Migrate Linux CI roles to test targets. (#17997)

test/integration/targets/docker/tasks/docker-setup-debian.yml

@@ -0,0 +1,6 @@
+- name: Install docker packages (apt)
+  apt:
+    state: present
+    # Note: add docker-registry when available
+    name: docker.io,python-docker,netcat-openbsd,nginx
+

test/integration/targets/docker/tasks/docker-setup-rht.yml

@@ -0,0 +1,17 @@
+- name: Install docker packages (rht family)
+  package:
+    state: present
+    name: docker-io,docker-registry,python-docker-py,nginx
+
+- name: Install netcat (Fedora)
+  package:
+    state: present
+    name: nmap-ncat
+  when: ansible_distribution == 'Fedora' or (ansible_os_family == 'RedHat' and ansible_distribution_version|version_compare('>=', 7))
+
+- name: Install netcat (RHEL)
+  package:
+    state: present
+    name: nc
+  when: ansible_distribution != 'Fedora' and (ansible_os_family == 'RedHat' and ansible_distribution_version|version_compare('<', 7))
+

test/integration/targets/docker/tasks/docker-tests.yml

@@ -0,0 +1,58 @@
+- name: Start docker daemon
+  service:
+    name: docker
+    state: started
+
+- name: Download busybox image
+  docker:
+    image: busybox
+    state: present
+    pull: missing
+
+- name: Run a small script in busybox
+  docker:
+    image: busybox
+    state: reloaded
+    pull: always
+    command: "nc -l -p 2000 -e xargs -n1 echo hello"
+    detach: True
+
+- name: Get the docker container ip
+  set_fact: container_ip="{{docker_containers[0].NetworkSettings.IPAddress}}"
+
+- name: Try to access the server
+  shell: "echo 'world' | nc {{ container_ip }} 2000"
+  register: docker_output
+
+- name: check that the script ran
+  assert:
+    that:
+      - "'hello world' in docker_output.stdout_lines"
+
+- name: Run a script that sets environment in busybox
+  docker:
+    image: busybox
+    state: reloaded
+    pull: always
+    env:
+      TEST: hello
+    command: '/bin/sh -c "nc -l -p 2000 -e xargs -n1 echo $TEST"'
+    detach: True
+
+- name: Get the docker container ip
+  set_fact: container_ip="{{docker_containers[0].NetworkSettings.IPAddress}}"
+
+- name: Try to access the server
+  shell: "echo 'world' | nc {{ container_ip }} 2000"
+  register: docker_output
+
+- name: check that the script ran
+  assert:
+    that:
+      - "'hello world' in docker_output.stdout_lines"
+
+- name: Remove containers
+  shell: "docker rm -f $(docker ps -aq)"
+
+- name: Remove all images from the local docker
+  shell: "docker rmi -f $(docker images -q)"

test/integration/targets/docker/tasks/main.yml

@@ -0,0 +1,23 @@
+#- include: docker-setup-rht.yml
+#  when: ansible_distribution in ['Fedora']
+#- include: docker-setup-rht.yml
+  # Packages on RHEL and CentOS 7 are broken, broken, broken.  Revisit when
+  # they've got that sorted out
+  # CentOS 6 currently broken by conflicting files in python-backports and python-backports-ssl_match_hostname
+  #when: ansible_distribution in ['RedHat', 'CentOS'] and ansible_lsb.major_release|int == 6
+
+# python-docker isn't available until 14.10.  Revist at the next Ubuntu LTS
+#- include: docker-setup-debian.yml
+#  when: ansible_distribution in ['Ubuntu']
+
+#- include: docker-tests.yml
+  # Add other distributions as the proper packages become available
+#  when: ansible_distribution in ['Fedora']
+
+#- include: docker-tests.yml
+#  when: ansible_distribution in ['RedHat', 'CentOS'] and ansible_lsb.major_release|int == 6
+
+#- include: registry-tests.yml
+  # Add other distributions as the proper packages become available
+#  when: ansible_distribution in ['Fedora']
+

test/integration/targets/docker/tasks/registry-tests.yml

@@ -0,0 +1,189 @@
+- name: Configure a private docker registry
+  service:
+    name: docker-registry
+    state: started
+
+- name: Retrieve busybox image from docker hub
+  docker:
+    image: busybox
+    state: present
+    pull: missing
+
+- name: Get busybox image id
+  shell: "docker images | grep busybox | awk '{ print $3 }'"
+  register: image_id
+
+- name: Tag docker image into the local registry
+  command: "docker tag {{ image_id.stdout_lines[0] }} localhost:5000/mine"
+
+- name: Push docker image into the private registry
+  command: "docker push localhost:5000/mine"
+
+- name: Remove all images from the local docker
+  shell: "docker rmi -f {{image_id.stdout_lines[0]}}"
+
+- name: Get number of images in docker
+  command: "docker images"
+  register: docker_output
+
+# docker prints a header so the header should be all that's present
+- name: Check that there are no images in docker
+  assert:
+    that:
+      - "{{ docker_output.stdout_lines| length }} <= 1 "
+
+- name: Retrieve the image from private docker registry
+  docker:
+    image: "localhost:5000/mine"
+    state: present
+    pull: missing
+    insecure_registry: True
+
+- name: Run a small script in the new image
+  docker:
+    image: "localhost:5000/mine"
+    state: reloaded
+    pull: always
+    command: "nc -l -p 2000 -e xargs -n1 echo hello"
+    detach: True
+    insecure_registry: True
+
+- name: Get the docker container id
+  shell: "docker ps | grep mine | awk '{ print $1 }'"
+  register: container_id
+
+- name: Get the docker container ip
+  shell: "docker inspect {{ container_id.stdout_lines[0] }} | grep IPAddress | awk -F '\"' '{ print $4 }'"
+  register: container_ip
+
+- name: Pause a few moments because docker is not reliable
+  pause:
+    seconds: 40
+
+- name: Try to access the server
+  shell: "echo 'world' | nc {{ container_ip.stdout_lines[0] }} 2000"
+  register: docker_output
+
+- name: check that the script ran
+  assert:
+    that:
+      - "'hello world' in docker_output.stdout_lines"
+
+
+- name: Remove containers
+  shell: "docker rm -f $(docker ps -aq)"
+
+- shell: docker images -q
+- name: Remove all images from the local docker
+  shell: "docker rmi -f $(docker images -q)"
+
+- name: Get number of images in docker
+  command: "docker images"
+  register: docker_output
+
+- name: Check that there are no images in docker
+  assert:
+    that:
+      - "{{ docker_output.stdout_lines| length }} <= 1"
+
+#
+# Private registry secured with an SSL proxy
+#
+
+- name: Set selinux to allow docker to connect to nginx
+  seboolean:
+    name: docker_connect_any
+    state: yes
+
+- name: Set selinux to allow nginx to connect to docker
+  seboolean:
+    name: httpd_can_network_connect
+    state: yes
+
+- name: Setup nginx with a user/password
+  copy:
+    src: docker-registry.htpasswd
+    dest:  /etc/nginx/docker-registry.htpasswd
+
+- name: Setup nginx with a config file
+  copy:
+    src: nginx-docker-registry.conf
+    dest:  /etc/nginx/conf.d/nginx-docker-registry.conf
+
+- name: Setup nginx docker cert
+  copy:
+    src: dockertest.ansible.com.crt
+    dest: /etc/pki/tls/certs/dockertest.ansible.com.crt
+
+- name: Setup nginx docker key
+  copy:
+    src: dockertest.ansible.com.key
+    dest: /etc/pki/tls/private/dockertest.ansible.com.key
+
+- name: Setup the ca keys
+  copy:
+    src: devdockerCA.crt
+    dest: /etc/pki/ca-trust/source/anchors/devdockerCA.crt
+
+- name: Update the ca bundle
+  command: update-ca-trust extract
+
+- name: Restart docker daemon
+  service:
+    name: docker
+    state: restarted
+
+- name: Start nginx
+  service:
+    name: nginx
+    state: restarted
+
+- name: Add domain name to hosts
+  lineinfile:
+    line: "127.0.0.1  dockertest.ansible.com"
+    dest: /etc/hosts
+    state: present
+
+- name: Start a container after getting it from a secured private registry
+  docker:
+    image: dockertest.ansible.com:8080/mine
+    registry: dockertest.ansible.com:8080
+    username: "testdocker"
+    password: "testdocker"
+    state: running
+    command: "nc -l -p 2000 -e xargs -n1 echo hello"
+    detach: True
+
+- name: Get the docker container id
+  shell: "docker ps | grep mine | awk '{ print $1 }'"
+  register: container_id
+
+- name: Get the docker container ip
+  shell: "docker inspect {{ container_id.stdout_lines[0] }} | grep IPAddress | awk -F '\"' '{ print $4 }'"
+  register: container_ip
+
+- name: Pause a few moments because docker is not reliable
+  pause:
+    seconds: 40
+
+- name: Try to access the server
+  shell: "echo 'world' | nc {{ container_ip.stdout_lines[0] }} 2000"
+  register: docker_output
+
+- name: check that the script ran
+  assert:
+    that:
+      - "'hello world' in docker_output.stdout_lines"
+
+- name: Remove containers
+  shell: "docker rm $(docker ps -aq)"
+
+- name: Remove all images from the local docker
+  shell: "docker rmi -f $(docker images -q)"
+
+- name: Remove domain name to hosts
+  lineinfile:
+    line: "127.0.0.1  dockertest.ansible.com"
+    dest: /etc/hosts
+    state: absent
+