Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

test: Ensure cleanup and proper service state on ostree #150

Merged
merged 1 commit into from
Feb 26, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 10 additions & 0 deletions tests/tasks/cleanup.yml
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,16 @@
- always
- tests::cleanup

- name: Cleanup - services
service:
name: "{{ __cockpit_daemon }}"
state: stopped
enabled: false
when: __cockpit_is_ostree | d(false)
tags:
- always
- tests::cleanup

- name: Cleanup - find certificates
find:
paths: /etc/cockpit/ws-certs.d/
Expand Down
16 changes: 13 additions & 3 deletions tests/tests_certificate_existing.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,14 +2,16 @@
# yamllint disable rule:line-length
- name: Test using an existing certificate with cockpit
hosts: all
roles:
- role: linux-system-roles.cockpit
tasks:
- name: Include role
include_role:
name: linux-system-roles.cockpit
public: true
vars:
cockpit_packages: minimal
cockpit_cert: /etc/myserver.crt
cockpit_private_key: /etc/myserver.key

tasks:
- name: Collect installed package versions
package_facts:

Expand All @@ -26,6 +28,14 @@
args:
creates: /etc/myserver.crt

# ostree cannot remove packages and cannot cleanup properly
# this works around that issue
- name: Restart cockpit to use the new certificates
service:
name: "{{ __cockpit_daemon }}"
state: restarted
when: __cockpit_is_ostree | d(false)

- name: Test - cockpit works with TLS and expected certificate
# noqa command-instead-of-module
command:
Expand Down
28 changes: 16 additions & 12 deletions tests/tests_certificate_external.yml
Original file line number Diff line number Diff line change
@@ -1,20 +1,16 @@
---
# yamllint disable rule:line-length
# This approach relies on https://github.com/linux-system-roles/certificate/pull/97 and cockpit ≥ 211,
# so it does not work on RHEL/CentOS 7. tests_certificate_runafter.yml covers an approach which
# works everywhere, but has to use a `runafter` script.
- name: Install cockpit
hosts: all
vars:
cockpit_packages: minimal
roles:
- linux-system-roles.cockpit

- name: Generate self-signed certmonger certificate
- name: Test with generated self-signed certmonger certificate
hosts: all
tasks:
- name: Tests
block:
- name: Include role
include_role:
name: linux-system-roles.cockpit
public: true
vars:
cockpit_packages: minimal

- name: Collect installed package versions
package_facts:

Expand All @@ -41,6 +37,14 @@
ca: self-sign
group: cockpit-ws

# ostree cannot remove packages and cannot cleanup properly
# this works around that issue
- name: Restart cockpit to use the new certificates
service:
name: "{{ __cockpit_daemon }}"
state: restarted
when: __cockpit_is_ostree | d(false)

#
# Validate installation
#
Expand Down
9 changes: 9 additions & 0 deletions tests/tests_certificate_internal.yml
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@
group: cockpit-ws
include_role:
name: linux-system-roles.cockpit
public: true
rescue:
- name: Check the error message
vars:
Expand All @@ -42,6 +43,14 @@
- name: Collect installed package versions
package_facts:

# ostree cannot remove packages and cannot cleanup properly
# this works around that issue
- name: Restart cockpit to use the new certificates
service:
name: "{{ __cockpit_daemon }}"
state: restarted
when: __cockpit_is_ostree | d(false)

# Validate installation
- name: Test - cockpit works with TLS and expected certificate
# noqa command-instead-of-module
Expand Down
9 changes: 9 additions & 0 deletions tests/tests_certificate_runafter.yml
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@
cockpit_packages: minimal
include_role:
name: linux-system-roles.cockpit
public: true

# self-signed is broken (https://github.com/linux-system-roles/certificate/issues/98),
# and has too restrictive keyUsage so that using the certificate as CA is not allowed
Expand Down Expand Up @@ -47,6 +48,14 @@

- name: Validate installation
block:
# ostree cannot remove packages and cannot cleanup properly
# this works around that issue
- name: Restart cockpit to use the new certificates
service:
name: "{{ __cockpit_daemon }}"
state: restarted
when: __cockpit_is_ostree | d(false)

# ugh, is there really no better way to do that?
- name: Get PEM of certmonger's local CA
command:
Expand Down
1 change: 1 addition & 0 deletions tests/tests_port.yml
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@
- name: Run cockpit role
include_role:
name: linux-system-roles.cockpit
public: true
vars:
cockpit_packages: minimal
cockpit_port: 443
Expand Down
Loading