From 5af8919595d1019f652e2ddf747aba7b8ff6ce59 Mon Sep 17 00:00:00 2001 From: chokoblitz Date: Wed, 4 Dec 2024 13:37:37 +0100 Subject: [PATCH] add validation test --- ansible/install_sgx_deps/tasks/main.yml | 7 +++- ansible/main.yml | 30 ++++++++++++++- ansible/validation_test/tasks/main.yml | 49 +++++++++++++++++++++++++ 3 files changed, 84 insertions(+), 2 deletions(-) create mode 100644 ansible/validation_test/tasks/main.yml diff --git a/ansible/install_sgx_deps/tasks/main.yml b/ansible/install_sgx_deps/tasks/main.yml index 6cb27d7..e5be4ac 100644 --- a/ansible/install_sgx_deps/tasks/main.yml +++ b/ansible/install_sgx_deps/tasks/main.yml @@ -1,6 +1,11 @@ --- # tasks file for install_sgx_deps +- name: Debug ansible_facts + ansible.builtin.debug: + var: ansible_facts + + - name: Add official Intel APT repository block: - name: Download Intel GPG public key @@ -39,7 +44,7 @@ - name: Determine template based on environment ansible.builtin.template: - src: "{{ 'azure_sgx_default_qcnl.conf.j2' if ansible_facts['virtualization_type'] == 'hyperv' else 'baremetal_sgx_default_qcnl.conf.j2' }}" + src: "{{ 'azure_sgx_default_qcnl.conf.j2' if ansible_facts['virtualization_role'] == 'guest' else 'baremetal_sgx_default_qcnl.conf.j2' }}" dest: /etc/sgx_default_qcnl.conf owner: root group: root diff --git a/ansible/main.yml b/ansible/main.yml index 98bd1b4..7f479f6 100644 --- a/ansible/main.yml +++ b/ansible/main.yml @@ -1,4 +1,28 @@ + --- +# - name: Collect and display virtualization facts +# hosts: all +# tasks: +# - name: Gather facts +# ansible.builtin.setup: + +# - name: Display virtualization facts +# ansible.builtin.debug: +# var: ansible_facts['virtualization_type'] + +# - name: Display all virtualization-related facts +# ansible.builtin.debug: +# var: ansible_facts['virtualization_role'] + +# - name: Display all virtualization-related facts +# ansible.builtin.debug: +# var: ansible_facts['virtualization_vendor'] + +# - name: Display all virtualization-related facts +# ansible.builtin.debug: +# var: ansible_facts['virtualization_technology'] + + - name: Cosmian Enclave installation on Ubuntu hosts: all become: true @@ -21,4 +45,8 @@ - name: Always include install_cenclave role ansible.builtin.include_role: - name: install_cenclave \ No newline at end of file + name: install_cenclave + + - name: Run validation_test + ansible.builtin.include_role: + name: validation_test diff --git a/ansible/validation_test/tasks/main.yml b/ansible/validation_test/tasks/main.yml new file mode 100644 index 0000000..84a3748 --- /dev/null +++ b/ansible/validation_test/tasks/main.yml @@ -0,0 +1,49 @@ +--- +# roles/validation_test/tasks/main.yml + +- name: Set Docker socket + set_fact: + ansible_docker_extra_args: "-H unix:///var/run/docker.sock" + +- name: Pull Docker image + community.docker.docker_image: + name: ghcr.io/cosmian/gramine-minimal + tag: "20241202140525" + source: pull + +- name: Run Docker container + community.docker.docker_container: + name: gramine_minimal + image: ghcr.io/cosmian/gramine-minimal:20241202140525 + devices: + - /dev/sgx_enclave + - /dev/sgx_provision + volumes: + - /var/run/aesmd:/var/run/aesmd/ + state: started + interactive: yes + tty: yes + register: docker_container_info + +- name: Wait for the container to be ready + command: docker logs gramine_minimal + register: docker_logs + retries: 15 + delay: 3 + until: "'Hello World' in docker_logs.stdout" + +- name: Capture the output of the Docker container + debug: + msg: "Hello World found in the output" + +# Clean +- name: Stop and remove the container + community.docker.docker_container: + name: gramine_minimal + state: absent + +- name: Remove Docker image + community.docker.docker_image: + name: ghcr.io/cosmian/gramine-minimal + tag: "20241202140525" + state: absent