Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

updated default and Xenial-specific testinfra docs #3835

Merged
merged 2 commits into from
Oct 4, 2018
Merged

updated default and Xenial-specific testinfra docs #3835

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
e313cda
updated default and Xenial-specific testinfra docs
zenmonkeykstop Oct 1, 2018
fd14811
updated PR based on reviewer feedback, mostly to document OS X options
zenmonkeykstop Oct 2, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
59 changes: 35 additions & 24 deletions docs/development/testing_configuration_tests.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
Testing: Configuration Tests
============================

Testinfra_ tests verify the end state of the Vagrant machines. Any
Testinfra_ tests verify the end state of the staging VMs. Any
changes to the Ansible configuration should have a corresponding
spectest.

Expand All @@ -16,6 +16,7 @@ Installation

pip install -r securedrop/requirements/develop-requirements.txt


Running the Config Tests
------------------------

Expand All @@ -27,26 +28,35 @@ For the staging VMs:
.. code:: sh

make build-debs
vagrant up /staging/
make staging

The VMs will be set up using either the libvirt or virtualbox Vagrant VM provider,
depending on your system settings. You'll need to use the appropriate commands below
based on your choice of provider.

Then, to run the tests:

Running all VMs concurrently may cause performance
problems if you have less than 8GB of RAM. You can isolate specific
machines for faster testing:
libvirt:
~~~~~~~~

.. code:: sh

molecule verify -s libvirt-staging

./testinfra/test.py app-staging
./testinfra/test.py mon-staging
virtualbox:
~~~~~~~~~~~

.. note:: The config tests for the ``app-prod`` and ``mon-prod`` hosts are
incomplete. Further changes are necessary to run the tests via
SSH over Authenticated Tor Hidden Service (ATHS), for both local
testing via Vagrant and automated testing via CI.
.. code:: sh

molecule verify -s virtualbox-staging

Test failure against any host will generate a report with informative output
about the specific test that triggered the error. The wrapper script
about the specific test that triggered the error. Molecule
will also exit with a non-zero status code.

.. note:: To build and test the VMs with one command, use the Molecule ``test``
action: ``molecule test -s libvirt-staging --destroy=never``, or ``molecule test -s virtualbox-staging --destroy=never``.

Updating the Config Tests
-------------------------

Expand All @@ -56,19 +66,19 @@ sure to add a corresponding spectest to validate that state after a
new provisioning run. Tests import variables from separate YAML files
than the Ansible playbooks: ::

testinfra/vars/
molecule/testinfra/staging/vars/
├── app-prod.yml
├── app-staging.yml
├── build.yml
├── mon-prod.yml
└── mon-staging.yml
├── mon-staging.yml
└── staging.yml

Any variable changes in the Ansible config should have a corresponding
entry in these vars files. These vars are dynamically loaded for each
host via the ``testinfra/conftest.py`` file. Make sure to add your tests to
relevant location for the host you plan to test: ::
host via the ``molecule/testinfra/staging/conftest.py`` file. Make sure to add
your tests to the relevant location for the host you plan to test: ::

testinfra/app/
molecule/testinfra/staging/app/
├── apache
│ ├── test_apache_journalist_interface.py
│ ├── test_apache_service.py
Expand All @@ -80,23 +90,24 @@ relevant location for the host you plan to test: ::
└── test_ossec.py

In the example above, to add a new test for the ``app-staging`` host,
add a new file to the ``testinfra/spec/app-staging`` directory.
add a new file to the ``testinfra/staging/app`` directory.

.. tip:: Read :ref:`updating_ossec_rules` to learn how to write tests for the
OSSEC rules.

Config Test Layout
------------------

The config tests are mostly broken up according to machines in the
Vagrantfile: ::
With some exceptions, the config tests are broken up according to platform definitions in the
Molecule configuration: ::

testinfra/
molecule/testinfra/staging
├── app
├── app-code
├── build
├── common
└── mon
├── mon
├── ossec
└── vars

Ideally the config tests would be broken up according to roles,
mirroring the Ansible configuration. Prior to the reorganization of
Expand Down
52 changes: 44 additions & 8 deletions docs/development/xenial_support.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,22 +13,58 @@ based on Xenial.
Running the Xenial dev env
--------------------------

If you're using the libvirt Vagrant provider, you'll need a libvirt-format Xenial
base image. To set one up, run the following commands:

.. code:: sh

vagrant box add bento/ubuntu-16.04 # choose the virtualbox option
vagrant mutate bento/ubuntu-16.04 mutate libvirt


Due to packaging logic changes, you'll need to build the Debian packages
with overrides enabled for Xenial support. Then run the Xenial scenario.

.. code::
.. code:: sh

make build-debs-xenial
make staging-xenial

The VMs will be available. Further debugging likely required; you can
log into the machines with e.g.:

.. code::
The VMs will now be available. Depending your choice of VM provider, you can
log into the machines with the following commands:

libvirt:
~~~~~~~~

.. code:: sh

molecule login -s libvirt-staging-xenial -h app-staging

Depending on the error, simply re-running the ``make staging-xenial`` target
virtualbox:
~~~~~~~~~~~

.. code:: sh

molecule login -s virtualbox-staging-xenial -h app-staging

To run the testinfra tests against the Xenial enviroment, you can use the commands:

libvirt:
~~~~~~~~

.. code:: sh

molecule verify -s libvirt-staging-xenial

virtualbox:
~~~~~~~~~~~

.. code:: sh

molecule verify -s virtualbox-staging-xenial

If you encounter errors, re-running the ``make staging-xenial`` target
may help. Naturally, we want the process to be error-free reliably.


Expand Down Expand Up @@ -61,9 +97,9 @@ PAM logic
resolves. More research required.

Config tests
The testinfra config test suite expects Trusty throughout. We'll need
to update that logic to refer to LSB codename instead, and assert
that the target platform is one of either Trusty or Xenial.
The testinfra config test suite runs slightly different checks for
Trusty and Xenial where appropriate. Care should be taken to preserve
functionality of the config tests against both distros.

More detailed research notes on evaluating Xenial support can be found
in the following GitHub issues:
Expand Down