the change made for
b4018c22f8
means that ansible-lint now needs an absolute path for the working directory
Go ahead and make ansible-test use absolute path too just in case they decide
to make the same change.
Signed-off-by: Rich Megginson <rmeggins@redhat.com>
This fixes the breakage of ansible-test.
We want to advertise support for ansible 2.14 since some of
our collections will be supported for a long time on this
version. The latest version of ansible-lint requires 2.15
in meta/runtime.yml, but it also adds support for a way to
tell ansible-lint other versions which are acceptable, using
the new `supported_ansible_also` configuration option
in .ansible-lint
With this fix, we can support both the latest version of
ansible-test and ansible-lint.
See https://github.com/linux-system-roles/auto-maintenance/pull/341
for more information.
Signed-off-by: Rich Megginson <rmeggins@redhat.com>
The latest version of virtualenv does not support creating
python 2.7 virtualenvs. Change our CI tests to restrict the version
of virtualenv<20.22.0 and tox<4.15 for py27 environments
Move pylint, flake8, and black checks to the py310 environment
which is currently supported by ansible-core 2.17 and its related
checkers such as ansible-lint and ansible-test
pylint now uses ansible-core 2.17 and restricts the version of
pylint to 3.1.0 which is the version used by ansible-test 2.17
Remove `extends: default` for .yamllint.yml. The latest version
of ansible-lint will automatically incorporate local yamllint
settings unless there is an `extends:`.
The above changes require some fixes to the role code.
For more information, see
https://github.com/linux-system-roles/tox-lsr/pull/168
and
https://github.com/linux-system-roles/tox-lsr/pull/170
Signed-off-by: Rich Megginson <rmeggins@redhat.com>
Upgrade ci tests to use tox-lsr 3.3.0
tox-lsr 3.3.0 uses ansible-test 2.17
Create the ansible-test ignore file for 2.17
Signed-off-by: Rich Megginson <rmeggins@redhat.com>
Improve the name text for skipped ostree tests to explain
why the test is skipped.
Add tests/tasks/ostree_systems_check.yml for use by test
playbooks that may be skipped on ostree systems.
Signed-off-by: Rich Megginson <rmeggins@redhat.com>
If updates for network packages are available and wireless or team
connections are specified, NetworkManager must be restarted, the role
requires user's consent to restart NetworkManager. Otherwise, there
might be property conflicts between NetworkManager daemon and plugin, or
NetworkManager plugin is not taking effect.
`update_cache` is enabled in the module tasks to check if updates for
network packages are available due to wireless or team interfaces, in
that case, NetworkManager needs user's explicit consent to be restarted
after the network package updates. And using `state: latest` for
checking the network package updates because we have to guarantee that
NetworkManager and its plugin have the same and most recent version for
configuring the network connections settings in the backend. It is
worthwhile to mention that we have both tasks using dnf and yum module
for checking available updates for network packages. Because checking
package cache update is not supported in Ansible package module, Fedora
and RHEL8+ use DNF package manager by default, RHEL7 uses yum package
manager by default.
This commit will address the situation that users forget to explicitly
specify `network_allow_restart: true` when specifying wireless or team
connections.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
Improve bond test failure debugging
* put test setup into block/always so that cleanup happens for setup failures
* trace shell commands so that we can determine exactly which command failed
* add error reporting so that when certain commands fail, we can determine the error code
Signed-off-by: Rich Megginson <rmeggins@redhat.com>
Without purging the DNS testing config at the end
`tests_network_state.yml`, the managed hosts can not properly resolve
certain hosts (e.g. mirrors.fedoraproject.org, mirrors.centos.org )
in the package installation task of other tests.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
In order to guarantee each test is cleaned up properly in the end, it
is important to add a post-test check to each test checking that:
- Routes and DNS are restored.
- Network connectivity to certain hosts are preserved.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
Sometimes the rpm download returns a 403, which is likely caused by
too many parallel jobs attempt the download from the same controller in
too short a period of time, so the epel server throttles additional
downloads - use a retry here to mitigate.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
This is fixed by tox-lsr 3.2.2 - all actions that use tox-lsr are updated to
3.2.2, not just the python unit tests, even though the fix is only related to
pytest. All roles are updated to use tox-lsr 3.2.2 for the sake of consistency
even if not affected by the pytest issue.
Something changed recently in the way github actions provisions systems which
means some of the directories are not readable by the python unit test actions.
In addition, the python unit tests were causing a lot of unnecessary directory
traversal doing collection/discovery of unit test files, because of using
`pytest -c /path/to/tox-lsr/pytest.ini` Unfortunately, with `pytest`, the
directory of the config file is the root directory for the tests and tests
discovery, and there is no way around this.
Therefore, the only solution is to copy the tox-lsr `pytest.ini` to the
`tests/unit` directory, which makes that the test root directory.
See also https://github.com/linux-system-roles/tox-lsr/pull/160
Signed-off-by: Rich Megginson <rmeggins@redhat.com>
Baseos CI runs different wireless tests in a sequence, the mock wifi
needs to be cleaned up properly at the end of each wireless test,
otherwise, it will cause the failure during the setup of mock wifi
for the next wireless test.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
It is useful and common practice to configure the routes with blackhole,
prohibit, and unreachable route types when users have BGP routing
setups.
Notice that this feature is only for nm provider using
`network_connections` variable. Configuring blackhole, prohibit, and
unreachable route types is also supported by using `network_state` since
nmstate version 2.2.20 (the setting name is `route-type`).
Resolves: https://issues.redhat.com/browse/RHEL-19579
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
The old ansible-community ansible-lint is deprecated. There is a
new ansible-lint github action.
The latest Ansible repo gating tests run ansible-lint against
the collection format instead of against individual roles.
We have to convert the role to collection format before running
ansible-test.
This also requires tox-lsr 3.2.1 - bump other actions to use 3.2.1
Role developers can run this locally using
`tox -e collection,ansible-lint-collection`
See https://github.com/linux-system-roles/tox-lsr/pull/125
Signed-off-by: Rich Megginson <rmeggins@redhat.com>
The old ansible-community ansible-lint is deprecated. There is a
new ansible-lint github action. The new ansible-lint has several checks
related to ansible-test and the ignore files. Many of our ignore settings
are not allowed any more and are required to be fixed or addressed in the
Ansible preferred way.
The python imports have to be wrapped in a try/except ImportError, and
where possible, an error must be returned from the module explaining
what was not able to be imported.
The module documentation must comply with the Ansible standards. One
aspect of this is the `version_added` must be a valid ansible-core
version in X.Y.Z format. Note that this version isn't really used
anywhere, so it doesn't matter for users of the role, it is purely
an `ansible-test` and import gating issue.
The result of this is that the .sanity files can be reduced to the
bare minimum which will greatly reduce the maintenance burden of
those files, make it easier to support newer versions of Ansible,
and make it easier to import the system roles collection into Galaxy
and Automation Hub.
The latest Ansible repo gating tests run ansible-lint against
the collection format instead of against individual roles.
We have to convert the role to collection format before running
ansible-test.
Role developers can run this locally using
`tox -e collection,ansible-lint-collection`
See https://github.com/linux-system-roles/tox-lsr/pull/125
Add `---` doc start to .markdownlint.yaml
The file `examples/down_profile+delete_interface.yml`
was not used and was causing ansible-lint errors.
ansible-lint enforces the order of keywords in plays - `name`,
then `hosts`, then `vars`, then `tasks`.
Signed-off-by: Rich Megginson <rmeggins@redhat.com>
Use the `#!/usr/bin/env bash` shebang which is ansible-test friendly.
This means we can remove get_ostree_data.sh from the .sanity* files.
This also means we can remove the .sanity* files if we do not need
them otherwise. Fix other shell scripts to use the friendly shebang
and remove from the .sanity* files.
Rename `pth` to `path` in honor of nscott
Signed-off-by: Rich Megginson <rmeggins@redhat.com>
Some variables used in the module code are not meaningful at all, which
might be hard to read and understand. Therefore, replace them with
meaningful variables.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
Since the merge of nmstate commit 'nm dns: Support appending static DNS
before dynamic DNS' (https://github.com/nmstate/nmstate/pull/2438),
nmstate treats interface with `auto-dns: true` as valid to store DNS
and tries to use NetworkManager global DNS as much as possible. However,
in NM, `dns=systemd-resolved` does not support global DNS configuration,
because systemd-resolved only supports per-interface DNS servers (via
the D-Bus API). Therefore, write and validate the DNS configuration in
/run/NetworkManager/no-stub-resolv.conf, which contains the original
DNS settings pushed to the DNS plugin.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
The dependency on `ansible.utils.update_fact` is causing issue with
some users who now must install that collection in order to run
the role, even if they do not care about ostree.
The fix is to stop trying to set `ansible_facts.pkg_mgr`, and instead
force the use of the ostree package manager with the `package:` module
`use:` option. The strategy is - on ostree systems, set the flag
`__$ROLENAME_is_ostree` if the system is an ostree system. The flag
will either be undefined or `false` on non-ostree systems.
Then, change every invocation of the `package:` module like this:
```yaml
- name: Ensure required packages are present
package:
name: "{{ __$ROLENAME_packages }}"
state: present
use: "{{ (__$ROLENAME_is_ostree | d(false)) |
ternary('ansible.posix.rhel_rpm_ostree', omit) }}"
```
This should ensure that the `use:` parameter is not used if the system
is non-ostree. The goal is to make the ostree support as unobtrusive
as possible for non-ostree systems.
The user can also set `__$ROLENAME_is_ostree: true` in the inventory or play
if the user knows that ostree is being used and wants to skip the check.
Or, the user is concerned about the performance hit for ostree detection
on non-ostree systems, and sets `__$ROLENAME_is_ostree: false` to skip
the check.
The flag `__$ROLENAME_is_ostree` can also be used in the role or tests to
include or exclude tasks from being run on ostree systems.
This fix also improves error reporting in the `get_ostree_data.sh` script
when included roles cannot be found.
Signed-off-by: Rich Megginson <rmeggins@redhat.com>
`from 0.0.0.0/0` means from all IPv4 addresses, `from ::/0` means from
all IPv6 addresses. In NM, if `from` property is not specified in a
routing rule, NM still appends `from 0.0.0.0/0` or `from ::/0` to the
rule. NM also allows to specify `to 0.0.0.0/0` or `to ::/0` in a
routing rule, but the connection profiles will only show the `from`
setting for the rule.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
The changelog update for version 1.13.2 contains wrongly formatted
content which makes the changelog file update inconsistent from
previous release.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
