From dfa9e6c725e627e1451801ab4453257a65fdcf7b Mon Sep 17 00:00:00 2001 From: Paul Smith Date: Thu, 11 Jan 2024 13:57:56 +0000 Subject: [PATCH] Remove molecule set for roles from tests/ folder roles now have their own molecule setup using the base config files --- tests/molecule/centos7_roles/molecule.yml | 64 -------------- tests/molecule/resources/roles/converge.yml | 34 ------- .../roles/inventory/group_vars/all.yml | 70 --------------- .../resources/roles/inventory/hosts.yml | 17 ---- tests/molecule/resources/roles/verify.yml | 13 --- .../resources/roles/verify/firewalld.yml | 88 ------------------- tests/molecule/rocky9_roles/molecule.yml | 65 -------------- 7 files changed, 351 deletions(-) delete mode 100644 tests/molecule/centos7_roles/molecule.yml delete mode 100644 tests/molecule/resources/roles/converge.yml delete mode 100644 tests/molecule/resources/roles/inventory/group_vars/all.yml delete mode 100644 tests/molecule/resources/roles/inventory/hosts.yml delete mode 100644 tests/molecule/resources/roles/verify.yml delete mode 100644 tests/molecule/resources/roles/verify/firewalld.yml delete mode 100644 tests/molecule/rocky9_roles/molecule.yml diff --git a/tests/molecule/centos7_roles/molecule.yml b/tests/molecule/centos7_roles/molecule.yml deleted file mode 100644 index defd4bb5..00000000 --- a/tests/molecule/centos7_roles/molecule.yml +++ /dev/null @@ -1,64 +0,0 @@ ---- -dependency: - name: galaxy - options: - force: true - role-file: ${MOLECULE_SCENARIO_DIRECTORY}/../../../meta/requirements.yml - requirements-file: ${MOLECULE_SCENARIO_DIRECTORY}/../../../meta/requirements.yml - -driver: - name: docker - -platforms: - - name: instance - hostname: molecule.instance.local - image: ${MOLECULE_DOCKER_IMAGE:-geerlingguy/docker-centos7-ansible:latest} - required: true - command: "" - cgroupns_mode: host - privileged: true - pre_build_image: ${MOLECULE_PRE_BUILD_IMAGE:-true} - volumes: - - ./molecule-data:/storage/molecule - keep_volumes: false - groups: - - all - - molecule - - centos7 - docker_networks: - - name: molecule - ipam_config: - - subnet: 192.168.56.0/24 - gateway: 192.168.56.1 - networks: - - name: molecule - ipv4_address: 192.168.56.2 - -provisioner: - name: ansible - log: true - config_options: - defaults: - callbacks_enabled: profile_tasks, timer, yaml - tags: - run: ${MOLECULE_RUN_TAGS:-all} - inventory: - links: - hosts: ../resources/roles/inventory/hosts.yml - group_vars: ../resources/roles/inventory/group_vars/ - playbooks: - converge: ../resources/roles/converge.yml - prepare: ../resources/shared/prepare.yml - verify: ../resources/roles/verify.yml - env: - ANSIBLE_VERBOSITY: "1" - -verifier: - name: ansible - env: - ANSIBLE_VERBOSITY: "1" - -lint: | - set -e - yamllint . - ansible-lint . diff --git a/tests/molecule/resources/roles/converge.yml b/tests/molecule/resources/roles/converge.yml deleted file mode 100644 index 6b0c9799..00000000 --- a/tests/molecule/resources/roles/converge.yml +++ /dev/null @@ -1,34 +0,0 @@ ---- -- name: Provision infrastructure - hosts: all - become: true - gather_facts: true - pre_tasks: - - name: Check the major Python version for the OS - tags: python - block: - - name: Check default version - ansible.builtin.include_role: - name: mirsg.infrastructure.install_python - tasks_from: check_default_version - - - name: Set install_python variable based on the version to be installed - ansible.builtin.set_fact: - install_python: "{{ install_python2 if default_python_version is version('2') else install_python3 }}" - - roles: - - role: mirsg.infrastructure.provision - tags: provision - - - role: mirsg.infrastructure.install_python - tags: python - - - role: mirsg.infrastructure.firewalld - tags: firewalld - - - role: mirsg.infrastructure.postgresql - tags: postgresql - -- name: Provision infrastructure with playbooks - ansible.builtin.import_playbook: mirsg.infrastructure.setup_user_accounts - tags: provision_accounts diff --git a/tests/molecule/resources/roles/inventory/group_vars/all.yml b/tests/molecule/resources/roles/inventory/group_vars/all.yml deleted file mode 100644 index d4f4f525..00000000 --- a/tests/molecule/resources/roles/inventory/group_vars/all.yml +++ /dev/null @@ -1,70 +0,0 @@ ---- -external_storage_drive: "/storage/molecule" -selinux_enabled: false - -# mirsg.infrastructure.provision -server_locale: "en_GB.UTF-8" - -# mirsg.infrastructure.install_python -install_python3: - version: "3" - pip_version: "21.3.1" - pip_executable: /usr/local/bin/pip3 - system_packages: - - python3 - - python3-pip - - python3-setuptools - pip_packages: - - cryptography - -install_python2: - version: "2" - pip_version: "20.3.4" - pip_executable: /usr/bin/pip - system_packages: - - python - - python-pip - - python-setuptools - pip_packages: - - cryptography - -install_python: "{{ install_python3 }}" # default to Python 3 - -# mirsg.infrastructure.firewalld -firewalld_allow_public_access: true -firewalld_internal_zone_open_services: - - http - - https - - ssh -firewalld_public_zone_open_services: - - http - - https -firewalld_work_zone_open_services: - - http - - https -firewalld_public_zone_ports: - - "8080" -firewalld_internal_zone_ports: - - "5432" - -# mirsg.infrastructure.postgresql -postgresql_rpm_gpg_key_pgdg_x86_64: >- - https://apt.postgresql.org/pub/repos/yum/keys/PGDG-RPM-GPG-KEY-RHEL -postgresql_use_ssl: false -postgresql_database: - database_name: "database" - user_name: "user" - user_password: "password" -postgresql_connection: - host: "molecule.instance.local" - port: 5432 - client_ip: 0.0.0.0 - listen_addresses: "'*'" - subnet_mask: 255.255.255.255 - -# mirsg.infrastructure.provision_accounts -os_users: - - username: test-user - crypted_password: $6$TSoIGqmpZJw24vqP$lrhHcIeuv3oi8kpBu3SVyqPeTLuXi5TJf5u7hUOY0vRb4MXWTp1Z/gsjAwC28EQrVnKOJwpw00tN8ExM6AoIC. - -os_users_groups: "wheel" diff --git a/tests/molecule/resources/roles/inventory/hosts.yml b/tests/molecule/resources/roles/inventory/hosts.yml deleted file mode 100644 index 3f601d43..00000000 --- a/tests/molecule/resources/roles/inventory/hosts.yml +++ /dev/null @@ -1,17 +0,0 @@ ---- -all: - # List of all servers, defining their alias and IP (hostname) - hosts: - # Host for your database server. Variables in host_vars/instance will be available to this host - instance: - hostname: molecule.instance.local - ansible_ip: 192.168.56.2 - ansible_port: 22 - - # Ansible groups. Groups allow configuration and variables to be shared between hosts - # Variables in group_vars/all will be shared between all hosts - children: - # All molecule servers. Variables in group_vars/molecule will be shared between these hosts - molecule: - hosts: - instance: diff --git a/tests/molecule/resources/roles/verify.yml b/tests/molecule/resources/roles/verify.yml deleted file mode 100644 index 191a53f1..00000000 --- a/tests/molecule/resources/roles/verify.yml +++ /dev/null @@ -1,13 +0,0 @@ ---- -- name: Verify - hosts: all - gather_facts: false - tasks: - - name: Verify firewalld - ansible.builtin.include_tasks: - file: verify/firewalld.yml - apply: - tags: - - firewalld - tags: - - firewalld diff --git a/tests/molecule/resources/roles/verify/firewalld.yml b/tests/molecule/resources/roles/verify/firewalld.yml deleted file mode 100644 index e739937a..00000000 --- a/tests/molecule/resources/roles/verify/firewalld.yml +++ /dev/null @@ -1,88 +0,0 @@ ---- -- name: Get services in internal zone - become: true - ansible.builtin.shell: | - set -o pipefail - firewall-cmd --list-services --zone=internal - register: internal_zone_services - changed_when: false - failed_when: false - -- name: Get services in public zone - become: true - ansible.builtin.shell: | - set -o pipefail - firewall-cmd --list-services --zone=public - register: public_zone_services - changed_when: false - failed_when: false - -- name: Get services in work zone - become: true - ansible.builtin.shell: | - set -o pipefail - firewall-cmd --list-services --zone=work - register: work_zone_services - changed_when: false - failed_when: false - -- name: Test that correct services are in internal zone - ansible.builtin.assert: - that: - - "'{{ item }}' in internal_zone_services.stdout" - loop: "{{ firewalld_internal_zone_open_services }}" - when: firewalld_internal_zone_open_services is defined - -- name: Test that correct services are in public zone - ansible.builtin.assert: - that: - - "'{{ item }}' in public_zone_services.stdout" - loop: "{{ firewalld_public_zone_open_services }}" - when: firewalld_public_zone_open_services is defined - -- name: Test that correct services are in work zone - ansible.builtin.assert: - that: - - "'{{ item }}' in work_zone_services.stdout" - loop: "{{ firewalld_work_zone_open_services }}" - when: firewalld_work_zone_open_services is defined - -- name: Test that internal zone is closed to the correct services - ansible.builtin.assert: - that: - - "'{{ item }}' not in internal_zone_services.stdout" - loop: "{{ firewalld_internal_zone_closed_services }}" - when: firewalld_internal_zone_closed_services is defined - -- name: Test that public zone is closed to the correct services - ansible.builtin.assert: - that: - - "'{{ item }}' not in public_zone_services.stdout" - loop: "{{ firewalld_public_zone_closed_services }}" - when: public_zone_closed_services is defined - -- name: Test that work zone is closed to the correct services - ansible.builtin.assert: - that: - - "'{{ item }}' not in work_zone_services.stdout" - loop: "{{ firewalld_work_zone_closed_services }}" - when: firewalld_work_zone_closed_services is defined - -- name: Get firewall default zone - become: true - ansible.builtin.shell: | - set -o pipefail - firewall-cmd --get-default-zone - register: firewall_default_zone - changed_when: false - failed_when: false - -- name: Assert that public is the default zone - ansible.builtin.assert: - that: "'public' in firewall_default_zone.stdout" - when: firewalld_allow_public_access - -- name: Assert that drop is the default zone - ansible.builtin.assert: - that: "'drop' in firewall_default_zone.stdout" - when: not firewalld_allow_public_access diff --git a/tests/molecule/rocky9_roles/molecule.yml b/tests/molecule/rocky9_roles/molecule.yml deleted file mode 100644 index e28e2b18..00000000 --- a/tests/molecule/rocky9_roles/molecule.yml +++ /dev/null @@ -1,65 +0,0 @@ ---- -dependency: - name: galaxy - options: - force: true - role-file: ${MOLECULE_SCENARIO_DIRECTORY}/../../../meta/requirements.yml - requirements-file: ${MOLECULE_SCENARIO_DIRECTORY}/../../../meta/requirements.yml - -driver: - name: docker - -platforms: - - name: instance - hostname: molecule.instance.local - image: ${MOLECULE_DOCKER_IMAGE:-geerlingguy/docker-rockylinux9-ansible:latest} - required: true - command: "" - cgroupns_mode: host - privileged: true - pre_build_image: ${MOLECULE_PRE_BUILD_IMAGE:-true} - volumes: - - ./molecule-data:/storage/molecule - - /sys/fs/cgroup:/sys/fs/cgroup:rw - keep_volumes: false - groups: - - all - - molecule - - rocky9 - docker_networks: - - name: molecule - ipam_config: - - subnet: 192.168.56.0/24 - gateway: 192.168.56.1 - networks: - - name: molecule - ipv4_address: 192.168.56.2 - -provisioner: - name: ansible - log: true - config_options: - defaults: - callbacks_enabled: profile_tasks, timer, yaml - tags: - run: ${MOLECULE_RUN_TAGS:-all} - inventory: - links: - hosts: ../resources/roles/inventory/hosts.yml - group_vars: ../resources/roles/inventory/group_vars/ - playbooks: - converge: ../resources/roles/converge.yml - prepare: ../resources/shared/prepare.yml - verify: ../resources/roles/verify.yml - env: - ANSIBLE_VERBOSITY: "1" - -verifier: - name: ansible - env: - ANSIBLE_VERBOSITY: "1" - -lint: | - set -e - yamllint . - ansible-lint .