From ca23b2ed9aef04b9d8b30c280bbcd96877800777 Mon Sep 17 00:00:00 2001 From: Felix Fontein Date: Sun, 11 Dec 2022 19:55:47 +0100 Subject: [PATCH] Improve CI (#539) * Update CI scripts to be more close to the ones in ansible-core. * Extend CI matrix. * Mark more VMs. * Revert "Mark more VMs." This reverts commit 8bc79af6360f3fdc09cf5964ad0b7f0ff8a308be. * Disable alpine VMs for get_certificate due to httptester problems. * Improve retrieval of cryptsetup version. * ACME 'emulator' won't work on Alpine either. * Improve luks test setup. * Make sure wipefs is installed on Alpine. * dmsetup (from device-mapper) is used by the tests. * Fix bcrypt install failure handling. * String, not float. * openssl_privatekey_convert is not an action module. * Update Python info. * Try out which VMs can be used by now. * Enable ACME tests on all VMs but Alpine; update comment. * Adjust acme-tiny shebang. * Remove new entries from CI matrix. --- .azure-pipelines/azure-pipelines.yml | 2 +- .../integration/targets/acme_account/aliases | 8 +-- .../targets/acme_account_info/aliases | 8 +-- .../targets/acme_certificate/aliases | 8 +-- .../targets/acme_certificate_revoke/aliases | 8 +-- .../acme_challenge_cert_helper/aliases | 8 +-- .../integration/targets/acme_inspect/aliases | 8 +-- .../targets/get_certificate/aliases | 3 + .../targets/luks_device/tasks/main.yml | 57 ++++++++++++++++--- .../luks_device/tasks/tests/performance.yml | 6 +- .../targets/luks_device/vars/Alpine.yml | 10 ++++ .../targets/luks_device/vars/default.yml | 8 +++ .../openssl_privatekey_convert/aliases | 1 - .../targets/setup_bcrypt/tasks/main.yml | 4 +- .../targets/setup_python_info/vars/main.yml | 8 +++ .../targets/x509_certificate-acme/aliases | 8 +-- .../x509_certificate-acme/tasks/main.yml | 6 ++ tests/utils/shippable/alpine.sh | 1 + tests/utils/shippable/fedora.sh | 1 + tests/utils/shippable/remote.sh | 12 +++- tests/utils/shippable/ubuntu.sh | 1 + 21 files changed, 115 insertions(+), 61 deletions(-) create mode 100644 tests/integration/targets/luks_device/vars/Alpine.yml create mode 100644 tests/integration/targets/luks_device/vars/default.yml create mode 120000 tests/utils/shippable/alpine.sh create mode 120000 tests/utils/shippable/fedora.sh create mode 120000 tests/utils/shippable/ubuntu.sh diff --git a/.azure-pipelines/azure-pipelines.yml b/.azure-pipelines/azure-pipelines.yml index 79ca1264..c7d7c645 100644 --- a/.azure-pipelines/azure-pipelines.yml +++ b/.azure-pipelines/azure-pipelines.yml @@ -173,7 +173,7 @@ stages: test: debian-bullseye/3.9 - name: ArchLinux test: archlinux/3.10 - - name: CentOS Stream 8 + - name: CentOS Stream 8 w/ Python 3.9 test: centos-stream8/3.9 ### Remote diff --git a/tests/integration/targets/acme_account/aliases b/tests/integration/targets/acme_account/aliases index 07bd8ec6..b7f6d4f4 100644 --- a/tests/integration/targets/acme_account/aliases +++ b/tests/integration/targets/acme_account/aliases @@ -6,9 +6,5 @@ azp/generic/1 azp/posix/1 cloud/acme -# Skip all VMs, since we cannot talk to the ACME simulator from these: -skip/aix -skip/freebsd -skip/macos -skip/osx -skip/rhel +# For some reason connecting to helper containers does not work on the Alpine VMs +skip/alpine diff --git a/tests/integration/targets/acme_account_info/aliases b/tests/integration/targets/acme_account_info/aliases index 07bd8ec6..b7f6d4f4 100644 --- a/tests/integration/targets/acme_account_info/aliases +++ b/tests/integration/targets/acme_account_info/aliases @@ -6,9 +6,5 @@ azp/generic/1 azp/posix/1 cloud/acme -# Skip all VMs, since we cannot talk to the ACME simulator from these: -skip/aix -skip/freebsd -skip/macos -skip/osx -skip/rhel +# For some reason connecting to helper containers does not work on the Alpine VMs +skip/alpine diff --git a/tests/integration/targets/acme_certificate/aliases b/tests/integration/targets/acme_certificate/aliases index 07bd8ec6..b7f6d4f4 100644 --- a/tests/integration/targets/acme_certificate/aliases +++ b/tests/integration/targets/acme_certificate/aliases @@ -6,9 +6,5 @@ azp/generic/1 azp/posix/1 cloud/acme -# Skip all VMs, since we cannot talk to the ACME simulator from these: -skip/aix -skip/freebsd -skip/macos -skip/osx -skip/rhel +# For some reason connecting to helper containers does not work on the Alpine VMs +skip/alpine diff --git a/tests/integration/targets/acme_certificate_revoke/aliases b/tests/integration/targets/acme_certificate_revoke/aliases index 07bd8ec6..b7f6d4f4 100644 --- a/tests/integration/targets/acme_certificate_revoke/aliases +++ b/tests/integration/targets/acme_certificate_revoke/aliases @@ -6,9 +6,5 @@ azp/generic/1 azp/posix/1 cloud/acme -# Skip all VMs, since we cannot talk to the ACME simulator from these: -skip/aix -skip/freebsd -skip/macos -skip/osx -skip/rhel +# For some reason connecting to helper containers does not work on the Alpine VMs +skip/alpine diff --git a/tests/integration/targets/acme_challenge_cert_helper/aliases b/tests/integration/targets/acme_challenge_cert_helper/aliases index 07bd8ec6..b7f6d4f4 100644 --- a/tests/integration/targets/acme_challenge_cert_helper/aliases +++ b/tests/integration/targets/acme_challenge_cert_helper/aliases @@ -6,9 +6,5 @@ azp/generic/1 azp/posix/1 cloud/acme -# Skip all VMs, since we cannot talk to the ACME simulator from these: -skip/aix -skip/freebsd -skip/macos -skip/osx -skip/rhel +# For some reason connecting to helper containers does not work on the Alpine VMs +skip/alpine diff --git a/tests/integration/targets/acme_inspect/aliases b/tests/integration/targets/acme_inspect/aliases index 07bd8ec6..b7f6d4f4 100644 --- a/tests/integration/targets/acme_inspect/aliases +++ b/tests/integration/targets/acme_inspect/aliases @@ -6,9 +6,5 @@ azp/generic/1 azp/posix/1 cloud/acme -# Skip all VMs, since we cannot talk to the ACME simulator from these: -skip/aix -skip/freebsd -skip/macos -skip/osx -skip/rhel +# For some reason connecting to helper containers does not work on the Alpine VMs +skip/alpine diff --git a/tests/integration/targets/get_certificate/aliases b/tests/integration/targets/get_certificate/aliases index 04be15da..040a5b94 100644 --- a/tests/integration/targets/get_certificate/aliases +++ b/tests/integration/targets/get_certificate/aliases @@ -6,3 +6,6 @@ azp/generic/1 azp/posix/1 destructive needs/httptester + +# For some reason connecting to helper containers does not work on the Alpine VMs +skip/alpine diff --git a/tests/integration/targets/luks_device/tasks/main.yml b/tests/integration/targets/luks_device/tasks/main.yml index 434579a8..4ba75412 100644 --- a/tests/integration/targets/luks_device/tasks/main.yml +++ b/tests/integration/targets/luks_device/tasks/main.yml @@ -15,29 +15,66 @@ loop: - keyfile1 - keyfile2 + +- name: Include OS-specific variables + include_vars: '{{ lookup("first_found", search) }}' + vars: + search: + files: + - '{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml' + - '{{ ansible_distribution }}-{{ ansible_distribution_version }}.yml' + - '{{ ansible_distribution }}.yml' + - '{{ ansible_os_family }}.yml' + - default.yml + paths: + - vars + - name: Make sure cryptsetup is installed package: name: cryptsetup state: present - become: yes + become: true + +- name: Install additionally required packages + package: + name: '{{ luks_extra_packages }}' + state: present + become: true + when: luks_extra_packages | length > 0 + +- name: Determine cryptsetup version + command: cryptsetup --version + register: cryptsetup_version + +- name: Extract cryptsetup version + set_fact: + cryptsetup_version: >- + {{ cryptsetup_version.stdout_lines[0] | regex_search('cryptsetup ([0-9]+\.[0-9]+\.[0-9]+)') | split | last }} + - name: Create cryptfile command: dd if=/dev/zero of={{ remote_tmp_dir.replace('~', ansible_env.HOME) }}/cryptfile bs=1M count=32 + +- name: Figure out next loopback device + command: losetup -f + become: true + register: cryptfile_device_output + - name: Create lookback device command: losetup -f {{ remote_tmp_dir.replace('~', ansible_env.HOME) }}/cryptfile - become: yes -- name: Determine loop device name - command: losetup -j {{ remote_tmp_dir.replace('~', ansible_env.HOME) }}/cryptfile --output name - become: yes - register: cryptfile_device_output -- set_fact: - cryptfile_device: "{{ cryptfile_device_output.stdout_lines[1] }}" + become: true + +- name: Store some common data for tests + set_fact: + cryptfile_device: "{{ cryptfile_device_output.stdout_lines[0] }}" cryptfile_passphrase1: "uNiJ9vKG2mUOEWDiQVuBHJlfMHE" cryptfile_passphrase2: "HW4Ak2HtE2vvne0qjJMPTtmbV4M" cryptfile_passphrase3: "qQJqsjabO9pItV792k90VvX84MM" + - block: - include_tasks: run-test.yml with_fileglob: - "tests/*.yml" + always: - name: Make sure LUKS device is gone luks_device: @@ -45,8 +82,10 @@ state: absent become: yes ignore_errors: yes + - command: losetup -d "{{ cryptfile_device }}" become: yes + - file: - dest: "{{ remote_tmp_dir }}/cryptfile" + dest: "{{ remote_tmp_dir.replace('~', ansible_env.HOME) }}/cryptfile" state: absent diff --git a/tests/integration/targets/luks_device/tasks/tests/performance.yml b/tests/integration/targets/luks_device/tasks/tests/performance.yml index 270d9747..fe65273d 100644 --- a/tests/integration/targets/luks_device/tasks/tests/performance.yml +++ b/tests/integration/targets/luks_device/tasks/tests/performance.yml @@ -3,10 +3,6 @@ # GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) # SPDX-License-Identifier: GPL-3.0-or-later -- name: Gather package facts - package_facts: - manager: auto - - name: On kernel >= 5.9 use performance flags block: - name: Create and open (check) @@ -104,4 +100,4 @@ when: - ansible_facts.kernel is version('5.9.0', '>=') - - ansible_facts.packages['cryptsetup'][0].version is version('2.3.4', '>=') + - cryptsetup_version is version('2.3.4', '>=') diff --git a/tests/integration/targets/luks_device/vars/Alpine.yml b/tests/integration/targets/luks_device/vars/Alpine.yml new file mode 100644 index 00000000..c0d230ab --- /dev/null +++ b/tests/integration/targets/luks_device/vars/Alpine.yml @@ -0,0 +1,10 @@ +--- +# Copyright (c) Ansible Project +# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) +# SPDX-License-Identifier: GPL-3.0-or-later + +cryptsetup_package: cryptsetup + +luks_extra_packages: + - device-mapper + - wipefs diff --git a/tests/integration/targets/luks_device/vars/default.yml b/tests/integration/targets/luks_device/vars/default.yml new file mode 100644 index 00000000..72ed39e7 --- /dev/null +++ b/tests/integration/targets/luks_device/vars/default.yml @@ -0,0 +1,8 @@ +--- +# Copyright (c) Ansible Project +# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) +# SPDX-License-Identifier: GPL-3.0-or-later + +cryptsetup_package: cryptsetup + +luks_extra_packages: [] diff --git a/tests/integration/targets/openssl_privatekey_convert/aliases b/tests/integration/targets/openssl_privatekey_convert/aliases index 768a4b6e..3d7d391b 100644 --- a/tests/integration/targets/openssl_privatekey_convert/aliases +++ b/tests/integration/targets/openssl_privatekey_convert/aliases @@ -2,7 +2,6 @@ # GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) # SPDX-License-Identifier: GPL-3.0-or-later -context/controller azp/generic/1 azp/posix/1 destructive diff --git a/tests/integration/targets/setup_bcrypt/tasks/main.yml b/tests/integration/targets/setup_bcrypt/tasks/main.yml index 01ebcb1e..0e599684 100644 --- a/tests/integration/targets/setup_bcrypt/tasks/main.yml +++ b/tests/integration/targets/setup_bcrypt/tasks/main.yml @@ -24,5 +24,5 @@ - name: Ensure bcrypt_version is defined set_fact: bcrypt_version: - stdout: 0.0 - when: bcrypt_version is not defined + stdout: "0.0" + when: bcrypt_version is failed diff --git a/tests/integration/targets/setup_python_info/vars/main.yml b/tests/integration/targets/setup_python_info/vars/main.yml index aeb8e26e..ec2170ae 100644 --- a/tests/integration/targets/setup_python_info/vars/main.yml +++ b/tests/integration/targets/setup_python_info/vars/main.yml @@ -22,6 +22,10 @@ system_python_version_data: - '3.9' '34': - '3.9' + '35': + - '3.10' + '36': + - '3.10' Ubuntu: '16': - '2.7' @@ -29,6 +33,8 @@ system_python_version_data: - '3.6' '20': - '3.8' + '22': + - '3.10' Darwin: '10.11': - '2.7' @@ -67,6 +73,8 @@ system_python_version_data: '11': - '3.9' Alpine: + '3.16': + - '3.10' '3.15': - '3.9' '3.12': diff --git a/tests/integration/targets/x509_certificate-acme/aliases b/tests/integration/targets/x509_certificate-acme/aliases index d4d7f4de..9b02df38 100644 --- a/tests/integration/targets/x509_certificate-acme/aliases +++ b/tests/integration/targets/x509_certificate-acme/aliases @@ -7,9 +7,5 @@ azp/posix/1 cloud/acme context/target -# Skip all VMs, since we cannot talk to the ACME simulator from these: -skip/aix -skip/freebsd -skip/macos -skip/osx -skip/rhel +# For some reason connecting to helper containers does not work on the Alpine VMs +skip/alpine diff --git a/tests/integration/targets/x509_certificate-acme/tasks/main.yml b/tests/integration/targets/x509_certificate-acme/tasks/main.yml index 0c130c0b..a4c0c856 100644 --- a/tests/integration/targets/x509_certificate-acme/tasks/main.yml +++ b/tests/integration/targets/x509_certificate-acme/tasks/main.yml @@ -95,6 +95,12 @@ except ImportError: from urllib2 import Request # Python 2 +- name: "Monkey-patch acme-tiny: adjust shebang" + replace: + path: "{{ remote_tmp_dir }}/acme-tiny" + regexp: '^\#\!/usr/bin/env .*$' + replace: '#!{{ ansible_python_interpreter }}' + - name: "Monkey-patch acme-tiny: Disable check that challenge file is reachable via HTTP" replace: path: "{{ remote_tmp_dir }}/acme-tiny" diff --git a/tests/utils/shippable/alpine.sh b/tests/utils/shippable/alpine.sh new file mode 120000 index 00000000..6ddb7768 --- /dev/null +++ b/tests/utils/shippable/alpine.sh @@ -0,0 +1 @@ +remote.sh \ No newline at end of file diff --git a/tests/utils/shippable/fedora.sh b/tests/utils/shippable/fedora.sh new file mode 120000 index 00000000..6ddb7768 --- /dev/null +++ b/tests/utils/shippable/fedora.sh @@ -0,0 +1 @@ +remote.sh \ No newline at end of file diff --git a/tests/utils/shippable/remote.sh b/tests/utils/shippable/remote.sh index 43fbb444..b70adf78 100755 --- a/tests/utils/shippable/remote.sh +++ b/tests/utils/shippable/remote.sh @@ -10,6 +10,16 @@ IFS='/:' read -ra args <<< "$1" platform="${args[0]}" version="${args[1]}" +pyver=default + +# check for explicit python version like 8.3@3.8 +declare -a splitversion +IFS='@' read -ra splitversion <<< "$version" + +if [ "${#splitversion[@]}" -gt 1 ]; then + version="${splitversion[0]}" + pyver="${splitversion[1]}" +fi if [ "${#args[@]}" -gt 2 ]; then target="azp/posix/${args[2]}/" @@ -22,4 +32,4 @@ provider="${P:-default}" # shellcheck disable=SC2086 ansible-test integration --color -v --retry-on-error "${target}" ${COVERAGE:+"$COVERAGE"} ${CHANGED:+"$CHANGED"} ${UNSTABLE:+"$UNSTABLE"} \ - --remote "${platform}/${version}" --remote-terminate always --remote-stage "${stage}" --remote-provider "${provider}" + --python "${pyver}" --remote "${platform}/${version}" --remote-terminate always --remote-stage "${stage}" --remote-provider "${provider}" diff --git a/tests/utils/shippable/ubuntu.sh b/tests/utils/shippable/ubuntu.sh new file mode 120000 index 00000000..6ddb7768 --- /dev/null +++ b/tests/utils/shippable/ubuntu.sh @@ -0,0 +1 @@ +remote.sh \ No newline at end of file