4.3.1 got molecule provider scenario working locally

CyVerse-Ansible · Sep 13, 2024 · 8663f8e · 8663f8e
1 parent d48e65c
commit 8663f8e
Show file tree

Hide file tree

Showing 6 changed files with 89 additions and 65 deletions.
diff --git a/molecule/_shared/tasks/validate_deposition.yml b/molecule/_shared/tasks/validate_deposition.yml
@@ -2,7 +2,7 @@
 #   cfg_path: The absolute path to the configuration file to be validated
 #   schema_path: The absolute path to the schema file used for validation
 ---
-- name: check {{ cfg_path }} deposition
+- name: Check deposition {{ cfg_path }}
   ansible.builtin.stat:
     path: "{{ cfg_path }}"
   register: response
@@ -11,10 +11,9 @@
     or response.stat.pw_name != 'irods'
     or response.stat.gr_name != 'irods'
 
-- name: validate {{ cfg_path }} with schema
-  ansible.builtin.command: >
-    jsonschema --instance '{{ cfg_path }}' '{{ schema_path }}'
+- name: Validate with schema {{ cfg_path }}
+  ansible.builtin.command: /usr/local/bin/jsonschema --instance '{{ cfg_path }}' '{{ schema_path }}'
   register: response
   until: response.stderr is not search('Connection timed out')
   retries: 10
-  changed_when: false
+  changed_when: false
diff --git a/molecule/provider/converge.yml b/molecule/provider/converge.yml
@@ -1,8 +1,8 @@
 ---
-- name: converge | provider
+- name: Converge | provider
   hosts: all
   tasks:
-    - name: place setup_configuration.json
-      import_role:
+    - name: Place setup_configuration.json
+      ansible.builtin.import_role:
         name: ansible-irods-cfg
         tasks_from: setup_irods.yml
diff --git a/molecule/provider/molecule.yml b/molecule/provider/molecule.yml
@@ -1 +1 @@
----  # noqa
+---
diff --git a/molecule/provider/prepare.yml b/molecule/provider/prepare.yml
@@ -4,10 +4,12 @@
 
 - name: Prepare | provider
   hosts: centos
-  become: true
-  collections:
-    - community.general
   tasks:
+    - name: Install sudo
+      ansible.builtin.package:
+        name: sudo
+        state: present
+
     - name: CentOS | install yum_versionlock requirements
       ansible.builtin.package:
         name:
@@ -37,7 +39,7 @@
       changed_when: response.stdout == 'changed'
 
     - name: CentOS | lock irods packages to required version
-      yum_versionlock:
+      community.general.yum_versionlock:
         name:
           - irods-icommands-4.2.8
           - irods-database-plugin-postgres-4.2.8
@@ -66,9 +68,10 @@
 
     - name: CentOS | install prerequisites for psycopg2
       ansible.builtin.yum:
-        name: 
+        name:
           - "@Development tools"
           - postgresql-devel
+          - python3-devel
         state: present
 
 
@@ -80,10 +83,12 @@
   gather_facts: false
   tasks:
     - name: CentOS | initialize PostgreSQL database cluster
-      ansible.builtin.shell: |
-        if [[ -e "$PGDATA" ]] && [[ -z "$(ls --almost-all "$PGDATA")" ]]; then
-          initdb --pgdata="$PGDATA" --auth=ident
-        fi
+      ansible.builtin.shell:
+        executable: /bin/bash
+        cmd: |
+          if [[ -e "$PGDATA" ]] && [[ -z "$(ls --almost-all "$PGDATA")" ]]; then
+            initdb --pgdata="$PGDATA" --auth=ident
+          fi
       register: response
       changed_when: response.stdout != ''
 
@@ -94,17 +99,19 @@
         mode: u+r
 
     - name: CentOS | start PostgreSQL
-      ansible.builtin.shell: |
-        set -o errexit
-        if ! [[ -e "$PGDATA"/postmaster.pid ]]; then
-          pg_ctl start > /dev/null
-          echo changed
-        fi
+      ansible.builtin.shell:
+        executable: /bin/bash
+        cmd: |
+          set -o errexit
+          if ! [[ -e "$PGDATA"/postmaster.pid ]]; then
+            pg_ctl start > /dev/null
+            echo changed
+          fi
       register: response
       changed_when: response.stdout == 'changed'
 
 
-- name: prepare | provider
+- name: Prepare | provider
   hosts: ubuntu
   tasks:
     - name: Ubuntu | install apt_key prerequisites
@@ -141,7 +148,7 @@
         name: postgresql
         state: present
 
-    - name: Ubuntu | start PostgreSQL 
+    - name: Ubuntu | start PostgreSQL
       ansible.builtin.service:
         name: postgresql
         state: started
@@ -153,21 +160,19 @@
         state: present
 
 
-- name: prepare | provider
+- name: Prepare | provider
   hosts: all
   gather_facts: false
   tasks:
-    - name: Install prerequisites for psycopg2
-      ansible.builtin.pip:
-        name: wheel
-
     - name: Install postgresql module prerequisites
       ansible.builtin.pip:
-        name: psycopg2
+        name:
+          - ipaddress
+          - psycopg2-binary
 
     - name: Install iRODS server
       ansible.builtin.package:
-        name: 
+        name:
           - irods-database-plugin-postgres
           - irods-server
         state: present
@@ -179,26 +184,26 @@
   become_user: postgres
   become_flags: '-i'
   gather_facts: false
-  collections:
-    - community.postgresql
   tasks:
     - name: Create ICAT DB
-      postgresql_db:
+      community.postgresql.postgresql_db:
         name: ICAT
 
     - name: Create iRODS user
-      postgresql_user:
-        db: ICAT
+      community.postgresql.postgresql_user:
         name: irods
         password: testpassword
-        priv: ALL
 
-    - name: Ensure postgres_pg_hba prerequisites are installed
-      ansible.builtin.pip:
-        name: ipaddress
+    - name: Grant iRODS user full access to ICAT DB
+      community.postgresql.postgresql_privs:
+        db: postgres
+        privs: ALL
+        type: database
+        obj: ICAT
+        roles: irods
 
     - name: Configure irods user ICAT access
-      postgresql_pg_hba:
+      community.postgresql.postgresql_pg_hba:
         dest: "{{ pg_hba_path }}"
         contype: host
         users: irods
@@ -208,11 +213,26 @@
         state: present
       notify: Reload postgres, {{ inventory_hostname }}
 
+    - name: Remove ident access to DBMS
+      community.postgresql.postgresql_pg_hba:
+        dest: "{{ pg_hba_path }}"
+        contype: host
+        users: all
+        source: "{{ item }}"
+        databases: all
+        method: md5
+        state: present
+      loop:
+        - 127.0.0.1/32
+        - ::1/128
+      notify: Reload postgres, {{ inventory_hostname }}
+
   handlers:
     - name: Reload postgres, centos
-      command: pg_ctl reload
+      ansible.builtin.command: pg_ctl reload
+      changed_when: true
 
     - name: Reload postgres, ubuntu
-      service:
+      ansible.builtin.service:
         name: postgresql
-        state: reloaded
+        state: reloaded
diff --git a/molecule/provider/verify.yml b/molecule/provider/verify.yml
@@ -1,13 +1,12 @@
 ---
-- name: verify | irods
+- name: Verify | irods
   hosts: all
   become: true
   become_user: irods
-  collections:
-    - ansible.builtin
-    - community.postgresql
+  become_flags: '-i'
   tasks:
-    - include_tasks: ../_shared/tasks/validate_deposition.yml
+    - name: Validate deposition /etc/irods
+      ansible.builtin.include_tasks: ../_shared/tasks/validate_deposition.yml
       vars:
         cfg_path: /etc/irods/{{ item }}
         schema_path: /var/lib/irods/configuration_schemas/v3/{{ item }}
@@ -16,28 +15,29 @@
         - hosts_config.json
         - server_config.json
 
-    - name: verify that database_config.json was not deposited
-      stat:
+    - name: Verify that database_config.json was not deposited
+      ansible.builtin.stat:
         path: /etc/irods/database_config.json
       register: response
       failed_when: response.stat.exists
 
-    - include_tasks: ../_shared/tasks/validate_deposition.yml
+    - name: Validate deposition of irods_environment.json
+      ansible.builtin.include_tasks: ../_shared/tasks/validate_deposition.yml
       vars:
         cfg_path: /var/lib/irods/.irods/irods_environment.json
         schema_path: /var/lib/irods/configuration_schemas/v3/service_account_environment.json
 
-    - name: check service_account.config deposition
-      stat:
+    - name: Check service_account.config deposition
+      ansible.builtin.stat:
         path: /etc/irods/service_account.config
       register: response
       failed_when: >
         not response.stat.exists or
         response.stat.pw_name != 'irods' or
         response.stat.gr_name != 'irods'
 
-    - name: verify ICAT schema version
-      postgresql_query:
+    - name: Verify ICAT schema version
+      community.postgresql.postgresql_query:
         db: ICAT
         login_user: irods
         login_password: testpassword
@@ -48,8 +48,8 @@
       register: response
       failed_when: response.failed or response.query_result[0]['option_value'] != '7'
 
-    - name: verify admin password set
-      postgresql_query:
+    - name: Verify admin password set
+      community.postgresql.postgresql_query:
         db: ICAT
         login_user: irods
         login_password: testpassword

diff --git a/tasks/setup_irods.yml b/tasks/setup_irods.yml
@@ -24,11 +24,13 @@
 
     - name: Initialize ICAT schema
       when: not odbc.stat.exists
-      ansible.builtin.shell: |
-        set -e
-        python /var/lib/irods/scripts/setup_irods.py \
-          --json_configuration_file=/tmp/setup_configuration.json
-        rm --force /tmp/setup_configuration.json || true
+      ansible.builtin.shell:
+        executable: /bin/bash
+        cmd: |
+          set -o errexit
+          python /var/lib/irods/scripts/setup_irods.py \
+            --json_configuration_file=/tmp/setup_configuration.json
+          rm --force /tmp/setup_configuration.json || true
       register: response
       failed_when:
         - not response.stderr is search('Database specified already in use by iRODS')
@@ -40,5 +42,8 @@
         path: "{{ _root_dir }}/var/lib/irods/.odbc.ini"
         state: absent
 
+    - name: Fail
+      ansible.builtin.fail:
+
 - name: Setup iRODS | configure server
   ansible.builtin.import_tasks: server.yml