diff --git a/defaults/main.yml b/defaults/main.yml index 347dff2a..dc1b08ae 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -29,9 +29,9 @@ rabbitmq_upgrade: false # upgrade/version state can be ignored by setting `rabbitmq_ignore_version_state=true` rabbitmq_ignore_version_state: false -rabbitmq_package_url: "https://www.rabbitmq.com/releases/rabbitmq-server/v3.6.0/rabbitmq-server_3.6.0-1_all.deb" +rabbitmq_package_url: "https://www.rabbitmq.com/releases/rabbitmq-server/v3.6.1/rabbitmq-server_3.6.1-1_all.deb" rabbitmq_package_version: "{{ rabbitmq_package_url.split('/')[-1].split('_')[1] }}" -rabbitmq_package_sha256: "fb1e3705d9bea34da31b5857171f476119389da322e687deb3d725bdf6188d1e" +rabbitmq_package_sha256: "0728fbdb14ec62712c6f931a7d91648cafbc6c30d8d4da790832e784b4d2e956" rabbitmq_package_path: "/opt/rabbitmq-server.deb" rabbitmq_apt_packages: diff --git a/tests/test-container-create.yml b/tests/test-container-create.yml new file mode 100644 index 00000000..efca943a --- /dev/null +++ b/tests/test-container-create.yml @@ -0,0 +1,54 @@ +--- +# Copyright 2015, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Create test containers + hosts: all_containers + connection: local + gather_facts: false + pre_tasks: + - name: Destroy test containers + lxc_container: + name: "{{ container_name }}" + state: "absent" + delegate_to: "{{ physical_host }}" + tags: + - container-destroy + - name: Destroy container service directories + file: + path: "{{ item }}" + state: "absent" + with_items: + - "/openstack/{{ container_name }}" + - "/openstack/backup/{{ container_name }}" + - "/openstack/log/{{ container_name }}" + - "/var/lib/lxc/{{ container_name }}" + - "{{ lxc_container_directory|default('/var/lib/lxc') }}/{{ container_name }}" + delegate_to: "{{ physical_host }}" + tags: + - container-directories + roles: + - role: "lxc_container_create" + lxc_container_release: trusty + lxc_container_backing_store: dir + global_environment_variables: + PATH: "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + post_tasks: + - name: Wait for ssh to be available + local_action: + module: wait_for + port: "{{ ansible_ssh_port | default('22') }}" + host: "{{ ansible_ssh_host | default(inventory_hostname) }}" + search_regex: OpenSSH + delay: 1 diff --git a/tests/test-functional.yml b/tests/test-functional.yml new file mode 100644 index 00000000..4eec0f35 --- /dev/null +++ b/tests/test-functional.yml @@ -0,0 +1,63 @@ +--- +# Copyright 2015, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + - name: Check rabbitmq is running + command: "pgrep rabbit" + delegate_to: "{{ item }}" + when: ansible_ssh_host == item + with_items: + - 10.100.100.101 + - 10.100.100.102 + - 10.100.100.103 + - name: Open rabbitmq.config + slurp: + src: "/etc/rabbitmq/rabbitmq.config" + register: rabbitmq_config + - name: Open enabled_plugins + slurp: + src: "/etc/rabbitmq/enabled_plugins" + register: enabled_plugins + - name: Read rabbitmq_ssl_cert + stat: + path: "{{ rabbitmq_ssl_cert }}" + register: rabbitmq_ssl_cert_stat + - name: Read rabbitmq_ssl_key + stat: + path: "{{ rabbitmq_ssl_key }}" + register: rabbitmq_ssl_key_stat + - name: Read rabbit files + set_fact: + enabled_plugins_contents: "{{ enabled_plugins.content | b64decode }}" + rabbitmq_config_contents: "{{ rabbitmq_config.content | b64decode }}" + rabbitmq_ssl_cert_checksum: "{{ rabbitmq_ssl_cert_stat.stat.checksum }}" + rabbitmq_ssl_key_checksum: "{{ rabbitmq_ssl_key_stat.stat.checksum }}" + - name: Check files contents + assert: + that: + - "'rabbitmq_management' in enabled_plugins_contents" + - "'rabbit@10.100.100.101' in rabbitmq_config_contents" + - "'rabbit@10.100.100.102' in rabbitmq_config_contents" + - "'rabbit@10.100.100.103' in rabbitmq_config_contents" + - name: Get status of rabbitmq + command: rabbitmqctl status + register: rabbitmqctl_status + - name: Ensure SSL cert/key checksums are identical across cluster + assert: + that: + - hostvars['container1']['rabbitmq_ssl_cert_checksum'] == hostvars['container2']['rabbitmq_ssl_cert_checksum'] == hostvars['container3']['rabbitmq_ssl_cert_checksum'] + - hostvars['container1']['rabbitmq_ssl_key_checksum'] == hostvars['container2']['rabbitmq_ssl_key_checksum'] == hostvars['container3']['rabbitmq_ssl_key_checksum'] + - name: Ensure expected version of rabbitmq is running + assert: + that: rabbitmqctl_status.stdout | search ("rabbit,\"RabbitMQ\",\"{{ rabbitmq_package_version.split('-')[0] }}\"") diff --git a/tests/test-prep.yml b/tests/test-prep.yml new file mode 100644 index 00000000..341f1877 --- /dev/null +++ b/tests/test-prep.yml @@ -0,0 +1,89 @@ +--- +# Copyright 2015, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Create ssh key pairs for use with containers + hosts: 127.0.0.1 + connection: local + become: false + pre_tasks: + - name: Create ssh key pair for root + user: + name: "{{ ansible_ssh_user }}" + generate_ssh_key: "yes" + ssh_key_bits: 2048 + ssh_key_file: ".ssh/id_rsa" + - name: get the calling users key + command: cat ~/.ssh/id_rsa.pub + register: key_get + - set_fact: + lxc_container_ssh_key: "{{ key_get.stdout }}" + +- name: Perform basic LXC host setup + hosts: localhost + connection: local + pre_tasks: + - name: Ensure root's new public ssh key is in authorized_keys + authorized_key: + user: root + key: "{{ hostvars['127.0.0.1']['lxc_container_ssh_key'] }}" + manage_dir: no + - set_fact: + lxc_container_ssh_key: "{{ hostvars['127.0.0.1']['lxc_container_ssh_key'] }}" + roles: + - role: "lxc_hosts" + lxc_net_address: 10.100.100.1 + lxc_net_dhcp_range: 10.100.100.2,10.100.100.253 + lxc_net_bridge: lxcbr0 + lxc_kernel_options: + - { key: 'fs.inotify.max_user_instances', value: 1024 } + lxc_container_caches: + - url: "https://rpc-repo.rackspace.com/container_images/rpc-trusty-container.tgz" + name: "trusty.tgz" + sha256sum: "56c6a6e132ea7d10be2f3e8104f47136ccf408b30e362133f0dc4a0a9adb4d0c" + chroot_path: trusty/rootfs-amd64 + - role: "py_from_git" + git_repo: "https://github.com/lxc/python2-lxc" + git_dest: "/opt/lxc_python2" + git_install_branch: "master" + post_tasks: + # THIS TASK IS ONLY BEING DONE BECAUSE THE TOX SHARED LXC LIB IS NOT USABLE ON A + # HOST MACHINE THAT MAY NOT HAVE ACCESS TO THE VENV. + - name: Ensure the lxc lib is on the host + command: /usr/local/bin/pip install /opt/lxc_python2 + # Inventory is being pre-loaded using a post tasks instead of through a dynamic + # inventory system. While this is not a usual method for deployment it's being + # done for functional testing. + - name: Create container hosts + add_host: + groups: "all,all_containers,rabbitmq_all" + hostname: "{{ item.name }}" + inventory_hostname: "{{ item.name }}" + ansible_ssh_host: "{{ item.address }}" + ansible_become: true + properties: + service_name: "{{ item.service }}" + container_networks: + management_address: + address: "{{ item.address }}" + bridge: "lxcbr0" + interface: "eth1" + netmask: "255.255.252.0" + type: "veth" + physical_host: localhost + container_name: "{{ item.name }}" + with_items: + - { name: "container1", service: "service1", address: "10.100.100.101" } + - { name: "container2", service: "service2", address: "10.100.100.102" } + - { name: "container3", service: "service3", address: "10.100.100.103" } diff --git a/tests/test-upgrade.yml b/tests/test-upgrade.yml new file mode 100644 index 00000000..7b85fb3a --- /dev/null +++ b/tests/test-upgrade.yml @@ -0,0 +1,44 @@ +--- +# Copyright 2015, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Run container clean up and build +- include: test-container-create.yml + +# Deploy the environment +- name: Install previous rabbitmq version + hosts: rabbitmq_all + user: root + gather_facts: true + vars: + rabbitmq_package_url: "https://www.rabbitmq.com/releases/rabbitmq-server/v3.5.7/rabbitmq-server_3.5.7-1_all.deb" + rabbitmq_package_version: "{{ rabbitmq_package_url.split('/')[-1].split('_')[1] }}" + rabbitmq_package_sha256: "b8a42321c2f2689dc579911fbb583bd9c4d2ce2f20003d7050d5a324a6d2de42" + roles: + - role: "{{ rolename | basename }}" + rabbitmq_cookie_token: secrete + post_tasks: + - include: test-functional.yml + +# Upgrade the environment +- name: Upgrade to current role default rabbitmq version + hosts: rabbitmq_all + user: root + gather_facts: true + roles: + - role: "{{ rolename | basename }}" + rabbitmq_cookie_token: secrete + rabbitmq_upgrade: true + post_tasks: + - include: test-functional.yml diff --git a/tests/test.yml b/tests/test.yml index 8d094942..ba9d1f04 100644 --- a/tests/test.yml +++ b/tests/test.yml @@ -13,101 +13,14 @@ # See the License for the specific language governing permissions and # limitations under the License. -- name: Playbook for pre-role testing 1of3 - hosts: 127.0.0.1 - connection: local - become: false - pre_tasks: - - name: Create ssh key pair for root - user: - name: "{{ ansible_ssh_user }}" - generate_ssh_key: "yes" - ssh_key_bits: 2048 - ssh_key_file: ".ssh/id_rsa" - - name: get the calling users key - command: cat ~/.ssh/id_rsa.pub - register: key_get - - set_fact: - lxc_container_ssh_key: "{{ key_get.stdout }}" +# Run basic prep +- include: test-prep.yml -- name: Playbook for pre-role testing 2of3 - hosts: localhost - connection: local - pre_tasks: - - name: Ensure root's new public ssh key is in authorized_keys - authorized_key: - user: root - key: "{{ hostvars['127.0.0.1']['lxc_container_ssh_key'] }}" - manage_dir: no - - set_fact: - lxc_container_ssh_key: "{{ hostvars['127.0.0.1']['lxc_container_ssh_key'] }}" - roles: - - role: "lxc_hosts" - lxc_net_address: 10.100.100.1 - lxc_net_dhcp_range: 10.100.100.2,10.100.100.253 - lxc_net_bridge: lxcbr0 - lxc_kernel_options: - - { key: 'fs.inotify.max_user_instances', value: 1024 } - lxc_container_caches: - - url: "https://rpc-repo.rackspace.com/container_images/rpc-trusty-container.tgz" - name: "trusty.tgz" - sha256sum: "56c6a6e132ea7d10be2f3e8104f47136ccf408b30e362133f0dc4a0a9adb4d0c" - chroot_path: trusty/rootfs-amd64 - - role: "py_from_git" - git_repo: "https://github.com/lxc/python2-lxc" - git_dest: "/opt/lxc_python2" - git_install_branch: "master" - post_tasks: - # THIS TASK IS ONLY BEING DONE BECAUSE THE TOX SHARED LXC LIB IS NOT USABLE ON A - # HOST MACHINE THAT MAY NOT HAVE ACCESS TO THE VENV. - - name: Ensure the lxc lib is on the host - command: /usr/local/bin/pip install /opt/lxc_python2 - # Inventory is being pre-loaded using a post tasks instead of through a dynamic - # inventory system. While this is not a usual method for deployment it's being - # done for functional testing. - - name: Create container hosts - add_host: - groups: "all,all_containers,rabbitmq_all" - hostname: "{{ item.name }}" - inventory_hostname: "{{ item.name }}" - ansible_ssh_host: "{{ item.address }}" - ansible_become: true - properties: - service_name: "{{ item.service }}" - container_networks: - management_address: - address: "{{ item.address }}" - bridge: "lxcbr0" - interface: "eth1" - netmask: "255.255.252.0" - type: "veth" - physical_host: localhost - container_name: "{{ item.name }}" - with_items: - - { name: "container1", service: "service1", address: "10.100.100.101" } - - { name: "container2", service: "service2", address: "10.100.100.102" } - - { name: "container3", service: "service3", address: "10.100.100.103" } +# Run container clean up and build +- include: test-container-create.yml -- name: Playbook for pre-role testing 3of3 - hosts: all_containers - connection: local - gather_facts: false - roles: - - role: "lxc_container_create" - lxc_container_release: trusty - lxc_container_backing_store: dir - global_environment_variables: - PATH: "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" - post_tasks: - - name: Wait for ssh to be available - local_action: - module: wait_for - port: "{{ ansible_ssh_port | default('22') }}" - host: "{{ ansible_ssh_host | default(inventory_hostname) }}" - search_regex: OpenSSH - delay: 1 - -- name: Playbook for role testing +# Deploy the environment +- name: Install role default rabbitmq version hosts: rabbitmq_all user: root gather_facts: true @@ -115,45 +28,7 @@ - role: "{{ rolename | basename }}" rabbitmq_cookie_token: secrete post_tasks: - - name: Check rabbitmq is running - command: "pgrep rabbit" - delegate_to: "{{ item }}" - when: ansible_ssh_host == item - with_items: - - 10.100.100.101 - - 10.100.100.102 - - 10.100.100.103 - - name: Open rabbitmq.config - slurp: - src: "/etc/rabbitmq/rabbitmq.config" - register: rabbitmq_config - - name: Open enabled_plugins - slurp: - src: "/etc/rabbitmq/enabled_plugins" - register: enabled_plugins - - name: Read rabbitmq_ssl_cert - stat: - path: "{{ rabbitmq_ssl_cert }}" - register: rabbitmq_ssl_cert - - name: Read rabbitmq_ssl_key - stat: - path: "{{ rabbitmq_ssl_key }}" - register: rabbitmq_ssl_key - - name: Read rabbit files - set_fact: - enabled_plugins_contents: "{{ enabled_plugins.content | b64decode }}" - rabbitmq_config_contents: "{{ rabbitmq_config.content | b64decode }}" - rabbitmq_ssl_cert_checksum: "{{ rabbitmq_ssl_cert.stat.checksum }}" - rabbitmq_ssl_key_checksum: "{{ rabbitmq_ssl_key.stat.checksum }}" - - name: Check files contents - assert: - that: - - "'rabbitmq_management' in enabled_plugins_contents" - - "'rabbit@10.100.100.101' in rabbitmq_config_contents" - - "'rabbit@10.100.100.102' in rabbitmq_config_contents" - - "'rabbit@10.100.100.103' in rabbitmq_config_contents" - - name: Ensure SSL cert/key checksums are identical across cluster - assert: - that: - - hostvars['container1']['rabbitmq_ssl_cert_checksum'] == hostvars['container2']['rabbitmq_ssl_cert_checksum'] == hostvars['container3']['rabbitmq_ssl_cert_checksum'] - - hostvars['container1']['rabbitmq_ssl_key_checksum'] == hostvars['container2']['rabbitmq_ssl_key_checksum'] == hostvars['container3']['rabbitmq_ssl_key_checksum'] + - include: test-functional.yml + +# Perform upgrade testing +- include: test-upgrade.yml