ci(default-lxd): try with canonical/setup-lxd action +cleaning #20
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: default-lxd | |
on: | |
push: | |
pull_request: | |
workflow_dispatch: | |
schedule: # run weekly, every Thursday 06:00 | |
- cron: '0 6 * * 4' | |
permissions: {} | |
jobs: | |
build: | |
permissions: | |
contents: read | |
runs-on: ubuntu-22.04 | |
continue-on-error: ${{ matrix.experimental }} | |
strategy: | |
fail-fast: false | |
max-parallel: 4 | |
matrix: | |
include: | |
- distribution: centos | |
version: 9-Stream | |
version2: 9-Stream | |
suite: default | |
experimental: true | |
- distribution: centos | |
version: 8-Stream | |
version2: 8-Stream | |
suite: default | |
experimental: true | |
- distribution: debian | |
version: bullseye | |
version2: bullseye | |
suite: default | |
experimental: true | |
- distribution: ubuntu | |
version: '22.04' | |
version2: 2204 | |
suite: default | |
experimental: true | |
- distribution: ubuntu | |
version: '20.04' | |
version2: 2004 | |
suite: default | |
experimental: false | |
- distribution: ubuntu | |
version: '20.04' | |
version2: 2004 | |
suite: default-nosnuffle | |
experimental: false | |
env: | |
ANSIBLE_CALLBACKS_ENABLED: profile_tasks | |
ANSIBLE_ROLE: juju4.misp | |
LXDIMAGE: "${{ matrix.distribution }}-${{ matrix.version }}" | |
LXDGUEST: "default-${{ matrix.distribution }}-${{ matrix.version2 }}" | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
path: ${{ env.ANSIBLE_ROLE }} | |
- name: Set up Python | |
uses: actions/setup-python@v4 | |
with: | |
python-version: '3.x' | |
- name: Environment | |
run: | | |
set -x | |
pwd | |
env | |
find . -ls | |
# https://github.com/canonical/setup-lxd | |
- name: Setup LXD | |
uses: canonical/setup-lxd@4e959f8e0d9c5feb27d44c5e4d9a330a782edee0 | |
with: | |
channel: latest/stable | |
- name: lxd information | |
run: | | |
set -x | |
whoami | |
grep lxd /etc/group | |
echo "# remote list" | |
sudo lxc remote list | |
echo "# image list" | |
sudo lxc image list | |
## check network | |
ifconfig -a || true | |
ip addr || true | |
sudo lxc info | |
sudo lxc network list | |
sudo lxc network show lxdbr0 | |
cat /etc/default/lxd-bridge || true | |
ps ax | grep dnsmasq | |
systemctl status -l --no-pager lxd || true | |
cat /etc/network/interfaces.d/50-cloud-init.cfg || true | |
# storage pool | |
sudo lxc storage list | |
sudo zpool list | |
sudo lxc profile show default | |
# check nftables | |
sudo nft list ruleset || true | |
- name: Start lxd instance | |
run: | | |
set -x | |
sudo lxc launch $LXDIMAGE $LXDGUEST | |
- name: Mount GITHUB_WORKSPACE in lxd | |
run: | | |
set -x | |
sudo lxc exec $LXDGUEST -- install -d -m 755 /tmp/workspace | |
sudo lxc config device add $LXDGUEST sharedworkspace disk source=$GITHUB_WORKSPACE/ path=/tmp/workspace | |
- name: Ansible dependencies in lxd | |
run: | | |
cd $GITHUB_WORKSPACE/$ANSIBLE_ROLE | |
[ -f get-dependencies.sh ] && sh -x get-dependencies.sh | |
{ echo '[defaults]'; echo 'callbacks_enabled = profile_tasks, timer'; echo 'roles_path = ../'; echo 'ansible_python_interpreter: /usr/bin/python3'; } >> ansible.cfg | |
sudo lxc file push ansible.cfg $LXDGUEST/root/ansible.cfg | |
sudo lxc exec $LXDGUEST -- pwd | |
sudo lxc exec $LXDGUEST -- ip address | |
sudo lxc exec $LXDGUEST -- ip route | |
sudo lxc exec $LXDGUEST -- dhclient eth0 | |
sudo lxc exec $LXDGUEST -- ping -c 1 8.8.8.8 | |
[ "X${{ matrix.distribution }}" == "Xdebian" -o "X${{ matrix.distribution }}" == "Xubuntu" ] && sudo lxc exec $LXDGUEST -- apt-get update | |
[ "X${{ matrix.distribution }}" == "Xdebian" -o "X${{ matrix.distribution }}" == "Xubuntu" ] && sudo lxc exec $LXDGUEST -- apt-get install -y python3-pip | |
sudo lxc exec $LXDGUEST -- pip3 install ansible | |
- name: Converge | |
run: | | |
sudo lxc exec $LXDGUEST -- ansible-playbook -i localhost, --connection=local --become -vvv /tmp/workspace/$ANSIBLE_ROLE/test/integration/default/default.yml ${ANSIBLE_EXTRA_VARS} | |
env: | |
TERM: xterm-256color | |
- name: Idempotency run | |
run: | | |
sudo lxc exec $LXDGUEST -- "ansible-playbook -i localhost, --connection=local --become -vvv /tmp/workspace/$ANSIBLE_ROLE/test/integration/default/default.yml ${ANSIBLE_EXTRA_VARS} | tee /tmp/idempotency.log | grep -q 'changed=0.*failed=0' && (echo 'Idempotence test: pass' && exit 0) || (echo 'Idempotence test: fail' && cat /tmp/idempotency.log && exit 0)" | |
- name: On failure | |
run: | | |
set -x | |
sudo lxc exec $LXDGUEST -- 'ansible -i inventory --connection=local -m setup localhost' || true | |
sudo lxc exec $LXDGUEST -- 'systemctl -l --no-pager status' || true | |
sudo lxc exec $LXDGUEST -- 'systemctl -l --no-pager --failed' || true | |
sudo lxc exec $LXDGUEST -- 'ls -l /usr/bin/ | egrep "(python|pip|ansible)"' || true | |
sudo lxc exec $LXDGUEST -- 'pip freeze' || true | |
sudo lxc exec $LXDGUEST -- 'pip3 freeze' || true | |
sudo lxc exec $LXDGUEST -- 'ip addr' || true | |
sudo lxc exec $LXDGUEST -- 'cat /etc/resolv.conf' || true | |
sudo lxc exec $LXDGUEST -- 'host www.google.com' || true | |
sudo lxc exec $LXDGUEST -- 'ping -c 1 www.google.com' || true | |
sudo lxc exec $LXDGUEST -- 'ping -c 1 8.8.8.8' || true | |
sudo lxc exec $LXDGUEST -- 'ls -l /usr/bin/php* /usr/local/bin/php*' || true | |
sudo lxc exec $LXDGUEST -- 'php --version' || true | |
sudo lxc exec $LXDGUEST -- 'ls /etc/apache2/mods-enabled/' || true | |
sudo lxc exec $LXDGUEST -- 'ls -l /var/www/_MISP/MISP/tests/' || true | |
sudo lxc exec $LXDGUEST -- 'cat /var/log/apache2/misp.local_error.log' || true | |
sudo lxc exec $LXDGUEST -- 'cat /var/www/_MISP/MISP/app/tmp/logs/error.log' || true | |
sudo lxc exec $LXDGUEST -- 'ls -lA /etc/yum.repos.d/' || true | |
sudo lxc exec $LXDGUEST -- 'cat /etc/yum.repos.d/CentOS-PowerTools.repo' || true | |
if: ${{ failure() }} | |
continue-on-error: true | |
- name: After script - python | |
run: | | |
set -x | |
sudo lxc exec $LXDGUEST -- 'which pip' | |
sudo lxc exec $LXDGUEST -- 'pip freeze' | |
sudo lxc exec $LXDGUEST -- 'which pip3' | |
sudo lxc exec $LXDGUEST -- 'pip3 install pipdeptree' | |
sudo lxc exec $LXDGUEST -- 'pip3 freeze' | |
sudo lxc exec $LXDGUEST -- 'pipdeptree -r' | |
sudo lxc exec $LXDGUEST -- '/var/www/_MISP/venv/bin/python --version' | |
sudo lxc exec $LXDGUEST -- '/var/www/_MISP/venv/bin/pip install pipdeptree' | |
sudo lxc exec $LXDGUEST -- '/var/www/_MISP/venv/bin/pipdeptree -r' | |
if: ${{ always() }} | |
continue-on-error: true | |
- name: After script - MISP files | |
run: | | |
set -x | |
sudo lxc exec $LXDGUEST -- 'find /var/www/_MISP/venv/ -type f | tail -500' | |
sudo lxc exec $LXDGUEST -- 'cat /opt/misp-modules/REQUIREMENTS' | |
sudo lxc exec $LXDGUEST -- '/var/www/_MISP/venv/bin/misp-modules -t' | |
sudo lxc exec $LXDGUEST -- 'ls -la /var/www/_MISP/MISP/' | |
sudo lxc exec $LXDGUEST -- 'ls -la /var/www/.cache/pip/http/' | |
sudo lxc exec $LXDGUEST -- 'cat /var/www/_MISP/MISP/app/Config/bootstrap.php' | |
sudo lxc exec $LXDGUEST -- 'ls -la /var/www/_MISP/MISP/app/tmp/cache/models/' | |
sudo lxc exec $LXDGUEST -- 'getfacl /var/www/_MISP/MISP/app/tmp/cache/models' | |
sudo lxc exec $LXDGUEST -- 'find /usr -iname "*libyara*.so"' | |
if: ${{ always() }} | |
continue-on-error: true | |
- name: After script - MISP error logs | |
run: | | |
set -x | |
sudo lxc exec $LXDGUEST -- 'cat /var/log/apache2/misp.local_access.log' || true | |
sudo lxc exec $LXDGUEST -- 'cat /var/log/apache2/misp.local_error.log' || true | |
sudo lxc exec $LXDGUEST -- 'cat /var/log/httpd/misp.local_access.log' || true | |
sudo lxc exec $LXDGUEST -- 'cat /var/log/httpd/misp.local_error.log' || true | |
sudo lxc exec $LXDGUEST -- 'cat /var/www/_MISP/MISP/app/tmp/logs/error.log' || true | |
sudo lxc exec $LXDGUEST -- 'cat /var/www/_MISP/MISP/app/tmp/logs/debug.log' || true | |
if: ${{ always() }} | |
continue-on-error: true | |
- name: After script - redis logs | |
run: | | |
set -x | |
sudo lxc exec $LXDGUEST -- 'ls -lA /var/log/redis/' || true | |
sudo lxc exec $LXDGUEST -- 'cat /var/log/redis/redis.log' || true | |
sudo lxc exec $LXDGUEST -- 'cat /var/log/redis/redis-server.log' || true | |
if: ${{ always() }} | |
continue-on-error: true | |
- name: After script - curl | |
run: | | |
sudo lxc exec $LXDGUEST -- 'curl -vk http://localhost:6666' | |
if: ${{ always() }} | |
continue-on-error: true | |
- name: After script - PyMISP | |
run: | | |
sudo lxc exec $LXDGUEST -- 'cd /var/www/_MISP/MISP/PyMISP/examples && /var/www/_MISP/venv/bin/python /var/www/_MISP/MISP/PyMISP/examples/users_list.py' | |
if: ${{ always() }} | |
continue-on-error: true | |
- name: After script - system | |
run: | | |
set -x | |
sudo lxc exec $LXDGUEST -- 'netstat -anp' || true | |
sudo lxc exec $LXDGUEST -- 'ss -nlp' || true | |
sudo lxc exec $LXDGUEST -- 'systemctl -l --no-pager status apache2' || true | |
sudo lxc exec $LXDGUEST -- 'systemctl -l --no-pager status redis' || true | |
sudo lxc exec $LXDGUEST -- 'systemctl -l --no-pager status httpd' || true | |
sudo lxc exec $LXDGUEST -- 'systemctl -l --no-pager status httpd-init' || true | |
sudo lxc exec $LXDGUEST -- 'systemctl -l --no-pager status' || true | |
if: ${{ always() }} | |
continue-on-error: true | |
- name: After script - journalctl | |
run: | | |
sudo lxc exec $LXDGUEST -- 'journalctl -xe --no-pager' || true | |
if: ${{ always() }} | |
continue-on-error: true | |
- name: After script - redhat | |
run: | | |
sudo lxc exec $LXDGUEST -- 'sudo dnf repolist' || true | |
sudo lxc exec $LXDGUEST -- 'find /etc/yum.repos.d/ -exec cat {} \;' || true | |
if: ${{ always() }} | |
continue-on-error: true | |
- name: After script - mysql | |
run: | | |
sudo lxc exec $LXDGUEST -- 'mysql -e "SHOW TABLES" misp' || true | |
sudo lxc exec $LXDGUEST -- 'mysql -e "SELECT * from users;" misp' || true | |
if: ${{ always() }} | |
continue-on-error: true | |
- name: After script - php | |
run: | | |
set -x | |
sudo lxc exec $LXDGUEST -- 'which php' || true | |
sudo lxc exec $LXDGUEST -- '`which php` --version' || true | |
sudo lxc exec $LXDGUEST -- 'which php7.4' || true | |
sudo lxc exec $LXDGUEST -- 'ls -lF /usr/bin/php* /usr/local/bin/php*' || true | |
sudo lxc exec $LXDGUEST -- 'dpkg -L php' || true | |
sudo lxc exec $LXDGUEST -- 'dpkg -L php7.4' || true | |
if: ${{ always() }} | |
continue-on-error: true | |
- name: After script - misp | |
run: | | |
set -x | |
sudo lxc exec $LXDGUEST -- 'sudo -u www-data /var/www/_MISP/MISP/app/Console/cake Admin securityAudit' || true | |
sudo lxc exec $LXDGUEST -- 'sudo -u www-data /var/www/_MISP/MISP/app/Console/cake Admin configLint' || true | |
sudo lxc exec $LXDGUEST -- 'sudo -u www-data /var/www/_MISP/MISP/app/Console/cake Admin live' || true | |
if: ${{ always() }} | |
continue-on-error: true |