Merge pull request #1252 from moreati/issue1118-update-containers

CI: Mark and use 2021 test containers
9 months ago · b130cd9f90
parent 0388cd5c0f fdbd1a8c9b
commit b130cd9f90
19 changed files with 58 additions and 60 deletions
--- a/.ci/ci_lib.py
+++ b/.ci/ci_lib.py
@ -39,7 +39,7 @@ DISTRO_SPECS = os.environ.get(
 IMAGE_PREP_DIR = os.path.join(GIT_ROOT, 'tests/image_prep')
 IMAGE_TEMPLATE = os.environ.get(
    'MITOGEN_TEST_IMAGE_TEMPLATE',
-    'public.ecr.aws/n5z0e8q9/%(distro)s-test',
+    'ghcr.io/mitogen-hq/%(distro)s-test:2021',
 )
 TESTS_SSH_PRIVATE_KEY_FILE = os.path.join(GIT_ROOT, 'tests/data/docker/mitogen__has_sudo_pubkey.key')

@ -227,7 +227,7 @@ def container_specs(
    [{'distro': 'debian11',
      'family': 'debian',
      'hostname': 'localhost',
-      'image': 'public.ecr.aws/n5z0e8q9/debian11-test',
+      'image': 'ghcr.io/mitogen-hq/debian11-test:2021',
      'index': 1,
      'name': 'target-debian11-1',
      'port': 2201,
@ -235,7 +235,7 @@ def container_specs(
     {'distro': 'centos6',
      'family': 'centos',
      'hostname': 'localhost',
-      'image': 'public.ecr.aws/n5z0e8q9/centos6-test',
+      'image': 'ghcr.io/mitogen-hq/centos6-test:2021',
      'index': 2,
      'name': 'target-centos6-2',
      'port': 2202,
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@ -8,11 +8,6 @@ on:
    branches-ignore:
      - docs-master

-env:
-  #ANSIBLE_VERBOSITY: 3
-  #MITOGEN_LOG_LEVEL: DEBUG
-  MITOGEN_TEST_IMAGE_TEMPLATE: "ghcr.io/mitogen-hq/%(distro)s-test"
-
 # https://docs.github.com/en/actions/using-github-hosted-runners/about-github-hosted-runners/about-github-hosted-runners
 # https://github.com/actions/runner-images/blob/main/README.md#software-and-image-support
 jobs:
--- a/tests/ansible/hosts/group_vars/all.yml
+++ b/tests/ansible/hosts/group_vars/all.yml
@ -27,4 +27,3 @@ become_unpriv_available: >-
  -}}

 pkg_mgr_python_interpreter: python
-pkg_repos_overrides: []
--- a/tests/ansible/hosts/group_vars/centos8.yml
+++ b/tests/ansible/hosts/group_vars/centos8.yml
@ -1,7 +1,7 @@
 ---
 pkg_mgr_python_interpreter: /usr/libexec/platform-python

-pkg_repos_overrides:
+package_manager_repos:
  - dest: /etc/yum.repos.d/CentOS-Linux-AppStream.repo
    content: |
      [appstream]
--- a/tests/ansible/hosts/group_vars/debian11.yml
+++ b/tests/ansible/hosts/group_vars/debian11.yml
@ -0,0 +1,5 @@
+package_manager_keys:
+  - src: debian-archive-bullseye-automatic.gpg  # Debian 11
+    dest: /etc/apt/trusted.gpg.d/debian-archive-bullseye-automatic.gpg
+  - src: debian-archive-bookworm-automatic.gpg  # Debian 12
+    dest: /etc/apt/trusted.gpg.d/debian-archive-bookworm-automatic.gpg
--- a/tests/ansible/hosts/group_vars/debian9.yml
+++ b/tests/ansible/hosts/group_vars/debian9.yml
@ -1,4 +1,4 @@
-pkg_repos_overrides:
+package_manager_repos:
  - dest: /etc/apt/sources.list
    content: |
      deb http://archive.debian.org/debian stretch main contrib non-free
--- a/tests/ansible/regression/issue_776__load_plugins_called_twice.yml
+++ b/tests/ansible/regression/issue_776__load_plugins_called_twice.yml
@ -10,7 +10,7 @@
  vars:
    ansible_python_interpreter: "{{ pkg_mgr_python_interpreter }}"
    package: rsync  # Chosen to exist in all tested distros/package managers
-  tasks:
+  pre_tasks:
    # The package management modules require using the same Python version
    # as the target's package manager libraries. This is sometimes in conflict
    # with Ansible requirements, e.g. Ansible 10 (ansible-core 2.17) does not
@ -19,31 +19,13 @@
      when:
        - ansible_version.full is version('2.17', '>=', strict=True)

+  roles:
+    - role: package_manager
+
+  tasks:
    - name: Gather facts manually
      setup:

-    - name: Switch to archived package repositories
-      copy:
-        dest: "{{ item.dest }}"
-        content: "{{ item.content }}"
-        mode: u=rw,go=r
-      loop: "{{ pkg_repos_overrides }}"
-      loop_control:
-        label: "{{ item.dest }}"
-
-    - name: Add signing keys
-      copy:
-        src: "{{ item.src }}"
-        dest: "/etc/apt/trusted.gpg.d/{{ item.src | basename }}"
-        mode: u=rw,go=r
-      loop:
-        - src: debian-archive-bullseye-automatic.gpg  # Debian 11
-        - src: debian-archive-bookworm-automatic.gpg  # Debian 12
-      when:
-        # Ideally this would check for Debian 11, but distribution_major_version
-        # is unpopulated sometimes.
-        - ansible_facts.distribution == "Debian"
-
    - name: Update package index
      apt:
        update_cache: true
--- a/tests/image_prep/_container_setup.yml
+++ b/tests/image_prep/_container_setup.yml
@ -1,5 +1,5 @@
-
- hosts: all
+- name: Bootstrap containers
+  hosts: all
  strategy: linear
  gather_facts: false
  tasks:
@ -15,7 +15,8 @@
        fi
      when: bootstrap_packages | length

- hosts: all
+- name: Setup containers
+  hosts: all
  strategy: mitogen_free
  # Resource limitation, my laptop freezes doing every container concurrently
  serial: 4
@ -30,7 +31,9 @@
        - ansible_facts.virtualization_type != "docker"

  roles:
+    - role: package_manager
    - role: sshd
+    - role: sshd_container

  tasks:
    - name: Ensure requisite apt packages are installed
--- a/tests/image_prep/_user_accounts.yml
+++ b/tests/image_prep/_user_accounts.yml
@ -3,10 +3,8 @@
 #
 # WARNING: this creates non-privilged accounts with pre-set passwords!
 #
-
- import_playbook: ../ansible/setup/report_controller.yml
-
- hosts: all
+- name: Mitogen test users and groups
+  hosts: all
  gather_facts: true
  strategy: mitogen_free
  become: true
@ -64,7 +62,7 @@
    - name: Create Mitogen test groups
      group:
        name: "{{ item.name }}"
-      loop: "{{ mitogen_test_groups }}"
+      with_items: "{{ mitogen_test_groups }}"

    - name: Create user accounts
      vars:
@ -113,7 +111,11 @@
        state: restarted

    - name: Readonly homedir for one account
-      shell: "chown -R root: ~mitogen__readonly_homedir"
+      file:
+        path: ~mitogen__readonly_homedir
+        owner: root
+        recurse: true
+        state: directory

    - name: Slow bash profile for one account
      copy:
@ -160,7 +162,6 @@
          Defaults>mitogen__pw_required targetpw
          Defaults>mitogen__require_tty requiretty
          Defaults>mitogen__require_tty_pw_required requiretty,targetpw
-        prepend_newline: true
        validate: '/usr/sbin/visudo -cf %s'

    - name: Configure sudoers users
@ -176,7 +177,6 @@
          {% for runas_user in normal_users %}
          {{ lookup('pipe', 'whoami') }} ALL = ({{ runas_user.name }}:ALL) NOPASSWD:ALL
          {% endfor %}
-        prepend_newline: true
        validate: '/usr/sbin/visudo -cf %s'
      when:
        - ansible_virtualization_type != "docker"
--- a/tests/image_prep/macos_localhost.yml
+++ b/tests/image_prep/macos_localhost.yml
@ -5,3 +5,4 @@
  become: true
  roles:
    - role: sshd
+    - role: sshd_macos
--- a/tests/image_prep/roles/package_manager/defaults/main.yml
+++ b/tests/image_prep/roles/package_manager/defaults/main.yml
@ -0,0 +1,2 @@
+package_manager_keys: []
+package_manager_repos: []
--- a/tests/image_prep/roles/package_manager/files/debian-archive-bookworm-automatic.gpg
+++ b/tests/image_prep/roles/package_manager/files/debian-archive-bookworm-automatic.gpg
--- a/tests/image_prep/roles/package_manager/files/debian-archive-bullseye-automatic.gpg
+++ b/tests/image_prep/roles/package_manager/files/debian-archive-bullseye-automatic.gpg
--- a/tests/image_prep/roles/package_manager/tasks/main.yml
+++ b/tests/image_prep/roles/package_manager/tasks/main.yml
@ -0,0 +1,13 @@
+- name: Add signing keys
+  copy:
+    src: "{{ item.src }}"
+    dest: "{{ item.dest }}"
+    mode: u=rw,go=r
+  with_items: "{{ package_manager_keys }}"
+
+- name: Configure package repositories
+  copy:
+    dest: "{{ item.dest }}"
+    content: "{{ item.content }}"
+    mode: u=rw,go=r
+  with_items: "{{ package_manager_repos }}"
--- a/tests/image_prep/roles/sshd/tasks/main.yml
+++ b/tests/image_prep/roles/sshd/tasks/main.yml
@ -9,23 +9,12 @@
    path: "{{ sshd_config_file }}"
    line: "{{ item.line }}"
    regexp: "{{ item.regexp }}"
-  loop:
+  with_items:
    - line:     Banner /etc/ssh/banner.txt
      regexp:   '^#? *Banner.*'
    - line:     MaxAuthTries {{ sshd_config__max_auth_tries }}
      regexp:   '^#? *MaxAuthTries.*'
    - line:     PermitRootLogin yes
      regexp:   '.*PermitRootLogin.*'
-  loop_control:
-    label: "{{ item.line }}"
-  register: configure_sshd_result
-
- name: Restart sshd
-  shell: |
-    launchctl unload /System/Library/LaunchDaemons/ssh.plist
-    wait 5
-    launchctl load -w /System/Library/LaunchDaemons/ssh.plist
-  changed_when: true
-  when:
-    - ansible_facts.distribution == "MacOSX"
-    - configure_sshd_result is changed
+  notify:
+    - Restart sshd  # Handler in platform specific role
--- a/tests/image_prep/roles/sshd_container/handlers/main.yml
+++ b/tests/image_prep/roles/sshd_container/handlers/main.yml
@ -0,0 +1,2 @@
+- name: Restart sshd
+  meta: noop
--- a/tests/image_prep/roles/sshd_macos/handlers/main.yml
+++ b/tests/image_prep/roles/sshd_macos/handlers/main.yml
@ -0,0 +1,6 @@
+- name: Restart sshd
+  shell: |
+    launchctl unload /System/Library/LaunchDaemons/ssh.plist
+    wait 5
+    launchctl load -w /System/Library/LaunchDaemons/ssh.plist
+  changed_when: true
--- a/tests/testlib.py
+++ b/tests/testlib.py
@ -57,7 +57,7 @@ DISTRO_SPECS = os.environ.get(
 )
 IMAGE_TEMPLATE = os.environ.get(
    'MITOGEN_TEST_IMAGE_TEMPLATE',
-    'public.ecr.aws/n5z0e8q9/%(distro)s-test',
+    'ghcr.io/mitogen-hq/%(distro)s-test:2021',
 )

 TESTS_DIR =                     os.path.join(os.path.dirname(__file__))
--- a/tox.ini
+++ b/tox.ini
@ -100,6 +100,7 @@ passenv =
    HOME
    MITOGEN_*
 setenv =
+    ANSIBLE_ROLES_PATH = {toxinidir}/tests/image_prep/roles
    # See also azure-pipelines.yml
    ANSIBLE_STRATEGY = mitogen_linear
    NOCOVERAGE_ERASE = 1