diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 0000000..2ccb6df --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,66 @@ +--- +name: CI + +on: + push: + pull_request: + +env: + galaxy-name: "cvmfs_contrib.cvmfs_client" + +jobs: + + molecule: + runs-on: ubuntu-latest + + strategy: + matrix: + distro: + - centos8 + - ubuntu2004 + fail-fast: false + + steps: + + - uses: actions/checkout@v2 + with: + path: ${{ env.galaxy-name }} + + - name: Set up Python 3.8 + uses: actions/setup-python@v2 + with: + python-version: 3.8 + + - name: Upgrade pip + run: | + pip install --upgrade pip wheel + pip --version + + - name: Install requirements + run: | + pip install --use-feature=2020-resolver -r requirements.txt + working-directory: ${{ env.galaxy-name }} + + # See https://github.com/geerlingguy/raspberry-pi-dramble/issues/166 + - name: Force GitHub Actions' docker daemon to use vfs. + run: | + sudo systemctl stop docker + echo '{"cgroup-parent":"/actions_job","storage-driver":"vfs"}' | sudo tee /etc/docker/daemon.json + sudo systemctl start docker + + - name: Run molecule + run: molecule test + working-directory: ${{ env.galaxy-name }} + env: + MOLECULE_DISTRO: ${{ matrix.distro }} + + # release: + # name: Publish to ansible-galaxy + # if: github.event_name == 'push' && startsWith(github.event.ref, 'refs/tags') + # needs: [pre-commit, molecule] + # runs-on: ubuntu-latest + # steps: + # - uses: actions/checkout@v2 + # - uses: robertdebock/galaxy-action@1.0.3 + # with: + # galaxy_api_key: ${{ secrets.GALAXY_API_KEY }} diff --git a/defaults/main.yml b/defaults/main.yml index 5866d0f..645e851 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -30,7 +30,7 @@ cvmfs_force_unmount: false # according to cvmfs_client_pv_name, cvmfs_client_vg_name, and # cvmfs_client_lv_name as described below. If false, you will need to # configure the cache storage yourself instead, and also ensure it is the required size. -cvmfs_client_configure_storage: true +cvmfs_client_configure_storage: false # If this block device name is defined, then a volume group, logical volume, and filesystem will be created on it. # If it is not defined, then a volume group is assumed to already exist and will be used instead. diff --git a/meta/main.yml b/meta/main.yml index b15b917..a7c0999 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -51,6 +51,10 @@ galaxy_info: versions: - 6 - 7 + - 8 + - name: Ubuntu + versions: + - bionic galaxy_tags: [] # List tags for your role here, one per line. A tag is a keyword that describes diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml new file mode 100644 index 0000000..904f113 --- /dev/null +++ b/molecule/default/converge.yml @@ -0,0 +1,18 @@ +--- +- name: Converge + hosts: all + become: true + + pre_tasks: + - name: Update apt cache. + apt: update_cache=yes cache_valid_time=600 + when: ansible_os_family == 'Debian' + + roles: + - role: cvmfs_contrib.cvmfs_client + vars: + cvmfs_client_configure_storage: false + cvmfs_cache_size: "1000" # small cache size for CI + cvmfs_http_proxy: "DIRECT" + cvmfs_configuration: + - "cvmfs-config-computecanada" diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml new file mode 100644 index 0000000..fa916a5 --- /dev/null +++ b/molecule/default/molecule.yml @@ -0,0 +1,19 @@ +--- +dependency: + name: galaxy + options: + role-file: ansible-role-requirements.yml +driver: + name: docker +platforms: +- name: instance + image: "geerlingguy/docker-${MOLECULE_DISTRO:-ubuntu1804}-ansible:latest" + command: ${MOLECULE_DOCKER_COMMAND:-""} + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro + privileged: true + pre_build_image: true +provisioner: + name: ansible + playbooks: + converge: converge.yml diff --git a/molecule/default/verify.yml b/molecule/default/verify.yml new file mode 100644 index 0000000..754eb99 --- /dev/null +++ b/molecule/default/verify.yml @@ -0,0 +1,8 @@ +--- +- name: Verify + hosts: all + become: true + + tasks: + - name: Test loading the Compute Canda module environment + shell: source /cvmfs/soft.computecanada.ca/config/profile/bash.sh diff --git a/requirements.txt b/requirements.txt new file mode 100644 index 0000000..07e9196 --- /dev/null +++ b/requirements.txt @@ -0,0 +1,4 @@ +# for running tests +molecule[docker]~=3.3.0 +docker~=4.4.4 +ansible~=4.8.0 diff --git a/tasks/config.yml b/tasks/config.yml index 9af603d..4f48067 100644 --- a/tasks/config.yml +++ b/tasks/config.yml @@ -8,6 +8,7 @@ owner: "root" group: "root" mode: "0644" + register: cvmfs_config_file - name: Set autofs timeout ansible.builtin.lineinfile: @@ -27,3 +28,8 @@ state: "{% if not cvmfs_auto_setup %}mounted{% elif cvmfs_force_unmount %}absent{% endif %}" when: (not cvmfs_auto_setup) or (cvmfs_force_unmount) loop: "{{ cvmfs_repositories }}" + +# cvmfs-auto-setup package not available for Debian so we have to run it manually... +- name: Configure AutoFS + command: cvmfs_config setup + when: cvmfs_config_file.changed and ansible_os_family == 'Debian' \ No newline at end of file diff --git a/tasks/debian.yml b/tasks/debian.yml new file mode 100644 index 0000000..7864028 --- /dev/null +++ b/tasks/debian.yml @@ -0,0 +1,64 @@ +# The CERNVM GPG key is the trust anchor for the secure installation of the CVMFS client. +# +# The Compute Canada CVMFS GPG key is the trust anchor for the secure distribution of the Compute Canada software stack (and other content), as follows: +# - the Compute Canada CVMFS GPG key verifies the authenticity of the computecanada-release RPM +# - the computecanada-release configures an apt repository which distributes the cvmfs-config-computecanada deb +# - the cvmfs-config-computecanada deb contains the public CVMFS key for the cvmfs-config.computecanada.ca CVMFS configuration repository +# - the CVMFS configuration repository contains the public CVMFS keys for all other Compute Canada CVMFS repositories +# - the other CVMFS repositories contain all Compute Canada software (and other content) + +- name: Install gpg agent + apt: + name: ['gpg-agent'] + +- name: Install CernVM GPG key + apt_key: + url: https://cvmrepo.web.cern.ch/cvmrepo/apt/cernvm.gpg + state: present + validate_certs: yes + +# Also available at https://git.computecanada.ca/cc-cvmfs-public/cvmfs-config/raw/master/RPM-GPG-KEY-CC-CVMFS-1 +- name: Install Compute Canada CVMFS GPG key + apt_key: + url: https://package.computecanada.ca/yum/cc-cvmfs-public/RPM-GPG-KEY-CC-CVMFS-1 + state: present + validate_certs: yes + when: '"cvmfs-config-computecanada" in cvmfs_configuration' + +# Target hosts will need internet access anyway to install the actual packages via apt, so we might as well +# install the apt config from the internet as well - if a version is not already installed. +# There is no benefit to abstracting this with the apt_repository module, and doing so would break idempotence +# because these packages update themselves via their own apt repositories. + +- name: Install CernVM apt repository + apt: + deb: https://ecsft.cern.ch/dist/cvmfs/cvmfs-release/cvmfs-release-latest_all.deb + state: present + when: ansible_facts.packages['cvmfs-release'] is not defined + +# Todo: repository configuration for apt missing +# - name: Install Compute Canada apt repository +# apt: +# name: https://package.computecanada.ca/yum/cc-cvmfs-public/prod/other/computecanada-release-latest.noarch.rpm +# state: present +# validate_certs: yes +# when: +# - '"cvmfs-config-computecanada" in cvmfs_configuration' +# - ansible_facts.packages['computecanada-release'] is not defined + +# This task can be removed once the Compute Canada apt repository is configured +- name: Workaround - install compute canada config package directly from URL + apt: + deb: "https://package.computecanada.ca/yum/cc-cvmfs-public/prod/other/cvmfs-config-computecanada-latest.all.deb" + update_cache: true + when: + - '"cvmfs-config-computecanada" in cvmfs_configuration' + +- name: Install other prerequisite packages + apt: + name: ['lvm2'] + when: cvmfs_client_configure_storage | bool + +- name: Install CVMFS client and configuration packages + apt: + name: "['cvmfs'] + {{ cvmfs_configuration }}" \ No newline at end of file diff --git a/tasks/main.yml b/tasks/main.yml index 4fb9fcd..13174a6 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -5,12 +5,11 @@ check_mode: no tags: - yum + - apt -- { import_tasks: keys.yml, tags: ['cvmfs', 'keys'] } -- { import_tasks: yum.yml, tags: ['cvmfs', 'yum'] } - { import_tasks: users.yml, tags: ['cvmfs', 'users'] } - { import_tasks: storage.yml, tags: ['cvmfs', 'storage'], when: cvmfs_client_configure_storage | bool } -- { import_tasks: packages.yml, tags: ['cvmfs', 'packages'] } +- { import_tasks: redhat.yml, tags: ['cvmfs', 'packages','keys','yum'], when: ansible_os_family == 'RedHat' } +- { import_tasks: debian.yml, tags: ['cvmfs', 'packages','keys','apt'], when: ansible_os_family == 'Debian' } - { import_tasks: config.yml, tags: ['cvmfs', 'config'] } - { import_tasks: test.yml, tags: ['cvmfs', 'test'] } - diff --git a/tasks/packages.yml b/tasks/packages.yml deleted file mode 100644 index aace0ca..0000000 --- a/tasks/packages.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- - -- name: Install CVMFS client and configuration packages - yum: - name: "['cvmfs'] + {{ cvmfs_auto_setup_package }} + {{ cvmfs_configuration }}" - vars: - cvmfs_auto_setup_package: "{{ ['cvmfs-auto-setup'] if cvmfs_auto_setup|bool else [] }}" diff --git a/tasks/keys.yml b/tasks/redhat.yml similarity index 52% rename from tasks/keys.yml rename to tasks/redhat.yml index fc5f80f..9bca6f6 100644 --- a/tasks/keys.yml +++ b/tasks/redhat.yml @@ -24,3 +24,35 @@ validate_certs: yes fingerprint: "C0C4 0F04 70A3 6AF2 7CC4 4D5A 3B9F C55A CF21 4CFC" when: '"cvmfs-config-computecanada" in cvmfs_configuration' + +# Target hosts will need internet access anyway to install the actual packages via yum, so we might as well +# install the yum config from the internet as well - if a version is not already installed. +# There is no benefit to abstracting this with the yum_repository module, and doing so would break idempotence +# because these packages update themselves via their own yum repositories. + +- name: Install CernVM yum repository + yum: + name: https://ecsft.cern.ch/dist/cvmfs/cvmfs-release/cvmfs-release-latest.noarch.rpm + state: present + validate_certs: yes + when: ansible_facts.packages['cvmfs-release'] is not defined + +- name: Install Compute Canada yum repository + yum: + name: https://package.computecanada.ca/yum/cc-cvmfs-public/prod/RPM/computecanada-release-latest.noarch.rpm + state: present + validate_certs: yes + when: + - '"cvmfs-config-computecanada" in cvmfs_configuration' + - ansible_facts.packages['computecanada-release'] is not defined + +- name: Install other prerequisite packages + yum: + name: [ 'lvm2' ] + when: cvmfs_client_configure_storage | bool + +- name: Install CVMFS client and configuration packages + yum: + name: "['cvmfs'] + {{ cvmfs_auto_setup_package }} + {{ cvmfs_configuration }}" + vars: + cvmfs_auto_setup_package: "{{ ['cvmfs-auto-setup'] if cvmfs_auto_setup|bool else [] }}" diff --git a/tasks/test.yml b/tasks/test.yml index fd24a41..87b2bca 100644 --- a/tasks/test.yml +++ b/tasks/test.yml @@ -1,5 +1,3 @@ ---- - # TODO improve this: it may print warnings, but the output is not shown - name: CVMFS check setup command: /usr/bin/cvmfs_config chksetup @@ -9,4 +7,3 @@ command: /usr/bin/cvmfs_config probe changed_when: false check_mode: no - diff --git a/tasks/yum.yml b/tasks/yum.yml deleted file mode 100644 index 02daba3..0000000 --- a/tasks/yum.yml +++ /dev/null @@ -1,28 +0,0 @@ ---- - -# Target hosts will need internet access anyway to install the actual packages via yum, so we might as well -# install the yum config from the internet as well - if a version is not already installed. -# There is no benefit to abstracting this with the yum_repository module, and doing so would break idempotence -# because these packages update themselves via their own yum repositories. - -- name: Install CernVM yum repository - yum: - name: https://ecsft.cern.ch/dist/cvmfs/cvmfs-release/cvmfs-release-latest.noarch.rpm - state: present - validate_certs: yes - when: ansible_facts.packages['cvmfs-release'] is not defined - -- name: Install Compute Canada yum repository - yum: - name: https://package.computecanada.ca/yum/cc-cvmfs-public/prod/RPM/computecanada-release-latest.noarch.rpm - state: present - validate_certs: yes - when: - - '"cvmfs-config-computecanada" in cvmfs_configuration' - - ansible_facts.packages['computecanada-release'] is not defined - -- name: Install other prerequisite packages - yum: - name: [ 'lvm2' ] - when: cvmfs_client_configure_storage | bool -