From 6db0dfc1f7e4614a33deb805506adf95fe48081c Mon Sep 17 00:00:00 2001 From: Pierre Mauduit Date: Thu, 2 Sep 2021 17:35:34 +0200 Subject: [PATCH 1/4] galaxy - fixing role version name tested by removing the roles & relaunching: `ansible-galaxy install -r requirements.yaml` --- requirements.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yaml b/requirements.yaml index d736664..1f3b3bb 100644 --- a/requirements.yaml +++ b/requirements.yaml @@ -1,3 +1,3 @@ # ansible roles from galaxy -- elastic.elasticsearch,7.13.4 +- elastic.elasticsearch,v7.13.4 - geerlingguy.kibana,4.0.1 From 370f7d8ce0b3e68fd93203c5dccbed194315b77a Mon Sep 17 00:00:00 2001 From: Pierre Mauduit Date: Thu, 2 Sep 2021 19:22:27 +0200 Subject: [PATCH 2/4] adding a serverspec testsuite --- .rspec | 2 + README.md | 12 +++++ Rakefile | 27 ++++++++++ spec/georchestra/georchestra_spec.rb | 81 ++++++++++++++++++++++++++++ spec/spec_helper.rb | 41 ++++++++++++++ 5 files changed, 163 insertions(+) create mode 100644 .rspec create mode 100644 Rakefile create mode 100644 spec/georchestra/georchestra_spec.rb create mode 100644 spec/spec_helper.rb diff --git a/.rspec b/.rspec new file mode 100644 index 0000000..16f9cdb --- /dev/null +++ b/.rspec @@ -0,0 +1,2 @@ +--color +--format documentation diff --git a/README.md b/README.md index 655a501..8f95c01 100644 --- a/README.md +++ b/README.md @@ -56,3 +56,15 @@ To browse your SDI, just drop a line in your ```/etc/hosts``` file, registering 192.168.0.19 georchestra.example.org ``` ... and open https://georchestra.example.org/geonetwork/ in your browser. + +# Serverspec + +a serverspec testsuite is provided to test the vagrant environments Once the box is up (see previous section), +you can test the setup with the following command: + +``` +$ rake spec +``` + +This will require the `ruby-serverspec` package to be installed on the host. + diff --git a/Rakefile b/Rakefile new file mode 100644 index 0000000..11ba867 --- /dev/null +++ b/Rakefile @@ -0,0 +1,27 @@ +require 'rake' +require 'rspec/core/rake_task' + +task :spec => 'spec:all' +task :default => :spec + +namespace :spec do + targets = [] + Dir.glob('./spec/*').each do |dir| + next unless File.directory?(dir) + target = File.basename(dir) + target = "_#{target}" if target == "default" + targets << target + end + + task :all => targets + task :default => :all + + targets.each do |target| + original_target = target == "_default" ? target[1..-1] : target + desc "Run serverspec tests to #{original_target}" + RSpec::Core::RakeTask.new(target.to_sym) do |t| + ENV['TARGET_HOST'] = original_target + t.pattern = "spec/#{original_target}/*_spec.rb" + end + end +end diff --git a/spec/georchestra/georchestra_spec.rb b/spec/georchestra/georchestra_spec.rb new file mode 100644 index 0000000..81959f4 --- /dev/null +++ b/spec/georchestra/georchestra_spec.rb @@ -0,0 +1,81 @@ +require 'spec_helper' + +describe package('apache2') do + it { should be_installed } +end + +# Frontend webserver (apache2) +describe port(80) do + it { should be_listening } +end + +describe port(443) do + it { should be_listening } +end + +# postgresql +describe port(5432) do + it { should be_listening } +end + +# OpenLDAP / slapd +describe port(389) do + it { should be_listening } +end + +# Elasticsearch +describe port(9200) do + it { should be_listening } +end + +# Kibana +describe port(5601) do + it { should be_listening } +end + +# tomcat-georchestra +describe port(8280) do + it { should be_listening } +end + +# tomcat-geoserver +describe port(8380) do + it { should be_listening } +end + +# tomcat-proxycas +describe port(8180) do + it { should be_listening } +end + +describe port(8443) do + it { should be_listening } +end + +# datafeeder +describe port(8480) do + it { should be_listening } +end + +# geOrchestra base debian packages should be present +[ 'georchestra-analytics', + 'georchestra-cas', + 'georchestra-console', + 'georchestra-datafeeder', + 'georchestra-datafeeder-ui', + 'georchestra-extractorapp', + 'georchestra-geoserver', + 'georchestra-geowebcache', + 'georchestra-header', + 'georchestra-mapfishapp', + 'georchestra-security-proxy', +].each do |pkg| + describe package(pkg) do + it { should be_installed } + end +end + +# geOrchestra datadir has been set up +describe file('/etc/georchestra') do + it { should be_directory } +end diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb new file mode 100644 index 0000000..3fe5059 --- /dev/null +++ b/spec/spec_helper.rb @@ -0,0 +1,41 @@ +require 'serverspec' +require 'net/ssh' +require 'tempfile' + +set :backend, :ssh + +if ENV['ASK_SUDO_PASSWORD'] + begin + require 'highline/import' + rescue LoadError + fail "highline is not available. Try installing it." + end + set :sudo_password, ask("Enter sudo password: ") { |q| q.echo = false } +else + set :sudo_password, ENV['SUDO_PASSWORD'] +end + +host = ENV['TARGET_HOST'] + +`vagrant up #{host}` + +config = Tempfile.new('', Dir.tmpdir) +config.write(`vagrant ssh-config #{host}`) +config.close + +options = Net::SSH::Config.for(host, [config.path]) + +options[:user] ||= Etc.getlogin + +set :host, options[:host_name] || host +set :ssh_options, options + +# Disable sudo +set :disable_sudo, true + + +# Set environment variables +# set :env, :LANG => 'C', :LC_MESSAGES => 'C' + +# Set PATH +# set :path, '/sbin:/usr/local/sbin:$PATH' From 2fb04277e0d522a5f3c3b021ff05a223a06ab5b2 Mon Sep 17 00:00:00 2001 From: Pierre Mauduit Date: Thu, 2 Sep 2021 19:24:46 +0200 Subject: [PATCH 3/4] debian bullseye support Tests: tested against a debian/buster64 & a debian/bullseye vagrant box. The playbook does not fail "per se", but the serverspec testsuite reveals that: * there is an issue with the SSL connector onto the tomcat-proxycas instance. * Vagrant boxes do not provide a default SMTP, and the Datafeeder backend refuses to launch if it cannot reach a SMTP server (on localhost:25 by default). --- Vagrantfile | 2 +- roles/postgresql/tasks/main.yml | 22 ++++++++++++++++++++-- roles/tomcat/tasks/common.yml | 5 +++++ 3 files changed, 26 insertions(+), 3 deletions(-) diff --git a/Vagrantfile b/Vagrantfile index 5930b11..36fa120 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -10,7 +10,7 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config| # please see the online documentation at vagrantup.com. # Every Vagrant virtual environment requires a box to build off of. - config.vm.box = "debian/buster64" + config.vm.box = "debian/bullseye64" # set CPU and RAM config.vm.provider "virtualbox" do |vb| diff --git a/roles/postgresql/tasks/main.yml b/roles/postgresql/tasks/main.yml index c610aad..3c8c985 100644 --- a/roles/postgresql/tasks/main.yml +++ b/roles/postgresql/tasks/main.yml @@ -8,18 +8,36 @@ name: sudo state: present -- name: installing dependencies +- name: installing dependencies (buster) apt: pkg: ['postgis', 'postgresql-11-postgis-2.5', 'postgresql-11-postgis-2.5-scripts', 'postgresql-contrib'] state: present update_cache: yes + when: ansible_distribution_release == "buster" # postgresql-11-postgis-2.5-scripts #for postgis.control # postgresql-contrib #for dblink extension -- name: install python-psycopg2 for ansible psql modules +- name: installing dependencies (bullseye) + apt: + pkg: ['postgis', 'postgresql-13-postgis-3', 'postgresql-13-postgis-3-scripts', 'postgresql-contrib'] + state: present + update_cache: yes + when: ansible_distribution_release == "bullseye" +# postgresql-11-postgis-2.5-scripts #for postgis.control +# postgresql-contrib #for dblink extension + + +- name: install python-psycopg2 for ansible psql modules (buster) apt: name: python-psycopg2 state: present + when: ansible_distribution_release == "buster" + +- name: install python-psycopg2 for ansible psql modules (bullseye) + apt: + name: python3-psycopg2 + state: present + when: ansible_distribution_release == "bullseye" - name: create georchestra user become: yes diff --git a/roles/tomcat/tasks/common.yml b/roles/tomcat/tasks/common.yml index 35dfa12..766efd1 100644 --- a/roles/tomcat/tasks/common.yml +++ b/roles/tomcat/tasks/common.yml @@ -1,3 +1,8 @@ +- name: ensure GPG is installed + apt: + name: gpg + state: present + - name: add adoptopenjdk repository key tags: java8 apt_key: From 1fdd53a04f1826f59e8d35efbc020f1945f27949 Mon Sep 17 00:00:00 2001 From: Pierre Mauduit Date: Thu, 16 Sep 2021 14:45:33 +0200 Subject: [PATCH 4/4] fixing buster / bullseye compatibility --- roles/georchestra/tasks/clean.yml | 9 ++++++++- roles/georchestra/tasks/nativelibs.yml | 21 +++++++++++++++++++-- roles/georchestra/tasks/wars.yml | 1 - roles/tomcat/tasks/common.yml | 23 ++++++++++++++++++++--- 4 files changed, 47 insertions(+), 7 deletions(-) diff --git a/roles/georchestra/tasks/clean.yml b/roles/georchestra/tasks/clean.yml index 06f8062..627d29c 100644 --- a/roles/georchestra/tasks/clean.yml +++ b/roles/georchestra/tasks/clean.yml @@ -18,7 +18,14 @@ - "{{ extractor_datadir }}" - "{{ georchestra.datadir.path }}" -- name: remove non-free and contrib for dependencies +- name: remove non-free and contrib for dependencies (buster) apt_repository: repo: "deb http://ftp.fr.debian.org/debian/ buster main non-free contrib" state: absent + when: ansible_distribution_release == "buster" + +- name: remove non-free and contrib for dependencies (bullseye) + apt_repository: + repo: "deb http://ftp.fr.debian.org/debian/ bullseye main non-free contrib" + state: absent + when: ansible_distribution_release == "bullseye" diff --git a/roles/georchestra/tasks/nativelibs.yml b/roles/georchestra/tasks/nativelibs.yml index 81732db..74a2d0f 100644 --- a/roles/georchestra/tasks/nativelibs.yml +++ b/roles/georchestra/tasks/nativelibs.yml @@ -1,11 +1,26 @@ -- name: enable non-free and contrib for dependencies +- name: enable non-free and contrib for dependencies (buster) apt_repository: repo: "deb http://deb.debian.org/debian buster main contrib" + when: ansible_distribution_release == "buster" -- name: install runtime dependencies +- name: enable non-free and contrib for dependencies (bullseye) + apt_repository: + repo: "deb http://deb.debian.org/debian bullseye main contrib" + when: ansible_distribution_release == "bullseye" + +- name: install runtime dependencies (buster) apt: pkg: [ ttf-mscorefonts-installer, gdal-bin, libgdal-java ] state: present + when: ansible_distribution_release == "buster" + +# libgdal-java does not exist anymore in bullseye +# See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947960 +- name: install runtime dependencies (bullseye) + apt: + pkg: [ ttf-mscorefonts-installer, gdal-bin ] + state: present + when: ansible_distribution_release == "bullseye" #- name: fetch libjpeg-turbo deb from sourceforge # get_url: dest=/tmp/ url=http://sourceforge.net/projects/libjpeg-turbo/files/1.4.0/libjpeg-turbo-official_1.4.0_amd64.deb @@ -29,12 +44,14 @@ src: /usr/share/java/gdal.jar dest: "{{ tomcat_basedir }}/georchestra/shared/gdal.jar" state: link + when: ansible_distribution_release == "buster" - name: hardlink gdal.jar to geoserver libdir file: src: /usr/share/java/gdal.jar dest: "{{ tomcat_basedir }}/geoserver/webapps/geoserver/WEB-INF/lib/gdal.jar" state: hard + when: ansible_distribution_release == "buster" #- name: remove conflicting imageio-ext-gdal-bindings jar # file: path={{ tomcat_basedir }}/geoserver/webapps/geoserver/WEB-INF/lib/imageio-ext-gdal-bindings-1.9.2.jar state=absent diff --git a/roles/georchestra/tasks/wars.yml b/roles/georchestra/tasks/wars.yml index 62b9f80..de43e94 100644 --- a/roles/georchestra/tasks/wars.yml +++ b/roles/georchestra/tasks/wars.yml @@ -17,7 +17,6 @@ - name: install debian packages apt: pkg: "{{ item.value.pkg }}" - default_release: buster update_cache: yes state: latest with_dict: "{{ georchestra_wars }}" diff --git a/roles/tomcat/tasks/common.yml b/roles/tomcat/tasks/common.yml index 766efd1..7c36818 100644 --- a/roles/tomcat/tasks/common.yml +++ b/roles/tomcat/tasks/common.yml @@ -8,18 +8,35 @@ apt_key: url: https://adoptopenjdk.jfrog.io/adoptopenjdk/api/gpg/key/public -- name: add adoptopenjdk debian repo +- name: add adoptopenjdk debian repo (buster) tags: java8 apt_repository: repo: "deb https://adoptopenjdk.jfrog.io/adoptopenjdk/deb/ buster main" + when: ansible_distribution_release == "buster" -- name: install java8 from adoptopenjdk +- name: add adoptopenjdk debian repo (bullseye) + tags: java8 + apt_repository: + repo: "deb https://adoptopenjdk.jfrog.io/adoptopenjdk/deb/ bullseye main" + when: ansible_distribution_release == "bullseye" + +- name: install java8 from adoptopenjdk (buster) tags: java8 apt: - pkg: adoptopenjdk-8-hotspot + pkg: [ adoptopenjdk-8-hotspot, adoptopenjdk-11-hotspot ] default_release: buster update_cache: yes state: latest + when: ansible_distribution_release == "buster" + +- name: install java8 from adoptopenjdk (bullseye) + tags: java8 + apt: + pkg: [ adoptopenjdk-8-hotspot, adoptopenjdk-11-hotspot ] + default_release: bullseye + update_cache: yes + state: latest + when: ansible_distribution_release == "bullseye" - name: default to adoptopenjdk tags: java8