Merge pull request #327 from electrocucaracha/split-bootstrap-role

Separate functions from the Bootstrap Ansible Role

Author: Ulfat

.github/actions/setup-molecule/action.yml

@@ -0,0 +1,35 @@
+---
+# Copyright 2022 Samsung Corporation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+name: Ansible Molecule test execution
+inputs:
+  ansible-role:
+    description: 'Ansible Role'
+    required: true
+
+runs:
+  using: "composite"
+  steps:
+    - uses: actions/setup-python@v3
+      with:
+        python-version: '3.x'
+    - name: install dependencies
+      shell: bash
+      run: pip install -r deployment/test-requirements.txt
+    - name: Run molecule tests
+      shell: bash
+      run: |
+        cd deployment/ansible/roles/${{ inputs.ansible-role }}/
+        molecule --debug test

.github/workflows/on-demand_molecule.yml

@@ -30,21 +30,72 @@ on:
       - deployment/ansible/roles/**
 
 jobs:
-  check-molecule:
-    name: Check Ansible Molecule role tests
-    strategy:
-      fail-fast: false
-      matrix:
-        role: [bootstrap, genesis]
+  changes:
+    runs-on: ubuntu-latest
+    outputs:
+      bootstrap: ${{ steps.filter.outputs.bootstrap }}
+      genesis: ${{ steps.filter.outputs.genesis }}
+      add-accounts: ${{ steps.filter.outputs.add-accounts }}
+      configure: ${{ steps.filter.outputs.configure }}
+    steps:
+      - uses: actions/checkout@v3
+      - uses: dorny/paths-filter@v2
+        if: ${{ !env.ACT }}
+        id: filter
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          filters: |
+            reqs: &reqs
+              - 'deployment/test-requirements.*'
+            bootstrap:
+              - *reqs
+              - 'deployment/ansible/roles/bootstrap/**'
+            genesis:
+              - *reqs
+              - 'deployment/ansible/roles/genesis/**'
+            add-accounts:
+              - *reqs
+              - 'deployment/ansible/roles/add-accounts/**'
+            configure:
+              - *reqs
+              - 'deployment/ansible/roles/configure/**'
+  check-bootstrap:
+    needs: changes
+    if: needs.changes.outputs.bootstrap == 'true'
+    name: Check Bootstrap Ansible role
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - uses: ./.github/actions/setup-molecule
+        with:
+          ansible-role: bootstrap
+  check-genesis:
+    needs: changes
+    if: needs.changes.outputs.genesis == 'true'
+    name: Check Genesis Ansible role
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - uses: ./.github/actions/setup-molecule
+        with:
+          ansible-role: genesis
+  check-add-accounts:
+    needs: changes
+    if: needs.changes.outputs.add-accounts == 'true'
+    name: Check Add accounts Ansible role
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - uses: ./.github/actions/setup-molecule
+        with:
+          ansible-role: add-accounts
+  check-configure:
+    needs: changes
+    if: needs.changes.outputs.configure == 'true'
+    name: Check Configure Ansible role
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v2
-      - uses: actions/setup-python@v3
+      - uses: ./.github/actions/setup-molecule
         with:
-          python-version: '3.x'
-      - name: install dependencies
-        run: pip install -r deployment/test-requirements.txt
-      - name: Run molecule tests
-        run: |
-          cd deployment/ansible/roles/${{ matrix.role }}/
-          molecule --debug test
+          ansible-role: configure

deployment/ansible/roles/add-accounts/README.md

@@ -0,0 +1,74 @@
+# Add accounts
+
+This role creates keys defined on `accounts` list variable and set up the
+command-line interface.
+
+## Requirements
+
+None
+
+## Role Variables
+
+```yaml
+accounts:
+  - name: user1
+    passphrase: password123
+    roles:
+      - NodeAdmin
+      - Trustee
+```
+
+A list of DCL accounts to be created on a specific target node.
+
+## Dependencies
+
+None
+
+## Example Playbook
+
+example inventory.yaml
+
+```yaml
+all:
+  vars:
+    chain_id: dev-net
+  hosts:
+    node0:
+      accounts:
+        - name: jack
+          passphrase: test1234
+          roles:
+            - NodeAdmin
+            - Trustee
+    node1:
+      accounts:
+        - name: alice
+          passphrase: s3cr3t123
+          roles:
+            - NodeAdmin
+            - Trustee
+    node2:
+      accounts:
+        - name: bob
+          passphrase: admin1234
+          roles:
+            - NodeAdmin
+            - Trustee
+    node3:
+      accounts:
+        - name: anna
+          passphrase: test1234
+          roles:
+            - NodeAdmin
+```
+
+in your playbook:
+
+```yaml
+- name: bootstrap DCL nodes
+  hosts: all
+  become: true
+  roles:
+    - bootstrap
+    - add-accounts
+```

deployment/ansible/roles/add-accounts/defaults/main.yml

@@ -0,0 +1,21 @@
+---
+# Copyright 2022 Samsung Corporation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# NOTE: Every host must define their own DCL accounts
+accounts: []
+
+dcl_home: /var/lib/dcl/.dcl
+dcld:
+  path: "{{ dcl_home }}/cosmovisor/genesis/bin/dcld"

deployment/ansible/roles/add-accounts/molecule/default/converge.yml

@@ -0,0 +1,19 @@
+---
+# Copyright 2022 Samsung Corporation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: converge
+  hosts: all
+  roles:
+    - add-accounts

deployment/ansible/roles/add-accounts/molecule/default/molecule.yml

@@ -0,0 +1,49 @@
+---
+# Copyright 2022 Samsung Corporation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+driver:
+  name: docker
+lint: |
+  set -e
+  yamllint -c ../../../../.yaml-lint.yml .
+platforms:
+  - name: node0
+    image: geerlingguy/docker-ubuntu2004-ansible:latest
+    pre_build_image: true
+    command: /sbin/init
+    tmpfs:
+      - /run
+      - /tmp
+      - /run/lock
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:ro
+provisioner:
+  name: ansible
+  inventory:
+    group_vars:
+      all:
+        chain_id: test-net
+    host_vars:
+      node0:
+        accounts:
+          - name: jack
+            passphrase: test1234
+            roles:
+              - NodeAdmin
+              - Trustee
+verifier:
+  name: testinfra
+  lint:
+    name: flake8

deployment/ansible/roles/add-accounts/molecule/default/prepare.yml

@@ -0,0 +1,19 @@
+---
+# Copyright 2022 Samsung Corporation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: prepare
+  hosts: all
+  roles:
+    - bootstrap

deployment/ansible/roles/add-accounts/molecule/default/tests/test_default.py

@@ -0,0 +1,44 @@
+# Copyright 2022 Samsung Corporation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import json
+import os
+
+import testinfra.utils.ansible_runner
+
+testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
+    os.environ["MOLECULE_INVENTORY_FILE"]
+).get_hosts("all")
+DCLD_HOME = "/var/lib/dcl/.dcl/"
+
+
+def test_accounts_creation(host):
+    all_variables = host.ansible.get_variables()
+    assert "accounts" in all_variables
+    for account in all_variables["accounts"]:
+        assert "passphrase" in account
+        assert "name" in account
+        cmd = host.run(
+            f"echo {account['passphrase']}"
+            f" | /var/lib/dcl/.dcl/cosmovisor/genesis/bin/dcld keys show {account['name']}"
+            f" --home {DCLD_HOME} --output json"
+        )
+        assert cmd.succeeded
+        assert len(cmd.stdout) > 0
+        key_name = json.loads(cmd.stdout)
+        for key in ["name", "type", "address", "pubkey"]:
+            assert key in key_name
+        assert key_name["name"] == account["name"]
+        assert key_name["type"] == "local"
+        assert host.file(f"{DCLD_HOME}{account['name']}.info").exists

deployment/ansible/roles/add-accounts/tasks/main.yml

@@ -0,0 +1,30 @@
+---
+# Copyright 2022 Samsung Corporation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: create directory for key name facts
+  file:
+    state: directory
+    recurse: true
+    path: /etc/ansible/facts.d
+
+- name: prepare keys
+  include_tasks: prepare-keys.yml
+  vars:
+    key_name: "{{ account.name }}"
+    passphrase: "{{ account.passphrase }}"
+  loop: "{{ accounts }}"
+  loop_control:
+    loop_var: account
+  no_log: true

deployment/ansible/roles/bootstrap/tasks/prepare-keys.yml deployment/ansible/roles/add-accounts/tasks/prepare-keys.yml

@@ -39,5 +39,5 @@
 
 - name: prepare-keys | persist key name local fact
   changed_when: false
-  shell: "echo {{ passphrase }} | {{ dcld.path }} keys show {{ key_name }} --home {{ dcl_home }} | tee /etc/ansible/facts.d/{{ key_name}}.fact"
+  shell: "echo {{ passphrase }} | {{ dcld.path }} keys show {{ key_name }} --home {{ dcl_home }} --output json | tee /etc/ansible/facts.d/{{ key_name}}.fact"
   no_log: true