Skip to content
PR Testing the configure task

Configure openvox #2

Sign in to view logs

Configure openvox

Configure openvox #2

Workflow file for this run

.github/workflows/pr_testing_configure.yaml at 8e35e64
---
name: 'PR Testing the configure task'
on:
push:
branches:
- main
pull_request:
branches:
- main
jobs:
test-configure-task:
strategy:
matrix:
os:
- [almalinux, '9']
- [ubuntu, '24.04']
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4
- id: install-bolt
uses: ./.github/actions/bolt
with:
os-codename: jammy
- id: vm-cluster
uses: jpartlow/nested_vms@v1
with:
os: ${{ matrix.os[0] }}
os-version: ${{ matrix.os[1] }}
os-arch: ${{ matrix.os[2] || 'x86_64' }}
host-root-access: true
ruby-version: '3.3'
install-openvox: false
vms: |-
[
{
"role": "primary",
"cpus": 4,
"mem_mb": 8192,
"cpu_mode": "host-model"
},
{
"role": "agent",
"cpus": 2,
"mem_mb": 4096,
"cpu_mode": "host-model"
}
]
- name: Capture dereferenced inventory for use with openvox_bootstrap
working-directory: kvm_automation_tooling
run: |-
bolt inventory --inventory terraform/instances/inventory.test.yaml show --format json --detail | \
jq '.inventory | with_entries(select(.key == "targets")) | del(.targets[0].groups)' | \
yq -P > ../inventory.yaml
- name: Install openvox
run: |-
bolt task run openvox_bootstrap::install --inventory inventory.yaml --targets test-primary-1,test-agent-1
- name: Install openvox-server
run: |-
bolt task run openvox_bootstrap::install --inventory inventory.yaml --targets test-primary-1 package=openvox-server
- name: Configure openvox-server
env:
PUPPET_CONF: |-
SIGN_SH: |-
run: |-
cat > /etc/puppetlabs/puppet/puppet.conf <<EOF
[main]
server = test-primary-1.vm
[server]
autosign = /etc/puppetlabs/puppet/sign.sh
EOF
chown puppet:puppet /etc/puppetlabs/puppet/puppet.conf
cat > /etc/puppetlabs/puppet/sign.sh <<'EOF'
#!/bin/bash
csr_pem=$(cat)
csr_text=$(openssl req -text <<<"$csr_pem")
password=$(awk -F: -e '/challengePassword/ { print $2 }' <<<"$csr_text")
[[ "${password}" == 'password' ]]
EOF
cat /etc/puppetlabs/puppet/sign.sh
chmod 750 /etc/puppetlabs/puppet/sign.sh
chown puppet:puppet /etc/puppetlabs/puppet/sign.sh
/opt/puppetlabs/server/bin/puppetserver ca setup
systemctl start puppetserver
- name: Write configure params
run: |-
cat > agent-params.yaml <<EOF
{
"puppet_conf": {
"main": {
"server": "test-primary-1.vm"
}
},
"csr_attributes": {
"custom_attributes": {
"1.2.840.113549.1.9.7": "password"
},
"extension_requests": {
"pp_role": "tomato"
}
},
"puppet_service_running": true,
"puppet_service_enabled": false
}
EOF
jq 'del(.puppet_conf)' agent-params.yaml > server-params.yaml
- name: Disable agents to prevent background service runs
run: |-
bolt command run '/opt/puppetlabs/bin/puppet agent --disable "OpenVox PR testing"' --inventory inventory.yaml --targets test-agent-1,test-primary-1
- name: Run openvox_bootstrap::configure task
run: |-
echo "On the primary:"
bolt task run openvox_bootstrap::configure --inventory inventory.yaml --targets test-agent-1 --params @agent-params.yaml
echo "On the agent:"
bolt task run openvox_bootstrap::configure --inventory inventory.yaml --targets test-agent-1 --params @server-params.yaml
- name: Validate agent run on the primary
run: |-
bolt command run '/opt/puppetlabs/bin/puppet agent --agent_disabled_lockfile=/dev/null --test' --inventory inventory.yaml --targets test-primary-1 --stream
- name: Validate agent run on the agent
run: |-
bolt command run '/opt/puppetlabs/bin/puppet agent --agent_disabled_lockfile=/dev/null --test' --inventory inventory.yaml --targets test-agent-1 --stream
- name: Validate certificate extensions
run: |-
cat > check_cert_extensions.pp <<'EOF'
notify { "Trusted Facts"
message => $trusted,
}
if $trusted['extensions']['pp_role'] != 'tomato' {
fail("Certificate extension 'pp_role' should be 'tomato', but is ${$trusted['extensions']['pp_role']}")
}
EOF
bolt apply check_cert_extensions.pp --inventory inventory.yaml --targets test-primary-1,test-agent-1