diff --git a/.zuul.yaml b/.zuul.yaml index 1c1d74b08b..b47d22da3f 100644 --- a/.zuul.yaml +++ b/.zuul.yaml @@ -131,14 +131,6 @@ label: ubuntu-bionic - name: centos7 label: centos-7 - groups: - # We test puppet installation on this group. Note bionic not - # in here as we have no bionic puppeted nodes (yet?) - - name: puppet - nodes: - - trusty - - xenial - - centos7 host-vars: trusty: ansible_python_interpreter: python2 @@ -153,6 +145,21 @@ - roles/.* - testinfra/.* +- job: + name: system-config-run-eavesdrop + nodeset: + nodes: + - name: bridge.openstack.org + label: ubuntu-bionic + - name: eavesdrop01.openstack.org + label: ubuntu-xenial + pre-run: playbooks/zuul/run-base-pre.yaml + run: playbooks/zuul/run-base.yaml + files: + - .zuul.yaml + - playbooks/group_vars/eavesdrop.yaml + - testinfra/test_eavesdrop.py + - project: templates: - system-config-zuul-role-integration @@ -163,6 +170,7 @@ - puppet-beaker-rspec-puppet-4-infra-system-config - puppet-beaker-rspec-puppet-4-centos-7-infra-system-config - system-config-run-base + - system-config-run-eavesdrop gate: jobs: - puppet-beaker-rspec-infra-system-config @@ -170,3 +178,4 @@ - puppet-beaker-rspec-puppet-4-infra-system-config - puppet-beaker-rspec-puppet-4-centos-7-infra-system-config - system-config-run-base + - system-config-run-eavesdrop diff --git a/inventory/groups.yaml b/inventory/groups.yaml index 3e3677356d..3856654e4e 100644 --- a/inventory/groups.yaml +++ b/inventory/groups.yaml @@ -32,7 +32,7 @@ groups: ns: inventory_hostname.startswith('ns') paste: inventory_hostname.startswith('paste') pbx: inventory_hostname.startswith('pbx') - puppet: not inventory_hostname.startswith('bridge') + puppet: not (inventory_hostname.startswith('bridge') or inventory_hostname.startswith('bionic')) refstack: inventory_hostname.startswith('refstack') review-dev: inventory_hostname is match('review-dev\d+\.openstack\.org') review: inventory_hostname is match('review\d+\.openstack\.org') diff --git a/playbooks/zuul/run-base.yaml b/playbooks/zuul/run-base.yaml index f1caf79f96..8d76ef9c4e 100644 --- a/playbooks/zuul/run-base.yaml +++ b/playbooks/zuul/run-base.yaml @@ -12,17 +12,17 @@ write_inventory_dest: /etc/ansible/hosts/inventory.yaml write_inventory_exclude_hostvars: - ansible_user - - name: Update ansible.cfg to use job inventory - ini_file: - path: /etc/ansible/ansible.cfg - section: defaults - option: inventory - value: /etc/ansible/hosts/inventory.yaml - name: Set up /opt/system-config repo git: repo: /home/zuul/src/git.openstack.org/openstack-infra/system-config dest: /opt/system-config force: yes + - name: Update ansible.cfg to use job inventory + ini_file: + path: /etc/ansible/ansible.cfg + section: defaults + option: inventory + value: /etc/ansible/hosts/inventory.yaml,/opt/system-config/inventory/groups.yaml - name: Make host_vars directory file: path: "/etc/ansible/hosts/host_vars" @@ -41,6 +41,8 @@ dest: "/etc/ansible/hosts/{{ item }}" loop: - group_vars/all.yaml + - name: Display group membership + command: ansible localhost -m debug -a 'var=groups' - name: Run base.yaml command: ansible-playbook /home/zuul/src/git.openstack.org/openstack-infra/system-config/playbooks/base.yaml - name: Run testinfra to validate configuration @@ -48,4 +50,3 @@ name: tox vars: tox_envlist: testinfra - tox_extra_args: testinfra/test_base.py diff --git a/test-requirements.txt b/test-requirements.txt index 069a94eccb..3fc01e2228 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -8,6 +8,3 @@ ansible-lint openstacksdk zuul-sphinx>=0.2.3 testinfra -# pytest-xdist is a plugin for pytest which allows parallel execution, -# used by testinfra -pytest-xdist diff --git a/testinfra/test_base.py b/testinfra/test_base.py index 6ecdb76452..e879b50d23 100644 --- a/testinfra/test_base.py +++ b/testinfra/test_base.py @@ -15,6 +15,9 @@ import socket +testinfra_hosts = ['all'] + + def get_ips(value, family=None): ret = set() try: diff --git a/testinfra/test_eavesdrop.py b/testinfra/test_eavesdrop.py new file mode 100644 index 0000000000..f2772f40e3 --- /dev/null +++ b/testinfra/test_eavesdrop.py @@ -0,0 +1,25 @@ +# Copyright 2018 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +testinfra_hosts = ['eavesdrop01.openstack.org'] + + +def test_eavesdrop(host): + rules = host.iptables.rules() + rules = [x.strip() for x in rules] + + web = ('-A openstack-INPUT -p tcp -m state --state NEW' + ' -m tcp --dport 80 -j ACCEPT') + assert web in rules diff --git a/tox.ini b/tox.ini index bfbfe6773c..e95ba03521 100644 --- a/tox.ini +++ b/tox.ini @@ -32,7 +32,7 @@ deps = -r{toxinidir}/doc/requirements.txt commands = sphinx-build -W -E -b html doc/source doc/build/html [testenv:testinfra] -commands = py.test -n 5 --junit-xml junit.xml --connection=ansible --ansible-inventory=/etc/ansible/hosts/inventory.yaml --hosts=all -v {posargs} +commands = py.test --junit-xml junit.xml --connection=ansible --ansible-inventory=/etc/ansible/hosts/inventory.yaml -v testinfra {posargs} [flake8] show-source = True