From e95447203ab1433bc9043458ba0c4a9e85a9794d Mon Sep 17 00:00:00 2001 From: Michael Saki Date: Fri, 18 Aug 2023 15:28:38 -0500 Subject: [PATCH 1/6] Add systemd-enabled molecule scenario --- .github/workflows/build.yml | 1 + .pre-commit-config.yaml | 2 +- molecule/systemd-enabled/INSTALL.rst | 1 + molecule/systemd-enabled/converge.yml | 1 + .../systemd-enabled/molecule-no-systemd.yml | 1 + .../systemd-enabled/molecule-with-systemd.yml | 97 +++++++++++++++++++ molecule/systemd-enabled/molecule.yml | 1 + molecule/systemd-enabled/prepare.yml | 1 + molecule/systemd-enabled/requirements.yml | 1 + .../systemd-enabled/tests/test_default.py | 1 + molecule/systemd-enabled/upgrade.yml | 1 + 11 files changed, 107 insertions(+), 1 deletion(-) create mode 120000 molecule/systemd-enabled/INSTALL.rst create mode 120000 molecule/systemd-enabled/converge.yml create mode 120000 molecule/systemd-enabled/molecule-no-systemd.yml create mode 100644 molecule/systemd-enabled/molecule-with-systemd.yml create mode 120000 molecule/systemd-enabled/molecule.yml create mode 120000 molecule/systemd-enabled/prepare.yml create mode 120000 molecule/systemd-enabled/requirements.yml create mode 120000 molecule/systemd-enabled/tests/test_default.py create mode 120000 molecule/systemd-enabled/upgrade.yml diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 2a79d87..bc24d06 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -149,6 +149,7 @@ jobs: matrix: scenario: - default + - systemd-enabled steps: - id: harden-runner name: Harden the runner diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 9ea185a..caba9b1 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -111,7 +111,7 @@ repos: hooks: - id: bandit # Bandit complains about the use of assert() in tests - exclude: molecule/default/tests + exclude: molecule/(default|systemd-enabled)/tests args: - --config=.bandit.yml - repo: https://github.com/psf/black-pre-commit-mirror diff --git a/molecule/systemd-enabled/INSTALL.rst b/molecule/systemd-enabled/INSTALL.rst new file mode 120000 index 0000000..42b71d5 --- /dev/null +++ b/molecule/systemd-enabled/INSTALL.rst @@ -0,0 +1 @@ +../default/INSTALL.rst \ No newline at end of file diff --git a/molecule/systemd-enabled/converge.yml b/molecule/systemd-enabled/converge.yml new file mode 120000 index 0000000..73cb8da --- /dev/null +++ b/molecule/systemd-enabled/converge.yml @@ -0,0 +1 @@ +../default/converge.yml \ No newline at end of file diff --git a/molecule/systemd-enabled/molecule-no-systemd.yml b/molecule/systemd-enabled/molecule-no-systemd.yml new file mode 120000 index 0000000..6b254f5 --- /dev/null +++ b/molecule/systemd-enabled/molecule-no-systemd.yml @@ -0,0 +1 @@ +../default/molecule-no-systemd.yml \ No newline at end of file diff --git a/molecule/systemd-enabled/molecule-with-systemd.yml b/molecule/systemd-enabled/molecule-with-systemd.yml new file mode 100644 index 0000000..2a0d816 --- /dev/null +++ b/molecule/systemd-enabled/molecule-with-systemd.yml @@ -0,0 +1,97 @@ +--- +# This molecule configuration file is suitable for testing Ansible +# roles that _do_ require SystemD. If your Ansible role _does not_ +# require SystemD then you should use molecule-no-systemd.yml instead. +# +# Note that the molecule configuration file that is symlinked to +# molecule.yml is the one that will be used. +dependency: + name: galaxy +driver: + name: docker +platforms: + - cgroupns_mode: host + command: /lib/systemd/systemd + image: geerlingguy/docker-amazonlinux2023-ansible:latest + name: amazonlinux2023-systemd + platform: amd64 + pre_build_image: yes + privileged: yes + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:rw + - cgroupns_mode: host + command: /lib/systemd/systemd + image: geerlingguy/docker-debian10-ansible:latest + name: debian10-systemd + platform: amd64 + pre_build_image: yes + privileged: yes + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:rw + - cgroupns_mode: host + command: /lib/systemd/systemd + image: geerlingguy/docker-debian11-ansible:latest + name: debian11-systemd + platform: amd64 + pre_build_image: yes + privileged: yes + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:rw + - cgroupns_mode: host + command: /lib/systemd/systemd + image: cisagov/docker-debian12-ansible:latest + name: debian12-systemd + platform: amd64 + pre_build_image: yes + privileged: yes + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:rw + - cgroupns_mode: host + command: /lib/systemd/systemd + image: cisagov/docker-kali-ansible:latest + name: kali-systemd + platform: amd64 + pre_build_image: yes + privileged: yes + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:rw + - cgroupns_mode: host + command: /lib/systemd/systemd + image: geerlingguy/docker-fedora37-ansible:latest + name: fedora37-systemd + platform: amd64 + pre_build_image: yes + privileged: yes + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:rw + - cgroupns_mode: host + command: /lib/systemd/systemd + image: geerlingguy/docker-fedora38-ansible:latest + name: fedora38-systemd + platform: amd64 + pre_build_image: yes + privileged: yes + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:rw + - cgroupns_mode: host + command: /lib/systemd/systemd + image: geerlingguy/docker-ubuntu2004-ansible:latest + name: ubuntu-20-systemd + platform: amd64 + pre_build_image: yes + privileged: yes + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:rw + - cgroupns_mode: host + command: /lib/systemd/systemd + image: geerlingguy/docker-ubuntu2204-ansible:latest + name: ubuntu-22-systemd + platform: amd64 + pre_build_image: yes + privileged: yes + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:rw +scenario: + name: systemd-enabled +verifier: + name: testinfra diff --git a/molecule/systemd-enabled/molecule.yml b/molecule/systemd-enabled/molecule.yml new file mode 120000 index 0000000..dcffcb2 --- /dev/null +++ b/molecule/systemd-enabled/molecule.yml @@ -0,0 +1 @@ +molecule-with-systemd.yml \ No newline at end of file diff --git a/molecule/systemd-enabled/prepare.yml b/molecule/systemd-enabled/prepare.yml new file mode 120000 index 0000000..1c017d9 --- /dev/null +++ b/molecule/systemd-enabled/prepare.yml @@ -0,0 +1 @@ +../default/prepare.yml \ No newline at end of file diff --git a/molecule/systemd-enabled/requirements.yml b/molecule/systemd-enabled/requirements.yml new file mode 120000 index 0000000..b6f4a01 --- /dev/null +++ b/molecule/systemd-enabled/requirements.yml @@ -0,0 +1 @@ +../default/requirements.yml \ No newline at end of file diff --git a/molecule/systemd-enabled/tests/test_default.py b/molecule/systemd-enabled/tests/test_default.py new file mode 120000 index 0000000..bc5a562 --- /dev/null +++ b/molecule/systemd-enabled/tests/test_default.py @@ -0,0 +1 @@ +../../default/tests/test_default.py \ No newline at end of file diff --git a/molecule/systemd-enabled/upgrade.yml b/molecule/systemd-enabled/upgrade.yml new file mode 120000 index 0000000..47a9638 --- /dev/null +++ b/molecule/systemd-enabled/upgrade.yml @@ -0,0 +1 @@ +../default/upgrade.yml \ No newline at end of file From 8deb1f91c7c44a64a951cb85d609f4b2f348960f Mon Sep 17 00:00:00 2001 From: Michael Saki Date: Mon, 21 Aug 2023 10:53:24 -0500 Subject: [PATCH 2/6] Change symlink for molecule.yml to default scenario --- molecule/systemd_enabled/molecule.yml | 1 + 1 file changed, 1 insertion(+) create mode 120000 molecule/systemd_enabled/molecule.yml diff --git a/molecule/systemd_enabled/molecule.yml b/molecule/systemd_enabled/molecule.yml new file mode 120000 index 0000000..29dc0fa --- /dev/null +++ b/molecule/systemd_enabled/molecule.yml @@ -0,0 +1 @@ +../default/molecule-with-systemd.yml \ No newline at end of file From ce845dcbd127c9e5a50512c810a4490856b76306 Mon Sep 17 00:00:00 2001 From: Michael Saki Date: Mon, 21 Aug 2023 10:54:08 -0500 Subject: [PATCH 3/6] Rename molecule scenario to systemd_enabled --- molecule/systemd-enabled/molecule.yml | 1 - molecule/{systemd-enabled => systemd_enabled}/INSTALL.rst | 0 molecule/{systemd-enabled => systemd_enabled}/converge.yml | 0 .../{systemd-enabled => systemd_enabled}/molecule-no-systemd.yml | 0 .../molecule-with-systemd.yml | 0 molecule/{systemd-enabled => systemd_enabled}/prepare.yml | 0 molecule/{systemd-enabled => systemd_enabled}/requirements.yml | 0 .../{systemd-enabled => systemd_enabled}/tests/test_default.py | 0 molecule/{systemd-enabled => systemd_enabled}/upgrade.yml | 0 9 files changed, 1 deletion(-) delete mode 120000 molecule/systemd-enabled/molecule.yml rename molecule/{systemd-enabled => systemd_enabled}/INSTALL.rst (100%) rename molecule/{systemd-enabled => systemd_enabled}/converge.yml (100%) rename molecule/{systemd-enabled => systemd_enabled}/molecule-no-systemd.yml (100%) rename molecule/{systemd-enabled => systemd_enabled}/molecule-with-systemd.yml (100%) rename molecule/{systemd-enabled => systemd_enabled}/prepare.yml (100%) rename molecule/{systemd-enabled => systemd_enabled}/requirements.yml (100%) rename molecule/{systemd-enabled => systemd_enabled}/tests/test_default.py (100%) rename molecule/{systemd-enabled => systemd_enabled}/upgrade.yml (100%) diff --git a/molecule/systemd-enabled/molecule.yml b/molecule/systemd-enabled/molecule.yml deleted file mode 120000 index dcffcb2..0000000 --- a/molecule/systemd-enabled/molecule.yml +++ /dev/null @@ -1 +0,0 @@ -molecule-with-systemd.yml \ No newline at end of file diff --git a/molecule/systemd-enabled/INSTALL.rst b/molecule/systemd_enabled/INSTALL.rst similarity index 100% rename from molecule/systemd-enabled/INSTALL.rst rename to molecule/systemd_enabled/INSTALL.rst diff --git a/molecule/systemd-enabled/converge.yml b/molecule/systemd_enabled/converge.yml similarity index 100% rename from molecule/systemd-enabled/converge.yml rename to molecule/systemd_enabled/converge.yml diff --git a/molecule/systemd-enabled/molecule-no-systemd.yml b/molecule/systemd_enabled/molecule-no-systemd.yml similarity index 100% rename from molecule/systemd-enabled/molecule-no-systemd.yml rename to molecule/systemd_enabled/molecule-no-systemd.yml diff --git a/molecule/systemd-enabled/molecule-with-systemd.yml b/molecule/systemd_enabled/molecule-with-systemd.yml similarity index 100% rename from molecule/systemd-enabled/molecule-with-systemd.yml rename to molecule/systemd_enabled/molecule-with-systemd.yml diff --git a/molecule/systemd-enabled/prepare.yml b/molecule/systemd_enabled/prepare.yml similarity index 100% rename from molecule/systemd-enabled/prepare.yml rename to molecule/systemd_enabled/prepare.yml diff --git a/molecule/systemd-enabled/requirements.yml b/molecule/systemd_enabled/requirements.yml similarity index 100% rename from molecule/systemd-enabled/requirements.yml rename to molecule/systemd_enabled/requirements.yml diff --git a/molecule/systemd-enabled/tests/test_default.py b/molecule/systemd_enabled/tests/test_default.py similarity index 100% rename from molecule/systemd-enabled/tests/test_default.py rename to molecule/systemd_enabled/tests/test_default.py diff --git a/molecule/systemd-enabled/upgrade.yml b/molecule/systemd_enabled/upgrade.yml similarity index 100% rename from molecule/systemd-enabled/upgrade.yml rename to molecule/systemd_enabled/upgrade.yml From d25c30b85b381a6b89a71767868dfb2ddb2ce395 Mon Sep 17 00:00:00 2001 From: Michael Saki Date: Mon, 21 Aug 2023 14:30:44 -0500 Subject: [PATCH 4/6] Fix typos for systemd_enabled --- .github/workflows/build.yml | 2 +- .pre-commit-config.yaml | 2 +- molecule/systemd_enabled/molecule-with-systemd.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index bc24d06..be2fff7 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -149,7 +149,7 @@ jobs: matrix: scenario: - default - - systemd-enabled + - systemd_enabled steps: - id: harden-runner name: Harden the runner diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index caba9b1..efe389b 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -111,7 +111,7 @@ repos: hooks: - id: bandit # Bandit complains about the use of assert() in tests - exclude: molecule/(default|systemd-enabled)/tests + exclude: molecule/(default|systemd_enabled)/tests args: - --config=.bandit.yml - repo: https://github.com/psf/black-pre-commit-mirror diff --git a/molecule/systemd_enabled/molecule-with-systemd.yml b/molecule/systemd_enabled/molecule-with-systemd.yml index 2a0d816..46056c2 100644 --- a/molecule/systemd_enabled/molecule-with-systemd.yml +++ b/molecule/systemd_enabled/molecule-with-systemd.yml @@ -92,6 +92,6 @@ platforms: volumes: - /sys/fs/cgroup:/sys/fs/cgroup:rw scenario: - name: systemd-enabled + name: systemd_enabled verifier: name: testinfra From dded0d24cf3be65201f9f4037b3f7fdfcf006193 Mon Sep 17 00:00:00 2001 From: Michael Saki Date: Mon, 21 Aug 2023 14:31:59 -0500 Subject: [PATCH 5/6] Add systemd_enabled scenario to molecule.yml --- molecule/systemd_enabled/molecule.yml | 98 ++++++++++++++++++++++++++- 1 file changed, 97 insertions(+), 1 deletion(-) mode change 120000 => 100644 molecule/systemd_enabled/molecule.yml diff --git a/molecule/systemd_enabled/molecule.yml b/molecule/systemd_enabled/molecule.yml deleted file mode 120000 index 29dc0fa..0000000 --- a/molecule/systemd_enabled/molecule.yml +++ /dev/null @@ -1 +0,0 @@ -../default/molecule-with-systemd.yml \ No newline at end of file diff --git a/molecule/systemd_enabled/molecule.yml b/molecule/systemd_enabled/molecule.yml new file mode 100644 index 0000000..46056c2 --- /dev/null +++ b/molecule/systemd_enabled/molecule.yml @@ -0,0 +1,97 @@ +--- +# This molecule configuration file is suitable for testing Ansible +# roles that _do_ require SystemD. If your Ansible role _does not_ +# require SystemD then you should use molecule-no-systemd.yml instead. +# +# Note that the molecule configuration file that is symlinked to +# molecule.yml is the one that will be used. +dependency: + name: galaxy +driver: + name: docker +platforms: + - cgroupns_mode: host + command: /lib/systemd/systemd + image: geerlingguy/docker-amazonlinux2023-ansible:latest + name: amazonlinux2023-systemd + platform: amd64 + pre_build_image: yes + privileged: yes + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:rw + - cgroupns_mode: host + command: /lib/systemd/systemd + image: geerlingguy/docker-debian10-ansible:latest + name: debian10-systemd + platform: amd64 + pre_build_image: yes + privileged: yes + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:rw + - cgroupns_mode: host + command: /lib/systemd/systemd + image: geerlingguy/docker-debian11-ansible:latest + name: debian11-systemd + platform: amd64 + pre_build_image: yes + privileged: yes + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:rw + - cgroupns_mode: host + command: /lib/systemd/systemd + image: cisagov/docker-debian12-ansible:latest + name: debian12-systemd + platform: amd64 + pre_build_image: yes + privileged: yes + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:rw + - cgroupns_mode: host + command: /lib/systemd/systemd + image: cisagov/docker-kali-ansible:latest + name: kali-systemd + platform: amd64 + pre_build_image: yes + privileged: yes + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:rw + - cgroupns_mode: host + command: /lib/systemd/systemd + image: geerlingguy/docker-fedora37-ansible:latest + name: fedora37-systemd + platform: amd64 + pre_build_image: yes + privileged: yes + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:rw + - cgroupns_mode: host + command: /lib/systemd/systemd + image: geerlingguy/docker-fedora38-ansible:latest + name: fedora38-systemd + platform: amd64 + pre_build_image: yes + privileged: yes + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:rw + - cgroupns_mode: host + command: /lib/systemd/systemd + image: geerlingguy/docker-ubuntu2004-ansible:latest + name: ubuntu-20-systemd + platform: amd64 + pre_build_image: yes + privileged: yes + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:rw + - cgroupns_mode: host + command: /lib/systemd/systemd + image: geerlingguy/docker-ubuntu2204-ansible:latest + name: ubuntu-22-systemd + platform: amd64 + pre_build_image: yes + privileged: yes + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:rw +scenario: + name: systemd_enabled +verifier: + name: testinfra From a6e294993e779e91b24a26ae6ab3042b66fe7037 Mon Sep 17 00:00:00 2001 From: Michael Saki Date: Mon, 18 Sep 2023 16:03:31 -0500 Subject: [PATCH 6/6] Add symlink to the default scenario molecule-with-systemd --- .../systemd_enabled/molecule-with-systemd.yml | 98 +------------------ 1 file changed, 1 insertion(+), 97 deletions(-) mode change 100644 => 120000 molecule/systemd_enabled/molecule-with-systemd.yml diff --git a/molecule/systemd_enabled/molecule-with-systemd.yml b/molecule/systemd_enabled/molecule-with-systemd.yml deleted file mode 100644 index 46056c2..0000000 --- a/molecule/systemd_enabled/molecule-with-systemd.yml +++ /dev/null @@ -1,97 +0,0 @@ ---- -# This molecule configuration file is suitable for testing Ansible -# roles that _do_ require SystemD. If your Ansible role _does not_ -# require SystemD then you should use molecule-no-systemd.yml instead. -# -# Note that the molecule configuration file that is symlinked to -# molecule.yml is the one that will be used. -dependency: - name: galaxy -driver: - name: docker -platforms: - - cgroupns_mode: host - command: /lib/systemd/systemd - image: geerlingguy/docker-amazonlinux2023-ansible:latest - name: amazonlinux2023-systemd - platform: amd64 - pre_build_image: yes - privileged: yes - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:rw - - cgroupns_mode: host - command: /lib/systemd/systemd - image: geerlingguy/docker-debian10-ansible:latest - name: debian10-systemd - platform: amd64 - pre_build_image: yes - privileged: yes - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:rw - - cgroupns_mode: host - command: /lib/systemd/systemd - image: geerlingguy/docker-debian11-ansible:latest - name: debian11-systemd - platform: amd64 - pre_build_image: yes - privileged: yes - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:rw - - cgroupns_mode: host - command: /lib/systemd/systemd - image: cisagov/docker-debian12-ansible:latest - name: debian12-systemd - platform: amd64 - pre_build_image: yes - privileged: yes - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:rw - - cgroupns_mode: host - command: /lib/systemd/systemd - image: cisagov/docker-kali-ansible:latest - name: kali-systemd - platform: amd64 - pre_build_image: yes - privileged: yes - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:rw - - cgroupns_mode: host - command: /lib/systemd/systemd - image: geerlingguy/docker-fedora37-ansible:latest - name: fedora37-systemd - platform: amd64 - pre_build_image: yes - privileged: yes - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:rw - - cgroupns_mode: host - command: /lib/systemd/systemd - image: geerlingguy/docker-fedora38-ansible:latest - name: fedora38-systemd - platform: amd64 - pre_build_image: yes - privileged: yes - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:rw - - cgroupns_mode: host - command: /lib/systemd/systemd - image: geerlingguy/docker-ubuntu2004-ansible:latest - name: ubuntu-20-systemd - platform: amd64 - pre_build_image: yes - privileged: yes - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:rw - - cgroupns_mode: host - command: /lib/systemd/systemd - image: geerlingguy/docker-ubuntu2204-ansible:latest - name: ubuntu-22-systemd - platform: amd64 - pre_build_image: yes - privileged: yes - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:rw -scenario: - name: systemd_enabled -verifier: - name: testinfra diff --git a/molecule/systemd_enabled/molecule-with-systemd.yml b/molecule/systemd_enabled/molecule-with-systemd.yml new file mode 120000 index 0000000..29dc0fa --- /dev/null +++ b/molecule/systemd_enabled/molecule-with-systemd.yml @@ -0,0 +1 @@ +../default/molecule-with-systemd.yml \ No newline at end of file