Merge pull request #6711 from inverse-inc/feature/venom-local-dev

Feature/venom local dev
inverse-inc · Nov 25, 2021 · 827470b · 827470b
2 parents d1d1da2 + 57f7c82
commit 827470b
Show file tree

Hide file tree

Showing 42 changed files with 1,178 additions and 214 deletions.
diff --git a/addons/vagrant/Vagrantfile b/addons/vagrant/Vagrantfile
@@ -3,7 +3,7 @@
 
 require 'securerandom'
 
-BRANCH_OR_TAG_NAME = ENV['CI_COMMIT_REF_SLUG'] || 'local-tests'
+BRANCH_OR_TAG_NAME = ENV['CI_COMMIT_REF_SLUG'] || ENV['USER']
 DOMAIN_PREFIX = "vagrant-" + BRANCH_OR_TAG_NAME + "-#{SecureRandom.hex(3)}-"
 
 Vagrant.configure("2") do |config|

diff --git a/addons/vagrant/cumulus/Vagrantfile b/addons/vagrant/cumulus/Vagrantfile
@@ -84,9 +84,26 @@ echo "### Rebooting Device to Apply Remap..."
 nohup bash -c 'shutdown now -r "Rebooting to Remap Interfaces"' &
 SCRIPT
 
-# Read YAML file with box details
+# Read YAML file with box and network details
 inventory = YAML.load_file('inventory/hosts')
-networks = inventory['all']['vars']['networks']
+user = ENV['USER']
+users_vars = inventory['all']['vars']['users_vars']
+if users_vars[user]
+  dict_name = user
+else
+  dict_name = 'gitlab-runner'
+end
+user_vars = inventory['all']['vars']['users_vars'][dict_name]
+switch01_ip = user_vars['vms']['switch01']['ip']
+switch01_netmask = user_vars['vms']['switch01']['netmask']
+inline_ip = user_vars['vms']['switch01']['inline_ip']
+inline_netmask = user_vars['vms']['switch01']['inline_netmask']
+inline_l3_ip = user_vars['vms']['switch01']['inline_l3_ip']
+inline_l3_netmask = user_vars['vms']['switch01']['inline_l3_netmask']
+node01_ip = user_vars['vms']['node01']['ip']
+node01_netmask = user_vars['vms']['node01']['netmask']
+node02_ip = user_vars['vms']['node02']['ip']
+node02_netmask = user_vars['vms']['node02']['netmask']
 
 Vagrant.configure("2") do |config|
 
@@ -113,34 +130,34 @@ Vagrant.configure("2") do |config|
       # link for swp1 --> mgmt_network (vlan 17)
       device.vm.network "private_network",
             :mac => "a0:00:00:00:00:01",
-            :libvirt__network_name => networks[0]['name'],
-            :ip => networks[0]['subnet'],
+            :libvirt__network_name => user_vars['networks'][0]['name'],
+            :ip => user_vars['networks'][0]['subnet'],
             :libvirt__dhcp_enabled => false,
-            :libvirt__forward_mode => networks[0]['forward_mode'],
+            :libvirt__forward_mode => user_vars['networks'][0]['forward_mode'],
             auto_config: false
       # link for swp2 --> reg_network (vlan 2)
       device.vm.network "private_network",
             :mac => "44:38:39:00:00:02",
-            :libvirt__network_name => networks[1]['name'],
-            :ip => networks[1]['subnet'],
+            :libvirt__network_name => user_vars['networks'][1]['name'],
+            :ip => user_vars['networks'][1]['subnet'],
             :libvirt__dhcp_enabled => false,
-            :libvirt__forward_mode => networks[1]['forward_mode'],
+            :libvirt__forward_mode => user_vars['networks'][1]['forward_mode'],
             auto_config: false
       # link for swp3 --> iso_network (vlan 3)
       device.vm.network "private_network",
             :mac => "44:38:39:00:00:03",
-            :libvirt__network_name => networks[2]['name'],
-            :ip => networks[2]['subnet'],
+            :libvirt__network_name => user_vars['networks'][2]['name'],
+            :ip => user_vars['networks'][2]['subnet'],
             :libvirt__dhcp_enabled => false,
-            :libvirt__forward_mode => networks[2]['forward_mode'],
+            :libvirt__forward_mode => user_vars['networks'][2]['forward_mode'],
             auto_config: false      
       # link for swp6 --> inline_network (vlan 6)
       device.vm.network "private_network",
             :mac => "44:38:39:00:00:06",
-            :libvirt__network_name => networks[3]['name'],
-            :ip => networks[3]['subnet'],
+            :libvirt__network_name => user_vars['networks'][3]['name'],
+            :ip => user_vars['networks'][3]['subnet'],
             :libvirt__dhcp_enabled => false,
-            :libvirt__forward_mode => networks[3]['forward_mode'],
+            :libvirt__forward_mode => user_vars['networks'][3]['forward_mode'],
             auto_config: false
       # link for swp11 --> node01:ens6
       device.vm.network "private_network",
@@ -194,8 +211,11 @@ Vagrant.configure("2") do |config|
 
     # Run the Config specified in the Node Attributes
     device.vm.provision :shell , privileged: false, :inline => 'echo "$(whoami)" > /tmp/normal_user'
-    device.vm.provision "config_switch", type: "shell" , path: "./helper_scripts/config_switch.sh"
-
+    device.vm.provision "config_switch", type: "shell" , path: "./helper_scripts/config_switch.sh",
+                        args: [ "#{switch01_ip}", "#{switch01_netmask}",
+                                "#{inline_ip}", "#{inline_netmask}",
+                                "#{inline_l3_ip}", "#{inline_l3_netmask}"
+                              ]
 
     # Install Rules for the interface re-map
     device.vm.provision :shell , :inline => <<-delete_udev_directory
@@ -338,8 +358,8 @@ vagrant_interface_rule
 
     # Run the Config specified in the Node Attributes
     device.vm.provision :shell , privileged: false, :inline => 'echo "$(whoami)" > /tmp/normal_user'
-    device.vm.provision "config_node", type: "shell", path: "./helper_scripts/config_node01.sh"
-
+    device.vm.provision "config_node", type: "shell", path: "./helper_scripts/config_node01.sh",
+                        args: [ "#{node01_ip}", "#{node01_netmask}"]
 
     # Install Rules for the interface re-map
     device.vm.provision :shell , :inline => <<-delete_udev_directory
@@ -444,8 +464,8 @@ vagrant_interface_rule
 
     # Run the Config specified in the Node Attributes
     device.vm.provision :shell , privileged: false, :inline => 'echo "$(whoami)" > /tmp/normal_user'
-    device.vm.provision "config_node", type: "shell", path: "./helper_scripts/config_node02.sh"
-
+    device.vm.provision "config_node", type: "shell", path: "./helper_scripts/config_node02.sh",
+                        args: [ "#{node02_ip}", "#{node02_netmask}"]
 
     # Install Rules for the interface re-map
     device.vm.provision :shell , :inline => <<-delete_udev_directory

diff --git a/addons/vagrant/helper_scripts/config_node01.sh b/addons/vagrant/helper_scripts/config_node01.sh
@@ -1,5 +1,9 @@
 #!/bin/bash
 set -o nounset -o pipefail -o errexit
+mgmt_ip=$1
+mgmt_netmask=$2
+
+declare -p mgmt_ip mgmt_netmask
 
 echo "#################################"
 echo "  Running config_node01.sh"
@@ -41,7 +45,8 @@ iface lo inet loopback
 auto ens6
 iface ens6 inet static
     alias VLAN 17
-    address 172.17.17.251/24
+    address ${mgmt_ip}
+    netmask ${mgmt_netmask}
 
 allow-hotplug ens7
 iface ens7 inet dhcp

diff --git a/addons/vagrant/helper_scripts/config_node02.sh b/addons/vagrant/helper_scripts/config_node02.sh
@@ -1,5 +1,9 @@
 #!/bin/bash
 set -o nounset -o pipefail -o errexit
+mgmt_ip=$1
+mgmt_netmask=$2
+
+declare -p mgmt_ip mgmt_netmask
 
 echo "#################################"
 echo "  Running config_node.sh"
@@ -41,7 +45,8 @@ iface lo inet loopback
 auto ens6
 iface ens6 inet static
     alias VLAN 17
-    address 172.17.17.252/24
+    address ${mgmt_ip}
+    netmask ${mgmt_netmask}
 
 allow-hotplug ens7
 iface ens7 inet dhcp

diff --git a/addons/vagrant/helper_scripts/config_switch.sh b/addons/vagrant/helper_scripts/config_switch.sh
@@ -1,5 +1,15 @@
 #!/bin/bash
 set -o nounset -o pipefail -o errexit
+mgmt_ip=$1
+mgmt_netmask=$2
+inline_ip=$3
+inline_netmask=$4
+inline_l3_ip=$5
+inline_l3_netmask=$6
+
+declare -p mgmt_ip mgmt_netmask
+declare -p inline_ip inline_netmask
+declare -p inline_l3_ip inline_l3_netmask
 
 echo "#################################"
 echo "  Running Switch Post Config (config_switch.sh)"
@@ -62,17 +72,20 @@ iface swp48
 auto bridge.6
 iface bridge.6
     alias Inline-L2
-    address 172.17.6.3/24
+    address ${inline_ip}
+    netmask ${inline_netmask}
 
 auto bridge.17
 iface bridge.17
     alias Management
-    address 172.17.17.201/24
+    address ${mgmt_ip}
+    netmask ${mgmt_netmask}
 
 auto bridge.18
 iface bridge.18
     alias Inline-L3
-    address 172.17.18.254/24
+    address ${inline_l3_ip}
+    netmask ${inline_l3_netmask}
 
 auto bridge.100
 iface bridge.100 inet dhcp

diff --git a/addons/vagrant/inventory/group_vars/all/common.yml b/addons/vagrant/inventory/group_vars/all/common.yml
@@ -9,3 +9,7 @@ packetfence_server_name: '{{ lookup("env","PF_VM_NAME") | default("pfel8dev", tr
 packetfence_server_mgmt_ip: '{{ hostvars[packetfence_server_name]["mgmt_ip"] }}'
 
 pipeline_id: '{{ lookup("env","CI_PIPELINE_ID") | default("123456789", true) }}'
+
+# get current PacketFence minor release (X.Y)
+pf_minor_release: '{{ lookup("env", "PF_MINOR_RELEASE") | default("99.9", true) }}'
+
diff --git a/addons/vagrant/inventory/group_vars/dev/packetfence_install.yml b/addons/vagrant/inventory/group_vars/dev/packetfence_install.yml
@@ -3,3 +3,18 @@
 # from inverse.ca website (already installed based on pipeline
 # artifacts)
 packetfence_install__centos_release_rpm: 'packetfence-release'
+
+# in CI environment: only for dependencies, packetfence package is installed using local repo
+packetfence_install__centos:
+  repos:
+    - packetfence
+
+# override to installed test files
+packetfence_install__centos_packages:
+  - packetfence
+  - packetfence-test
+
+# override to installed test files
+packetfence_install__deb_packages:
+  - packetfence
+  - packetfence-test
diff --git a/addons/vagrant/inventory/group_vars/linux_servers/freeradius.yml b/addons/vagrant/inventory/group_vars/linux_servers/freeradius.yml
@@ -10,7 +10,7 @@ freeradius__configuration:
       - name: 'packetfence_servers'
         raw: |
           client pf {
-              ipaddr = {{ networks[0]['subnet'] }}
+              ipaddr = {{ users_vars[dict_name]['networks'][1]['subnet'] }}
               secret = testing123
           }
         state: 'present'

diff --git a/addons/vagrant/inventory/group_vars/linux_servers/tinyproxy.yml b/addons/vagrant/inventory/group_vars/linux_servers/tinyproxy.yml
@@ -1,3 +1,3 @@
 ---
 tinyproxy__allow:
-  - "{{ networks[0]['subnet'] }}"
+  - "{{ users_vars[dict_name]['networks'][1]['subnet'] }}"
diff --git a/addons/vagrant/inventory/group_vars/localdev/packetfence_install.yml b/addons/vagrant/inventory/group_vars/localdev/packetfence_install.yml
@@ -0,0 +1,12 @@
+---
+packetfence_install__centos_release_rpm: "http://packetfence.org/downloads/PacketFence/RHEL8/packetfence-release-{{ pf_minor_release }}.el8.noarch.rpm"
+
+# override to installed test files
+packetfence_install__centos_packages:
+  - packetfence
+  - packetfence-test
+
+# override to installed test files
+packetfence_install__deb_packages:
+  - packetfence
+  - packetfence-test
diff --git a/addons/vagrant/inventory/group_vars/pfservers/packetfence_install.yml b/addons/vagrant/inventory/group_vars/pfservers/packetfence_install.yml
@@ -1,7 +1,4 @@
 ---
-# get current PacketFence minor release (X.Y)
-pf_minor_release: '{{ lookup("env", "PF_MINOR_RELEASE") | default("99.9", true) }}'
-
 # hack to get id of mgmt interface based
 # on IP assigned by vagrant (in inventory/hosts file)
 mgmt_interface_id: "{{ ansible_facts | dict2items | selectattr('value.ipv4', 'defined') | selectattr('value.ipv4.address', 'equalto', mgmt_ip) | first }}"
@@ -10,27 +7,12 @@ packetfence_install__mgmt_interface:
   id: "{{ mgmt_interface_id['key'] }}"
   ip: "{{ mgmt_ip }}"
   mask: "{{ mgmt_netmask }}"
-  type: management,portal
-
-# only for dependencies, packetfence package is installed using local repo
-packetfence_install__centos:
-  repos:
-    - packetfence
 
-# override to installed test files
-packetfence_install__centos_packages:
-  - packetfence
-  - packetfence-test
-
-# only for dependencies, packetfence packages are installed using local repo
+# in CI environment: only for dependencies, packetfence package is installed using local repo
+# in local dev environment: to install packetfence packages
 packetfence_install__deb:
   repos:
     - "debian/{{ pf_minor_release }}"
 
-# override to installed test files
-packetfence_install__deb_packages:
-  - packetfence
-  - packetfence-test
-
 # we used Venom to pass through configurator
 packetfence_install__configurator_status: 'enabled'
diff --git a/addons/vagrant/inventory/group_vars/pfservers/rhel_subscription.yml b/addons/vagrant/inventory/group_vars/pfservers/rhel_subscription.yml
@@ -1,5 +1,5 @@
 ---
-rhel_sub_psono_secret_id: 'e9d98894-bd22-4f32-8b59-653aceb72ec4'
+rhel_sub_psono_secret_id: "{{ users_vars[dict_name]['vars']['rhel_sub_secret_id'] }}"
 
 # can be used if variable above is not defined
 # rhel_subscription_user:

diff --git a/addons/vagrant/inventory/group_vars/pfservers/venom_local_vars.yml b/addons/vagrant/inventory/group_vars/pfservers/venom_local_vars.yml
@@ -7,6 +7,22 @@ venom_local_vars:
   - name: 'pfserver_mgmt_netmask'
     value: "{{ packetfence_install__mgmt_interface['mask'] }}"
 
+  # get second IP (.2) usable without /CIDR
+  - name: 'configurator.interfaces.reg.ip'
+    value: "{{ users_vars[dict_name]['networks'][1]['subnet'] | ansible.netcommon.next_nth_usable(2) | ansible.netcommon.ipaddr('address') }}"
+
+  # get netmask based on CIDR
+  - name: 'configurator.interfaces.reg.netmask'
+    value: "{{ users_vars[dict_name]['networks'][1]['subnet'] | ansible.netcommon.ipaddr('netmask') }}"
+
+  # get second IP (.2) usable without /CIDR
+  - name: 'configurator.interfaces.iso.ip'
+    value: "{{ users_vars[dict_name]['networks'][2]['subnet'] | ansible.netcommon.next_nth_usable(2) | ansible.netcommon.ipaddr('address') }}"
+
+  # get netmask based on CIDR
+  - name: 'configurator.interfaces.iso.netmask'
+    value: "{{ users_vars[dict_name]['networks'][2]['subnet'] | ansible.netcommon.ipaddr('netmask') }}"
+
   - name: 'smtp_server'
     value: "{{ packetfence_install__mgmt_interface['ip'] }}"
 
@@ -27,3 +43,30 @@ venom_local_vars:
 
   - name: 'mariadb_socket'
     value: "{{ mariadb_socket }}"
+
+  - name: 'ad_mgmt_ip'
+    value: "{{ users_vars[dict_name]['vms']['ad']['ip'] }}"
+
+  - name: 'switch01_mgmt_ip'
+    value: "{{ users_vars[dict_name]['vms']['switch01']['ip'] }}"
+
+  - name: 'node01_mgmt_ip'
+    value: "{{ users_vars[dict_name]['vms']['node01']['ip'] }}"
+
+  - name: 'node02_mgmt_ip'
+    value: "{{ users_vars[dict_name]['vms']['node02']['ip'] }}"
+
+  - name: 'wireless01_mgmt_ip'
+    value: "{{ users_vars[dict_name]['vms']['wireless01']['ip'] }}"
+
+  - name: 'linux01_mgmt_ip'
+    value: "{{ users_vars[dict_name]['vms']['linux01']['ip'] }}"
+
+  - name: 'linux02_mgmt_ip'
+    value: "{{ users_vars[dict_name]['vms']['linux02']['ip'] }}"
+
+  - name: 'fingerbank_api_key.secret_id'
+    value: "{{ users_vars[dict_name]['vars']['fingerbank_api_key']['secret_id'] }}"
+
+  - name: 'fingerbank_api_key.email'
+    value: "{{ users_vars[dict_name]['vars']['fingerbank_api_key']['email'] }}"
diff --git a/addons/vagrant/inventory/group_vars/service_rsyslog/rsyslog.yml b/addons/vagrant/inventory/group_vars/service_rsyslog/rsyslog.yml
@@ -1,4 +1,4 @@
 ---
 # allow all machines on management network to send logs to rsyslog
 rsyslog__group_allow:
-  - 172.17.17.0/24
+  - "{{ users_vars[dict_name]['networks'][0]['subnet'] }}"
diff --git a/addons/vagrant/inventory/group_vars/wireless/gitlab_buildpkg_tools.yml b/addons/vagrant/inventory/group_vars/wireless/gitlab_buildpkg_tools.yml
@@ -1,6 +1,8 @@
 ---
 # force value to simplify tests outside CI
-gitlab_buildpkg_tools__ppa_enabled: True
+# ppa will be disabled in local dev environment
+gitlab_buildpkg_tools__ppa_enabled: '{{ True if lookup("env", "CI")
+                                             else False }}'
 
 # use repo generated by 'publish' stage
 gitlab_buildpkg_tools__ppa_url: 'http://inverse.ca/downloads/PacketFence/gitlab/{{ pipeline_id }}'
@@ -12,6 +14,15 @@ gitlab_buildpkg_tools__deb_ppa:
     baseurl: "{{ gitlab_buildpkg_tools__ppa_url_deb }} {{ ansible_distribution_release }} main"
     gpgkey: 'http://inverse.ca/downloads/GPG_PUBLIC_KEY'
 
+# added for local dev environment where we only want devel packages
+gitlab_buildpkg_tools__deb_deps_repos:
+  - name: 'packetfence'
+    baseurl: 'http://inverse.ca/downloads/PacketFence/debian/{{ pf_minor_release }} {{ ansible_distribution_release }} {{ ansible_distribution_release }}'
+
+# added for local dev environment where we only want devel packages
+gitlab_buildpkg_tools__deb_keys:
+  - 'http://inverse.ca/downloads/GPG_PUBLIC_KEY'
+
 gitlab_buildpkg_tools__deb_pkgs:
   - packetfence-test
-
+  - rsync