-
Notifications
You must be signed in to change notification settings - Fork 14
/
test-containers-functional.yml
132 lines (118 loc) · 4.87 KB
/
test-containers-functional.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
---
# Copyright 2015, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Test whether the role produced expected results
hosts: localhost
user: root
become: true
tasks:
- name: List the running LXC containers present on the host
command: lxc-ls -1 --fancy --fancy-format name,ipv4 --running
register: lxc_container_list
- name: Verify that the expected containers are present with the correct addresses
# Example stdout:
# NAME IPV4
# ---------------------------------------
# container1 172.16.12.3, 10.100.100.2
# container2 10.100.100.3, 172.16.12.4
assert:
that:
- lxc_container_list.stdout | search("container1\s+(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3},\s+)*10.100.100.2(,\s+\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})*\s+")
- lxc_container_list.stdout | search("container2\s+(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3},\s+)*10.100.100.3(,\s+\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})*\s+")
- lxc_container_list.stdout | search("container3\s+(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3},\s+)*10.100.100.4(,\s+\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})*\s+")
- name: Check for the presence of the right aa_profile for container1
command: grep "^lxc.aa_profile = lxc-openstack$" /var/lib/lxc/container1/config
register: container1_profile
failed_when: container1_profile.rc != 0
- name: Check for the presence of the right aa_profile for container2
command: grep "^lxc.aa_profile = unconfined$" /var/lib/lxc/container2/config
register: container2_profile
failed_when: container2_profile.rc != 0
- name: Check for the lack of presence of an aa_profile for container3
command: grep "lxc.aa_profile" /var/lib/lxc/container3/config
register: container3_profile
failed_when: container3_profile.rc == 0
- name: Check for the presence of the right bound mount for container1
command: grep "lxc.mount.entry = /openstack/container1 opt/test1 none bind 0 0" /var/lib/lxc/container1/config
- name: Check for the presence of the right bound mount for container2
command: grep "lxc.mount.entry = {{ development_repo_directory }} {{ development_repo_directory | relpath('/') }} none bind 0 0" /var/lib/lxc/container2/config
- name: Check for the presence of the default bound mount for container3
command: grep "lxc.mount.entry = /openstack/backup/container3" /var/lib/lxc/container3/config
vars_files:
- common/test-vars.yml
- name: Check for the bind mount in container1
hosts: container1
remote_user: root
tasks:
- name: Check for the presence of /opt/test1
command: ls -1 /opt/test1
register: container1_test_dir
failed_when: container1_test_dir.rc != 0
- name: Test the containers themselves
hosts: all_containers
remote_user: root
tasks:
- name: Open /etc/environment file
slurp:
src: /etc/environment
register: environment_file
- name: Set /etc/environment contents fact
set_fact:
environment_content: "{{ environment_file.content | b64decode }}"
- name: Check /etc/enviroment matches expectations
assert:
that:
- "'foo=bar' in environment_content"
- name: Test connectivity to external address
shell: ping -i 5 -c 6 8.8.8.8
register: ping_external_address
failed_when: false
- name: Verify connectivity to external address
assert:
that:
- ping_external_address.rc == 0
# TODO(evrardjp): Move this to testinfra
- name: Apply a sysctl to test if it can be applied consistenty
hosts: container3
tasks:
- name: Allow consuming apps to bind on non local addresses
sysctl:
name: net.ipv4.ip_nonlocal_bind
value: 1
sysctl_set: yes
state: present
- name: Bump the container state
hosts: localhost
user: root
become: true
tasks:
- name: Stop container
command: "lxc-stop -n container3"
changed_when: false
- name: Start container
command: "lxc-start -d -n container3"
changed_when: false
- name: Check if the sysctl was well applied
hosts: container3
tasks:
- name: Check the sysctl is persistent
command: sysctl -n net.ipv4.ip_nonlocal_bind
register: nonlocalbind
changed_when: false
- debug:
var: nonlocalbind
- name: Verify the sysctl is set
assert:
that:
- "'1' in nonlocalbind.stdout"