From e6f5dda35e6c6224b71a3982d71eba39c57ae347 Mon Sep 17 00:00:00 2001 From: Alessandro Fael Garcia Date: Thu, 17 Mar 2022 23:50:41 +0100 Subject: [PATCH] Add RHEL distro to Molecule tests (#498) --- CHANGELOG.md | 4 ++++ defaults/main/main.yml | 26 +++++++++++++------------- molecule/common/Dockerfile.j2 | 2 +- molecule/default/converge.yml | 14 ++++---------- molecule/default/molecule.yml | 14 ++++++++++++++ molecule/downgrade/converge.yml | 2 +- molecule/downgrade/molecule.yml | 21 +++++++++++++++++++++ molecule/downgrade/prepare.yml | 13 +++---------- molecule/module/converge.yml | 10 ---------- molecule/module/molecule.yml | 14 ++++++++++++++ molecule/plus/molecule.yml | 14 ++++++++++++++ molecule/source/converge.yml | 2 -- molecule/source/molecule.yml | 14 ++++++++++++++ molecule/uninstall/molecule.yml | 14 ++++++++++++++ molecule/uninstall_plus/converge.yml | 2 +- molecule/uninstall_plus/molecule.yml | 14 ++++++++++++++ molecule/upgrade/molecule.yml | 14 ++++++++++++++ molecule/upgrade/prepare.yml | 9 +-------- tasks/modules/install-modules.yml | 18 +++++++++++++++++- tasks/opensource/install-source.yml | 4 +++- 20 files changed, 167 insertions(+), 58 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4825c81..fea44dc 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,10 @@ ## 0.23.1 (Unreleased) +FEATURES: + +Add Molecule testing infrastructure for RHEL 7/8. + BUG FIXES: Ansible check mode runs will no longer fail if NGINX has not yet been installed. diff --git a/defaults/main/main.yml b/defaults/main/main.yml index 1a127a3..cd37cd6 100644 --- a/defaults/main/main.yml +++ b/defaults/main/main.yml @@ -22,7 +22,7 @@ nginx_type: opensource # Default is true. nginx_start: true -# Specify whether you want to maintain your version of NGINX, upgrade to the latest version, or remove NGINX. +# Specify whether you want to install NGINX, upgrade to the latest version, or remove NGINX. # Can be used with `nginx_version` to fine tune control which version of NGINX is installed/used on each playbook execution. # Using 'install' will install the latest version (or 'nginx_version') of NGINX on a fresh install. # Using 'upgrade' will upgrade NGINX to the latest version (that matches your 'nginx_version') of NGINX on every playbook execution. Does not work on Alpine Linux. @@ -42,12 +42,6 @@ nginx_manage_repo: true # Default is nginx_repository. nginx_install_from: nginx_repository -# Specify whether or not you want this role to install the epel-release package. -# Using 'true' will install epel-release if other criteria are met. -# Using 'false' will not install epel-release. -# Default is true. -nginx_install_epel_release: true - # Specify source install options for NGINX Open Source. # Options represent whether to install from source also or to install from packages (default). # These only apply if 'nginx_install_from' is set to 'source'. @@ -59,6 +53,13 @@ nginx_install_source_pcre: false nginx_install_source_openssl: true nginx_install_source_zlib: false +# Specify source install module for NGINX Open Source. +# You can select any of the static modules listed on http://nginx.org/en/docs/configure.html. +# Format is '--with-*' where '*' should be used as static module name in the list below. (see an example below). +# Default is 'http_ssl_module'. (DO NOT remove it if you need SSL support). +nginx_static_modules: ['http_ssl_module'] +# nginx_static_modules: ['http_v2_module'] # Example for '--with-http_v2_module' + # (Optional) Choose where to fetch the NGINX signing key from. # Default is the official NGINX signing key host. # nginx_signing_key: http://nginx.org/keys/nginx_signing.key @@ -88,12 +89,11 @@ nginx_setup_license: true # Default is true. nginx_remove_license: true -# Install NGINX Static Modules. -# You can select any of the static modules listed on http://nginx.org/en/docs/configure.html. -# Format is '--with-*' where '*' should be used as static module name in the list below. (see an example below). -# Default is 'http_ssl_module'. (DO NOT remove it if you need SSL support). -nginx_static_modules: ['http_ssl_module'] -# nginx_static_modules: ['http_v2_module'] # Example for '--with-http_v2_module' +# Specify whether or not you want this role to install the EPEL package when installing certain NGINX Plus modules. +# Using 'true' will install EPEL. +# Using 'false' will not install EPEL. +# Default is true. +nginx_install_epel_release: true # Install NGINX Dynamic Modules. # You can select any of the dynamic modules listed below. Beware of NGINX Plus only dynamic modules (these are marked). diff --git a/molecule/common/Dockerfile.j2 b/molecule/common/Dockerfile.j2 index fc2cfd3..e1e00de 100644 --- a/molecule/common/Dockerfile.j2 +++ b/molecule/common/Dockerfile.j2 @@ -25,7 +25,7 @@ RUN \ && dnf clean all; \ elif [ $(command -v yum) ]; then \ yum makecache fast \ - && yum install -y bash iproute initscripts sudo /usr/bin/python /usr/bin/python2-config vim yum-plugin-ovl \ + && yum install -y bash iproute initscripts sudo /usr/bin/python /usr/bin/python2-config vim yum-plugin-ovl http://mirror.centos.org/centos/7/os/x86_64/Packages/pcre2-10.23-2.el7.x86_64.rpm \ && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf \ && yum clean all; \ elif [ $(command -v zypper) ]; then \ diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml index a7e2b6f..5695d14 100644 --- a/molecule/default/converge.yml +++ b/molecule/default/converge.yml @@ -12,26 +12,20 @@ when: ansible_facts['os_family'] == "Debian" - name: Set repo if Red Hat set_fact: - version: "-1.21.5-1.{{ (ansible_facts['distribution']=='Amazon') | ternary('amzn2', ('el' + ansible_facts['distribution_major_version'] | string)) }}.ngx" + version: "-1.21.5-1.{{ (ansible_facts['distribution'] == 'Amazon') | ternary('amzn2', ('el' + ansible_facts['distribution_major_version'] | string)) }}.ngx" when: ansible_facts['os_family'] == "RedHat" - - name: Enable NGINX @CentOS-AppStream dnf modules - shell: - args: - cmd: dnf module info nginx | grep -q 'Stream.*\[e\]' && echo -n ENABLED || dnf module enable -y nginx # noqa command-instead-of-module - register: dnf_module_enable - changed_when: dnf_module_enable.stdout != 'ENABLED' - when: ansible_facts['os_family'] == "RedHat" and ansible_facts['distribution_major_version'] is version('8', '==') tasks: - name: Install NGINX include_role: name: ansible-role-nginx vars: - nginx_debug_output: true + nginx_version: "{{ version }}" + nginx_service_modify: true + nginx_service_timeout: 95 nginx_selinux: true nginx_selinux_tcp_ports: - 80 - 443 - nginx_version: "{{ version }}" nginx_logrotate_conf_enable: true nginx_logrotate_conf: paths: diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index e7c2750..3f007e8 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -48,6 +48,20 @@ platforms: volumes: - "/sys/fs/cgroup:/sys/fs/cgroup:rw" command: "/usr/sbin/init" + - name: rhel-7 + image: registry.access.redhat.com/ubi7/ubi:7.9 + dockerfile: ../common/Dockerfile.j2 + privileged: true + volumes: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + command: "/usr/sbin/init" + - name: rhel-8 + image: registry.access.redhat.com/ubi8/ubi:8.5 + dockerfile: ../common/Dockerfile.j2 + privileged: true + volumes: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + command: "/usr/sbin/init" - name: debian-buster image: debian:buster-slim dockerfile: ../common/Dockerfile.j2 diff --git a/molecule/downgrade/converge.yml b/molecule/downgrade/converge.yml index ebce729..9392bea 100644 --- a/molecule/downgrade/converge.yml +++ b/molecule/downgrade/converge.yml @@ -12,7 +12,7 @@ when: ansible_facts['os_family'] == "Debian" - name: Set repo if Red Hat set_fact: - version: "-1.20.2-1.{{ (ansible_facts['distribution']=='Amazon') | ternary('amzn2', ('el' + ansible_facts['distribution_major_version'] | string)) }}.ngx" + version: "-1.20.2-1.{{ (ansible_facts['distribution'] == 'Amazon') | ternary('amzn2', ('el' + ansible_facts['distribution_major_version'] | string)) }}.ngx" when: ansible_facts['os_family'] == "RedHat" tasks: - name: Install NGINX diff --git a/molecule/downgrade/molecule.yml b/molecule/downgrade/molecule.yml index 2e7323f..0535986 100644 --- a/molecule/downgrade/molecule.yml +++ b/molecule/downgrade/molecule.yml @@ -27,6 +27,13 @@ platforms: volumes: - "/sys/fs/cgroup:/sys/fs/cgroup:rw" command: "/sbin/init" + - name: alpine-3.15 + image: alpine:3.15 + dockerfile: ../common/Dockerfile.j2 + privileged: true + volumes: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + command: "/sbin/init" - name: amazonlinux-2 image: amazonlinux:2 dockerfile: ../common/Dockerfile.j2 @@ -41,6 +48,20 @@ platforms: volumes: - "/sys/fs/cgroup:/sys/fs/cgroup:rw" command: "/usr/sbin/init" + - name: rhel-7 + image: registry.access.redhat.com/ubi7/ubi:7.9 + dockerfile: ../common/Dockerfile.j2 + privileged: true + volumes: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + command: "/usr/sbin/init" + - name: rhel-8 + image: registry.access.redhat.com/ubi8/ubi:8.5 + dockerfile: ../common/Dockerfile.j2 + privileged: true + volumes: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + command: "/usr/sbin/init" - name: debian-buster image: debian:buster-slim dockerfile: ../common/Dockerfile.j2 diff --git a/molecule/downgrade/prepare.yml b/molecule/downgrade/prepare.yml index b1f6967..07bb870 100644 --- a/molecule/downgrade/prepare.yml +++ b/molecule/downgrade/prepare.yml @@ -4,23 +4,16 @@ pre_tasks: - name: Set repo if Alpine set_fact: - version: "=1.21.4-r1" + version: "=1.21.5-r1" when: ansible_facts['os_family'] == "Alpine" - name: Set repo if Debian set_fact: - version: "=1.21.4-1~{{ ansible_facts['distribution_release'] }}" + version: "=1.21.5-1~{{ ansible_facts['distribution_release'] }}" when: ansible_facts['os_family'] == "Debian" - name: Set repo if Red Hat set_fact: - version: "-1.21.4-1.{{ (ansible_facts['distribution']=='Amazon') | ternary('amzn2', ('el' + ansible_facts['distribution_major_version'] | string)) }}.ngx" + version: "-1.21.5-1.{{ (ansible_facts['distribution'] == 'Amazon') | ternary('amzn2', ('el' + ansible_facts['distribution_major_version'] | string)) }}.ngx" when: ansible_facts['os_family'] == "RedHat" - - name: Enable NGINX @CentOS-AppStream dnf modules - shell: - args: - cmd: dnf module info nginx | grep -q 'Stream.*\[e\]' && echo -n ENABLED || dnf module enable -y nginx # noqa command-instead-of-module - register: dnf_module_enable - changed_when: dnf_module_enable.stdout != 'ENABLED' - when: ansible_facts['os_family'] == "RedHat" and ansible_facts['distribution_major_version'] is version('8', '==') tasks: - name: Install NGINX include_role: diff --git a/molecule/module/converge.yml b/molecule/module/converge.yml index 9c68740..0ea6163 100644 --- a/molecule/module/converge.yml +++ b/molecule/module/converge.yml @@ -6,21 +6,11 @@ include_role: name: ansible-role-nginx vars: - nginx_debug_output: true - - nginx_service_modify: true - nginx_service_timeout: 95 - nginx_selinux: true - nginx_selinux_tcp_ports: - - 80 - - 443 - nginx_modules: - brotli - geoip - image-filter - name: njs - # version: =1.19.4+0.4.4-1~bionic state: present - perl - xslt diff --git a/molecule/module/molecule.yml b/molecule/module/molecule.yml index e7c2750..3f007e8 100644 --- a/molecule/module/molecule.yml +++ b/molecule/module/molecule.yml @@ -48,6 +48,20 @@ platforms: volumes: - "/sys/fs/cgroup:/sys/fs/cgroup:rw" command: "/usr/sbin/init" + - name: rhel-7 + image: registry.access.redhat.com/ubi7/ubi:7.9 + dockerfile: ../common/Dockerfile.j2 + privileged: true + volumes: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + command: "/usr/sbin/init" + - name: rhel-8 + image: registry.access.redhat.com/ubi8/ubi:8.5 + dockerfile: ../common/Dockerfile.j2 + privileged: true + volumes: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + command: "/usr/sbin/init" - name: debian-buster image: debian:buster-slim dockerfile: ../common/Dockerfile.j2 diff --git a/molecule/plus/molecule.yml b/molecule/plus/molecule.yml index dbfb493..0535986 100644 --- a/molecule/plus/molecule.yml +++ b/molecule/plus/molecule.yml @@ -48,6 +48,20 @@ platforms: volumes: - "/sys/fs/cgroup:/sys/fs/cgroup:rw" command: "/usr/sbin/init" + - name: rhel-7 + image: registry.access.redhat.com/ubi7/ubi:7.9 + dockerfile: ../common/Dockerfile.j2 + privileged: true + volumes: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + command: "/usr/sbin/init" + - name: rhel-8 + image: registry.access.redhat.com/ubi8/ubi:8.5 + dockerfile: ../common/Dockerfile.j2 + privileged: true + volumes: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + command: "/usr/sbin/init" - name: debian-buster image: debian:buster-slim dockerfile: ../common/Dockerfile.j2 diff --git a/molecule/source/converge.yml b/molecule/source/converge.yml index 327b2d8..a189339 100644 --- a/molecule/source/converge.yml +++ b/molecule/source/converge.yml @@ -6,8 +6,6 @@ include_role: name: ansible-role-nginx vars: - nginx_debug_output: true - nginx_install_from: source nginx_branch: stable nginx_static_modules: ['http_ssl_module'] diff --git a/molecule/source/molecule.yml b/molecule/source/molecule.yml index e7c2750..3f007e8 100644 --- a/molecule/source/molecule.yml +++ b/molecule/source/molecule.yml @@ -48,6 +48,20 @@ platforms: volumes: - "/sys/fs/cgroup:/sys/fs/cgroup:rw" command: "/usr/sbin/init" + - name: rhel-7 + image: registry.access.redhat.com/ubi7/ubi:7.9 + dockerfile: ../common/Dockerfile.j2 + privileged: true + volumes: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + command: "/usr/sbin/init" + - name: rhel-8 + image: registry.access.redhat.com/ubi8/ubi:8.5 + dockerfile: ../common/Dockerfile.j2 + privileged: true + volumes: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + command: "/usr/sbin/init" - name: debian-buster image: debian:buster-slim dockerfile: ../common/Dockerfile.j2 diff --git a/molecule/uninstall/molecule.yml b/molecule/uninstall/molecule.yml index dbfb493..0535986 100644 --- a/molecule/uninstall/molecule.yml +++ b/molecule/uninstall/molecule.yml @@ -48,6 +48,20 @@ platforms: volumes: - "/sys/fs/cgroup:/sys/fs/cgroup:rw" command: "/usr/sbin/init" + - name: rhel-7 + image: registry.access.redhat.com/ubi7/ubi:7.9 + dockerfile: ../common/Dockerfile.j2 + privileged: true + volumes: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + command: "/usr/sbin/init" + - name: rhel-8 + image: registry.access.redhat.com/ubi8/ubi:8.5 + dockerfile: ../common/Dockerfile.j2 + privileged: true + volumes: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + command: "/usr/sbin/init" - name: debian-buster image: debian:buster-slim dockerfile: ../common/Dockerfile.j2 diff --git a/molecule/uninstall_plus/converge.yml b/molecule/uninstall_plus/converge.yml index 154b570..bdbea27 100644 --- a/molecule/uninstall_plus/converge.yml +++ b/molecule/uninstall_plus/converge.yml @@ -6,6 +6,6 @@ include_role: name: ansible-role-nginx vars: - nginx_setup: uninstall nginx_type: plus nginx_setup_license: false + nginx_setup: uninstall diff --git a/molecule/uninstall_plus/molecule.yml b/molecule/uninstall_plus/molecule.yml index dbfb493..0535986 100644 --- a/molecule/uninstall_plus/molecule.yml +++ b/molecule/uninstall_plus/molecule.yml @@ -48,6 +48,20 @@ platforms: volumes: - "/sys/fs/cgroup:/sys/fs/cgroup:rw" command: "/usr/sbin/init" + - name: rhel-7 + image: registry.access.redhat.com/ubi7/ubi:7.9 + dockerfile: ../common/Dockerfile.j2 + privileged: true + volumes: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + command: "/usr/sbin/init" + - name: rhel-8 + image: registry.access.redhat.com/ubi8/ubi:8.5 + dockerfile: ../common/Dockerfile.j2 + privileged: true + volumes: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + command: "/usr/sbin/init" - name: debian-buster image: debian:buster-slim dockerfile: ../common/Dockerfile.j2 diff --git a/molecule/upgrade/molecule.yml b/molecule/upgrade/molecule.yml index fdb4c6a..9bb9c38 100644 --- a/molecule/upgrade/molecule.yml +++ b/molecule/upgrade/molecule.yml @@ -20,6 +20,20 @@ platforms: volumes: - "/sys/fs/cgroup:/sys/fs/cgroup:rw" command: "/usr/sbin/init" + - name: rhel-7 + image: registry.access.redhat.com/ubi7/ubi:7.9 + dockerfile: ../common/Dockerfile.j2 + privileged: true + volumes: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + command: "/usr/sbin/init" + - name: rhel-8 + image: registry.access.redhat.com/ubi8/ubi:8.5 + dockerfile: ../common/Dockerfile.j2 + privileged: true + volumes: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + command: "/usr/sbin/init" - name: debian-buster image: debian:buster-slim dockerfile: ../common/Dockerfile.j2 diff --git a/molecule/upgrade/prepare.yml b/molecule/upgrade/prepare.yml index 729377a..07bb870 100644 --- a/molecule/upgrade/prepare.yml +++ b/molecule/upgrade/prepare.yml @@ -12,15 +12,8 @@ when: ansible_facts['os_family'] == "Debian" - name: Set repo if Red Hat set_fact: - version: "-1.21.5-1.{{ (ansible_facts['distribution']=='Amazon') | ternary('amzn2', ('el' + ansible_facts['distribution_major_version'] | string)) }}.ngx" + version: "-1.21.5-1.{{ (ansible_facts['distribution'] == 'Amazon') | ternary('amzn2', ('el' + ansible_facts['distribution_major_version'] | string)) }}.ngx" when: ansible_facts['os_family'] == "RedHat" - - name: Enable NGINX @CentOS-AppStream dnf modules - shell: - args: - cmd: dnf module info nginx | grep -q 'Stream.*\[e\]' && echo -n ENABLED || dnf module enable -y nginx # noqa command-instead-of-module - register: dnf_module_enable - changed_when: dnf_module_enable.stdout != 'ENABLED' - when: ansible_facts['os_family'] == "RedHat" and ansible_facts['distribution_major_version'] is version('8', '==') tasks: - name: Install NGINX include_role: diff --git a/tasks/modules/install-modules.yml b/tasks/modules/install-modules.yml index c37fef3..a798eba 100644 --- a/tasks/modules/install-modules.yml +++ b/tasks/modules/install-modules.yml @@ -1,5 +1,5 @@ --- -- name: (CentOS) Install GeoIP dependencies +- name: (CentOS) Install GeoIP EPEL dependencies yum: name: epel-release when: @@ -7,6 +7,22 @@ - '"geoip" in nginx_modules' - nginx_install_epel_release | bool +- name: (RHEL) Install GeoIP2 and/or OpenTracing EPEL dependencies + block: + - name: (RHEL) Import EPEL GPG key + rpm_key: + state: present + key: https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-{{ ansible_facts['distribution_major_version'] }} + + - name: (RHEL) Install package dependencies + yum: + name: https://dl.fedoraproject.org/pub/epel/epel-release-latest-{{ ansible_facts['distribution_major_version'] }}.noarch.rpm + when: + - ansible_facts['distribution'] == "RedHat" + - (ansible_facts['distribution_major_version'] == 7 and '"geoip2" in nginx_modules') + or '"opentracing" in nginx_modules' + - nginx_install_epel_release | bool + - name: Setup NGINX modules package: name: "nginx-{{ (nginx_type == 'plus') | ternary('plus-', '') }}module-{{ item.name | default(item) }}\ diff --git a/tasks/opensource/install-source.yml b/tasks/opensource/install-source.yml index 032c400..491c351 100644 --- a/tasks/opensource/install-source.yml +++ b/tasks/opensource/install-source.yml @@ -23,14 +23,16 @@ - name: (CentOS/RHEL) Install build tools yum: name: - - "@Development tools" - ca-certificates - gcc - gd - gd-devel - glibc - glibc-common + - make - perl-core + - tar + - unzip - wget - zlib-devel update_cache: true