From a89177e3ddaf17c1e6e671b86473db4e9c26b36d Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy Date: Tue, 14 Jan 2025 10:49:13 +0200 Subject: [PATCH] Convert use of Vagrant to podman-compose for tests Instead of Vagrant use ipalab-config and podman-compose. ipalab-config github action allows to automatically create FreeIPA environments using ansible-freeipa and run ansible playbooks against these environments. Switch to ubuntu-latest as ubuntu 20.04 is too old for podman use Signed-off-by: Alexander Bokovoy --- .github/workflows/gating.yml | 66 +++++++++++++++++++++---------- tests/ipalab/containerfile-fedora | 36 +++++++++++++++++ tests/ipalab/ipa.yaml.in | 28 +++++++++++++ tests/ipalab/playbooks/webui.yaml | 23 +++++++++++ 4 files changed, 132 insertions(+), 21 deletions(-) create mode 100644 tests/ipalab/containerfile-fedora create mode 100644 tests/ipalab/ipa.yaml.in create mode 100644 tests/ipalab/playbooks/webui.yaml diff --git a/.github/workflows/gating.yml b/.github/workflows/gating.yml index df58122a..dd5d48c5 100644 --- a/.github/workflows/gating.yml +++ b/.github/workflows/gating.yml @@ -12,7 +12,7 @@ env: jobs: audit-and-build: name: Audit and build - runs-on: ubuntu-20.04 + runs-on: ubuntu-latest container: image: fedora:latest @@ -57,7 +57,7 @@ jobs: unit-tests: name: Unit tests needs: audit-and-build - runs-on: ubuntu-20.04 + runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 @@ -75,44 +75,68 @@ jobs: integration-tests: name: Integration tests needs: audit-and-build - runs-on: ubuntu-20.04 + runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - - name: Install vagrant - run: | - sudo apt -y install apt-transport-https ca-certificates curl software-properties-common - wget -O- https://apt.releases.hashicorp.com/gpg | gpg --dearmor | sudo tee /usr/share/keyrings/hashicorp-archive-keyring.gpg - echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list - sudo apt update - sudo apt install vagrant vagrant-sshfs virtualbox - - uses: actions/download-artifact@v4 with: name: freeipa-webui-build path: dist - - name: Run vagrant up - run: vagrant up --no-provision --provider=virtualbox + - name: Build test image + id: build-image + uses: redhat-actions/buildah-build@v2 + with: + image: containerfile-fedora + tags: latest + containerfiles: tests/ipalab/containerfile-fedora - - name: Run vagrant provision - run: vagrant provision + - name: Install dependencies + shell: bash + run: | + sudo apt update -y + sudo apt install libkrb5-dev libvirt-dev + sudo apt install software-properties-common + sudo apt install ansible-core podman - - name: Put IPA Server's IP to /etc/hosts - run: sudo echo "$(vagrant ssh -c "hostname -I|sed 's/10\.0\.2\.15//'") server.ipa.demo" | sudo tee -a /etc/hosts + - name: Generate ipalab configuration + shell: bash + run: | + sed -e "s@CONF_DIR@$(pwd)@g" tests/ipalab/ipa.yaml.in > tests/ipalab/ipa.yaml - - name: Save server's IP address to env - run: echo "SERVER_IP=$(vagrant ssh -c "hostname -I|sed 's/10\.0\.2\.15//'")" >> $GITHUB_ENV + - name: Add podman network for tests + shell: bash + run: | + subnet="$(grep subnet: tests/ipalab/ipa.yaml | cut -d: -f2-)" + network="$(grep network: tests/ipalab/ipa.yaml | cut -d: -f2-)" + podman network create network --disable-dns --subnet "$subnet" $network + + - name: Run tests using action + uses: rjeffman/FreeIPA-Cluster-Test@v1.2.0 + with: + cluster_configuration: tests/ipalab/ipa.yaml + test_playbooks: tests/ipalab/playbooks/webui.yaml - - name: Print exported variable - run: echo "$SERVER_IP" + - name: Put IPA Server's IP to /etc/hosts + run: sudo echo "$(podman exec -ti dom-ser "hostname -I") server.ipa.demo" | sudo tee -a /etc/hosts - name: Run Cypress tests uses: cypress-io/github-action@v6 with: browser: electron config-file: cypress/cypress.config.ts + command-prefix: "podman unshare --rootless-netns " + + - name: Shutdown the test machines and a network + shell: bash + run: | + network="$(grep network: tests/ipalab/ipa.yaml | cut -d: -f2-)" + source venv/bin/activate + cd tests/ipalab + podman-compose down + podman network rm $network - name: Upload cypress screenshots uses: actions/upload-artifact@v4 diff --git a/tests/ipalab/containerfile-fedora b/tests/ipalab/containerfile-fedora new file mode 100644 index 00000000..c4571c1b --- /dev/null +++ b/tests/ipalab/containerfile-fedora @@ -0,0 +1,36 @@ +FROM registry.fedoraproject.org/fedora-toolbox:41 +MAINTAINER [FreeIPA Developers freeipa-devel@lists.fedorahosted.org] +ENV container=docker LANG=en_US.utf8 LANGUAGE=en_US.utf8 LC_ALL=en_US.utf8 + +RUN echo 'deltarpm = false' >> /etc/dnf/dnf.conf \ + && (sed -i 's/%_install_langs \(.*\)/\0:fr/g' /etc/rpm/macros.image-language-conf ||:) \ + && dnf install -y systemd \ + && dnf install -y \ + git \ + glibc-langpack-fr \ + glibc-langpack-en \ + iptables \ + nss-tools \ + openssh-server \ + sudo \ + wget \ + freeipa-server \ + freeipa-server-dns \ + freeipa-server-trust-ad \ + python3-libselinux \ + firewalld \ + nodejs \ + && dnf clean all \ + && sed -i 's/.*PermitRootLogin .*/#&/g' /etc/ssh/sshd_config \ + && echo 'PermitRootLogin yes' >> /etc/ssh/sshd_config \ + && sed -i -e 's@^\(session.*required.*pam_loginuid\)@#\1@' /etc/pam.d/sshd \ + && systemctl enable sshd \ + && for i in /usr/lib/systemd/system/*-domainname.service; \ + do sed -i 's#^ExecStart=/#ExecStart=-/#' $i ; done \ + && { systemctl mask firewalld ||: ; } \ + && { systemctl mask systemd-resolved ||: ; } \ + && systemctl set-default multi-user.target + +STOPSIGNAL RTMIN+3 +VOLUME ["/usr/src/freeipa-webui", "/run", "/tmp"] +ENTRYPOINT [ "/usr/sbin/init" ] diff --git a/tests/ipalab/ipa.yaml.in b/tests/ipalab/ipa.yaml.in new file mode 100644 index 00000000..000bd91a --- /dev/null +++ b/tests/ipalab/ipa.yaml.in @@ -0,0 +1,28 @@ +--- +lab_name: webui +container_fqdn: true +containerfiles: + - containerfile-fedora +network: ipa-webui +subnet: "192.168.59.0/24" +ipa_deployments: + - name: webui + domain: dom-server.ipa.demo + realm: DOM-IPA.DEMO + admin_password: Secret123 + dm_password: Secret123 + distro: containerfile-fedora + cluster: + servers: + - name: server + capabilities: + - DNS + - AD + vars: + ipaserver_netbios_name: DOM-SERVER + ipaserver_idstart: 61000 + ipaserver_idmax: 62000 + ipaserver_rid_base: 63000 + ipaserver_secondary_rid_base: 70000 + volumes: + - CONFIG_DIR:/usr/src/freeipa-webui:Z diff --git a/tests/ipalab/playbooks/webui.yaml b/tests/ipalab/playbooks/webui.yaml new file mode 100644 index 00000000..1aa88c27 --- /dev/null +++ b/tests/ipalab/playbooks/webui.yaml @@ -0,0 +1,23 @@ +--- +- name: Set up Modern UI + containers.podman.podman_container_exec: + name: dom-server.ipa.demo + command: | + cat >> /etc/httpd/conf.d/ipa.conf < + SetHandler None + AllowOverride None + Satisfy Any + Require all granted + RewriteEngine On + RewriteRule ^(.*)/js/(.*)\\\\.(js|map)$ js/\\$2.\\$3 [L] + RewriteRule ^(.*)/public/images/(.*)$ public/images/\\$2 [L] + RewriteRule ^(.*)/(.*)\\\\.(css|ico|woff2)$ \\$2.\\$3 [L] + RewriteCond %{REQUEST_FILENAME} !-f + RewriteRule ^ index.html [QSA,L] + + EOF + + systemctl restart httpd