You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
mitogen/tests/image_prep
Alex Willmer 8a34b925a4 tests: Re-enable become/sudo tests, fix them on macOS runners
The tasks in tests/imageprep/_user_accounts.yml that create users did not
specify a primary group for those users - this left the decision to Ansible's
user module, and/or the underlying OS. In Ansible 9+ (ansible-core 2.16+ the
user module defaults to primary group "staff." Earlier don't supply a default,
which releases probably results in a primary group nameed "None" (due to
stringifying the Python singleton of the same name), or whatever the macOS
Directory Services has for no data/NULL.

The invalid GID 4294967295 (MAX_UINT32 == 2**32-1) in the sudo error probably
enters the mix via something similar to sudo CVE-2019-14287.

Fixes #692

See
- https://github.com/ansible/ansible/pull/79999
- https://github.com/ansible/ansible/commit/c69c83c962f987c78af98da0746527df
- https://www.sudo.ws/security/advisories/minus_1_uid/

> Bruce Wayne : [confused]  Am I meant to understand any of that?
> Lucius Fox : Not at all, I just wanted you to know how hard it was.
> -- Batman Begins
2 days ago
..
group_vars ci: Extract container registry location into variables 1 month ago
host_vars tests: Add centos 8; debian 10, 11; ubuntu 16.04, 18.04, 20.04 test images 4 years ago
README.md
_container_create.yml
_container_finalize.yml ci: Extract container registry location into variables 1 month ago
_container_setup.yml ansible_mitogen: Handle AnsibleUnsafeText et al in Ansible >= 7 7 months ago
_user_accounts.yml tests: Re-enable become/sudo tests, fix them on macOS runners 2 days ago
ansible.cfg tests: Re-enable become/sudo tests, fix them on macOS runners 2 days ago
hosts.ini tests: Add centos 8; debian 10, 11; ubuntu 16.04, 18.04, 20.04 test images 4 years ago
py24-build.sh trivia: Fix trailing whitespace 3 weeks ago
py24.sh
setup.yml tests: Replace uses of ``include:``, unify skipping of mitogen only tests 7 months ago
tox.ini

README.md

image_prep

This directory contains Ansible playbooks for building the Docker containers used for testing, or for setting up an OS X laptop so the tests can (mostly) run locally.

The Docker config is more heavily jinxed to trigger adverse conditions in the code, the OS X config just has the user accounts.

See ../README.md for a (mostly) description of the accounts created.

Building the containers

No single version of Ansible supports every Linux distribution that we target. To workaround this Tox is used, to install and run multiple versions of Ansible, in Python virtualenvs.

tox

Preparing an OS X box

WARNING: this creates a ton of accounts with preconfigured passwords. It is generally impossible to restrict remote access to these, so your only option is to disable remote login and sharing.

ansible-playbook -b -c local -i localhost, -l localhost setup.yml