If firewall is active, the dhcp services do not work. Change the test
to add and remove the dhcp services if firewall is active.
Signed-off-by: Rich Megginson <rmeggins@redhat.com>
Something has changed in python, similar to the change between
el8 and el9, that causes the test to fail on f39 and later, so
skip it.
Signed-off-by: Rich Megginson <rmeggins@redhat.com>
Enhancement: Add the optional route source parameter for the nm provider
Reason: In a scenario where you have a machine with multiple public IP
addresses, typically due to a multi-WAN setup, the src parameter in the
context of routes allows you to specify which source IP address should
be used when sending packets via a specific route. This is crucial when
you want to ensure that outbound traffic uses a specific IP address tied
to a particular network interface, especially when dealing with multiple
WAN connections.
Result: Adding support for the src parameter in routes results in a
more powerful and flexible network configuration capability, especially
important in environments with multiple network interfaces or multiple
IP addresses, it provides better control over traffic routing.
Resolves: https://issues.redhat.com/browse/RHEL-3252
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
* Remove plan from role dir, it's too complicated and long to run tests from tmt
* Use plan from linux-system-roles/tft-tests
* Move getting datetime to testing-farm job where it's used
* Add a workflow for running [citest_bad]
* Bump sclorg/testing-farm-as-github-action to v3
* Move concurrency group to first job
* Dump GitHub context
Signed-off-by: Sergei Petrosian <spetrosi@redhat.com>
* Add a preparation job to run on managed nodes
* Update instructions to run tests locally
* From tft workflow, remove condition for commenter author_association.
This would require us to add all trusted users, running workflow is not dangerous.
* Keep the plan minimal, only run prep steps required to install beakerlib
Signed-off-by: Sergei Petrosian <spetrosi@redhat.com>
Do not use templating in `when:`, `that:`, `until:`. These
are evaluated as Jinja statements. In cases where the string
used is long or awkward to generate in-line, use an
intermediate var for the value.
Use a unique loop var instead of `item` in cases where a loop
may be called in a nested context.
Fix some formatting.
Signed-off-by: Rich Megginson <rmeggins@redhat.com>
This change is for running tests in Testing Farm CI. This is a replacement for
BaseOS CI that we are currently using. Running it Testing Farm gives us more
control.
It adds a workflow for running tests, and a plans directory containing a test
plan and a README-plans.md with some info.
Note that this workflow runs from the main branch. This means that changes to
the workflow must be merged to main, then pull requests will be able to run it.
This is because the workflow uses on: issue_comment context, this is a security
measure recommended by GitHub. It saves us from leaking organization secrets.
The functionality is WIP, so await future fixes and updates.
Signed-off-by: Sergei Petrosian <spetrosi@redhat.com>
The team plugin test does not clean up properly causing the following team
test to fail. The fix is to use the network standard run_test.yml interface
to ensure proper preconditions and cleanup for the team plugin test.
Signed-off-by: Rich Megginson <rmeggins@redhat.com>
As part of the public API, `network_state` must be defined in
defaults/main.yml, and it must be defined with the correct
type `dict`, so the correct default value must be `{}` the
empty dict.
All checking for `network_state` must check for a value of
`{}` to mean "network_state not set or empty".
Fix the test which looks for teaming configuration in EL10
to correctly look for the value in `network_state`.
Signed-off-by: Rich Megginson <rmeggins@redhat.com>
According to the Ansible team, support for listing platforms in
role `meta/main.yml` files is being removed.
Instead, they recommend using `galaxy_tags`
https://github.com/ansible/ansible/blob/stable-2.17/changelogs/CHANGELOG-v2.17.rst
"Remove the galaxy_info field platforms from the role templates"
https://github.com/ansible/ansible/issues/82453
Many roles already have tags such as "rhel", "redhat", "centos", and "fedora".
I propose that we ensure all of the system roles have these tags.
Some of our roles support Suse, Debian, Ubuntu, and others.
We should add tags for those e.g. the ssh role already has tags for "debian" and "ubuntu".
In addition - for each version listed under `platforms.EL` - add a tag like `elN`.
Q: Why not use a delimiter between the platform and the version e.g. `el-10`?
This is not allowed by ansible-lint:
```
meta-no-tags: Tags must contain lowercase letters and digits only., invalid: 'el-10'
meta/main.yml:1
```
So we cannot use uppercase letters either.
Q: Why not use our own meta/main.yml field?
No other fields are allowed by ansible-lint:
```
syntax-check[specific]: 'myfield' is not a valid attribute for a RoleMetadata
```
Q: Why not use some other field?
There are no other applicable or suitable fields.
Q: What happens when we want to support versions like `N.M`?
Use the word "dot" instead of "." e.g. `el10dot3`.
Similarly - use "dash" instead of "-".
We do not need tags such as `fedoraall`.
The `fedora` tag implies that the role works on all supported versions of fedora.
Otherwise, use tags such as `fedora40` if the role only supports specific versions.
Teaming support is dropped in EL10. Provide an error to users who attempt
to use teaming and suggest that they use bonding instead. Skip teaming
tests on EL10.
Signed-off-by: Rich Megginson <rmeggins@redhat.com>
the change made for
b4018c22f8
means that ansible-lint now needs an absolute path for the working directory
Go ahead and make ansible-test use absolute path too just in case they decide
to make the same change.
Signed-off-by: Rich Megginson <rmeggins@redhat.com>
This fixes the breakage of ansible-test.
We want to advertise support for ansible 2.14 since some of
our collections will be supported for a long time on this
version. The latest version of ansible-lint requires 2.15
in meta/runtime.yml, but it also adds support for a way to
tell ansible-lint other versions which are acceptable, using
the new `supported_ansible_also` configuration option
in .ansible-lint
With this fix, we can support both the latest version of
ansible-test and ansible-lint.
See https://github.com/linux-system-roles/auto-maintenance/pull/341
for more information.
Signed-off-by: Rich Megginson <rmeggins@redhat.com>
The latest version of virtualenv does not support creating
python 2.7 virtualenvs. Change our CI tests to restrict the version
of virtualenv<20.22.0 and tox<4.15 for py27 environments
Move pylint, flake8, and black checks to the py310 environment
which is currently supported by ansible-core 2.17 and its related
checkers such as ansible-lint and ansible-test
pylint now uses ansible-core 2.17 and restricts the version of
pylint to 3.1.0 which is the version used by ansible-test 2.17
Remove `extends: default` for .yamllint.yml. The latest version
of ansible-lint will automatically incorporate local yamllint
settings unless there is an `extends:`.
The above changes require some fixes to the role code.
For more information, see
https://github.com/linux-system-roles/tox-lsr/pull/168
and
https://github.com/linux-system-roles/tox-lsr/pull/170
Signed-off-by: Rich Megginson <rmeggins@redhat.com>
Upgrade ci tests to use tox-lsr 3.3.0
tox-lsr 3.3.0 uses ansible-test 2.17
Create the ansible-test ignore file for 2.17
Signed-off-by: Rich Megginson <rmeggins@redhat.com>
Improve the name text for skipped ostree tests to explain
why the test is skipped.
Add tests/tasks/ostree_systems_check.yml for use by test
playbooks that may be skipped on ostree systems.
Signed-off-by: Rich Megginson <rmeggins@redhat.com>
If updates for network packages are available and wireless or team
connections are specified, NetworkManager must be restarted, the role
requires user's consent to restart NetworkManager. Otherwise, there
might be property conflicts between NetworkManager daemon and plugin, or
NetworkManager plugin is not taking effect.
`update_cache` is enabled in the module tasks to check if updates for
network packages are available due to wireless or team interfaces, in
that case, NetworkManager needs user's explicit consent to be restarted
after the network package updates. And using `state: latest` for
checking the network package updates because we have to guarantee that
NetworkManager and its plugin have the same and most recent version for
configuring the network connections settings in the backend. It is
worthwhile to mention that we have both tasks using dnf and yum module
for checking available updates for network packages. Because checking
package cache update is not supported in Ansible package module, Fedora
and RHEL8+ use DNF package manager by default, RHEL7 uses yum package
manager by default.
This commit will address the situation that users forget to explicitly
specify `network_allow_restart: true` when specifying wireless or team
connections.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
Improve bond test failure debugging
* put test setup into block/always so that cleanup happens for setup failures
* trace shell commands so that we can determine exactly which command failed
* add error reporting so that when certain commands fail, we can determine the error code
Signed-off-by: Rich Megginson <rmeggins@redhat.com>
Without purging the DNS testing config at the end
`tests_network_state.yml`, the managed hosts can not properly resolve
certain hosts (e.g. mirrors.fedoraproject.org, mirrors.centos.org )
in the package installation task of other tests.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
In order to guarantee each test is cleaned up properly in the end, it
is important to add a post-test check to each test checking that:
- Routes and DNS are restored.
- Network connectivity to certain hosts are preserved.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
Sometimes the rpm download returns a 403, which is likely caused by
too many parallel jobs attempt the download from the same controller in
too short a period of time, so the epel server throttles additional
downloads - use a retry here to mitigate.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
This is fixed by tox-lsr 3.2.2 - all actions that use tox-lsr are updated to
3.2.2, not just the python unit tests, even though the fix is only related to
pytest. All roles are updated to use tox-lsr 3.2.2 for the sake of consistency
even if not affected by the pytest issue.
Something changed recently in the way github actions provisions systems which
means some of the directories are not readable by the python unit test actions.
In addition, the python unit tests were causing a lot of unnecessary directory
traversal doing collection/discovery of unit test files, because of using
`pytest -c /path/to/tox-lsr/pytest.ini` Unfortunately, with `pytest`, the
directory of the config file is the root directory for the tests and tests
discovery, and there is no way around this.
Therefore, the only solution is to copy the tox-lsr `pytest.ini` to the
`tests/unit` directory, which makes that the test root directory.
See also https://github.com/linux-system-roles/tox-lsr/pull/160
Signed-off-by: Rich Megginson <rmeggins@redhat.com>
