nishiki/ansible-role-bind
1
0
Fork 0
Code Issues Pull requests Releases 2 Activity Actions

test: replace kitchen to molecule

Browse source
This commit is contained in:
Adrien Waksberg 2020-03-01 15:27:42 +01:00
parent 4d27cbc05c
commit 1dc9ed9418
15 changed files with 193 additions and 431 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.gitignore vendored
View file

@ -1,2 +1,2 @@
.kitchen/* .kitchen/*
*.pyc

33
.kitchen.yml
View file

@ -1,33 +0,0 @@
---
driver:
name: docker_cli
transport:
name: docker_cli
provisioner:
name: ansible_playbook
hosts: localhost
require_ansible_repo: false
require_ansible_omnibus: false
require_chef_for_busser: true
ansible_verbose: false
ansible_inventory: ./test/integration/inventory
ansible_vault_password_file: ./test/integration/vault
platforms:
- name: debian-10
driver_config:
image: "nishiki/debian10:ansible-<%= ENV['ANSIBLE_VERSION'] ? ENV['ANSIBLE_VERSION'] : '2.9' %>"
command: /bin/systemd
volume:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
privileged: cap-add=SYS_ADMIN
suites:
- name: bind
- name: bind-zones-subset
provisioner:
extra_vars:
bind_zones_subset:
- test.local

28
.travis.yml
View file

@ -1,27 +1,29 @@
--- ---
sudo: required sudo: required
language: ruby dist: bionic
addons:
apt:
packages:
- python3
- python3-pip
- python3-setuptools
env: env:
- ANSIBLE_VERSION=2.6 - ANSIBLE_VERSION=2.7.16
- ANSIBLE_VERSION=2.7 - ANSIBLE_VERSION=2.8.8
- ANSIBLE_VERSION=2.9.4
services: services:
- docker - docker
before_install: before_install:
- bundle install - sudo pip3 install ansible==${ANSIBLE_VERSION}
- sudo pip install --upgrade pip - sudo pip3 install molecule 'molecule[docker]' docker testinfra ansible-lint yamllint
- sudo pip install ansible-lint
- git clone https://github.com/ansible/galaxy-lint-rules.git - git clone https://github.com/ansible/galaxy-lint-rules.git
script: script:
- kitchen conv bind-debian-9 - ansible --version
- kitchen conv bind-debian-9 | grep changed=0 - molecule test
- kitchen verify bind-debian-9
- kitchen conv bind-zones-subset-debian-9
- kitchen conv bind-zones-subset-debian-9 | grep changed=0
- kitchen verify bind-zones-subset-debian-9
- ansible-lint -r galaxy-lint-rules/rules .
notifications: notifications:
webhooks: https://galaxy.ansible.com/api/v1/notifications/ webhooks: https://galaxy.ansible.com/api/v1/notifications/

4
CHANGELOG.md
View file

@ -5,6 +5,10 @@ Which is based on [Keep A Changelog](http://keepachangelog.com/)
## [Unreleased] ## [Unreleased]
### Changed
- test: replace kitchen to molecule
## v1.3.0 (2020-02-12) ## v1.3.0 (2020-02-12)
- feat: add support debian 10 - feat: add support debian 10
- break: change with_items to loop - break: change with_items to loop

8
Gemfile
View file

@ -1,8 +0,0 @@
source 'https://rubygems.org'
group :development do
gem 'kitchen-ansible'
gem 'kitchen-docker_cli'
gem 'rubocop', '0.50.0'
gem 'test-kitchen'
end

131
Gemfile.lock
View file

@ -1,131 +0,0 @@
GEM
remote: https://rubygems.org/
specs:
ast (2.4.0)
bcrypt_pbkdf (1.0.1)
builder (3.2.4)
ed25519 (1.2.4)
equatable (0.6.1)
erubi (1.9.0)
ffi (1.12.2)
gssapi (1.3.0)
ffi (>= 1.0.1)
gyoku (1.3.1)
builder (>= 2.1.2)
httpclient (2.8.3)
kitchen-ansible (0.50.1)
net-ssh (>= 3)
test-kitchen (>= 1.4)
kitchen-docker_cli (0.19.0)
test-kitchen (>= 1.3)
license-acceptance (1.0.13)
pastel (~> 0.7)
tomlrb (~> 1.2)
tty-box (~> 0.3)
tty-prompt (~> 0.18)
little-plugger (1.1.4)
logging (2.2.2)
little-plugger (~> 1.1)
multi_json (~> 1.10)
mixlib-install (3.11.26)
mixlib-shellout
mixlib-versioning
thor
mixlib-shellout (3.0.9)
mixlib-versioning (1.2.12)
multi_json (1.14.1)
necromancer (0.5.1)
net-scp (2.0.0)
net-ssh (>= 2.6.5, < 6.0.0)
net-ssh (5.2.0)
net-ssh-gateway (2.0.0)
net-ssh (>= 4.0.0)
nori (2.6.0)
parallel (1.19.1)
parser (2.7.0.2)
ast (~> 2.4.0)
pastel (0.7.3)
equatable (~> 0.6)
tty-color (~> 0.5)
powerpack (0.1.2)
rainbow (2.2.2)
rake
rake (13.0.1)
rubocop (0.50.0)
parallel (~> 1.10)
parser (>= 2.3.3.1, < 3.0)
powerpack (~> 0.1)
rainbow (>= 2.2.2, < 3.0)
ruby-progressbar (~> 1.7)
unicode-display_width (~> 1.0, >= 1.0.1)
ruby-progressbar (1.10.1)
rubyntlm (0.6.2)
rubyzip (2.2.0)
strings (0.1.8)
strings-ansi (~> 0.1)
unicode-display_width (~> 1.5)
unicode_utils (~> 1.4)
strings-ansi (0.2.0)
test-kitchen (2.3.4)
bcrypt_pbkdf (~> 1.0)
ed25519 (~> 1.2)
license-acceptance (~> 1.0, >= 1.0.11)
mixlib-install (~> 3.6)
mixlib-shellout (>= 1.2, < 4.0)
net-scp (>= 1.1, < 3.0)
net-ssh (>= 2.9, < 6.0)
net-ssh-gateway (>= 1.2, < 3.0)
thor (~> 0.19)
winrm (~> 2.0)
winrm-elevated (~> 1.0)
winrm-fs (~> 1.1)
thor (0.20.3)
tomlrb (1.2.9)
tty-box (0.5.0)
pastel (~> 0.7.2)
strings (~> 0.1.6)
tty-cursor (~> 0.7)
tty-color (0.5.1)
tty-cursor (0.7.1)
tty-prompt (0.20.0)
necromancer (~> 0.5.0)
pastel (~> 0.7.0)
tty-reader (~> 0.7.0)
tty-reader (0.7.0)
tty-cursor (~> 0.7)
tty-screen (~> 0.7)
wisper (~> 2.0.0)
tty-screen (0.7.1)
unicode-display_width (1.6.1)
unicode_utils (1.4.0)
winrm (2.3.4)
builder (>= 2.1.2)
erubi (~> 1.8)
gssapi (~> 1.2)
gyoku (~> 1.0)
httpclient (~> 2.2, >= 2.2.0.2)
logging (>= 1.6.1, < 3.0)
nori (~> 2.0)
rubyntlm (~> 0.6.0, >= 0.6.1)
winrm-elevated (1.2.1)
erubi (~> 1.8)
winrm (~> 2.0)
winrm-fs (~> 1.0)
winrm-fs (1.3.4)
erubi (~> 1.8)
logging (>= 1.6.1, < 3.0)
rubyzip (~> 2.0)
winrm (~> 2.0)
wisper (2.0.1)
PLATFORMS
ruby
DEPENDENCIES
kitchen-ansible
kitchen-docker_cli
rubocop (= 0.50.0)
test-kitchen
BUNDLED WITH
1.17.3

10
README.md
View file

@ -91,13 +91,13 @@ bind_dnssec:
``` ```
## Development ## Development
### Tests with docker
### Test with molecule and docker
* install [docker](https://docs.docker.com/engine/installation/) * install [docker](https://docs.docker.com/engine/installation/)
* install ruby * install `python3` and `python3-pip`
* install bundler `gem install bundler` * install molecule and dependencies `pip3 install molecule 'molecule[docker]' docker ansible-lint testinfra yamllint`
* install dependencies `bundle install` * run `molecule test`
* run the tests `kitchen test`
## License ## License

69
test/integration/bind/default.yml → molecule/default/converge.yml
View file

@ -1,6 +1,8 @@
--- ---
- hosts: localhost - name: Converge
connection: local hosts: all
roles:
- ansible-role-bind
vars: vars:
bind_listen_ipv6: false bind_listen_ipv6: false
bind_role: master bind_role: master
@ -111,38 +113,71 @@
inline-signing: yes inline-signing: yes
key-directory: '"/etc/bind/keys"' key-directory: '"/etc/bind/keys"'
records: records:
- { name: '@', type: mx, priority: 20, value: mail.test.local. } - name: '@'
- { name: '@', type: ns, value: localhost. } type: mx
- { name: hello, type: a, ttl: 5m, value: 1.2.3.4 } priority: 20
- { name: hello, type: caa, flag: 0, tag: issue, value: letsencrypt.org } value: mail.test.local.
- { name: hello, type: caa, flag: 0, tag: iodef, value: 'mailto:root@test.local' } - name: '@'
- { name: hello, type: srv, priority: 0, weight: 5, port: 80, value: www } type: ns
value: localhost.
- name: hello
type: a
ttl: 5m
value: 1.2.3.4
- name: hello
type: caa
flag: 0
tag: issue
value: letsencrypt.org
- name: hello
type: caa
flag: 0
tag: iodef
value: 'mailto:root@test.local'
- name: hello
type: srv
priority: 0
weight: 5
port: 80
value: www
hello.local: hello.local:
ns_primary: ns1.hello.local ns_primary: ns1.hello.local
mail: root@hello.local mail: root@hello.local
serial: 2017092201 serial: 2017092201
records: records:
- { name: '@', type: mx, priority: 20, value: mail.test.local. } - name: '@'
- { name: '@', type: ns, value: localhost. } type: mx
- { name: '@', type: txt, value: RFufr9qzCi9vnJeWUB2FMNDCtu8ZtP6WE2jl2OFvIiz6pv2dwfzEXBgTC8SI1UzsmlkFYS7vxkHeYuOCLQ95BkOl0YP85ejQQlz8DNbcMcUdAoDtmlaZ9jeXnU7RgCXs5F9ggsmM9B6mFMhZWo1lzwsX86UAR5nw7rIO3cbGo9oUcMTShVFDkTPnoNhP7MTE0L4M99yv8ZLptmS2GP6goHXZgTdFIyYCdfziQgoENcloUI3KshDscsoh6H6I2LA } priority: 20
- { name: hello, type: a, value: 4.3.2.1 } value: mail.test.local.
- name: '@'
type: ns
value: localhost.
- name: '@'
type: txt
value: RFufr9qzCi9vnJeWUB2FMNDCtu8ZtP6WE2jl2OFvIiz6pv2dwfzEXBgTC8SI1UzsmlkFYS7vxkHeYuOCLQ95BkOl0YP85ejQQlz8DNbcMcUdAoDtmlaZ9jeXnU7RgCXs5F9ggsmM9B6mFMhZWo1lzwsX86UAR5nw7rIO3cbGo9oUcMTShVFDkTPnoNhP7MTE0L4M99yv8ZLptmS2GP6goHXZgTdFIyYCdfziQgoENcloUI3KshDscsoh6H6I2LA
- name: hello
type: a
value: 4.3.2.1
disabled.local: disabled.local:
ns_primary: ns1.disabled.local ns_primary: ns1.disabled.local
mail: root@disabled.local mail: root@disabled.local
serial: 2017092201 serial: 2017092201
state: disabled state: disabled
records: records:
- { name: '@', type: mx, priority: 20, value: mail.test.local. } - name: '@'
type: mx
priority: 20
value: mail.test.local.
absent.local: absent.local:
ns_primary: ns1.absent.local ns_primary: ns1.absent.local
mail: root@absent.local mail: root@absent.local
serial: 2017092201 serial: 2017092201
state: absent state: absent
records: records:
- { name: '@', type: mx, priority: 20, value: mail.test.local. } - name: '@'
type: mx
roles: priority: 20
- ansible-role-bind value: mail.test.local.
tasks: tasks:
- apt: - apt:

17
molecule/default/molecule.yml Normal file
View file

@ -0,0 +1,17 @@
---
driver:
name: docker
platforms:
- name: debian10
image: nishiki/debian10:molecule
privileged: true
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
command: /bin/systemd
capabilities:
- SYS_ADMIN
verifier:
name: testinfra
provisioner:
options:
vault-password-file: vault

99
molecule/default/tests/test_default.py Normal file
View file

@ -0,0 +1,99 @@
import os, re
import testinfra.utils.ansible_runner
def test_packages(host):
for package_name in ['bind9', 'cron']:
package = host.package(package_name)
assert package.is_installed
def test_cron_file(host):
config = host.file('/etc/cron.weekly/dnssec')
assert config.exists
assert config.is_file
assert config.user == 'root'
assert config.group == 'root'
assert config.mode == 0o700
assert config.contains('test.local')
def test_local_file(host):
config = host.file('/etc/bind/named.conf.local')
assert config.exists
assert config.is_file
assert config.user == 'root'
assert config.group == 'root'
assert config.mode == 0o644
assert config.contains('4.2.2.4')
assert config.contains('inline-signing yes;')
def test_options_file(host):
config = host.file('/etc/bind/named.conf.options')
assert config.exists
assert config.is_file
assert config.user == 'root'
assert config.group == 'root'
assert config.mode == 0o644
assert config.contains('listen-on { any; };')
assert config.contains('listen-on-v6 { none; };')
assert config.contains('server-id "1";')
def test_db_file(host):
for zone in ['test.local', 'hello.local', 'disabled.local']:
directory = host.file('/etc/bind/zones/%s' % (zone))
assert directory.exists
assert directory.is_directory
assert directory.user == 'bind'
assert directory.group == 'bind'
assert directory.mode == 0o755
config = host.file('/etc/bind/zones/%s/db' % (zone))
assert config.exists
assert config.is_file
assert config.user == 'root'
assert config.group == 'root'
assert config.mode == 0o644
def test_db_signed_file(host):
config = host.file('/etc/bind/zones/test.local/db.signed')
assert config.exists
assert config.is_file
assert config.user == 'root'
assert config.group == 'root'
assert config.mode == 0o644
def test_service(host):
service = host.service('bind9')
assert service.is_running
assert service.is_enabled
def test_socket(host):
socket = host.socket('tcp://127.0.0.1:53')
assert socket.is_listening
socket = host.socket('udp://127.0.0.1:53')
assert socket.is_listening
def test_dns_a(host):
result = host.check_output('dig +nocmd +noall +answer hello.hello.local @127.0.0.1')
assert re.search(r'hello\.hello\.local\.\s+3600\s+IN\s+A\s+4\.3\.2\.1', result)
def test_dns_a_signed(host):
result = host.check_output('dig +nocmd +noall +answer +dnssec hello.test.local @127.0.0.1')
assert re.search(r'hello\.test\.local\.\s+300\s+IN\s+A\s+1\.2\.3\.4', result)
assert re.search(r'hello\.test\.local\.\s+300\s+IN\s+RRSIG\s+A ', result)
def test_dns_mx(host):
result = host.check_output('dig +nocmd +noall +answer -t mx test.local @127.0.0.1')
assert re.search(r'test\.local\.\s+3600\s+IN\s+MX\s+20 mail\.test\.local\.', result)
def test_dns_srv(host):
result = host.check_output('dig +nocmd +noall +answer -t srv hello.test.local @127.0.0.1')
assert re.search(r'hello\.test\.local\.\s+3600\s+IN\s+SRV\s+0\s+5\s+80\s+www\.test\.local\.$', result)
def test_dns_caa(host):
result = host.check_output('dig +nocmd +noall +answer -t caa hello.test.local @127.0.0.1')
assert re.search(r'hello\.test\.local\.\s+3600\s+IN\s+CAA\s+0 issue "letsencrypt\.org', result)
assert re.search(r'hello\.test\.local\.\s+3600\s+IN\s+CAA\s+0 iodef "mailto:root@test\.local"', result)
def test_dns_dnssec(host):
result = host.check_output('dig +nocmd +noall +answer -t txt hello.local @127.0.0.1')
assert re.search(r'"0L4M99yv8ZLptmS2GP6goHXZgTdFIyYCdfziQgoENcloUI3KshDscsoh6H6I2LA"', result)

0
test/integration/vault → molecule/default/vault
View file

1
test/integration/bind-zones-subset/default.yml
View file

@ -1 +0,0 @@
../bind/default.yml

99
test/integration/bind-zones-subset/serverspec/bind_spec.rb
View file

@ -1,99 +0,0 @@
require 'serverspec'
set :backend, :exec
puts
puts '================================'
puts %x(ansible --version)
puts '================================'
%w[
bind9
cron
].each do |package|
describe package(package) do
it { should be_installed }
end
end
describe file('/etc/bind/zones/test.local') do
it { should be_directory }
it { should be_mode 755 }
it { should be_owned_by 'bind' }
it { should be_grouped_into 'bind' }
end
describe file('/etc/bind/zones/test.local/db') do
it { should be_file }
it { should be_mode 644 }
it { should be_owned_by 'root' }
it { should be_grouped_into 'root' }
end
describe file('/etc/bind/zones/test.local/db.signed') do
it { should be_file }
it { should be_mode 644 }
it { should be_owned_by 'root' }
it { should be_grouped_into 'root' }
end
%w[
absent.local
hello.local
disabled.local
].each do |zone|
describe file("/etc/bind/zones/#{zone}") do
it { should_not exist }
end
end
describe file('/etc/bind/named.conf.local') do
it { should be_file }
it { should be_mode 644 }
it { should be_owned_by 'root' }
it { should be_grouped_into 'root' }
it { should contain '4.2.2.4' }
it { should contain 'inline-signing yes;' }
end
describe file('/etc/bind/named.conf.options') do
it { should be_file }
it { should be_mode 644 }
it { should be_owned_by 'root' }
it { should be_grouped_into 'root' }
it { should contain 'listen-on { any; };' }
it { should contain 'listen-on-v6 { none; };' }
it { should contain 'server-id "1";' }
end
describe service('bind9') do
it { should be_enabled }
it { should be_running.under('systemd') }
end
describe port(53) do
it { should be_listening.with('tcp') }
it { should be_listening.with('udp') }
end
describe command('dig +nocmd +noall +answer +dnssec hello.test.local @127.0.0.1') do
its(:exit_status) { should eq 0 }
its(:stdout) { should contain(/hello\.test\.local\.\s+300\s+IN\s+A\s+1\.2\.3\.4/) }
its(:stdout) { should contain(/hello\.test\.local\.\s+300\s+IN\s+RRSIG\s+A /) }
end
describe command('dig +nocmd +noall +answer -t mx test.local @127.0.0.1') do
its(:exit_status) { should eq 0 }
its(:stdout) { should contain(/test\.local\.\s+3600\s+IN\s+MX\s+20 mail\.test\.local\./) }
end
describe command('dig +nocmd +noall +answer -t srv hello.test.local @127.0.0.1') do
its(:exit_status) { should eq 0 }
its(:stdout) { should contain(/hello\.test\.local\.\s+3600\s+IN\s+SRV\s+0\s+5\s+80\s+www\.test\.local\.$/) }
end
describe command('dig +nocmd +noall +answer -t caa hello.test.local @127.0.0.1') do
its(:exit_status) { should eq 0 }
its(:stdout) { should contain(/hello\.test\.local\.\s+3600\s+IN\s+CAA\s+0 issue "letsencrypt\.org"/) }
its(:stdout) { should contain(/hello\.test\.local\.\s+3600\s+IN\s+CAA\s+0 iodef "mailto:root@test\.local"/) }
end

122
test/integration/bind/serverspec/bind_spec.rb
View file

@ -1,122 +0,0 @@
require 'serverspec'
set :backend, :exec
puts
puts '================================'
puts %x(ansible --version)
puts '================================'
%w[
bind9
cron
].each do |package|
describe package(package) do
it { should be_installed }
end
end
describe file('/etc/cron.weekly/dnssec') do
it { should be_file }
it { should be_mode 700 }
it { should be_owned_by 'root' }
it { should be_grouped_into 'root' }
it { should contain 'test.local' }
end
%w[
test.local
hello.local
disabled.local
].each do |zone|
describe file("/etc/bind/zones/#{zone}") do
it { should be_directory }
it { should be_mode 755 }
it { should be_owned_by 'bind' }
it { should be_grouped_into 'bind' }
end
describe file("/etc/bind/zones/#{zone}/db") do
it { should be_file }
it { should be_mode 644 }
it { should be_owned_by 'root' }
it { should be_grouped_into 'root' }
end
end
describe file('/etc/bind/zones/test.local/db.signed') do
it { should be_file }
it { should be_mode 644 }
it { should be_owned_by 'root' }
it { should be_grouped_into 'root' }
end
describe file('/etc/bind/zones/absent.local') do
it { should_not exist }
end
describe file('/etc/bind/named.conf.local') do
it { should be_file }
it { should be_mode 644 }
it { should be_owned_by 'root' }
it { should be_grouped_into 'root' }
it { should contain '4.2.2.4' }
it { should contain 'inline-signing yes;' }
end
describe file('/etc/bind/named.conf.options') do
it { should be_file }
it { should be_mode 644 }
it { should be_owned_by 'root' }
it { should be_grouped_into 'root' }
it { should contain 'listen-on { any; };' }
it { should contain 'listen-on-v6 { none; };' }
it { should contain 'server-id "1";' }
end
describe service('bind9') do
it { should be_enabled }
it { should be_running.under('systemd') }
end
describe port(53) do
it { should be_listening.with('tcp') }
it { should be_listening.with('udp') }
end
describe command('dig +nocmd +noall +answer +dnssec hello.test.local @127.0.0.1') do
its(:exit_status) { should eq 0 }
its(:stdout) { should contain(/hello\.test\.local\.\s+300\s+IN\s+A\s+1\.2\.3\.4/) }
its(:stdout) { should contain(/hello\.test\.local\.\s+300\s+IN\s+RRSIG\s+A /) }
end
describe command('dig +nocmd +noall +answer -t mx test.local @127.0.0.1') do
its(:exit_status) { should eq 0 }
its(:stdout) { should contain(/test\.local\.\s+3600\s+IN\s+MX\s+20 mail\.test\.local\./) }
end
describe command('dig +nocmd +noall +answer -t srv hello.test.local @127.0.0.1') do
its(:exit_status) { should eq 0 }
its(:stdout) { should contain(/hello\.test\.local\.\s+3600\s+IN\s+SRV\s+0\s+5\s+80\s+www\.test\.local\.$/) }
end
describe command('dig +nocmd +noall +answer -t caa hello.test.local @127.0.0.1') do
its(:exit_status) { should eq 0 }
its(:stdout) { should contain(/hello\.test\.local\.\s+3600\s+IN\s+CAA\s+0 issue "letsencrypt\.org"/) }
its(:stdout) { should contain(/hello\.test\.local\.\s+3600\s+IN\s+CAA\s+0 iodef "mailto:root@test\.local"/) }
end
describe command('dig +nocmd +noall +answer hello.hello.local @127.0.0.1') do
its(:exit_status) { should eq 0 }
its(:stdout) { should contain(/hello\.hello\.local\.\s+3600\s+IN\s+A\s+4\.3\.2\.1/) }
end
describe command('dig +nocmd +noall +answer -t txt hello.local @127.0.0.1') do
its(:exit_status) { should eq 0 }
its(:stdout) { should contain('"0L4M99yv8ZLptmS2GP6goHXZgTdFIyYCdfziQgoENcloUI3KshDscsoh6H6I2LA"') }
end
describe command('/etc/cron.weekly/dnssec') do
its(:exit_status) { should eq 0 }
its(:stderr) { should_not contain('dnssec-signzone: fatal') }
end

1
test/integration/inventory
View file

@ -1 +0,0 @@
localhost