Add separate scenario for Archlinux with custom Dockerfile
This commit is contained in:
parent
ad499e949f
commit
6a491d63f0
|
@ -0,0 +1,7 @@
|
||||||
|
FROM archlinux:latest
|
||||||
|
ENV container=docker
|
||||||
|
|
||||||
|
RUN pacman -Sy --noconfirm python
|
||||||
|
|
||||||
|
VOLUME ["/sys/fs/cgroup", "/tmp", "/run"]
|
||||||
|
CMD ["/usr/sbin/init"]
|
|
@ -0,0 +1,9 @@
|
||||||
|
---
|
||||||
|
- name: Converge
|
||||||
|
hosts: all
|
||||||
|
gather_facts: yes
|
||||||
|
roles:
|
||||||
|
- role: ipr-cnrs.nftables
|
||||||
|
nft_debug: true
|
||||||
|
# can't remove iptables on an instance with docker
|
||||||
|
nft_old_pkg_manage: false
|
|
@ -0,0 +1,19 @@
|
||||||
|
---
|
||||||
|
dependency:
|
||||||
|
name: galaxy
|
||||||
|
driver:
|
||||||
|
name: docker
|
||||||
|
platforms:
|
||||||
|
- name: archlinux
|
||||||
|
image: archlinux:latest
|
||||||
|
command: /usr/sbin/init
|
||||||
|
privileged: true
|
||||||
|
volumes:
|
||||||
|
- /sys/fs/cgroup:/sys/fs/cgroup:ro
|
||||||
|
tmpfs:
|
||||||
|
- /run
|
||||||
|
- /tmp
|
||||||
|
provisioner:
|
||||||
|
name: ansible
|
||||||
|
verifier:
|
||||||
|
name: ansible
|
|
@ -0,0 +1,72 @@
|
||||||
|
---
|
||||||
|
# This is an example playbook to execute Ansible tests.
|
||||||
|
|
||||||
|
- name: Verify
|
||||||
|
hosts: all
|
||||||
|
gather_facts: false
|
||||||
|
tasks:
|
||||||
|
|
||||||
|
- name: check for nftables.d
|
||||||
|
stat:
|
||||||
|
path: /etc/nftables.d
|
||||||
|
register: p
|
||||||
|
|
||||||
|
- name: check nftables.d
|
||||||
|
assert:
|
||||||
|
that:
|
||||||
|
- p.stat.exists and p.stat.isdir
|
||||||
|
|
||||||
|
- name: check for nftables.conf
|
||||||
|
stat:
|
||||||
|
path: /etc/nftables.conf
|
||||||
|
register: p
|
||||||
|
|
||||||
|
- name: check nftables.conf
|
||||||
|
assert:
|
||||||
|
that:
|
||||||
|
- p.stat.exists
|
||||||
|
|
||||||
|
- name: check for nftables.conf
|
||||||
|
stat:
|
||||||
|
path: /etc/nftables.d/filter-input.nft
|
||||||
|
register: p
|
||||||
|
|
||||||
|
- name: check filter-input.nft
|
||||||
|
assert:
|
||||||
|
that:
|
||||||
|
- p.stat.exists
|
||||||
|
|
||||||
|
- name: list rules
|
||||||
|
command: nft list ruleset
|
||||||
|
register: nft
|
||||||
|
|
||||||
|
- name: debug rules
|
||||||
|
debug: var=nft
|
||||||
|
|
||||||
|
- name: check rules
|
||||||
|
assert:
|
||||||
|
that:
|
||||||
|
# The whole line is:
|
||||||
|
# type filter hook input priority 0; policy drop;
|
||||||
|
# However on CentOS will return "priority 0", while Debian will
|
||||||
|
# show "priority filter"
|
||||||
|
- '"type filter hook input" in nft.stdout'
|
||||||
|
- '"type filter hook output" in nft.stdout'
|
||||||
|
|
||||||
|
- name: service status - active
|
||||||
|
command: systemctl is-active nftables.service
|
||||||
|
register: status
|
||||||
|
|
||||||
|
- name: check service status
|
||||||
|
assert:
|
||||||
|
that:
|
||||||
|
- 'status.stdout == "active"'
|
||||||
|
|
||||||
|
- name: service status - enabled
|
||||||
|
command: systemctl is-enabled nftables.service
|
||||||
|
register: status
|
||||||
|
|
||||||
|
- name: check service status
|
||||||
|
assert:
|
||||||
|
that:
|
||||||
|
- 'status.stdout == "enabled"'
|
|
@ -43,15 +43,6 @@ platforms:
|
||||||
# volumes:
|
# volumes:
|
||||||
# - /sys/fs/cgroup:/sys/fs/cgroup:ro
|
# - /sys/fs/cgroup:/sys/fs/cgroup:ro
|
||||||
|
|
||||||
# - name: archlinux
|
|
||||||
# image: archlinux:latest
|
|
||||||
# command: /usr/sbin/init
|
|
||||||
# privileged: true
|
|
||||||
# volumes:
|
|
||||||
# - /sys/fs/cgroup:/sys/fs/cgroup:ro
|
|
||||||
# tmpfs:
|
|
||||||
# - /run
|
|
||||||
# - /tmp
|
|
||||||
|
|
||||||
provisioner:
|
provisioner:
|
||||||
name: ansible
|
name: ansible
|
||||||
|
|
Loading…
Reference in New Issue