crowdsec/test/ansible
mmetc 1b4ec66148
fix package tests for 1.5.6-rc2 (#2652)
* fix go deps for test
* fix package tests for 1.5.6-rc2
* fix context func tests
* docker: pin build image version for alpine

---------

Co-authored-by: sabban <github@sabban.eu>
2023-12-11 10:07:09 +01:00
..
env Rename directory "tests" to "test" (#2094) 2023-03-03 15:54:49 +01:00
roles update functional tests for build pipeline (#2442) 2023-08-25 16:15:28 +02:00
vagrant cscli setup: accept stdin; fix proftpd detection test and service unmask (#2496) 2023-09-29 12:58:35 +02:00
vars fix package tests for 1.5.6-rc2 (#2652) 2023-12-11 10:07:09 +01:00
.gitignore Rename directory "tests" to "test" (#2094) 2023-03-03 15:54:49 +01:00
ansible.cfg Rename directory "tests" to "test" (#2094) 2023-03-03 15:54:49 +01:00
debug_tools.yml cscli setup: accept stdin; fix proftpd detection test and service unmask (#2496) 2023-09-29 12:58:35 +02:00
install_binary_package.yml Rename directory "tests" to "test" (#2094) 2023-03-03 15:54:49 +01:00
prepare-run Rename directory "tests" to "test" (#2094) 2023-03-03 15:54:49 +01:00
prepare_tests.yml Rename directory "tests" to "test" (#2094) 2023-03-03 15:54:49 +01:00
provision_dependencies.yml tests: vagrant refactoring (#2328) 2023-07-04 12:26:32 +02:00
provision_test_suite.yml Rename directory "tests" to "test" (#2094) 2023-03-03 15:54:49 +01:00
README.md fix: typo (#2582) 2023-11-08 09:26:34 +01:00
requirements.yml fix package tests for 1.5.6-rc2 (#2652) 2023-12-11 10:07:09 +01:00
run_all.yml Rename directory "tests" to "test" (#2094) 2023-03-03 15:54:49 +01:00
run_tests.yml Rename directory "tests" to "test" (#2094) 2023-03-03 15:54:49 +01:00
run_wizard_tests.yml Rename directory "tests" to "test" (#2094) 2023-03-03 15:54:49 +01:00

Ansible playbooks for functional testing

These playbooks allow you to test crowdsec in a real environment, where the application is running as root, deployed with the OS package manager, and uses the standard init system for the distribution (systemd or other).

This way, you can test not only the application's feature but also the packaging boilerplate, integration scripts, and compatibility with new distribution releases, operating systems, or architectures.

The ansible hosts should be expendable machines with at least 1GB RAM, do not expect them to be stable if you use them for anything else after the tests.

Install (or update) the requirements with ansible-galaxy install -r requirements.yml --force.

There are several Ansible playbooks. You can use run-all.yml to configure the installation and run the tests, or run the playbooks separately to iterate while developing.

  • run-all.yml: run the other playbooks in the correct order.

  • provision-dependencies.yml: install the bats requirements (bash, netcat, cfssl, etc.), compilers, and database.

  • provision-test-suite.yml: install the tests scripts and bats environment, and the crowdsec sources if we want to build the crowdsec under test.

  • install_binary_package.yml: install the crowdsec under test from a binary package (already released or not).

  • prepare-tests.yml: create the test fixture data.

  • run-tests.yml: run the functional tests. This is not idempotent and can be run multiple times.

The tasks use the following environment variables. They must be exported or ansible won't be able to see them.

  • TEST_SUITE_GIT (default "https://github.com/crowdsecurity/crowdsec"), TEST_SUITE_VERSION (default "master"): repo URL and branch/tag/commit of the crowdsec sources containing the test fixture and scripts.

  • TEST_SUITE_ZIP: optional, archive of a crowdsecurity/crowdsec repository containing the test fixture and scripts. Overrides TEST_SUITE_GIT and TEST_SUITE_VERSION. It can be created with zip -r crowdsec.zip . from the root directory of the repository.

  • DB_BACKEND: Required. Set to "sqlite", "pgx", "mysql", "postgres". Postgres is automatically provisioned when required. There is no provisioning code for mysql/mariadb yet, but it can be added.

  • PACKAGE_TESTING: when set to false or not defined, the crowdsec binaries to be tested are built from the sources that come from TEST_SUITE_GIT or TEST_SUITE_ZIP. Crowdsec is then run as non-root, in a local directory. This is basically a fancy wrapper to run make bats-test in a vm. When PACKAGE_TESTING is set to true, however, crowdsec is installed from a binary package (see variables below), it is run as root from systemd (or equivalent) and uses the system-wide /etc/crowdsec and /var/lib directories to store the test data.

  • TEST_PACKAGE_VERSION_DEB, TEST_PACKAGE_VERSION_RPM: Optional, the version of the package under test (ex. "1.4.0-rc5"), can be in the packagecloud "stable" or "testing" repository. Requires PACKAGE_TESTING=true. You must set both variables to reuse the same set of variables for Debian and RedHat-based distributions, because stable releases require a package version suffix in the RPM file names.

  • TEST_PACKAGE_FILE: optional, file pointing to the package under test (.deb, .rpm, .pkg...). It can be a glob expression but it must match a single file, and the pattern works only on the filename. If both TEST_PACKAGE_VERSION_* and TEST_PACKAGE_FILE are provided, both are be installed (to test upgrades for example). Requires PACKAGE_TESTING=true

  • TEST_PACKAGE_DIR: optional (but conflicts with TEST_PACKAGE_FILE), the path to a directory containing packages with the following layout:

    For DEB: {{ package_dir }}/{{ ansible_distribution_release }}/crowdsec_*_{{ ansible_architecture.replace('x86_64', 'amd64') }}.deb For RPM: {{ package_dir }}/{{ releasever }}/RPMS/{{ ansible_architecture }}/crowdsec-*.{{ releasever }}.{{ ansible_architecture }}.rpm

  • TEST_SKIP: optional, comma-separated list of scripts that won't be executed. Example: TEST_SKIP=02_nolapi.bats,03_noagent.bats

Running tests with Vagrant + Ansible

You don't need Vagrant to run the ansible tests, if you can manage your own vm creation and inventory.

However, to avoid relying on (and paying for..) a public cloud, we wrote vagrant configuration files for the most common distributions we support.

To test with Vagrant, you need to:

  • have a working libvirt environment (if you can use virt-manager to create VMs, you're golden)

  • install the vagrant-libvirt plugin (vagrant plugin install vagrant-libvirt. If it complains about gem versions, blame Ruby and see if you can remove some other conflicting plugin).

  • copy one of the ./env/*.sh scripts to environment.sh, edit to your needs, and execute it with "source environment.sh"

  • cd vagrant/<distro-of-your-choice>

  • vagrant up --no-provision; vagrant provision. The first command creates the VM, the second installs all the dependencies, test suite and package under test, then runs the tests. If you run a plain vagrant up, it does everything with a single command, but also destroys the VM in case of test failure so you are left with nothing to debug.

  • vagrant destroy when you want to remove the VM. If you want to free up the space taken by the base VM images, they are in /var/lib/libvirt/images/*VAGRANT*

The above steps are automated in the script ./prepare-run (requires bash

=4.4). It takes an environment file, and optionally a list of directories with vagrant configurations. With a single parameter, it loops over all the directories in alphabetical order, excluding those in the experimental directory. Watch out for running VMs if you break the loop by hand.

After this, you will find up to 30GB of base images in /var/lib/libvirt/images, which you need to remove by hand when you have finished testing or leave them around for the next time.

You can give more memory or CPU juice to the VMs by editing Vagrantfile.common.

Test Matrix

Tests fail with unsupported configurations or when the environment is not prepared correctly due to missing setup/teardown parts in Ansible or functional tests. False positives are also possible due to timing issues or flaky network connections.

If you have a result that deviates from the following matrix, that's probably a genuine bug or regression. The data was created with crowdsec v1.4.1.

source/sqlite pkg/sqlite source/postgres source/pgx source/mysql (0)
AmazonLinux 2 ✓ (1) ✓ (1) old-db old-db wip
CentOS 7 old-db old-db
CentOS 8
CentOS 9
Debian 9 (stretch) old-db old-db wip
Debian 10 (buster)
Debian 11 (bullseye)
Debian (testing/bookworm) wip
Fedora 33 wip wip wip
Fedora 34 wip
Fedora 35 wip
Fedora 36 wip
FreeBSD 12 wip wip wip wip
FreeBSD 13 wip wip wip wip
Oracle 7 old-db old-db
Oracle 8
Ubuntu 16.04 (xenial) old-db old-db
Ubuntu 18.04 (bionic)
Ubuntu 20.04 (focal)
Ubuntu 22.04 (jammy)

Note: all tests with local/<database> are expected to pass for pkg/<database> as well.

wip - missing ansible or bats parts, could be fixed in a future release

old-db - the database that ships with the distribution is not supported (Postgres < 10). Won't fix, feel free to install the DB from an unofficial repository.

0 - MySQL or MariaDB, depending on distribution defaults

1 - ansible may hang, passes all tests if run by hand