From b4fbfadeec4119255654024f5f3b732558c7f153 Mon Sep 17 00:00:00 2001
From: Sergio Oliveira Campos <seocam@seocam.com>
Date: Mon, 17 Aug 2020 16:10:23 -0300
Subject: [PATCH] Added Azure pipelines to build test containers
Added a pipeline file (tests/azure/build-containers.yml) to build test
containers and upload them to quay.io. The pipeline will create
containers with IPA pre-installed for testing proposes on three
different Linux containers: CentOS 7, CentOS 8 and Fedora Latest.
---
molecule/centos-7-build/molecule.yml | 2 --
molecule/centos-7/molecule.yml | 2 --
molecule/centos-8-build/molecule.yml | 2 --
molecule/centos-8/molecule.yml | 2 --
molecule/fedora-latest-build/Dockerfile | 30 ++++++++++++++++
molecule/fedora-latest-build/molecule.yml | 18 ++++++++++
molecule/fedora-latest/molecule.yml | 18 ++++++++++
.../resources/playbooks/prepare-build.yml | 29 +--------------
.../resources/playbooks/prepare-common.yml | 29 +++++++++++++++
molecule/resources/playbooks/prepare.yml | 4 ++-
tests/azure/build-containers.yml | 31 ++++++++++++++++
tests/azure/templates/build_container.yml | 35 +++++++++++++++++++
12 files changed, 165 insertions(+), 37 deletions(-)
create mode 100644 molecule/fedora-latest-build/Dockerfile
create mode 100644 molecule/fedora-latest-build/molecule.yml
create mode 100644 molecule/fedora-latest/molecule.yml
create mode 100644 molecule/resources/playbooks/prepare-common.yml
create mode 100644 tests/azure/build-containers.yml
create mode 100644 tests/azure/templates/build_container.yml
diff --git a/molecule/centos-7-build/molecule.yml b/molecule/centos-7-build/molecule.yml
index 0360b8cc..a9a71d95 100644
--- a/molecule/centos-7-build/molecule.yml
+++ b/molecule/centos-7-build/molecule.yml
@@ -1,6 +1,4 @@
---
-dependency:
- name: galaxy
driver:
name: docker
platforms:
diff --git a/molecule/centos-7/molecule.yml b/molecule/centos-7/molecule.yml
index 0603e267..29036317 100644
--- a/molecule/centos-7/molecule.yml
+++ b/molecule/centos-7/molecule.yml
@@ -1,6 +1,4 @@
---
-dependency:
- name: galaxy
driver:
name: docker
platforms:
diff --git a/molecule/centos-8-build/molecule.yml b/molecule/centos-8-build/molecule.yml
index a7ffacdf..e19fe11a 100644
--- a/molecule/centos-8-build/molecule.yml
+++ b/molecule/centos-8-build/molecule.yml
@@ -1,6 +1,4 @@
---
-dependency:
- name: galaxy
driver:
name: docker
platforms:
diff --git a/molecule/centos-8/molecule.yml b/molecule/centos-8/molecule.yml
index 4e1ab793..eba21c6a 100644
--- a/molecule/centos-8/molecule.yml
+++ b/molecule/centos-8/molecule.yml
@@ -1,6 +1,4 @@
---
-dependency:
- name: galaxy
driver:
name: docker
platforms:
diff --git a/molecule/fedora-latest-build/Dockerfile b/molecule/fedora-latest-build/Dockerfile
new file mode 100644
index 00000000..f3c2ef62
--- /dev/null
+++ b/molecule/fedora-latest-build/Dockerfile
@@ -0,0 +1,30 @@
+FROM fedora:latest
+ENV container=docker
+
+RUN rm -fv /var/cache/dnf/metadata_lock.pid; \
+dnf makecache; \
+dnf --assumeyes install \
+ /usr/bin/python3 \
+ /usr/bin/python3-config \
+ /usr/bin/dnf-3 \
+ sudo \
+ bash \
+ systemd \
+ procps-ng \
+ iproute && \
+dnf clean all; \
+(cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done); \
+rm -f /lib/systemd/system/multi-user.target.wants/*;\
+rm -f /etc/systemd/system/*.wants/*;\
+rm -f /lib/systemd/system/local-fs.target.wants/*; \
+rm -f /lib/systemd/system/sockets.target.wants/*udev*; \
+rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \
+rm -f /lib/systemd/system/basic.target.wants/*;\
+rm -f /lib/systemd/system/anaconda.target.wants/*; \
+rm -rf /var/cache/dnf/;
+
+STOPSIGNAL RTMIN+3
+
+VOLUME ["/sys/fs/cgroup"]
+
+CMD ["/usr/sbin/init"]
diff --git a/molecule/fedora-latest-build/molecule.yml b/molecule/fedora-latest-build/molecule.yml
new file mode 100644
index 00000000..624d99f2
--- /dev/null
+++ b/molecule/fedora-latest-build/molecule.yml
@@ -0,0 +1,18 @@
+---
+driver:
+ name: docker
+platforms:
+ - name: fedora-latest-build
+ image: fedora-latest
+ dockerfile: Dockerfile
+ hostname: ipaserver.test.local
+ dns_servers:
+ - 8.8.8.8
+ volumes:
+ - /sys/fs/cgroup:/sys/fs/cgroup:ro
+ command: /usr/sbin/init
+ privileged: true
+provisioner:
+ name: ansible
+ playbooks:
+ prepare: ../resources/playbooks/prepare-build.yml
diff --git a/molecule/fedora-latest/molecule.yml b/molecule/fedora-latest/molecule.yml
new file mode 100644
index 00000000..af6fd8d6
--- /dev/null
+++ b/molecule/fedora-latest/molecule.yml
@@ -0,0 +1,18 @@
+---
+driver:
+ name: docker
+platforms:
+ - name: fedora-latest
+ image: quay.io/ansible-freeipa/upstream-tests:fedora-latest
+ pre_build_image: true
+ hostname: ipaserver.test.local
+ dns_servers:
+ - 127.0.0.1
+ volumes:
+ - /sys/fs/cgroup:/sys/fs/cgroup:ro
+ command: /usr/sbin/init
+ privileged: true
+provisioner:
+ name: ansible
+ playbooks:
+ prepare: ../resources/playbooks/prepare.yml
diff --git a/molecule/resources/playbooks/prepare-build.yml b/molecule/resources/playbooks/prepare-build.yml
index 784fe7e3..d6523699 100644
--- a/molecule/resources/playbooks/prepare-build.yml
+++ b/molecule/resources/playbooks/prepare-build.yml
@@ -2,34 +2,7 @@
- name: Converge
hosts: all
tasks:
- - name: Ensure IPv6 is ENABLED
- sysctl:
- name: "{{ item.name }}"
- value: "{{ item.value }}"
- sysctl_set: yes
- state: present
- reload: yes
- with_items :
- - name: net.ipv6.conf.all.disable_ipv6
- value: 0
- - name: net.ipv6.conf.lo.disable_ipv6
- value: 0
- - name: net.ipv6.conf.eth0.disable_ipv6
- value: 1
-
- - name: stat protected_regular
- stat:
- path: /proc/sys/fs/protected_regular
- register: result
-
- - name: Ensure fs.protected_regular is disabled
- sysctl:
- name: fs.protected_regular
- value: 0
- sysctl_set: yes
- state: present
- reload: yes
- when: result.stat.exists
+ - include_tasks: prepare-common.yml
- name: Ensure sudo package is installed
package:
diff --git a/molecule/resources/playbooks/prepare-common.yml b/molecule/resources/playbooks/prepare-common.yml
new file mode 100644
index 00000000..3a950157
--- /dev/null
+++ b/molecule/resources/playbooks/prepare-common.yml
@@ -0,0 +1,29 @@
+- name: Ensure IPv6 is ENABLED
+ sysctl:
+ name: "{{ item.name }}"
+ value: "{{ item.value }}"
+ sysctl_set: yes
+ state: present
+ reload: yes
+ with_items :
+ - name: net.ipv6.conf.all.disable_ipv6
+ value: 0
+ - name: net.ipv6.conf.lo.disable_ipv6
+ value: 0
+ - name: net.ipv6.conf.eth0.disable_ipv6
+ value: 1
+
+- name: stat protected_regular
+ stat:
+ path: /proc/sys/fs/protected_regular
+ register: result
+
+- name: Ensure fs.protected_regular is disabled
+ sysctl:
+ name: fs.protected_regular
+ value: 0
+ sysctl_set: yes
+ state: present
+ reload: yes
+ when: result.stat.exists
+
diff --git a/molecule/resources/playbooks/prepare.yml b/molecule/resources/playbooks/prepare.yml
index fc564d01..74abef81 100644
--- a/molecule/resources/playbooks/prepare.yml
+++ b/molecule/resources/playbooks/prepare.yml
@@ -2,12 +2,14 @@
- name: Converge
hosts: all
tasks:
+ - include_tasks: prepare-common.yml
+
- name: Ensure lock dirs for DS exists
file:
state: directory
owner: dirsrv
group: dirsrv
- path: "{{ item }} "
+ path: "{{ item }}"
loop:
- /var/lock/dirsrv/
- /var/lock/dirsrv/slapd-TEST-LOCAL/
diff --git a/tests/azure/build-containers.yml b/tests/azure/build-containers.yml
new file mode 100644
index 00000000..2f987809
--- /dev/null
+++ b/tests/azure/build-containers.yml
@@ -0,0 +1,31 @@
+---
+
+schedules:
+- cron: "0 0 * * *"
+ displayName: Daily midnight build
+ branches:
+ include:
+ - master
+
+pool:
+ vmImage: 'ubuntu-18.04'
+
+jobs:
+
+- template: templates/build_container.yml
+ parameters:
+ job_name_suffix: Centos7
+ container_name: centos-7
+ build_scenario_name: centos-7-build
+
+- template: templates/build_container.yml
+ parameters:
+ job_name_suffix: Centos8
+ container_name: centos-8
+ build_scenario_name: centos-8-build
+
+- template: templates/build_container.yml
+ parameters:
+ job_name_suffix: FedoraLatest
+ container_name: fedora-latest
+ build_scenario_name: fedora-latest-build
diff --git a/tests/azure/templates/build_container.yml b/tests/azure/templates/build_container.yml
new file mode 100644
index 00000000..8649a336
--- /dev/null
+++ b/tests/azure/templates/build_container.yml
@@ -0,0 +1,35 @@
+
+parameters:
+ - name: job_name_suffix
+ type: string
+ - name: container_name
+ type: string
+ - name: build_scenario_name
+ type: string
+
+jobs:
+- job: BuildTestImage${{ parameters.job_name_suffix }}
+ displayName: Build ${{ parameters.container_name }} test container
+ steps:
+ - task: UsePythonVersion@0
+ inputs:
+ versionSpec: '3.6'
+
+ - script: python -m pip install --upgrade pip setuptools wheel
+ displayName: Install tools
+
+ - script: pip install molecule[docker]
+ displayName: Install molecule
+
+ - script: molecule create -s ${{ parameters.build_scenario_name }}
+ displayName: Create test container
+
+ - script: |
+ docker stop ${{ parameters.build_scenario_name }}
+ docker commit ${{ parameters.build_scenario_name }} quay.io/ansible-freeipa/upstream-tests:${{ parameters.container_name }}
+ docker login -u="$QUAY_ROBOT_USERNAME" -p="$QUAY_ROBOT_TOKEN" quay.io
+ docker push quay.io/ansible-freeipa/upstream-tests:${{ parameters.container_name }}
+ displayName: Save image and upload
+ env:
+ # Secrets needs to be mapped as env vars to work properly
+ QUAY_ROBOT_TOKEN: $(QUAY_ROBOT_TOKEN)
--
GitLab