From 0bb405444ecb7455fa10fc80c9a70b8940c1ac9b Mon Sep 17 00:00:00 2001
From: ale <ale@incal.net>
Date: Thu, 10 May 2018 21:27:02 +0100
Subject: [PATCH] Rename test environments, add a 3-node one
---
test/test-base/README.md | 6 +-
test/test-base/Vagrantfile | 2 +-
test/test-base/group_vars/all/vars.yml | 2 +
test/test-base/hosts.yml | 6 --
test/test-base/passwords.yml | 54 ------------
test/test-base/services.yml | 89 +-------------------
test/test-full/README.md | 5 ++
test/test-full/Vagrantfile | 13 +++
test/test-full/ansible.cfg | 22 +++++
test/test-full/config.yml | 8 ++
test/test-full/group_vars/all/vars.yml | 17 ++++
test/test-full/hosts.yml | 36 ++++++++
test/test-full/passwords.yml | 62 ++++++++++++++
test/test-full/services.yml | 111 +++++++++++++++++++++++++
test/test-full/site.yml | 4 +
test/test-full/test.sh | 12 +++
16 files changed, 298 insertions(+), 151 deletions(-)
create mode 100644 test/test-full/README.md
create mode 100644 test/test-full/Vagrantfile
create mode 100644 test/test-full/ansible.cfg
create mode 100644 test/test-full/config.yml
create mode 100644 test/test-full/group_vars/all/vars.yml
create mode 100644 test/test-full/hosts.yml
create mode 100644 test/test-full/passwords.yml
create mode 100644 test/test-full/services.yml
create mode 100644 test/test-full/site.yml
create mode 100644 test/test-full/test.sh
diff --git a/test/test-base/README.md b/test/test-base/README.md
index 682f7c9..1250582 100644
--- a/test/test-base/README.md
+++ b/test/test-base/README.md
@@ -1,2 +1,4 @@
-Base test environment, including just the main infrastructure services
-running on two Vagrant nodes: one front-end, and one back-end.
+Base test environment, mostly meant to test Ansible correctness.
+
+Runs a single Vagrant node, acting as front-end, but no services.
+
diff --git a/test/test-base/Vagrantfile b/test/test-base/Vagrantfile
index 9d50d92..ff4f307 100644
--- a/test/test-base/Vagrantfile
+++ b/test/test-base/Vagrantfile
@@ -1,4 +1,4 @@
-NUM_HOSTS = 2
+NUM_HOSTS = 1
Vagrant.configure(2) do |config|
config.vm.box = "debian/stretch64"
diff --git a/test/test-base/group_vars/all/vars.yml b/test/test-base/group_vars/all/vars.yml
index 946d05d..9f8acc1 100644
--- a/test/test-base/group_vars/all/vars.yml
+++ b/test/test-base/group_vars/all/vars.yml
@@ -13,3 +13,5 @@ admins:
net_overlays:
- name: vpn0
+enable_ssh: false
+
diff --git a/test/test-base/hosts.yml b/test/test-base/hosts.yml
index 9d92a85..1e36e21 100644
--- a/test/test-base/hosts.yml
+++ b/test/test-base/hosts.yml
@@ -13,12 +13,6 @@ hosts:
ip_ring0: 172.16.1.1
shard_id: host1
groups: [core, frontend, vagrant]
- host2:
- ansible_host: 192.168.10.11
- ip: 192.168.10.11
- ip_ring0: 172.16.1.2
- shard_id: host2
- groups: [core, backend, vagrant]
group_vars:
vagrant:
diff --git a/test/test-base/passwords.yml b/test/test-base/passwords.yml
index 3692162..e385dcc 100644
--- a/test/test-base/passwords.yml
+++ b/test/test-base/passwords.yml
@@ -1,29 +1,3 @@
-- name: test_db_password
- description: MySQL password for webapp Test
-- name: accounts_webapp_secret_key
- description: Secret key for cookies
-- name: accounts_webapp_accountserver_key
- description: accountserver key
-- name: accounts_webapp_user_helper_key
- description: user-helper key
-
-- name: sso_session_auth_secret
- description: sso-server cookie auth key
- type: binary
- length: 64
-- name: sso_session_enc_secret
- description: sso-server cookie encryption key
- type: binary
- length: 16
-- name: sso_csrf_secret
- description: sso-server cookie-based CSRF secret
- type: binary
- length: 64
-- name: sso_device_manager_auth_secret
- description: sso-server cookie-based device manager secret
- type: binary
- length: 64
-
- name: ssoproxy_session_auth_key
description: sso-proxy cookie authentication key
type: binary
@@ -32,31 +6,3 @@
description: sso-proxy cookie encryption key
type: binary
length: 32
-
-- name: ldap_root_password
- description: LDAP cn=manager password
-- name: ldap_replica_password
- description: LDAP cn=replica password
-- name: ldap_authserver_password
- description: LDAP cn=authserver password
-- name: ldap_authserver_dav_password
- description: LDAP cn=authserver-dav password
-- name: ldap_keystore_password
- description: LDAP cn=keystore password
-- name: ldap_account_automation_password
- description: LDAP cn=account-automation password
-- name: ldap_postfix_password
- description: LDAP cn=postfix password
-- name: ldap_dovecot_password
- description: LDAP cn=dovecot password
-
-- name: grafana_session_secret
- description: session secret for Grafana
- length: 32
-
-- name: roundcube_db_password
- description: MySQL password for the Roundcube user
-- name: roundcube_secret
- description: Encryption key for Roundcube sessions
- type: binary
- length: 24
diff --git a/test/test-base/services.yml b/test/test-base/services.yml
index 60d49c6..920af5f 100644
--- a/test/test-base/services.yml
+++ b/test/test-base/services.yml
@@ -1,97 +1,10 @@
---
-ldap:
- scheduling_group: core
- master_election: true
- master_scheduling_group: backend
-
frontend:
- scheduling_group: frontend
+ scheduling_group: core
service_credentials:
- name: nginx
enable_server: false
- name: ssoproxy
enable_server: false
-log-collector:
- scheduling_group: core
- num_instances: 1
- service_credentials:
- - name: log-collector
- enable_client: false
- monitoring_endpoints:
- - job_name: rsyslog-collector
- port: 9105
- scheme: http
- public_endpoints:
- - name: logs
- type: static
- port: 5601
- scheme: http
- enable_sso_proxy: true
-
-prometheus:
- scheduling_group: core
- num_instances: 1
- service_credentials:
- - { name: prometheus }
- public_endpoints:
- - name: monitor
- type: static
- port: 9090
- scheme: http
- enable_sso_proxy: true
- - name: alertmanager
- type: static
- port: 9093
- scheme: http
- enable_sso_proxy: true
- - name: grafana
- type: static
- port: 2929
- scheme: https
- enable_sso_proxy: true
- monitoring_endpoints:
- - job_name: prometheus
- port: 9090
- scheme: http
- - job_name: alertmanager
- port: 9093
- scheme: http
- - job_name: grafana
- port: 2929
- scheme: https
-
-sso-server:
- num_instances: 1
- scheduling_group: backend
- service_credentials:
- - name: sso-server
- enable_server: false
- public_endpoints:
- - name: login
- port: 5002
- scheme: http
- monitoring_endpoints:
- - job_name: sso-server
- port: 5002
- scheme: http
-
-auth-server:
- scheduling_group: core
- service_credentials:
- - name: auth-server
- enable_server: false
- ldap_credentials:
- - name: authserver
-
-user-meta-server:
- num_instances: 1
- scheduling_group: backend
- service_credentials:
- - name: user-meta-server
- monitoring_endpoints:
- - job_name: user-meta-server
- port: 5005
- scheme: https
-
diff --git a/test/test-full/README.md b/test/test-full/README.md
new file mode 100644
index 0000000..1e3ca75
--- /dev/null
+++ b/test/test-full/README.md
@@ -0,0 +1,5 @@
+"Full-featured" (more or less) test environment, including the main
+infrastructure services, running on three Vagrant nodes: one front-end,
+two back-ends. Includes a *real* service, a trivial HTTP server that
+replies "hello" to all requests (git.autistici.org/ai3/docker-okserver).
+
diff --git a/test/test-full/Vagrantfile b/test/test-full/Vagrantfile
new file mode 100644
index 0000000..a4fdcd2
--- /dev/null
+++ b/test/test-full/Vagrantfile
@@ -0,0 +1,13 @@
+NUM_HOSTS = 3
+
+Vagrant.configure(2) do |config|
+ config.vm.box = "debian/stretch64"
+ config.ssh.insert_key = false
+
+ (1..NUM_HOSTS).each do |i|
+ config.vm.define "host#{i}" do |m|
+ m.vm.hostname = "host#{i}"
+ m.vm.network "private_network", ip: "192.168.10.#{9+i}"
+ end
+ end
+end
diff --git a/test/test-full/ansible.cfg b/test/test-full/ansible.cfg
new file mode 100644
index 0000000..c6b875b
--- /dev/null
+++ b/test/test-full/ansible.cfg
@@ -0,0 +1,22 @@
+[defaults]
+library = ../../library
+roles_path = ../../roles
+inventory_plugins = ../../plugins/inventory
+action_plugins = ../../plugins/action
+vars_plugins = ../../plugins/vars
+display_skipped_hosts = False
+nocows = 1
+log_path = ansible.log
+#strategy = free
+callback_whitelist = profile_tasks, timer
+
+[inventory]
+enable_plugins = float
+
+[ssh_connection]
+ssh_args = -C -o ControlMaster=auto -o ControlPersist=120s
+control_path_dir = ~/.ansible/cp
+control_path = %(directory)s/%%h-%%r
+pipelining = True
+scp_if_ssh = True
+
diff --git a/test/test-full/config.yml b/test/test-full/config.yml
new file mode 100644
index 0000000..7209077
--- /dev/null
+++ b/test/test-full/config.yml
@@ -0,0 +1,8 @@
+---
+services_file: services.yml
+hosts_file: hosts.yml
+passwords_file: passwords.yml
+credentials_dir: conf
+vars_path: group_vars/all
+plugin: float
+
diff --git a/test/test-full/group_vars/all/vars.yml b/test/test-full/group_vars/all/vars.yml
new file mode 100644
index 0000000..9f8acc1
--- /dev/null
+++ b/test/test-full/group_vars/all/vars.yml
@@ -0,0 +1,17 @@
+---
+
+domain: internal.example.com
+domain_public:
+ - example.com
+
+admins:
+ - name: admin
+ email: admin@example.com
+ password: "$s$16384$8$1$c479e8eb722f1b071efea7826ccf9c20$96d63ebed0c64afb746026f56f71b2a1f8796c73141d2d6b1958d4ea26c60a0b"
+
+# Network overlays (vpn).
+net_overlays:
+ - name: vpn0
+
+enable_ssh: false
+
diff --git a/test/test-full/hosts.yml b/test/test-full/hosts.yml
new file mode 100644
index 0000000..3175698
--- /dev/null
+++ b/test/test-full/hosts.yml
@@ -0,0 +1,36 @@
+---
+
+# Define the hosts that are set up in the Vagrantfile.
+#
+# Groups like 'core' and 'frontend' are used for scheduling purposes
+# in services.yml, while groups like 'vagrant' are only used to set
+# common options in the group_vars section.
+
+hosts:
+ host1:
+ ansible_host: 192.168.10.10
+ ip: 192.168.10.10
+ ip_ring0: 172.16.1.1
+ shard_id: host1
+ groups: [core, frontend, vagrant]
+ host2:
+ ansible_host: 192.168.10.11
+ ip: 192.168.10.11
+ ip_ring0: 172.16.1.2
+ shard_id: host2
+ groups: [core, backend, vagrant]
+ host3:
+ ansible_host: 192.168.10.12
+ ip: 192.168.10.12
+ ip_ring0: 172.16.1.3
+ shard_id: host3
+ groups: [core, backend, vagrant]
+
+group_vars:
+ vagrant:
+ ansible_user: vagrant
+ ansible_become: true
+ ansible_ssh_private_key_file: "~/.vagrant.d/insecure_private_key"
+ ansible_ssh_pipelining: true
+ ansible_ssh_extra_args: "-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no"
+ ldap_load_test_data: true
diff --git a/test/test-full/passwords.yml b/test/test-full/passwords.yml
new file mode 100644
index 0000000..3692162
--- /dev/null
+++ b/test/test-full/passwords.yml
@@ -0,0 +1,62 @@
+- name: test_db_password
+ description: MySQL password for webapp Test
+- name: accounts_webapp_secret_key
+ description: Secret key for cookies
+- name: accounts_webapp_accountserver_key
+ description: accountserver key
+- name: accounts_webapp_user_helper_key
+ description: user-helper key
+
+- name: sso_session_auth_secret
+ description: sso-server cookie auth key
+ type: binary
+ length: 64
+- name: sso_session_enc_secret
+ description: sso-server cookie encryption key
+ type: binary
+ length: 16
+- name: sso_csrf_secret
+ description: sso-server cookie-based CSRF secret
+ type: binary
+ length: 64
+- name: sso_device_manager_auth_secret
+ description: sso-server cookie-based device manager secret
+ type: binary
+ length: 64
+
+- name: ssoproxy_session_auth_key
+ description: sso-proxy cookie authentication key
+ type: binary
+ length: 64
+- name: ssoproxy_session_enc_key
+ description: sso-proxy cookie encryption key
+ type: binary
+ length: 32
+
+- name: ldap_root_password
+ description: LDAP cn=manager password
+- name: ldap_replica_password
+ description: LDAP cn=replica password
+- name: ldap_authserver_password
+ description: LDAP cn=authserver password
+- name: ldap_authserver_dav_password
+ description: LDAP cn=authserver-dav password
+- name: ldap_keystore_password
+ description: LDAP cn=keystore password
+- name: ldap_account_automation_password
+ description: LDAP cn=account-automation password
+- name: ldap_postfix_password
+ description: LDAP cn=postfix password
+- name: ldap_dovecot_password
+ description: LDAP cn=dovecot password
+
+- name: grafana_session_secret
+ description: session secret for Grafana
+ length: 32
+
+- name: roundcube_db_password
+ description: MySQL password for the Roundcube user
+- name: roundcube_secret
+ description: Encryption key for Roundcube sessions
+ type: binary
+ length: 24
diff --git a/test/test-full/services.yml b/test/test-full/services.yml
new file mode 100644
index 0000000..8a24180
--- /dev/null
+++ b/test/test-full/services.yml
@@ -0,0 +1,111 @@
+---
+
+ldap:
+ scheduling_group: core
+ master_election: true
+ master_scheduling_group: backend
+
+frontend:
+ scheduling_group: frontend
+ service_credentials:
+ - name: nginx
+ enable_server: false
+ - name: ssoproxy
+ enable_server: false
+
+log-collector:
+ scheduling_group: core
+ num_instances: 1
+ service_credentials:
+ - name: log-collector
+ enable_client: false
+ monitoring_endpoints:
+ - job_name: rsyslog-collector
+ port: 9105
+ scheme: http
+ public_endpoints:
+ - name: logs
+ type: static
+ port: 5601
+ scheme: http
+ enable_sso_proxy: true
+
+prometheus:
+ scheduling_group: core
+ num_instances: 1
+ service_credentials:
+ - { name: prometheus }
+ public_endpoints:
+ - name: monitor
+ type: static
+ port: 9090
+ scheme: http
+ enable_sso_proxy: true
+ - name: alertmanager
+ type: static
+ port: 9093
+ scheme: http
+ enable_sso_proxy: true
+ - name: grafana
+ type: static
+ port: 2929
+ scheme: https
+ enable_sso_proxy: true
+ monitoring_endpoints:
+ - job_name: prometheus
+ port: 9090
+ scheme: http
+ - job_name: alertmanager
+ port: 9093
+ scheme: http
+ - job_name: grafana
+ port: 2929
+ scheme: https
+
+sso-server:
+ num_instances: 1
+ scheduling_group: backend
+ service_credentials:
+ - name: sso-server
+ enable_server: false
+ public_endpoints:
+ - name: login
+ port: 5002
+ scheme: http
+ monitoring_endpoints:
+ - job_name: sso-server
+ port: 5002
+ scheme: http
+
+auth-server:
+ scheduling_group: core
+ service_credentials:
+ - name: auth-server
+ enable_server: false
+ ldap_credentials:
+ - name: authserver
+
+user-meta-server:
+ num_instances: 1
+ scheduling_group: backend
+ service_credentials:
+ - name: user-meta-server
+ monitoring_endpoints:
+ - job_name: user-meta-server
+ port: 5005
+ scheme: https
+
+ok:
+ scheduling_group: all
+ num_instances: 2
+ containers:
+ - name: http
+ image: registry.git.autistici.org/ai3/docker-okserver:latest
+ port: 3100
+ env:
+ PORT: 3100
+ public_endpoints:
+ - name: ok
+ port: 3100
+ scheme: http
+
diff --git a/test/test-full/site.yml b/test/test-full/site.yml
new file mode 100644
index 0000000..f9dc15b
--- /dev/null
+++ b/test/test-full/site.yml
@@ -0,0 +1,4 @@
+---
+
+- import_playbook: ../../playbooks/all.yml
+
diff --git a/test/test-full/test.sh b/test/test-full/test.sh
new file mode 100644
index 0000000..d184e05
--- /dev/null
+++ b/test/test-full/test.sh
@@ -0,0 +1,12 @@
+#!/bin/sh
+
+# Test that the 'okserver' works via its public_endpoint.
+resp=$(curl --verbose --insecure \
+ --resolve ok.example.com:443:192.168.10.10 \
+ https://ok.example.com/)
+if [ "${resp}" != "OK" ]; then
+ echo "ERROR: bad response from ok.example.com" >&2
+ exit 1
+fi
+
+exit 0
--
GitLab