Compare revisions

Amir Forsat · Amir Forsat · Alessio Curri · Alessio Curri · Alex Thibault-Ferial · Alex Thibault-Ferial
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
 ---
-include: 'https://gitlab.esss.lu.se/ics-infrastructure/gitlab-ci-yml/raw/master/Molecule.gitlab-ci.yml'
+variables:
+  GIT_SUBMODULE_STRATEGY: normal
+  CSENTRY_URL: https://csentry.esss.lu.se
+  CSENTRY_TOKEN: to-be-defined-in-group-variables
+  ANSIBLE_TRANSFORM_INVALID_GROUP_CHARS: ignore
+  MOLECULE_FLAGS: ""
+
+workflow:
+  rules:
+    - if: $CI_PIPELINE_SOURCE == "merge_request_event" && $CI_MERGE_REQUEST_PROJECT_ID == $CI_MERGE_REQUEST_SOURCE_PROJECT_ID
+      when: never
+    - when: always
+
+default:
+  after_script:
+    - rm -f ~/.ssh/id_ed25519
+  before_script:
+    # Make sure there are no other roles or playbooks in the parent directory
+    # molecule lint would process them otherwise (if they are dependencies)
+    - find .. -maxdepth 1 -mindepth 1 -type d ! -name ${CI_PROJECT_NAME} ! -name ${CI_PROJECT_NAME}.tmp -exec rm -rf {} \;
+    # Add a ssh key to be able to clone private roles
+    - mkdir -p ~/.ssh
+    - echo "${MOLECULE_SSH_KEY}" > ~/.ssh/id_ed25519
+    - chmod 600 ~/.ssh/id_ed25519
+    - ssh-keyscan -H gitlab.esss.lu.se > ~/.ssh/known_hosts
+    - conda activate molecule
+
+stages:
+  - test
+  - analyse
+
+run_molecule:
+  tags:
+    - molecule_ubuntu
+  stage: test
+  script:
+    - molecule $MOLECULE_FLAGS test --all
+  rules:
+    - if: '$CI_COMMIT_TAG == null'
+
+run_pytest:
+  tags:
+    - molecule
+  stage: test
+  script:
+    - pytest -v tests
+  rules:
+    - if: '$CI_COMMIT_TAG == null'
+      exists:
+        - tests/*.py
+
+run-sonar-scanner:
+  tags:
+    - docker
+  stage: analyse
+  image: sonarsource/sonar-scanner-cli:latest
+  before_script: []
+  script:
+    - sonar-scanner -Dsonar.projectKey=$CI_PROJECT_NAME -Dsonar.sources=.
+  rules:
+    - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH && $CI_PROJECT_ROOT_NAMESPACE == "ics-ansible-galaxy"'
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -21,10 +21,8 @@ tinyproxy_urls: []

 tinyproxy_upstream: false

-tinyproxy_upstream_proxies:
-    - address: proxy.com
-      port: 8080
-      url: local.domain
+tinyproxy_upstream_proxies: []
+

 tinyproxy_filter: true

@@ -34,3 +32,6 @@ tinyproxy_filtering:
    extended: "On"
    default_deny: "On"
    case_sensitive: "Off"
+
+tinyproxy_via_proxy_name: tinyproxy
+tinyproxy_no_upstream_for: []
--- a/molecule/default/molecule.yml
+++ b/molecule/default/molecule.yml
@@ -15,6 +15,12 @@ provisioner:
  inventory:
    group_vars:
      default_group:
+        tinyproxy_no_upstream_for:
+          - .tn.esss.lu.se
+        tinyproxy_upstream_proxies:
+          - address: proxy.com
+            port: 8080
+            url: local.domain
 scenario:
  name: default
 verifier:
@@ -24,6 +30,16 @@ driver:
  provider:
    name: virtualbox
 platforms:
+  - name: ics-ans-role-tinyproxy-ubuntu
+    box: ubuntu/jammy64
+    memory: 1024
+    cpus: 2
+    instance_raw_config_args:
+      - "vbguest.auto_update = false"
+      - "vm.boot_timeout = 600"
+    groups:
+      - default_group
+
  - name: ics-ans-role-tinyproxy-default
    box: centos/7
    memory: 512

--- a/molecule/default/molecule.yml.docker
+++ b/molecule/default/molecule.yml.docker
+---
+dependency:
+  name: galaxy
+lint: |
+  set -e
+  yamllint .
+  ansible-lint
+  flake8 |
+  set -e
+  yamllint .
+  ansible-lint
+  flake8
+provisioner:
+  name: ansible
+  inventory:
+    group_vars:
+      default_group:
+        tinyproxy_no_upstream_for:
+          - .tn.esss.lu.se
+        tinyproxy_upstream_proxies:
+          - address: proxy.com
+            port: 8080
+            url: local.domain
+            
+verifier:
+  name: testinfra
+driver:
+  name: docker
+platforms:
+  - name: ics-ans-role-tinyproxy-default
+    image: registry.esss.lu.se/ics-docker/centos-systemd:7
+    capabilities:
+      - SYS_ADMIN
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup
+    tmpfs:
+      - /run
+    command: /sbin/init
+    groups:
+      - default_group
+
+  - name: ics-ans-role-tinyproxy-default-ubuntu22
+    image: registry.esss.lu.se/ics-docker/ubuntu-systemd:22.04
+    capabilities:
+      - SYS_ADMIN
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup
+    tmpfs:
+      - /run
+    command: /sbin/init
+    groups:
+      - default_group
+
+  - name: ics-ans-role-tinyproxy-default-ubuntu20
+    image: docker.esss.lu.se/jrei/systemd-ubuntu:20.04
+    capabilities:
+      - SYS_ADMIN
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup
+    tmpfs:
+      - /run
+    command: /sbin/init
+    groups:
+      - default_group
--- a/molecule/default/prepare.yml
+++ b/molecule/default/prepare.yml
 ---
 - name: Prepare
  hosts: all
-  gather_facts: false
+  gather_facts: true
  tasks:
-    - name: Install python for Ansible
+    - name: Install python for Ansible CentOS
      raw: test -e /usr/bin/python || (apt -y update && apt install -y python-minimal)
      become: true
      changed_when: false
+      when: ansible_os_family == "RedHat"
+
+    - name: Install python for Ansible Ubuntu
+      raw: test -e /usr/bin/python || (apt -y update && apt install -y python3-minimal)
+      become: true
+      changed_when: false
+      when: ansible_os_family == "Debian"
--- a/molecule/default/tests/test_default.py
+++ b/molecule/default/tests/test_default.py
@@ -9,10 +9,15 @@ testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
 def test_tinyproxy_is_installed(host):
    tinyproxy = host.package("tinyproxy")
    assert tinyproxy.is_installed
-    assert tinyproxy.version.startswith("1.11.1")


 def test_tinyproxy_running_and_enabled(host):
    tinyproxy = host.service("tinyproxy.service")
    assert tinyproxy.is_running
    assert tinyproxy.is_enabled
+
+
+def test_tinyproxy_config(host):
+    proxy_conf = host.file('/etc/tinyproxy/tinyproxy.conf').content_string
+    assert 'Upstream none ".tn.esss.lu.se"' in proxy_conf
+    assert 'Upstream http proxy.com:8080  "local.domain"' in proxy_conf
--- a/tasks/main.yml
+++ b/tasks/main.yml
 ---
- name: Install tinyproxy
+- name: Install tinyproxy for CentOS
  yum:
    name: https://artifactory.esss.lu.se/artifactory/rpm-ics/centos/7/x86_64/tinyproxy-1.11.1-0.x86_64.rpm
    state: present
+  when: ansible_os_family == "RedHat"
+
+- name: Install tinyproxy Ubuntu
+  apt:
+    update_cache: true
+    package: tinyproxy
+    state: present
+  when: ansible_os_family == "Debian"

 - name: Create directory for PID file
  file:

--- a/templates/tinyproxy.conf
+++ b/templates/tinyproxy.conf
@@ -45,14 +45,21 @@ FilterCaseSensitive {{ tinyproxy_filtering.case_sensitive }}
 FilterDefaultDeny {{ tinyproxy_filtering.default_deny }}
 {% endif %}

-{% if tinyproxy_upstream %}
+
 {% for proxy in tinyproxy_upstream_proxies %}
 Upstream http {{ proxy.address }}:{{ proxy.port }} {% if proxy.url is defined %} "{{ proxy.url }}" {% endif %}
 {% endfor %}
-{% endif %}

-ViaProxyName "tinyproxy"
+
+{% for no_upstream in tinyproxy_no_upstream_for %}
+Upstream none "{{ no_upstream }}"
+{% endfor %}
+
+ViaProxyName "{{ tinyproxy_via_proxy_name }}"

 {% for port in tinyproxy_connect_ports | default([]) %}
 ConnectPort {{ port }}
 {% endfor %}
+
+Syslog On
+LogLevel Connect
No results found