nishiki/ansible-role-luks
1
0
Fork 0
Code Issues Pull requests Releases 2 Wiki Activity

test: replace kitchen to molecule

Browse source
This commit is contained in:
Adrien Waksberg 2021-09-12 23:58:11 +02:00
parent 97c4a2a6db
commit 43ff461045
15 changed files with 99 additions and 269 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.gitignore vendored
View file

@ -1,2 +1,2 @@
.kitchen/* .kitchen/*
*.pyc

20
.kitchen.yml
View file

@ -1,20 +0,0 @@
---
driver:
name: vagrant
provider: virtualbox
box: bento/debian-10.2
provisioner:
name: ansible_playbook
hosts: localhost
require_ansible_repo: false
require_ansible_omnibus: true
require_chef_for_busser: true
ansible_verbose: false
ansible_inventory: ./test/integration/inventory
platforms:
- name: debian-10
suites:
- name: default

38
.rubocop.yml
View file

@ -1,38 +0,0 @@
---
AllCops:
Exclude:
- db/**/*
- config/**/*
- Vagrantfile
TargetRubyVersion: 2.4
Naming/AccessorMethodName:
Enabled: false
Lint/RescueWithoutErrorClass:
Enabled: false
Metrics/LineLength:
Max: 120
Metrics/CyclomaticComplexity:
Enabled: false
Metrics/PerceivedComplexity:
Enabled: false
Metrics/MethodLength:
Enabled: false
Metrics/BlockLength:
Enabled: false
Metrics/ClassLength:
Enabled: false
Metrics/AbcSize:
Enabled: false
Style/NumericLiteralPrefix:
Enabled: false
Style/FrozenStringLiteralComment:
Enabled: false
Style/CommandLiteral:
Enabled: true
EnforcedStyle: percent_x
Style/Documentation:
Enabled: false

20
CHANGELOG.md
View file

@ -4,7 +4,23 @@ This project adheres to [Semantic Versioning](http://semver.org/).
Which is based on [Keep A Changelog](http://keepachangelog.com/) Which is based on [Keep A Changelog](http://keepachangelog.com/)
## [Unreleased] ## [Unreleased]
- fix: no show log with luks password
## [1.0.0] - 2019-03-16 ### Added
- support debian 11
### Changed
test: replace kitchen to molecule
### Fixed
- no show log with luks password
### Removed
- support debian 9
## v1.0.0 - 2019-03-16
- first version - first version

8
Gemfile
View file

@ -1,8 +0,0 @@
source 'https://rubygems.org'
group :development do
gem 'kitchen-ansible'
gem 'kitchen-vagrant'
gem 'rubocop', '0.50.0'
gem 'test-kitchen'
end

130
Gemfile.lock
View file

@ -1,130 +0,0 @@
GEM
remote: https://rubygems.org/
specs:
ast (2.4.0)
bcrypt_pbkdf (1.0.1)
builder (3.2.4)
ed25519 (1.2.4)
equatable (0.6.1)
erubis (2.7.0)
ffi (1.11.1)
gssapi (1.3.0)
ffi (>= 1.0.1)
gyoku (1.3.1)
builder (>= 2.1.2)
httpclient (2.8.3)
kitchen-ansible (0.50.1)
net-ssh (>= 3)
test-kitchen (>= 1.4)
kitchen-vagrant (1.6.0)
test-kitchen (>= 1.4, < 3)
license-acceptance (1.0.13)
pastel (~> 0.7)
tomlrb (~> 1.2)
tty-box (~> 0.3)
tty-prompt (~> 0.18)
little-plugger (1.1.4)
logging (2.2.2)
little-plugger (~> 1.1)
multi_json (~> 1.10)
mixlib-install (3.11.21)
mixlib-shellout
mixlib-versioning
thor
mixlib-shellout (3.0.7)
mixlib-versioning (1.2.7)
multi_json (1.13.1)
necromancer (0.5.0)
net-scp (2.0.0)
net-ssh (>= 2.6.5, < 6.0.0)
net-ssh (5.2.0)
net-ssh-gateway (2.0.0)
net-ssh (>= 4.0.0)
nori (2.6.0)
parallel (1.17.0)
parser (2.6.4.1)
ast (~> 2.4.0)
pastel (0.7.3)
equatable (~> 0.6)
tty-color (~> 0.5)
powerpack (0.1.2)
rainbow (2.2.2)
rake
rake (13.0.1)
rubocop (0.50.0)
parallel (~> 1.10)
parser (>= 2.3.3.1, < 3.0)
powerpack (~> 0.1)
rainbow (>= 2.2.2, < 3.0)
ruby-progressbar (~> 1.7)
unicode-display_width (~> 1.0, >= 1.0.1)
ruby-progressbar (1.10.1)
rubyntlm (0.6.2)
rubyzip (1.3.0)
strings (0.1.6)
strings-ansi (~> 0.1)
unicode-display_width (~> 1.5)
unicode_utils (~> 1.4)
strings-ansi (0.1.0)
test-kitchen (2.3.3)
bcrypt_pbkdf (~> 1.0)
ed25519 (~> 1.2)
license-acceptance (~> 1.0, >= 1.0.11)
mixlib-install (~> 3.6)
mixlib-shellout (>= 1.2, < 4.0)
net-scp (>= 1.1, < 3.0)
net-ssh (>= 2.9, < 6.0)
net-ssh-gateway (>= 1.2, < 3.0)
thor (~> 0.19)
winrm (~> 2.0)
winrm-elevated (~> 1.0)
winrm-fs (~> 1.1)
thor (0.20.3)
tomlrb (1.2.8)
tty-box (0.4.1)
pastel (~> 0.7.2)
strings (~> 0.1.6)
tty-cursor (~> 0.7)
tty-color (0.5.0)
tty-cursor (0.7.0)
tty-prompt (0.19.0)
necromancer (~> 0.5.0)
pastel (~> 0.7.0)
tty-reader (~> 0.6.0)
tty-reader (0.6.0)
tty-cursor (~> 0.7)
tty-screen (~> 0.7)
wisper (~> 2.0.0)
tty-screen (0.7.0)
unicode-display_width (1.6.0)
unicode_utils (1.4.0)
winrm (2.3.2)
builder (>= 2.1.2)
erubis (~> 2.7)
gssapi (~> 1.2)
gyoku (~> 1.0)
httpclient (~> 2.2, >= 2.2.0.2)
logging (>= 1.6.1, < 3.0)
nori (~> 2.0)
rubyntlm (~> 0.6.0, >= 0.6.1)
winrm-elevated (1.1.1)
winrm (~> 2.0)
winrm-fs (~> 1.0)
winrm-fs (1.3.2)
erubis (~> 2.7)
logging (>= 1.6.1, < 3.0)
rubyzip (~> 1.1)
winrm (~> 2.0)
wisper (2.0.0)
PLATFORMS
ruby
DEPENDENCIES
kitchen-ansible
kitchen-vagrant
rubocop (= 0.50.0)
test-kitchen
BUNDLED WITH
1.17.3

31
README.md
View file

@ -1,4 +1,5 @@
# Ansible role: Luks # Ansible role: Luks
[![Version](https://img.shields.io/badge/latest_version-1.0.0-green.svg)](https://git.yaegashi.fr/nishiki/ansible-role-luks/releases) [![Version](https://img.shields.io/badge/latest_version-1.0.0-green.svg)](https://git.yaegashi.fr/nishiki/ansible-role-luks/releases)
[![License](https://img.shields.io/badge/license-Apache--2.0-blue.svg)](https://git.yaegashi.fr/nishiki/ansible-role-luks/src/branch/master/LICENSE) [![License](https://img.shields.io/badge/license-Apache--2.0-blue.svg)](https://git.yaegashi.fr/nishiki/ansible-role-luks/src/branch/master/LICENSE)
@ -6,8 +7,10 @@ Encrypt device with luks
## Requirements ## Requirements
* Ansible >= 2.5 * Ansible >= 2.9
* Debian Stretch * Debian
* Buster
* Bullseye
## Role variables ## Role variables
@ -32,25 +35,15 @@ Encrypt device with luks
``` ```
## Development ## Development
### Test syntax with yamllint
* install `python` and `python-pip` ### Test with molecule and docker
* install yamllint `pip install yamllint`
* run `yamllint .`
### Test syntax with ansible-lint * install libvirt on debian `apt install libvirt-dev qemu-system libvirt-clients libvirt-daemon-system`
* install [vagrant](https://www.vagrantup.com/docs/installation)
* install `python` and `python-pip` * install vagrant libvirt plusin `vagrant plugin install vagrant-libvirt`
* install yamllint `pip install ansible-lint` * install `python3` and `python3-pip`
* run `ansible-lint .` * install molecule and dependencies `pip3 install molecule python-vagrant molecule-vagrant ansible-lint pytest-testinfra yamllint`
* run `molecule test`
### Tests with docker
* install [docker](https://docs.docker.com/engine/installation/)
* install ruby
* install bundler `gem install bundler`
* install dependencies `bundle install`
* run the tests `kitchen test`
## License ## License

4
library/luks_decrypt.py
View file

@ -1,4 +1,4 @@
#!/usr/bin/python #!/usr/bin/python3
from ansible.module_utils.basic import * from ansible.module_utils.basic import *
import subprocess import subprocess
@ -24,7 +24,7 @@ class LuksDecrypt:
'cryptsetup', '-q', 'open', '-d', '-', self.device, self.name 'cryptsetup', '-q', 'open', '-d', '-', self.device, self.name
], stdin=subprocess.PIPE ], stdin=subprocess.PIPE
) )
p.stdin.write(key) p.stdin.write(key.encode())
p.communicate()[0] p.communicate()[0]
p.stdin.close() p.stdin.close()

4
library/luks_manage.py
View file

@ -1,4 +1,4 @@
#!/usr/bin/python #!/usr/bin/python3
from ansible.module_utils.basic import * from ansible.module_utils.basic import *
import subprocess import subprocess
@ -20,7 +20,7 @@ class LuksManage:
'-s', str(size), self.device, '-d', '-' '-s', str(size), self.device, '-d', '-'
], stdin=subprocess.PIPE ], stdin=subprocess.PIPE
) )
p.stdin.write(key) p.stdin.write(key.encode())
p.communicate()[0] p.communicate()[0]
p.stdin.close() p.stdin.close()

27
molecule/default/converge.yml Normal file
View file

@ -0,0 +1,27 @@
---
- name: Converge
hosts: all
become: true
roles:
- ansible-role-luks
vars:
luks_devices:
- name: data_encrypted
device: /tmp/test.img
fstype: ext4
mount_point: /mnt/data_decrypted
key: secret
pre_tasks:
- name: update apt cache
ansible.builtin.apt:
update_cache: true
- name: check if test.img exists
ansible.builtin.stat:
path: /tmp/test.img
register: st
- name: create test.img
ansible.builtin.command: dd if=/dev/zero of=/tmp/test.img bs=1M count=100
when: not st.stat.exists

25
molecule/default/molecule.yml Normal file
View file

@ -0,0 +1,25 @@
---
driver:
name: vagrant
provider:
name: libvirt
platforms:
- name: debian10
box: debian/buster64
memory: 512
cpus: 1
instance_raw_config_args:
- vagrant.plugins = ["vagrant-libvirt"]
- name: debian11
box: debian/bullseye64
memory: 512
cpus: 1
instance_raw_config_args:
- vagrant.plugins = ["vagrant-libvirt"]
lint: |
set -e
yamllint .
ansible-lint .
verifier:
name: testinfra

12
molecule/default/tests/test_default.py Normal file
View file

@ -0,0 +1,12 @@
import testinfra.utils.ansible_runner
def test_packages(host):
for package_name in ['cryptsetup', 'util-linux']:
package = host.package(package_name)
assert package.is_installed
def test_mount_device_encrypted(host):
mount = host.mount_point('/mnt/data_decrypted')
assert mount.exists
assert mount.device == '/dev/mapper/data_encrypted'
assert mount.filesystem == 'ext4'

21
test/integration/default/default.yml
View file

@ -1,21 +0,0 @@
---
- hosts: localhost
connection: local
vars:
luks_devices:
- name: data_encrypted
device: /tmp/test.img
fstype: ext4
mount_point: /mnt/data_decrypted
key: secret
pre_tasks:
- stat:
path: /tmp/test.img
register: st
- command: dd if=/dev/zero of=/tmp/test.img bs=1M count=100
when: not st.stat.exists
roles:
- ansible-role-luks

25
test/integration/default/serverspec/default_spec.rb
View file

@ -1,25 +0,0 @@
require 'serverspec'
set :backend, :exec
puts
puts '================================'
puts %x(ansible --version)
puts '================================'
%w[
cryptsetup
util-linux
].each do |package|
describe package(package) do
it { should be_installed }
end
end
describe file('/dev/mapper/data_encrypted') do
it { should be_block_device }
end
describe file('/mnt/data_decrypted') do
it { should be_mounted }
end

1
test/integration/inventory
View file

@ -1 +0,0 @@
localhost