Merge pull request #1 from EGI-Foundation/v0.1.0-rc

V0.1.0 rc

.gitignore

@@ -1,3 +1,4 @@
 __pycache__/
 .molecule/
 *.pyc
+.vscode

.travis.yml

@@ -1,5 +1,4 @@
 ---
-# Travis template for an EGI-styled role
 language: python
 python:
   - '2.7'
@@ -8,17 +7,15 @@ services:
   - docker
 env:
   global:
-    md_ignore: R1  # Which markdownlint rules to ignore
+    - md_ignore: R1
+    - secure: lybPFj+6L9iy5n7FAZY07jQ3Ni+kN8SsnQ3n47AjS3onfIT7/DHWcpu8dt2Lq3vXw1y+ezI/mONxOHyq9X0M08d28JXVIRNdzZ+FuNnw0bonD/F84ENVUxN+TNQ78q9vhp1HbnV14uf9mANGqNns08Qx5qO3FRqtdj4Httn9XBku6FWxPBWAKxNwpwNR0EWm+PBptzKsPrttpOPZyXB+hJvyc/9TkfLi2Dg1kO8M2W0lU+YF4RkHZcNY6nnf+m+jHeizpsXpmZ78lpplbkmvaJIfpyBig1QelV8e5z12l7AohB3FBwWfBbF8eT0nE1MC4MvhJj4r1Cy1jIdDJ4mlAj8wE7enz/nyAPmHAeYN3Rg+kj3/MuktvSW6CDZyLZ+QiqhZv4ZdfM6dDl3sTdPePSiPmr8Nk2RJXVEbKLGLo/IBX4lUifteGxtFLBewPa5eiKkK7LxGNHMzeJSpJvnwMAvtMJjlq7OWh0AmTPW6m1bHvY5OaMcD3Ycs0i/38SR6NZnNRCCLAsyp9Ur3KuB9+hfL73C3ZfQTzpcX9hIxew+sNuNPI25RWCQJg8GPajmGleKDOdTMbwvcrAUi8/awwW2bPjzeAL/acrhQRHNoDMQMjE8qPju7JPel5RNah4BYUTXSXw6u7YyCKHMYJiw7Sz0Rf6eL3sO1sLpBatyIk1Y=
   matrix:
     - SCENARIO='default'
 before_install:
 install:
-  - pip install -r requirements.txt  # The packages necessary for running the tests.
+  - pip install -r requirements.txt
 before_script:
-  - > # Lint all the markdown files
-      for file in `find . -maxdepth 2 -name "*.md"` ;  do
-      markdownlint --ignore $md_ignore $file ;
-      done
+  - for file in `find . -maxdepth 2 -name "*.md"` ;  do markdownlint --ignore $md_ignore $file ; done
 script:
   - molecule lint -s $SCENARIO
   - molecule dependency -s $SCENARIO
@@ -28,14 +25,15 @@ script:
   - molecule verify -s $SCENARIO
   - cd $TRAVIS_BUILD_DIR
 after_success:
+  - docker commit `docker ps |grep "centos:7" |awk {'print $1'}` quay.io/egi/wn
+  - docker login -u="egi+packerbot" -p="$QUAY_PASSWORD" quay.io
+  - docker push quay.io/egi/wn
 after_failure:
 before_deploy:
 deploy:
 after_deploy:
 after_script:
-# Add your notifications here.
-# Use travis encrypt to add api tokens.
 notifications:
-  # slack:
-  #   secure:
-  webhooks: "https://galaxy.ansible.com/api/v1/notifications/"
+  webhooks: https://galaxy.ansible.com/api/v1/notifications/
+  slack:
+    secure: EV6OdjBScBWcSHZ4M+o0X9uNafREEu/2Yj2b/rmf2ATqgpPNOtBqW01cLWzDbyOh2x4GyYA8xukfhAGF4ppa2XVETvMTSc3IrXeMsNJamgOWbAo6mg2DIf7DubE3sYCLtx7OCw6KaBNG0U24noboB8ChxuhT4PpzmLilC/l/7EFEtYwkZ3NB5TGC9DgZpCbYj5INHYSTkSDDXz333+RBb+i1aMOkWPJrG/2ORMxqEER70V4JTGp9DNDZzykuppBiDU/mvEpAkuDxfMQufOKUeZGpdfadczrJFi8BXFJWf83ef1ioTSSN2fjoBCgrYcAll1018792Q6roQM1IM56A2FMikEnFBBws1GbjM/UYRZ2fl3mCrOMUtQI4WCyyNdjs/3QXviv9dHHWirvPfe1Eu29ARWJ4fyArsaPbV+py2rAqdbxuMBItPXnJU3CUXfyCcIgwsOwgy7ErJnHcZY/nxAV4j7FYCbub+/+QVlg6d1+iy1HIAPBQ0brxKK4D0sp9mg6qbTjAtLp7L8wAT/mVPBfoZksttDMirO95FbU7HAifkKpBlZFlUJV/1QdV6Sqf/pt70zuRwx/puYAWL4ah6rmA0bkpxgtnX3f2ft0vpQKjtoWF5QxhIOUDsL//ptz6c/5Og7hjYEUarkdlqRmG2LKcvIBHONLeMXrdH0EPOFo=

AUTHORS.md

@@ -2,3 +2,7 @@
 
 - Bruce Becker @brucellino
 - Baptiste Grenier @gwarf
+
+# Contributors
+
+- Maarten Litmaath (@maarten-litmaath) (Reviewer)

README.md

@@ -1,7 +1,8 @@
-# Ansible Worker Node Provisioning role
+# Ansible Worker Node Provisioning role [![Build Status](https://travis-ci.org/EGI-Foundation/ansible-role-wn.svg?branch=master)](https://travis-ci.org/EGI-Foundation/ansible-role-wn) [![Maintainability](https://api.codeclimate.com/v1/badges/d6a249676a9d0a1894aa/maintainability)](https://codeclimate.com/github/EGI-Foundation/ansible-role-wn/maintainability)
+
 
 This is an Ansible role for the provisioning of a UMD worker node.
-It ensures that the relevant repositories are installed and configured.
+It ensures that the relevant repositories are installed and configured and that the worker-node metapackage is installed.
 
 ## Requirements
 
@@ -16,13 +17,15 @@ None yet.
 This role uses the following roles as dependencies:
 
 - EGI-Foundation.umd
+- EGI-Foundation.voms-client
 
 ## Example Playbook
 
 ```yaml
     - hosts: worker-nodes
       roles:
          - { role: EGI-Foundation.umd, release: 4}
+         - { role: EGI-Foundation.voms-client }
          - { role: EGI-foundation.wn }
 ```
 

defaults/main.yml

@@ -6,3 +6,12 @@ metapackage:
       name: emi-wn
     '7':
       name: wn
+
+prerequisites:
+  redhat:
+    '6':
+      - ntpdate
+      - ntp
+    '7':
+      - ntpdate
+      - ntp

molecule/default/list-redhat-6.txt

@@ -0,0 +1,66 @@
+a1_grid_env  
+c-ares
+cleanup-grid-accounts
+dcache-srmclient
+dcap
+dcap-devel
+dcap-libs
+dcap-tunnel-gsi
+dcap-tunnel-krb
+dcap-tunnel-ssl
+dcap-tunnel-telnet
+dpm
+dpm-devel
+dpm-libs
+dpm-perl
+dpm-python
+emi-version
+emi.amga.amga-cli
+emi.saga-adapter.context-cpp
+emi.saga-adapter.isn-cpp  
+emi.saga-adapter.sd-cpp  
+fetch-crl
+gfal
+gfal-python
+gfal2-all
+gfal2-devel
+gfal2-doc
+gfal2-python
+gfal2-util
+gfalFS
+ginfo
+glite-jobid-api-c  
+glite-lb-client  
+glite-lb-client-progs
+glite-lb-common  
+glite-lbjp-common-gss  
+glite-lbjp-common-trio  
+glite-service-discovery-api-c  
+glite-wms-brokerinfo-access  
+glite-wn-info  
+glite-yaim-clients
+glite-yaim-core
+globus-gass-copy-progs
+globus-proxy-utils
+gridsite-libs
+jclassads
+lcg-info
+lcg-infosites
+lcg-ManageVOTag
+lcg-tags
+lcg-util
+lcg-util-libs  
+lcg-util-python
+lcgdm-devel
+lcgdm-devel(x86-32)
+lcgdm-libs
+lfc
+lfc-devel
+lfc-libs
+lfc-perl
+lfc-python
+openldap-clients
+python-ldap
+uberftp
+voms-clients3
+voms-devel

molecule/default/list-redhat-7.txt

@@ -0,0 +1,42 @@
+c-ares  
+cleanup-grid-accounts  
+cvmfs
+dcache-srmclient
+dcap
+dcap-devel  
+dcap-libs  
+dcap-tunnel-gsi  
+dcap-tunnel-krb  
+dcap-tunnel-ssl  
+dcap-tunnel-telnet
+dpm
+dpm-devel
+dpm-perl
+dpm-python
+fetch-crl
+gfal2-all
+gfal2-python
+gfal2-util
+gfalFS
+gfal2-all
+gfal2-doc
+gfal2-devel
+ginfo
+lcg-info  
+lcg-ManageVOTag
+lcg-tags
+lcgdm-devel
+globus-gass-copy-progs
+globus-proxy-utils
+glite-yaim-core
+gridsite-libs
+lcg-infosites  
+lfc  
+lfc-devel
+lfc-perl
+openldap-clients
+python-ldap  
+uberftp
+voms-clients-java
+voms-devel  
+xrootd-client

molecule/default/molecule.yml

@@ -6,9 +6,9 @@ driver:
 lint:
   name: yamllint
 platforms:
-  - name: centos7
+  - name: wn-centos7
     image: centos:7
-  - name: centos6
+  - name: wn-centos6
     image: centos:6
 provisioner:
   name: ansible

molecule/default/packages-redhat-6.txt

@@ -0,0 +1,26 @@
+a1_grid_env  
+libdpm
+emi-version
+emi.amga.amga-cli
+emi.saga-adapter.context-cpp
+emi.saga-adapter.isn-cpp  
+emi.saga-adapter.sd-cpp  
+gfal
+gfal-python
+glite-jobid-api-c  
+glite-lb-client  
+glite-lb-common  
+glite-lb-client-progs
+glite-lbjp-common-gss  
+glite-lbjp-common-trio  
+glite-service-discovery-api-c  
+glite-wms-brokerinfo-access  
+glite-wn-info  
+glite-yaim-clients
+jclassads
+lcgdm-devel
+lcgdm-libs  
+lcg-util
+liblfc
+lcg-util-libs  
+lcg-util-python

molecule/default/packages-redhat-7.txt

@@ -0,0 +1,44 @@
+c-ares  
+cleanup-grid-accounts  
+cvmfs
+dcache-srmclient
+dcap
+dcap-devel  
+dcap-libs  
+dcap-tunnel-gsi  
+dcap-tunnel-krb  
+dcap-tunnel-ssl  
+dcap-tunnel-telnet
+dpm
+dpm-libs
+dpm-devel
+dpm-perl
+dpm-python
+fetch-crl
+gfal2-all
+gfal2-python
+gfal2-util
+gfalFS
+gfal2-all
+gfal2-doc
+gfal2-devel
+ginfo
+lcg-info  
+lcg-ManageVOTag
+lcg-tags
+lcgdm-devel
+globus-gass-copy-progs
+globus-proxy-utils
+glite-yaim-core
+gridsite-libs
+lcg-infosites  
+lfc  
+lfc-devel
+lfc-perl
+lfc-libs
+openldap-clients
+python-ldap  
+uberftp
+voms-clients-java
+voms-devel  
+xrootd-client

molecule/default/playbook.yml

@@ -2,5 +2,6 @@
 - name: Converge
   hosts: all
   roles:
-    - {role: brucellino.umd, release: 4}
-    - role: ansible-role-wn
+    - {role: EGI-Foundation.umd, release: 4, tags: "UMD" }
+    - {role: EGI-Foundation.voms-client, tags: "VOMS" }
+    - {role: ansible-role-wn, tags: "wn"}

molecule/default/requirements.yml

@@ -1,2 +1,3 @@
 ---
-- brucellino.umd
+- EGI-Foundation.umd
+- EGI-Foundation.voms-client

molecule/default/tests/test_QC_DIST.py

@@ -0,0 +1,35 @@
+import os
+import testinfra.utils.ansible_runner
+import pytest
+# See http://egi-qc.github.io/#INSTALLATION
+# Packages must install without issues in a machine configured without any
+# external repositories (valid repositories are the standard OS repo, UMD repo
+# and EPEL repo for RH based distros)
+# Packages must follow the OS policies (name of packages, use of filesystem
+# hierarchy, init scripts, ...). For any detected issue, open a ticket.
+# Packages must be signed (or the repository where they are fetched from is
+# signed for Debian-based distros)
+
+testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
+  os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all')
+
+
+def packages(distro, release):
+    listfile_name = "list-" + distro + '-' + release + ".txt"
+    listfile = open(listfile_name, "r")
+    packages = listfile.read().splitlines()
+    return packages
+
+
+@pytest.mark.parametrize("pkg", packages("redhat", "6"))
+def test_packages6(host, pkg):
+    if (host.system_info.distribution == 'redhat' and
+            host.system_info.distribution.release.startswith(6)):
+        assert host.package(pkg).is_installed
+
+
+@pytest.mark.parametrize("pkg", packages("redhat", "7"))
+def test_packages7(host, pkg):
+    if (host.system_info.distribution == "redhat" and
+            host.system_info.distribution.release.startswith(7)):
+        assert host.package(pkg).is_installed

molecule/default/tests/test_package_vunls.py

@@ -0,0 +1,18 @@
+import os
+import testinfra.utils.ansible_runner
+import pytest
+testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
+    os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all')
+# The vulnerability scanner on Quay gives us intelligence on which
+# vulnerabilities are exposed by packages included in these images.
+# We therefore keep track of those and test to see whether the installed
+# version is greater than the one reported as fixing the vulnerability
+
+
+@pytest.mark.parametrize('name,version', [
+  ("gnupg2", "2.0.22-5.el7_5"),
+  ("python", "2.7.5-69.el7_5"),
+  ("python-libs", "2.7.5-69.el7_5")])
+def test_vulnerable_packages(host, name, version):
+    p = host.package(name)
+    assert p.release >= version