Rather than having to maintain .yamllint.yml with a list of files
exempt from yamllint line-length checking, either fix the code
to abide by the line length restriction, or put the yamllint
exceptions in-line in the code.
Signed-off-by: Rich Megginson <rmeggins@redhat.com>
ansible-lint is confused by the use of `when:` with `lsr_assert_when`.
It thinks the `when` string should be evaluated as a Jinja expression
but it is really just a plain string. To make this more friendly to
ansible-lint, use `condition:` instead of `when:` with
`lsr_assert_when`.
Signed-off-by: Rich Megginson <rmeggins@redhat.com>
Jinja templates should only be at the end of 'name'. This helps with
the identification of tasks inside the source code when they fail.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
Almost all the network role tests fail with fact gathering disabled.
Therefore, in order to support the tests running with
ANSIBLE_GATHERING=explicit, gather the minimum subset of facts
required.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
ansible-core 2.14 is now the current version of Ansible. This version
does not support `args: warn: false` so we have to remove it from the
network role. Users will need to use `COMMAND_WARNINGS` in their
Ansible configuration in order to suppress the warning in older versions
of Ansible such as 2.9, 2.11.
In addition, the gating tests are getting stricter about using new best
practices, such as using `true`, `false` for booleans instead of `yes`,
`no`; use of spaces in Jinja expressions; etc. These issues were
addressed.
The `tests/` directory contains far too many cases of non-recommended
practices, so this directory has been exempted.
Signed-off-by: Rich Megginson <rmeggins@redhat.com>
On BaseOS CI systems, `yum install` for the epel7 rpm does not work.
Instead, use `rpm -i` which should work on any system. We should not
need to use `yum install` here because the epel7 setup rpm does not have
additional dependencies.
In addition, the rpm download sometimes returns 403 - I think it is because
multiple tests run in parallel in BaseOS CI, resulting in too many
download attempts in too short a period of time - so introduce a retry
to mitigate the situation.
Signed-off-by: Rich Megginson <rmeggins@redhat.com>
DHCP server certainly needs the IP address configured in order to lease
the address to the client. There is a bug in NM which wrongly removes
all addresses on the unmanaged interface while it should not. To
guarantee the IP address indeed configured for DHCP server, rescue it
via adding conditional loop for configuring IP address to DHCP server.
Notice that this workaround will be removed eventually when NM fixes
the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2079642
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
The tests are giving failures that are unfortunately being ignored.
One of which is that pidof is not available by default on all platforms,
and on some platforms is not available at all (el7). Same with sysctl.
There are a couple of fixes:
* run the large embedded test `shell` with `set -euo pipefail` to
trigger script errors to be handled.
* install the procps or procps-ng package which provides the tools
such as pgrep, pkill, sysctl, etc.
Signed-off-by: Rich Megginson <rmeggins@redhat.com>
bz#2044640
The network role create an ifcfg file for initscripts. The file
used to append a comment "# this file was created by ansible".
This patch replaces the proprietary string with the ansible
standard {{ ansible_managed }} to adjust to the other system
roles.
For the implementation, it borrowed the method from kernel_settings,
getting the ansible managed comment using the get_ansible_managed.j2
template and pass the comment to network_connections which is added
to the ifcfg file.
In case network_provider is nm, the comment is not added to the
ifcfg file as the file is not managed by Ansible.
Note: the required parameter name to pass the ansible managed comment
to the network_connection module is "__header".
Do not use get_ansible_managed.j2 in the test scripts, but use a
hardcoded ansible managed comment to simplify the tests.
tests/tasks/get_profile_stat.yml: replace the '=' style with the YAML
notation in set_fact.
Signed-off-by: Noriko Hosoi <nhosoi@redhat.com>
The hostapd package was moved from EPEL to CentOS Stream and therefore
is not available anymore on EPEL, which made the installation failed.
To fix it, install the hostapd via CentOS Stream in order to run
managed host testing in RHEL-8.5.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
Add support for using latest ansible-lint and ansible-test with
ansible-core 2.11. There are a few new warnings that need to
be addressed or suppressed.
One of the changes is to add `# noqa ignore-errors` to the places in
the role where `ignore_errors: true` is used. In general, it is not
a good idea to use `ignore_errors: true` - instead, it is better to
capture the result of the command using a `register`, then use
`failed_when`. Or, if that is not possible, use a `block`/`rescue`
for more complex error handling. However, in the case where the network
role is using `ignore_errors: true` in test code, it is acceptable.
see https://ansible-lint.readthedocs.io/en/latest/default_rules.html#ignore-errors
Another change is to have all tasks have a valid `name:`. This
is explained at https://ansible-lint.readthedocs.io/en/latest/default_rules.html#unnamed-task
Signed-off-by: Rich Megginson <rmeggins@redhat.com>
For ansible-core 2.11 compatability, replace the use of `ini_file`
with the yum/dnf config-manager command
Signed-off-by: Rich Megginson <rmeggins@redhat.com>
Enable WPA3 SAE support via:
```yaml
network_connections:
- name: wlan0
type: wireless
wireless:
ssid: "WIFI_SSID"
key_mgmt: "sae"
password: "p@55w0rD"
```
Integration test case was included for Fedora and CentOS. ( Failed in setting up the
mock wifi on RHEL, so skipped the integration test on RHEL)
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
The `tests_bond_nm.yml` test fails at 50% rate due to bond interface
failed to retrieve IP address from DHCP server.
The root cause of this is NetworkManager by default create default
connections for new managed interface which place the DHCP server
interfaces into IPv4.auto method which then prevent DHCP server running
on these ports.
The fix is mark DHCP server ports(veth endpoint and bridge) as
unmanaged before link up.
Signed-off-by: Gris Ge <fge@redhat.com>
In tests/tasks/enable_epel.yml, if /etc/yum.repos.d/epel.repo exists
and it is not enabled, it's left disabled. Without the epel enabled,
it fails to install necessary modules such as python-mock, which
makes tests_unit.yml and tests_wireless_nm.yml fail.
This patch adds a task calling ini_file to ensure the repo is always
enabled. See also bz1980439
Signed-off-by: Noriko Hosoi <nhosoi@redhat.com>
Enable WPA3 OWE support via:
```yaml
network_connections:
- name: wlan0
type: wireless
wireless:
ssid: "WIFI_SSID"
key_mgmt: "owe"
```
Integration test case was included for Fedora and CentOS. ( Failed in setting up the
mock wifi on RHEL, so skipped the integration test on RHEL)
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
That is the following errors are fixed.
'206' # Variables should have spaces before and after: {{ var_name }}
'208' # File permissions unset or incorrect
'301' # Commands should not change things if nothing needs doing
'305' # Use shell only when shell functionality is required
'502' # All tasks should be named
'601' # Don't compare to literal True/False
'602' # Don't compare to empty string
RHELPLAN-73471
Signed-off-by: Noriko Hosoi <nhosoi@redhat.com>
This fixes the following error:
```
/bin/sh: line 9: cd: /root/.ansible/collections: No such file or directory
```
The fix is to ensure the directory exists before attempting
to `cd` to the directory.
Signed-off-by: Rich Megginson <rmeggins@redhat.com>
The unit tests that are run during integration test did not
work for the role converted to collection format. The tests need to
get the paths from the environment then set up the runtime environment
to look like the real Ansible runtime environment.
Signed-off-by: Rich Megginson <rmeggins@redhat.com>
* As EPEL6 has been moved to archive, created `tests/tasks/enable_epel.yml`.
* As CentOS6 has been moved to vault, created `tests/tests_00_setup.yml`.
Signed-off-by: Gris Ge <fge@redhat.com>
The NetworkManager in Fedora 33 does not use ifcfg-rh plugin by default,
the CI will fail on Fedora 33 with:
```
TASK [assert that profile 'bond0' is present] **********************************
task path: /tmp/tmpaz9m374e/tests/playbooks/tasks/assert_profile_present.yml:4
fatal: [/cache/fedora-33.qcow2]: FAILED! => {
"assertion": "profile_stat.stat.exists",
"changed": false,
"evaluated_to": false,
"msg": "profile /etc/sysconfig/network-scripts/ifcfg-bond0 does not exist"
}
```
Previously, we are checking the existence of
`/etc/sysconfig/network-scripts/` to determine whether ifcfg-rh plugin
is enabled. This is incorrect on Fedora 33.
The fix is checking the FILENAME[1] used for storing the NetworkManager
connection, the profile is considered as exists when it exists and does
not contains `/run`.
Since we cannot tell which provider we are using, we just check both
initscripts files and NetworkManager connections.
[1]: nmcli -f NAME,FILENAME connection show
Signed-off-by: Gris Ge <fge@redhat.com>
In order to allows NetworkManager to control veth interface,
the veth peer should be in up state and the veth should be marked as
managed.
Signed-off-by: Gris Ge <fge@redhat.com>
The Fedora 33 cloud image does not have openssl installed by default,
install openssl before using its cli tool.
Signed-off-by: Gris Ge <fge@redhat.com>
To allow running the tests on any arch, do not check for the RPM
architecture when checking the NetworkManager version.
Signed-off-by: Till Maas <opensource@till.name>
* add a helper to create two veth devices with IPv4/IPv6 infra
* add a bond in active-backup mode with miimon value
* add two slaves connections for two veth devices
* check automated IPv4/IPv6 addresses are assigned to master
* check all connections are present
* add a helper to delete previously created veth device setup
When a profile is specified as absent, ignore state requests if the
profile is already removed or not completely specified to improve
idempotence.
Also restructure the states test. This introduces a clear structure for
the individual test steps, properly assigns tags for each test from the
file and provides a clear error message with a description of the test
that failed in case of errors. Support for tests that expect a failure
is still missing.
WPA-PSK and WPA-EAP are supported. Uses existing 802.1x features of the role.
Added extra functionality to ArgValidatorStr to enforce a min and max length.
Logs are now separed by severity level. Warnings and failures are the only logs
that appear now on the output. All logs are saved into a new json parameter
called "stderr" that is later shown on a different task. In case of
failure, all logs are shown as output. Tests have been created and modified in
order to assure that this feature works.
Signed-off-by: Elvira Garcia Ruiz <elviragr@riseup.net>
