Commit graph

96 commits

Author SHA1 Message Date
Rich Megginson
6a3853d5c4 test: fix kernel url path for the mac80211_hwsim kernel module
The method for determining the kernel url path for the module did not
work on all arches.

Skip the test if the kernel module is not found.  Some architectures do
not provide the module.

Signed-off-by: Rich Megginson <rmeggins@redhat.com>
2026-06-25 15:45:20 -06:00
Rich Megginson
87b9e46f64 test: refactor wireless tests into single setup and cleanup
The wireless test setup/cleanup had a lot of duplicated code scattered
among a few task files.  This unifies the setup and cleanup code and
gets rid of redundant files.

This also enables all of the wireless tests on CentOS 7 and later,
and RHEL 8 and later.

Signed-off-by: Rich Megginson <rmeggins@redhat.com>
2026-06-09 06:38:45 -06:00
Rich Megginson
3c4717c84f test: fix unit test module lookup paths
fix unit test module lookup paths

Signed-off-by: Rich Megginson <rmeggins@redhat.com>
2026-06-01 14:39:13 -06:00
Rich Megginson
3267ddb287 test: ensure integration and unit pytest work in collection mode
Refactor the common code in tests_unit.yml and the integration pytest
into a single block of code.

The tests/ directory has a library sub-directory with a symlink to the
network_connections.py module.  This was causing problems because the logic
in get_modules_and_utils_paths.yml really wants the real files and
directories, not the symlinks, and for some reason the bash `-f` test
is returning `true` for the symlink.  Instead, ensure that we do not use
the link by using `-L` to screen it out.

Also added the collection paths to the search.

Make the path arrays have unique values.

Use the `realpath` filter to see the full actual path.

Signed-off-by: Rich Megginson <rmeggins@redhat.com>
2026-05-01 06:55:49 -06:00
Rich Megginson
6e5f70687d ci: update header for run_role_with_clear_facts [citest_skip]
Update header for run_role_with_clear_facts to indicate not editable
and clarify what it does

Signed-off-by: Rich Megginson <rmeggins@redhat.com>
2026-04-08 07:39:36 -06:00
Sergei Petrosian
8a0e3a8e4e tests: Enable EPEL on EL 7 to install hostapd
Signed-off-by: Sergei Petrosian <spetrosi@redhat.com>
2026-03-30 10:17:23 -06:00
Sergei Petrosian
397dd13753 tests: Remove installing custom hostapd build for OWE
Previously, the role used to install customly-built hostapd package with
OWE enabled. Currently, hostapd in Fedora and RHEL have OWE enabled by
default, so there is no need to use custom build.

Signed-off-by: Sergei Petrosian <spetrosi@redhat.com>
2026-03-30 10:17:23 -06:00
Rich Megginson
88a2609327 test: ensure role gathers the facts it uses by having test clear_facts before include_role
The role gathers the facts it uses.  For example, if the user uses
`ANSIBLE_GATHERING=explicit`, the role uses the `setup` module with the
facts and subsets it requires.

This change allows us to test this.  Before every role invocation, the test
will use `meta: clear_facts` so that the role starts with no facts.

Create a task file tests/tasks/run_role_with_clear_facts.yml to do the tasks
to clear the facts and run the role.  Note that this means we don't need to
use `gather_facts` for the tests.

Some vars defined using `ansible_facts` have been changed to be defined with
`set_fact` instead.  This is because of the fact that `vars` are lazily
evaluated - the var might be referenced when the facts have been cleared, and
will issue an error like `ansible_facts["distribution"] is undefined`.  This is
typically done for blocks that have a `when` condition that uses `ansible_facts`
and the block has a role invocation using run_role_with_clear_facts.yml
These have been rewritten to define the `when` condition using `set_fact`.  This
is because the `when` condition is evaluated every time a task is invoked in the
block, and if the facts are cleared, this will raise an undefined variable error.

Signed-off-by: Rich Megginson <rmeggins@redhat.com>
2026-03-19 10:47:09 -06:00
Rich Megginson
39ac91d9af refactor: handle INJECT_FACTS_AS_VARS=false by using ansible_facts instead
Ansible 2.20 has deprecated the use of Ansible facts as variables.  For
example, `ansible_distribution` is now deprecated in favor of
`ansible_facts["distribution"]`.  This is due to making the default
setting `INJECT_FACTS_AS_VARS=false`.  For now, this will create WARNING
messages, but in Ansible 2.24 it will be an error.

See https://docs.ansible.com/projects/ansible/latest/porting_guides/porting_guide_core_2.20.html#inject-facts-as-vars

Signed-off-by: Rich Megginson <rmeggins@redhat.com>
2026-01-07 18:43:15 -05:00
Rich Megginson
942e01da62 test: ensure NetworkManager, ensure eth1 is active
This is mainly needed on el7 - NetworkManager is installed by default, or
somewhere else, on el8 and later.

Additionally, if the NetworkManager-server-config package is installed, then
the secondary interface will not be active, so ensure it is active.

Signed-off-by: Rich Megginson <rmeggins@redhat.com>
2025-08-29 17:15:30 -06:00
Martin Pitt
f3dcba4350 tests: Simplify expected failure check in test_802.1x_capath.yml
Simplify the cumbersome assertion.

Drop the ancient Fedora releases from the __NM_capath_ignored_NVRs list.

Signed-off-by: Martin Pitt <mpitt@redhat.com>
2025-07-08 07:22:01 +02:00
Rich Megginson
65e74567d4 refactor: support Ansible 2.19
The big problem was trying to use `vars` with `import_playbook`.

We do not need to use `import_playbook` when `include_tasks` will
work.  Perhaps the original author of these tests thought that
the play `roles` keyword was the only way to invoke roles, so
that had to be "called" using an `import_playbook`?

Use `include_tasks` instead of `import_playbook`, and move some
of those "tasks" playbooks to be tasks files in tests/tasks.

Use `include_role` instead of `import_role`.

Do not set variables using `set_fact` if they have already been
set at the appropriate scope using `vars`.

"Modernize" the code somewhat.

Improve formatting.

Work around an Ansible bug https://github.com/ansible/ansible/issues/85394

Fix ansible-lint and ansible-test issues related newer versions of
those tools.

Signed-off-by: Rich Megginson <rmeggins@redhat.com>
2025-07-02 14:42:43 -06:00
Rich Megginson
217645869a test: exclude qemu interfaces from dhcp
When running tests with a qemu managed node, the dhcp
used by qemu interferes with the dhcp used in the test, which
can cause the test to hang.  Exclude the qemu interfaces from
using the test dhcp.  Note that this only affects the qemu tests -
testing farm and other tests with "real" machines will have a
different mac address - the mac addresses used below are specific
to qemu virtual devices.

Also, just in case tests still timeout, add a tests/ansible.cfg
with a 240 second task timeout to ensure any hung tasks are killed.
This will cause the playbook to exit with an error.

Signed-off-by: Rich Megginson <rmeggins@redhat.com>
2025-04-22 07:04:49 -06:00
Rich Megginson
89297aa207 test: set shell to /bin/bash in order to use pipefail
Some of our tests now run on an ubuntu control node (localhost)
and use `shell` to execute commands there.  Ansible requires
the use of `pipefail`.  The default shell on ubuntu is not
bash and does not have `pipefail`.

Signed-off-by: Rich Megginson <rmeggins@redhat.com>
2025-04-14 10:05:37 -06:00
Wen Liang
fe7c6c6fd5 fix: Refine MAC validation using interface name
When a user provides both an interface name and a MAC address, the
current validation process retrieves sysfs link info separately using
the interface name and the MAC address, then compares the results. If
the information doesn't match, an error is raised.

However, this approach may trigger false alarms because retrieving the
link info by MAC might return the link info that only matches the
current MAC instead of the permanent MAC. Since the interface name is
unique within the kernel, a more robust validation method is to fetch
the MAC address using the interface name and then compare it directly
with the user-provided MAC address.

Resolves: https://issues.redhat.com/browse/RHEL-84362

Signed-off-by: Wen Liang <liangwen12year@gmail.com>
2025-03-31 22:25:32 -04:00
Wen Liang
cac2bbb43e fix: Remove MAC address matching from SysUtil.link_info_find()
The link_info_find() function previously allowed searching for links by
MAC address, but this introduced ambiguity and could cause false alarms
in certain cases (e.g. retrieving the link info by MAC might return the
link info that only matches the current MAC instead of the permanent
MAC). To ensure reliable behavior, this function should accept and match
the link info only by interface name.

To address the issues, the following changes were made:
- Removed MAC address matching logic to eliminate ambiguity.
- Simplified the function to only check ifname, making it more
  predictable.
- Updated all callers to adapt to this change, ensuring correctness.
- When a profile is tied to an interface via mac only, the validation of
  the existence of interface will now be delegated to NetworkManager
instead.

Resolves: https://issues.redhat.com/browse/RHEL-84197

Signed-off-by: Wen Liang <liangwen12year@gmail.com>
2025-03-31 22:21:18 -04:00
Rich Megginson
e5aca936e5 test: do not need to install from epel or pip
The tests should not install anything from outside of the distribution
unless absolutely necessary, like the copr repos.

All of the EPEL dependencies have been removed or replaced
with coprs.

We do not need to install pytest from pip since it is available
as `pytest-3` from `python3-pytest`.

We do not need `git` or `rsync` in the tests.

Signed-off-by: Rich Megginson <rmeggins@redhat.com>
2025-03-17 12:02:42 -06:00
Sergei Petrosian
62d3bdc110 ci: Check spelling with codespell
* You can ignore words inline by adding a comment like `# codespell:ignore word`.
* You can ignore words by adding them to the `.codespell_ignores` file.
* You can ignore files and directories by adding them with `skip = ` to the `.codespellrc` file.

Signed-off-by: Sergei Petrosian <spetrosi@redhat.com>
2025-02-14 11:06:01 +00:00
Wen Liang
d92baacf1f feat: Support wait_ip property
Add support for the `wait_ip` property, the system will consider
connection activated only when specific IP stack is configured.
This enables flexibility in scenarios such as
IPv6-only networks, where the overall network configuration can still
succeed when IPv4 configuration fails but IPv6 completes successfully.

The `wait_ip` can be configured with the following possible values:
  * "any": System will consider interface activated when any IP stack is
           configured.
  * "ipv4": System will wait IPv4 been configured.
  * "ipv6": System will wait IPv6 been configured.
  * "ipv4+ipv6": System will wait both IPv4 and IPv6 been configured.

Resolves: https://issues.redhat.com/browse/RHEL-63026

Signed-off-by: Wen Liang <wenliang@redhat.com>
2024-10-29 09:43:38 -04:00
Wen Liang
5d73511d64 feat: Support autoconnect_retries
There is no fine-grained control over the number of retries for
automatically reconnecting a network connection in the role. This
limitation can be problematic for certain use cases where extending the
retry process is critical, particularly in environments with unstable
networks. Introduce support for the `autoconnect_retries` property in nm
provider of `network_connections` variable. This feature allows users to
configure how many times NetworkManager will attempt to reconnect a
connection after a autoconnect failure, providing more control over
network stability and performance.

Resolves: https://issues.redhat.com/browse/RHEL-61599

Signed-off-by: Wen Liang <liangwen12year@gmail.com>
2024-10-08 10:25:58 -04:00
Rich Megginson
fe439dbe4d test: use is-active instead of is-enabled to check for firewalld
Need to test if firewalld is running - the is-active test is
for that, not is-enabled

Signed-off-by: Rich Megginson <rmeggins@redhat.com>
2024-08-20 11:16:28 -06:00
Rich Megginson
e55e2a77ab test: allow dhcp service if firewall is active
If firewall is active, the dhcp services do not work.  Change the test
to add and remove the dhcp services if firewall is active.

Signed-off-by: Rich Megginson <rmeggins@redhat.com>
2024-08-17 17:30:00 -06:00
Jakub Haruda
3841192f9f Tests: Use EPEL-7 from archive
Signed-off-by: Jakub Haruda <64086699+jharuda@users.noreply.github.com>
2024-08-16 07:52:44 -06:00
Rich Megginson
b7c6a253ab test: fix some Ansible warnings not caught by lint
Do not use templating in `when:`, `that:`, `until:`.  These
are evaluated as Jinja statements.  In cases where the string
used is long or awkward to generate in-line, use an
intermediate var for the value.

Use a unique loop var instead of `item` in cases where a loop
may be called in a nested context.

Fix some formatting.

Signed-off-by: Rich Megginson <rmeggins@redhat.com>
2024-07-25 08:35:17 -06:00
Rich Megginson
ab77dd159e test: improve name text for skipped ostree tests
Improve the name text for skipped ostree tests to explain
why the test is skipped.
Add tests/tasks/ostree_systems_check.yml for use by test
playbooks that may be skipped on ostree systems.

Signed-off-by: Rich Megginson <rmeggins@redhat.com>
2024-03-25 17:30:00 -06:00
Wen Liang
44f937d82b tests: Consent to restart network when specifying wireless or team connections
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
2024-03-15 17:33:36 -04:00
Wen Liang
66c3eef7e3 fix: Ask user's consent to restart NM due to wireless or team interfaces
If updates for network packages are available and wireless or team
connections are specified, NetworkManager must be restarted, the role
requires user's consent to restart NetworkManager. Otherwise, there
might be property conflicts between NetworkManager daemon and plugin, or
NetworkManager plugin is not taking effect.

`update_cache` is enabled in the module tasks to check if updates for
network packages are available due to wireless or team interfaces, in
that case, NetworkManager needs user's explicit consent to be restarted
after the network package updates. And using `state: latest` for
checking the network package updates because we have to guarantee that
NetworkManager and its plugin have the same and most recent version for
configuring the network connections settings in the backend. It is
worthwhile to mention that we have both tasks using dnf and yum module
for checking available updates for network packages. Because checking
package cache update is not supported in Ansible package module, Fedora
and RHEL8+ use DNF package manager by default, RHEL7 uses yum package
manager by default.

This commit will address the situation that users forget to explicitly
specify `network_allow_restart: true` when specifying wireless or team
connections.

Signed-off-by: Wen Liang <liangwen12year@gmail.com>
2024-03-15 17:33:36 -04:00
Rich Megginson
e681c3fea5 test: improve bond test failure debugging
Improve bond test failure debugging
* put test setup into block/always so that cleanup happens for setup failures
* trace shell commands so that we can determine exactly which command failed
* add error reporting so that when certain commands fail, we can determine the error code

Signed-off-by: Rich Megginson <rmeggins@redhat.com>
2024-02-27 13:17:16 -05:00
Wen Liang
b4f51e2691 test: Add DNS, routes and network connectivity checks during cleanup
In order to guarantee each test is cleaned up properly in the end, it
is important to add a post-test check to each test checking that:

- Routes and DNS are restored.
- Network connectivity to certain hosts are preserved.

Signed-off-by: Wen Liang <liangwen12year@gmail.com>
2024-02-14 20:20:49 -07:00
Wen Liang
ae9f212086 test: Retry until success when installing package
Sometimes the rpm download returns a 403, which is likely caused by
too many parallel jobs attempt the download from the same controller in
too short a period of time, so the epel server throttles additional
downloads - use a retry here to mitigate.

Signed-off-by: Wen Liang <liangwen12year@gmail.com>
2024-02-14 20:20:49 -07:00
Wen Liang
910ddd20a9 test: Rewrite tests_bond_options.yml in the new testing format
The new testing format is more concise and easier to debug when test
failure happens.

Signed-off-by: Wen Liang <liangwen12year@gmail.com>
2024-02-14 20:20:49 -07:00
Wen Liang
bbdc7f77c4 test: Fix wifi test failures
CentOS Stream build process has been moved to
https://kojihub.stream.centos.org.

Signed-off-by: Wen Liang <liangwen12year@gmail.com>
2023-12-23 13:51:06 -07:00
Wen Liang
55e953099a tests: Fix installing kernel module in Fedora
`uname -m` will show the machine hardware name.

Signed-off-by: Wen Liang <liangwen12year@gmail.com>
2023-12-23 13:49:48 -07:00
Rich Megginson
0c590cdf5a refactor: improve support for ostree systems
The dependency on `ansible.utils.update_fact` is causing issue with
some users who now must install that collection in order to run
the role, even if they do not care about ostree.

The fix is to stop trying to set `ansible_facts.pkg_mgr`, and instead
force the use of the ostree package manager with the `package:` module
`use:` option.  The strategy is - on ostree systems, set the flag
`__$ROLENAME_is_ostree` if the system is an ostree system.  The flag
will either be undefined or `false` on non-ostree systems.
Then, change every invocation of the `package:` module like this:

```yaml
- name: Ensure required packages are present
  package:
    name: "{{ __$ROLENAME_packages }}"
    state: present
    use: "{{ (__$ROLENAME_is_ostree | d(false)) |
      ternary('ansible.posix.rhel_rpm_ostree', omit) }}"
```

This should ensure that the `use:` parameter is not used if the system
is non-ostree.  The goal is to make the ostree support as unobtrusive
as possible for non-ostree systems.
The user can also set `__$ROLENAME_is_ostree: true` in the inventory or play
if the user knows that ostree is being used and wants to skip the check.
Or, the user is concerned about the performance hit for ostree detection
on non-ostree systems, and sets `__$ROLENAME_is_ostree: false` to skip
the check.
The flag `__$ROLENAME_is_ostree` can also be used in the role or tests to
include or exclude tasks from being run on ostree systems.

This fix also improves error reporting in the `get_ostree_data.sh` script
when included roles cannot be found.

Signed-off-by: Rich Megginson <rmeggins@redhat.com>
2023-11-29 07:05:00 -07:00
Rich Megginson
9a16583783 feat: support for ostree systems
Feature: Allow running and testing the role with ostree managed nodes.

Reason: We have users who want to use the role to manage ostree
systems.

Result: Users can use the role to manage ostree managed nodes.

NOTE: The .ostree/packages-*.txt are generated by running the
script https://github.com/linux-system-roles/auto-maintenance/blob/main/check-logs-for-packages.sh
which is used with an integration test CI run with the
https://github.com/linux-system-roles/auto-maintenance/blob/main/callback_plugins/dump_packages.py
plugin.  An example of such a CI run is
https://github.com/linux-system-roles/network/pull/647

Signed-off-by: Rich Megginson <rmeggins@redhat.com>
2023-10-30 12:02:20 -06:00
Wen Liang
17922ca6f3 fix: Install yum-utils package
`yum-config-manager` is provided by the yum-utils package, thus, install
the package as the dependency before using `yum-config-manager`.

Signed-off-by: Wen Liang <liangwen12year@gmail.com>
2023-10-05 15:11:02 -06:00
Rich Megginson
c144794faa style: ansible-lint - remove line-length files from .yamllint.yml
Rather than having to maintain .yamllint.yml with a list of files
exempt from yamllint line-length checking, either fix the code
to abide by the line length restriction, or put the yamllint
exceptions in-line in the code.

Signed-off-by: Rich Megginson <rmeggins@redhat.com>
2023-04-28 09:41:30 -06:00
Rich Megginson
211412d035 style: ansible-lint - fix missing YAML document start
ansible-lint requires that YAML documents begin with a line
consisting of `---`

Signed-off-by: Rich Megginson <rmeggins@redhat.com>
2023-04-28 09:15:50 -06:00
Wen Liang
5ff1189409 ansible-lint: Fix name[missing] and name[play] failures
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
2023-04-10 17:49:07 +02:00
Wen Liang
2de826ee24 ansible-lint: Fix yaml[octal-values] failures
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
2023-04-04 09:52:31 -06:00
Noriko Hosoi
77214cbda4 Fingerprint RHEL System Role managed config files
- Add role name to the generated config files.
  # system_role:network

Signed-off-by: Noriko Hosoi <nhosoi@redhat.com>
2023-03-30 13:38:19 -06:00
Wen Liang
2b693d14c0 ansible-lint: Fix no-changed-when failure
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
2023-03-29 13:10:38 +02:00
Rich Megginson
7f26cdb8ac in lsr_assert_when use condition instead of when
ansible-lint is confused by the use of `when:` with `lsr_assert_when`.
It thinks the `when` string should be evaluated as a Jinja expression
but it is really just a plain string.  To make this more friendly to
ansible-lint, use `condition:` instead of `when:` with
`lsr_assert_when`.

Signed-off-by: Rich Megginson <rmeggins@redhat.com>
2023-03-28 18:26:33 -06:00
Wen Liang
8a3dd3c438 ansible-lint: Fix command-instead-of-module failures
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
2023-03-28 18:40:13 +02:00
Wen Liang
8174d5320d ansible-lint: Fix jinja[spacing] warnings
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
2023-03-27 16:25:03 +02:00
Wen Liang
cd72556282 ansible-lint: Fix name[casing] warnings
Start all task names an uppercase letter.

Signed-off-by: Wen Liang <liangwen12year@gmail.com>
2023-03-27 16:25:03 +02:00
Wen Liang
a384e5bb00 ansible-lint: Fix key-order[task] failures
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
2023-03-22 10:21:50 +01:00
Wen Liang
4bac670e65 ansible-lint: Fix name[template] warnings
Jinja templates should only be at the end of 'name'. This helps with
the identification of tasks inside the source code when they fail.

Signed-off-by: Wen Liang <liangwen12year@gmail.com>
2023-03-21 17:06:29 +01:00
Wen Liang
e8fef16995 ansible-lint: Fix no-jinja-when, yaml[line-legnth] and package-latest failures
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
2023-03-20 14:14:00 +01:00
Wen Liang
f11e720268 ansible-lint: Fix var-naming warnings
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
2023-03-02 12:08:51 +01:00