Extending ansible playbooks of ubuntu support.
Creating new test with Ubuntu image for Molecule in certificates role.
Issue-ID: OOM-1671
Signed-off-by: Jan Benedikt <j.benedikt@partner.samsung.com>
Change-Id: I82f0f8590812c277f2969d71f95fb6475c72f7c8
# Generate certs to local current dir where ansible in run (= playbook_dir)
# After ansible run, dir can be deleted but idempotence is lost and certs are re-generated in next run
certificates_local_dir: "{{ playbook_dir }}/certs"
+root_ca_path:
+ RedHat: "/etc/pki/ca-trust/source/anchors/"
+ Debian: "/usr/local/share/ca-certificates/"
+extract_root_cert:
+ RedHat:
+ update_command: /usr/bin/update-ca-trust extract
+ Debian:
+ update_command: update-ca-certificates
---
- name: Extract root certificate
- command: /usr/bin/update-ca-trust extract
+ command: "{{ extract_root_cert[ansible_os_family].update_command }}"
changed_when: true # this handler is executed just when there is a new cert
notify: Restart Docker
])
def test_cert_file_installed(host, cert_file):
os = host.system_info.distribution
- if os == "centos":
+ if (os == "centos"):
f = host.file('/etc/pki/ca-trust/source/anchors/' + cert_file)
+ if (os == "ubuntu"):
+ f = host.file('/usr/local/share/ca-certificates/' + cert_file)
assert f.exists
assert f.user == 'root'
assert f.user == 'root'
assert f.group == 'root'
+ os = host.system_info.distribution
+ if (os == "centos"):
+ node_directory = "certs/"
+ elif (os == "ubuntu"):
+ node_directory = "../default/certs/"
+
# Verify cert files content locally is as in node
- with open("certs/" + cert_file) as local_cert_file:
+ with open(node_directory + cert_file) as local_cert_file:
local_content = local_cert_file.read().strip()
assert local_content == f.content_string
--- /dev/null
+../default/group_vars/
\ No newline at end of file
--- /dev/null
+../default/host_vars/
\ No newline at end of file
--- /dev/null
+---
+dependency:
+ name: galaxy
+driver:
+ name: docker
+lint:
+ name: yamllint
+platforms:
+ - name: infrastructure-server
+ image: molecule-${PREBUILD_PLATFORM_DISTRO:-ubuntu}:${PREBUILD_DISTRO_VERSION:-18.04}
+ pre_build_image: true
+ privileged: true
+ command: ${MOLECULE_DOCKER_COMMAND:-""}
+ groups:
+ - infrastructure
+ - name: kubernetes-node-1
+ image: molecule-${PREBUILD_PLATFORM_DISTRO:-ubuntu}:${PREBUILD_DISTRO_VERSION:-18.04}
+ pre_build_image: true
+ privileged: true
+ command: ${MOLECULE_DOCKER_COMMAND:-""}
+ groups:
+ - kubernetes
+provisioner:
+ name: ansible
+ log: true
+ lint:
+ name: ansible-lint
+ env:
+ ANSIBLE_ROLES_PATH: ../../../../test/roles
+ ANSIBLE_LIBRARY: ../../../../library
+ playbooks:
+ converge: ../default/playbook.yml
+ inventory:
+ links:
+ group_vars: ../../../../group_vars/
+scenario:
+ name: ubuntu
+ test_sequence:
+ - lint
+ - cleanup
+ - destroy
+ - dependency
+ - syntax
+ - create
+ - prepare
+ - converge
+ # - idempotence
+ # --> Action: 'idempotence'
+ # ERROR: Idempotence test failed because of the following tasks:
+ # * [infrastructure-server -> localhost] => certificates : Generate an OpenSSL CSR.
+ # * [infrastructure-server -> localhost] => certificates : Generate root CA certificate
+ # * [infrastructure-server] => certificates : Upload certificates to infrastructure server
+ # * [infrastructure-server] => certificates : Copy root certificate
+ # * [infrastructure-server] => certificates : Extract root certificate
+ # * [infrastructure-server] => docker : Setup docker dns settings
+ # * [kubernetes-node-1] => certificates : Copy root certificate
+ # * [kubernetes-node-1] => certificates : Extract root certificate
+ # * [kubernetes-node-1] => certificates : Extract root certificate
+ - side_effect
+ - verify
+ - cleanup
+ - destroy
+verifier:
+ name: testinfra
+ options:
+ verbose: true
+ lint:
+ name: flake8
+ directory: ../default/tests
- name: Copy root certificate
copy:
src: "{{ certificates_local_dir }}/rootCA.crt"
- dest: /etc/pki/ca-trust/source/anchors/
+ dest: "{{ root_ca_path[ansible_os_family] }}"
notify: # handler is triggered just when file is changed
- Extract root certificate