Convert use of Vagrant to podman-compose for tests

Instead of Vagrant use ipalab-config and podman-compose. ipalab-config github action allows to automatically create FreeIPA environments using ansible-freeipa and run ansible playbooks against these environments. Switch to ubuntu-latest as ubuntu 20.04 is too old for podman use Signed-off-by: Alexander Bokovoy <[email protected]>
freeipa · Jan 14, 2025 · a89177e · a89177e
1 parent 0697135
commit a89177e
Show file tree

Hide file tree

Showing 4 changed files with 132 additions and 21 deletions.
diff --git a/.github/workflows/gating.yml b/.github/workflows/gating.yml
@@ -12,7 +12,7 @@ env:
 jobs:
   audit-and-build:
     name: Audit and build
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-latest
     container:
       image: fedora:latest
 
@@ -57,7 +57,7 @@ jobs:
   unit-tests:
     name: Unit tests
     needs: audit-and-build
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
 
@@ -75,44 +75,68 @@ jobs:
   integration-tests:
     name: Integration tests
     needs: audit-and-build
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-latest
 
     steps:
       - uses: actions/checkout@v4
 
-      - name: Install vagrant
-        run: |
-          sudo apt -y install apt-transport-https ca-certificates curl software-properties-common
-          wget -O- https://apt.releases.hashicorp.com/gpg | gpg --dearmor | sudo tee /usr/share/keyrings/hashicorp-archive-keyring.gpg
-          echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list
-          sudo apt update
-          sudo apt install vagrant vagrant-sshfs virtualbox
-
       - uses: actions/download-artifact@v4
         with:
           name: freeipa-webui-build
           path: dist
 
-      - name: Run vagrant up
-        run: vagrant up --no-provision --provider=virtualbox
+      - name: Build test image
+        id: build-image
+        uses: redhat-actions/buildah-build@v2
+        with:
+          image: containerfile-fedora
+          tags: latest
+          containerfiles: tests/ipalab/containerfile-fedora
 
-      - name: Run vagrant provision
-        run: vagrant provision
+      - name: Install dependencies
+        shell: bash
+        run: |
+          sudo apt update -y
+          sudo apt install libkrb5-dev libvirt-dev
+          sudo apt install software-properties-common
+          sudo apt install ansible-core podman
 
-      - name: Put IPA Server's IP to /etc/hosts
-        run: sudo echo "$(vagrant ssh -c "hostname -I|sed 's/10\.0\.2\.15//'") server.ipa.demo" | sudo tee -a /etc/hosts
+      - name: Generate ipalab configuration
+        shell: bash
+        run: |
+          sed -e "s@CONF_DIR@$(pwd)@g" tests/ipalab/ipa.yaml.in > tests/ipalab/ipa.yaml
 
-      - name: Save server's IP address to env
-        run: echo "SERVER_IP=$(vagrant ssh -c "hostname -I|sed 's/10\.0\.2\.15//'")" >> $GITHUB_ENV
+      - name: Add podman network for tests
+        shell: bash
+        run: |
+          subnet="$(grep subnet: tests/ipalab/ipa.yaml | cut -d: -f2-)"
+          network="$(grep network: tests/ipalab/ipa.yaml | cut -d: -f2-)"
+          podman network create network --disable-dns --subnet "$subnet" $network
+
+      - name: Run tests using action
+        uses: rjeffman/[email protected]
+        with:
+          cluster_configuration: tests/ipalab/ipa.yaml
+          test_playbooks: tests/ipalab/playbooks/webui.yaml
 
-      - name: Print exported variable
-        run: echo "$SERVER_IP"
+      - name: Put IPA Server's IP to /etc/hosts
+        run: sudo echo "$(podman exec -ti dom-ser "hostname -I") server.ipa.demo" | sudo tee -a /etc/hosts
 
       - name: Run Cypress tests
         uses: cypress-io/github-action@v6
         with:
           browser: electron
           config-file: cypress/cypress.config.ts
+          command-prefix: "podman unshare --rootless-netns "
+
+      - name: Shutdown the test machines and a network
+        shell: bash
+        run: |
+          network="$(grep network: tests/ipalab/ipa.yaml | cut -d: -f2-)"
+          source venv/bin/activate
+          cd tests/ipalab
+          podman-compose down
+          podman network rm $network
 
       - name: Upload cypress screenshots
         uses: actions/upload-artifact@v4

diff --git a/tests/ipalab/containerfile-fedora b/tests/ipalab/containerfile-fedora
@@ -0,0 +1,36 @@
+FROM registry.fedoraproject.org/fedora-toolbox:41
+MAINTAINER [FreeIPA Developers [email protected]]
+ENV container=docker LANG=en_US.utf8 LANGUAGE=en_US.utf8 LC_ALL=en_US.utf8
+
+RUN echo 'deltarpm = false' >> /etc/dnf/dnf.conf \
+    && (sed -i 's/%_install_langs \(.*\)/\0:fr/g' /etc/rpm/macros.image-language-conf ||:) \
+    && dnf install -y systemd \
+    && dnf install -y \
+        git \
+        glibc-langpack-fr \
+        glibc-langpack-en \
+        iptables \
+        nss-tools \
+        openssh-server \
+        sudo \
+        wget \
+        freeipa-server \
+        freeipa-server-dns \
+        freeipa-server-trust-ad \
+        python3-libselinux \
+        firewalld \
+        nodejs \
+    && dnf clean all \
+    && sed -i 's/.*PermitRootLogin .*/#&/g' /etc/ssh/sshd_config \
+    && echo 'PermitRootLogin yes' >> /etc/ssh/sshd_config \
+    && sed -i -e 's@^\(session.*required.*pam_loginuid\)@#\1@' /etc/pam.d/sshd \
+    && systemctl enable sshd \
+    && for i in /usr/lib/systemd/system/*-domainname.service; \
+    do sed -i 's#^ExecStart=/#ExecStart=-/#' $i ; done \
+    && { systemctl mask firewalld ||: ; } \
+    && { systemctl mask systemd-resolved ||: ; } \
+    && systemctl set-default multi-user.target
+
+STOPSIGNAL RTMIN+3
+VOLUME ["/usr/src/freeipa-webui", "/run", "/tmp"]
+ENTRYPOINT [ "/usr/sbin/init" ]
diff --git a/tests/ipalab/ipa.yaml.in b/tests/ipalab/ipa.yaml.in
@@ -0,0 +1,28 @@
+---
+lab_name: webui
+container_fqdn: true
+containerfiles:
+  - containerfile-fedora
+network: ipa-webui
+subnet: "192.168.59.0/24"
+ipa_deployments:
+  - name: webui
+    domain: dom-server.ipa.demo
+    realm: DOM-IPA.DEMO
+    admin_password: Secret123
+    dm_password: Secret123
+    distro: containerfile-fedora
+    cluster:
+      servers:
+        - name: server
+          capabilities:
+            - DNS
+            - AD
+          vars:
+            ipaserver_netbios_name: DOM-SERVER
+            ipaserver_idstart: 61000
+            ipaserver_idmax: 62000
+            ipaserver_rid_base: 63000
+            ipaserver_secondary_rid_base: 70000
+          volumes:
+            - CONFIG_DIR:/usr/src/freeipa-webui:Z
diff --git a/tests/ipalab/playbooks/webui.yaml b/tests/ipalab/playbooks/webui.yaml
@@ -0,0 +1,23 @@
+---
+- name: Set up Modern UI
+  containers.podman.podman_container_exec:
+    name: dom-server.ipa.demo
+    command: |
+      cat >> /etc/httpd/conf.d/ipa.conf <<EOF
+
+      Alias /ipa/modern_ui "/usr/src/freeipa-webui/dist"
+      <Directory "/usr/src/freeipa-webui/dist">
+        SetHandler None
+        AllowOverride None
+        Satisfy Any
+        Require all granted
+        RewriteEngine On
+        RewriteRule ^(.*)/js/(.*)\\\\.(js|map)$ js/\\$2.\\$3 [L]
+        RewriteRule ^(.*)/public/images/(.*)$ public/images/\\$2 [L]
+        RewriteRule ^(.*)/(.*)\\\\.(css|ico|woff2)$ \\$2.\\$3 [L]
+        RewriteCond %{REQUEST_FILENAME} !-f
+        RewriteRule ^ index.html [QSA,L]
+      </Directory>
+      EOF
+
+      systemctl restart httpd