upstream CI: Allow podman options when creating containers

When using containers to test ansible-freeipa there's a need to deal
with 'podman' the development environment and the Azure environment. In
the Azure environment, with Ubuntu hosts, using 'cap-add' does not allow
FreeIPA to be installed on the containers, and they need to be executed
with privileged mode. On the other hand, on development environments,
such as recent Fedora hosts, there's no need to run the container with
extra privileges.

This patch modifies the utility function 'container_create' to allow the
usage of key-value argumes such as "cpus=4" and "privileged", that will
be used in the container creation.

The currently available options are "privileged", "cpus", "memory" and
"hostname". By default "cpus=2" and "hostname=ipaserver.test.local".

Also, too make the image build script more self-contained, if the
required Ansible collections are not installed, they will be temporarily
installed so that the image can be built.

infra/image/build.sh

@@ -15,7 +15,7 @@ valid_distro() {
 usage() {
     local prog="${0##*/}"
     cat << EOF
-usage: ${prog} [-h] [-s] distro
+usage: ${prog} [-h] [-p] [-c HOSTNAME] [-s] distro
     ${prog} build a container image to test ansible-freeipa.
 EOF
 }
@@ -29,8 +29,9 @@ positional arguments:
 
 optional arguments:
 
-    -s  Deploy IPA server
-
+    -c HOSTNAME   Container hostname
+    -p            Give extended privileges to the container
+    -s            Deploy IPA server
 EOF
 }
 
@@ -41,11 +42,14 @@ hostname="ipaserver.test.local"
 memory="3g"
 quayname="quay.io/ansible-freeipa/upstream-tests"
 deploy_server="N"
+privileged=""
 
-while getopts ":hs" option
+while getopts ":hc:ps" option
 do
     case "${option}" in
         h) help && exit 0 ;;
+        c) hostname="${OPTARG}" ;;
+        p) privileged="privileged" ;;
         s) deploy_server="Y" ;;
         *) die -u "Invalid option: ${option}" ;;
     esac
@@ -82,13 +86,28 @@ container_remove_image_if_exists "${tag}"
     container_remove_image_if_exists "${server_tag}"
 
 container_build "${tag}" "${BASEDIR}/dockerfile/${distro}" "${BASEDIR}"
-container_create "${name}" "${tag}" "${hostname}" "${memory}"
+container_create "${name}" "${tag}" \
+    "hostname=${hostname}" \
+    "memory=${memory}" \
+    "cpus=${cpus}" \
+    "${privileged}"
 container_commit "${name}" "${quayname}:${tag}"
 
 if [ "${deploy_server}" == "Y" ]
 then
     deployed=false
 
+    # Set path to ansible-freeipa roles
+    [ -z "${ANSIBLE_ROLES_PATH:-""}" ] && export ANSIBLE_ROLES_PATH="${TOPDIR}/roles"
+
+    # Install collection containers.podman if not available
+    if [ -z "$(ansible-galaxy collection list containers.podman)" ]
+    then
+        tmpdir="$(mktemp -d)"
+        export ANSIBLE_COLLECTIONS_PATH="${tmpdir}"
+        ansible-galaxy collection install -p "${tmpdir}" containers.podman
+    fi
+
     [ "${container_state}" != "running" ] && container_start "${name}"
 
     container_wait_for_journald "${name}"

infra/image/shcontainer

@@ -9,24 +9,35 @@ TOPDIR="$(readlink -f "${SCRIPTDIR}/../..")"
 container_create() {
     local name=${1}
     local image=${2}
-    local hostname=${3}
-    local memory=${4:-"3g"}
-    local cpus=${5:-"2"}
+    shift 2
+    declare -a extra_opts=()
+    for opt in "$@"
+    do
+        [ -z "${opt}" ] && continue
+        case "${opt}" in
+            hostname=*) extra_opts+=("--${opt}") ;;
+            cpus=*) extra_opts+=("--${opt}") ;;
+            memory=*) extra_opts+=("--${opt}") ;;
+            privileged) extra_opts+=("--${opt}") ;;
+            *) log error "container_create: Invalid option: ${opt}" ;;
+        esac
+    done
 
-    [ -n "${hostname}" ] || die "No hostname given"
+    # ensure default values are set
+    [[ " ${extra_opts[*]} " =~ " --cpus=" ]] || extra_opts+=("--cpus=2")
+    [[ " ${extra_opts[*]} " =~ " --hostname=" ]] \
+        || extra_opts+=("--hostname=ipaserver.test.local")
 
     log info "= Creating ${name} ="
     podman create \
            --security-opt label=disable \
-           --name "${name}" \
-           --hostname "${hostname}" \
            --network bridge:interface_name=eth0 \
            --systemd true \
-           --cpus "${cpus}" \
-           --memory "${memory}" \
+           --name "${name}" \
            --memory-swap -1 \
            --no-hosts \
            --replace \
+           "${extra_opts[@]}" \
            "${image}"
     echo
 }

infra/image/start.sh

@@ -11,7 +11,7 @@ TOPDIR="$(readlink -f "${BASEDIR}/../..")"
 usage() {
     local prog="${0##*/}"
     cat << EOF
-usage: ${prog} [-h] [-l] image
+usage: ${prog} [-h] [-l] [-n HOSTNAME ] image
     ${prog} start a prebuilt ansible-freeipa test container image.
 EOF
 }
@@ -24,7 +24,14 @@ positional arguments:
 
 optional arguments:
 
-    -l    Try to use local image first, if not found download.
+    -h            Show this message
+    -l            Try to use local image first, if not found download.
+    -n HOSTNAME   Set container hostname
+
+NOTE:
+    - The hostname must be the same as the hostname of the container
+      when FreeIPA was deployed. Use only if you built the image and
+      defined its hostname.
 
 EOF
 }
@@ -45,11 +52,12 @@ name="ansible-freeipa-tests"
 hostname="ipaserver.test.local"
 try_local_first="N"
 
-while getopts ":hl" option
+while getopts ":hln:" option
 do
     case "${option}" in
         h) help && exit 0 ;;
         l) try_local_first="Y" ;;
+        n) hostname="${OPTARG}" ;;
         *) die -u "Invalid option: ${option}" ;;
     esac
 done
@@ -79,7 +87,7 @@ fi
 
 [ -z "${local_image}" ] && die "Image '${image}' is not valid"
 
-container_create "${name}" "${local_image}" "${hostname}"
+container_create "${name}" "${local_image}" "hostname=${hostname}"
 container_start "${name}"
 container_wait_for_journald "${name}"
 container_wait_up "${name}"