diff --git a/.gitignore b/.gitignore index 9ca390c..1331d18 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,2 @@ .kitchen/* - +*.pyc diff --git a/.kitchen.yml b/.kitchen.yml deleted file mode 100644 index 61fd37f..0000000 --- a/.kitchen.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- -driver: - name: docker_cli - -transport: - name: docker_cli - -provisioner: - name: ansible_playbook - hosts: localhost - require_ansible_repo: false - require_ansible_omnibus: false - require_chef_for_busser: true - ansible_verbose: false - ansible_inventory: ./test/integration/inventory - -platforms: - - name: debian-9 - driver_config: - image: "nishiki/debian9:ansible-<%= ENV['ANSIBLE_VERSION'] ? ENV['ANSIBLE_VERSION'] : '2.6' %>" - command: /bin/systemd - volume: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - security_opt: seccomp=unconfined - -suites: - - name: certbot diff --git a/.rubocop.yml b/.rubocop.yml deleted file mode 100644 index 0c8a258..0000000 --- a/.rubocop.yml +++ /dev/null @@ -1,38 +0,0 @@ ---- -AllCops: - Exclude: - - db/**/* - - config/**/* - - Vagrantfile - TargetRubyVersion: 2.3 - -Naming/AccessorMethodName: - Enabled: false - -Lint/RescueWithoutErrorClass: - Enabled: false - -Metrics/LineLength: - Max: 120 -Metrics/CyclomaticComplexity: - Enabled: false -Metrics/PerceivedComplexity: - Enabled: false -Metrics/MethodLength: - Enabled: false -Metrics/BlockLength: - Enabled: false -Metrics/ClassLength: - Enabled: false -Metrics/AbcSize: - Enabled: false - -Style/NumericLiteralPrefix: - Enabled: false -Style/FrozenStringLiteralComment: - Enabled: false -Style/CommandLiteral: - Enabled: true - EnforcedStyle: percent_x -Style/Documentation: - Enabled: false diff --git a/.travis.yml b/.travis.yml index e9b84d7..5f2a2f2 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,28 +1,30 @@ --- sudo: required -language: ruby +dist: bionic +addons: + apt: + packages: + - python3 + - python3-pip + - python3-setuptools env: - - ANSIBLE_VERSION=2.5 - - ANSIBLE_VERSION=2.6 - - ANSIBLE_VERSION=2.7 + - ANSIBLE_VERSION=2.9.25 + - ANSIBLE_VERSION=2.10.7 + - ANSIBLE_VERSION=3.4.0 + - ANSIBLE_VERSION=4.4.0 services: - docker before_install: - - bundle install - - sudo pip install --upgrade pip - - sudo pip install yamllint - - sudo pip install ansible-lint + - sudo pip3 install ansible==${ANSIBLE_VERSION} + - sudo pip3 install molecule 'molecule[docker]' docker testinfra ansible-lint yamllint - git clone https://github.com/ansible/galaxy-lint-rules.git script: - - kitchen conv certbot-debian-9 - - kitchen conv certbot-debian-9 | grep changed=0 - - kitchen verify certbot-debian-9 - - ansible-lint -r galaxy-lint-rules/rules . - - yamllint . + - ansible --version + - molecule test notifications: webhooks: https://galaxy.ansible.com/api/v1/notifications/ diff --git a/.yamllint b/.yamllint index b1b703a..72ac1d6 100644 --- a/.yamllint +++ b/.yamllint @@ -1,3 +1,4 @@ +--- extends: default ignore: | diff --git a/CHANGELOG.md b/CHANGELOG.md index 33831b0..811bdb8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,7 +4,19 @@ This project adheres to [Semantic Versioning](http://semver.org/). Which is based on [Keep A Changelog](http://keepachangelog.com/) ## [Unreleased] + +### Added + - test: add check yamllint +- test: add support debian 11 + +### Changed + +- test: replace kitchen to molecule + +### Removed + +- test: remove support debian 9 ## [2.1.1] 2018-11-26 - fix: replace shell module to command diff --git a/Gemfile b/Gemfile deleted file mode 100644 index 0d96441..0000000 --- a/Gemfile +++ /dev/null @@ -1,8 +0,0 @@ -source 'https://rubygems.org' - -group :development do - gem 'kitchen-ansible' - gem 'kitchen-docker_cli' - gem 'rubocop', '0.50.0' - gem 'test-kitchen' -end diff --git a/Gemfile.lock b/Gemfile.lock deleted file mode 100644 index 939c635..0000000 --- a/Gemfile.lock +++ /dev/null @@ -1,94 +0,0 @@ -GEM - remote: https://rubygems.org/ - specs: - ast (2.4.0) - builder (3.2.3) - erubis (2.7.0) - ffi (1.9.23) - gssapi (1.2.0) - ffi (>= 1.0.1) - gyoku (1.3.1) - builder (>= 2.1.2) - httpclient (2.8.3) - kitchen-ansible (0.47.5) - net-ssh (>= 3) - test-kitchen (~> 1.4) - kitchen-docker_cli (0.18.0) - test-kitchen (>= 1.3) - little-plugger (1.1.4) - logging (2.2.2) - little-plugger (~> 1.1) - multi_json (~> 1.10) - mixlib-install (3.6.0) - mixlib-shellout - mixlib-versioning - thor - mixlib-shellout (2.3.2) - mixlib-versioning (1.2.2) - multi_json (1.13.1) - net-scp (1.2.1) - net-ssh (>= 2.6.5) - net-ssh (4.2.0) - net-ssh-gateway (1.3.0) - net-ssh (>= 2.6.5) - nori (2.6.0) - parallel (1.12.1) - parser (2.5.0.2) - ast (~> 2.4.0) - powerpack (0.1.1) - rainbow (2.2.2) - rake - rake (12.3.1) - rubocop (0.50.0) - parallel (~> 1.10) - parser (>= 2.3.3.1, < 3.0) - powerpack (~> 0.1) - rainbow (>= 2.2.2, < 3.0) - ruby-progressbar (~> 1.7) - unicode-display_width (~> 1.0, >= 1.0.1) - ruby-progressbar (1.9.0) - rubyntlm (0.6.2) - rubyzip (1.2.1) - safe_yaml (1.0.4) - test-kitchen (1.18.0) - mixlib-install (~> 3.6) - mixlib-shellout (>= 1.2, < 3.0) - net-scp (~> 1.1) - net-ssh (>= 2.9, < 5.0) - net-ssh-gateway (~> 1.2) - safe_yaml (~> 1.0) - thor (~> 0.19, < 0.19.2) - winrm (~> 2.0) - winrm-elevated (~> 1.0) - winrm-fs (~> 1.0.2) - thor (0.19.1) - unicode-display_width (1.3.0) - winrm (2.2.3) - builder (>= 2.1.2) - erubis (~> 2.7) - gssapi (~> 1.2) - gyoku (~> 1.0) - httpclient (~> 2.2, >= 2.2.0.2) - logging (>= 1.6.1, < 3.0) - nori (~> 2.0) - rubyntlm (~> 0.6.0, >= 0.6.1) - winrm-elevated (1.1.0) - winrm (~> 2.0) - winrm-fs (~> 1.0) - winrm-fs (1.0.2) - erubis (~> 2.7) - logging (>= 1.6.1, < 3.0) - rubyzip (~> 1.1) - winrm (~> 2.0) - -PLATFORMS - ruby - -DEPENDENCIES - kitchen-ansible - kitchen-docker_cli - rubocop (= 0.50.0) - test-kitchen - -BUNDLED WITH - 1.16.0 diff --git a/README.md b/README.md index 4dd28f7..dee9a49 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,5 @@ # Ansible role: Certbot + [![Version](https://img.shields.io/badge/latest_version-2.1.1-green.svg)](https://git.yaegashi.fr/nishiki/ansible-role-certbot/releases) [![Build Status](https://travis-ci.org/nishiki/ansible-role-certbot.svg?branch=master)](https://travis-ci.org/nishiki/ansible-role-certbot) [![License](https://img.shields.io/badge/license-Apache--2.0-blue.svg)](https://git.yaegashi.fr/nishiki/ansible-role-certbot/src/branch/master/LICENSE) @@ -7,8 +8,10 @@ Generate certificate SSL with certbot. ## Requirements -* Ansible >= 2.5 -* Debian Stretch +* Ansible >= 2.9 +* Debian + * Buster + * Bullseye ## Role variables @@ -27,13 +30,14 @@ Generate certificate SSL with certbot. ``` ## Development -### Tests with docker - * install [docker](https://docs.docker.com/engine/installation/) - * install ruby - * install bundler `gem install bundler` - * install dependencies `bundle install` - * run the tests `kitchen test` +### Test with molecule and docker + +* install [docker](https://docs.docker.com/engine/installation/) +* install `python3` and `python3-pip` +* install molecule and dependencies `pip3 install molecule molecule-docker docker ansible-lint pytest-testinfra yamllint` +* run `molecule test` + ## License diff --git a/meta/main.yml b/meta/main.yml index 6237390..74ad1a9 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -5,11 +5,13 @@ galaxy_info: company: Adrien Waksberg description: Generate certificate SSL with certbot license: Apache2 - min_ansible_version: 2.5 + min_ansible_version: 2.9 platforms: - name: Debian versions: - - stretch + - buster + - bullseye + galaxy_tags: - certbot - letsencrypt diff --git a/test/integration/certbot/default.yml b/molecule/default/converge.yml similarity index 55% rename from test/integration/certbot/default.yml rename to molecule/default/converge.yml index b413344..d35ce14 100644 --- a/test/integration/certbot/default.yml +++ b/molecule/default/converge.yml @@ -1,10 +1,15 @@ --- -- hosts: certbot - connection: local +- name: Converge + hosts: all + roles: + - ansible-role-certbot vars: certbot_role: slave certbot_domains: - name: test.local command: 'echo OK > /tmp/test.txt' - roles: - - ansible-role-certbot + + pre_tasks: + - name: update apt cache + ansible.builtin.apt: + update_cache: true diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml new file mode 100644 index 0000000..0507c53 --- /dev/null +++ b/molecule/default/molecule.yml @@ -0,0 +1,26 @@ +--- +driver: + name: docker +platforms: + - name: debian10 + image: nishiki/debian10:molecule + privileged: true + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro + command: /bin/systemd + capabilities: + - SYS_ADMIN + - name: debian11 + image: nishiki/debian11:molecule + privileged: true + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro + command: /bin/systemd + capabilities: + - SYS_ADMIN +lint: | + set -e + yamllint . + ansible-lint . +verifier: + name: testinfra diff --git a/molecule/default/tests/test_default.py b/molecule/default/tests/test_default.py new file mode 100644 index 0000000..ecfc127 --- /dev/null +++ b/molecule/default/tests/test_default.py @@ -0,0 +1,44 @@ +import testinfra.utils.ansible_runner + +def test_packages(host): + package = host.package('certbot') + assert package.is_installed + +def test_acme_directory(host): + path = host.file('/var/www/acme') + assert path.exists + assert path.is_directory + assert path.user == 'root' + assert path.group == 'root' + assert path.mode == 0o755 + +def test_old_cron_file(host): + path = host.file('/etc/cron.d/certbot') + assert not path.exists + +def test_cron_file(host): + path = host.file('/var/spool/cron/crontabs/root') + assert path.exists + assert path.is_file + assert path.user == 'root' + assert path.group == 'crontab' + assert path.mode == 0o600 + assert path.contains('--renew-hook /usr/local/bin/certbot-renew') + +def test_config_file(host): + path = host.file('/etc/letsencrypt/renew.cfg') + assert path.exists + assert path.is_file + assert path.user == 'root' + assert path.group == 'root' + assert path.mode == 0o644 + assert path.contains('test.local = echo OK > /tmp/test.txt') + +def test_renew(host): + cmd = host.run('RENEWED_DOMAINS=test.local /usr/local/bin/certbot-renew') + assert cmd.succeeded + + path = host.file('/tmp/test.txt') + assert path.exists + assert path.is_file + assert path.contains('OK') diff --git a/test/integration/certbot/serverspec/certbot_spec.rb b/test/integration/certbot/serverspec/certbot_spec.rb deleted file mode 100644 index ede171d..0000000 --- a/test/integration/certbot/serverspec/certbot_spec.rb +++ /dev/null @@ -1,47 +0,0 @@ -require 'serverspec' - -set :backend, :exec - -describe package('certbot') do - it { should be_installed } -end - -describe file('/var/www/acme') do - it { should exist } - it { should be_directory } - it { should be_mode 755 } - it { should be_owned_by 'root' } - it { should be_grouped_into 'root' } -end - -describe file('/etc/cron.d/certbot') do - it { should_not exist } -end - -describe file('/var/spool/cron/crontabs/root') do - it { should exist } - it { should be_file } - it { should be_mode 600 } - it { should be_owned_by 'root' } - it { should be_grouped_into 'crontab' } - it { should contain '--renew-hook /usr/local/bin/certbot-renew' } -end - -describe file('/etc/letsencrypt/renew.cfg') do - it { should exist } - it { should be_file } - it { should be_mode 644 } - it { should be_owned_by 'root' } - it { should be_grouped_into 'root' } - it { should contain 'test.local = echo OK > /tmp/test.txt' } -end - -describe command('RENEWED_DOMAINS=test.local /usr/local/bin/certbot-renew') do - its(:exit_status) { should eq 0 } -end - -describe file('/tmp/test.txt') do - it { should exist } - it { should be_file } - it { should contain 'OK' } -end diff --git a/test/integration/inventory b/test/integration/inventory deleted file mode 100644 index 52358bc..0000000 --- a/test/integration/inventory +++ /dev/null @@ -1,2 +0,0 @@ -[certbot] -localhost