From 754b1a84caece9503d3633fe17183562de0337ab Mon Sep 17 00:00:00 2001 From: Theo Chatzimichos Date: Feb 07 2018 15:53:37 +0000 Subject: use testenv to separate conditions between production and testing - exclude secrets files only when the include_secrets grain is False (default is True) - adjust the prepare_test_env to include secrets files optionally (eg when running tests locally) - use 127.0.0.1 for ip4:interfaces:private when in testing, or real value when in production (in pillar/role/web_mirrors.sls for now, but it can be done in more places in the future --- diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index ecad156..49b7c17 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -9,7 +9,7 @@ validate: # TODO: get rid of GIT_SSL_NO_VERIFY as soon as we switch to letsencrypt wildcard certs GIT_SSL_NO_VERIFY: 'true' before_script: - - bin/prepare_test_env.sh -g -s + - bin/prepare_test_env.sh -g - bin/get_formulas.py -c -d /srv/formula -s --clone-from 'https://gitlab.infra.opensuse.org/saltstack-formulas' --clone-branch production script: bin/test_validate.sh tags: @@ -18,7 +18,7 @@ validate: validate_show_highstate_against_upstream_formulas: stage: validate before_script: - - bin/prepare_test_env.sh -g -s + - bin/prepare_test_env.sh -g - bin/get_formulas.py -c -d /srv/formula -s script: bin/test_show_highstate.sh allow_failure: true diff --git a/bin/prepare_test_env.sh b/bin/prepare_test_env.sh index 0c50cbe..71472cc 100755 --- a/bin/prepare_test_env.sh +++ b/bin/prepare_test_env.sh @@ -20,17 +20,19 @@ help() { echo echo "-p Comma-separated list of additional packages to be installed" echo "-g Make preparation for show_highstate" - echo "-s Strip out secrets files (CI runner can't read them)" + echo "-s Include secrets files (disabed because CI runner can't decrypt them due to lack of GPG key)" echo } [[ $1 == '--help' ]] && help && exit +SECRETS="False" + while getopts p:gsh arg; do case ${arg} in p) PKG=(${OPTARG//,/ }) ;; g) HIGHSTATE=1 ;; - s) STRIP_SECRETS=1 ;; + s) SECRETS="True" ;; h) help && exit ;; *) help && exit 1 ;; esac @@ -46,9 +48,5 @@ ID=$(hostname -f) printf "grains:\n city: nuremberg\n country: de\n hostusage: test\n salt_cluster: opensuse\n virt_cluster: atreju\n" > pillar/id/${ID//./_}.sls if [[ -n $HIGHSTATE ]]; then ROLES=$(bin/get_roles.py -o yaml) - printf "city:\ncountry:\ndomain: infra.opensuse.org\nosfullname:\nosmajorrelease:\nosrelease_info:\n$ROLES\nsalt_cluster: opensuse\nvirt_cluster:\nvirtual:\n" > /etc/salt/grains - if [[ -n $STRIP_SECRETS ]]; then - SECRETS=$(grep -lr "\- secrets\." pillar || true) - if [[ -n $SECRETS ]]; then sed -i -e "s#\- secrets\..*#- id.${ID//./_}#g" $SECRETS; fi - fi + printf "city:\ncountry:\ndomain: infra.opensuse.org\ninclude_secrets: $SECRETS\nosfullname:\nosmajorrelease:\nosrelease_info:\n$ROLES\nsalt_cluster: opensuse\nvirt_cluster:\nvirtual:\n" > /etc/salt/grains fi diff --git a/bin/run_tests_locally.sh b/bin/run_tests_locally.sh index 133766b..81a29ae 100755 --- a/bin/run_tests_locally.sh +++ b/bin/run_tests_locally.sh @@ -33,7 +33,7 @@ SALT_DIRS=( for dir in ${SALT_DIRS[@]}; do sudo chown -R ${USER}: $dir done -bin/prepare_test_env.sh -g -p python3-pygit2 +bin/prepare_test_env.sh -g -s -p python3-pygit2 bin/get_formulas.py --destination $DESTINATION --clone --symlink --use-pygit2 --update opensuse \ --add-remote opensuse no_prefix gitlab@gitlab.infra.opensuse.org: saltstack-formulas ln -s ~/.gnupg /etc/salt/gpgkeys diff --git a/pillar/role/login.sls b/pillar/role/login.sls index 0f83a7d..ced4f72 100644 --- a/pillar/role/login.sls +++ b/pillar/role/login.sls @@ -1,5 +1,7 @@ +{% if salt['grains.get']('include_secrets', True) %} include: - secrets.role.login +{% endif %} keepalived: global_defs: diff --git a/pillar/role/proxy.sls b/pillar/role/proxy.sls index fe93ffe..dbf76e6 100644 --- a/pillar/role/proxy.sls +++ b/pillar/role/proxy.sls @@ -1,5 +1,7 @@ +{% if salt['grains.get']('include_secrets', True) %} include: - secrets.role.proxy +{% endif %} keepalived: global_defs: diff --git a/pillar/role/saltmaster.sls b/pillar/role/saltmaster.sls index bc53b68..efeb778 100644 --- a/pillar/role/saltmaster.sls +++ b/pillar/role/saltmaster.sls @@ -1,5 +1,7 @@ +{% if salt['grains.get']('include_secrets', True) %} include: - secrets.role.saltmaster +{% endif %} salt: gitfs: diff --git a/pillar/role/web_gitlab.sls b/pillar/role/web_gitlab.sls index c784033..0906526 100644 --- a/pillar/role/web_gitlab.sls +++ b/pillar/role/web_gitlab.sls @@ -1,6 +1,8 @@ include: - role.common.nginx + {% if salt['grains.get']('include_secrets', True) %} - secrets.role.web_gitlab + {% endif %} nginx: ng: diff --git a/pillar/role/web_mirrors.sls b/pillar/role/web_mirrors.sls index 80e6d10..a048a16 100644 --- a/pillar/role/web_mirrors.sls +++ b/pillar/role/web_mirrors.sls @@ -1,4 +1,8 @@ -{% set ip4_private = salt['grains.get']('ip4_interfaces:private', '127.0.0.1')[0] %} +{% if saltenv == 'production' %} +{% set ip4_private = salt['grains.get']('ip4_interfaces:private')[0] %} +{% else %} +{% set ip4_private = '127.0.0.1' %} +{% endif %} include: - role.common.nginx diff --git a/pillar/role/worker_gitlab.sls b/pillar/role/worker_gitlab.sls index 57656f3..80cf079 100644 --- a/pillar/role/worker_gitlab.sls +++ b/pillar/role/worker_gitlab.sls @@ -1,2 +1,4 @@ +{% if salt['grains.get']('include_secrets', True) %} include: - secrets.role.saltmaster +{% endif %}