forked from projectatomic/atomic-host-tests
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmain.yml
474 lines (365 loc) · 12.7 KB
/
main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
---
# vim: set ft=ansible:
#
# !!!NOTE!!! This playbook was tested using Ansible 2.2; it is recommended
# that the same version is used.
#
# This playbook is actually multiple playbooks contained in a single file.
# I had to take this approach, because I encountered difficulties re-using
# the same roles with non-unique variables. Sometimes the roles would be
# executed with the use of the 'always' tag, sometimes not.
#
# The wrinkle in this approach is that sharing global variables across the
# multiple playbooks requires the use of a file containing the variables
# which is included in each playbook with the 'vars_files' directive.
#
# Core Functionality
# - Verify rpms package can be layered through rpm-ostree install
# - Verify multiple rpm packages can be layered through rpm-ostree install
# - Verify rpm packages can be removed through rpm-ostree uninstall
# - Verify multiple rpm packages can be removed through rpm-ostree uninstall
# - Verify rpm-ostree status output displays "Package: <pkg1> <pkg2>.." when packages are layered
# - Verify the -r / --reboot flag reboots the host after rpm-ostree install or rpm-ostree uninstall
# - Verify the -n / --dry-run flag does not perform the package add/remove function and displays a summary of packages to be installed
# - Verify a dry-run of rpm-ostree install|uninstall does not affect an existing package that has been layered, but not rebooted.
# - Verify that after additional repos are enabled (i.e. EPEL), rpm-ostree install|uninstall can be successfully used for packages in those repos.
#
# Negative Testing
# - Verify correct error is displayed removing a package that does not exist
# - Verify correct error is displayed when adding a package that does not exists in the repo
# - Verify correct error message is displayed when adding a package that is already in the deployment
# - Verify packages which have files with non-root ownership cannot be installed
# - Verify that install/uninstall operations cannot be performed by unprivileged users
#
- name: Package Layering Tests - Setup
hosts: all
become: yes
tags:
- setup
vars_files:
- vars.yml
pre_tasks:
- name: Verify all
fail:
msg: "Required variables are not defined. Check vars.yml file."
when: g_pkg1 is undefined or
g_pkg2 is undefined or
g_invalid_pkg is undefined or
g_nonroot_pkg is undefined or
g_deployed_pkg is undefined or
g_epel_pkg is undefined
roles:
# This playbook requires Ansible 2.2 and an Atomic Host
- role: ansible_version_check
avc_major: "2"
avc_minor: "2"
tags:
- ansible_version_check
# Subscribe if the system is RHEL
- role: redhat_subscription
when: ansible_distribution == 'RedHat'
tags:
- redhat_subscription
- name: Package Layering - Single package install and uninstall test
hosts: all
become: yes
tags:
- single_pkg_install_uninstall
vars_files:
- vars.yml
roles:
- role: rpm_ostree_install
roi_packages: "{{ g_pkg1 }}"
roi_reboot: false
- role: reboot
- role: rpm_ostree_install_verify
roiv_package_name: "{{ g_pkg1 }}"
roiv_binary_name: "{{ g_pkg1 }}"
- role: rpm_ostree_uninstall
rou_packages: "{{ g_pkg1 }}"
rou_reboot: false
- role: reboot
tags:
- reboot
- role: rpm_ostree_uninstall_verify
rouv_package_name: "{{ g_pkg1 }}"
rouv_binary_name: "{{ g_pkg1 }}"
- name: Package Layering - Multiple package install and uninstall test
hosts: all
become: yes
tags:
- multi_pkg_install_uninstall
vars_files:
- vars.yml
roles:
- role: rpm_ostree_install
roi_packages: "{{ g_pkg1 }} {{ g_pkg2 }}"
roi_reboot: false
- role: reboot
- role: rpm_ostree_install_verify
roiv_package_name: "{{ g_pkg1 }}"
roiv_binary_name: "{{ g_pkg1 }}"
- role: rpm_ostree_install_verify
roiv_package_name: "{{ g_pkg2 }}"
roiv_binary_name: "{{ g_pkg2 }}"
- role: rpm_ostree_uninstall
rou_packages: "{{ g_pkg1 }} {{ g_pkg2 }}"
rou_reboot: false
- role: reboot
tags:
- reboot
- role: rpm_ostree_uninstall_verify
rouv_package_name: "{{ g_pkg1 }}"
rouv_binary_name: "{{ g_pkg1 }}"
- role: rpm_ostree_uninstall_verify
rouv_package_name: "{{ g_pkg2 }}"
rouv_binary_name: "{{ g_pkg2 }}"
- name: Package Layering - Reboot flag test
hosts: all
become: yes
tags:
- reboot_flag
vars_files:
- vars.yml
roles:
- role: rpm_ostree_install
roi_packages: "{{ g_pkg1 }}"
roi_reboot: true
- role: rpm_ostree_install_verify
roiv_package_name: "{{ g_pkg1 }}"
roiv_binary_name: "{{ g_pkg1 }}"
- role: rpm_ostree_uninstall
rou_packages: "{{ g_pkg1 }}"
rou_reboot: true
- role: rpm_ostree_uninstall_verify
rouv_package_name: "{{ g_pkg1 }}"
rouv_binary_name: "{{ g_pkg1 }}"
- name: Package Layering - Dry run tests
hosts: all
become: yes
tags:
- dry_run
vars_files:
- vars.yml
tasks:
- name: Attempt to install package with -n / --dry-run option
command: rpm-ostree install "{{ g_pkg1 }}" -n
register: dry
- name: Fail if Exiting because of is not in output
fail:
msg: "Dry run output does not contain 'Exiting because'"
when: "'Exiting because' not in dry.stdout"
- include: verify_package_not_deployed.yml
vars:
package: "{{ g_pkg1 }}"
- name: Package Layering - Dry run does not affect installed packages tests
hosts: all
become: yes
tags:
- dry_run_interaction
vars_files:
- vars.yml
tasks:
- name: Test Install {{ g_pkg1 }} and do not reboot
command: rpm-ostree install {{ g_pkg1 }}
register: roi_pkg1
retries: 5
delay: 60
until: roi_pkg1|success
- name: Dry run install {{ g_pkg2 }}
command: rpm-ostree install {{ g_pkg2 }} --dry-run
register: dryrun
- name: Fail if Exiting because of is not in output
fail:
msg: "Dry run output does not contain 'Exiting because'"
when: "'Exiting because' not in dryrun.stdout"
- name: Get rpm-ostree status --json output
command: rpm-ostree status --json
register: installed
- name: Convert rpm-ostree status output to jinja2 json
set_fact:
pending_json: "{{ installed.stdout | from_json }}"
- name: Set packages when deployment 0 is not booted
set_fact:
pending_pkgs: "{{ pending_json['deployments'][0]['packages'] }}"
when: pending_json['deployments'][0] is defined and not pending_json['deployments'][0]['booted']
- name: Set packages when deployment 1 is not booted
set_fact:
pending_pkgs: "{{ pending_json['deployments'][1]['packages'] }}"
when: pending_json['deployments'][1] is defined and not pending_json['deployments'][1]['booted']
- name: Fail if {{ g_pkg2 }} is in rpm-ostree status output for pending packages
fail:
msg: "{{ g_pkg2 }} in rpm-ostree status output"
when: g_pkg2 in pending_pkgs
- name: Fail if {{ g_pkg1 }} is not in rpm-ostree status output for pending packages
fail:
msg: "{{ g_pkg1 }} not in rpm-ostree status output"
when: g_pkg1 not in pending_pkgs
- name: Fail if {{ g_pkg1 }} is installed
command: command -v {{ g_pkg1 }}
register: binary
failed_when: binary.rc != 1
- name: Package Layering - install package from EPEL repo test
hosts: all
become: yes
tags:
- alternate_repo_install
vars_files:
- vars.yml
tasks:
- name: Copy GPG Key to Host
copy:
src=RPM-GPG-KEY-EPEL-7
dest=/etc/pki/rpm-gpg/
- name: Add EPEL repo
yum_repository:
name: epel
description: Extra Packages for Enterprise Linux 7 - $basearch
mirrorlist: https://mirrors.fedoraproject.org/metalink?repo=epel-7&arch=$basearch
failovermethod: priority
gpgcheck: yes
enabled: yes
gpgkey: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
- name: Install {{ g_epel_pkg }} from EPEL
command: rpm-ostree install {{ g_epel_pkg }}
register: roi_epel
retries: 5
delay: 60
until: roi_epel|success
- include: ../../common/ans_reboot.yml
- include: verify_package_deployed.yml
vars:
package: "{{ g_epel_pkg }}"
- name: Package Layering - Negative test - Uninstalling non-existent package
hosts: all
become: yes
tags:
- uninstall_invalid_pkg
vars_files:
- vars.yml
tasks:
- name: Attempt to uninstall non-existent package
command: rpm-ostree uninstall {{ g_invalid_pkg }}
register: uninstall
failed_when: uninstall.rc != 1
- name: Fail if error not expected
fail:
msg: "Command error not expected"
when: "'\\'{{ g_invalid_pkg }}\\' is not currently requested' not in uninstall.stderr"
- name: Package Layering - Negative Test - Installing non-existent package
hosts: all
become: yes
tags:
- install_invalid_pkg
vars_files:
- vars.yml
tasks:
- name: Attempt to install non-existent package
command: rpm-ostree install {{ g_invalid_pkg }}
register: nonexist
failed_when: nonexist.rc != 1
- name: Fail if error not expected
fail:
msg: "Command error not expected"
when: "'No package' not in nonexist.stderr"
- name: Package Layering - Installing existing package
hosts: all
become: yes
tags:
- install_existing_pkg
vars_files:
- vars.yml
tasks:
- name: Attempt to install package that is already in the deployment
command: rpm-ostree install {{ g_deployed_pkg }}
- include: '../../common/ans_reboot.yml'
- name: Get rpm-ostree status --json output
command: rpm-ostree status --json
register: req
- name: Convert rpm-ostree status output to jinja2 json
set_fact:
req_json: "{{ req.stdout | from_json }}"
# This is a hack for requested-packages being displayed in rpm-ostree v2017.3 that should
# be fixed in v2017.4. Once all streams are at v2017.4 we can fix this. See
# https://github.com/projectatomic/rpm-ostree/pull/670
- name: Set packages when deployment 0 is booted
set_fact:
req_pkgs: "{{ req_json['deployments'][0]['requested-packages'] if req_json['deployments'][0]['requested-packages'] is defined else {} }}"
when: req_json['deployments'][0]['booted']
- name: Set packages when deployment 1 is booted
set_fact:
req_pkgs: "{{ req_json['deployments'][1]['requested-packages'] if req_json['deployments'][1]['requested-packages'] is defined else {} }}"
when: req_json['deployments'][1]['booted']
- name: Fail if {{ g_deployed_pkg }} is not in requested packages
fail:
msg: "{{ g_deployed_pkg }} not found in rpm-ostree status output"
when: g_deployed_pkg not in req_pkgs
- name: Package Layering - Installing non-root ownership package
hosts: all
become: yes
tags:
- install_nonroot_pkg
vars_files:
- vars.yml
roles:
- role: rpm_ostree_install
roi_packages: httpd
roi_reboot: true
- role: reboot
post_tasks:
- name: start httpd service
service:
name: httpd
state: started
- name: Check page on port 80
command: curl http://localhost
- name: Uninstall httpd
command: rpm-ostree uninstall httpd
- include: '../../common/ans_reboot.yml'
- include: verify_package_not_deployed.yml
vars:
package: httpd
- name: Package Layering - Negative - Install already layered package
hosts: all
become: yes
tags:
- install_previously_layered
vars_files:
- vars.yml
tasks:
- name: Install already layered package
command: rpm-ostree install {{ g_pkg1 }}
register: ros_install
failed_when: ros_install.rc == 0
- name: Package Layering - Negative Test - Installing without sufficient privileges
hosts: all
become: yes
tags:
- install_unprivileged
vars_files:
- vars.yml
tasks:
- name: Attempt to install package with insufficient privileges
command: rpm-ostree install {{ g_pkg1 }}
register: unprivileged
become: false
failed_when: unprivileged.rc != 1
- name: Package Layering - Cleanup
hosts: all
become: yes
tags:
- cleanup
vars_files:
- vars.yml
pre_tasks:
- name: Uninstall all packages
command: rpm-ostree uninstall {{ g_pkg1 }} {{ g_epel_pkg }} {{ g_deployed_pkg }}
- include: '../../common/ans_reboot.yml'
roles:
- role: rpm_ostree_cleanup_all
tags:
- rpm_ostree_cleanup_all
- role: redhat_unsubscribe
when: ansible_distribution == 'RedHat'
tags:
- redhat_unsubscribe