diff --git a/.github/workflows/enteprise.yml b/.github/workflows/enteprise.yml index 6e65ad289..729958a13 100644 --- a/.github/workflows/enteprise.yml +++ b/.github/workflows/enteprise.yml @@ -115,6 +115,7 @@ jobs: - name: pki - name: elasticsearch - name: identity + - name: prerun_network_checks runner: - ubuntu-latest include: diff --git a/molecule/prerun_network_checks/converge.yml b/molecule/prerun_network_checks/converge.yml new file mode 100644 index 000000000..4c987f298 --- /dev/null +++ b/molecule/prerun_network_checks/converge.yml @@ -0,0 +1,3 @@ +--- +- name: Run the playbook + ansible.builtin.import_playbook: ../../playbooks/prerun-network-checks.yml diff --git a/molecule/prerun_network_checks/host_vars/instance.yml b/molecule/prerun_network_checks/host_vars/instance.yml new file mode 100644 index 000000000..382c265ee --- /dev/null +++ b/molecule/prerun_network_checks/host_vars/instance.yml @@ -0,0 +1,5 @@ +ansible_user: ansible +# BEGIN KNOWN_URLS VAR +known_urls: + - https://localhost/share/ +# END KNOWN_URLS VAR diff --git a/molecule/prerun_network_checks/molecule.yml b/molecule/prerun_network_checks/molecule.yml new file mode 100644 index 000000000..30df2ca9d --- /dev/null +++ b/molecule/prerun_network_checks/molecule.yml @@ -0,0 +1,46 @@ +--- +dependency: + name: galaxy +driver: + name: docker +platforms: + - name: instance + image: $MOLECULE_ROLE_IMAGE + dockerfile: ../../tests/molecule/Dockerfile-noprivs.j2 + command: "/lib/systemd/systemd" + privileged: true + tmpfs: + - /run + - /run/lock + - /tmp + volume_mounts: + - "/sys/fs/cgroup:/sys/fs/cgroup:ro" + groups: + - database + - activemq + - transformers + - search + - repository + - trusted_resource_consumers + - syncservice + - acc + - adw + - nginx + +provisioner: + name: ansible + config_options: + defaults: + pipelining: true + ansible_args: + - -e + - "@../../tests/test-ssl.yml" + inventory: + links: + group_vars: ../../group_vars + host_vars: host_vars + playbooks: + prepare: ../default/prepare.yml + verify: ../default/verify.yml +verifier: + name: ansible diff --git a/playbooks/prerun-network-checks.yml b/playbooks/prerun-network-checks.yml index 8d625e493..56cc16978 100644 --- a/playbooks/prerun-network-checks.yml +++ b/playbooks/prerun-network-checks.yml @@ -1,84 +1,96 @@ --- +# This playbook is used to run preliminary network checks for the hosts in the ACS deployment. +# the default('localhost') is only useful while testing on molecule - name: Run preliminary network checks for repository hosts hosts: repository become: true tasks: + - name: Include common defaults + ansible.builtin.include_vars: ../roles/common/defaults/main.yml + - name: Check db connection - ansible.builtin.include_tasks: "check_port.yml" + ansible.builtin.include_tasks: "tasks/check_port.yml" vars: - checked_host: "{% if groups.database | length == 0 %}127.0.0.1{% else %}{{ hostvars[groups.database[0]].ansible_host | default('127.0.0.1') }}{% endif %}" + checked_host: "{{ hostvars[groups.database[0]].ansible_host | default('localhost') }}" checked_port: "{{ ports_cfg.postgres.sql }}" delegate_target: "{{ groups.database | first }}" - when: repo_db_url == "" + when: repo_db_url == "" and groups.database | default([]) | length > 0 - name: Check activemq connection - ansible.builtin.include_tasks: "check_port.yml" + ansible.builtin.include_tasks: "tasks/check_port.yml" vars: - checked_host: "{% if groups.activemq | length == 0 %}127.0.0.1{% else %}{{ hostvars[groups.activemq[0]].ansible_host | default('127.0.0.1') }}{% endif %}" + checked_host: "{{ hostvars[groups.activemq[0]].ansible_host | default('localhost') }}" checked_port: "{{ ports_cfg.activemq[activemq_protocol] }}" delegate_target: "{{ groups.activemq | first }}" when: groups.activemq | default([]) | length > 0 - name: Check search connection - ansible.builtin.include_tasks: "check_port.yml" + ansible.builtin.include_tasks: "tasks/check_port.yml" vars: - checked_host: "{% if groups.search | length == 0 %}127.0.0.1{% else %}{{ hostvars[groups.search[0]].ansible_host | default('127.0.0.1') }}{% endif %}" + checked_host: "{{ hostvars[groups.search[0]].ansible_host | default('localhost') }}" checked_port: "{{ ports_cfg.search.http }}" delegate_target: "{{ groups.search | first }}" when: groups.search | default([]) | length > 0 - name: Check sync connection - ansible.builtin.include_tasks: "check_port.yml" + ansible.builtin.include_tasks: "tasks/check_port.yml" vars: - checked_host: "{% if groups.syncservice | length == 0 %}127.0.0.1{% else %}{{ hostvars[groups.syncservice[0]].ansible_host | default('127.0.0.1') }}{% endif %}" + checked_host: "{{ hostvars[groups.syncservice[0]].ansible_host | default('localhost') }}" checked_port: "{{ ports_cfg.sync.http }}" delegate_target: "{{ groups.syncservice | first }}" when: - groups.syncservice | default([]) | length > 0 - - acs.edition == "Enterprise" - name: Check sfs connection - ansible.builtin.include_tasks: "check_port.yml" + ansible.builtin.include_tasks: "tasks/check_port.yml" vars: - checked_host: "{% if groups.transformers | length == 0 %}127.0.0.1{% else %}{{ hostvars[groups.transformers[0]].ansible_host | default('127.0.0.1') }}{% endif %}" + checked_host: "{{ hostvars[groups.transformers[0]].ansible_host | default('localhost') }}" checked_port: "{{ ports_cfg.sfs.http }}" delegate_target: "{{ groups.transformers | first }}" - when: acs.edition == "Enterprise" + when: acs.edition == "Enterprise" and groups.transformers | default([]) | length > 0 - name: Check trouter connection - ansible.builtin.include_tasks: "check_port.yml" + ansible.builtin.include_tasks: "tasks/check_port.yml" vars: - checked_host: "{% if groups.transformers | length == 0 %}127.0.0.1{% else %}{{ hostvars[groups.transformers[0]].ansible_host | default('127.0.0.1') }}{% endif %}" + checked_host: "{{ hostvars[groups.transformers[0]].ansible_host | default('localhost') }}" checked_port: "{{ ports_cfg.transformers.trouter }}" delegate_target: "{{ groups.transformers | first }}" - when: acs.edition == "Enterprise" + when: acs.edition == "Enterprise" and groups.transformers | default([]) | length > 0 - name: Check tengine connection - ansible.builtin.include_tasks: "check_port.yml" + ansible.builtin.include_tasks: "tasks/check_port.yml" vars: - checked_host: "{% if groups.transformers | length == 0 %}127.0.0.1{% else %}{{ hostvars[groups.transformers[0]].ansible_host | default('127.0.0.1') }}{% endif %}" + checked_host: "{{ hostvars[groups.transformers[0]].ansible_host | default('localhost') }}" checked_port: "{{ ports_cfg.transformers.tengine }}" delegate_target: "{{ groups.transformers | first }}" + when: groups.transformers | default([]) | length > 0 - name: Run preliminary network checks for search hosts hosts: search become: true tasks: + - name: Include common defaults + ansible.builtin.include_vars: ../roles/common/defaults/main.yml + - name: Check repo connection - ansible.builtin.include_tasks: "check_port.yml" + ansible.builtin.include_tasks: "tasks/check_port.yml" vars: - checked_host: "{% if groups.repository | length == 0 %}127.0.0.1{% else %}{{ hostvars[groups.repository[0]].ansible_host | default('127.0.0.1') }}{% endif %}" + checked_host: "{{ hostvars[groups.repository[0]].ansible_host | default('localhost') }}" checked_port: "{{ ports_cfg.repository.http }}" delegate_target: "{{ groups.repository | first }}" + when: groups.repository | default([]) | length > 0 - name: Run preliminary network checks for transformers hosts hosts: transformers become: true tasks: + - name: Include common defaults + ansible.builtin.include_vars: ../roles/common/defaults/main.yml + - name: Check activemq connection - ansible.builtin.include_tasks: "check_port.yml" + ansible.builtin.include_tasks: "tasks/check_port.yml" vars: - checked_host: "{% if groups.activemq | length == 0 %}127.0.0.1{% else %}{{ hostvars[groups.activemq[0]].ansible_host | default('127.0.0.1') }}{% endif %}" + checked_host: "{{ hostvars[groups.activemq[0]].ansible_host | default('localhost') }}" checked_port: "{{ ports_cfg.activemq[activemq_protocol] }}" delegate_target: "{{ groups.activemq | first }}" when: groups.activemq | default([]) | length > 0 @@ -87,25 +99,29 @@ hosts: syncservice become: true tasks: + - name: Include common defaults + ansible.builtin.include_vars: ../roles/common/defaults/main.yml + - name: Check db connection - ansible.builtin.include_tasks: "check_port.yml" + ansible.builtin.include_tasks: "tasks/check_port.yml" vars: - checked_host: "{% if groups.database | length == 0 %}127.0.0.1{% else %}{{ hostvars[groups.database[0]].ansible_host | default('127.0.0.1') }}{% endif %}" + checked_host: "{{ hostvars[groups.database[0]].ansible_host | default('localhost') }}" checked_port: "{{ ports_cfg.postgres.sql }}" delegate_target: "{{ groups.database | first }}" - when: repo_db_url == "" + when: repo_db_url == "" and groups.database | default([]) | length > 0 - name: Check repo connection - ansible.builtin.include_tasks: "check_port.yml" + ansible.builtin.include_tasks: "tasks/check_port.yml" vars: - checked_host: "{% if groups.repository | length == 0 %}127.0.0.1{% else %}{{ hostvars[groups.repository[0]].ansible_host | default('127.0.0.1') }}{% endif %}" + checked_host: "{{ hostvars[groups.repository[0]].ansible_host | default('localhost') }}" checked_port: "{{ ports_cfg.repository.http }}" delegate_target: "{{ groups.repository | first }}" + when: groups.repository | default([]) | length > 0 - name: Check activemq connection - ansible.builtin.include_tasks: "check_port.yml" + ansible.builtin.include_tasks: "tasks/check_port.yml" vars: - checked_host: "{% if groups.activemq | length == 0 %}127.0.0.1{% else %}{{ hostvars[groups.activemq[0]].ansible_host | default('127.0.0.1') }}{% endif %}" + checked_host: "{{ hostvars[groups.activemq[0]].ansible_host | default('localhost') }}" checked_port: "{{ ports_cfg.activemq[activemq_protocol] }}" delegate_target: "{{ groups.activemq | first }}" when: groups.activemq | default([]) | length > 0 @@ -114,61 +130,70 @@ hosts: acc become: true tasks: + - name: Include common defaults + ansible.builtin.include_vars: ../roles/common/defaults/main.yml + - name: Check repo connection - ansible.builtin.include_tasks: "check_port.yml" + ansible.builtin.include_tasks: "tasks/check_port.yml" vars: - checked_host: "{% if groups.repository | length == 0 %}127.0.0.1{% else %}{{ hostvars[groups.repository[0]].ansible_host | default('127.0.0.1') }}{% endif %}" + checked_host: "{{ hostvars[groups.repository[0]].ansible_host | default('localhost') }}" checked_port: "{{ ports_cfg.repository.http }}" delegate_target: "{{ groups.repository | first }}" + when: groups.repository | default([]) | length > 0 - name: Run preliminary network checks for adw hosts hosts: adw become: true tasks: + - name: Include common defaults + ansible.builtin.include_vars: ../roles/common/defaults/main.yml + - name: Check repo connection - ansible.builtin.include_tasks: "check_port.yml" + ansible.builtin.include_tasks: "tasks/check_port.yml" vars: - checked_host: "{% if groups.repository | length == 0 %}127.0.0.1{% else %}{{ hostvars[groups.repository[0]].ansible_host | default('127.0.0.1') }}{% endif %}" + checked_host: "{{ hostvars[groups.repository[0]].ansible_host | default('localhost') }}" checked_port: "{{ ports_cfg.repository.http }}" delegate_target: "{{ groups.repository | first }}" + when: groups.repository | default([]) | length > 0 - name: Run preliminary network checks for nginx hosts hosts: nginx become: true tasks: + - name: Include common defaults + ansible.builtin.include_vars: ../roles/common/defaults/main.yml + - name: Check repo connection - ansible.builtin.include_tasks: "check_port.yml" + ansible.builtin.include_tasks: "tasks/check_port.yml" vars: - checked_host: "{% if groups.repository | length == 0 %}127.0.0.1{% else %}{{ hostvars[groups.repository[0]].ansible_host | default('127.0.0.1') }}{% endif %}" + checked_host: "{{ hostvars[groups.repository[0]].ansible_host | default('localhost') }}" checked_port: "{{ ports_cfg.repository.http }}" delegate_target: "{{ groups.repository | first }}" + when: groups.repository | default([]) | length > 0 - name: Check sync connection - ansible.builtin.include_tasks: "check_port.yml" + ansible.builtin.include_tasks: "tasks/check_port.yml" vars: - checked_host: "{% if groups.syncservice | length == 0 %}127.0.0.1{% else %}{{ hostvars[groups.syncservice[0]].ansible_host | default('127.0.0.1') }}{% endif %}" + checked_host: "{{ hostvars[groups.syncservice[0]].ansible_host | default('localhost') }}" checked_port: "{{ ports_cfg.sync.http }}" delegate_target: "{{ groups.syncservice | first }}" when: - groups.syncservice | default([]) | length > 0 - - acs.edition == "Enterprise" - name: Check acc connection - ansible.builtin.include_tasks: "check_port.yml" + ansible.builtin.include_tasks: "tasks/check_port.yml" vars: - checked_host: "{% if groups.acc | length == 0 %}127.0.0.1{% else %}{{ hostvars[groups.acc[0]].ansible_host | default('127.0.0.1') }}{% endif %}" + checked_host: "{{ hostvars[groups.acc[0]].ansible_host | default('localhost') }}" checked_port: "{{ ports_cfg.acc.http }}" delegate_target: "{{ groups.acc | first }}" when: - groups.acc | default([]) | length > 0 - - acs.edition == "Enterprise" - name: Check adw connection - ansible.builtin.include_tasks: "check_port.yml" + ansible.builtin.include_tasks: "tasks/check_port.yml" vars: - checked_host: "{% if groups.adw | length == 0 %}127.0.0.1{% else %}{{ hostvars[groups.adw[0]].ansible_host | default('127.0.0.1') }}{% endif %}" + checked_host: "{{ hostvars[groups.adw[0]].ansible_host | default('localhost') }}" checked_port: "{{ ports_cfg.adw.http }}" delegate_target: "{{ groups.adw | first }}" when: - groups.adw | default([]) | length > 0 - - acs.edition == "Enterprise" diff --git a/playbooks/check_port.yml b/playbooks/tasks/check_port.yml similarity index 81% rename from playbooks/check_port.yml rename to playbooks/tasks/check_port.yml index 7d3509a4d..35bfd3866 100644 --- a/playbooks/check_port.yml +++ b/playbooks/tasks/check_port.yml @@ -1,8 +1,5 @@ - - name: Include common defaults - ansible.builtin.include_vars: ../../common/defaults/main.yml - - - name: Check connectivity - block: +- name: Check connectivity + block: # This task needs to be retried in case a previous iteration still listens (default retry of 3 is fine as it aligns with async 10 of listen tasks) - name: Check if {{ checked_port }} already open on {{ delegate_target }} register: r_connect @@ -21,7 +18,7 @@ delegate_to: "{{ delegate_target }}" async: 10 poll: 0 - - name: Verify if {{ inventory_hostname }} can reach {{ delegate_target }}:{{ checked_port }} + - name: Verify if {{ delegate_target }} is reachable to {{ checked_host }}:{{ checked_port }} ansible.builtin.wait_for: host: "{{ checked_host }}" port: "{{ checked_port }}"