From 1436c248137e39ff948825df63465d1665b308fd Mon Sep 17 00:00:00 2001 From: Paul Belanger Date: Tue, 23 Feb 2021 12:05:06 -0500 Subject: [PATCH] Remove ansible-lint support We can use yamllint to help validate yaml syntax. Change-Id: Ic5b467a1ae7a4a138cace1eff44b438e7b567c41 Signed-off-by: Paul Belanger --- .yamllint | 14 +++++ .zuul.yaml | 1 + bindep.txt | 2 + defaults/main.yaml | 23 +++++++- meta/main.yml | 16 +++--- tasks/config.yaml | 30 ++++++++++ tasks/install/pip.yaml | 2 +- .../etc/systemd/system/zuul-executor.service | 2 +- .../etc/systemd/system/zuul-fingergw.service | 2 +- .../etc/systemd/system/zuul-merger.service | 2 +- .../etc/systemd/system/zuul-scheduler.service | 2 +- templates/etc/systemd/system/zuul-web.service | 2 +- templates/etc/zuul/main.yaml | 1 + templates/etc/zuul/ssl/zookeeper-cacert.pem | 4 ++ templates/etc/zuul/ssl/zookeeper-client.key | 4 ++ templates/etc/zuul/ssl/zookeeper-client.pem | 4 ++ templates/etc/zuul/zuul.conf | 6 ++ test-requirements.txt | 2 +- tests/collect-logs.yaml | 3 +- tests/playbooks/pre.yaml | 6 +- tests/playbooks/run.yaml | 55 +++++++++++++++++-- tools/test-setup.sh | 41 ++++++++++++++ tox.ini | 4 +- 23 files changed, 202 insertions(+), 26 deletions(-) create mode 100644 .yamllint create mode 100644 templates/etc/zuul/ssl/zookeeper-cacert.pem create mode 100644 templates/etc/zuul/ssl/zookeeper-client.key create mode 100644 templates/etc/zuul/ssl/zookeeper-client.pem create mode 100755 tools/test-setup.sh diff --git a/.yamllint b/.yamllint new file mode 100644 index 0000000..6f0d12b --- /dev/null +++ b/.yamllint @@ -0,0 +1,14 @@ +--- +extends: default + +ignore: | + .tox + +rules: + braces: + max-spaces-inside: 1 + level: error + brackets: + max-spaces-inside: 1 + level: error + line-length: disable diff --git a/.zuul.yaml b/.zuul.yaml index 9d5156a..312b2de 100644 --- a/.zuul.yaml +++ b/.zuul.yaml @@ -1,3 +1,4 @@ +--- - job: name: ansible-role-zuul-base parent: unittests diff --git a/bindep.txt b/bindep.txt index 1d1b05b..6c552ea 100644 --- a/bindep.txt +++ b/bindep.txt @@ -5,6 +5,8 @@ git libffi-dev [platform:dpkg] libffi-devel [platform:rpm] libssl-dev [platform:dpkg] +mysql-client [test] +mysql-server [test] openssl-devel [platform:rpm] python3-dnf [platform:fedora] python3-libselinux [platform:rpm] diff --git a/defaults/main.yaml b/defaults/main.yaml index 68b1321..91c1061 100644 --- a/defaults/main.yaml +++ b/defaults/main.yaml @@ -60,6 +60,27 @@ zuul_file_gearman_ssl_key_mode: 0600 zuul_file_gearman_ssl_key_owner: "{{ zuul_user_name }}" zuul_file_gearman_ssl_key_src: etc/zuul/ssl/client.key +zuul_file_zookeeper_tls_cacert_content: +zuul_file_zookeeper_tls_cacert_dest: /etc/zuul/ssl/zookeeper-cacert.pem +zuul_file_zookeeper_tls_cacert_group: "{{ zuul_user_group }}" +zuul_file_zookeeper_tls_cacert_mode: 0644 +zuul_file_zookeeper_tls_cacert_owner: "{{ zuul_user_name }}" +zuul_file_zookeeper_tls_cacert_src: etc/zuul/ssl/zookeeper-cacert.pem + +zuul_file_zookeeper_tls_cert_content: +zuul_file_zookeeper_tls_cert_dest: /etc/zuul/ssl/zookeeper-client.pem +zuul_file_zookeeper_tls_cert_group: "{{ zuul_user_group }}" +zuul_file_zookeeper_tls_cert_mode: 0644 +zuul_file_zookeeper_tls_cert_owner: "{{ zuul_user_name }}" +zuul_file_zookeeper_tls_cert_src: etc/zuul/ssl/zookeeper-client.pem + +zuul_file_zookeeper_tls_key_content: +zuul_file_zookeeper_tls_key_dest: /etc/zuul/ssl/zookeeper-client.key +zuul_file_zookeeper_tls_key_group: "{{ zuul_user_group }}" +zuul_file_zookeeper_tls_key_mode: 0600 +zuul_file_zookeeper_tls_key_owner: "{{ zuul_user_name }}" +zuul_file_zookeeper_tls_key_src: etc/zuul/ssl/zookeeper-client.key + zuul_file_executor_logging_conf_dest: /etc/zuul/executor-logging.conf zuul_file_executor_logging_conf_group: "{{ zuul_user_group }}" zuul_file_executor_logging_conf_manage: true @@ -109,7 +130,7 @@ zuul_git_version: master zuul_install_method: pip -zuul_pip_name: zuul +zuul_pip_name: zuul[mysql_reporter] # zuul_pip_executable: # zuul_pip_editable: # zuul_pip_extra_args: diff --git a/meta/main.yml b/meta/main.yml index 37607b5..73a6899 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -13,7 +13,7 @@ # under the License. --- galaxy_info: - author: Paul Belanger + author: pabelanger description: | Zuul is a program that is used to gate the source code repository of a project so that changes are only merged if they pass tests. @@ -21,13 +21,13 @@ galaxy_info: license: Apache min_ansible_version: 2.4 platforms: - - name: Fedora - versions: + - name: Fedora + versions: - 27 - - name: Ubuntu - versions: - - 16.04 - - 18.04 + - name: Ubuntu + versions: + - 16.04 + - 18.04 categories: - - system + - system dependencies: [] diff --git a/tasks/config.yaml b/tasks/config.yaml index d0e92e1..571cc6d 100644 --- a/tasks/config.yaml +++ b/tasks/config.yaml @@ -111,6 +111,36 @@ src: "{{ zuul_file_gearman_ssl_key_src }}" register: zuul_file_gearman_ssl_key +- name: Install zuul zookeeper tls cacert configuration + become: true + template: + dest: "{{ zuul_file_zookeeper_tls_cacert_dest }}" + group: "{{ zuul_file_zookeeper_tls_cacert_group }}" + mode: "{{ zuul_file_zookeeper_tls_cacert_mode }}" + owner: "{{ zuul_file_zookeeper_tls_cacert_owner }}" + src: "{{ zuul_file_zookeeper_tls_cacert_src }}" + register: zuul_file_zookeeper_tls_cacert + +- name: Install zuul zookeeper tls cert configuration + become: true + template: + dest: "{{ zuul_file_zookeeper_tls_cert_dest }}" + group: "{{ zuul_file_zookeeper_tls_cert_group }}" + mode: "{{ zuul_file_zookeeper_tls_cert_mode }}" + owner: "{{ zuul_file_zookeeper_tls_cert_owner }}" + src: "{{ zuul_file_zookeeper_tls_cert_src }}" + register: zuul_file_zookeeper_tls_cert + +- name: Install zuul zookeeper tls key configuration + become: true + template: + dest: "{{ zuul_file_zookeeper_tls_key_dest }}" + group: "{{ zuul_file_zookeeper_tls_key_group }}" + mode: "{{ zuul_file_zookeeper_tls_key_mode }}" + owner: "{{ zuul_file_zookeeper_tls_key_owner }}" + src: "{{ zuul_file_zookeeper_tls_key_src }}" + register: zuul_file_zookeeper_tls_key + - name: Install web logging file become: true template: diff --git a/tasks/install/pip.yaml b/tasks/install/pip.yaml index fa16bf9..1acff6c 100644 --- a/tasks/install/pip.yaml +++ b/tasks/install/pip.yaml @@ -16,7 +16,7 @@ become: true pip: executable: "{{ zuul_pip_executable|default(omit) }}" - editable : "{{ zuul_pip_editable|default(omit) }}" + editable: "{{ zuul_pip_editable|default(omit) }}" extra_args: "{{ zuul_pip_extra_args|default(omit) }}" name: "{{ zuul_pip_name }}" version: "{{ zuul_pip_version|default(omit) }}" diff --git a/templates/etc/systemd/system/zuul-executor.service b/templates/etc/systemd/system/zuul-executor.service index afc9450..228c0ce 100644 --- a/templates/etc/systemd/system/zuul-executor.service +++ b/templates/etc/systemd/system/zuul-executor.service @@ -6,7 +6,7 @@ After=syslog.target network.target Type=simple Group=zuul User=zuul -ExecStart={{ zuul_pip_virtualenv | default('/usr/local') }}/bin/zuul-executor -d +ExecStart={{ zuul_pip_virtualenv | default('/usr/local') }}/bin/zuul-executor -d -f ExecStop={{ zuul_pip_virtualenv | default('/usr/local') }}/bin/zuul-executor stop [Install] diff --git a/templates/etc/systemd/system/zuul-fingergw.service b/templates/etc/systemd/system/zuul-fingergw.service index 815860f..e75925c 100644 --- a/templates/etc/systemd/system/zuul-fingergw.service +++ b/templates/etc/systemd/system/zuul-fingergw.service @@ -6,7 +6,7 @@ After=syslog.target network.target Type=simple Group=root User=root -ExecStart={{ zuul_pip_virtualenv | default('/usr/local') }}/bin/zuul-fingergw -d +ExecStart={{ zuul_pip_virtualenv | default('/usr/local') }}/bin/zuul-fingergw -d -f ExecStop={{ zuul_pip_virtualenv | default('/usr/local') }}/bin/zuul-fingergw stop [Install] diff --git a/templates/etc/systemd/system/zuul-merger.service b/templates/etc/systemd/system/zuul-merger.service index 874b7fa..fdf6f1d 100644 --- a/templates/etc/systemd/system/zuul-merger.service +++ b/templates/etc/systemd/system/zuul-merger.service @@ -6,7 +6,7 @@ After=syslog.target network.target Type=simple Group=zuul User=zuul -ExecStart={{ zuul_pip_virtualenv | default('/usr/local') }}/bin/zuul-merger -d +ExecStart={{ zuul_pip_virtualenv | default('/usr/local') }}/bin/zuul-merger -d -f ExecStop={{ zuul_pip_virtualenv | default('/usr/local') }}/bin/zuul-merger stop [Install] diff --git a/templates/etc/systemd/system/zuul-scheduler.service b/templates/etc/systemd/system/zuul-scheduler.service index 763078a..d6ffd08 100644 --- a/templates/etc/systemd/system/zuul-scheduler.service +++ b/templates/etc/systemd/system/zuul-scheduler.service @@ -6,7 +6,7 @@ After=syslog.target network.target Type=simple Group=zuul User=zuul -ExecStart={{ zuul_pip_virtualenv | default('/usr/local') }}/bin/zuul-scheduler -d +ExecStart={{ zuul_pip_virtualenv | default('/usr/local') }}/bin/zuul-scheduler -d -f ExecStop={{ zuul_pip_virtualenv | default('/usr/local') }}/bin/zuul-scheduler stop ExecReload=/bin/kill -HUP $MAINPID diff --git a/templates/etc/systemd/system/zuul-web.service b/templates/etc/systemd/system/zuul-web.service index 40f65d4..aee4c77 100644 --- a/templates/etc/systemd/system/zuul-web.service +++ b/templates/etc/systemd/system/zuul-web.service @@ -6,7 +6,7 @@ After=syslog.target network.target Type=simple Group=zuul User=zuul -ExecStart={{ zuul_pip_virtualenv | default('/usr/local') }}/bin/zuul-web -d +ExecStart={{ zuul_pip_virtualenv | default('/usr/local') }}/bin/zuul-web -d -f [Install] WantedBy=multi-user.target diff --git a/templates/etc/zuul/main.yaml b/templates/etc/zuul/main.yaml index a45f792..dfa1354 100644 --- a/templates/etc/zuul/main.yaml +++ b/templates/etc/zuul/main.yaml @@ -1,5 +1,6 @@ # This file is generated by Ansible # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN # +--- - tenant: name: example diff --git a/templates/etc/zuul/ssl/zookeeper-cacert.pem b/templates/etc/zuul/ssl/zookeeper-cacert.pem new file mode 100644 index 0000000..38b31c4 --- /dev/null +++ b/templates/etc/zuul/ssl/zookeeper-cacert.pem @@ -0,0 +1,4 @@ +# This file is generated by Ansible +# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN +# +{{ zuul_file_zookeeper_tls_cacert_content }} diff --git a/templates/etc/zuul/ssl/zookeeper-client.key b/templates/etc/zuul/ssl/zookeeper-client.key new file mode 100644 index 0000000..01ec7e3 --- /dev/null +++ b/templates/etc/zuul/ssl/zookeeper-client.key @@ -0,0 +1,4 @@ +# This file is generated by Ansible +# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN +# +{{ zuul_file_zookeeper_tls_key_content }} diff --git a/templates/etc/zuul/ssl/zookeeper-client.pem b/templates/etc/zuul/ssl/zookeeper-client.pem new file mode 100644 index 0000000..d4be926 --- /dev/null +++ b/templates/etc/zuul/ssl/zookeeper-client.pem @@ -0,0 +1,4 @@ +# This file is generated by Ansible +# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN +# +{{ zuul_file_zookeeper_tls_cert_content }} diff --git a/templates/etc/zuul/zuul.conf b/templates/etc/zuul/zuul.conf index bef1b40..607328c 100644 --- a/templates/etc/zuul/zuul.conf +++ b/templates/etc/zuul/zuul.conf @@ -5,8 +5,14 @@ port = 4730 server = 127.0.0.1 +[database] +dburi=mysql+pymysql://zuul:secret@localhost/zuul + [zookeeper] hosts = localhost:2181 +tls_ca = /etc/zuul/ssl/zookeeper-cacert.pem +tls_cert = /etc/zuul/ssl/zookeeper-client.pem +tls_key = /etc/zuul/ssl/zookeeper-client.key [gearman_server] listen_address = 127.0.0.1 diff --git a/test-requirements.txt b/test-requirements.txt index 4c4414f..1a77d5a 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -1,2 +1,2 @@ -ansible-lint hacking<0.11,>=0.10 +yamllint diff --git a/tests/collect-logs.yaml b/tests/collect-logs.yaml index da32bd0..1aa20d6 100644 --- a/tests/collect-logs.yaml +++ b/tests/collect-logs.yaml @@ -1,3 +1,4 @@ +--- - hosts: all tasks: - name: Setup logs directory fact @@ -22,7 +23,7 @@ - zuul-web - name: Prepare zuul log files - become: yes + become: true synchronize: dest: "{{ zuul_output_dir }}/logs/logs" rsync_opts: diff --git a/tests/playbooks/pre.yaml b/tests/playbooks/pre.yaml index 0dce620..392a71b 100644 --- a/tests/playbooks/pre.yaml +++ b/tests/playbooks/pre.yaml @@ -21,8 +21,12 @@ name: ensure-output-dirs - name: Disable extra wheels mirror - become: yes + become: true lineinfile: dest: /etc/pip.conf regexp: ^extra-index-url state: absent + + - name: Use the latest version of pip + become: true + shell: python3 -m pip install -U pip diff --git a/tests/playbooks/run.yaml b/tests/playbooks/run.yaml index ad93c64..084176d 100644 --- a/tests/playbooks/run.yaml +++ b/tests/playbooks/run.yaml @@ -34,6 +34,9 @@ - zuul_file_gearman_ssl_ca - zuul_file_gearman_ssl_cert - zuul_file_gearman_ssl_key + - zuul_file_zookeeper_tls_cacert + - zuul_file_zookeeper_tls_cert + - zuul_file_zookeeper_tls_key - zuul_file_executor_logging_conf - zuul_file_fingergw_logging_conf - zuul_file_main_yaml @@ -168,6 +171,48 @@ - _zuul_file_gearman_ssl_key_stat.stat.gr_name == 'zuul-test' - _zuul_file_gearman_ssl_key_stat.stat.mode == '0600' + - name: Register /etc/zuul/ssl/zookeeper-cacert.pem + stat: + path: /etc/zuul/ssl/zookeeper-cacert.pem + register: _zuul_file_zookeeper_tls_cacert_stat + + - name: Assert _zuul_file_zookeeper_tls_cacert_stat tests. + assert: + that: + - _zuul_file_zookeeper_tls_cacert_stat.stat.exists + - _zuul_file_zookeeper_tls_cacert_stat.stat.isreg + - _zuul_file_zookeeper_tls_cacert_stat.stat.pw_name == 'zuul-test' + - _zuul_file_zookeeper_tls_cacert_stat.stat.gr_name == 'zuul-test' + - _zuul_file_zookeeper_tls_cacert_stat.stat.mode == '0644' + + - name: Register /etc/zuul/ssl/zookeeper-client.pem + stat: + path: /etc/zuul/ssl/zookeeper-client.pem + register: _zuul_file_zookeeper_tls_cert_stat + + - name: Assert _zuul_file_zookeeper_tls_cert_stat tests. + assert: + that: + - _zuul_file_zookeeper_tls_cert_stat.stat.exists + - _zuul_file_zookeeper_tls_cert_stat.stat.isreg + - _zuul_file_zookeeper_tls_cert_stat.stat.pw_name == 'zuul-test' + - _zuul_file_zookeeper_tls_cert_stat.stat.gr_name == 'zuul-test' + - _zuul_file_zookeeper_tls_cert_stat.stat.mode == '0644' + + - name: Register /etc/zuul/ssl/zookeeper-client.key + stat: + path: /etc/zuul/ssl/zookeeper-client.key + register: _zuul_file_zookeeper_tls_key_stat + + - name: Assert _zuul_file_zookeeper_tls_key_stat tests. + assert: + that: + - _zuul_file_zookeeper_tls_key_stat.stat.exists + - _zuul_file_zookeeper_tls_key_stat.stat.isreg + - _zuul_file_zookeeper_tls_key_stat.stat.pw_name == 'zuul-test' + - _zuul_file_zookeeper_tls_key_stat.stat.gr_name == 'zuul-test' + - _zuul_file_zookeeper_tls_key_stat.stat.mode == '0600' + - name: Register /etc/systemd/system/zuul-executor.service.d/override.conf stat: path: /etc/systemd/system/zuul-executor.service.d/override.conf @@ -309,26 +354,26 @@ - _zuul_web_service_systemd_stat.stat.mode == '0644' - name: Ensure zuul-executor is running. - become: yes + become: true shell: /usr/sbin/service zuul-executor status tags: skip_ansible_lint - name: Ensure zuul-fingergw is running. - become: yes + become: true shell: /usr/sbin/service zuul-fingergw status tags: skip_ansible_lint - name: Ensure zuul-merger is running. - become: yes + become: true shell: /usr/sbin/service zuul-merger status tags: skip_ansible_lint - name: Ensure zuul-scheduler is running. - become: yes + become: true shell: /usr/sbin/service zuul-scheduler status tags: skip_ansible_lint - name: Ensure zuul-web is running. - become: yes + become: true shell: /usr/sbin/service zuul-web status tags: skip_ansible_lint diff --git a/tools/test-setup.sh b/tools/test-setup.sh new file mode 100755 index 0000000..5f61b30 --- /dev/null +++ b/tools/test-setup.sh @@ -0,0 +1,41 @@ +#!/bin/bash -ex +# Copyright 2018 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# The root password for the MySQL database; pass it in via +# MYSQL_ROOT_PW. +DB_ROOT_PW=${MYSQL_ROOT_PW:-insecure_worker} + +# This user and its password are used by the tests, if you change it, +# your tests might fail. +DB_USER=zuul +DB_PW=secret + +sudo -H mysqladmin -u root password $DB_ROOT_PW + +# It's best practice to remove anonymous users from the database. If +# a anonymous user exists, then it matches first for connections and +# other connections from that host will not work. +sudo -H mysql -u root -p$DB_ROOT_PW -h localhost -e " + DELETE FROM mysql.user WHERE User=''; + FLUSH PRIVILEGES; + CREATE USER '$DB_USER'@'%' IDENTIFIED BY '$DB_PW'; + GRANT ALL PRIVILEGES ON *.* TO '$DB_USER'@'%' WITH GRANT OPTION;" + +# Now create our database. +mysql -u $DB_USER -p$DB_PW -h 127.0.0.1 -e " + SET default_storage_engine=MYISAM; + DROP DATABASE IF EXISTS openstack_citest; + CREATE DATABASE openstack_citest CHARACTER SET utf8;" diff --git a/tox.ini b/tox.ini index 5f70fca..50d82a6 100644 --- a/tox.ini +++ b/tox.ini @@ -35,10 +35,8 @@ whitelist_externals = bash commands = # PEP8 Lint Check flake8 - # Ansible Lint Check - bash -c "find . -not -path '*/\.*' -type f -regex '.*.y[a]?ml' -print0 | \ - xargs -t -n1 -0 ansible-lint -x 106,306" # Ansible Syntax Check bash -c "find tests -type f -regex '.*.y[a]?ml' -print | xargs -t -n1 \ ansible-playbook --syntax-check -i tests/inventory \ -e rolename=$(basename $(pwd)) > /dev/null" + yamllint -s .