From e290877e33c427e5f0ad25116c8714c0bf0b034e Mon Sep 17 00:00:00 2001 From: Clinton Wolfe Date: Mon, 3 May 2021 18:15:41 -0400 Subject: [PATCH 1/5] Inline env vars in invocation Signed-off-by: Clinton Wolfe --- .expeditor/integration.resources.yml | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/.expeditor/integration.resources.yml b/.expeditor/integration.resources.yml index 3506d22a8..a3c06fe97 100644 --- a/.expeditor/integration.resources.yml +++ b/.expeditor/integration.resources.yml @@ -10,12 +10,8 @@ expeditor: steps: - label: Resource-Platform Tests command: - - RAKE_TASK=test:kitchen /workdir/.expeditor/buildkite/verify.sh + - CONCURRENCY=3 DOCKER=1 KITCHEN_YAML=kitchen.dokken.yml RAKE_TASK=test:kitchen /workdir/.expeditor/buildkite/verify.sh expeditor: executor: docker: - environment: - - CONCURRENCY: 3 - - DOCKER: 1 - - KITCHEN_YAML: kitchen.dokken.yml image: ruby:2.7 From cf8bcfb9fac2056f2d20665cccdafbd2017d6467 Mon Sep 17 00:00:00 2001 From: Clinton Wolfe Date: Mon, 3 May 2021 19:30:01 -0400 Subject: [PATCH 2/5] Borrow docker setup script from chef/chef and try a single suite Signed-off-by: Clinton Wolfe --- .expeditor/buildkite/bk_linux_exec.sh | 51 +++++++++++++++++++++++++++ .expeditor/integration.resources.yml | 25 ++++++++++--- 2 files changed, 71 insertions(+), 5 deletions(-) create mode 100755 .expeditor/buildkite/bk_linux_exec.sh diff --git a/.expeditor/buildkite/bk_linux_exec.sh b/.expeditor/buildkite/bk_linux_exec.sh new file mode 100755 index 000000000..b5cbebc5d --- /dev/null +++ b/.expeditor/buildkite/bk_linux_exec.sh @@ -0,0 +1,51 @@ +#!/bin/bash + +# Enable IPv6 in docker +echo "--- Enabling ipv6 on docker" +sudo systemctl stop docker +dockerd_config="/etc/docker/daemon.json" +sudo echo "$(jq '. + {"ipv6": true, "fixed-cidr-v6": "2001:2019:6002::/80", "ip-forward": false}' $dockerd_config)" > $dockerd_config +sudo systemctl start docker + +# Install C and C++ +echo "--- Installing package deps" +sudo yum install -y gcc gcc-c++ openssl-devel readline-devel zlib-devel + +# Install ASDF +echo "--- Installing asdf to ${HOME}/.asdf" +git clone https://github.com/asdf-vm/asdf.git "${HOME}/.asdf" +cd "${HOME}/.asdf"; git checkout "$(git describe --abbrev=0 --tags)"; cd - +. "${HOME}/.asdf/asdf.sh" + +# Install Ruby +ruby_version=$(sed -n '/"ruby"/{s/.*version: "//;s/"//;p;}' omnibus_overrides.rb) +echo "--- Installing Ruby $ruby_version" +asdf plugin add ruby +asdf install ruby $ruby_version +asdf global ruby $ruby_version + +# Set Environment Variables +export BUNDLE_GEMFILE=$PWD/Gemfile +export FORCE_FFI_YAJL=ext +export CHEF_LICENSE="accept-silent" + +# Update Gems +echo "--- Installing Gems" +echo 'gem: --no-document' >> ~/.gemrc +sudo iptables -L DOCKER || ( echo "DOCKER iptables chain missing" ; sudo iptables -N DOCKER ) +bundle install --jobs=3 --retry=3 --path=../vendor/bundle + +echo "--- Config information" + +echo "!!!! RUBY VERSION !!!!" +ruby --version +echo "!!!! BUNDLER LOCATION !!!!" +which bundle +echo "!!!! BUNDLER VERSION !!!!" +bundle -v +echo "!!!! DOCKER VERSION !!!!" +docker version +echo "!!!! DOCKER STATUS !!!!" +sudo service docker status + +echo "+++ Running tests" diff --git a/.expeditor/integration.resources.yml b/.expeditor/integration.resources.yml index a3c06fe97..59031754e 100644 --- a/.expeditor/integration.resources.yml +++ b/.expeditor/integration.resources.yml @@ -8,10 +8,25 @@ expeditor: limit: 1 steps: - - label: Resource-Platform Tests - command: - - CONCURRENCY=3 DOCKER=1 KITCHEN_YAML=kitchen.dokken.yml RAKE_TASK=test:kitchen /workdir/.expeditor/buildkite/verify.sh + # - label: Resource-Platform Tests + # command: + # - CONCURRENCY=3 DOCKER=1 KITCHEN_YAML=kitchen.dokken.yml RAKE_TASK=test:kitchen /workdir/.expeditor/buildkite/verify.sh + # expeditor: + # executor: + # docker: + # image: ruby:2.7 + + - label: "Kitchen: resources-amazonlinux-2" + commands: + - .expeditor/buildkite/bk_linux_exec.sh + - . /var/lib/buildkite-agent/.asdf/asdf.sh + - bundle exec kitchen test resources-amazonlinux-2 + artifact_paths: + - $PWD/.kitchen/logs/kitchen.log + env: + KITCHEN_YAML: kitchen.dokken.yml expeditor: executor: - docker: - image: ruby:2.7 + linux: + privileged: true + single-use: true From f8c71cf212c5a8c841dbd7258cb4f1e84c097a8a Mon Sep 17 00:00:00 2001 From: Clinton Wolfe Date: Mon, 3 May 2021 19:43:31 -0400 Subject: [PATCH 3/5] Add docker=1 flag Signed-off-by: Clinton Wolfe --- .expeditor/integration.resources.yml | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/.expeditor/integration.resources.yml b/.expeditor/integration.resources.yml index 59031754e..cb5333433 100644 --- a/.expeditor/integration.resources.yml +++ b/.expeditor/integration.resources.yml @@ -8,14 +8,6 @@ expeditor: limit: 1 steps: - # - label: Resource-Platform Tests - # command: - # - CONCURRENCY=3 DOCKER=1 KITCHEN_YAML=kitchen.dokken.yml RAKE_TASK=test:kitchen /workdir/.expeditor/buildkite/verify.sh - # expeditor: - # executor: - # docker: - # image: ruby:2.7 - - label: "Kitchen: resources-amazonlinux-2" commands: - .expeditor/buildkite/bk_linux_exec.sh @@ -25,6 +17,7 @@ steps: - $PWD/.kitchen/logs/kitchen.log env: KITCHEN_YAML: kitchen.dokken.yml + DOCKER: 1 expeditor: executor: linux: From eb5615dd431a08dc3868bed9535e26803d2863d1 Mon Sep 17 00:00:00 2001 From: Clinton Wolfe Date: Mon, 3 May 2021 20:00:38 -0400 Subject: [PATCH 4/5] Add remaining platforms as separate steps Signed-off-by: Clinton Wolfe --- .expeditor/integration.resources.yml | 157 +++++++++++++++++++++++++++ 1 file changed, 157 insertions(+) diff --git a/.expeditor/integration.resources.yml b/.expeditor/integration.resources.yml index cb5333433..ff0d12972 100644 --- a/.expeditor/integration.resources.yml +++ b/.expeditor/integration.resources.yml @@ -23,3 +23,160 @@ steps: linux: privileged: true single-use: true + + - label: "Kitchen: resources-centos-7" + commands: + - .expeditor/buildkite/bk_linux_exec.sh + - . /var/lib/buildkite-agent/.asdf/asdf.sh + - bundle exec kitchen test resources-centos-7 + artifact_paths: + - $PWD/.kitchen/logs/kitchen.log + env: + KITCHEN_YAML: kitchen.dokken.yml + DOCKER: 1 + expeditor: + executor: + linux: + privileged: true + single-use: true + + - label: "Kitchen: resources-centos-8" + commands: + - .expeditor/buildkite/bk_linux_exec.sh + - . /var/lib/buildkite-agent/.asdf/asdf.sh + - bundle exec kitchen test resources-centos-8 + artifact_paths: + - $PWD/.kitchen/logs/kitchen.log + env: + KITCHEN_YAML: kitchen.dokken.yml + DOCKER: 1 + expeditor: + executor: + linux: + privileged: true + single-use: true + + - label: "Kitchen: resources-debian-9" + commands: + - .expeditor/buildkite/bk_linux_exec.sh + - . /var/lib/buildkite-agent/.asdf/asdf.sh + - bundle exec kitchen test resources-debian-9 + artifact_paths: + - $PWD/.kitchen/logs/kitchen.log + env: + KITCHEN_YAML: kitchen.dokken.yml + DOCKER: 1 + expeditor: + executor: + linux: + privileged: true + single-use: true + - label: "Kitchen: resources-debian-10" + commands: + - .expeditor/buildkite/bk_linux_exec.sh + - . /var/lib/buildkite-agent/.asdf/asdf.sh + - bundle exec kitchen test resources-debian-10 + artifact_paths: + - $PWD/.kitchen/logs/kitchen.log + env: + KITCHEN_YAML: kitchen.dokken.yml + DOCKER: 1 + expeditor: + executor: + linux: + privileged: true + single-use: true + + - label: "Kitchen: resources-fedora-latest" + commands: + - .expeditor/buildkite/bk_linux_exec.sh + - . /var/lib/buildkite-agent/.asdf/asdf.sh + - bundle exec kitchen test resources-fedora-latest + artifact_paths: + - $PWD/.kitchen/logs/kitchen.log + env: + KITCHEN_YAML: kitchen.dokken.yml + DOCKER: 1 + expeditor: + executor: + linux: + privileged: true + single-use: true + + - label: "Kitchen: resources-oraclelinux-7" + commands: + - .expeditor/buildkite/bk_linux_exec.sh + - . /var/lib/buildkite-agent/.asdf/asdf.sh + - bundle exec kitchen test resources-oraclelinux-7 + artifact_paths: + - $PWD/.kitchen/logs/kitchen.log + env: + KITCHEN_YAML: kitchen.dokken.yml + DOCKER: 1 + expeditor: + executor: + linux: + privileged: true + single-use: true + - label: "Kitchen: resources-oraclelinux-8" + commands: + - .expeditor/buildkite/bk_linux_exec.sh + - . /var/lib/buildkite-agent/.asdf/asdf.sh + - bundle exec kitchen test resources-oraclelinux-8 + artifact_paths: + - $PWD/.kitchen/logs/kitchen.log + env: + KITCHEN_YAML: kitchen.dokken.yml + DOCKER: 1 + expeditor: + executor: + linux: + privileged: true + single-use: true + + - label: "Kitchen: resources-opensuse-leap" + commands: + - .expeditor/buildkite/bk_linux_exec.sh + - . /var/lib/buildkite-agent/.asdf/asdf.sh + - bundle exec kitchen test resources-opensuse-leap + artifact_paths: + - $PWD/.kitchen/logs/kitchen.log + env: + KITCHEN_YAML: kitchen.dokken.yml + DOCKER: 1 + expeditor: + executor: + linux: + privileged: true + single-use: true + + - label: "Kitchen: resources-ubuntu-1804" + commands: + - .expeditor/buildkite/bk_linux_exec.sh + - . /var/lib/buildkite-agent/.asdf/asdf.sh + - bundle exec kitchen test resources-ubuntu-1804 + artifact_paths: + - $PWD/.kitchen/logs/kitchen.log + env: + KITCHEN_YAML: kitchen.dokken.yml + DOCKER: 1 + expeditor: + executor: + linux: + privileged: true + single-use: true + - label: "Kitchen: resources-ubuntu-2004" + commands: + - .expeditor/buildkite/bk_linux_exec.sh + - . /var/lib/buildkite-agent/.asdf/asdf.sh + - bundle exec kitchen test resources-ubuntu-2004 + artifact_paths: + - $PWD/.kitchen/logs/kitchen.log + env: + KITCHEN_YAML: kitchen.dokken.yml + DOCKER: 1 + expeditor: + executor: + linux: + privileged: true + single-use: true From 06fcd26beee11ef0c1cf57f2ae6f0555e053fe5c Mon Sep 17 00:00:00 2001 From: Clinton Wolfe Date: Mon, 3 May 2021 20:18:31 -0400 Subject: [PATCH 5/5] Conditionalize IPv6 support Signed-off-by: Clinton Wolfe --- .../cookbooks/os_prepare/recipes/iptables.rb | 19 +++++++++++-------- .../default/controls/ip6tables_spec.rb | 5 +++++ 2 files changed, 16 insertions(+), 8 deletions(-) diff --git a/test/kitchen/cookbooks/os_prepare/recipes/iptables.rb b/test/kitchen/cookbooks/os_prepare/recipes/iptables.rb index 8a52e5573..2e29232ba 100644 --- a/test/kitchen/cookbooks/os_prepare/recipes/iptables.rb +++ b/test/kitchen/cookbooks/os_prepare/recipes/iptables.rb @@ -14,12 +14,15 @@ if platform_family?("rhel", "debian", "fedora", "amazon", "suse") execute "iptables -A INPUT -j derby-cognos-web" execute "iptables -A derby-cognos-web -p tcp -m tcp --dport 80 "\ '-m comment --comment "derby-cognos-web" -j ACCEPT' - # IPv6 - execute "ip6tables -A INPUT -i eth0 -p tcp -m tcp "\ - "--dport 80 -m state --state NEW -m comment "\ - '--comment "http v6 on 80" -j ACCEPT' - execute "ip6tables -N derby-cognos-web-v6" - execute "ip6tables -A INPUT -j derby-cognos-web-v6" - execute "ip6tables -A derby-cognos-web-v6 -p tcp -m tcp --dport 80 "\ - '-m comment --comment "derby-cognos-web-v6" -j ACCEPT' + + if ENV['IPV6'] + # IPv6 + execute "ip6tables -A INPUT -i eth0 -p tcp -m tcp "\ + "--dport 80 -m state --state NEW -m comment "\ + '--comment "http v6 on 80" -j ACCEPT' + execute "ip6tables -N derby-cognos-web-v6" + execute "ip6tables -A INPUT -j derby-cognos-web-v6" + execute "ip6tables -A derby-cognos-web-v6 -p tcp -m tcp --dport 80 "\ + '-m comment --comment "derby-cognos-web-v6" -j ACCEPT' + end end diff --git a/test/kitchen/policies/default/controls/ip6tables_spec.rb b/test/kitchen/policies/default/controls/ip6tables_spec.rb index a955c4a99..d721acc22 100644 --- a/test/kitchen/policies/default/controls/ip6tables_spec.rb +++ b/test/kitchen/policies/default/controls/ip6tables_spec.rb @@ -1,3 +1,8 @@ +unless ENV['IPV6'] + $stderr.puts "\033[1;33mTODO: Not running #{__FILE__.split("/").last} because we are running without IPv6\033[0m" + return +end + case os[:family] when 'ubuntu', 'fedora', 'debian', 'suse' describe ip6tables do