Skip to content

Determine IPv4 subnet at runtime #256

Determine IPv4 subnet at runtime

Determine IPv4 subnet at runtime #256

Workflow file for this run

---
name: CI
on: # yamllint disable-line rule:truthy
push:
branches:
- master
pull_request:
branches:
- master
jobs:
check-syntax:
runs-on: ubuntu-latest
name: check-syntax
steps:
- uses: actions/checkout@v4
- name: Run ansible-lint
uses: ansible/ansible-lint@main
build-rhel-like:
runs-on: ubuntu-latest
name: rhel-like-${{ matrix.version }}
needs:
- check-syntax
strategy:
fail-fast: false
matrix:
version:
- "centos:stream9"
- "fedora:38"
- "fedora:39"
- "almalinux:9"
- "rockylinux:9"
container:
image: diodonfrost/ansible-${{ matrix.version }}
env:
container: docker
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup
- ${{ github.workspace }}:/etc/ansible/roles/ansible-role-openvpn
options: "--cap-add NET_ADMIN --cap-add SYS_ADMIN --device /dev/net/tun"
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Install required dependencies from Ansible Galaxy
run: ansible-galaxy install -r /etc/ansible/roles/ansible-role-openvpn/requirements.yml
- name: Make sure ansible connection is sane
run: ansible -m setup -c local -i 127.0.0.1, all
- name: Run ansible playbook
run: ansible-playbook /etc/ansible/roles/ansible-role-openvpn/tests/test.yml -vv
- name: Check idempotency
run: ansible-playbook /etc/ansible/roles/ansible-role-openvpn/tests/test.yml -vv
- name: Container state debug output
continue-on-error: true
run: |
ls -lR /etc/openvpn
echo "cat openvpn_udp_1194.conf"
find /etc/openvpn/ -maxdepth 3 -name openvpn_udp_1194.conf -type f -exec cat {} \;
echo "cat alpha-*.ovpn"
find /etc/openvpn/ -maxdepth 3 -name "alpha-*.ovpn" -type f -exec cat {} \;
build-rhel-legacy:
runs-on: ubuntu-latest
name: rhel-legacy-${{ matrix.version }}
needs:
- check-syntax
strategy:
fail-fast: false
matrix:
version:
- "almalinux:8"
- "rockylinux:8"
container:
image: diodonfrost/ansible-${{ matrix.version }}
env:
container: docker
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup
- ${{ github.workspace }}:/etc/ansible/roles/ansible-role-openvpn
options: "--cap-add NET_ADMIN --cap-add SYS_ADMIN --device /dev/net/tun"
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Update ansible
run: dnf install -y python39 && pip3.9 install -U ansible
- name: Install required dependencies from Ansible Galaxy
run: ansible-galaxy install -r /etc/ansible/roles/ansible-role-openvpn/requirements.yml
- name: Make sure ansible connection is sane
run: ansible -m setup -c local -i 127.0.0.1, all
- name: Run ansible playbook
run: >
ansible-playbook /etc/ansible/roles/ansible-role-openvpn/tests/test.yml -vv
-e '{"openvpn_use_tls_crypt": false}'
- name: Check idempotency
run: >
ansible-playbook /etc/ansible/roles/ansible-role-openvpn/tests/test.yml -vv
-e '{"openvpn_use_tls_crypt": false}'
- name: Container state debug output
continue-on-error: true
run: |
ls -lR /etc/openvpn
echo "cat openvpn_udp_1194.conf"
find /etc/openvpn/ -maxdepth 3 -name openvpn_udp_1194.conf -type f -exec cat {} \;
echo "cat alpha-*.ovpn"
find /etc/openvpn/ -maxdepth 3 -name "alpha-*.ovpn" -type f -exec cat {} \;
# diodonfrost's images are broken for fedora 40 (thinks it's rawhide) and fedora 41 doesn't exist, so I built my own
build-broken-fedora:
runs-on: ubuntu-latest
name: fedora-${{ matrix.version }}
needs:
- check-syntax
strategy:
fail-fast: false
matrix:
version:
# ubi9-init is https://catalog.redhat.com/software/containers/ubi9-init/6183297540a2d8e95c82e8bd
# plus ansible
- "ubi9-init"
container:
image: ghcr.io/kyl191/ansible-${{ matrix.version }}
env:
container: docker
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup
- ${{ github.workspace }}:/etc/ansible/roles/ansible-role-openvpn
options: "--cap-add NET_ADMIN --cap-add SYS_ADMIN --device /dev/net/tun"
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Install required dependencies from Ansible Galaxy
run: ansible-galaxy install -r /etc/ansible/roles/ansible-role-openvpn/requirements.yml
- name: Make sure ansible connection is sane
run: ansible -m setup -c local -i 127.0.0.1, all
- name: Run ansible playbook
run: ansible-playbook /etc/ansible/roles/ansible-role-openvpn/tests/test.yml -vv
- name: Check idempotency
run: ansible-playbook /etc/ansible/roles/ansible-role-openvpn/tests/test.yml -vv
- name: Container state debug output
continue-on-error: true
run: |
ls -lR /etc/openvpn
echo "cat openvpn_udp_1194.conf"
find /etc/openvpn/ -maxdepth 3 -name openvpn_udp_1194.conf -type f -exec cat {} \;
echo "cat alpha-*.ovpn"
find /etc/openvpn/ -maxdepth 3 -name "alpha-*.ovpn" -type f -exec cat {} \;
build-debian-like:
runs-on: ubuntu-latest
name: debian-like-${{ matrix.version }}
needs:
- check-syntax
strategy:
fail-fast: false
matrix:
version:
- "ubuntu:22.04"
- "debian:12"
- "debian:testing"
container:
image: diodonfrost/ansible-${{ matrix.version }}
env:
container: docker
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup
- ${{ github.workspace }}:/etc/ansible/roles/ansible-role-openvpn
options: "--cap-add NET_ADMIN --cap-add SYS_ADMIN --device /dev/net/tun"
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Upgrade ansible
run: apt update && apt-get install --only-upgrade ansible -y
- name: Install required dependencies from Ansible Galaxy
run: ansible-galaxy install -r /etc/ansible/roles/ansible-role-openvpn/requirements.yml
- name: Make sure ansible connection is sane
run: ansible -m setup -c local -i 127.0.0.1, all
- name: Run ansible playbook
run: ansible-playbook /etc/ansible/roles/ansible-role-openvpn/tests/test.yml -vv
- name: Check idempotency
run: ansible-playbook /etc/ansible/roles/ansible-role-openvpn/tests/test.yml -vv
- name: Container state debug output
continue-on-error: true
run: |
ls -lR /etc/openvpn
echo "cat openvpn_udp_1194.conf"
find /etc/openvpn/ -maxdepth 3 -name openvpn_udp_1194.conf -type f -exec cat {} \;
echo "cat alpha-*.ovpn"
find /etc/openvpn/ -maxdepth 3 -name "alpha-*.ovpn" -type f -exec cat {} \;
build-systemd:
runs-on: ubuntu-latest
name: systemd-${{ matrix.version }}
needs:
- check-syntax
strategy:
fail-fast: false
matrix:
version:
- "40"
- "41"
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Login to GHCR
run: echo "${{ secrets.GITHUB_TOKEN }}" | sudo podman login ghcr.io -u ${{ github.actor }} --password-stdin
- name: Create container
run: sudo podman create --name ${{ matrix.version }} --privileged --device /dev/net/tun --cgroupns=host --network=host --systemd=always --volume=${GITHUB_WORKSPACE}:/etc/ansible/roles/ansible-role-openvpn
--user=root ghcr.io/kyl191/ansible-fedora:${{ matrix.version }}
- name: Start container
run: sudo podman start ${{ matrix.version }}
# https://www.jeffgeerling.com/blog/2020/resolving-fedora-dnf-error-no-such-file-or-directory-varlibdnfrpmdblockpid
- name: Wait for container to start
run: while [ "$(sudo podman exec ${{ matrix.version }} systemctl is-system-running)" != "running" ]; do sleep 5; done
- name: Install firewalld
run: sudo podman exec ${{ matrix.version }} dnf -y install firewalld python3-firewall procps-ng
- name: Install required dependencies from Ansible Galaxy
run: sudo podman exec ${{ matrix.version }} ansible-galaxy install -r /etc/ansible/roles/ansible-role-openvpn/requirements.yml
- name: Make sure ansible connection is sane
run: sudo podman exec ${{ matrix.version }} ansible -m setup -c local -i 127.0.0.1, all
- name: Run ansible playbook
run: sudo podman exec ${{ matrix.version }} ansible-playbook /etc/ansible/roles/ansible-role-openvpn/tests/test.yml -vv -e openvpn_ci_build=False
- name: Check idempotency
run: sudo podman exec ${{ matrix.version }} ansible-playbook /etc/ansible/roles/ansible-role-openvpn/tests/test.yml -vv -e openvpn_ci_build=False
- name: Move generated client config file
run: sudo podman exec ${{ matrix.version }} cp /etc/openvpn/server/alpha-localhost.ovpn /etc/openvpn/client/alpha-localhost.conf
- name: Attempt openvpn connection
run: sudo podman exec ${{ matrix.version }} systemctl start [email protected]
- name: Wait for a bit
run: sleep 5
- name: Stop openvpn connection
run: sudo podman exec ${{ matrix.version }} systemctl stop [email protected]
- name: Container state debug output
continue-on-error: true
run: |
sudo podman exec ${{ matrix.version }} ls -lR /etc/openvpn
echo "cat openvpn_udp_1194.conf"
sudo podman exec ${{ matrix.version }} find /etc/openvpn/ -maxdepth 3 -name openvpn_udp_1194.conf -type f -exec cat {} \;
echo "cat alpha-*.ovpn"
sudo podman exec ${{ matrix.version }} find /etc/openvpn/ -maxdepth 3 -name "alpha-*.ovpn" -type f -exec cat {} \;
echo cat /var/log/openvpn.log
sudo podman exec ${{ matrix.version }} cat /var/log/openvpn.log
echo journalctl -u [email protected]
sudo podman exec ${{ matrix.version }} journalctl -u [email protected]