Run tests with macOS 10.15. (#112)

* Run tests with macOS 10.15. * Update prepare_http_tests as in https://github.com/ansible/ansible/pull/71841/files. * Also skip luks_device tests on macOS. * Temporarily restrict to macOS/OSX nodes. * Show full OpenSSL version. * Show pyOpenSSL debug details. * Make location of openssl binary configurable. * Try to upgrade openssl on macOS when LibreSSL is found. * Use other variable. * Use found binary instead of default. * Revert "Temporarily restrict to macOS/OSX nodes." This reverts commit ea379382e5. ci_complete * Avoid crashing when OpenSSL.debug does not exist. * Combine setup_openssl_cli with setup_openssl * Split up setup_openssl in setup_openssl (openssl + cryptography) and setup_pyopenssl. * Fix package name. * Don't install cryptography on CentOS 6, print environment. * Work around ansible-test limitation.
2026-03-26 21:33:25 +00:00 · 2020-11-03 08:45:32 +01:00
parent 7559e912f1
commit ec55161cb1
47 changed files with 271 additions and 134 deletions
--- a/tests/integration/targets/setup_openssl/tasks/main.yml
+++ b/tests/integration/targets/setup_openssl/tasks/main.yml
@@ -4,43 +4,95 @@
 # and should not be used as examples of how to write Ansible roles #
 ####################################################################

+- name: Register system environment
+  command: "{{ ansible_python.executable }} -c 'import os; print(dict(os.environ))'"
+  register: sys_environment
+
+- debug: var=sys_environment
+
+- name: Default value for OpenSSL binary path
+  set_fact:
+    openssl_binary: openssl
+
 - name: Include OS-specific variables
  include_vars: '{{ ansible_os_family }}.yml'
  when: not ansible_os_family == "Darwin"

 - name: Install OpenSSL
-  become: True
+  become: true
  package:
    name: '{{ openssl_package_name }}'
  when: not ansible_os_family == 'Darwin'

- name: Install pyOpenSSL (Python 3)
-  become: True
-  package:
-    name: '{{ pyopenssl_package_name_python3 }}'
-  when: not ansible_os_family == 'Darwin' and ansible_python_version is version('3.0', '>=')
+- name: Register openssl version (full)
+  shell: "{{ openssl_binary }} version"
+  register: openssl_version_full

- name: Install pyOpenSSL (Python 2)
-  become: True
-  package:
-    name: '{{ pyopenssl_package_name }}'
-  when: not ansible_os_family == 'Darwin' and ansible_python_version is version('3.0', '<')
+- name: Show openssl version (full)
+  debug:
+    var: openssl_version_full.stdout_lines

- name: Install pyOpenSSL (Darwin)
-  become: True
-  pip:
-    name: pyOpenSSL
-    extra_args: "-c {{ remote_constraints }}"
-  when: ansible_os_family == 'Darwin'
+- when: ansible_os_family == "Darwin" and "LibreSSL" in openssl_version_full.stdout
+  # In case LibreSSL is installed on macOS, we need to install a more modern OpenSSL
+  block:
+    - name: MACOS | Find brew binary
+      command: which brew
+      register: brew_which

- name: register pyOpenSSL version
-  command: "{{ ansible_python.executable }} -c 'import OpenSSL; print(OpenSSL.__version__)'"
-  register: pyopenssl_version
+    - name: MACOS | Get owner of brew binary
+      stat:
+        path: "{{ brew_which.stdout }}"
+      register: brew_stat

- name: register openssl version
-  shell: "openssl version | cut -d' ' -f2"
+    - name: MACOS | Install openssl
+      homebrew:
+        name: openssl
+        state: present
+      become: yes
+      become_user: "{{ brew_stat.stat.pw_name }}"
+
+    - name: MACOS | Locale openssl binary
+      command: brew --prefix openssl
+      register: brew_openssl_prefix
+
+    - name: MACOS | Point to OpenSSL binary
+      set_fact:
+        openssl_binary: "{{ brew_openssl_prefix.stdout }}/bin/openssl"
+
+    - name: MACOS | Register openssl version (full)
+      shell: "{{ openssl_binary }} version"
+      register: openssl_version_full_again
+      # We must use a different variable to prevent the 'when' condition of the surrounding block to fail
+
+    - name: MACOS | Show openssl version (full)
+      debug:
+        var: openssl_version_full_again.stdout_lines
+
+- name: Register openssl version
+  shell: "{{ openssl_binary }}  version | cut -d' ' -f2"
  register: openssl_version

- name: register cryptography version
+- when: ansible_facts.distribution ~ ansible_facts.distribution_major_version not in  ['CentOS6', 'RedHat6']
+  block:
+  - name: Install cryptography (Python 3)
+    become: true
+    package:
+      name: '{{ cryptography_package_name_python3 }}'
+    when: not ansible_os_family == 'Darwin' and ansible_python_version is version('3.0', '>=')
+
+  - name: Install cryptography (Python 2)
+    become: true
+    package:
+      name: '{{ cryptography_package_name }}'
+    when: not ansible_os_family == 'Darwin' and ansible_python_version is version('3.0', '<')
+
+  - name: Install cryptography (Darwin)
+    become: true
+    pip:
+      name: cryptography
+      extra_args: "-c {{ remote_constraints }}"
+    when: ansible_os_family == 'Darwin'
+
+- name: Register cryptography version
  command: "{{ ansible_python.executable }} -c 'import cryptography; print(cryptography.__version__)'"
  register: cryptography_version