torrust-tracker-deployer/.github/workflows/test-lxd-provision.yml at b4b96883f4b9cc19e48def7d45439b93db6316e3 · torrust/torrust-tracker-deployer · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
# LXD Container Provisioning Test Workflow
#
# This workflow tests that LXD container provisioning works correctly in GitHub Actions runners.
# It's a continuous integration test to ensure our OpenTofu LXD provider configuration is valid
# and can successfully create containers in shared CI environments.
#
# PURPOSE:
# - Validates OpenTofu configuration syntax and LXD provider integration
# - Tests container creation, initialization, and basic functionality
# - Ensures cloud-init scripts work properly in containerized environments
# - Provides confidence that LXD provisioning works in CI/CD pipelines
#
# SCOPE:
# - Uses static configuration fixtures (no dynamic templating) to avoid application coupling
# - Tests infrastructure provisioning only (no application deployment)
# - Focuses on LXD container lifecycle management and basic system validation
#
# This is NOT a full end-to-end test but a focused infrastructure validation workflow.

name: Test LXD Container Provisioning

# NOTE: This workflow uses CI-specific approaches like 'sudo chmod 666' on the LXD socket
# and 'sudo' with LXD commands. These approaches are NOT recommended for local development.
# For local use, follow the proper group membership approach documented in templates/tofu/lxd/README.md
#
# NETWORK TUNING: We use smorimoto/tune-github-hosted-runner-network to fix flaky networking
# issues that may affect container provisioning in GitHub Actions.
# See: https://github.com/actions/runner-images/issues/1187

on:
  push:
  pull_request:
  workflow_dispatch: # Allow manual triggering

jobs:
  test-lxd-provision:
    runs-on: ubuntu-latest
    timeout-minutes: 20 # Set reasonable timeout for LXD provisioning

    steps:
      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Tune GitHub-hosted runner network
        uses: smorimoto/tune-github-hosted-runner-network@v1

      - name: Install and configure LXD
        run: ./scripts/setup/install-lxd-ci.sh

      - name: Install OpenTofu
        run: ./scripts/setup/install-opentofu.sh

      - name: Setup Rust toolchain and build template system
        uses: dtolnay/rust-toolchain@stable
        with:
          toolchain: stable

      - name: Cache Rust dependencies
        uses: Swatinem/rust-cache@v2

      - name: Render template configurations
        run: |
          # Build the template system and render the static templates
          cargo build --release

          # Create a temporary directory for this standalone infrastructure test
          # This test is independent of the deployment app logic and should not
          # use the same build directory structure
          TEMP_DIR="/tmp/lxd-provision-test"
          echo "Using temporary directory: $TEMP_DIR"

          # Set up LXD test configuration in temp directory
          mkdir -p "$TEMP_DIR/lxd"
          cp -r templates/tofu/lxd/* "$TEMP_DIR/lxd/"

          # Override the dynamic cloud-init template with static fixture
          cp fixtures/tofu/lxd/cloud-init.yml "$TEMP_DIR/lxd/cloud-init.yml"

          # Create static variables for this infrastructure test
          cat > "$TEMP_DIR/lxd/variables.tfvars" << EOF
          instance_name = "torrust-tracker-vm-test"
          profile_name = "torrust-profile-test"
          image = "ubuntu:24.04"
          EOF

      - name: Verify installations
        run: |
          sudo lxc version
          tofu version

      - name: Test LXD socket permissions
        run: |
          # Test that LXD commands work without sudo due to socket permissions
          lxc version
          lxc list

      - name: Initialize OpenTofu
        working-directory: /tmp/lxd-provision-test/lxd
        run: tofu init

      - name: Validate OpenTofu configuration
        working-directory: /tmp/lxd-provision-test/lxd
        run: tofu validate

      - name: Plan deployment
        working-directory: /tmp/lxd-provision-test/lxd
        run: tofu plan

      - name: Apply configuration
        working-directory: /tmp/lxd-provision-test/lxd
        run: |
          # Use tofu without sudo since socket permissions are set up
          # NOTE: For local development, use "sg lxd -c 'tofu apply'" instead
          tofu apply -auto-approve

      - name: Wait for container to be ready
        run: |
          echo "Waiting for container to be fully initialized..."
          sleep 30

          # Wait up to 5 minutes for cloud-init to complete
          timeout=300
          elapsed=0
          while [ $elapsed -lt $timeout ]; do
            if lxc exec torrust-tracker-vm -- test -f /tmp/provision_complete 2>/dev/null; then
              echo "Container provisioning completed successfully!"
              break
            fi
            echo "Waiting for container provisioning to complete... ($elapsed/$timeout seconds)"
            sleep 10
            elapsed=$((elapsed + 10))
          done

          if [ $elapsed -ge $timeout ]; then
            echo "Timeout waiting for container provisioning to complete"
            exit 1
          fi

      - name: Test container functionality
        run: |
          # Test basic connectivity
          lxc list
          lxc info torrust-tracker-vm

          # Test command execution
          lxc exec torrust-tracker-vm -- whoami

          # Test system information with error handling
          echo "Getting system information..."
          lxc exec torrust-tracker-vm -- cat /etc/os-release || echo "os-release failed"
          sleep 1

          lxc exec torrust-tracker-vm -- df -h || echo "df failed"
          sleep 1

          lxc exec torrust-tracker-vm -- free -h || echo "free failed"
          sleep 1

          # Test cloud-init functionality
          echo "Testing cloud-init..."
          lxc exec torrust-tracker-vm -- cloud-init status || echo "cloud-init status failed"
          sleep 1

          # Test user creation
          echo "Testing user creation..."
          lxc exec torrust-tracker-vm -- id torrust || echo "torrust user not found"
          sleep 1

          # Test systemd services
          echo "Testing systemd..."
          lxc exec torrust-tracker-vm -- systemctl status ssh || echo "ssh service check failed"

      - name: Get container outputs
        working-directory: /tmp/lxd-provision-test/lxd
        run: tofu output

      - name: Cleanup
        if: always()
        working-directory: /tmp/lxd-provision-test/lxd
        run: |
          echo "Cleaning up container..."
          # Use tofu without sudo since socket permissions are set up
          # NOTE: For local development, use "sg lxd -c 'tofu destroy'" instead
          tofu destroy -auto-approve || true
          lxc delete torrust-tracker-vm --force || true

      - name: Final verification
        if: always()
        run: |
          echo "Verifying cleanup..."
          lxc list