Commit graph

111 commits

Author SHA1 Message Date
Rich Megginson
4543f0c679 feat: support for ostree systems
Feature: Allow running and testing the role with ostree managed nodes.

Reason: We have users who want to use the role to manage ostree
systems.

Result: Users can use the role to manage ostree managed nodes.
Signed-off-by: Rich Megginson <rmeggins@redhat.com>
2023-11-28 09:40:18 -07:00
Rich Megginson
24c1915595 tests: Ensure backup/restore preserves file attributes
I noticed some test failures in tests that check ownership/permissions
of config files.  The tests were recently changed to reuse the same
VM, so I suspect config files were not being backed up/restored with
the correct file attributes.  Use `cp -a` to preserve all file
attributes.

Signed-off-by: Rich Megginson <rmeggins@redhat.com>
2023-11-17 08:28:26 -07:00
Jakub Jelen
350a0e562b
fix: Avoid creation of runtime directories in home (#265) 2023-10-30 13:27:37 +00:00
Matt Willsher
59ee0c9715
fix: Remove recursive loop created by symlink of entire role (#262) 2023-10-17 07:30:46 +01:00
EmyLIEUTAUD
0bc6d8f40b
feat: manage ssh certificates (#252)
* Role configured to accept SSH connection via SSH certificates
* Works with or without principals and ansible-lint updated
* add test for SSH certificates authentication with principals
* Add configuration to run tests for SSH certificates authentication with principals
* tasks to use SSH certificates grouped into one file
* Update README.md
2023-09-11 14:39:03 +01:00
Markus Linnala
66785690fa Support inject_facts_as_vars = false
Use facts via ansible_facts only.

Made using:
  git ls-files -z|grep -z yml|xargs -0r sed --follow-symlinks -Ei \
    "s/ansible_(virtualization_type|os_family|distribution\w*)/ansible_facts['\1']/g"
2023-08-29 12:40:48 +02:00
Dominik Rimpf
70c913ed0e
feat: support for debian 12 2023-06-18 23:10:14 +02:00
Stefan Weber
0aea603673 separate failing test for Fedora / RHEL
due to difference in
Subsystem sftp /usr/libexec/openssh/sftp-server (RHEL)
Subsystem sftp /usr/libexec/sftp-server (Fedora)
2023-05-04 16:21:56 +02:00
Stefan Weber
742a88e3c6 fix subsystem test for RHEL > 8 2023-05-04 16:21:56 +02:00
Rich Megginson
a2921b9dc1 test: skip selinux or firewall role test where not supported
Do not test with selinux or firewall if the platform does not support
those roles.
2023-04-26 16:11:18 -06:00
Rich Megginson
c5c519f73b test: check generated files for ansible_managed, fingerprint
Add the following files: tests/tasks/check_header.yml and
tests/templates/get_ansible_managed.j2.
Use check_header.yml to check generated files for the ansible_managed
and fingerprint headers.
check_header.yml takes these parameters.  `fingerprint` is required,
and one of `__file` or `__file_content`:

* `__file` - the full path of the file to check e.g. `/etc/realmd.conf`
* `__file_content` - the output of `slurp` of the file
* `__fingerprint` - required - the fingerprint string `system_role:$ROLENAME` e.g.
  `__fingerprint: "system_role:postfix"`
* `__comment_type` - optional, default `plain` - the type of comments used

e.g. `__comment_type: c` for C/C++-style comments.  `plain` uses `#`.
See https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_filters.html#adding-comments-to-files
for the different types of comment styles supported.

Example:
```
- name: Check generated files for ansible_managed, fingerprint
  include_tasks: tasks/check_header.yml
  vars:
    __file: /etc/myfile.conf
    __fingerprint: "system_role:my_role"
```

Signed-off-by: Rich Megginson <rmeggins@redhat.com>
2023-04-26 07:52:03 -06:00
Jakub Jelen
a3065d070c Make sure the list options are correctly indented
Inspired by similar issue reported and fixed in ssh client role
https://github.com/linux-system-roles/ssh/pull/80/

This wont work in RHEL6 (not allowed AcceptEnv in match blocks) so just
skip it here.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2023-04-14 19:01:19 +02:00
Rich Megginson
b29e05f24d fix pipefail setting 2023-04-10 14:29:38 -06:00
Rich Megginson
70808e97fc ansible-lint - align with current Ansible recommendations
Use `true/false` instead of `yes/no`
Ensure use of FQCN for builtin modules
Use correct spacing in Jinja expressions
All tasks and plays must have a `name`, and the `name` string must begin with an uppercase letter
Use `ansible.posix.mount` instead of `ansible.builtin.mount`
Use `set -o pipefail` with `shell` module where supported by the platform shell

Signed-off-by: Rich Megginson <rmeggins@redhat.com>
2023-04-10 14:21:30 -06:00
Noriko Hosoi
d67c562142 Clean up / Workaround non-inclusive words
- CHANGELOG.md
- tests/tests_include_present.yml
2023-01-17 09:36:43 +01:00
Jakub Jelen
252deda7c4 tests: Use configuration option that is not in defaults 2023-01-16 15:10:28 +01:00
Jakub Jelen
e63d6f9e99 tests: Filter out backspace characters from manual pages in alpine 2023-01-16 15:10:28 +01:00
Jakub Jelen
2e2ab311a6 tests: Whitespace cleanup 2023-01-16 15:10:28 +01:00
Jakub Jelen
c57e15668f tests: Different test requirements for alpine 2023-01-16 15:10:28 +01:00
Jakub Jelen
04f056867c Add support for managing selinux and firewall on RHEL 2023-01-13 10:42:40 +01:00
Jakub Jelen
7fb18bd3b8 tests: Introduce test for all documented options of the OS 2022-09-27 22:32:57 +02:00
Nikolaos Kakouros
6bb0d7b456 tMakes drop-in functionality configurable by the user 2022-08-26 20:23:51 +00:00
Nikolaos Kakouros
5f67c9b3d2 Backups relevant files 2022-08-23 15:18:41 +02:00
Nikolaos Kakouros
7866c6bc29 Fix tests 2022-08-23 15:18:41 +02:00
Nikolaos Kakouros
221a801260 Adds workaround for CentOS6 2022-08-23 15:18:41 +02:00
Nikolaos Kakouros
d2b274a0a1 Fixes tests 2022-08-23 15:18:41 +02:00
Nikolaos Kakouros
87ed3d4c15 Addresses comments and linters 2022-08-23 15:18:41 +02:00
Nikolaos Kakouros
db39a733aa Moves internal non-overridable variables out of defaults 2022-08-23 15:18:41 +02:00
Nikolaos Kakouros
d5b2f8df02 Adds tests for duplicate role use 2022-08-23 15:18:41 +02:00
Jakub Jelen
61cce32ce6 tests: Do not be picky about spaces/tabs
When testing with cloud-init, it modifies the sshd_configuration and can
replace some tabs with whitespaces. This happens frequently around the
subsystem keyword. There are no functional changes, but the matching
did not work as expected.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2022-06-13 17:28:34 +02:00
Matt Willsher
af7230cf29 Fix various linting issues 2022-06-05 08:54:56 +01:00
Matt Willsher
90338a3f0a Fix various linting issues 2022-06-03 11:22:17 +01:00
Jakub Jelen
74026ba2f8 Add support for Ubuntu 22 with drop-in directory
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2022-05-10 16:48:22 +02:00
Jakub Jelen
dd5f79e5f0 tests: Verify os defaults are used also if the drop-in directory exists
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2022-05-10 16:48:22 +02:00
Jakub Jelen
d39c6f7daf tests: Check include directive is added when missing
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2022-05-10 16:48:22 +02:00
Jakub Jelen
e1e820428d tests: Verify the main configuration file contains Include directive if needed
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2022-05-10 16:48:22 +02:00
Jakub Jelen
bd64ca7441 More portable way for sharing variables between role and tests 2022-04-19 17:20:27 +02:00
Jakub Jelen
c515ffdf94 Move the common variables to separate file 2022-04-19 17:20:27 +02:00
Jakub Jelen
bcbdf92182 Avoid unnecessary use of 'and' in 'when' conditions 2022-04-19 17:20:27 +02:00
Jakub Jelen
c1d1cdfeac Reuse the list of skipped virtualization environments 2022-04-19 17:20:27 +02:00
Jakub Jelen
7e311e19a9 tests: Add whitespace
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2022-04-19 17:20:27 +02:00
Jakub Jelen
9502c325ea tests: Add negative test for FIPS mode
This fixes also a typo that was overlooked previously

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2022-04-19 17:20:27 +02:00
Jakub Jelen
09f2c6a999 Add another virtualization platform exception
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2022-04-19 17:20:27 +02:00
Jakub Jelen
57357b0be7 tests: Slurp the correct file when writing main config
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2022-04-19 17:20:27 +02:00
Jakub Jelen
17bc0cbb1b tests: Fix OS detection to match also CentOS 9
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2022-04-19 17:20:27 +02:00
Jakub Jelen
9345faa5a1 Set explicit path to the main configuration file to work well with the drop-in directory
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2022-04-19 17:20:27 +02:00
Jakub Jelen
67fee24ecb Address review comments (to be squashed) 2021-11-16 15:05:22 +01:00
Jakub Jelen
ee63bacdcd tests: Verify the default hostkeys can be excluded in FIPS mode
ignore failures to bind fips_enabled into /proc/sys/crypto as it looks
like this does not work in the Github Actions containers.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2021-11-16 15:05:22 +01:00
Dominik Rimpf
961f10b710 FIX: indentation including tests 2021-08-17 15:50:36 +02:00
Jakub Jelen
2e3b3c0581 tests: Skip the negative test in RHEL6
The ansible_failed_result is not available in old Ansible on RHEL6
2021-08-09 10:08:56 +02:00