diff --git a/README.md b/README.md index c727a84a..cf5de0e9 100644 --- a/README.md +++ b/README.md @@ -20,7 +20,7 @@ See below The role requires additional collections which are specified in `meta/collection-requirements.yml`. These are not automatically installed. You must install them like this: ```bash -ansible-galaxy install -vv -r meta/collection-requirements.yml` +ansible-galaxy install -vv -r meta/collection-requirements.yml ``` ## Role Variables @@ -30,7 +30,7 @@ These are the variables that can be passed to the role: | **Variable** | **Default** | **Description** | |----------|-------------|------| | `nbde_server_provider` | `tang` | identifies the provider for `nbde_server` role. We currently support `tang` as an `nbde_server` provider, meaning that the `nbde_server` role is currently able to provision/deploy tang servers. -| `nbde_server_service_state` | `started` | indicates the state the nbde_server should be. It can be either `started` (default) or `stopped`. `started` means the server is accepting connections, whereas `stopped` means it is not accepting connections. +| `nbde_server_service_state` | `started` | indicates the state the nbde_server should be. It can be either `started` (default) or `stopped`. `started` means the server is accepting connections, whereas `stopped` means it is not accepting connections. Ignored for non-booted hosts like container builds, then the service is always started at boot. | `nbde_server_rotate_keys`| `false` | indicates whether we should rotate existing keys -- if any -- , then create new keys. Default behavior (`false`) is to create new keys, if there are none, and don't touch the keys, if they exist. If set to `true`, existing keys will be rotated and new keys will be created. |`nbde_server_fetch_keys`| `false` | indicates whether we should fetch keys to the control node, in which case they will be placed in `nbde_server_keys_dir`. You **must** set `nbde_server_keys_dir` to use `nbde_server_fetch_keys`. |`nbde_server_deploy_keys`| `false` |indicates whether we should deploy the keys located in `nbde_server_keys_dir` directory to the remote hosts. You **must** set `nbde_server_keys_dir` to use `nbde_server_deploy_keys`. diff --git a/meta/main.yml b/meta/main.yml index ddb9d728..739db98c 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -18,6 +18,7 @@ galaxy_info: galaxy_tags: - centos - clevis + - containerbuild - el7 - el8 - el9 diff --git a/tasks/main-tang.yml b/tasks/main-tang.yml index cbf599bd..329a6f8b 100644 --- a/tasks/main-tang.yml +++ b/tasks/main-tang.yml @@ -36,7 +36,9 @@ - name: Reload the daemons so the new changes take effect systemd: daemon_reload: true - when: __nbde_server_port_changed | d(false) | bool + when: + - __nbde_server_port_changed | d(false) | bool + - __nbde_server_is_booted | bool - name: Ensure required services are enabled and at the right state service: @@ -45,8 +47,8 @@ enabled: true loop: "{{ __nbde_server_services }}" vars: - __state: "{{ nbde_server_service_state if - nbde_server_service_state != 'started' else + __state: "{{ omit if not __nbde_server_is_booted else + nbde_server_service_state if nbde_server_service_state != 'started' else 'restarted' if __nbde_server_port_changed else 'started' }}" diff --git a/tasks/set_vars.yml b/tasks/set_vars.yml index 0b8b85aa..e406c0d7 100644 --- a/tasks/set_vars.yml +++ b/tasks/set_vars.yml @@ -6,7 +6,7 @@ difference(ansible_facts.keys() | list) | length > 0 - name: Determine if system is ostree and set flag - when: not __nbde_server_is_ostree is defined + when: __nbde_server_is_ostree is not defined block: - name: Check if system is ostree stat: @@ -17,6 +17,27 @@ set_fact: __nbde_server_is_ostree: "{{ __ostree_booted_stat.stat.exists }}" +- name: Determine if system is booted with systemd + when: __nbde_server_is_booted is not defined + block: + - name: Run systemctl + # noqa command-instead-of-module + command: systemctl is-system-running + register: __is_system_running + changed_when: false + check_mode: false + failed_when: false + + - name: Require installed systemd + fail: + msg: "Error: This role requires systemd to be installed." + when: '"No such file or directory" in __is_system_running.msg | d("")' + + - name: Set flag to indicate that systemd runtime operations are available + set_fact: + # see https://www.man7.org/linux/man-pages/man1/systemctl.1.html#:~:text=is-system-running%20output + __nbde_server_is_booted: "{{ __is_system_running.stdout != 'offline' }}" + - name: Set platform/version specific variables include_vars: "{{ lookup('first_found', ffparams) }}" vars: diff --git a/tests/tasks/check_header.yml b/tests/tasks/check_header.yml index 607320f0..efcac838 100644 --- a/tests/tasks/check_header.yml +++ b/tests/tasks/check_header.yml @@ -9,8 +9,8 @@ - name: Check for presence of ansible managed header, fingerprint assert: that: - - ansible_managed in content + - __ansible_managed in content - __fingerprint in content vars: content: "{{ (__file_content | d(__content)).content | b64decode }}" - ansible_managed: "{{ lookup('template', 'get_ansible_managed.j2') }}" + __ansible_managed: "{{ lookup('template', 'get_ansible_managed.j2') }}" diff --git a/tests/tasks/verify-role-results.yml b/tests/tasks/verify-role-results.yml index 4501d4ba..2e1dcb00 100644 --- a/tests/tasks/verify-role-results.yml +++ b/tests/tasks/verify-role-results.yml @@ -16,7 +16,7 @@ service: name: "{{ item }}" enabled: true - state: started + state: "{{ 'started' if __nbde_server_is_booted else omit }}" check_mode: true register: nbde_server_services_state loop: "{{ __nbde_server_services }}" diff --git a/tests/tests_default_vars.yml b/tests/tests_default_vars.yml index d72be960..cf1ba836 100644 --- a/tests/tests_default_vars.yml +++ b/tests/tests_default_vars.yml @@ -8,16 +8,20 @@ include_role: name: linux-system-roles.nbde_server public: true + - name: Assert that the role declares all parameters in defaults assert: - that: "{{ item }} is defined" - loop: - - nbde_server_provider - - nbde_server_deploy_keys - - nbde_server_fetch_keys - - nbde_server_rotate_keys - - nbde_server_keys_dir + that: nbde_server_vars | length == nbde_server_vars_vals | length + vars: + nbde_server_vars: + - nbde_server_provider + - nbde_server_deploy_keys + - nbde_server_fetch_keys + - nbde_server_rotate_keys + - nbde_server_keys_dir + nbde_server_vars_vals: "{{ lookup('vars', *nbde_server_vars) }}" when: ansible_version.full is version_compare('2.9', '>=') + always: - name: Cleanup tags: tests::cleanup diff --git a/tests/tests_nbde_server_service_state.yml b/tests/tests_nbde_server_service_state.yml index 531c765d..6b333420 100644 --- a/tests/tests_nbde_server_service_state.yml +++ b/tests/tests_nbde_server_service_state.yml @@ -18,7 +18,7 @@ service: name: "{{ item }}" enabled: true - state: started + state: "{{ 'started' if __nbde_server_is_booted else omit }}" register: nbde_server_state check_mode: true loop: "{{ __nbde_server_services }}" @@ -39,7 +39,7 @@ service: name: "{{ item }}" enabled: true - state: stopped + state: "{{ 'stopped' if __nbde_server_is_booted else omit }}" register: nbde_server_state check_mode: true loop: "{{ __nbde_server_services }}" @@ -60,7 +60,7 @@ service: name: "{{ item }}" enabled: true - state: started + state: "{{ 'started' if __nbde_server_is_booted else omit }}" register: nbde_server_state check_mode: true loop: "{{ __nbde_server_services }}" diff --git a/tests/tests_tangd_custom_port.yml b/tests/tests_tangd_custom_port.yml index a55cddec..683e634a 100644 --- a/tests/tests_tangd_custom_port.yml +++ b/tests/tests_tangd_custom_port.yml @@ -13,6 +13,15 @@ include_role: name: linux-system-roles.nbde_server public: true + when: not __bootc_validation | d(false) + + # role does not run during bootc QEMU validation, thus some vars are undefined + - name: Set __nbde_server_is_booted for bootc validation tests + set_fact: + __nbde_server_is_booted: true + # see vars/main.yml + __nbde_server_tangd_socket_file_path: /etc/systemd/system/tangd.socket.d/override.conf + when: __bootc_validation | d(false) - name: Ensure iproute package for ss command package: @@ -20,6 +29,13 @@ state: present use: "{{ (__nbde_server_is_ostree | d(false)) | ternary('ansible.posix.rhel_rpm_ostree', omit) }}" + when: not __bootc_validation | d(false) + + - name: Create QEMU deployment during bootc end-to-end test + delegate_to: localhost + command: "{{ lsr_scriptdir }}/bootc-buildah-qcow.sh {{ ansible_host }}" + changed_when: true + when: ansible_connection == "buildah" - name: Check if port is open shell: @@ -31,6 +47,7 @@ failed_when: not __open_ports_output.stdout is search(':' ~ (nbde_server_port | string) ~ '$') changed_when: false + when: __nbde_server_is_booted | bool - name: Check if port TCP is open shell: @@ -41,10 +58,11 @@ register: __open_ports_output failed_when: __open_ports_output.stdout != "tcp" changed_when: false + when: __nbde_server_is_booted | bool - name: Check if port is opened in firewall command: >- - firewall-cmd --zone {{ nbde_server_firewall_zone }} --query-port + firewall-offline-cmd --zone {{ nbde_server_firewall_zone }} --query-port {{ nbde_server_port }}/tcp register: __firewall_output changed_when: false @@ -55,6 +73,12 @@ __file: "{{ __nbde_server_tangd_socket_file_path }}" __fingerprint: "system_role:nbde_server" + # do just one image/verify cycle for the bootc end-to-end test + - name: Skip remaining steps in bootc end-to-end validation + meta: end_play + when: __bootc_validation | d(false) + + - name: Install with default port and firewall zone include_role: name: linux-system-roles.nbde_server @@ -74,6 +98,7 @@ failed_when: not __open_ports_output.stdout is search(':80$') changed_when: false + when: __nbde_server_is_booted | bool - name: Check if port TCP is open shell: @@ -83,10 +108,11 @@ register: __open_ports_output failed_when: __open_ports_output.stdout != "tcp" changed_when: false + when: __nbde_server_is_booted | bool - name: Check if port is opened in firewall command: >- - firewall-cmd --zone {{ nbde_server_firewall_zone }} --query-port + firewall-offline-cmd --zone {{ nbde_server_firewall_zone }} --query-port 80/tcp register: __firewall_output changed_when: false