Commit graph

117 commits

Author SHA1 Message Date
Jakub Jelen
f59b40b5c9 tests: Verify generated services/socket units do not miss any important options
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2024-01-22 16:52:34 +01:00
Jakub Jelen
f6ae2094fe Update service/socket files to match main OS's defaults
Specifics:
 * Debian 12 has no longer the instantiated service using inet, see the
   following commit:

0dc73888bb

 * I am not matching the Description tag verbosely as I do not find it
   crucial for functionality.
 * We generate additional -f switch to the sshd CLI pointing go the main
   sshd config we manage
 * The Before=sshd.service in the socket is not generated as I find it
   unnecessary when we conflict the service.
 * Recent Ubuntu versions have RuntimeDirectoryPreserve option, which I
   set for all Ubuntu/Debian as it should not hurt.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2024-01-22 16:41:33 +01:00
Jakub Jelen
84e6a71509 Ubuntu 20 already supports drop-in directory
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2024-01-22 16:41:33 +01:00
Jakub Jelen
cea077a704 tests: The new manual pages have different indentation
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2024-01-22 16:41:33 +01:00
Jakub Jelen
d3e3bdce5a Add whitespace around the filter symbol
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2024-01-22 16:41:33 +01:00
Rich Megginson
a25523ddce ci: Use supported ansible-lint action; run ansible-lint against the collection
The old ansible-community ansible-lint is deprecated.  There is a
new ansible-lint github action.

The latest Ansible repo gating tests run ansible-lint against
the collection format instead of against individual roles.
We have to convert the role to collection format before running
ansible-test.

This also requires tox-lsr 3.2.1

Role developers can run this locally using
`tox -e collection,ansible-lint-collection`
See https://github.com/linux-system-roles/tox-lsr/pull/125

Fix ansible-lint and ansible-test issues reported by the
latest 2.16 versions.

Signed-off-by: Rich Megginson <rmeggins@redhat.com>
2024-01-08 10:56:53 -07:00
Rich Megginson
4543f0c679 feat: support for ostree systems
Feature: Allow running and testing the role with ostree managed nodes.

Reason: We have users who want to use the role to manage ostree
systems.

Result: Users can use the role to manage ostree managed nodes.
Signed-off-by: Rich Megginson <rmeggins@redhat.com>
2023-11-28 09:40:18 -07:00
Rich Megginson
24c1915595 tests: Ensure backup/restore preserves file attributes
I noticed some test failures in tests that check ownership/permissions
of config files.  The tests were recently changed to reuse the same
VM, so I suspect config files were not being backed up/restored with
the correct file attributes.  Use `cp -a` to preserve all file
attributes.

Signed-off-by: Rich Megginson <rmeggins@redhat.com>
2023-11-17 08:28:26 -07:00
Jakub Jelen
350a0e562b
fix: Avoid creation of runtime directories in home (#265) 2023-10-30 13:27:37 +00:00
Matt Willsher
59ee0c9715
fix: Remove recursive loop created by symlink of entire role (#262) 2023-10-17 07:30:46 +01:00
EmyLIEUTAUD
0bc6d8f40b
feat: manage ssh certificates (#252)
* Role configured to accept SSH connection via SSH certificates
* Works with or without principals and ansible-lint updated
* add test for SSH certificates authentication with principals
* Add configuration to run tests for SSH certificates authentication with principals
* tasks to use SSH certificates grouped into one file
* Update README.md
2023-09-11 14:39:03 +01:00
Markus Linnala
66785690fa Support inject_facts_as_vars = false
Use facts via ansible_facts only.

Made using:
  git ls-files -z|grep -z yml|xargs -0r sed --follow-symlinks -Ei \
    "s/ansible_(virtualization_type|os_family|distribution\w*)/ansible_facts['\1']/g"
2023-08-29 12:40:48 +02:00
Dominik Rimpf
70c913ed0e
feat: support for debian 12 2023-06-18 23:10:14 +02:00
Stefan Weber
0aea603673 separate failing test for Fedora / RHEL
due to difference in
Subsystem sftp /usr/libexec/openssh/sftp-server (RHEL)
Subsystem sftp /usr/libexec/sftp-server (Fedora)
2023-05-04 16:21:56 +02:00
Stefan Weber
742a88e3c6 fix subsystem test for RHEL > 8 2023-05-04 16:21:56 +02:00
Rich Megginson
a2921b9dc1 test: skip selinux or firewall role test where not supported
Do not test with selinux or firewall if the platform does not support
those roles.
2023-04-26 16:11:18 -06:00
Rich Megginson
c5c519f73b test: check generated files for ansible_managed, fingerprint
Add the following files: tests/tasks/check_header.yml and
tests/templates/get_ansible_managed.j2.
Use check_header.yml to check generated files for the ansible_managed
and fingerprint headers.
check_header.yml takes these parameters.  `fingerprint` is required,
and one of `__file` or `__file_content`:

* `__file` - the full path of the file to check e.g. `/etc/realmd.conf`
* `__file_content` - the output of `slurp` of the file
* `__fingerprint` - required - the fingerprint string `system_role:$ROLENAME` e.g.
  `__fingerprint: "system_role:postfix"`
* `__comment_type` - optional, default `plain` - the type of comments used

e.g. `__comment_type: c` for C/C++-style comments.  `plain` uses `#`.
See https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_filters.html#adding-comments-to-files
for the different types of comment styles supported.

Example:
```
- name: Check generated files for ansible_managed, fingerprint
  include_tasks: tasks/check_header.yml
  vars:
    __file: /etc/myfile.conf
    __fingerprint: "system_role:my_role"
```

Signed-off-by: Rich Megginson <rmeggins@redhat.com>
2023-04-26 07:52:03 -06:00
Jakub Jelen
a3065d070c Make sure the list options are correctly indented
Inspired by similar issue reported and fixed in ssh client role
https://github.com/linux-system-roles/ssh/pull/80/

This wont work in RHEL6 (not allowed AcceptEnv in match blocks) so just
skip it here.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2023-04-14 19:01:19 +02:00
Rich Megginson
b29e05f24d fix pipefail setting 2023-04-10 14:29:38 -06:00
Rich Megginson
70808e97fc ansible-lint - align with current Ansible recommendations
Use `true/false` instead of `yes/no`
Ensure use of FQCN for builtin modules
Use correct spacing in Jinja expressions
All tasks and plays must have a `name`, and the `name` string must begin with an uppercase letter
Use `ansible.posix.mount` instead of `ansible.builtin.mount`
Use `set -o pipefail` with `shell` module where supported by the platform shell

Signed-off-by: Rich Megginson <rmeggins@redhat.com>
2023-04-10 14:21:30 -06:00
Noriko Hosoi
d67c562142 Clean up / Workaround non-inclusive words
- CHANGELOG.md
- tests/tests_include_present.yml
2023-01-17 09:36:43 +01:00
Jakub Jelen
252deda7c4 tests: Use configuration option that is not in defaults 2023-01-16 15:10:28 +01:00
Jakub Jelen
e63d6f9e99 tests: Filter out backspace characters from manual pages in alpine 2023-01-16 15:10:28 +01:00
Jakub Jelen
2e2ab311a6 tests: Whitespace cleanup 2023-01-16 15:10:28 +01:00
Jakub Jelen
c57e15668f tests: Different test requirements for alpine 2023-01-16 15:10:28 +01:00
Jakub Jelen
04f056867c Add support for managing selinux and firewall on RHEL 2023-01-13 10:42:40 +01:00
Jakub Jelen
7fb18bd3b8 tests: Introduce test for all documented options of the OS 2022-09-27 22:32:57 +02:00
Nikolaos Kakouros
6bb0d7b456 tMakes drop-in functionality configurable by the user 2022-08-26 20:23:51 +00:00
Nikolaos Kakouros
5f67c9b3d2 Backups relevant files 2022-08-23 15:18:41 +02:00
Nikolaos Kakouros
7866c6bc29 Fix tests 2022-08-23 15:18:41 +02:00
Nikolaos Kakouros
221a801260 Adds workaround for CentOS6 2022-08-23 15:18:41 +02:00
Nikolaos Kakouros
d2b274a0a1 Fixes tests 2022-08-23 15:18:41 +02:00
Nikolaos Kakouros
87ed3d4c15 Addresses comments and linters 2022-08-23 15:18:41 +02:00
Nikolaos Kakouros
db39a733aa Moves internal non-overridable variables out of defaults 2022-08-23 15:18:41 +02:00
Nikolaos Kakouros
d5b2f8df02 Adds tests for duplicate role use 2022-08-23 15:18:41 +02:00
Jakub Jelen
61cce32ce6 tests: Do not be picky about spaces/tabs
When testing with cloud-init, it modifies the sshd_configuration and can
replace some tabs with whitespaces. This happens frequently around the
subsystem keyword. There are no functional changes, but the matching
did not work as expected.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2022-06-13 17:28:34 +02:00
Matt Willsher
af7230cf29 Fix various linting issues 2022-06-05 08:54:56 +01:00
Matt Willsher
90338a3f0a Fix various linting issues 2022-06-03 11:22:17 +01:00
Jakub Jelen
74026ba2f8 Add support for Ubuntu 22 with drop-in directory
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2022-05-10 16:48:22 +02:00
Jakub Jelen
dd5f79e5f0 tests: Verify os defaults are used also if the drop-in directory exists
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2022-05-10 16:48:22 +02:00
Jakub Jelen
d39c6f7daf tests: Check include directive is added when missing
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2022-05-10 16:48:22 +02:00
Jakub Jelen
e1e820428d tests: Verify the main configuration file contains Include directive if needed
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2022-05-10 16:48:22 +02:00
Jakub Jelen
bd64ca7441 More portable way for sharing variables between role and tests 2022-04-19 17:20:27 +02:00
Jakub Jelen
c515ffdf94 Move the common variables to separate file 2022-04-19 17:20:27 +02:00
Jakub Jelen
bcbdf92182 Avoid unnecessary use of 'and' in 'when' conditions 2022-04-19 17:20:27 +02:00
Jakub Jelen
c1d1cdfeac Reuse the list of skipped virtualization environments 2022-04-19 17:20:27 +02:00
Jakub Jelen
7e311e19a9 tests: Add whitespace
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2022-04-19 17:20:27 +02:00
Jakub Jelen
9502c325ea tests: Add negative test for FIPS mode
This fixes also a typo that was overlooked previously

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2022-04-19 17:20:27 +02:00
Jakub Jelen
09f2c6a999 Add another virtualization platform exception
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2022-04-19 17:20:27 +02:00
Jakub Jelen
57357b0be7 tests: Slurp the correct file when writing main config
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2022-04-19 17:20:27 +02:00