From 5c276cef799919ab88124db54c15993c5c73e1fb Mon Sep 17 00:00:00 2001 From: Rafael Guterres Jeffman Date: Wed, 28 Dec 2022 16:07:51 -0300 Subject: [PATCH] upstream CI: Add support for multihost testing. Use Github hosted macOS runner and Vagrant to spawn multiple hosts allowing deployment roles and multihost testing. Milestone: Up to this point, an IPA server can be deployed. --- .ansible-lint | 1 + .github/workflows/multihost.yml | 72 ++++++++++++++++++++++ .gitignore | 3 + tests/multihost/README-vagrant.md | 35 +++++++++++ tests/multihost/Vagrantfile | 48 +++++++++++++++ tests/multihost/playbooks | 1 + tests/multihost/vagrant-inventory.yml | 87 +++++++++++++++++++++++++++ 7 files changed, 247 insertions(+) create mode 100644 .github/workflows/multihost.yml create mode 100644 tests/multihost/README-vagrant.md create mode 100644 tests/multihost/Vagrantfile create mode 120000 tests/multihost/playbooks create mode 100644 tests/multihost/vagrant-inventory.yml diff --git a/.ansible-lint b/.ansible-lint index 7aeb2ef52..bef33f2b7 100644 --- a/.ansible-lint +++ b/.ansible-lint @@ -12,6 +12,7 @@ exclude_paths: - meta/runtime.yml - requirements-docker.yml - requirements-podman.yml + - tests/multihost/vagrant-inventory.yml kinds: - playbook: '**/tests/**/test_*.yml' diff --git a/.github/workflows/multihost.yml b/.github/workflows/multihost.yml new file mode 100644 index 000000000..c20159c3f --- /dev/null +++ b/.github/workflows/multihost.yml @@ -0,0 +1,72 @@ +name: Multihost Testing + +on: + - push + - pull_request + +jobs: + multihost-testing: + name: "Multihost tests" + # Only macos provides Vagrant. + runs-on: macos-12 + defaults: + run: + working-directory: tests/multihost + + steps: + - uses: actions/checkout@v3.1.0 + with: + fetch-depth: 0 + + - uses: actions/setup-python@v4.3.0 + with: + python-version: "3.x" + + - name: Install Ansible + run: pip install ansible-core + + - name: Ansible version + run: ansible --version + + - name: Prepare ansible-freeipa environment + working-directory: ../.. + run: | + pwd + rm -rf ~/.ansible + mkdir ~/.ansible + ln -s $(pwd)/roles ~/.ansible/ + ln -s $(pwd)/plugins ~/.ansible/ + ls -l ~/.ansible/* + + - name: Show Vagrant version + run: | + pwd + vagrant --version + + - name: Run vagrant up + run: vagrant up + + - name: Get vagrant ssh config + run: | + pwd + vagrant ssh-config | tee "vagrant-ssh" + + - name: Hosts IP info + run: | + pwd + vagrant ssh -c "ip addr" server.ipa.test + vagrant ssh -c "ip addr" rep-01.ipa.test + vagrant ssh -c "ip addr" cli-01.ipa.test + + - name: Ansible ping target hosts. + run: | + ansible -i vagrant-inventory.yml --ssh-extra-args "-F vagrant-ssh" -m ping all + + # Here is where you add tests... + - name: Test IPA server deploy + run: ansible-playbook -i vagrant-inventory.yml --ssh-extra-args "-F vagrant-ssh" playbooks/install-server.yml + + # ... + + - name: Stop vagrant + run: vagrant destroy -f diff --git a/.gitignore b/.gitignore index 3e46ed636..7250aa9c1 100644 --- a/.gitignore +++ b/.gitignore @@ -5,4 +5,7 @@ /.tox/ /.venv/ +# ignore Vagrant data +/.vagrant/ + tests/logs/ diff --git a/tests/multihost/README-vagrant.md b/tests/multihost/README-vagrant.md new file mode 100644 index 000000000..cc1d0bc73 --- /dev/null +++ b/tests/multihost/README-vagrant.md @@ -0,0 +1,35 @@ +Multihost testing with Vagrant +============================== + +To test ipaserver role and ipabackup restore options, it is required that a target node without IPA installed is provided. To test ipareplica and ipacilent roles, it is required that a multihost environvent is available, and at least one target node does not have IPA installed. This environment must have proper networking configuration and some isolation for the tarkget nodes not provided by containers. + +By using Vagrant along with Github Workflows we can have nested virtualization, allowing the creation of three virtual machine nodes that will play the roles of primary server, replica and client. The use of Vagrant also allows the use of a similar environment to run the tests in a developer's local machine, if desired. + +Github workflows only allows nested vintualization within _macOS_ runners \[[1]\]\[[2]\]. A nice side effect of using macOS runners is that there is some more available memory for the VMs \[[3]\], which might allow the use of a Windows node in the future. + +As of this writing, there were some issues running Vagrant on `macos-latest`, and as it is transitioning from `macos-11` to `macos-12`, it was decided that the runner used will be pinned to `mac-12`. + +In the current setup there are three nodes: + +* Server: + * hostname: server.ipa.test + * private network ip: 192.168.56.101 + * RAM: 2048 MB +* Replica: + * hostname: rep-01.ipa.test + * private network ip: 192.168.56.102 + * RAM: 2048 MB +* Client: + * hostname: cli-01.ipa.test + * private network ip: 192.168.56.103 + * RAM: 512 MB + +The private network addresses used were selected due to Github Workflow configuration, which only allows addresses for network `192.168.56.0/21`. + +Ansible controller is the runner, a macOS host with the latest `ansible-core` version available through `pip`. Connection to the hosts is done through Vagrant `ssh-config` setup. + +To execute a playbook, use `ansible-playbook -i vagrant-inventory.yml --ssh-extra-args "-F vagrant-ssh" `. The current directory is `/tests/multihost`. + +[1]: https://github.com/actions/runner-images/issues/183 +[2]: https://github.com/actions/runner-images/issues/433 +[3]: https://docs.github.com/en/actions/using-github-hosted-runners/about-github-hosted-runners#supported-runners-and-hardware-resources \ No newline at end of file diff --git a/tests/multihost/Vagrantfile b/tests/multihost/Vagrantfile new file mode 100644 index 000000000..6b9da0fb9 --- /dev/null +++ b/tests/multihost/Vagrantfile @@ -0,0 +1,48 @@ +# -*- mode: ruby -*- +# vi: set ft=ruby : + +Vagrant.configure("2") do |config| + config.vm.box = "fedora/37-cloud-base" + config.vm.synced_folder ".", "/vagrant", disabled: true + + config.vm.provider :libvirt do |libvirt| + libvirt.qemu_use_session = false + libvirt.memory = 2048 + end + config.vm.provider :virtualbox do |virtualbox| + virtualbox.memory = 2048 + end + + # Prevent SharedFoldersEnableSymlinksCreate errors + config.vm.synced_folder ".", "/vagrant", disabled: true + # increase boot timeout (8 minutes). + config.vm.boot_timeout = 8 * 60 + + + config.vm.define "server.ipa.test" do |server| + server.vm.network "private_network", :ip => '192.168.56.101' + server.vm.hostname = "server.ipa.test" + server.vm.provision "shell", + inline: "echo '192.168.56.101 server.ipa.test' >> /etc/hosts" + end + + config.vm.define "rep-01.ipa.test" do |replica| + replica.vm.network "private_network", :ip => '192.168.56.102' + replica.vm.hostname="rep-01.ipa.test" + replica.vm.provision "shell", + inline: "echo '192.168.56.102 replica.ipa.test' >> /etc/hosts" + end + + config.vm.define "cli-01.ipa.test" do |client| + client.vm.network "private_network", :ip => '192.168.56.103' + client.vm.hostname="cli-01.ipa.test" + client.vm.provider :libvirt do |cmv| + cmv.memory = 512 + end + client.vm.provider :virtualbox do |cmv| + cmv.memory = 512 + end + end + +end + diff --git a/tests/multihost/playbooks b/tests/multihost/playbooks new file mode 120000 index 000000000..f32585fef --- /dev/null +++ b/tests/multihost/playbooks @@ -0,0 +1 @@ +../../playbooks \ No newline at end of file diff --git a/tests/multihost/vagrant-inventory.yml b/tests/multihost/vagrant-inventory.yml new file mode 100644 index 000000000..66065ea85 --- /dev/null +++ b/tests/multihost/vagrant-inventory.yml @@ -0,0 +1,87 @@ +--- +all: + vars: + ipa_dm_password: SomeDMpassword + ipa_admin_password: SomeADMINpassword + ipaserver_domain: ipa.test + ipaserver_realm: IPA.TEST + ipareplica_realm: IPA.TEST + ipadm_password: "{{ ipa_dm_password }}" + ipaadmin_password: "{{ ipa_admin_password }}" + children: + # define cluster + ipacluster: + children: + ipaserver: + ipareplicas: + ipaclients: + # IPA First (CA Renewal) Server + ipaserver: + hosts: + "server.ipa.test": + # Ansible connection configuration + ansible_ssh_user: vagrant + ansible_ssh_private_key_file: ".vagrant/machines/server/libvirt/private_key" + ansible_ssh_host_key_checking: no + # IPA Configuration. + vars: + # KRA + ipaserver_setup_kra: yes + # DNS + ipaserver_setup_dns: yes + ipaserver_forwarders: 1.1.1.1 + ipaserver_auto_reverse: yes + ipaserver_allow_zone_overlap: yes + # this is required for AD trust + ipaserver_no_dnssec_validation: yes + # trust vars + ipaserver_setup_adtrust: yes + # disable 'allow all' HBAC rule + ipaserver_no_hbac_allow: yes + # other vars + # IPA Replica Servers + ipareplicas: + hosts: + "rep-01.ipa.test": + # Ansible connection configuration + ansible_ssh_user: vagrant + ansible_ssh_private_key_file: ".vagrant/machines/replica/libvirt/private_key" + ansible_ssh_host_key_checking: no + # IPA Configuration. + # CA backup + ipareplica_setup_ca: yes + # KRA backup + ipareplica_setup_kra: yes + # DNS backup + ipareplica_setup_dns: yes + ipareplica_no_dnssec_validation: yes + ipareplica_no_forwarders: yes + # Trust backup + ipareplica_setup_trust: yes + vars: + # ipaclient_force_join: yes + # Update IP addressess + ipaclient_all_ip_addresses: yes + # Automatically handle DNS nameservers (v1.9.0+) + # ipaclient_configure_dns_resolver: yes + # ipaclient_dns_servers: + # - 192.168.56.11 + # - 192.168.56.10 + # IPA Client hosts + ipaclients: + hosts: + "cli-01.ipa.test": + # Ansible connection configuration + ansible_ssh_user: vagrant + ansible_ssh_private_key_file: ".vagrant/machines/client/libvirt/private_key" + ansible_ssh_host_key_checking: no + # IPA Configuration. + vars: + ipaclient_mkhomedir: yes + # Add client DNS entries + ipaclient_all_ip_addresses: yes + # Automatically handle DNS nameservers (v1.9.0+) + # ipaclient_configure_dns_resolver: yes + # ipaclient_dns_servers: + # - 192.168.56.10 + # - 192.168.56.11