beenull/crowdsec
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Ansible testing improvements (#1700)

Browse source
This commit is contained in:
mmetc 2022-08-04 11:25:34 +02:00 committed by GitHub
parent fe5f9bfc28
commit bd3722f075
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
86 changed files with 981 additions and 536 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
platform/openbsd.mk Normal file
View file

@ -0,0 +1,6 @@
# OpenBSD specific
#
Make=gmake
$(info building for OpenBSD)

5
tests/README.md
View file

@ -56,14 +56,17 @@ architectures.
## pre-requisites ## pre-requisites
- `git submodule init; git submodule update` - `git submodule init; git submodule update`
- `daemonize (linux) or daemon (freebsd), bash>=4.4, python3, openbsd-netcat`
- `go install github.com/cloudflare/cfssl/cmd/cfssl@latest` - `go install github.com/cloudflare/cfssl/cmd/cfssl@latest`
- `go install github.com/cloudflare/cfssl/cmd/cfssljson@latest` - `go install github.com/cloudflare/cfssl/cmd/cfssljson@latest`
- `go install github.com/mikefarah/yq/v4@latest` - `go install github.com/mikefarah/yq/v4@latest`
- `base64` - `base64`
- `bash>=4.4`
- `curl` - `curl`
- `daemonize`
- `jq` - `jq`
- `nc` - `nc`
- `openssl`
- `openbsd-netcat`
- `python3` - `python3`
## Running all tests ## Running all tests

15
tests/ansible/README.md
View file

@ -104,10 +104,11 @@ To test with Vagrant, you need to:
space taken by the base VM images, they are in space taken by the base VM images, they are in
`/var/lib/libvirt/images/*VAGRANT*` `/var/lib/libvirt/images/*VAGRANT*`
The above steps are automated in the script `./prepare-run` (requires bash >=4.4). The above steps are automated in the script `./prepare-run` (requires bash
It takes an enviroment file, and optionally a list of directories with vagrant >=4.4). It takes an enviroment file, and optionally a list of directories with
configurations. With a single parameter, it loops over all the directories in vagrant configurations. With a single parameter, it loops over all the
alphabetical order. Watch out for leftover VMs if you break the loop by hand. directories in alphabetical order, excluding those in the `experimental`
directory. Watch out for running VMs if you break the loop by hand.
After this, you will find up to 30GB of base images in `/var/lib/libvirt/images`, After this, you will find up to 30GB of base images in `/var/lib/libvirt/images`,
which you need to remove by hand when you have finished testing or leave them which you need to remove by hand when you have finished testing or leave them
@ -132,16 +133,16 @@ The data was created with crowdsec v1.4.1.
| Debian 9 (stretch) | ✓ | ✓ | old-db | old-db | wip | | Debian 9 (stretch) | ✓ | ✓ | old-db | old-db | wip |
| Debian 10 (buster) | ✓ | ✓ | ✓ | ✓ | ✓ | | Debian 10 (buster) | ✓ | ✓ | ✓ | ✓ | ✓ |
| Debian 11 (bullseye) | ✓ | ✓ | ✓ | ✓ | ✓ | | Debian 11 (bullseye) | ✓ | ✓ | ✓ | ✓ | ✓ |
| Debian (testing/bookworm) | ✓ | ✓ | wip | wip | wip | | Debian (testing/bookworm) | ✓ | ✓ | ✓ | ✓ | wip |
| Fedora 33 | ✓ | ✓ | wip | wip | wip | | Fedora 33 | ✓ | ✓ | wip | wip | wip |
| Fedora 34 | ✓ | ✓ | ✓ | ✓ | wip | | Fedora 34 | ✓ | ✓ | ✓ | ✓ | wip |
| Fedora 35 | ✓ | ✓ | ✓ | ✓ | wip | | Fedora 35 | ✓ | ✓ | ✓ | ✓ | wip |
| Fedora 36 | ✓ | ✓ | ✓ | ✓ | wip | | Fedora 36 | ✓ | ✓ | ✓ | ✓ | wip |
| FreeBSD 12 | ✓ | wip | wip | wip | wip | | FreeBSD 12 | ✓ | wip | wip | wip | wip |
| FreeBSD 13 | ✓ | wip | wip | wip | wip | | FreeBSD 13 | ✓ | wip | wip | wip | wip |
| Oracle 7 | ✓ | ✓ | wip | wip | ✓ | | Oracle 7 | ✓ | ✓ | old-db | old-db | ✓ |
| Oracle 8 | ✓ | ✓ | ✓ | ✓ | ✓ | | Oracle 8 | ✓ | ✓ | ✓ | ✓ | ✓ |
| Ubuntu 16.04 (xenial) | ✓ | ✓ | wip | wip | ✓ | | Ubuntu 16.04 (xenial) | ✓ | ✓ | old-db | old-db | ✓ |
| Ubuntu 18.04 (bionic) | ✓ | ✓ | ✓ | ✓ | ✓ | | Ubuntu 18.04 (bionic) | ✓ | ✓ | ✓ | ✓ | ✓ |
| Ubuntu 20.04 (focal) | ✓ | ✓ | ✓ | ✓ | ✓ | | Ubuntu 20.04 (focal) | ✓ | ✓ | ✓ | ✓ | ✓ |
| Ubuntu 22.04 (jammy) | ✓ | ✓ | ✓ | ✓ | ✓ | | Ubuntu 22.04 (jammy) | ✓ | ✓ | ✓ | ✓ | ✓ |

5
tests/ansible/ansible.cfg
View file

@ -1,14 +1,15 @@
[defaults] [defaults]
pipelining = True pipelining = True
force_color = True force_color = True
nocows = True
# inventory = inventory.yml # inventory = inventory.yml
callbacks_enabled = timer callbacks_enabled = timer
# more compact and readable output # more compact and readable output
stdout_callback = debug stdout_callback = debug
display_skipped_hosts = no display_skipped_hosts = False
display_ok_hosts = yes display_ok_hosts = True
[ssh_connection] [ssh_connection]
ssh_args = -o ControlMaster=auto -o ControlPersist=60s ssh_args = -o ControlMaster=auto -o ControlPersist=60s

16
tests/ansible/prepare-run
View file

@ -14,7 +14,8 @@ shift
vagrant_dirs=("$@") vagrant_dirs=("$@")
if [[ $# -eq 0 ]]; then if [[ $# -eq 0 ]]; then
readarray -d '' vagrant_dirs < <(find vagrant -mindepth 1 -maxdepth 1 -type d -print0 | sort -z) # find all targets, with possibly weird names, don't go into subfolders (like 'experimental/')
readarray -d '' vagrant_dirs < <(find vagrant -mindepth 1 -maxdepth 1 -type d -print0 | sort -z | grep -z -v .vagrant)
fi fi
#shellcheck disable=SC1090 #shellcheck disable=SC1090
@ -26,12 +27,23 @@ export VAGRANT_FORCE_COLOR
for vm in "${vagrant_dirs[@]}"; do for vm in "${vagrant_dirs[@]}"; do
outfile="$(basename "${env}").out" outfile="$(basename "${env}").out"
pushd "${vm}" >/dev/null || exit pushd "${vm}" >/dev/null || exit
if [[ ! -f "Vagrantfile" ]]; then
popd >/dev/null || exit
continue
fi
echo "Prepare and run tests on ${vm}..."
if [[ -x "skip" ]]; then
if ! ./skip; then
popd >/dev/null || exit
continue
fi
fi
if [[ ! -f "${outfile}" ]]; then if [[ ! -f "${outfile}" ]]; then
vagrant up --no-provision vagrant up --no-provision
vagrant provision 2>&1 | tee "${outfile}" vagrant provision 2>&1 | tee "${outfile}"
vagrant destroy -f vagrant destroy -f
else else
echo "Skipping: ${vm}, file ${outfile} already exists." >&2 echo "skipping: ${vm}, file ${outfile} already exists." >&2
fi fi
popd >/dev/null || exit popd >/dev/null || exit
done done

10
tests/ansible/provision_dependencies.yml
View file

@ -9,8 +9,9 @@
name: gantsign.golang name: gantsign.golang
when: when:
- ansible_facts.system == 'Linux' - ansible_facts.system == 'Linux'
- ansible_facts.distribution != 'Alpine'
- name: "install Go (bsd)" - name: "install Go (bsd, alpine)"
hosts: all hosts: all
gather_facts: true gather_facts: true
become: true become: true
@ -19,7 +20,7 @@
name: go name: go
state: present state: present
when: when:
- ansible_facts.system == 'FreeBSD' - ansible_facts.system in ['FreeBSD', 'OpenBSD'] or ansible_facts.distribution == 'Alpine'
# required for jq and basic tools on centos and rhel # required for jq and basic tools on centos and rhel
- name: "enable EPEL repository (RedHat)" - name: "enable EPEL repository (RedHat)"
@ -32,7 +33,7 @@
epel_repo_disable: false epel_repo_disable: false
when: when:
- ansible_facts.os_family == 'RedHat' - ansible_facts.os_family == 'RedHat'
- ansible_facts.distribution != 'Fedora' - (ansible_facts.distribution != 'Fedora') and (ansible_facts.distribution != 'Amazon')
- name: "apply common configuration to all nodes" - name: "apply common configuration to all nodes"
hosts: all hosts: all
@ -51,6 +52,9 @@
tasks: tasks:
- ansible.builtin.include_role: - ansible.builtin.include_role:
name: geerlingguy.postgresql name: geerlingguy.postgresql
# enable this for debugging
#vars:
# postgres_users_no_log: false
when: when:
- lookup('ansible.builtin.env', 'DB_BACKEND') in ['pgx', 'postgres'] - lookup('ansible.builtin.env', 'DB_BACKEND') in ['pgx', 'postgres']

5
tests/ansible/requirements.yml
View file

@ -1,6 +1,9 @@
--- ---
- src: geerlingguy.mysql - src: geerlingguy.mysql
- src: geerlingguy.postgresql
- src: geerlingguy.repo-epel - src: geerlingguy.repo-epel
- src: gantsign.golang - src: gantsign.golang
- src: https://github.com/crowdsecurity/ansible-role-postgresql
version: crowdsec
name: geerlingguy.postgresql

1
tests/ansible/roles/bats_requirements/defaults/main.yml
View file

@ -1,4 +1,5 @@
--- ---
build_bash: false build_bash: false
bash_version: 5.1.16
build_daemonize: (ansible_facts.distribution == "Ubuntu" and ansible_facts.distribution == '16.04') or ansible_facts.distribution == 'Amazon' build_daemonize: (ansible_facts.distribution == "Ubuntu" and ansible_facts.distribution == '16.04') or ansible_facts.distribution == 'Amazon'

39
tests/ansible/roles/bats_requirements/tasks/bash.yml
View file

@ -1,51 +1,42 @@
--- ---
- name: "look up bash version" - name: "check if we need to build bash"
become: false become: false
block:
- name: "look up bash version"
ansible.builtin.package_facts: ansible.builtin.package_facts:
- name: "bash version found"
- name: "bash version found"
become: false
ansible.builtin.debug: ansible.builtin.debug:
var: ansible_facts.packages['bash'][0].version var: ansible_facts.packages['bash'][0].version
- name: "check if bash is too old (<4.4)"
- name: "check if bash needs building (<4.4)"
become: false
ansible.builtin.set_fact: ansible.builtin.set_fact:
build_bash: "{{ ansible_facts.packages['bash'][0].version is version('4.4', '<') }}" build_bash: "{{ ansible_facts.packages['bash'][0].version is version('4.4', '<') }}"
- name: "build bash: download" - name: "build bash"
block:
- name: "build bash: download"
become: false become: false
ansible.builtin.unarchive: ansible.builtin.unarchive:
src: http://ftp.gnu.org/gnu/bash/bash-5.1.16.tar.gz src: http://ftp.gnu.org/gnu/bash/bash-{{ bash_version }}.tar.gz
dest: "{{ ansible_env.HOME }}" dest: "{{ ansible_env.HOME }}"
remote_src: true remote_src: true
creates: "{{ ansible_env.HOME }}/bash-5.1.16" creates: "{{ ansible_env.HOME }}/bash-{{ bash_version }}"
when: - name: "build bash: configure"
- build_bash
- name: "build bash: configure"
become: false become: false
ansible.builtin.command: ansible.builtin.command:
cmd: "./configure --prefix=/opt/bash" cmd: "./configure --prefix=/opt/bash"
creates: ./Makefile creates: ./Makefile
chdir: "{{ ansible_env.HOME }}/bash-5.1.16" chdir: "{{ ansible_env.HOME }}/bash-{{ bash_version }}"
when: - name: "build bash: create /opt/bash"
- build_bash
- name: "build bash: create /opt/bash"
become: true become: true
ansible.builtin.file: ansible.builtin.file:
path: /opt/bash path: /opt/bash
state: directory state: directory
mode: 0o755 mode: 0o755
when: - name: "build bash: make install"
- build_bash
- name: "build bash: make install"
become: true become: true
ansible.builtin.command: ansible.builtin.command:
cmd: "make install" cmd: "make install"
creates: /opt/bash/bin/bash creates: /opt/bash/bin/bash
chdir: "{{ ansible_env.HOME }}/bash-5.1.16" chdir: "{{ ansible_env.HOME }}/bash-{{ bash_version }}"
when: when:
- build_bash - build_bash

25
tests/ansible/roles/bats_requirements/tasks/daemonize.yml
View file

@ -7,29 +7,36 @@
when: when:
- not build_daemonize - not build_daemonize
- name: "build daemonize: git checkout" - name: "build daemonize"
block:
- name: "build daemonize: git checkout"
become: false become: false
ansible.builtin.git: ansible.builtin.git:
repo: https://github.com/bmc/daemonize repo: https://github.com/bmc/daemonize
dest: "{{ ansible_env.HOME }}/daemonize" dest: "{{ ansible_env.HOME }}/daemonize"
version: release-1.7.8 version: release-1.7.8
when: - name: "build daemonize: configure"
- build_daemonize
- name: "build daemonize: configure"
become: false become: false
ansible.builtin.command: ansible.builtin.command:
cmd: "./configure --prefix=/usr/local" cmd: "./configure --prefix=/usr/local"
creates: ./Makefile creates: ./Makefile
chdir: "{{ ansible_env.HOME }}/daemonize" chdir: "{{ ansible_env.HOME }}/daemonize"
when: - name: "build daemonize: make install (linux)"
- build_daemonize
- name: "build daemonize: make install"
become: true become: true
ansible.builtin.command: ansible.builtin.command:
cmd: "make all install" cmd: "make all install"
creates: /usr/local/sbin/daemonize creates: /usr/local/sbin/daemonize
chdir: "{{ ansible_env.HOME }}/daemonize" chdir: "{{ ansible_env.HOME }}/daemonize"
when:
- ansible_facts.system == 'Linux'
- name: "build daemonize: make install (bsd)"
become: true
ansible.builtin.command:
cmd: "gmake all install"
creates: /usr/local/sbin/daemonize
chdir: "{{ ansible_env.HOME }}/daemonize"
when:
- ansible_facts.system in ['FreeBSD', 'OpenBSD']
when: when:
- build_daemonize - build_daemonize

17
tests/ansible/roles/bats_requirements/tasks/main.yml
View file

@ -1,11 +1,12 @@
--- ---
- name: "install bash" - name: "install bash"
ansible.builtin.import_tasks: bash.yml ansible.builtin.import_tasks: bash.yml
when:
# openbsd is not supported by the package_facts module, let's assume bash is ok
- ansible_facts.system != 'OpenBSD'
- name: "Install daemonize" - name: "Install daemonize"
ansible.builtin.import_tasks: daemonize.yml ansible.builtin.import_tasks: daemonize.yml
when:
- ansible_facts.system == 'Linux'
- name: "install netcat" - name: "install netcat"
ansible.builtin.import_tasks: netcat.yml ansible.builtin.import_tasks: netcat.yml
@ -18,6 +19,8 @@
- jq - jq
- openssl - openssl
- python3 - python3
when:
- ansible_facts.distribution != 'Gentoo'
- name: "install bc (!freebsd)" - name: "install bc (!freebsd)"
become: true become: true
@ -28,13 +31,13 @@
- ansible_facts.system == 'Linux' - ansible_facts.system == 'Linux'
# base64 for linux is in coreutils # base64 for linux is in coreutils
- name: "install base64 (freebsd)" - name: "install base64 (bsd)"
become: true become: true
ansible.builtin.package: ansible.builtin.package:
name: name:
- base64 - base64
when: when:
- ansible_facts.system == 'FreeBSD' - ansible_facts.system in ['FreeBSD', 'OpenBSD']
- name: "install pidof (Amazon)" - name: "install pidof (Amazon)"
become: true become: true
@ -44,12 +47,6 @@
when: when:
- ansible_facts.distribution == 'Amazon' - ansible_facts.distribution == 'Amazon'
- name: "install gcc (for go-sqlite, needs cgo)"
become: true
ansible.builtin.package:
name:
- gcc
- name: "install cfssl" - name: "install cfssl"
become: true become: true
ansible.builtin.command: ansible.builtin.command:

17
tests/ansible/roles/bats_requirements/tasks/netcat.yml
View file

@ -1,5 +1,5 @@
--- ---
- name: "install netcat (Amazon, Fedora, CentOS)" - name: "install netcat (Amazon, Fedora, CentOS, Oracle)"
become: true become: true
ansible.builtin.package: ansible.builtin.package:
name: name:
@ -13,22 +13,13 @@
name: name:
- netcat - netcat
when: when:
- (ansible_facts.distribution == 'RedHat') or (ansible_facts.distribution == 'AlmaLinux') - (ansible_facts.distribution == 'RedHat') or (ansible_facts.distribution == 'AlmaLinux') or (ansible_facts.distribution == 'Rocky')
# "netcat" does not exist in some versions (only -traditional or -openbsd) # "netcat" does not exist in some Debian versions (only -traditional or -openbsd)
- name: "install netcat (Debian)"
become: true
ansible.builtin.package:
name:
- netcat-traditional
when:
- ansible_facts.os_family == "Debian"
# "netcat" does not exist in some versions (only -traditional or -openbsd)
- name: "install netcat (Suse)" - name: "install netcat (Suse)"
become: true become: true
ansible.builtin.package: ansible.builtin.package:
name: name:
- netcat-openbsd - netcat-openbsd
when: when:
- ansible_facts.os_family == "Suse" - ansible_facts.os_family in ["Debian", "Suse"]

4
tests/ansible/roles/common/tasks/main.yml
View file

@ -22,10 +22,10 @@
when: when:
- ansible_facts.system == "Linux" - ansible_facts.system == "Linux"
- name: "install gmake (FreeBSD)" - name: "install gmake (bsd)"
become: true become: true
ansible.builtin.package: ansible.builtin.package:
name: name:
- gmake - gmake
when: when:
- ansible_facts.system == "FreeBSD" - ansible_facts.system in ['FreeBSD', 'OpenBSD']

22
tests/ansible/roles/install_crowdsec_package/tasks/install_from_deb.yml
View file

@ -5,34 +5,30 @@
when: when:
- (package_dir is defined) and (package_dir | length > 0) - (package_dir is defined) and (package_dir | length > 0)
- name: "look for .deb file matching package_file" - name: "install crowdsec from package_file"
become: true
block:
- name: "look for file matching package_file"
ansible.builtin.set_fact: ansible.builtin.set_fact:
found_file: "{{ item }}" found_file: "{{ item }}"
with_fileglob: with_fileglob:
- "{{ package_file }}" - "{{ package_file }}"
when:
- (package_file is defined) and (package_file | length > 0)
- name: "check found_file" - name: "check found_file"
ansible.builtin.fail: ansible.builtin.fail:
msg: "No file found matching {{ package_file }}" msg: "No file found matching {{ package_file }}"
when: when:
- found_file is not defined - found_file is not defined
- (package_file is defined) and (package_file | length > 0)
- name: "copy built file for deb-like" - name: "copy {{ found_file }}"
become: false
ansible.builtin.copy: ansible.builtin.copy:
src: "{{ found_file }}" src: "{{ found_file }}"
dest: "{{ ansible_env.HOME }}/crowdsec.deb" dest: "/root/crowdsec.deb"
mode: 0o644 mode: 0o644
when:
- (package_file is defined) and (package_file | length > 0)
- name: "install crowdsec on deb-like" - name: "install crowdsec"
become: true
ansible.builtin.apt: ansible.builtin.apt:
deb: "{{ ansible_env.HOME }}/crowdsec.deb" deb: "/root/crowdsec.deb"
allow_downgrade: true allow_downgrade: true
when: when:
- (package_file is defined) and (package_file | length > 0) - (package_file is defined) and (package_file | length > 0)

20
tests/ansible/roles/install_crowdsec_package/tasks/install_from_deb_repo.yml
View file

@ -6,28 +6,22 @@
- apt-transport-https - apt-transport-https
- gnupg - gnupg
- name: "install crowdsec repo [1/2] (*.deb)" - name: "install crowdsec from the package repository"
become: true become: true
block:
- name: "stable apt repo key"
ansible.builtin.apt_key: ansible.builtin.apt_key:
url: https://packagecloud.io/crowdsec/crowdsec/gpgkey url: https://packagecloud.io/crowdsec/crowdsec/gpgkey
- name: "stable apt repo"
- name: "add crowdsec repo [2/2] (*.deb)"
become: true
ansible.builtin.apt_repository: ansible.builtin.apt_repository:
repo: deb https://packagecloud.io/crowdsec/crowdsec/{{ ansible_facts.distribution | lower }}/ {{ ansible_facts.distribution_release }} main repo: deb https://packagecloud.io/crowdsec/crowdsec/{{ ansible_facts.distribution | lower }}/ {{ ansible_facts.distribution_release }} main
- name: "testing apt repo key"
- name: "install crowdsec testing repo [1/2] (*.deb)"
become: true
ansible.builtin.apt_key: ansible.builtin.apt_key:
url: https://packagecloud.io/crowdsec/crowdsec-testing/gpgkey url: https://packagecloud.io/crowdsec/crowdsec-testing/gpgkey
- name: "testing apt repo"
- name: "add crowdsec testing repo [1/2] (*.deb)"
become: true
ansible.builtin.apt_repository: ansible.builtin.apt_repository:
repo: deb https://packagecloud.io/crowdsec/crowdsec-testing/{{ ansible_facts.distribution | lower }}/ {{ ansible_facts.distribution_release }} main repo: deb https://packagecloud.io/crowdsec/crowdsec-testing/{{ ansible_facts.distribution | lower }}/ {{ ansible_facts.distribution_release }} main
- name: "install crowdsec {{ package_vesion_deb }} with apt"
- name: "install crowdsec"
become: true
ansible.builtin.package: ansible.builtin.package:
name: name:
- crowdsec={{ package_version_deb }} - crowdsec={{ package_version_deb }}

22
tests/ansible/roles/install_crowdsec_package/tasks/install_from_rpm.yml
View file

@ -5,34 +5,30 @@
when: when:
- (package_dir is defined) and (package_dir | length > 0) - (package_dir is defined) and (package_dir | length > 0)
- name: "look for .rpm file matching package_file" - name: "install crowdsec from package_file"
become: true
block:
- name: "look for file matching package_file"
ansible.builtin.set_fact: ansible.builtin.set_fact:
found_file: "{{ item }}" found_file: "{{ item }}"
with_fileglob: with_fileglob:
- "{{ package_file }}" - "{{ package_file }}"
when:
- (package_file is defined) and (package_file | length > 0)
- name: "check found_file" - name: "check found_file"
ansible.builtin.fail: ansible.builtin.fail:
msg: "No file found matching {{ package_file }}" msg: "No file found matching {{ package_file }}"
when: when:
- found_file is not defined - found_file is not defined
- (package_file is defined) and (package_file | length > 0)
- name: "copy built file for rpm-like" - name: "copy {{ found_file }}"
become: false
ansible.builtin.copy: ansible.builtin.copy:
src: "{{ found_file }}" src: "{{ found_file }}"
dest: "{{ ansible_env.HOME }}/crowdsec.rpm" dest: "/root/crowdsec.rpm"
mode: 0o644 mode: 0o644
when:
- (package_file is defined) and (package_file | length > 0)
- name: "install crowdsec on rpm-like" - name: "install crowdsec"
become: true
ansible.builtin.yum: ansible.builtin.yum:
name: "{{ ansible_env.HOME }}/crowdsec.rpm" name: "/root/crowdsec.rpm"
disable_gpg_check: true disable_gpg_check: true
allow_downgrade: true allow_downgrade: true
when: when:

26
tests/ansible/roles/install_crowdsec_package/tasks/install_from_rpm_repo.yml
View file

@ -1,30 +1,28 @@
--- ---
- name: "download the rpm script" - name: "install crowdsec from the package repository"
become: true
block:
- name: "stable rpm repo script"
ansible.builtin.get_url: ansible.builtin.get_url:
url: https://packagecloud.io/install/repositories/crowdsec/crowdsec/script.rpm.sh url: https://packagecloud.io/install/repositories/crowdsec/crowdsec/script.rpm.sh
dest: "{{ ansible_env.HOME }}/rpm.sh" dest: "/root/rpm.sh"
mode: 0o775 mode: 0o775
- name: "stable rpm repo"
- name: "install crowdsec rpm repo"
become: true
ansible.builtin.command: ansible.builtin.command:
cmd: "{{ ansible_env.HOME }}/rpm.sh" cmd: "/root/rpm.sh"
changed_when: false changed_when: false
- name: "download the (testing) rpm script" - name: "testing rpm repo script"
ansible.builtin.get_url: ansible.builtin.get_url:
url: https://packagecloud.io/install/repositories/crowdsec/crowdsec-testing/script.rpm.sh url: https://packagecloud.io/install/repositories/crowdsec/crowdsec-testing/script.rpm.sh
dest: "{{ ansible_env.HOME }}/rpm-testing.sh" dest: "/root/rpm-testing.sh"
mode: 0o775 mode: 0o775
- name: "testing rpm repo"
- name: "install crowdsec (testing) rpm repo"
become: true
ansible.builtin.command: ansible.builtin.command:
cmd: "{{ ansible_env.HOME }}/rpm-testing.sh" cmd: "/root/rpm-testing.sh"
changed_when: false changed_when: false
- name: "install crowdsec" - name: "install crowdsec"
become: true
ansible.builtin.package: ansible.builtin.package:
name: name:
- crowdsec-{{ package_version_rpm }}.{{ releasever.replace('amzn2', 'el7').replace('ol7', 'el7').replace('ol8', 'el8') }} - crowdsec-{{ package_version_rpm }}.{{ releasever.replace('amzn2', 'el7').replace('ol7', 'el7').replace('ol8', 'el8') }}

85
tests/ansible/roles/install_crowdsec_package/tasks/main.yml
View file

@ -1,12 +1,46 @@
--- ---
- name: "set releasever for RedHat family"
ansible.builtin.set_fact:
releasever: "{{ release[ansible_facts.distribution] + ansible_facts.distribution_major_version }}"
vars:
release:
AlmaLinux: el
Amazon: amzn
CentOS: el
Fedora: fc
OracleLinux: ol
Rocky: el
when:
- ansible_facts.os_family == "RedHat"
- name: "system details" - name: "system details"
ansible.builtin.debug: ansible.builtin.debug:
msg: | msg: |
Distribution: {{ ansible_facts.distribution }} Distribution: {{ ansible_facts.distribution }}
Version: {{ ansible_facts.distribution_version }} Version: {{ ansible_facts.distribution_version }}
Major: {{ ansible_facts.distribution_major_version }} Major: {{ ansible_facts.distribution_major_version | default('n/a') }}
Release: {{ ansible_facts.distribution_release }} Release: {{ ansible_facts.distribution_release }}
Releasever: {{ releasever }} Releasever: {{ releasever | default('n/a') }}
- name: "hardcode master branch for the hub, temporary override before install (config.yaml.local)"
become: true
block:
- name: "create /etc/crowdsec"
ansible.builtin.file:
path: "/etc/crowdsec"
state: directory
mode: 0o0755
- name: "create /etc/crowdsec/config.yaml.local"
ansible.builtin.copy:
dest: "/etc/crowdsec/config.yaml.local"
content: "{{ config_yaml_local | to_nice_yaml }}"
mode: 0o600
vars:
config_yaml_local:
cscli:
hub_branch: master
when:
- (package_testing is defined) and (package_testing not in ['', 'false', 'False'])
- name: "install from binary repository (RedHat)" - name: "install from binary repository (RedHat)"
ansible.builtin.import_tasks: install_from_rpm_repo.yml ansible.builtin.import_tasks: install_from_rpm_repo.yml
@ -29,3 +63,50 @@
ansible.builtin.import_tasks: install_from_deb.yml ansible.builtin.import_tasks: install_from_deb.yml
when: when:
- ansible_facts.os_family == "Debian" - ansible_facts.os_family == "Debian"
- name: "hardcode master branch for the hub, for real this time"
become: true
block:
- name: "read config.yaml"
ansible.builtin.slurp:
path: "/etc/crowdsec/config.yaml"
register: config_yaml
- name: "create fact from config.yaml"
ansible.builtin.set_fact:
config_data: "{{ config_yaml['content'] | b64decode | from_yaml }}"
- name: "patch dictionary"
ansible.builtin.set_fact:
config_data: "{{ config_data | combine(config_patch, recursive=True) }}"
vars:
config_patch:
cscli:
hub_branch: master
- name: "write patched config.yaml"
ansible.builtin.copy:
content: '{{ config_data | to_nice_yaml }}'
dest: "/etc/crowdsec/config.yaml"
# preserve mode to be able to test permissions from package
mode: preserve
- name: "remove config.yaml.local"
ansible.builtin.file:
path: "/etc/crowdsec/config.yaml.local"
state: absent
when:
- (package_testing is defined) and (package_testing not in ['', 'false', 'False'])
# this is required to avoid fatal errors in case systemctl is not working (which happens on some aws instances)
- name: "override acquis.yaml for package testing"
become: true
ansible.builtin.copy:
dest: "/etc/crowdsec/acquis.yaml"
content: "{{ acquis_yaml | to_nice_yaml }}"
mode: preserve
vars:
acquis_yaml:
filenames:
- /tmp/should-not-exist.log
labels:
type: syslog
force_inotify: true
when:
- (package_testing is defined) and (package_testing not in ['', 'false', 'False'])

15
tests/ansible/roles/install_crowdsec_package/vars/main.yml
View file

@ -1,19 +1,8 @@
--- ---
release:
CentOS: el
Fedora: fc
Amazon: amzn
Debian: debian
Ubuntu: ubuntu
FreeBSD: freebsd
OracleLinux: ol
Rocky: el
AlmaLinux: el
openSUSE Leap: opensuse
releasever: "{{ release[ansible_facts.distribution] + ansible_facts.distribution_major_version }}"
package_version_deb: "{{ lookup('ansible.builtin.env', 'TEST_PACKAGE_VERSION_DEB') }}" package_version_deb: "{{ lookup('ansible.builtin.env', 'TEST_PACKAGE_VERSION_DEB') }}"
package_version_rpm: "{{ lookup('ansible.builtin.env', 'TEST_PACKAGE_VERSION_RPM') }}" package_version_rpm: "{{ lookup('ansible.builtin.env', 'TEST_PACKAGE_VERSION_RPM') }}"
package_file: "{{ lookup('ansible.builtin.env', 'TEST_PACKAGE_FILE') }}" package_file: "{{ lookup('ansible.builtin.env', 'TEST_PACKAGE_FILE') }}"
package_dir: "{{ lookup('ansible.builtin.env', 'TEST_PACKAGE_DIR') }}" package_dir: "{{ lookup('ansible.builtin.env', 'TEST_PACKAGE_DIR') }}"
package_testing: "{{ lookup('ansible.builtin.env', 'PACKAGE_TESTING') }}"

31
tests/ansible/roles/install_crowdsec_tests/tasks/main.yml
View file

@ -14,32 +14,28 @@
suite_zip: "{{ lookup('ansible.builtin.env', 'TEST_SUITE_ZIP') }}" suite_zip: "{{ lookup('ansible.builtin.env', 'TEST_SUITE_ZIP') }}"
when: lookup('ansible.builtin.env', 'TEST_SUITE_ZIP') | length>0 when: lookup('ansible.builtin.env', 'TEST_SUITE_ZIP') | length>0
- name: "install unzip" - name: "install tests from zip file"
block:
- name: "install unzip"
become: true become: true
ansible.builtin.package: ansible.builtin.package:
name: name:
- unzip - unzip
when:
- (suite_zip is defined) and (suite_zip|length > 0)
- name: "install tests: create crowdsec dir" - name: "install tests: create crowdsec dir"
become: false become: false
ansible.builtin.file: ansible.builtin.file:
path: "{{ ansible_env.HOME }}/crowdsec" path: "{{ ansible_env.HOME }}/crowdsec"
state: directory state: directory
mode: 0o700 mode: 0o700
when:
- (suite_zip is defined) and (suite_zip|length > 0)
- name: "install tests: extract crowdsec" - name: "install tests: extract crowdsec"
become: false become: false
ansible.builtin.unarchive: ansible.builtin.unarchive:
src: "{{ suite_zip }}" src: "{{ suite_zip }}"
dest: "{{ ansible_env.HOME }}/crowdsec" dest: "{{ ansible_env.HOME }}/crowdsec"
when:
- (suite_zip is defined) and (suite_zip|length > 0)
- name: "install tests: git submodules for bats" - name: "install tests: git submodules for bats"
become: false become: false
ansible.builtin.command: ansible.builtin.command:
cmd: "{{ item }}" cmd: "{{ item }}"
@ -50,19 +46,20 @@
when: when:
- (suite_zip is defined) and (suite_zip|length > 0) - (suite_zip is defined) and (suite_zip|length > 0)
- name: "install tests: checkout crowdsec"
- name: "install tests from repository"
block:
- name: "install tests: checkout crowdsec"
become: false become: false
ansible.builtin.git: ansible.builtin.git:
repo: "{{ suite_git }}" repo: "{{ suite_git }}"
dest: "{{ ansible_env.HOME }}/crowdsec" dest: "{{ ansible_env.HOME }}/crowdsec"
single_branch: true
version: "{{ suite_version }}" version: "{{ suite_version }}"
when:
- (suite_zip is not defined) or (suite_zip|length == 0)
- name: set safe.directory on crowdsec dir" # trust the dir if we need to test as root
become: false - name: set safe.directory on crowdsec dir"
ansible.builtin.git_config: become: true
community.general.git_config:
scope: global scope: global
name: safe.directory name: safe.directory
value: "{{ ansible_env.HOME }}/crowdsec" value: "{{ ansible_env.HOME }}/crowdsec"

41
tests/ansible/roles/make_fixture/tasks/main.yml
View file

@ -1,19 +1,20 @@
--- ---
- name: "set make_cmd = make (!freebsd)" - name: "set make_cmd = make (!bsd)"
ansible.builtin.set_fact: ansible.builtin.set_fact:
make_cmd: make make_cmd: make
when: when:
- ansible_facts.system != 'FreeBSD' - ansible_facts.system not in ['FreeBSD', 'OpenBSD']
- name: "set make_cmd = gmake (freebsd)" - name: "set make_cmd = gmake (bsd)"
ansible.builtin.set_fact: ansible.builtin.set_fact:
make_cmd: gmake make_cmd: gmake
when: when:
- ansible_facts.system == 'FreeBSD' - ansible_facts.system in ['FreeBSD', 'OpenBSD']
- name: "build crowdsec from sources, prepare test environment and fixture" - name: "build crowdsec from sources, prepare test environment and fixture"
become: false become: false
ansible.builtin.command: block:
- ansible.builtin.command:
cmd: "{{ make_cmd }} bats-build bats-fixture" cmd: "{{ make_cmd }} bats-build bats-fixture"
chdir: "{{ ansible_env.HOME }}/crowdsec" chdir: "{{ ansible_env.HOME }}/crowdsec"
creates: "{{ ansible_env.HOME }}/crowdsec/tests/local-init/init-config-data.tar" creates: "{{ ansible_env.HOME }}/crowdsec/tests/local-init/init-config-data.tar"
@ -23,11 +24,20 @@
# pidof -> /usr/sbin # pidof -> /usr/sbin
# bash -> /opt/bash/bin # bash -> /opt/bash/bin
PATH: "/opt/bash/bin:{{ ansible_env.PATH }}:{{ golang_install_dir }}/bin/:/usr/sbin:/usr/local/sbin" PATH: "/opt/bash/bin:{{ ansible_env.PATH }}:{{ golang_install_dir }}/bin/:/usr/sbin:/usr/local/sbin"
rescue:
- name: "read crowdsec.log"
ansible.builtin.slurp:
path: "{{ ansible_env.HOME }}/crowdsec/tests/local/var/log/crowdsec.log"
register: crowdsec_log
- name: "show crowdsec.log"
ansible.builtin.fail:
msg: "{{ crowdsec_log['content'] | b64decode }}"
when: (package_testing is not defined) or (package_testing in ['', 'false', 'False']) when: (package_testing is not defined) or (package_testing in ['', 'false', 'False'])
- name: "prepare test environment and fixture for binary package" - name: "prepare test environment and fixture for binary package"
become: true become: true
ansible.builtin.command: block:
- ansible.builtin.command:
cmd: "{{ make_cmd }} bats-environment bats-check-requirements bats-fixture" cmd: "{{ make_cmd }} bats-environment bats-check-requirements bats-fixture"
chdir: "{{ ansible_env.HOME }}/crowdsec" chdir: "{{ ansible_env.HOME }}/crowdsec"
creates: "{{ ansible_env.HOME }}/crowdsec/tests/local-init/init-config-data.tar" creates: "{{ ansible_env.HOME }}/crowdsec/tests/local-init/init-config-data.tar"
@ -38,18 +48,27 @@
# pidof -> /usr/sbin # pidof -> /usr/sbin
# bash -> /opt/bash/bin # bash -> /opt/bash/bin
PATH: "/opt/bash/bin:{{ ansible_env.PATH }}:/usr/sbin:/usr/local/sbin" PATH: "/opt/bash/bin:{{ ansible_env.PATH }}:/usr/sbin:/usr/local/sbin"
rescue:
- name: "read crowdsec.log"
ansible.builtin.slurp:
path: "/var/log/crowdsec.log"
register: crowdsec_log
- name: "show crowdsec.log"
ansible.builtin.fail:
msg: "{{ crowdsec_log['content'] | b64decode }}"
when: (package_testing is defined) and (package_testing not in ['', 'false', 'False']) when: (package_testing is defined) and (package_testing not in ['', 'false', 'False'])
- name: "read .environment.sh" - name: "debug - show environment"
become: false
block:
- name: "look for .environment.sh"
ansible.builtin.slurp: ansible.builtin.slurp:
src: "{{ ansible_env.HOME }}/crowdsec/tests/.environment.sh" src: "{{ ansible_env.HOME }}/crowdsec/tests/.environment.sh"
changed_when: false changed_when: false
register: envfile register: envfile
- name: "cat .environment.sh"
- name: "show .environment.sh"
ansible.builtin.debug: ansible.builtin.debug:
msg: "{{ envfile['content'] | b64decode }}" msg: "{{ envfile['content'] | b64decode }}"
- name: "show environment variables"
- name: "show environment variables"
ansible.builtin.debug: ansible.builtin.debug:
msg: "{{ ansible_env | to_nice_yaml }}" msg: "{{ ansible_env | to_nice_yaml }}"

68
tests/ansible/roles/run_func_tests/tasks/main.yml
View file

@ -1,18 +1,15 @@
--- ---
- name: "create /lib/systemd/system/crowdsec.service.d" - name: "tweak systemd configuration for tests"
become: true become: true
block:
- name: "create /lib/systemd/system/crowdsec.service.d"
ansible.builtin.file: ansible.builtin.file:
owner: root owner: root
group: root group: root
mode: 0o755 mode: 0o755
path: /lib/systemd/system/crowdsec.service.d path: /lib/systemd/system/crowdsec.service.d
state: directory state: directory
when: - name: "override StartLimitBurst"
- (package_testing is defined) and (package_testing not in ['', 'false', 'False'])
- ansible_facts.os_family in ["RedHat", "Debian"]
- name: "override StartLimitBurst"
become: true
ansible.builtin.ini_file: ansible.builtin.ini_file:
dest: /lib/systemd/system/crowdsec.service.d/startlimitburst.conf dest: /lib/systemd/system/crowdsec.service.d/startlimitburst.conf
owner: root owner: root
@ -21,18 +18,25 @@
section: Service section: Service
option: StartLimitBurst option: StartLimitBurst
value: 100 value: 100
when: - name: "systemctl daemon-reload"
- (package_testing is defined) and (package_testing not in ['', 'false', 'False'])
- ansible_facts.os_family in ["RedHat", "Debian"]
- name: "systemctl daemon-reload"
become: true
ansible.builtin.systemd: ansible.builtin.systemd:
daemon_reload: true daemon_reload: true
when: when:
- (package_testing is defined) and (package_testing not in ['', 'false', 'False']) - (package_testing is defined) and (package_testing not in ['', 'false', 'False'])
- ansible_facts.os_family in ["RedHat", "Debian"] - ansible_facts.os_family in ["RedHat", "Debian"]
- name: "debug - show environment.sh"
become: false
block:
- name: "look for .environment.sh"
ansible.builtin.slurp:
src: "{{ ansible_env.HOME }}/crowdsec/tests/.environment.sh"
changed_when: false
register: envfile
- name: "cat .environment.sh"
ansible.builtin.debug:
msg: "{{ envfile['content'] | b64decode }}"
- name: "search for test scripts" - name: "search for test scripts"
become: false become: false
ansible.builtin.find: ansible.builtin.find:
@ -40,19 +44,10 @@
pattern: "*.bats" pattern: "*.bats"
register: testfiles register: testfiles
- name: "read .environment.sh"
ansible.builtin.slurp:
src: "{{ ansible_env.HOME }}/crowdsec/tests/.environment.sh"
changed_when: false
register: envfile
- name: "show .environment.sh"
ansible.builtin.debug:
msg: "{{ envfile['content'] | b64decode }}"
- name: "run BATS tests for source build" - name: "run BATS tests for source build"
ignore_errors: false
become: false become: false
block:
- name: "run test scripts"
ansible.builtin.command: ansible.builtin.command:
cmd: tests/run-tests {{ item.path }} cmd: tests/run-tests {{ item.path }}
chdir: "{{ ansible_env.HOME }}/crowdsec" chdir: "{{ ansible_env.HOME }}/crowdsec"
@ -65,13 +60,23 @@
# bash -> /opt/bash/bin # bash -> /opt/bash/bin
PATH: "/opt/bash/bin:{{ ansible_env.PATH }}:/usr/sbin:/usr/local/sbin" PATH: "/opt/bash/bin:{{ ansible_env.PATH }}:/usr/sbin:/usr/local/sbin"
changed_when: false changed_when: false
when:
- (item.path | basename) not in skip_tests.split(',')
rescue:
- name: "read crowdsec.log"
ansible.builtin.slurp:
path: "{{ ansible_env.HOME }}/crowdsec/tests/local/var/log/crowdsec.log"
register: crowdsec_log
- name: "show crowdsec.log"
ansible.builtin.fail:
msg: "{{ crowdsec_log['content'] | b64decode }}"
when: when:
- (package_testing is not defined) or (package_testing in ['', 'false', 'False']) - (package_testing is not defined) or (package_testing in ['', 'false', 'False'])
- (item.path | basename) not in skip_tests.split(',')
- name: "run BATS tests for binary package" - name: "run BATS tests for binary package"
ignore_errors: false
become: true become: true
block:
- name: "run test scripts"
ansible.builtin.command: ansible.builtin.command:
cmd: tests/run-tests {{ item.path }} cmd: tests/run-tests {{ item.path }}
chdir: "{{ ansible_env.HOME }}/crowdsec" chdir: "{{ ansible_env.HOME }}/crowdsec"
@ -85,5 +90,14 @@
PATH: "/opt/bash/bin:{{ ansible_env.PATH }}:/usr/sbin:/usr/local/sbin" PATH: "/opt/bash/bin:{{ ansible_env.PATH }}:/usr/sbin:/usr/local/sbin"
changed_when: false changed_when: false
when: when:
- (package_testing is defined) and (package_testing not in ['', 'false', 'False'])
- (item.path | basename) not in skip_tests.split(',') - (item.path | basename) not in skip_tests.split(',')
rescue:
- name: "read crowdsec.log"
ansible.builtin.slurp:
path: "/var/log/crowdsec.log"
register: crowdsec_log
- name: "show crowdsec.log"
ansible.builtin.fail:
msg: "{{ crowdsec_log['content'] | b64decode }}"
when:
- (package_testing is defined) and (package_testing not in ['', 'false', 'False'])

2
tests/ansible/vagrant/Vagrantfile.common
View file

@ -1,7 +1,7 @@
Vagrant.configure("2") do |config| Vagrant.configure("2") do |config|
config.vm.provider :libvirt do |libvirt| config.vm.provider :libvirt do |libvirt|
libvirt.cpus = 1 libvirt.cpus = 1
libvirt.memory = 1024 libvirt.memory = 1536
end end
config.vm.synced_folder '.', '/vagrant', disabled: true config.vm.synced_folder '.', '/vagrant', disabled: true

8
tests/ansible/vagrant/zz-amazon-linux-2/Vagrantfile → tests/ansible/vagrant/alma-8/Vagrantfile vendored
View file

@ -1,6 +1,6 @@
Vagrant.configure("2") do |config|
config.vm.box = "generic/alma8"
end
common = '../Vagrantfile.common' common = '../Vagrantfile.common'
load common if File.exists?(common) load common if File.exists?(common)
Vagrant.configure("2") do |config|
config.vm.box = "cloudnatives/amazon-linux-2"
end

6
tests/ansible/vagrant/alma-9/Vagrantfile vendored
View file

@ -1,6 +1,6 @@
common = '../Vagrantfile.common'
load common if File.exists?(common)
Vagrant.configure("2") do |config| Vagrant.configure("2") do |config|
config.vm.box = "generic/alma9" config.vm.box = "generic/alma9"
end end
common = '../Vagrantfile.common'
load common if File.exists?(common)

6
tests/ansible/vagrant/centos-7/Vagrantfile vendored
View file

@ -1,6 +1,6 @@
common = '../Vagrantfile.common'
load common if File.exists?(common)
Vagrant.configure("2") do |config| Vagrant.configure("2") do |config|
config.vm.box = "centos/7" config.vm.box = "centos/7"
end end
common = '../Vagrantfile.common'
load common if File.exists?(common)

11
tests/ansible/vagrant/centos-7/skip Executable file
View file

@ -0,0 +1,11 @@
#!/bin/sh
die() {
echo "$@" >&2
exit 1
}
# postgres is too old on this distribution
[ "${DB_BACKEND}" = "postgres" ] && die "skipping: postgres too old"
[ "${DB_BACKEND}" = "pgx" ] && die "skipping: postgres too old"
exit 0

6
tests/ansible/vagrant/centos-8/Vagrantfile vendored
View file

@ -1,6 +1,6 @@
common = '../Vagrantfile.common'
load common if File.exists?(common)
Vagrant.configure("2") do |config| Vagrant.configure("2") do |config|
config.vm.box = "centos/stream8" config.vm.box = "centos/stream8"
end end
common = '../Vagrantfile.common'
load common if File.exists?(common)

6
tests/ansible/vagrant/centos-9/Vagrantfile vendored
View file

@ -1,6 +1,6 @@
common = '../Vagrantfile.common'
load common if File.exists?(common)
Vagrant.configure("2") do |config| Vagrant.configure("2") do |config|
config.vm.box = "generic/centos9s" config.vm.box = "generic/centos9s"
end end
common = '../Vagrantfile.common'
load common if File.exists?(common)

6
tests/ansible/vagrant/debian-10-buster/Vagrantfile vendored
View file

@ -1,6 +1,6 @@
common = '../Vagrantfile.common'
load common if File.exists?(common)
Vagrant.configure("2") do |config| Vagrant.configure("2") do |config|
config.vm.box = "debian/buster64" config.vm.box = "debian/buster64"
end end
common = '../Vagrantfile.common'
load common if File.exists?(common)

6
tests/ansible/vagrant/debian-11-bullseye/Vagrantfile vendored
View file

@ -1,6 +1,6 @@
common = '../Vagrantfile.common'
load common if File.exists?(common)
Vagrant.configure("2") do |config| Vagrant.configure("2") do |config|
config.vm.box = "debian/bullseye64" config.vm.box = "debian/bullseye64"
end end
common = '../Vagrantfile.common'
load common if File.exists?(common)

6
tests/ansible/vagrant/debian-9-stretch/Vagrantfile vendored
View file

@ -1,6 +1,6 @@
common = '../Vagrantfile.common'
load common if File.exists?(common)
Vagrant.configure("2") do |config| Vagrant.configure("2") do |config|
config.vm.box = "debian/stretch64" config.vm.box = "debian/stretch64"
end end
common = '../Vagrantfile.common'
load common if File.exists?(common)

11
tests/ansible/vagrant/debian-9-stretch/skip Executable file
View file

@ -0,0 +1,11 @@
#!/bin/sh
die() {
echo "$@" >&2
exit 1
}
# postgres is too old on this distribution
[ "${DB_BACKEND}" = "postgres" ] && die "skipping: postgres too old"
[ "${DB_BACKEND}" = "pgx" ] && die "skipping: postgres too old"
exit 0

6
tests/ansible/vagrant/debian-testing/Vagrantfile vendored
View file

@ -1,6 +1,6 @@
common = '../Vagrantfile.common'
load common if File.exists?(common)
Vagrant.configure("2") do |config| Vagrant.configure("2") do |config|
config.vm.box = "debian/testing64" config.vm.box = "debian/testing64"
end end
common = '../Vagrantfile.common'
load common if File.exists?(common)

18
tests/ansible/vagrant/experimental/alpine-3.16/Vagrantfile vendored Normal file
View file

@ -0,0 +1,18 @@
Vagrant.configure("2") do |config|
config.vm.box = "generic/alpine316"
config.vm.provision "shell", path: "bootstrap"
config.vm.provider :libvirt do |libvirt|
libvirt.cpus = 1
libvirt.memory = 1536
end
config.vm.synced_folder '.', '/vagrant', disabled: true
config.vm.provision "ansible" do |ansible|
# ansible.verbose = "vvvv"
ansible.config_file = "../../../ansible.cfg"
ansible.playbook = "../../../run_all.yml"
end
end

5
tests/ansible/vagrant/experimental/alpine-3.16/bootstrap Executable file
View file

@ -0,0 +1,5 @@
#!/bin/sh
unset IFS
set -euf
sudo apk add python3 go tar procps netcat-openbsd

9
tests/ansible/vagrant/experimental/alpine-3.16/skip Executable file
View file

@ -0,0 +1,9 @@
#!/bin/sh
die() {
echo "$@" >&2
exit 1
}
[ "${PACKAGE_TESTING}" = "true" ] && die "no package available for this distribution"
exit 0

17
tests/ansible/vagrant/experimental/amazon-linux-2/Vagrantfile vendored Normal file
View file

@ -0,0 +1,17 @@
Vagrant.configure("2") do |config|
config.vm.box = "cloudnatives/amazon-linux-2"
config.vm.provider :libvirt do |libvirt|
libvirt.cpus = 1
libvirt.memory = 1536
end
config.vm.synced_folder '.', '/vagrant', disabled: true
config.vm.provision "ansible" do |ansible|
# ansible.verbose = "vvvv"
ansible.config_file = "../../../ansible.cfg"
ansible.playbook = "../../../run_all.yml"
end
end

3
tests/ansible/vagrant/experimental/amazon-linux-2/issues.txt Normal file
View file

@ -0,0 +1,3 @@
The file 70_http_plugin.bats hangs forever when run from ansible on amzn2, but all tests pass when run from ssh.

17
tests/ansible/vagrant/experimental/arch/Vagrantfile vendored Normal file
View file

@ -0,0 +1,17 @@
Vagrant.configure("2") do |config|
config.vm.box = "generic/arch"
config.vm.provider :libvirt do |libvirt|
libvirt.cpus = 1
libvirt.memory = 1536
end
config.vm.synced_folder '.', '/vagrant', disabled: true
config.vm.provision "ansible" do |ansible|
# ansible.verbose = "vvvv"
ansible.config_file = "../../../ansible.cfg"
ansible.playbook = "../../../run_all.yml"
end
end

17
tests/ansible/vagrant/experimental/devuan-3/Vagrantfile vendored Normal file
View file

@ -0,0 +1,17 @@
Vagrant.configure("2") do |config|
config.vm.box = "generic/devuan3"
config.vm.provider :libvirt do |libvirt|
libvirt.cpus = 1
libvirt.memory = 1536
end
config.vm.synced_folder '.', '/vagrant', disabled: true
config.vm.provision "ansible" do |ansible|
# ansible.verbose = "vvvv"
ansible.config_file = "../../../ansible.cfg"
ansible.playbook = "../../../run_all.yml"
end
end

9
tests/ansible/vagrant/experimental/devuan-3/skip Executable file
View file

@ -0,0 +1,9 @@
#!/bin/sh
die() {
echo "$@" >&2
exit 1
}
[ "${PACKAGE_TESTING}" = "true" ] && die "no package available for this distribution"
exit 0

17
tests/ansible/vagrant/experimental/dragonflybsd-6/Vagrantfile vendored Normal file
View file

@ -0,0 +1,17 @@
Vagrant.configure("2") do |config|
config.vm.box = "generic/dragonflybsd6"
config.vm.provider :libvirt do |libvirt|
libvirt.cpus = 1
libvirt.memory = 1536
end
config.vm.synced_folder '.', '/vagrant', disabled: true
config.vm.provision "ansible" do |ansible|
# ansible.verbose = "vvvv"
ansible.config_file = "../../../ansible.cfg"
ansible.playbook = "../../../run_all.yml"
end
end

18
tests/ansible/vagrant/experimental/gentoo/Vagrantfile vendored Normal file
View file

@ -0,0 +1,18 @@
Vagrant.configure("2") do |config|
config.vm.box = "generic/gentoo"
config.vm.provision "shell", path: "bootstrap"
config.vm.provider :libvirt do |libvirt|
libvirt.cpus = 1
libvirt.memory = 1536
end
config.vm.synced_folder '.', '/vagrant', disabled: true
config.vm.provision "ansible" do |ansible|
# ansible.verbose = "vvvv"
ansible.config_file = "../../../ansible.cfg"
ansible.playbook = "../../../run_all.yml"
end
end

3
tests/ansible/vagrant/experimental/gentoo/bootstrap Executable file
View file

@ -0,0 +1,3 @@
#!/bin/sh
sudo emerge --quiet app-portage/gentoolkit dev-vcs/git net-misc/curl app-misc/jq net-analyzer/openbsd-netcat

18
tests/ansible/vagrant/experimental/hardenedbsd-13/Vagrantfile vendored Normal file
View file

@ -0,0 +1,18 @@
Vagrant.configure("2") do |config|
config.vm.box = "generic/hardenedbsd13"
config.vm.provision "shell", path: "bootstrap"
config.vm.provider :libvirt do |libvirt|
libvirt.cpus = 1
libvirt.memory = 1536
end
config.vm.synced_folder '.', '/vagrant', disabled: true
config.vm.provision "ansible" do |ansible|
# ansible.verbose = "vvvv"
ansible.config_file = "../../../ansible.cfg"
ansible.playbook = "../../../run_all.yml"
end
end

5
tests/ansible/vagrant/experimental/hardenedbsd-13/bootstrap Executable file
View file

@ -0,0 +1,5 @@
#!/bin/sh
unset IFS
set -euf
sudo pkg install python3

9
tests/ansible/vagrant/experimental/hardenedbsd-13/skip Executable file
View file

@ -0,0 +1,9 @@
#!/bin/sh
die() {
echo "$@" >&2
exit 1
}
[ "${PACKAGE_TESTING}" = "true" ] && die "no package available for this distribution"
exit 0

18
tests/ansible/vagrant/experimental/netbsd-9/Vagrantfile vendored Normal file
View file

@ -0,0 +1,18 @@
Vagrant.configure("2") do |config|
config.vm.box = "generic/netbsd9"
# config.vm.provision "shell", path: "bootstrap"
config.vm.provider :libvirt do |libvirt|
libvirt.cpus = 1
libvirt.memory = 1536
end
config.vm.synced_folder '.', '/vagrant', disabled: true
config.vm.provision "ansible" do |ansible|
# ansible.verbose = "vvvv"
ansible.config_file = "../../../ansible.cfg"
ansible.playbook = "../../../run_all.yml"
end
end

18
tests/ansible/vagrant/experimental/openbsd-7/Vagrantfile vendored Normal file
View file

@ -0,0 +1,18 @@
Vagrant.configure("2") do |config|
config.vm.box = "generic/openbsd7"
config.vm.provision "shell", path: "bootstrap"
config.vm.provider :libvirt do |libvirt|
libvirt.cpus = 1
libvirt.memory = 1536
end
config.vm.synced_folder '.', '/vagrant', disabled: true
config.vm.provision "ansible" do |ansible|
# ansible.verbose = "vvvv"
ansible.config_file = "../../../ansible.cfg"
ansible.playbook = "../../../run_all.yml"
end
end

6
tests/ansible/vagrant/experimental/openbsd-7/bootstrap Executable file
View file

@ -0,0 +1,6 @@
#!/bin/sh
unset IFS
set -euf
sudo pkg_add -u
sudo pkg_add python-3.9.13 py3-pip gcc-11.2.0p2 openssl-3.0.3p0 gtar-1.34 truncate-5.2.1

9
tests/ansible/vagrant/experimental/openbsd-7/skip Executable file
View file

@ -0,0 +1,9 @@
#!/bin/sh
die() {
echo "$@" >&2
exit 1
}
[ "${PACKAGE_TESTING}" = "true" ] && die "no package available for this distribution"
exit 0

18
tests/ansible/vagrant/experimental/opensuse-15.4/Vagrantfile vendored Normal file
View file

@ -0,0 +1,18 @@
Vagrant.configure("2") do |config|
config.vm.box = "opensuse/Leap-15.4.x86_64"
config.vm.provision "shell", path: "bootstrap"
config.vm.provider :libvirt do |libvirt|
libvirt.cpus = 1
libvirt.memory = 1536
end
config.vm.synced_folder '.', '/vagrant', disabled: true
config.vm.provision "ansible" do |ansible|
# ansible.verbose = "vvvv"
ansible.config_file = "../../../ansible.cfg"
ansible.playbook = "../../../run_all.yml"
end
end

18
tests/ansible/vagrant/experimental/ubuntu-14.04-trusty/Vagrantfile vendored Normal file
View file

@ -0,0 +1,18 @@
Vagrant.configure("2") do |config|
config.vm.box = "peru/ubuntu-14.04-server-amd64"
config.vm.box_version = "20190901.01"
config.vm.provider :libvirt do |libvirt|
libvirt.cpus = 1
libvirt.memory = 1536
end
config.vm.synced_folder '.', '/vagrant', disabled: true
config.vm.provision "ansible" do |ansible|
# ansible.verbose = "vvvv"
ansible.config_file = "../../../ansible.cfg"
ansible.playbook = "../../../run_all.yml"
end
end

6
tests/ansible/vagrant/fedora-33/Vagrantfile vendored
View file

@ -1,8 +1,8 @@
common = '../Vagrantfile.common'
load common if File.exists?(common)
Vagrant.configure("2") do |config| Vagrant.configure("2") do |config|
# the official boxes seem to have issues with journalctl # the official boxes seem to have issues with journalctl
# config.vm.box = "fedora/33-cloud-base" # config.vm.box = "fedora/33-cloud-base"
config.vm.box = "generic/fedora33" config.vm.box = "generic/fedora33"
end end
common = '../Vagrantfile.common'
load common if File.exists?(common)

9
tests/ansible/vagrant/fedora-33/skip Executable file
View file

@ -0,0 +1,9 @@
#!/bin/sh
die() {
echo "$@" >&2
exit 1
}
[ "${DB_BACKEND}" = "mysql" ] && die "mysql role does not support this distribution"
exit 0

6
tests/ansible/vagrant/fedora-34/Vagrantfile vendored
View file

@ -1,8 +1,8 @@
common = '../Vagrantfile.common'
load common if File.exists?(common)
Vagrant.configure("2") do |config| Vagrant.configure("2") do |config|
# the official boxes seem to have issues with journalctl # the official boxes seem to have issues with journalctl
# config.vm.box = "fedora/34-cloud-base" # config.vm.box = "fedora/34-cloud-base"
config.vm.box = "generic/fedora34" config.vm.box = "generic/fedora34"
end end
common = '../Vagrantfile.common'
load common if File.exists?(common)

9
tests/ansible/vagrant/fedora-34/skip Executable file
View file

@ -0,0 +1,9 @@
#!/bin/sh
die() {
echo "$@" >&2
exit 1
}
[ "${DB_BACKEND}" = "mysql" ] && die "mysql role does not support this distribution"
exit 0

6
tests/ansible/vagrant/fedora-35/Vagrantfile vendored
View file

@ -1,8 +1,8 @@
common = '../Vagrantfile.common'
load common if File.exists?(common)
Vagrant.configure("2") do |config| Vagrant.configure("2") do |config|
# the official boxes seem to have issues with journalctl # the official boxes seem to have issues with journalctl
# config.vm.box = "fedora/35-cloud-base" # config.vm.box = "fedora/35-cloud-base"
config.vm.box = "generic/fedora35" config.vm.box = "generic/fedora35"
end end
common = '../Vagrantfile.common'
load common if File.exists?(common)

9
tests/ansible/vagrant/fedora-35/skip Executable file
View file

@ -0,0 +1,9 @@
#!/bin/sh
die() {
echo "$@" >&2
exit 1
}
[ "${DB_BACKEND}" = "mysql" ] && die "mysql role does not support this distribution"
exit 0

6
tests/ansible/vagrant/fedora-36/Vagrantfile vendored
View file

@ -1,8 +1,8 @@
common = '../Vagrantfile.common'
load common if File.exists?(common)
Vagrant.configure("2") do |config| Vagrant.configure("2") do |config|
# the official boxes seem to have issues with journalctl # the official boxes seem to have issues with journalctl
# config.vm.box = "fedora/36-cloud-base" # config.vm.box = "fedora/36-cloud-base"
config.vm.box = "generic/fedora36" config.vm.box = "generic/fedora36"
end end
common = '../Vagrantfile.common'
load common if File.exists?(common)

9
tests/ansible/vagrant/fedora-36/skip Executable file
View file

@ -0,0 +1,9 @@
#!/bin/sh
die() {
echo "$@" >&2
exit 1
}
[ "${DB_BACKEND}" = "mysql" ] && die "mysql role does not support this distribution"
exit 0

6
tests/ansible/vagrant/freebsd-12/Vagrantfile vendored
View file

@ -1,6 +1,6 @@
common = '../Vagrantfile.common'
load common if File.exists?(common)
Vagrant.configure("2") do |config| Vagrant.configure("2") do |config|
config.vm.box = "generic/freebsd12" config.vm.box = "generic/freebsd12"
end end
common = '../Vagrantfile.common'
load common if File.exists?(common)

10
tests/ansible/vagrant/freebsd-12/skip Executable file
View file

@ -0,0 +1,10 @@
#!/bin/sh
die() {
echo "$@" >&2
exit 1
}
[ "${PACKAGE_TESTING}" = "true" ] && die "no package available for this distribution"
[ "${DB_BACKEND}" = "mysql" ] && die "mysql role does not support freebsd"
exit 0

6
tests/ansible/vagrant/freebsd-13/Vagrantfile vendored
View file

@ -1,6 +1,6 @@
common = '../Vagrantfile.common'
load common if File.exists?(common)
Vagrant.configure("2") do |config| Vagrant.configure("2") do |config|
config.vm.box = "generic/freebsd13" config.vm.box = "generic/freebsd13"
end end
common = '../Vagrantfile.common'
load common if File.exists?(common)

10
tests/ansible/vagrant/freebsd-13/skip Executable file
View file

@ -0,0 +1,10 @@
#!/bin/sh
die() {
echo "$@" >&2
exit 1
}
[ "${PACKAGE_TESTING}" = "true" ] && die "no package available for this distribution"
[ "${DB_BACKEND}" = "mysql" ] && die "mysql role does not support freebsd"
exit 0

6
tests/ansible/vagrant/oracle-7/Vagrantfile vendored
View file

@ -1,6 +1,6 @@
common = '../Vagrantfile.common'
load common if File.exists?(common)
Vagrant.configure("2") do |config| Vagrant.configure("2") do |config|
config.vm.box = "generic/oracle7" config.vm.box = "generic/oracle7"
end end
common = '../Vagrantfile.common'
load common if File.exists?(common)

11
tests/ansible/vagrant/oracle-7/skip Executable file
View file

@ -0,0 +1,11 @@
#!/bin/sh
die() {
echo "$@" >&2
exit 1
}
# postgres is too old on this distribution
[ "${DB_BACKEND}" = "postgres" ] && die "skipping: postgres too old"
[ "${DB_BACKEND}" = "pgx" ] && die "skipping: postgres too old"
exit 0

6
tests/ansible/vagrant/oracle-8/Vagrantfile vendored
View file

@ -1,6 +1,6 @@
common = '../Vagrantfile.common'
load common if File.exists?(common)
Vagrant.configure("2") do |config| Vagrant.configure("2") do |config|
config.vm.box = "generic/oracle8" config.vm.box = "generic/oracle8"
end end
common = '../Vagrantfile.common'
load common if File.exists?(common)

6
tests/ansible/vagrant/oracle-9/Vagrantfile vendored Normal file
View file

@ -0,0 +1,6 @@
Vagrant.configure("2") do |config|
config.vm.box = "generic/oracle9"
end
common = '../Vagrantfile.common'
load common if File.exists?(common)

6
tests/ansible/vagrant/rocky-8/Vagrantfile vendored Normal file
View file

@ -0,0 +1,6 @@
Vagrant.configure("2") do |config|
config.vm.box = "generic/rocky8"
end
common = '../Vagrantfile.common'
load common if File.exists?(common)

6
tests/ansible/vagrant/rocky-9/Vagrantfile vendored
View file

@ -1,6 +1,6 @@
common = '../Vagrantfile.common'
load common if File.exists?(common)
Vagrant.configure("2") do |config| Vagrant.configure("2") do |config|
config.vm.box = "generic/rocky9" config.vm.box = "generic/rocky9"
end end
common = '../Vagrantfile.common'
load common if File.exists?(common)

6
tests/ansible/vagrant/ubuntu-16.04-xenial/Vagrantfile vendored
View file

@ -1,7 +1,7 @@
common = '../Vagrantfile.common'
load common if File.exists?(common)
Vagrant.configure("2") do |config| Vagrant.configure("2") do |config|
# the official boxes only supports virtualbox # the official boxes only supports virtualbox
config.vm.box = "generic/ubuntu1604" config.vm.box = "generic/ubuntu1604"
end end
common = '../Vagrantfile.common'
load common if File.exists?(common)

11
tests/ansible/vagrant/ubuntu-16.04-xenial/skip Executable file
View file

@ -0,0 +1,11 @@
#!/bin/sh
die() {
echo "$@" >&2
exit 1
}
# postgres is too old on this distribution
[ "${DB_BACKEND}" = "postgres" ] && die "skipping: postgres too old"
[ "${DB_BACKEND}" = "pgx" ] && die "skipping: postgres too old"
exit 0

6
tests/ansible/vagrant/ubuntu-18.04-bionic/Vagrantfile vendored
View file

@ -1,7 +1,7 @@
common = '../Vagrantfile.common'
load common if File.exists?(common)
Vagrant.configure("2") do |config| Vagrant.configure("2") do |config|
# the official boxes only supports virtualbox # the official boxes only supports virtualbox
config.vm.box = "generic/ubuntu1804" config.vm.box = "generic/ubuntu1804"
end end
common = '../Vagrantfile.common'
load common if File.exists?(common)

6
tests/ansible/vagrant/ubuntu-20.04-focal/Vagrantfile vendored
View file

@ -1,7 +1,7 @@
common = '../Vagrantfile.common'
load common if File.exists?(common)
Vagrant.configure("2") do |config| Vagrant.configure("2") do |config|
# the official boxes only supports virtualbox # the official boxes only supports virtualbox
config.vm.box = "generic/ubuntu2004" config.vm.box = "generic/ubuntu2004"
end end
common = '../Vagrantfile.common'
load common if File.exists?(common)

6
tests/ansible/vagrant/ubuntu-22.04-jammy/Vagrantfile vendored
View file

@ -1,7 +1,7 @@
common = '../Vagrantfile.common'
load common if File.exists?(common)
Vagrant.configure("2") do |config| Vagrant.configure("2") do |config|
# the official boxes only supports virtualbox # the official boxes only supports virtualbox
config.vm.box = "generic/ubuntu2204" config.vm.box = "generic/ubuntu2204"
end end
common = '../Vagrantfile.common'
load common if File.exists?(common)

10
tests/assert-crowdsec-not-running
View file

@ -4,14 +4,12 @@ is_crowdsec_running() {
PIDS=$(pgrep -x 'crowdsec|crowdsec.test|crowdsec.cover') PIDS=$(pgrep -x 'crowdsec|crowdsec.test|crowdsec.cover')
} }
is_crowdsec_running || exit 0
# The process can be slow, especially on CI and during test coverage. # The process can be slow, especially on CI and during test coverage.
# Give it some time, maybe it's quitting soon. # Give it some time, maybe it's quitting soon.
sleep 2 for _i in {1..10}; do
is_crowdsec_running || exit 0 is_crowdsec_running || exit 0
sleep 2 sleep .5
is_crowdsec_running || exit 0 done
PIDS=$(echo "${PIDS}" | tr '\n' ' ') PIDS=$(echo "${PIDS}" | tr '\n' ' ')
msg="CrowdSec is already running (PID ${PIDS}). Please terminate it and run the tests again." msg="CrowdSec is already running (PID ${PIDS}). Please terminate it and run the tests again."

7
tests/bats/01_base.bats
View file

@ -71,9 +71,10 @@ declare stderr
} }
@test "cscli alerts list: at startup returns at least one entry: community pull" { @test "cscli alerts list: at startup returns at least one entry: community pull" {
is_db_postgres && skip run cscli alerts list -a -o json
# it should have been received while preparing the fixture if [[ "${status}" -ne 0 ]]; then
run -0 cscli alerts list -a -o json run cscli alerts list -o json
fi
run -0 jq -r '. | length' <(output) run -0 jq -r '. | length' <(output)
refute_output 0 refute_output 0

3
tests/bats/05_config_yaml_local.bats
View file

@ -128,11 +128,12 @@ teardown() {
echo -e "---\nfilename: ${tmpfile}\nlabels:\n type: syslog\n" >>"${ACQUIS_YAML}" echo -e "---\nfilename: ${tmpfile}\nlabels:\n type: syslog\n" >>"${ACQUIS_YAML}"
./instance-crowdsec start ./instance-crowdsec start
sleep .5
fake_log >>"${tmpfile}" fake_log >>"${tmpfile}"
# this could be simplified, but some systems are slow and we don't want to # this could be simplified, but some systems are slow and we don't want to
# wait more than required # wait more than required
for ((idx = 0; idx < 20; idx++)); do for ((i=0;i<30;i++)); do
sleep .5 sleep .5
run -0 --separate-stderr cscli decisions list -o json run -0 --separate-stderr cscli decisions list -o json
run -0 jq --exit-status '.[].decisions[0] | [.value,.type] == ["1.1.1.172","captcha"]' <(output) && break run -0 jq --exit-status '.[].decisions[0] | [.value,.type] == ["1.1.1.172","captcha"]' <(output) && break

16
tests/check-requirements
View file

@ -32,7 +32,6 @@ check_python3() {
} }
check_jq() { check_jq() {
# shellcheck disable=SC2016
if ! command -v jq >/dev/null; then if ! command -v jq >/dev/null; then
die "Missing required program 'jq'" die "Missing required program 'jq'"
fi fi
@ -62,22 +61,9 @@ check_yq() {
} }
check_daemonizer() { check_daemonizer() {
SYSTEM=$(uname -s)
case "${SYSTEM,,}" in
linux)
if ! command -v daemonize >/dev/null; then if ! command -v daemonize >/dev/null; then
die "missing required program 'daemonize' (package 'daemonize')" die "missing required program 'daemonize' (package 'daemonize' or 'https://github.com/bmc/daemonize')"
fi fi
;;
freebsd)
if ! command -v daemon >/dev/null; then
die "missing required program 'daemon'"
fi
;;
*)
die "unsupported system: ${SYSTEM}"
;;
esac
} }
check_cfssl() { check_cfssl() {

8
tests/instance-mock-http
View file

@ -31,9 +31,11 @@ DAEMON_PID=${PID_DIR}/mock-http.pid
start_instance() { start_instance() {
[ $# -lt 1 ] && about [ $# -lt 1 ] && about
OUT_FILE="${LOG_DIR}/mock-http.out" \ daemonize \
DAEMON_PID="${DAEMON_PID}" \ -p "${DAEMON_PID}" \
"${TEST_DIR}/run-as-daemon" /usr/bin/env python3 -u "${THIS_DIR}/mock-http.py" "$1" -e "${LOG_DIR}/mock-http.err" \
-o "${LOG_DIR}/mock-http.out" \
/usr/bin/env python3 -u "${THIS_DIR}/mock-http.py" "$1"
./lib/util/wait-for-port "$1" ./lib/util/wait-for-port "$1"
# echo "mock http started on port $1" # echo "mock http started on port $1"
} }

36
tests/lib/config/config-global
View file

@ -39,14 +39,21 @@ export DATA_DIR
CONFIG_DIR="${LOCAL_DIR}/${REL_CONFIG_DIR}" CONFIG_DIR="${LOCAL_DIR}/${REL_CONFIG_DIR}"
export CONFIG_DIR export CONFIG_DIR
if [[ $(uname) == "OpenBSD" ]]; then
TAR=gtar
else
TAR=tar
fi
remove_init_data() { remove_init_data() {
./assert-crowdsec-not-running
rm -rf -- "${LOCAL_DIR:?}/${REL_CONFIG_DIR}"/* "${LOCAL_DIR:?}/${REL_DATA_DIR:?}"/* rm -rf -- "${LOCAL_DIR:?}/${REL_CONFIG_DIR}"/* "${LOCAL_DIR:?}/${REL_DATA_DIR:?}"/*
} }
#we need a separate function for initializing config when testing package # we need a separate function for initializing config when testing package
#because we want to test the configuration as well # because we want to test the configuration as well
make_init_data() { make_init_data() {
"${TEST_DIR}/instance-crowdsec" stop ./assert-crowdsec-not-running
./instance-db config-yaml ./instance-db config-yaml
./instance-db setup ./instance-db setup
@ -57,15 +64,17 @@ make_init_data() {
[[ "${DB_BACKEND}" == "sqlite" ]] || ${CSCLI} machines add --auto [[ "${DB_BACKEND}" == "sqlite" ]] || ${CSCLI} machines add --auto
"${TEST_DIR}/instance-crowdsec" start "${TEST_DIR}/instance-crowdsec" start
[[ "${DB_BACKEND}" =~ ^postgres|pgx$ ]] && sleep 4
"${CSCLI}" lapi status
for ((i=0; i<10; i++)); do # a restart is required to receive community pull
sleep .5 "${TEST_DIR}/instance-crowdsec" stop
"${CSCLI}" decisions delete --all && break sleep 2
done "${TEST_DIR}/instance-crowdsec" start
for ((i=0; i<15; i++)); do for ((i=0; i<15; i++)); do
sleep 2 sleep 2
[[ $("${CSCLI}" alerts list -a -o json) != "null" ]] && break [[ $("${CSCLI}" alerts list -a -o json 2>/dev/null || "${CSCLI}" alerts list -o json) != "null" ]] && break
done done
# shellcheck disable=SC2181 # shellcheck disable=SC2181
[[ "$?" -ne "0" ]] && die "could not get community data" [[ "$?" -ne "0" ]] && die "could not get community data"
@ -81,14 +90,14 @@ make_init_data() {
# disable CAPI by default # disable CAPI by default
yq e 'del(.api.server.online_client)' -i "${CONFIG_DIR}/config.yaml" yq e 'del(.api.server.online_client)' -i "${CONFIG_DIR}/config.yaml"
tar -C "${LOCAL_DIR}" --create \ "${TAR}" -C "${LOCAL_DIR}" --create \
--exclude "${REL_DATA_DIR}"/crowdsec.db \ --exclude "${REL_DATA_DIR}"/crowdsec.db \
--file "${LOCAL_INIT_DIR}/init-config-data.tar" "${REL_CONFIG_DIR}" "${REL_DATA_DIR}" --file "${LOCAL_INIT_DIR}/init-config-data.tar" "${REL_CONFIG_DIR}" "${REL_DATA_DIR}"
./instance-db setup
} }
load_init_data() { load_init_data() {
./assert-crowdsec-not-running
if [[ ! -f "${LOCAL_INIT_DIR}/init-config-data.tar" ]]; then if [[ ! -f "${LOCAL_INIT_DIR}/init-config-data.tar" ]]; then
die "Initial data not found; did you run '${script_name} make' ?" die "Initial data not found; did you run '${script_name} make' ?"
fi fi
@ -100,7 +109,7 @@ load_init_data() {
remove_init_data remove_init_data
tar -C "${LOCAL_DIR}" --extract --file "${LOCAL_INIT_DIR}/init-config-data.tar" "${TAR}" -C "${LOCAL_DIR}" --extract --file "${LOCAL_INIT_DIR}/init-config-data.tar"
./instance-db restore "${LOCAL_INIT_DIR}/database" ./instance-db restore "${LOCAL_INIT_DIR}/database"
} }
@ -112,14 +121,13 @@ load_init_data() {
case "$1" in case "$1" in
make) make)
"${TEST_DIR}/instance-crowdsec" stop
make_init_data make_init_data
;; ;;
load) load)
./assert-crowdsec-not-running
load_init_data load_init_data
;; ;;
clean) clean)
./assert-crowdsec-not-running
remove_init_data remove_init_data
;; ;;
*) *)

31
tests/lib/config/config-local
View file

@ -39,7 +39,14 @@ export DATA_DIR
CONFIG_DIR="${LOCAL_DIR}/${REL_CONFIG_DIR}" CONFIG_DIR="${LOCAL_DIR}/${REL_CONFIG_DIR}"
export CONFIG_DIR export CONFIG_DIR
if [[ $(uname) == "OpenBSD" ]]; then
TAR=gtar
else
TAR=tar
fi
remove_init_data() { remove_init_data() {
./assert-crowdsec-not-running
rm -rf -- "${LOCAL_DIR:?}/${REL_CONFIG_DIR}"/* "${LOCAL_DIR:?}/${REL_DATA_DIR:?}"/* rm -rf -- "${LOCAL_DIR:?}/${REL_CONFIG_DIR}"/* "${LOCAL_DIR:?}/${REL_DATA_DIR:?}"/*
} }
@ -83,13 +90,14 @@ config_generate() {
make_init_data() { make_init_data() {
remove_init_data ./assert-crowdsec-not-running
remove_init_data
mkdir -p "${DATA_DIR}" mkdir -p "${DATA_DIR}"
mkdir -p "${CONFIG_DIR}/notifications" mkdir -p "${CONFIG_DIR}/notifications"
mkdir -p "${CONFIG_DIR}/hub" mkdir -p "${CONFIG_DIR}/hub"
mkdir -p "${CONFIG_DIR}/patterns" mkdir -p "${CONFIG_DIR}/patterns"
cp -ax "../config/patterns" "${CONFIG_DIR}/" cp -a "../config/patterns" "${CONFIG_DIR}/"
config_generate config_generate
# XXX errors from instance-db should be reported... # XXX errors from instance-db should be reported...
./instance-db config-yaml ./instance-db config-yaml
@ -109,24 +117,25 @@ make_init_data() {
sleep 2 sleep 2
"${TEST_DIR}/instance-crowdsec" start "${TEST_DIR}/instance-crowdsec" start
loop_max=15 for ((i=0; i<15; i++)); do
for ((i = 0; i <= loop_max; i++)); do
sleep 2 sleep 2
[[ $("${CSCLI}" alerts list -o json) != "null" ]] && break [[ $("${CSCLI}" alerts list -a -o json 2>/dev/null || "${CSCLI}" alerts list -o json) != "null" ]] && break
done done
[[ $("${CSCLI}" alerts list -a -o json) != "null" ]] || die "could not get community data" # shellcheck disable=SC2181
[[ "$?" -ne "0" ]] && die "could not get community data"
"${TEST_DIR}/instance-crowdsec" stop "${TEST_DIR}/instance-crowdsec" stop
mkdir -p "${LOCAL_INIT_DIR}" mkdir -p "${LOCAL_INIT_DIR}"
./instance-db dump "${LOCAL_INIT_DIR}/database" ./instance-db dump "${LOCAL_INIT_DIR}/database"
echo "${DB_BACKEND}" > "${LOCAL_INIT_DIR}/.backend" echo "${DB_BACKEND}" > "${LOCAL_INIT_DIR}/.backend"
# disable CAPI by default # disable CAPI by default
yq e 'del(.api.server.online_client)' -i "${CONFIG_DIR}/config.yaml" yq e 'del(.api.server.online_client)' -i "${CONFIG_DIR}/config.yaml"
tar -C "${LOCAL_DIR}" --create \ "${TAR}" -C "${LOCAL_DIR}" --create \
--exclude "${REL_DATA_DIR}"/crowdsec.db \ --exclude "${REL_DATA_DIR}"/crowdsec.db \
--file "${LOCAL_INIT_DIR}/init-config-data.tar" "${REL_CONFIG_DIR}" "${REL_DATA_DIR}" --file "${LOCAL_INIT_DIR}/init-config-data.tar" "${REL_CONFIG_DIR}" "${REL_DATA_DIR}"
@ -134,6 +143,8 @@ make_init_data() {
} }
load_init_data() { load_init_data() {
./assert-crowdsec-not-running
if [[ ! -f "${LOCAL_INIT_DIR}/init-config-data.tar" ]]; then if [[ ! -f "${LOCAL_INIT_DIR}/init-config-data.tar" ]]; then
die "Initial data not found; did you run '${script_name} make' ?" die "Initial data not found; did you run '${script_name} make' ?"
fi fi
@ -145,7 +156,8 @@ load_init_data() {
remove_init_data remove_init_data
tar -C "${LOCAL_DIR}" --extract --file "${LOCAL_INIT_DIR}/init-config-data.tar" "${TAR}" -C "${LOCAL_DIR}" --extract --file "${LOCAL_INIT_DIR}/init-config-data.tar"
./instance-db restore "${LOCAL_INIT_DIR}/database" ./instance-db restore "${LOCAL_INIT_DIR}/database"
} }
@ -156,15 +168,12 @@ load_init_data() {
case "$1" in case "$1" in
make) make)
./assert-crowdsec-not-running
make_init_data make_init_data
;; ;;
load) load)
./assert-crowdsec-not-running
load_init_data load_init_data
;; ;;
clean) clean)
./assert-crowdsec-not-running
remove_init_data remove_init_data
;; ;;
*) *)

8
tests/lib/init/crowdsec-daemon
View file

@ -31,9 +31,11 @@ fi
DAEMON_PID=${PID_DIR}/crowdsec.pid DAEMON_PID=${PID_DIR}/crowdsec.pid
start() { start() {
OUT_FILE="${LOG_DIR}/crowdsec.out" \ daemonize \
DAEMON_PID="${DAEMON_PID}" \ -p "${DAEMON_PID}" \
"${TEST_DIR}/run-as-daemon" "${CROWDSEC}" -e "${LOG_DIR}/crowdsec.err" \
-o "${LOG_DIR}/crowdsec.out" \
"${CROWDSEC}"
./lib/util/wait-for-port 6060 ./lib/util/wait-for-port 6060
} }

27
tests/run-as-daemon
View file

@ -1,27 +0,0 @@
#!/usr/bin/env bash
SYSTEM=$(uname -s)
die() {
echo >&2 "$@"
exit 1
}
[[ -n "${DAEMON_PID}" ]] || die "\$DAEMON_PID is required and must be the path of the pid file"
[[ -n "${OUT_FILE}" ]] || die "\$OUT_FILE is required and must be the path of the resulting stdout"
# Simplified dudeist daemonizer. Don't care about lock files, separate
# stdout/stderr and fancy stuff. #YOLO
case "${SYSTEM,,}" in
linux)
daemonize -p "${DAEMON_PID}" -e "${OUT_FILE}" -o "${OUT_FILE}" "$@"
;;
freebsd)
daemon -p "${DAEMON_PID}" -o "${OUT_FILE}" "$@"
;;
*)
die "unsupported system: ${SYSTEM}"
;;
esac