From 9781d89884be95c682ae9ba3a3da1316b0a99536 Mon Sep 17 00:00:00 2001 From: Daniel Miranda Date: Tue, 15 Nov 2016 20:06:47 -0200 Subject: [PATCH 1/6] Update Kitchen tests to use Docker --- .kitchen.yml | 25 +++++++++++++++++-------- Gemfile | 1 + Gemfile.lock | 22 ++++++++++++++++------ 3 files changed, 34 insertions(+), 14 deletions(-) diff --git a/.kitchen.yml b/.kitchen.yml index 2eac8e04..4cf86281 100644 --- a/.kitchen.yml +++ b/.kitchen.yml @@ -1,24 +1,33 @@ --- driver: - name: vagrant + name: docker + use_sudo: false provisioner: name: ansible_playbook ansible_verbose: true ansible_verbosity: 2 - require_ruby_for_busser: false - require_chef_for_busser: true + require_ruby_for_busser: true + require_chef_for_busser: false hosts: all + role_name: ansible-redis + +busser: + ruby_bindir: /usr/bin platforms: - name: ubuntu-14.04 - - name: centos-6.7 - driver_config: - box: wittman/centos-6.7-ansible - - name: centos-7.2 driver_config: - box: wittman/centos-7.2-ansible + image: williamyeh/ansible:ubuntu14.04 - name: ubuntu-16.04 + driver_config: + image: williamyeh/ansible:ubuntu16.04 + - name: centos-6 + driver_config: + image: williamyeh/ansible:centos6 + - name: centos-7 + driver_config: + image: williamyeh/ansible:centos7 suites: - name: default diff --git a/Gemfile b/Gemfile index ed2daf29..73aee532 100644 --- a/Gemfile +++ b/Gemfile @@ -3,3 +3,4 @@ source "https://rubygems.org" gem "test-kitchen" gem "kitchen-ansible" gem "kitchen-vagrant" +gem "kitchen-docker" diff --git a/Gemfile.lock b/Gemfile.lock index 70249753..b88edf3e 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,27 +1,33 @@ GEM remote: https://rubygems.org/ specs: - artifactory (2.3.3) - kitchen-ansible (0.44.6) + artifactory (2.5.1) + kitchen-ansible (0.45.5) net-ssh (~> 3.0) test-kitchen (~> 1.4) + kitchen-docker (2.6.0) + test-kitchen (>= 1.0.0) kitchen-vagrant (0.20.0) test-kitchen (~> 1.4) - mixlib-install (1.1.0) + mixlib-install (2.1.6) artifactory mixlib-shellout mixlib-versioning - mixlib-shellout (2.2.6) + thor + mixlib-shellout (2.2.7) mixlib-versioning (1.1.0) net-scp (1.2.1) net-ssh (>= 2.6.5) net-ssh (3.2.0) + net-ssh-gateway (1.2.0) + net-ssh (>= 2.6.5) safe_yaml (1.0.4) - test-kitchen (1.10.2) - mixlib-install (~> 1.0, >= 1.0.4) + test-kitchen (1.13.2) + mixlib-install (>= 1.2, < 3.0) mixlib-shellout (>= 1.2, < 3.0) net-scp (~> 1.1) net-ssh (>= 2.9, < 4.0) + net-ssh-gateway (~> 1.2.0) safe_yaml (~> 1.0) thor (~> 0.18) thor (0.19.1) @@ -31,5 +37,9 @@ PLATFORMS DEPENDENCIES kitchen-ansible + kitchen-docker kitchen-vagrant test-kitchen + +BUNDLED WITH + 1.13.6 From 0aff5c83eeb6ec6651c392b80326d96ea3d237e6 Mon Sep 17 00:00:00 2001 From: Daniel Miranda Date: Sun, 27 Nov 2016 01:55:56 -0200 Subject: [PATCH 2/6] Update Kitchen configuration for systemd Docker images --- .kitchen.yml | 26 +++++++++++++++++++++++--- 1 file changed, 23 insertions(+), 3 deletions(-) diff --git a/.kitchen.yml b/.kitchen.yml index 4cf86281..9d27c7cc 100644 --- a/.kitchen.yml +++ b/.kitchen.yml @@ -7,6 +7,7 @@ provisioner: name: ansible_playbook ansible_verbose: true ansible_verbosity: 2 + ansible_version: <%= ENV["ANSIBLE_VERSION"] || "latest" %> require_ruby_for_busser: true require_chef_for_busser: false hosts: all @@ -20,14 +21,33 @@ platforms: driver_config: image: williamyeh/ansible:ubuntu14.04 - name: ubuntu-16.04 - driver_config: - image: williamyeh/ansible:ubuntu16.04 + platform: ubuntu + driver_config: &driver_config + disable_upstart: no + provision_command: + - find /lib/systemd/system/sysinit.target.wants -xtype f -printf '%f\n' | + grep -v -E '(journal|machine-id|random-seed|tmpfiles|ldconfig)' | + xargs -d'\n' systemctl mask + - find /lib/systemd/system -xtype f + -name '*udev*' -or -name '*dracut*' -or -name '*getty*' -printf '%f\n' | + xargs -d'\n' --no-run-if-empty systemctl mask + - systemctl mask systemd-remount-fs systemd-timesyncd systemd-networkd + - systemctl set-default multi-user.target + privileged: true + run_command: /sbin/init + volume: + - /sys/fs/cgroup:/sys/fs/cgroup:ro + run_options: + tmpfs: [/run, /run/lock, /tmp] + stop-signal: SIGRTMIN+3 - name: centos-6 driver_config: image: williamyeh/ansible:centos6 - name: centos-7 + platform: centos driver_config: - image: williamyeh/ansible:centos7 + <<: *driver_config + image: centos7 suites: - name: default From 97dc4ea5d781e9666298073f5f69dbde37b0c746 Mon Sep 17 00:00:00 2001 From: Daniel Miranda Date: Sun, 27 Nov 2016 04:40:50 -0200 Subject: [PATCH 3/6] Adapt integration tests to systemd --- test/integration/default/serverspec/redis_spec.rb | 14 +++++++++++--- .../sentinel/serverspec/sentinel_spec.rb | 11 +++++++++-- .../service-name/serverspec/redis_spec.rb | 14 +++++++++++--- 3 files changed, 31 insertions(+), 8 deletions(-) diff --git a/test/integration/default/serverspec/redis_spec.rb b/test/integration/default/serverspec/redis_spec.rb index ad159b65..8ed5d8aa 100644 --- a/test/integration/default/serverspec/redis_spec.rb +++ b/test/integration/default/serverspec/redis_spec.rb @@ -1,11 +1,19 @@ require 'spec_helper' +is_systemd_init = File.realpath('/proc/1/exe').include?('systemd') +is_sysctl_writable = test('w', '/proc/sys') + describe 'Redis' do - describe service('redis_6379') do + describe service('redis_6379'), if: !is_systemd_init do it { should be_enabled } it { should be_running } end + describe service('redis_6379'), if: is_systemd_init do + #it { should be_enabled.under('systemd') } + it { should be_running.under('systemd') } + end + describe port(6379) do it { should be_listening.on('0.0.0.0').with('tcp') } end @@ -16,13 +24,13 @@ its(:content) { should match /port 6379/ } end - describe file('/var/run/redis/6379.pid') do + describe file('/var/run/redis/6379.pid'), if: !is_systemd_init do it { should be_file } it { should be_owned_by 'redis' } its(:size) { should > 0 } end - describe file('/proc/sys/vm/overcommit_memory') do + describe file('/proc/sys/vm/overcommit_memory'), if: is_sysctl_writable do it { should be_file } it { should contain '1' } end diff --git a/test/integration/sentinel/serverspec/sentinel_spec.rb b/test/integration/sentinel/serverspec/sentinel_spec.rb index ff9d7dab..cb7506fa 100644 --- a/test/integration/sentinel/serverspec/sentinel_spec.rb +++ b/test/integration/sentinel/serverspec/sentinel_spec.rb @@ -1,11 +1,18 @@ require 'spec_helper' +is_systemd_init = File.realpath('/proc/1/exe').include?('systemd') + describe 'Redis' do - describe service('sentinel_26379') do + describe service('sentinel_26379'), if: !is_systemd_init do it { should be_enabled } it { should be_running } end + describe service('sentinel_26379'), if: is_systemd_init do + #it { should be_enabled }.under('systemd') + it { should be_running }.under('systemd') + end + describe port(26379) do it { should be_listening.on('0.0.0.0').with('tcp') } end @@ -16,7 +23,7 @@ its(:content) { should match /port 26379/ } end - describe file('/var/run/redis/sentinel_26379.pid') do + describe file('/var/run/redis/sentinel_26379.pid'), if: !is_systemd_init do it { should be_file } it { should be_owned_by 'redis' } its(:size) { should > 0 } diff --git a/test/integration/service-name/serverspec/redis_spec.rb b/test/integration/service-name/serverspec/redis_spec.rb index 75e7050e..42109070 100644 --- a/test/integration/service-name/serverspec/redis_spec.rb +++ b/test/integration/service-name/serverspec/redis_spec.rb @@ -1,11 +1,19 @@ require 'spec_helper' +is_systemd_init = File.realpath('/proc/1/exe').include?('systemd') +is_sysctl_writable = test('w', '/proc/sys') + describe 'Redis' do - describe service('redis') do + describe service('redis'), if: !is_systemd_init do it { should be_enabled } it { should be_running } end + describe service('redis'), if: is_systemd_init do + #it { should be_enabled.under('systemd') } + it { should be_running.under('systemd') } + end + describe port(6379) do it { should be_listening.on('0.0.0.0').with('tcp') } end @@ -16,13 +24,13 @@ its(:content) { should match /port 6379/ } end - describe file('/var/run/redis/6379.pid') do + describe file('/var/run/redis/6379.pid'), if: !systemd_init do it { should be_file } it { should be_owned_by 'redis' } its(:size) { should > 0 } end - describe file('/proc/sys/vm/overcommit_memory') do + describe file('/proc/sys/vm/overcommit_memory'), if: is_sysctl_writable do it { should be_file } it { should contain '1' } end From 18ba49d228e2a0396415144cb5e4da30ebc24784 Mon Sep 17 00:00:00 2001 From: Daniel Miranda Date: Sun, 27 Nov 2016 04:41:53 -0200 Subject: [PATCH 4/6] Ignore errors when setting sysctl parameters It's not enough to use `ignoreerrors` for the sysctl module itself, as it only ignore unknown keys, not errors when *applying* the changes, as can happen on container environments. --- tasks/install.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/tasks/install.yml b/tasks/install.yml index 5ed37920..2b1cb48c 100644 --- a/tasks/install.yml +++ b/tasks/install.yml @@ -36,6 +36,7 @@ state: present reload: yes ignoreerrors: yes + failed_when: False when: redis_travis_ci is not defined # get_url on Ansible 1.x only supports sha256 checksumming, so we're only From 5b2bba972c6d479270c5e7ff98e4828110a5797e Mon Sep 17 00:00:00 2001 From: Daniel Miranda Date: Sun, 27 Nov 2016 04:42:33 -0200 Subject: [PATCH 5/6] Update Kitchen configuration to adapt images to run systemd as init --- .kitchen.yml | 35 +++++++++++++++++++++-------------- 1 file changed, 21 insertions(+), 14 deletions(-) diff --git a/.kitchen.yml b/.kitchen.yml index 9d27c7cc..8845b67d 100644 --- a/.kitchen.yml +++ b/.kitchen.yml @@ -20,35 +20,42 @@ platforms: - name: ubuntu-14.04 driver_config: image: williamyeh/ansible:ubuntu14.04 + - name: ubuntu-16.04 - platform: ubuntu - driver_config: &driver_config + driver_config: &systemd_driver_config disable_upstart: no provision_command: - - find /lib/systemd/system/sysinit.target.wants -xtype f -printf '%f\n' | + - &provision_cmd_1 + find /lib/systemd/system/sysinit.target.wants -xtype f -printf '%f\n' | grep -v -E '(journal|machine-id|random-seed|tmpfiles|ldconfig)' | - xargs -d'\n' systemctl mask - - find /lib/systemd/system -xtype f - -name '*udev*' -or -name '*dracut*' -or -name '*getty*' -printf '%f\n' | xargs -d'\n' --no-run-if-empty systemctl mask - - systemctl mask systemd-remount-fs systemd-timesyncd systemd-networkd - - systemctl set-default multi-user.target - privileged: true + - &provision_cmd_2 + find /lib/systemd/system -xtype f -printf '%f\n' | + grep -E '(udev|dracut|getty)' | + xargs -d'\n' --no-run-if-empty systemctl mask + - &provision_cmd_3 + systemctl mask systemd-remount-fs systemd-timesyncd systemd-networkd run_command: /sbin/init volume: - /sys/fs/cgroup:/sys/fs/cgroup:ro run_options: - tmpfs: [/run, /run/lock, /tmp] stop-signal: SIGRTMIN+3 + security_opt: seccomp=unconfined + cap_add: SYS_ADMIN + - name: centos-6 driver_config: image: williamyeh/ansible:centos6 + - name: centos-7 - platform: centos driver_config: - <<: *driver_config - image: centos7 - + <<: *systemd_driver_config + image: centos:7 + provision_command: + - *provision_cmd_1 + - *provision_cmd_2 + - *provision_cmd_3 + - yum install -y iproute suites: - name: default - name: logfile From fba2efa033afd266d61ee9997805fdc5de5f7284 Mon Sep 17 00:00:00 2001 From: Daniel Miranda Date: Sun, 27 Nov 2016 04:43:01 -0200 Subject: [PATCH 6/6] kitchen: limit max. SSH sessions to fix intermittent upload errors --- .kitchen.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.kitchen.yml b/.kitchen.yml index 8845b67d..f7441230 100644 --- a/.kitchen.yml +++ b/.kitchen.yml @@ -3,6 +3,10 @@ driver: name: docker use_sudo: false +transport: + name: ssh + max_ssh_sessions: 5 + provisioner: name: ansible_playbook ansible_verbose: true