Improve CI (#539)

* Update CI scripts to be more close to the ones in ansible-core.

* Extend CI matrix.

* Mark more VMs.

* Revert "Mark more VMs."

This reverts commit 8bc79af636.

* Disable alpine VMs for get_certificate due to httptester problems.

* Improve retrieval of cryptsetup version.

* ACME 'emulator' won't work on Alpine either.

* Improve luks test setup.

* Make sure wipefs is installed on Alpine.

* dmsetup (from device-mapper) is used by the tests.

* Fix bcrypt install failure handling.

* String, not float.

* openssl_privatekey_convert is not an action module.

* Update Python info.

* Try out which VMs can be used by now.

* Enable ACME tests on all VMs but Alpine; update comment.

* Adjust acme-tiny shebang.

* Remove new entries from CI matrix.

.azure-pipelines/azure-pipelines.yml

@@ -173,7 +173,7 @@ stages:
               test: debian-bullseye/3.9
             - name: ArchLinux
               test: archlinux/3.10
-            - name: CentOS Stream 8
+            - name: CentOS Stream 8 w/ Python 3.9
               test: centos-stream8/3.9
 
 ### Remote

tests/integration/targets/acme_account/aliases

@@ -6,9 +6,5 @@ azp/generic/1
 azp/posix/1
 cloud/acme
 
-# Skip all VMs, since we cannot talk to the ACME simulator from these:
-skip/aix
-skip/freebsd
-skip/macos
-skip/osx
-skip/rhel
+# For some reason connecting to helper containers does not work on the Alpine VMs
+skip/alpine

tests/integration/targets/acme_account_info/aliases

@@ -6,9 +6,5 @@ azp/generic/1
 azp/posix/1
 cloud/acme
 
-# Skip all VMs, since we cannot talk to the ACME simulator from these:
-skip/aix
-skip/freebsd
-skip/macos
-skip/osx
-skip/rhel
+# For some reason connecting to helper containers does not work on the Alpine VMs
+skip/alpine

tests/integration/targets/acme_certificate/aliases

@@ -6,9 +6,5 @@ azp/generic/1
 azp/posix/1
 cloud/acme
 
-# Skip all VMs, since we cannot talk to the ACME simulator from these:
-skip/aix
-skip/freebsd
-skip/macos
-skip/osx
-skip/rhel
+# For some reason connecting to helper containers does not work on the Alpine VMs
+skip/alpine

tests/integration/targets/acme_certificate_revoke/aliases

@@ -6,9 +6,5 @@ azp/generic/1
 azp/posix/1
 cloud/acme
 
-# Skip all VMs, since we cannot talk to the ACME simulator from these:
-skip/aix
-skip/freebsd
-skip/macos
-skip/osx
-skip/rhel
+# For some reason connecting to helper containers does not work on the Alpine VMs
+skip/alpine

tests/integration/targets/acme_challenge_cert_helper/aliases

@@ -6,9 +6,5 @@ azp/generic/1
 azp/posix/1
 cloud/acme
 
-# Skip all VMs, since we cannot talk to the ACME simulator from these:
-skip/aix
-skip/freebsd
-skip/macos
-skip/osx
-skip/rhel
+# For some reason connecting to helper containers does not work on the Alpine VMs
+skip/alpine

tests/integration/targets/acme_inspect/aliases

@@ -6,9 +6,5 @@ azp/generic/1
 azp/posix/1
 cloud/acme
 
-# Skip all VMs, since we cannot talk to the ACME simulator from these:
-skip/aix
-skip/freebsd
-skip/macos
-skip/osx
-skip/rhel
+# For some reason connecting to helper containers does not work on the Alpine VMs
+skip/alpine

tests/integration/targets/get_certificate/aliases

@@ -6,3 +6,6 @@ azp/generic/1
 azp/posix/1
 destructive
 needs/httptester
+
+# For some reason connecting to helper containers does not work on the Alpine VMs
+skip/alpine

tests/integration/targets/luks_device/tasks/main.yml

@@ -15,29 +15,66 @@
   loop:
     - keyfile1
     - keyfile2
+
+- name: Include OS-specific variables
+  include_vars: '{{ lookup("first_found", search) }}'
+  vars:
+    search:
+      files:
+      - '{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml'
+      - '{{ ansible_distribution }}-{{ ansible_distribution_version }}.yml'
+      - '{{ ansible_distribution }}.yml'
+      - '{{ ansible_os_family }}.yml'
+      - default.yml
+      paths:
+      - vars
+
 - name: Make sure cryptsetup is installed
   package:
     name: cryptsetup
     state: present
-  become: yes
+  become: true
+
+- name: Install additionally required packages
+  package:
+    name: '{{ luks_extra_packages }}'
+    state: present
+  become: true
+  when: luks_extra_packages | length > 0
+
+- name: Determine cryptsetup version
+  command: cryptsetup --version
+  register: cryptsetup_version
+
+- name: Extract cryptsetup version
+  set_fact:
+    cryptsetup_version: >-
+      {{ cryptsetup_version.stdout_lines[0] | regex_search('cryptsetup ([0-9]+\.[0-9]+\.[0-9]+)') | split | last }}
+
 - name: Create cryptfile
   command: dd if=/dev/zero of={{ remote_tmp_dir.replace('~', ansible_env.HOME) }}/cryptfile bs=1M count=32
+
+- name: Figure out next loopback device
+  command: losetup -f
+  become: true
+  register: cryptfile_device_output
+
 - name: Create lookback device
   command: losetup -f {{ remote_tmp_dir.replace('~', ansible_env.HOME) }}/cryptfile
-  become: yes
-- name: Determine loop device name
-  command: losetup -j {{ remote_tmp_dir.replace('~', ansible_env.HOME) }}/cryptfile --output name
-  become: yes
-  register: cryptfile_device_output
-- set_fact:
-    cryptfile_device: "{{ cryptfile_device_output.stdout_lines[1] }}"
+  become: true
+
+- name: Store some common data for tests
+  set_fact:
+    cryptfile_device: "{{ cryptfile_device_output.stdout_lines[0] }}"
     cryptfile_passphrase1: "uNiJ9vKG2mUOEWDiQVuBHJlfMHE"
     cryptfile_passphrase2: "HW4Ak2HtE2vvne0qjJMPTtmbV4M"
     cryptfile_passphrase3: "qQJqsjabO9pItV792k90VvX84MM"
+
 - block:
   - include_tasks: run-test.yml
     with_fileglob:
     - "tests/*.yml"
+
   always:
   - name: Make sure LUKS device is gone
     luks_device:
@@ -45,8 +82,10 @@
       state: absent
     become: yes
     ignore_errors: yes
+
   - command: losetup -d "{{ cryptfile_device }}"
     become: yes
+
   - file:
-      dest: "{{ remote_tmp_dir }}/cryptfile"
+      dest: "{{ remote_tmp_dir.replace('~', ansible_env.HOME) }}/cryptfile"
       state: absent

tests/integration/targets/luks_device/tasks/tests/performance.yml

@@ -3,10 +3,6 @@
 # GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
 # SPDX-License-Identifier: GPL-3.0-or-later
 
-- name: Gather package facts
-  package_facts:
-    manager: auto
-
 - name: On kernel >= 5.9 use performance flags
   block:
     - name: Create and open (check)
@@ -104,4 +100,4 @@
 
   when:
     - ansible_facts.kernel is version('5.9.0', '>=')
-    - ansible_facts.packages['cryptsetup'][0].version is version('2.3.4', '>=')
+    - cryptsetup_version is version('2.3.4', '>=')

tests/integration/targets/luks_device/vars/Alpine.yml

@@ -0,0 +1,10 @@
+---
+# Copyright (c) Ansible Project
+# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+cryptsetup_package: cryptsetup
+
+luks_extra_packages:
+  - device-mapper
+  - wipefs

tests/integration/targets/luks_device/vars/default.yml

@@ -0,0 +1,8 @@
+---
+# Copyright (c) Ansible Project
+# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+cryptsetup_package: cryptsetup
+
+luks_extra_packages: []

tests/integration/targets/openssl_privatekey_convert/aliases

@@ -2,7 +2,6 @@
 # GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
 # SPDX-License-Identifier: GPL-3.0-or-later
 
-context/controller
 azp/generic/1
 azp/posix/1
 destructive

tests/integration/targets/setup_bcrypt/tasks/main.yml

@@ -24,5 +24,5 @@
 - name: Ensure bcrypt_version is defined
   set_fact:
     bcrypt_version:
-      stdout: 0.0
-  when: bcrypt_version is not defined
+      stdout: "0.0"
+  when: bcrypt_version is failed

tests/integration/targets/setup_python_info/vars/main.yml

@@ -22,6 +22,10 @@ system_python_version_data:
       - '3.9'
     '34':
       - '3.9'
+    '35':
+      - '3.10'
+    '36':
+      - '3.10'
   Ubuntu:
     '16':
       - '2.7'
@@ -29,6 +33,8 @@ system_python_version_data:
       - '3.6'
     '20':
       - '3.8'
+    '22':
+      - '3.10'
   Darwin:
     '10.11':
       - '2.7'
@@ -67,6 +73,8 @@ system_python_version_data:
     '11':
       - '3.9'
   Alpine:
+    '3.16':
+      - '3.10'
     '3.15':
       - '3.9'
     '3.12':

tests/integration/targets/x509_certificate-acme/aliases

@@ -7,9 +7,5 @@ azp/posix/1
 cloud/acme
 context/target
 
-# Skip all VMs, since we cannot talk to the ACME simulator from these:
-skip/aix
-skip/freebsd
-skip/macos
-skip/osx
-skip/rhel
+# For some reason connecting to helper containers does not work on the Alpine VMs
+skip/alpine

tests/integration/targets/x509_certificate-acme/tasks/main.yml

@@ -95,6 +95,12 @@
       except ImportError:
           from urllib2 import Request # Python 2
 
+- name: "Monkey-patch acme-tiny: adjust shebang"
+  replace:
+    path: "{{ remote_tmp_dir }}/acme-tiny"
+    regexp: '^\#\!/usr/bin/env .*$'
+    replace: '#!{{ ansible_python_interpreter }}'
+
 - name: "Monkey-patch acme-tiny: Disable check that challenge file is reachable via HTTP"
   replace:
     path: "{{ remote_tmp_dir }}/acme-tiny"

tests/utils/shippable/alpine.sh

@@ -0,0 +1 @@
+remote.sh

tests/utils/shippable/fedora.sh

@@ -0,0 +1 @@
+remote.sh

tests/utils/shippable/remote.sh

@@ -10,6 +10,16 @@ IFS='/:' read -ra args <<< "$1"
 
 platform="${args[0]}"
 version="${args[1]}"
+pyver=default
+
+# check for explicit python version like 8.3@3.8
+declare -a splitversion
+IFS='@' read -ra splitversion <<< "$version"
+
+if [ "${#splitversion[@]}" -gt 1 ]; then
+    version="${splitversion[0]}"
+    pyver="${splitversion[1]}"
+fi
 
 if [ "${#args[@]}" -gt 2 ]; then
     target="azp/posix/${args[2]}/"
@@ -22,4 +32,4 @@ provider="${P:-default}"
 
 # shellcheck disable=SC2086
 ansible-test integration --color -v --retry-on-error "${target}" ${COVERAGE:+"$COVERAGE"} ${CHANGED:+"$CHANGED"} ${UNSTABLE:+"$UNSTABLE"} \
-    --remote "${platform}/${version}" --remote-terminate always --remote-stage "${stage}" --remote-provider "${provider}"
+    --python "${pyver}" --remote "${platform}/${version}" --remote-terminate always --remote-stage "${stage}" --remote-provider "${provider}"

tests/utils/shippable/ubuntu.sh

@@ -0,0 +1 @@
+remote.sh