Skip to content

Commit

Permalink
ci: add default-lxd workflow
Browse files Browse the repository at this point in the history
  • Loading branch information
@juju4
juju4 committed Sep 30, 2023
1 parent 4b07dcd commit df585b9
Showing 1 changed file with 265 additions and 0 deletions.
265 changes: 265 additions & 0 deletions .github/workflows/default-lxd.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,265 @@
---
name: default-lxd

on:
push:
pull_request:
workflow_dispatch:
schedule: # run weekly, every Thursday 06:00
- cron: '0 6 * * 4'

permissions: {}

jobs:
build:
permissions:
contents: read
runs-on: ubuntu-22.04
continue-on-error: ${{ matrix.experimental }}
strategy:
fail-fast: false
max-parallel: 4
matrix:
include:
- distribution: centos
version: 9-Stream
version2: 9-Stream
suite: default
experimental: true
- distribution: centos
version: 8-Stream
version2: 8-Stream
suite: default
experimental: true
- distribution: debian
version: bullseye
version2: bullseye
suite: default
experimental: true
- distribution: ubuntu
version: '22.04'
version2: 2204
suite: default
experimental: true
- distribution: ubuntu
version: '20.04'
version2: 2004
suite: default
experimental: false
- distribution: ubuntu
version: '20.04'
version2: 2004
suite: default-nosnuffle
experimental: false
env:
ANSIBLE_CALLBACKS_ENABLED: profile_tasks
ANSIBLE_ROLE: juju4.misp
LXDIMAGE: "${{ matrix.distribution }}-${{ matrix.version }}"
LXDGUEST: "default-${{ matrix.distribution }}-${{ matrix.version }}"

steps:
- uses: actions/checkout@v3
with:
path: ${{ env.ANSIBLE_ROLE }}
- name: Set up Python
uses: actions/setup-python@v4
with:
python-version: '3.x'
- name: Environment
run: |
set -x
pwd
env
find . -ls
- name: Install lxd requirements
run: |
set -x
sudo apt-get update -qq
sudo apt-get -y install acl dnsmasq-base zfsutils-linux -q
sudo snap install lxd
whoami
grep lxd /etc/group
echo "# remote list"
lxc remote list
echo "# image list"
sudo lxc image list
echo "# download image"
[ ${{ matrix.distribution }} == ubuntu ] || sudo lxc image copy images:${{ matrix.distribution }}/${{ matrix.version }}/amd64 local: --alias=${{ matrix.distribution }}-${{ matrix.version }}-nossh || true
[ ${{ matrix.distribution }} == ubuntu ] && sudo lxc image copy ubuntu:${{ matrix.version }} local: --alias=${{ matrix.distribution }}-${{ matrix.version }} || true
echo "# image list"
sudo lxc image list
## configure network
ifconfig -a || true
ip addr || true
sudo lxc info
sudo lxc network list
sudo lxc network create lxdbr0
sudo lxc network show lxdbr0
sudo lxc network attach-profile lxdbr0 default ens4
sudo lxc profile device get default ens4 nictype || true
sudo service lxd restart || true
ps ax | grep dnsmasq
systemctl status -l --no-pager lxd || true
cat /etc/network/interfaces.d/50-cloud-init.cfg || true
sudo lxc network list
# configure storage pool
sudo lxc storage list
sudo lxc storage create pool1 zfs
sudo lxc storage list
sudo zpool list
sudo lxc profile device add default root disk path=/ pool=pool1
sudo lxc profile show default
[ "X${{ matrix.distribution }}" == "Xcentos" ] && cd $GITHUB_WORKSPACE/$ANSIBLE_ROLE && sudo sh -x ./test/lxd/centos-ssh-image.sh ${{ matrix.version }} || true
[ "X${{ matrix.distribution }}" == "Xdebian" ] && cd $GITHUB_WORKSPACE/$ANSIBLE_ROLE && sudo sh -x ./test/lxd/debian-ssh-image.sh ${{ matrix.version }} || true
- name: Start lxd instance
run: |
set -x
lxc init $LXDIMAGE $LXDGUEST
lxc start $LXDGUEST
- name: Mount GITHUB_WORKSPACE in lxd
run: |
set -x
lxc exec $LXDGUEST -- install -d -m 755 /tmp/workspace
lxc config device add $LXDGUEST sharedworkspace disk source=$GITHUB_WORKSPACE/ path=/tmp/workspace
- name: Ansible dependencies in lxd
run: |
cd $GITHUB_WORKSPACE/$ANSIBLE_ROLE
[ -f get-dependencies.sh ] && lxc exec $LXDGUEST -- sh -x /tmp/workspace/$ANSIBLE_ROLE/get-dependencies.sh
lxc exec $LXDGUEST -- "{ echo '[defaults]'; echo 'callbacks_enabled = profile_tasks, timer'; echo 'roles_path = ../'; echo 'ansible_python_interpreter: /usr/bin/python3'; } >> ansible.cfg"
- name: Converge
run: |
lxc exec $LXDGUEST -- ansible-playbook -i localhost, --connection=local --become -vvv /tmp/workspace/$ANSIBLE_ROLE/test/integration/default/default.yml ${ANSIBLE_EXTRA_VARS}
env:
TERM: xterm-256color
- name: Idempotency run
run: |
lxc exec $LXDGUEST -- "ansible-playbook -i localhost, --connection=local --become -vvv /tmp/workspace/$ANSIBLE_ROLE/test/integration/default/default.yml ${ANSIBLE_EXTRA_VARS} | tee /tmp/idempotency.log | grep -q 'changed=0.*failed=0' && (echo 'Idempotence test: pass' && exit 0) || (echo 'Idempotence test: fail' && cat /tmp/idempotency.log && exit 0)"
- name: On failure
run: |
set -x
lxc exec $LXDGUEST -- 'ansible -i inventory --connection=local -m setup localhost' || true
lxc exec $LXDGUEST -- 'systemctl -l --no-pager status' || true
lxc exec $LXDGUEST -- 'systemctl -l --no-pager --failed' || true
lxc exec $LXDGUEST -- 'ls -l /usr/bin/ | egrep "(python|pip|ansible)"' || true
lxc exec $LXDGUEST -- 'pip freeze' || true
lxc exec $LXDGUEST -- 'pip3 freeze' || true
lxc exec $LXDGUEST -- 'ip addr' || true
lxc exec $LXDGUEST -- 'cat /etc/resolv.conf' || true
lxc exec $LXDGUEST -- 'host www.google.com' || true
lxc exec $LXDGUEST -- 'ping -c 1 www.google.com' || true
lxc exec $LXDGUEST -- 'ping -c 1 8.8.8.8' || true
lxc exec $LXDGUEST -- 'ls -l /usr/bin/php* /usr/local/bin/php*' || true
lxc exec $LXDGUEST -- 'php --version' || true
lxc exec $LXDGUEST -- 'ls /etc/apache2/mods-enabled/' || true
lxc exec $LXDGUEST -- 'ls -l /var/www/_MISP/MISP/tests/' || true
lxc exec $LXDGUEST -- 'cat /var/log/apache2/misp.local_error.log' || true
lxc exec $LXDGUEST -- 'cat /var/www/_MISP/MISP/app/tmp/logs/error.log' || true
lxc exec $LXDGUEST -- 'ls -lA /etc/yum.repos.d/' || true
lxc exec $LXDGUEST -- 'cat /etc/yum.repos.d/CentOS-PowerTools.repo' || true
if: ${{ failure() }}
continue-on-error: true
- name: After script - python
run: |
set -x
lxc exec $LXDGUEST -- 'which pip'
lxc exec $LXDGUEST -- 'pip freeze'
lxc exec $LXDGUEST -- 'which pip3'
lxc exec $LXDGUEST -- 'pip3 install pipdeptree'
lxc exec $LXDGUEST -- 'pip3 freeze'
lxc exec $LXDGUEST -- 'pipdeptree -r'
lxc exec $LXDGUEST -- '/var/www/_MISP/venv/bin/python --version'
lxc exec $LXDGUEST -- '/var/www/_MISP/venv/bin/pip install pipdeptree'
lxc exec $LXDGUEST -- '/var/www/_MISP/venv/bin/pipdeptree -r'
if: ${{ always() }}
continue-on-error: true
- name: After script - MISP files
run: |
set -x
lxc exec $LXDGUEST -- 'find /var/www/_MISP/venv/ -type f | tail -500'
lxc exec $LXDGUEST -- 'cat /opt/misp-modules/REQUIREMENTS'
lxc exec $LXDGUEST -- '/var/www/_MISP/venv/bin/misp-modules -t'
lxc exec $LXDGUEST -- 'ls -la /var/www/_MISP/MISP/'
lxc exec $LXDGUEST -- 'ls -la /var/www/.cache/pip/http/'
lxc exec $LXDGUEST -- 'cat /var/www/_MISP/MISP/app/Config/bootstrap.php'
lxc exec $LXDGUEST -- 'ls -la /var/www/_MISP/MISP/app/tmp/cache/models/'
lxc exec $LXDGUEST -- 'getfacl /var/www/_MISP/MISP/app/tmp/cache/models'
lxc exec $LXDGUEST -- 'find /usr -iname "*libyara*.so"'
if: ${{ always() }}
continue-on-error: true
- name: After script - MISP error logs
run: |
set -x
lxc exec $LXDGUEST -- 'cat /var/log/apache2/misp.local_access.log' || true
lxc exec $LXDGUEST -- 'cat /var/log/apache2/misp.local_error.log' || true
lxc exec $LXDGUEST -- 'cat /var/log/httpd/misp.local_access.log' || true
lxc exec $LXDGUEST -- 'cat /var/log/httpd/misp.local_error.log' || true
lxc exec $LXDGUEST -- 'cat /var/www/_MISP/MISP/app/tmp/logs/error.log' || true
lxc exec $LXDGUEST -- 'cat /var/www/_MISP/MISP/app/tmp/logs/debug.log' || true
if: ${{ always() }}
continue-on-error: true
- name: After script - redis logs
run: |
set -x
lxc exec $LXDGUEST -- 'ls -lA /var/log/redis/' || true
lxc exec $LXDGUEST -- 'cat /var/log/redis/redis.log' || true
lxc exec $LXDGUEST -- 'cat /var/log/redis/redis-server.log' || true
if: ${{ always() }}
continue-on-error: true
- name: After script - curl
run: |
lxc exec $LXDGUEST -- 'curl -vk http://localhost:6666'
if: ${{ always() }}
continue-on-error: true
- name: After script - PyMISP
run: |
lxc exec $LXDGUEST -- 'cd /var/www/_MISP/MISP/PyMISP/examples && /var/www/_MISP/venv/bin/python /var/www/_MISP/MISP/PyMISP/examples/users_list.py'
if: ${{ always() }}
continue-on-error: true
- name: After script - system
run: |
set -x
lxc exec $LXDGUEST -- 'netstat -anp' || true
lxc exec $LXDGUEST -- 'ss -nlp' || true
lxc exec $LXDGUEST -- 'systemctl -l --no-pager status apache2' || true
lxc exec $LXDGUEST -- 'systemctl -l --no-pager status redis' || true
lxc exec $LXDGUEST -- 'systemctl -l --no-pager status httpd' || true
lxc exec $LXDGUEST -- 'systemctl -l --no-pager status httpd-init' || true
lxc exec $LXDGUEST -- 'systemctl -l --no-pager status' || true
if: ${{ always() }}
continue-on-error: true
- name: After script - journalctl
run: |
lxc exec $LXDGUEST -- 'journalctl -xe --no-pager' || true
if: ${{ always() }}
continue-on-error: true
- name: After script - redhat
run: |
lxc exec $LXDGUEST -- 'sudo dnf repolist' || true
lxc exec $LXDGUEST -- 'find /etc/yum.repos.d/ -exec cat {} \;' || true
if: ${{ always() }}
continue-on-error: true
- name: After script - mysql
run: |
lxc exec $LXDGUEST -- 'mysql -e "SHOW TABLES" misp' || true
lxc exec $LXDGUEST -- 'mysql -e "SELECT * from users;" misp' || true
if: ${{ always() }}
continue-on-error: true
- name: After script - php
run: |
set -x
lxc exec $LXDGUEST -- 'which php' || true
lxc exec $LXDGUEST -- '`which php` --version' || true
lxc exec $LXDGUEST -- 'which php7.4' || true
lxc exec $LXDGUEST -- 'ls -lF /usr/bin/php* /usr/local/bin/php*' || true
lxc exec $LXDGUEST -- 'dpkg -L php' || true
lxc exec $LXDGUEST -- 'dpkg -L php7.4' || true
if: ${{ always() }}
continue-on-error: true
- name: After script - misp
run: |
set -x
lxc exec $LXDGUEST -- 'sudo -u www-data /var/www/_MISP/MISP/app/Console/cake Admin securityAudit' || true
lxc exec $LXDGUEST -- 'sudo -u www-data /var/www/_MISP/MISP/app/Console/cake Admin configLint' || true
lxc exec $LXDGUEST -- 'sudo -u www-data /var/www/_MISP/MISP/app/Console/cake Admin live' || true
if: ${{ always() }}
continue-on-error: true

0 comments on commit df585b9

Please sign in to comment.