_ansible.stat.exists
|
||||||
|
|
||||||
|
- name: "Test: ansible authorized_keys"
|
||||||
|
block:
|
||||||
|
- name: "Stat file /opt/deploy/.ssh/authorized_keys"
|
||||||
|
ansible.builtin.stat:
|
||||||
|
path: "/opt/deploy/.ssh/authorized_keys"
|
||||||
|
register: stat_opt_ansible_ssh_authorized_keys
|
||||||
|
|
||||||
|
- name: "Verify file /opt/deploy/.ssh/authorized_keys"
|
||||||
|
ansible.builtin.assert:
|
||||||
|
that:
|
||||||
|
- not stat_opt_ansible_ssh_authorized_keys.stat.exists
|
Loading…
Reference in New Issue
Block a user