ci(default-lxd): fix dependencies step (7) #11
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: default-lxd | |
on: | |
push: | |
pull_request: | |
workflow_dispatch: | |
schedule: # run weekly, every Thursday 06:00 | |
- cron: '0 6 * * 4' | |
permissions: {} | |
jobs: | |
build: | |
permissions: | |
contents: read | |
runs-on: ubuntu-22.04 | |
continue-on-error: ${{ matrix.experimental }} | |
strategy: | |
fail-fast: false | |
max-parallel: 4 | |
matrix: | |
include: | |
- distribution: centos | |
version: 9-Stream | |
version2: 9-Stream | |
suite: default | |
experimental: true | |
- distribution: centos | |
version: 8-Stream | |
version2: 8-Stream | |
suite: default | |
experimental: true | |
- distribution: debian | |
version: bullseye | |
version2: bullseye | |
suite: default | |
experimental: true | |
- distribution: ubuntu | |
version: '22.04' | |
version2: 2204 | |
suite: default | |
experimental: true | |
- distribution: ubuntu | |
version: '20.04' | |
version2: 2004 | |
suite: default | |
experimental: false | |
- distribution: ubuntu | |
version: '20.04' | |
version2: 2004 | |
suite: default-nosnuffle | |
experimental: false | |
env: | |
ANSIBLE_CALLBACKS_ENABLED: profile_tasks | |
ANSIBLE_ROLE: juju4.misp | |
LXDIMAGE: "${{ matrix.distribution }}-${{ matrix.version }}" | |
LXDGUEST: "default-${{ matrix.distribution }}-${{ matrix.version2 }}" | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
path: ${{ env.ANSIBLE_ROLE }} | |
- name: Set up Python | |
uses: actions/setup-python@v4 | |
with: | |
python-version: '3.x' | |
- name: Environment | |
run: | | |
set -x | |
pwd | |
env | |
find . -ls | |
- name: Install lxd requirements | |
run: | | |
set -x | |
sudo apt-get update -qq | |
sudo apt-get -y install acl dnsmasq-base zfsutils-linux -q | |
sudo snap install lxd | |
whoami | |
grep lxd /etc/group | |
echo "# remote list" | |
sudo lxc remote list | |
echo "# image list" | |
sudo lxc image list | |
echo "# download image" | |
[ ${{ matrix.distribution }} == ubuntu ] || sudo lxc image copy images:${{ matrix.distribution }}/${{ matrix.version }}/amd64 local: --alias=${{ matrix.distribution }}-${{ matrix.version }}-nossh || true | |
[ ${{ matrix.distribution }} == ubuntu ] && sudo lxc image copy ubuntu:${{ matrix.version }} local: --alias=${{ matrix.distribution }}-${{ matrix.version }} || true | |
echo "# image list" | |
sudo lxc image list | |
## configure network | |
ifconfig -a || true | |
ip addr || true | |
sudo lxc info | |
sudo lxc network list | |
sudo lxc network create lxdbr0 | |
sudo lxc network show lxdbr0 | |
sudo lxc network attach-profile lxdbr0 default ens4 | |
sudo lxc profile device get default ens4 nictype || true | |
sudo service lxd restart || true | |
ps ax | grep dnsmasq | |
systemctl status -l --no-pager lxd || true | |
cat /etc/network/interfaces.d/50-cloud-init.cfg || true | |
sudo lxc network list | |
# configure storage pool | |
sudo lxc storage list | |
sudo lxc storage create pool1 zfs | |
sudo lxc storage list | |
sudo zpool list | |
sudo lxc profile device add default root disk path=/ pool=pool1 | |
sudo lxc profile show default | |
[ "X${{ matrix.distribution }}" == "Xcentos" ] && cd $GITHUB_WORKSPACE/$ANSIBLE_ROLE && sudo sh -x ./test/lxd/centos-ssh-image.sh ${{ matrix.version }} || true | |
[ "X${{ matrix.distribution }}" == "Xdebian" ] && cd $GITHUB_WORKSPACE/$ANSIBLE_ROLE && sudo sh -x ./test/lxd/debian-ssh-image.sh ${{ matrix.version }} || true | |
- name: Start lxd instance | |
run: | | |
set -x | |
sudo lxc init $LXDIMAGE $LXDGUEST | |
sudo lxc start $LXDGUEST | |
- name: Mount GITHUB_WORKSPACE in lxd | |
run: | | |
set -x | |
sudo lxc exec $LXDGUEST -- install -d -m 755 /tmp/workspace | |
sudo lxc config device add $LXDGUEST sharedworkspace disk source=$GITHUB_WORKSPACE/ path=/tmp/workspace | |
- name: Ansible dependencies in lxd | |
run: | | |
cd $GITHUB_WORKSPACE/$ANSIBLE_ROLE | |
[ -f get-dependencies.sh ] && sh -x get-dependencies.sh | |
{ echo '[defaults]'; echo 'callbacks_enabled = profile_tasks, timer'; echo 'roles_path = ../'; echo 'ansible_python_interpreter: /usr/bin/python3'; } >> ansible.cfg | |
sudo lxc file push ansible.cfg $LXDGUEST/root/ansible.cfg | |
sudo lxc exec $LXDGUEST -- pwd | |
sudo lxc exec $LXDGUEST -- which pip3 | |
[ "X${{ matrix.distribution }}" == "Xdebian" ] && sudo lxc exec $LXDGUEST -- apt-get install -y python3-pip | |
[ "X${{ matrix.distribution }}" == "Xubuntu" ] && sudo lxc exec $LXDGUEST -- apt-get install -y python3-pip | |
sudo lxc exec $LXDGUEST -- pip3 install ansible | |
sudo lxc exec $LXDGUEST -- which ansible-playbook | |
- name: Converge | |
run: | | |
sudo lxc exec $LXDGUEST -- ansible-playbook -i localhost, --connection=local --become -vvv /tmp/workspace/$ANSIBLE_ROLE/test/integration/default/default.yml ${ANSIBLE_EXTRA_VARS} | |
env: | |
TERM: xterm-256color | |
- name: Idempotency run | |
run: | | |
sudo lxc exec $LXDGUEST -- "ansible-playbook -i localhost, --connection=local --become -vvv /tmp/workspace/$ANSIBLE_ROLE/test/integration/default/default.yml ${ANSIBLE_EXTRA_VARS} | tee /tmp/idempotency.log | grep -q 'changed=0.*failed=0' && (echo 'Idempotence test: pass' && exit 0) || (echo 'Idempotence test: fail' && cat /tmp/idempotency.log && exit 0)" | |
- name: On failure | |
run: | | |
set -x | |
sudo lxc exec $LXDGUEST -- 'ansible -i inventory --connection=local -m setup localhost' || true | |
sudo lxc exec $LXDGUEST -- 'systemctl -l --no-pager status' || true | |
sudo lxc exec $LXDGUEST -- 'systemctl -l --no-pager --failed' || true | |
sudo lxc exec $LXDGUEST -- 'ls -l /usr/bin/ | egrep "(python|pip|ansible)"' || true | |
sudo lxc exec $LXDGUEST -- 'pip freeze' || true | |
sudo lxc exec $LXDGUEST -- 'pip3 freeze' || true | |
sudo lxc exec $LXDGUEST -- 'ip addr' || true | |
sudo lxc exec $LXDGUEST -- 'cat /etc/resolv.conf' || true | |
sudo lxc exec $LXDGUEST -- 'host www.google.com' || true | |
sudo lxc exec $LXDGUEST -- 'ping -c 1 www.google.com' || true | |
sudo lxc exec $LXDGUEST -- 'ping -c 1 8.8.8.8' || true | |
sudo lxc exec $LXDGUEST -- 'ls -l /usr/bin/php* /usr/local/bin/php*' || true | |
sudo lxc exec $LXDGUEST -- 'php --version' || true | |
sudo lxc exec $LXDGUEST -- 'ls /etc/apache2/mods-enabled/' || true | |
sudo lxc exec $LXDGUEST -- 'ls -l /var/www/_MISP/MISP/tests/' || true | |
sudo lxc exec $LXDGUEST -- 'cat /var/log/apache2/misp.local_error.log' || true | |
sudo lxc exec $LXDGUEST -- 'cat /var/www/_MISP/MISP/app/tmp/logs/error.log' || true | |
sudo lxc exec $LXDGUEST -- 'ls -lA /etc/yum.repos.d/' || true | |
sudo lxc exec $LXDGUEST -- 'cat /etc/yum.repos.d/CentOS-PowerTools.repo' || true | |
if: ${{ failure() }} | |
continue-on-error: true | |
- name: After script - python | |
run: | | |
set -x | |
sudo lxc exec $LXDGUEST -- 'which pip' | |
sudo lxc exec $LXDGUEST -- 'pip freeze' | |
sudo lxc exec $LXDGUEST -- 'which pip3' | |
sudo lxc exec $LXDGUEST -- 'pip3 install pipdeptree' | |
sudo lxc exec $LXDGUEST -- 'pip3 freeze' | |
sudo lxc exec $LXDGUEST -- 'pipdeptree -r' | |
sudo lxc exec $LXDGUEST -- '/var/www/_MISP/venv/bin/python --version' | |
sudo lxc exec $LXDGUEST -- '/var/www/_MISP/venv/bin/pip install pipdeptree' | |
sudo lxc exec $LXDGUEST -- '/var/www/_MISP/venv/bin/pipdeptree -r' | |
if: ${{ always() }} | |
continue-on-error: true | |
- name: After script - MISP files | |
run: | | |
set -x | |
sudo lxc exec $LXDGUEST -- 'find /var/www/_MISP/venv/ -type f | tail -500' | |
sudo lxc exec $LXDGUEST -- 'cat /opt/misp-modules/REQUIREMENTS' | |
sudo lxc exec $LXDGUEST -- '/var/www/_MISP/venv/bin/misp-modules -t' | |
sudo lxc exec $LXDGUEST -- 'ls -la /var/www/_MISP/MISP/' | |
sudo lxc exec $LXDGUEST -- 'ls -la /var/www/.cache/pip/http/' | |
sudo lxc exec $LXDGUEST -- 'cat /var/www/_MISP/MISP/app/Config/bootstrap.php' | |
sudo lxc exec $LXDGUEST -- 'ls -la /var/www/_MISP/MISP/app/tmp/cache/models/' | |
sudo lxc exec $LXDGUEST -- 'getfacl /var/www/_MISP/MISP/app/tmp/cache/models' | |
sudo lxc exec $LXDGUEST -- 'find /usr -iname "*libyara*.so"' | |
if: ${{ always() }} | |
continue-on-error: true | |
- name: After script - MISP error logs | |
run: | | |
set -x | |
sudo lxc exec $LXDGUEST -- 'cat /var/log/apache2/misp.local_access.log' || true | |
sudo lxc exec $LXDGUEST -- 'cat /var/log/apache2/misp.local_error.log' || true | |
sudo lxc exec $LXDGUEST -- 'cat /var/log/httpd/misp.local_access.log' || true | |
sudo lxc exec $LXDGUEST -- 'cat /var/log/httpd/misp.local_error.log' || true | |
sudo lxc exec $LXDGUEST -- 'cat /var/www/_MISP/MISP/app/tmp/logs/error.log' || true | |
sudo lxc exec $LXDGUEST -- 'cat /var/www/_MISP/MISP/app/tmp/logs/debug.log' || true | |
if: ${{ always() }} | |
continue-on-error: true | |
- name: After script - redis logs | |
run: | | |
set -x | |
sudo lxc exec $LXDGUEST -- 'ls -lA /var/log/redis/' || true | |
sudo lxc exec $LXDGUEST -- 'cat /var/log/redis/redis.log' || true | |
sudo lxc exec $LXDGUEST -- 'cat /var/log/redis/redis-server.log' || true | |
if: ${{ always() }} | |
continue-on-error: true | |
- name: After script - curl | |
run: | | |
sudo lxc exec $LXDGUEST -- 'curl -vk http://localhost:6666' | |
if: ${{ always() }} | |
continue-on-error: true | |
- name: After script - PyMISP | |
run: | | |
sudo lxc exec $LXDGUEST -- 'cd /var/www/_MISP/MISP/PyMISP/examples && /var/www/_MISP/venv/bin/python /var/www/_MISP/MISP/PyMISP/examples/users_list.py' | |
if: ${{ always() }} | |
continue-on-error: true | |
- name: After script - system | |
run: | | |
set -x | |
sudo lxc exec $LXDGUEST -- 'netstat -anp' || true | |
sudo lxc exec $LXDGUEST -- 'ss -nlp' || true | |
sudo lxc exec $LXDGUEST -- 'systemctl -l --no-pager status apache2' || true | |
sudo lxc exec $LXDGUEST -- 'systemctl -l --no-pager status redis' || true | |
sudo lxc exec $LXDGUEST -- 'systemctl -l --no-pager status httpd' || true | |
sudo lxc exec $LXDGUEST -- 'systemctl -l --no-pager status httpd-init' || true | |
sudo lxc exec $LXDGUEST -- 'systemctl -l --no-pager status' || true | |
if: ${{ always() }} | |
continue-on-error: true | |
- name: After script - journalctl | |
run: | | |
sudo lxc exec $LXDGUEST -- 'journalctl -xe --no-pager' || true | |
if: ${{ always() }} | |
continue-on-error: true | |
- name: After script - redhat | |
run: | | |
sudo lxc exec $LXDGUEST -- 'sudo dnf repolist' || true | |
sudo lxc exec $LXDGUEST -- 'find /etc/yum.repos.d/ -exec cat {} \;' || true | |
if: ${{ always() }} | |
continue-on-error: true | |
- name: After script - mysql | |
run: | | |
sudo lxc exec $LXDGUEST -- 'mysql -e "SHOW TABLES" misp' || true | |
sudo lxc exec $LXDGUEST -- 'mysql -e "SELECT * from users;" misp' || true | |
if: ${{ always() }} | |
continue-on-error: true | |
- name: After script - php | |
run: | | |
set -x | |
sudo lxc exec $LXDGUEST -- 'which php' || true | |
sudo lxc exec $LXDGUEST -- '`which php` --version' || true | |
sudo lxc exec $LXDGUEST -- 'which php7.4' || true | |
sudo lxc exec $LXDGUEST -- 'ls -lF /usr/bin/php* /usr/local/bin/php*' || true | |
sudo lxc exec $LXDGUEST -- 'dpkg -L php' || true | |
sudo lxc exec $LXDGUEST -- 'dpkg -L php7.4' || true | |
if: ${{ always() }} | |
continue-on-error: true | |
- name: After script - misp | |
run: | | |
set -x | |
sudo lxc exec $LXDGUEST -- 'sudo -u www-data /var/www/_MISP/MISP/app/Console/cake Admin securityAudit' || true | |
sudo lxc exec $LXDGUEST -- 'sudo -u www-data /var/www/_MISP/MISP/app/Console/cake Admin configLint' || true | |
sudo lxc exec $LXDGUEST -- 'sudo -u www-data /var/www/_MISP/MISP/app/Console/cake Admin live' || true | |
if: ${{ always() }} | |
continue-on-error: true |