From 3ce5b3654b33844221f1f695d106382f6a4ca159 Mon Sep 17 00:00:00 2001 From: Rafael Guterres Jeffman Date: Wed, 28 Dec 2022 16:07:51 -0300 Subject: [PATCH 1/8] upstream CI multihost: Create multihost environment To be able to use a multihost testing environment, it is required that a domain with a server along with clients or replcas and clients be deployed. This environment is much more complex to obtain using the current CI infrastructure that uses molecule and containers, due to the need of more isolation between the testing nodes. By using Github actions, and Github's hosted macOS runner along with Vagrant to spawn multiple virtual hosts, it is possible to create an environment with a few virtual machines, that provided the required isolation. This setup allows for both deployment role testing, and multihost testing. The runner has to be a macOS runner due to Github restrictions on nested virtualization. The runner has support for Python 3, and the latest versio of ansible-core is installed through 'pip. This host has a 3-core vCPU, 14 GB of RAM and 14Gb of storage. The guests configuration are: * server.ipa.test: 2500 MB of RAM * rep-01.ipa.test: 2500 MB of RAM * cli-01.ipa.test: 768 MB of RAM All guests are deployed with the oficial Fedora 38 cloud-base image. Workflow steps are executed from '/tests/multihost' unless this is overriden with 'working-directory'. As Github sets the proper working directory only when 'run' is executed, the default directory is the repository root (e.g. setting 'working-directory: .' will set the working directory to the repository root). Although it is possible to change the working-directory, a different configuration has not been tested. The playbooks were created so that environment variables can be used to change the domain configuration. This can be used to create multiple parallel jobs in a test matrix. The default configuration installs a server with embedded DNS, a replica with no extra service, and a client. --- .ansible-lint | 1 + .github/workflows/multihost.yml | 93 +++++++++++++++++++ .gitignore | 4 + tests/multihost/.gitignore | 2 + tests/multihost/README-vagrant.md | 93 +++++++++++++++++++ tests/multihost/Vagrantfile | 55 +++++++++++ tests/multihost/ensure-reverse-dns.yaml | 18 ++++ tests/multihost/get_ip.sh | 13 +++ tests/multihost/inventory/group_vars/all.yml | 2 + .../multihost/inventory/vagrant-inventory.yml | 87 +++++++++++++++++ tests/multihost/playbooks | 1 + 11 files changed, 369 insertions(+) create mode 100644 .github/workflows/multihost.yml create mode 100644 tests/multihost/.gitignore create mode 100644 tests/multihost/README-vagrant.md create mode 100644 tests/multihost/Vagrantfile create mode 100644 tests/multihost/ensure-reverse-dns.yaml create mode 100755 tests/multihost/get_ip.sh create mode 100644 tests/multihost/inventory/group_vars/all.yml create mode 100644 tests/multihost/inventory/vagrant-inventory.yml create mode 120000 tests/multihost/playbooks diff --git a/.ansible-lint b/.ansible-lint index abb18e927..fd0dee334 100644 --- a/.ansible-lint +++ b/.ansible-lint @@ -12,6 +12,7 @@ exclude_paths: - meta/runtime.yml - requirements-docker.yml - requirements-podman.yml + - tests/multihost/vagrant-inventory.yml kinds: - playbook: '**/tests/**/test_*.yml' diff --git a/.github/workflows/multihost.yml b/.github/workflows/multihost.yml new file mode 100644 index 000000000..a36407e10 --- /dev/null +++ b/.github/workflows/multihost.yml @@ -0,0 +1,93 @@ +name: Multihost Testing + +on: + - push + - pull_request + +jobs: + multihost-testing: + name: "Multihost tests" + # Only macos provides Vagrant. + runs-on: macos-12 + defaults: + run: + working-directory: tests/multihost + + steps: + - uses: actions/checkout@v3.1.0 + with: + fetch-depth: 0 + + - uses: actions/setup-python@v4.3.0 + with: + python-version: "3.x" + + - name: Install Ansible + run: pip install ansible-core + + - name: Ansible version + run: ansible --version + + - name: Prepare ansible-freeipa environment + working-directory: . + run: | + rm -rf ~/.ansible + mkdir ~/.ansible + ln -s $(pwd)/roles ~/.ansible/ + ln -s $(pwd)/plugins ~/.ansible/ + ls -l ~/.ansible/* + + - name: Show Vagrant version + run: | + vagrant --version + + - name: Run vagrant up + run: vagrant up + + - name: Get vagrant ssh config and IP addresses + run: | + vagrant ssh-config | tee "vagrant-ssh" | ./get_ip.sh > inventory/group_vars/all.yml + + - name: Ansible ping target hosts. + run: | + ansible -i inventory --ssh-extra-args "-F vagrant-ssh" -m ping all + + # Here is where you add tests... + - name: Test IPA server deploy + run: ansible-playbook -i inventory --ssh-extra-args "-F vagrant-ssh" playbooks/install-server.yml + + - name: Test IPA client deploy + run: ansible-playbook -i inventory --ssh-extra-args "-F vagrant-ssh" playbooks/install-client.yml + + #- name: Ensure server PTR records are available + # run: ansible-playbook -i inventory --ssh-extra-args "-F vagrant-ssh" ensure-reverse-dns.yaml + + - name: Test IPA replica deploy + run: ansible-playbook -i inventory --ssh-extra-args "-F vagrant-ssh" playbooks/install-replica.yml + + - name: Retrieve logs in case of ANY deploy failure + if: failure() + working-directory: . + run: | + ssh -F tests/multihost/vagrant-ssh server.ipa.test "sudo chmod a+r /var/log/*.log" + mkdir -p logs/server-logs + scp -F tests/multihost/vagrant-ssh vagrant@server.ipa.test:/var/log/{ipaserver,ipaclient}-install.log logs/server-logs || true + ssh -F tests/multihost/vagrant-ssh rep-01.ipa.test "sudo chmod a+r /var/log/*.log" + mkdir -p logs/replica-logs + scp -F tests/multihost/vagrant-ssh vagrant@rep-01.ipa.test:/var/log/{ipareplica,ipaclient}-install.log logs/replica-logs || true + ssh -F tests/multihost/vagrant-ssh cli-01.ipa.test "sudo chmod a+r /var/log/*.log" + mkdir -p logs/client-logs + scp -F tests/multihost/vagrant-ssh vagrant@cli-01.ipa.test:/var/log/ipaclient-install.log logs/client-logs || true + tar czvf multihost-logs.tar.gz logs + + - name: Save artifacts + if: failure() + # if: github.event.state == 'error' || github.event.state == 'failure' + uses: actions/upload-artifact@v3 + with: + path: multihost-logs.tar.gz + if-no-files-found: "ignore" + + # Cleanup + - name: Stop vagrant + run: vagrant destroy -f diff --git a/.gitignore b/.gitignore index 3e46ed636..45a605204 100644 --- a/.gitignore +++ b/.gitignore @@ -5,4 +5,8 @@ /.tox/ /.venv/ +# ignore Vagrant data +/.vagrant/ +/tests/multihost/vagrant-ssh + tests/logs/ diff --git a/tests/multihost/.gitignore b/tests/multihost/.gitignore new file mode 100644 index 000000000..c8c1782b8 --- /dev/null +++ b/tests/multihost/.gitignore @@ -0,0 +1,2 @@ +/.vagrant/ + diff --git a/tests/multihost/README-vagrant.md b/tests/multihost/README-vagrant.md new file mode 100644 index 000000000..f1235530d --- /dev/null +++ b/tests/multihost/README-vagrant.md @@ -0,0 +1,93 @@ +Multihost testing with Vagrant +============================== + +To test ipaserver role and ipabackup restore options, it is required that a target node without IPA installed is provided. To test ipareplica and ipaclient roles, it is required that a multihost environvent is available, and at least one target node does not have IPA installed. This environment must have proper networking configuration and some isolation for the tarkget nodes that is not provided by containers. + +By using Vagrant along with Github Workflows we can have nested virtualization, allowing the creation of virtual machine nodes that will play the roles of primary server, replicas and clients. The use of Vagrant also allows the use of a similar environment to run the tests in a developer's local machine, if desired. + +Github workflows only allows nested vintualization within _macOS_ runners \[[1]\]\[[2]\]. A nice side effect of using macOS runners is that there is some more available memory for the VMs \[[3]\], which might allow the use of a Windows node, or more replicas/clients in the future. + +The Ansible controller is the runner, a macOS host with the latest `ansible-core` version, installed through `pip`. Connection to the hosts is done through Vagrant `ssh-config` setup. + +To execute a playbook, use `ansible-playbook -i vagrant-inventory.yml --ssh-extra-args "-F vagrant-ssh" `. The current directory is `/tests/multihost`. + + +VM Configuration +---------------- + +Currently, only three VMs are used, and the hostnames and memory sizes cannot be changed. + +* Server: + * hostname: server.ipa.test + * RAM: 2500 MB +* Replica: + * hostname: rep-01.ipa.test + * private network ip: 192.168.56.102 + * RAM: 2500 MB +* Client: + * hostname: cli-01.ipa.test + * private network ip: 192.168.56.110 + * RAM: 768 MB + + +BASE Variables +---------------- + +| Name | Description | Type | Default +| `ipadm_password` | The password for the Directory Manager.| str | SomeDMpassword | +| `ipaadmin_password` | The password for the IPA admin user.| str | SomeADMINpassword | + + +Server Variables +---------------- + +| Name | Description | Type | Default +| `ipaserver_setup_kra`| Install and configure a KRA on this server. | bool | false | +| `ipaserver_setup_adtrust` | Configure AD Trust capability. | bool | false | +| `ipaserver_netbios_name` | The NetBIOS name for the IPA domain. | str | None | +| `ipaserver_setup_dns` | Configure an integrated DNS server, create DNS zone specified by domain. | bool | true | +| `ipaserver_auto_forwarders` | Add DNS forwarders configured in /etc/resolv.conf to the list of forwarders used by IPA DNS. | bool | true | +| `ipaserver_no_forwarders` | Do not add any DNS forwarders. Root DNS servers will be used instead. | bool | false | +| `ipaserver_forwarders` | Add DNS forwarders to the DNS configuration. | list of strings | \[\] | +| `ipaserver_auto_reverse` | Try to resolve reverse records and reverse zones for server IP addresses. | bool | true | +| `ipaserver_random_serial_numbers` | Enable use of random serial numbers for certificates. | bool | true | + +Also the following variables are always set: +```yaml +ipaserver_allow_zone_overlap: true +ipaserver_no_dnssec_validation: true +ipaserver_no_hbac_allow: true +``` + + +Replica Variables +---------------- + +| Name | Description | Type | Default +| `ipareplica_setup_kra`| Install and configure a KRA on this server. | bool | false | +| `ipareplica_setup_adtrust` | Configure AD Trust capability. | bool | false | +| `ipareplica_netbios_name` | The NetBIOS name for the IPA domain. | str | None | +| `ipareplica_setup_dns` | Configure an integrated DNS server, create DNS zone specified by domain. | bool | false | +| `ipareplica_auto_forwarders` | Add DNS forwarders configured in /etc/resolv.conf to the list of forwarders used by IPA DNS. | bool | true | +| `ipareplica_no_forwarders` | Do not add any DNS forwarders. Root DNS servers will be used instead. | bool | false | +| `ipareplica_forwarders` | Add DNS forwarders to the DNS configuration. | list of strings | \[\] | +| `ipareplica_auto_reverse` | Try to resolve reverse records and reverse zones for server IP addresses. | bool | true | +| `ipareplica_random_serial_numbers` | Enable use of random serial numbers for certificates. | bool | true | + + +Client Variables +---------------- + +Currently, no variables can be configured for the `ipaclient` role. + + +Caveats +------- + +As of this writing, there were some issues running Vagrant on `macos-latest`, and as it is transitioning from `macos-11` to `macos-12`, it was decided that the runner used will be pinned to `macos-12`. + + + +[1]: https://github.com/actions/runner-images/issues/183 +[2]: https://github.com/actions/runner-images/issues/433 +[3]: https://docs.github.com/en/actions/using-github-hosted-runners/about-github-hosted-runners#supported-runners-and-hardware-resources diff --git a/tests/multihost/Vagrantfile b/tests/multihost/Vagrantfile new file mode 100644 index 000000000..48acec06c --- /dev/null +++ b/tests/multihost/Vagrantfile @@ -0,0 +1,55 @@ +# -*- mode: ruby -*- +# vi: set ft=ruby : + +Vagrant.configure("2") do |config| + config.vm.box = "fedora/38-cloud-base" + + config.vm.provider :libvirt do |libvirt| + libvirt.qemu_use_session = false + libvirt.memory = 2500 + end + config.vm.provider :virtualbox do |virtualbox| + virtualbox.memory = 2500 + end + + # Prevent SharedFoldersEnableSymlinksCreate errors + config.vm.synced_folder ".", "/vagrant", disabled: true + # boot timeout (in seconds). + config.vm.boot_timeout = 12 * 60 + + config.vm.define "server.ipa.test" do |server| + server.vm.hostname = "server.ipa.test" + server.vm.provision "shell", + inline: "hostnamectl set-hostname server.ipa.test" + server.vm.provision "shell", + inline: "echo $(hostname -I) server.ipa.test >> /etc/hosts" + server.vm.provision "shell", + inline: "dnf install --downloadonly -y freeipa-server python3-libselinux freeipa-server-dns freeipa-server-trust-ad firewalld" + end + + config.vm.define "rep-01.ipa.test" do |replica| + replica.vm.hostname="rep-01.ipa.test" + replica.vm.provision "shell", + inline: "hostnamectl set-hostname rep-01.ipa.test" + replica.vm.provision "shell", + inline: "echo $(hostname -I) rep-01.ipa.test >> /etc/hosts" + replica.vm.provision "shell", + inline: "dnf install --downloadonly -y freeipa-server python3-libselinux freeipa-server-dns freeipa-server-trust-ad firewalld" + end + + config.vm.define "cli-01.ipa.test" do |client| + client.vm.hostname="cli-01.ipa.test" + client.vm.provision "shell", + inline: "hostnamectl set-hostname cli-01.ipa.test" + client.vm.provision "shell", + inline: "dnf install --downloadonly -y freeipa-client python3-libselinux" + client.vm.provider :libvirt do |cmv| + cmv.memory = 768 + end + client.vm.provider :virtualbox do |cmv| + cmv.memory = 768 + end + end + +end + diff --git a/tests/multihost/ensure-reverse-dns.yaml b/tests/multihost/ensure-reverse-dns.yaml new file mode 100644 index 000000000..651fb5176 --- /dev/null +++ b/tests/multihost/ensure-reverse-dns.yaml @@ -0,0 +1,18 @@ +--- +- name: Ensure IPA server has domain reverse zone and server PTR record. + hosts: ipaserver + become: no + gather_facts: no + + tasks: + - name: Ensure reverse zone is present. + ipadnszone: + ipaadmin_password: "{{ ipa_admin_password }}" + name_from_ip: "{{ server_ip }}" + + - name: Ensure server PTR record is set. + ipadnsrecord: + ipaadmin_password: "{{ ipa_admin_password }}" + zone_name: '{{ server_ip.split(".")[:-1][::-1] | join(".") }}.in-addr.arpa.' + name: '{{ server_ip.split(".")[-1] }}' + ptr_hostname: server.ipa.test. diff --git a/tests/multihost/get_ip.sh b/tests/multihost/get_ip.sh new file mode 100755 index 000000000..460f6dd8c --- /dev/null +++ b/tests/multihost/get_ip.sh @@ -0,0 +1,13 @@ +#!/bin/sh + +INPUT=${1:--} + +echo "---" +# shellcheck disable=SC2002 +cat "${INPUT}" | \ + grep HostName -B1 | \ + sed -e "/^--/d" \ + -e "/^Host/N;s/\n/:/;s/Host \([a-zA-Z0-9.]*\)/\1/;s/ *HostName \(.*\)/ \1/" \ + -e "s/server.*:/server_ip:/" \ + -e "s/cli-.*:/client_ip:/" \ + -e "s/rep-.*:/replica_ip:/" diff --git a/tests/multihost/inventory/group_vars/all.yml b/tests/multihost/inventory/group_vars/all.yml new file mode 100644 index 000000000..9f52c4f58 --- /dev/null +++ b/tests/multihost/inventory/group_vars/all.yml @@ -0,0 +1,2 @@ +--- +# This file will be replaced during test execution. diff --git a/tests/multihost/inventory/vagrant-inventory.yml b/tests/multihost/inventory/vagrant-inventory.yml new file mode 100644 index 000000000..45dfb52fb --- /dev/null +++ b/tests/multihost/inventory/vagrant-inventory.yml @@ -0,0 +1,87 @@ +--- +all: + vars: + # IPA variables + ipaserver_domain: ipa.test + ipaserver_realm: IPA.TEST + # ipareplica_realm: IPA.TEST + ipadm_password: "{{ lookup('env', 'ipadm_password') | default('SomeDMpassword', True) }}" + ipaadmin_password: "{{ lookup('env', 'ipaadmin_password') | default('SomeADMINpassword', True) }}" + children: + # define cluster + ipacluster: + children: + ipaserver: + ipareplicas: + ipaclients: + # IPA First (CA Renewal) Server + ipaserver: + hosts: + "server.ipa.test": + # Ansible connection configuration + ansible_ssh_user: vagrant + ansible_ssh_private_key_file: ".vagrant/machines/server/libvirt/private_key" + ansible_ssh_host_key_checking: false + # IPA Configuration. + vars: + # KRA + ipaserver_setup_kra: "{{ lookup('env', 'ipaserver_setup_kra') | default(false, True) | bool }}" + # DNS + ipaserver_setup_dns: "{{ lookup('env', 'ipaserver_setup_dns') | default(true, True) | bool }}" + ipaserver_auto_forwarders: "{{ lookup('env', 'ipaserver_auto_forwarders') | default(true, True) | bool }}" + ipaserver_no_forwarders: "{{ lookup('env', 'ipaserver_no_forwarders') | default(false, True) | bool }}" + ipaserver_forwarders: "{{ lookup('env', 'ipaserver_forwarders') | default([], True) }}" + ipaserver_auto_reverse: "{{ lookup('env', 'ipaserver_auto_reverse') | default(true, True) | bool }}" + # For easier setup of DNS keep it set to 'true' + ipaserver_allow_zone_overlap: true + # DNSSEC must be set to 'false' for AD trust + ipaserver_no_dnssec_validation: true + # trust vars + ipaserver_setup_adtrust: "{{ lookup('env', 'ipaserver_setup_adtrust') | default(false) | bool }}" + ipaserver_netbios_name: "{{ lookup('env', 'ipaserver_netbios_name') | default(omit) }}" + # disable 'allow all' HBAC rule + ipaserver_no_hbac_allow: true + # other vars + ipaserver_random_serial_numbers: "{{ lookup('env', 'ipaserver_random_serial_numbers:') | default(true, True) | bool }}" + # IPA Replica Servers + ipareplicas: + hosts: + "rep-01.ipa.test": + # Ansible connection configuration + ansible_ssh_user: vagrant + ansible_ssh_private_key_file: ".vagrant/machines/replica/libvirt/private_key" + ansible_ssh_host_key_checking: false + vars: + # CA backup + ipareplica_setup_ca: "{{ lookup('env', 'ipareplica_setup_ca') | default(false, True) | bool }}" + # KRA backup + ipareplica_setup_kra: "{{ lookup('env', 'ipareplica_setup_kra') | default(false, True) | bool }}" + # DNS backup + ipareplica_setup_dns: "{{ lookup('env', 'ipareplica_setup_dns') | default(false, True) | bool }}" + ipareplica_auto_forwarders: "{{ lookup('env', 'ipareplica_auto_forwarders') | default(true, True) | bool }}" + ipareplica_no_forwarders: "{{ lookup('env', 'ipareplica_no_forwarders') | default(false, True) | bool }}" + ipareplica_forwarders: "{{ lookup('env', 'ipareplica_forwarders') | default([], True) }}" + ipareplica_auto_reverse: "{{ lookup('env', 'ipareplica_auto_reverse') | default(true, True) | bool }}" + # Trust backup + ipareplica_setup_trust: "{{ lookup('env', 'ipaserver_setup_trust') | default(false) | bool }}" + ipareplica_netbios_name: "{{ lookup('env', 'ipaserver_netbios_name') | default(omit) }}" + # Update IP addressess + ipasssd_enable_dns_updates: true + # Automatically handle DNS nameservers (ansible-freeipa v1.9.0+) + ipaclient_configure_dns_resolver: "{{ ipaserver_setup_dns | default(false) }}" + ipaclient_dns_servers: ["{{ server_ip if (ipaserver_setup_dns | default(false)) else omit}}"] + # IPA Client hosts + ipaclients: + hosts: + "cli-01.ipa.test": + # Ansible connection configuration + ansible_ssh_user: vagrant + ansible_ssh_private_key_file: ".vagrant/machines/client/libvirt/private_key" + ansible_ssh_host_key_checking: false + # IPA Configuration. + vars: + # Add client DNS entries + ipasssd_enable_dns_updates: true + # Automatically handle DNS nameservers (ansible-freeipa v1.9.0+) + ipaclient_configure_dns_resolver: "{{ ipaserver_setup_dns | default(false) }}" + ipaclient_dns_servers: ["{{ server_ip if (ipaserver_setup_dns | default(false)) else omit}}"] diff --git a/tests/multihost/playbooks b/tests/multihost/playbooks new file mode 120000 index 000000000..f32585fef --- /dev/null +++ b/tests/multihost/playbooks @@ -0,0 +1 @@ +../../playbooks \ No newline at end of file From 418571dce946108ea4f80dfd99f0b7652c404578 Mon Sep 17 00:00:00 2001 From: Rafael Guterres Jeffman Date: Thu, 18 May 2023 21:47:56 -0300 Subject: [PATCH 2/8] TEMP: Disable other tests. --- .github/workflows/ansible-test.yml | 6 +++--- .github/workflows/docs.yml | 6 +++--- .github/workflows/lint.yml | 6 +++--- .github/workflows/readme.yml | 6 +++--- 4 files changed, 12 insertions(+), 12 deletions(-) diff --git a/.github/workflows/ansible-test.yml b/.github/workflows/ansible-test.yml index 70a8a0ef0..f0651fe3d 100644 --- a/.github/workflows/ansible-test.yml +++ b/.github/workflows/ansible-test.yml @@ -1,8 +1,8 @@ --- name: ansible-test sanity -on: - - push - - pull_request +on: [] +# - push +# - pull_request jobs: ansible_test: name: Verify ansible-test sanity diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml index e0e8d6629..e7d09b4b0 100644 --- a/.github/workflows/docs.yml +++ b/.github/workflows/docs.yml @@ -1,8 +1,8 @@ --- name: Verify Ansible documentation. -on: - - push - - pull_request +on: [] +# - push +# - pull_request jobs: check_docs_oldest_supported: name: Check Ansible Documentation with ansible-core 2.12. diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index b4d64066e..aff23e6bd 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -1,8 +1,8 @@ --- name: Run Linters -on: - - push - - pull_request +on: [] +# - push +# - pull_request jobs: ansible_lint: name: Verify ansible-lint diff --git a/.github/workflows/readme.yml b/.github/workflows/readme.yml index edea5b9fe..ebd97fdf6 100644 --- a/.github/workflows/readme.yml +++ b/.github/workflows/readme.yml @@ -1,8 +1,8 @@ --- name: readme test -on: - - push - - pull_request +on: [] +# - push +# - pull_request jobs: ansible_test: name: Verify readme From f67d305bc420a7ebc7e055d394b7f8ad430923b0 Mon Sep 17 00:00:00 2001 From: Rafael Guterres Jeffman Date: Thu, 18 May 2023 22:25:56 -0300 Subject: [PATCH 3/8] fixup: Increase timeout. --- tests/multihost/Vagrantfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/multihost/Vagrantfile b/tests/multihost/Vagrantfile index 48acec06c..d8ee3c037 100644 --- a/tests/multihost/Vagrantfile +++ b/tests/multihost/Vagrantfile @@ -15,7 +15,7 @@ Vagrant.configure("2") do |config| # Prevent SharedFoldersEnableSymlinksCreate errors config.vm.synced_folder ".", "/vagrant", disabled: true # boot timeout (in seconds). - config.vm.boot_timeout = 12 * 60 + config.vm.boot_timeout = 15 * 60 config.vm.define "server.ipa.test" do |server| server.vm.hostname = "server.ipa.test" From 68475a079b1e046dc2e8f4e8c3ece966efb6ef61 Mon Sep 17 00:00:00 2001 From: Rafael Guterres Jeffman Date: Thu, 18 May 2023 22:52:55 -0300 Subject: [PATCH 4/8] fixup: Increase timeout even more. --- tests/multihost/Vagrantfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/multihost/Vagrantfile b/tests/multihost/Vagrantfile index d8ee3c037..8105fce45 100644 --- a/tests/multihost/Vagrantfile +++ b/tests/multihost/Vagrantfile @@ -15,7 +15,7 @@ Vagrant.configure("2") do |config| # Prevent SharedFoldersEnableSymlinksCreate errors config.vm.synced_folder ".", "/vagrant", disabled: true # boot timeout (in seconds). - config.vm.boot_timeout = 15 * 60 + config.vm.boot_timeout = 25 * 60 config.vm.define "server.ipa.test" do |server| server.vm.hostname = "server.ipa.test" From ed27baae6a54a78c6455e73930c830c839f457ab Mon Sep 17 00:00:00 2001 From: Rafael Guterres Jeffman Date: Fri, 19 May 2023 09:36:44 -0300 Subject: [PATCH 5/8] fixup: netbios name --- tests/multihost/inventory/vagrant-inventory.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/multihost/inventory/vagrant-inventory.yml b/tests/multihost/inventory/vagrant-inventory.yml index 45dfb52fb..00fca41cc 100644 --- a/tests/multihost/inventory/vagrant-inventory.yml +++ b/tests/multihost/inventory/vagrant-inventory.yml @@ -38,7 +38,7 @@ all: ipaserver_no_dnssec_validation: true # trust vars ipaserver_setup_adtrust: "{{ lookup('env', 'ipaserver_setup_adtrust') | default(false) | bool }}" - ipaserver_netbios_name: "{{ lookup('env', 'ipaserver_netbios_name') | default(omit) }}" + ipaserver_netbios_name: "{{ lookup('env', 'ipaserver_netbios_name') | default('IPA') }}" # disable 'allow all' HBAC rule ipaserver_no_hbac_allow: true # other vars @@ -63,8 +63,8 @@ all: ipareplica_forwarders: "{{ lookup('env', 'ipareplica_forwarders') | default([], True) }}" ipareplica_auto_reverse: "{{ lookup('env', 'ipareplica_auto_reverse') | default(true, True) | bool }}" # Trust backup - ipareplica_setup_trust: "{{ lookup('env', 'ipaserver_setup_trust') | default(false) | bool }}" - ipareplica_netbios_name: "{{ lookup('env', 'ipaserver_netbios_name') | default(omit) }}" + ipareplica_setup_adtrust: "{{ lookup('env', 'ipaserver_setup_adtrust') | default(false) | bool }}" + ipareplica_netbios_name: "{{ lookup('env', 'ipaserver_netbios_name') | default('IPA') }}" # Update IP addressess ipasssd_enable_dns_updates: true # Automatically handle DNS nameservers (ansible-freeipa v1.9.0+) From 44e81eb7c6dc55a41bebeca11b8497fb35edcceb Mon Sep 17 00:00:00 2001 From: Rafael Guterres Jeffman Date: Fri, 19 May 2023 12:43:40 -0300 Subject: [PATCH 6/8] fixup: Better test log. --- .github/workflows/multihost.yml | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/.github/workflows/multihost.yml b/.github/workflows/multihost.yml index a36407e10..a5661c3ba 100644 --- a/.github/workflows/multihost.yml +++ b/.github/workflows/multihost.yml @@ -48,10 +48,13 @@ jobs: run: | vagrant ssh-config | tee "vagrant-ssh" | ./get_ip.sh > inventory/group_vars/all.yml - - name: Ansible ping target hosts. + - name: Test host connection run: | ansible -i inventory --ssh-extra-args "-F vagrant-ssh" -m ping all + - name: Log scenario configuration + run: ansible -i inventory --ssh-extra-args "-F vagrant-ssh" -m debug -a var=hostvars localhost | tee 'scenario.log' + # Here is where you add tests... - name: Test IPA server deploy run: ansible-playbook -i inventory --ssh-extra-args "-F vagrant-ssh" playbooks/install-server.yml @@ -78,14 +81,20 @@ jobs: ssh -F tests/multihost/vagrant-ssh cli-01.ipa.test "sudo chmod a+r /var/log/*.log" mkdir -p logs/client-logs scp -F tests/multihost/vagrant-ssh vagrant@cli-01.ipa.test:/var/log/ipaclient-install.log logs/client-logs || true - tar czvf multihost-logs.tar.gz logs + # tar czvf multihost-logs.tar.gz logs - name: Save artifacts if: failure() # if: github.event.state == 'error' || github.event.state == 'failure' uses: actions/upload-artifact@v3 with: - path: multihost-logs.tar.gz + name: test-results + # path: multihost-logs.tar.gz + path: | + logs/ + inventory/ + vagrant-ssh + scenario.log if-no-files-found: "ignore" # Cleanup From af66fc9108aa848a6e00ae0c46e7e46d841a9049 Mon Sep 17 00:00:00 2001 From: Rafael Guterres Jeffman Date: Fri, 19 May 2023 15:33:58 -0300 Subject: [PATCH 7/8] fixup: fix artifacts. --- .github/workflows/multihost.yml | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/.github/workflows/multihost.yml b/.github/workflows/multihost.yml index a5661c3ba..65923a458 100644 --- a/.github/workflows/multihost.yml +++ b/.github/workflows/multihost.yml @@ -54,7 +54,7 @@ jobs: - name: Log scenario configuration run: ansible -i inventory --ssh-extra-args "-F vagrant-ssh" -m debug -a var=hostvars localhost | tee 'scenario.log' - + # Here is where you add tests... - name: Test IPA server deploy run: ansible-playbook -i inventory --ssh-extra-args "-F vagrant-ssh" playbooks/install-server.yml @@ -85,16 +85,15 @@ jobs: - name: Save artifacts if: failure() - # if: github.event.state == 'error' || github.event.state == 'failure' uses: actions/upload-artifact@v3 with: name: test-results # path: multihost-logs.tar.gz path: | logs/ - inventory/ - vagrant-ssh - scenario.log + tests/multihost/inventory/ + tests/multihost/vagrant-ssh + tests/multihost/scenario.log if-no-files-found: "ignore" # Cleanup From ff8207d4f4c762bf870d891f8f90c5ea2b73e032 Mon Sep 17 00:00:00 2001 From: Rafael Guterres Jeffman Date: Fri, 19 May 2023 16:16:28 -0300 Subject: [PATCH 8/8] fixup: several fixes, playbook, workflow. --- .github/workflows/multihost.yml | 20 ++++++++------ tests/multihost/Vagrantfile | 10 +++---- tests/multihost/get_ip.sh | 16 +++++------- .../multihost/inventory/vagrant-inventory.yml | 26 +++++++++---------- 4 files changed, 36 insertions(+), 36 deletions(-) diff --git a/.github/workflows/multihost.yml b/.github/workflows/multihost.yml index 65923a458..2ab868498 100644 --- a/.github/workflows/multihost.yml +++ b/.github/workflows/multihost.yml @@ -44,9 +44,13 @@ jobs: - name: Run vagrant up run: vagrant up - - name: Get vagrant ssh config and IP addresses + - name: Get vagrant ssh config run: | - vagrant ssh-config | tee "vagrant-ssh" | ./get_ip.sh > inventory/group_vars/all.yml + vagrant ssh-config | tee "vagrant-ssh" + + - name: Get nodes IP addresses + run: | + ./get_ip.sh server replica client | tee "inventory/group_vars/all.yml" - name: Test host connection run: | @@ -72,15 +76,15 @@ jobs: if: failure() working-directory: . run: | - ssh -F tests/multihost/vagrant-ssh server.ipa.test "sudo chmod a+r /var/log/*.log" + ssh -F tests/multihost/vagrant-ssh server "sudo chmod a+r /var/log/*.log" mkdir -p logs/server-logs - scp -F tests/multihost/vagrant-ssh vagrant@server.ipa.test:/var/log/{ipaserver,ipaclient}-install.log logs/server-logs || true - ssh -F tests/multihost/vagrant-ssh rep-01.ipa.test "sudo chmod a+r /var/log/*.log" + scp -F tests/multihost/vagrant-ssh vagrant@server:/var/log/{ipaserver,ipaclient}-install.log logs/server-logs || true + ssh -F tests/multihost/vagrant-ssh replica "sudo chmod a+r /var/log/*.log" mkdir -p logs/replica-logs - scp -F tests/multihost/vagrant-ssh vagrant@rep-01.ipa.test:/var/log/{ipareplica,ipaclient}-install.log logs/replica-logs || true - ssh -F tests/multihost/vagrant-ssh cli-01.ipa.test "sudo chmod a+r /var/log/*.log" + scp -F tests/multihost/vagrant-ssh vagrant@replica:/var/log/{ipareplica,ipaclient}-install.log logs/replica-logs || true + ssh -F tests/multihost/vagrant-ssh clente.ipa.test "sudo chmod a+r /var/log/*.log" mkdir -p logs/client-logs - scp -F tests/multihost/vagrant-ssh vagrant@cli-01.ipa.test:/var/log/ipaclient-install.log logs/client-logs || true + scp -F tests/multihost/vagrant-ssh vagrant@client:/var/log/ipaclient-install.log logs/client-logs || true # tar czvf multihost-logs.tar.gz logs - name: Save artifacts diff --git a/tests/multihost/Vagrantfile b/tests/multihost/Vagrantfile index 8105fce45..cfaa3ad70 100644 --- a/tests/multihost/Vagrantfile +++ b/tests/multihost/Vagrantfile @@ -17,7 +17,7 @@ Vagrant.configure("2") do |config| # boot timeout (in seconds). config.vm.boot_timeout = 25 * 60 - config.vm.define "server.ipa.test" do |server| + config.vm.define "server" do |server| server.vm.hostname = "server.ipa.test" server.vm.provision "shell", inline: "hostnamectl set-hostname server.ipa.test" @@ -27,8 +27,8 @@ Vagrant.configure("2") do |config| inline: "dnf install --downloadonly -y freeipa-server python3-libselinux freeipa-server-dns freeipa-server-trust-ad firewalld" end - config.vm.define "rep-01.ipa.test" do |replica| - replica.vm.hostname="rep-01.ipa.test" + config.vm.define "replica" do |replica| + replica.vm.hostname="replica" replica.vm.provision "shell", inline: "hostnamectl set-hostname rep-01.ipa.test" replica.vm.provision "shell", @@ -37,8 +37,8 @@ Vagrant.configure("2") do |config| inline: "dnf install --downloadonly -y freeipa-server python3-libselinux freeipa-server-dns freeipa-server-trust-ad firewalld" end - config.vm.define "cli-01.ipa.test" do |client| - client.vm.hostname="cli-01.ipa.test" + config.vm.define "client" do |client| + client.vm.hostname="client" client.vm.provision "shell", inline: "hostnamectl set-hostname cli-01.ipa.test" client.vm.provision "shell", diff --git a/tests/multihost/get_ip.sh b/tests/multihost/get_ip.sh index 460f6dd8c..b840329b7 100755 --- a/tests/multihost/get_ip.sh +++ b/tests/multihost/get_ip.sh @@ -1,13 +1,9 @@ #!/bin/sh -INPUT=${1:--} - echo "---" -# shellcheck disable=SC2002 -cat "${INPUT}" | \ - grep HostName -B1 | \ - sed -e "/^--/d" \ - -e "/^Host/N;s/\n/:/;s/Host \([a-zA-Z0-9.]*\)/\1/;s/ *HostName \(.*\)/ \1/" \ - -e "s/server.*:/server_ip:/" \ - -e "s/cli-.*:/client_ip:/" \ - -e "s/rep-.*:/replica_ip:/" + +while [ -n "${1}" ] +do + echo "${1}_ip: $(vagrant ssh -c "hostname -I" "${1}")" + shift +done diff --git a/tests/multihost/inventory/vagrant-inventory.yml b/tests/multihost/inventory/vagrant-inventory.yml index 00fca41cc..9568200a1 100644 --- a/tests/multihost/inventory/vagrant-inventory.yml +++ b/tests/multihost/inventory/vagrant-inventory.yml @@ -17,7 +17,7 @@ all: # IPA First (CA Renewal) Server ipaserver: hosts: - "server.ipa.test": + "server": # Ansible connection configuration ansible_ssh_user: vagrant ansible_ssh_private_key_file: ".vagrant/machines/server/libvirt/private_key" @@ -30,15 +30,15 @@ all: ipaserver_setup_dns: "{{ lookup('env', 'ipaserver_setup_dns') | default(true, True) | bool }}" ipaserver_auto_forwarders: "{{ lookup('env', 'ipaserver_auto_forwarders') | default(true, True) | bool }}" ipaserver_no_forwarders: "{{ lookup('env', 'ipaserver_no_forwarders') | default(false, True) | bool }}" - ipaserver_forwarders: "{{ lookup('env', 'ipaserver_forwarders') | default([], True) }}" + ipaserver_forwarders: "{{ lookup('env', 'ipaserver_forwarders') | default(omit, True) }}" ipaserver_auto_reverse: "{{ lookup('env', 'ipaserver_auto_reverse') | default(true, True) | bool }}" # For easier setup of DNS keep it set to 'true' ipaserver_allow_zone_overlap: true # DNSSEC must be set to 'false' for AD trust ipaserver_no_dnssec_validation: true # trust vars - ipaserver_setup_adtrust: "{{ lookup('env', 'ipaserver_setup_adtrust') | default(false) | bool }}" - ipaserver_netbios_name: "{{ lookup('env', 'ipaserver_netbios_name') | default('IPA') }}" + ipaserver_setup_adtrust: "{{ lookup('env', 'ipaserver_setup_adtrust') | default(false, True) | bool }}" + ipaserver_netbios_name: "{{ lookup('env', 'ipaserver_netbios_name') | default('IPA', True) }}" # disable 'allow all' HBAC rule ipaserver_no_hbac_allow: true # other vars @@ -46,7 +46,7 @@ all: # IPA Replica Servers ipareplicas: hosts: - "rep-01.ipa.test": + "repplica": # Ansible connection configuration ansible_ssh_user: vagrant ansible_ssh_private_key_file: ".vagrant/machines/replica/libvirt/private_key" @@ -60,20 +60,20 @@ all: ipareplica_setup_dns: "{{ lookup('env', 'ipareplica_setup_dns') | default(false, True) | bool }}" ipareplica_auto_forwarders: "{{ lookup('env', 'ipareplica_auto_forwarders') | default(true, True) | bool }}" ipareplica_no_forwarders: "{{ lookup('env', 'ipareplica_no_forwarders') | default(false, True) | bool }}" - ipareplica_forwarders: "{{ lookup('env', 'ipareplica_forwarders') | default([], True) }}" + ipareplica_forwarders: "{{ lookup('env', 'ipareplica_forwarders') | default(omit, True) }}" ipareplica_auto_reverse: "{{ lookup('env', 'ipareplica_auto_reverse') | default(true, True) | bool }}" # Trust backup - ipareplica_setup_adtrust: "{{ lookup('env', 'ipaserver_setup_adtrust') | default(false) | bool }}" - ipareplica_netbios_name: "{{ lookup('env', 'ipaserver_netbios_name') | default('IPA') }}" + ipareplica_setup_adtrust: "{{ lookup('env', 'ipaserver_setup_adtrust') | default(false, True) | bool }}" + ipareplica_netbios_name: "{{ lookup('env', 'ipaserver_netbios_name') | default('IPA', True) }}" # Update IP addressess ipasssd_enable_dns_updates: true # Automatically handle DNS nameservers (ansible-freeipa v1.9.0+) - ipaclient_configure_dns_resolver: "{{ ipaserver_setup_dns | default(false) }}" - ipaclient_dns_servers: ["{{ server_ip if (ipaserver_setup_dns | default(false)) else omit}}"] + ipaclient_configure_dns_resolver: "{{ lookup('env', 'ipareplica_setup_dns') | default(false, True) | bool }}" + ipaclient_dns_servers: "{{ server_ip if (lookup('env', 'ipareplica_setup_dns') | default(false, True) | bool) else default(omit) }}" # IPA Client hosts ipaclients: hosts: - "cli-01.ipa.test": + "client": # Ansible connection configuration ansible_ssh_user: vagrant ansible_ssh_private_key_file: ".vagrant/machines/client/libvirt/private_key" @@ -83,5 +83,5 @@ all: # Add client DNS entries ipasssd_enable_dns_updates: true # Automatically handle DNS nameservers (ansible-freeipa v1.9.0+) - ipaclient_configure_dns_resolver: "{{ ipaserver_setup_dns | default(false) }}" - ipaclient_dns_servers: ["{{ server_ip if (ipaserver_setup_dns | default(false)) else omit}}"] + ipaclient_configure_dns_resolver: "{{ lookup('env', 'ipareplica_setup_dns') | default(false, True) | bool }}" + ipaclient_dns_servers: "{{ server_ip if (lookup('env', 'ipareplica_setup_dns') | default(false, True) | bool) else default(omit) }}"