170c003bc7
The old install-docker upstream.yaml tasks installed apparmor for docker (it was origianlly a dependency but then docker removed it as an explicit dependency while still explicitly depending on it so we manually installed it). When we started deploying Noble nodes with podman via the install-docker role we didn't get apparmor because podman doesn't appear to depend on it. However when we got to production the production images already come with apparmor which includes profiles for things like podman and rsyslog which have caused problems for us deploying services with podman. Attempt to catch these issues in CI by explicitly installing apparmor. This should be a noop for production beceaus apparmor is already installed. This should help us catch problems with podman in CI before we ever get to production. To ensure that apparmor is working properly we capture apparmor_status output as part of our system-config-run job log collection. Note we remove the zuul lb test for haproxy.log being present as current apparmor problems with the rsyslogd profile prevent that from occuring on noble. The next change will correct that issue and reinstate the test case. Change-Id: Iea5966dbb2dcfbe1e51d9c00bad67a9d37e1b7e1
35 lines
1.2 KiB
Python
35 lines
1.2 KiB
Python
# Copyright 2018 Red Hat, Inc.
|
|
# Copyright 2022 Acme Gating, LLC
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
import json
|
|
|
|
|
|
testinfra_hosts = ['zuul-lb02.opendev.org']
|
|
|
|
|
|
def test_zuul_listening(host):
|
|
zuul_https = host.socket("tcp://0.0.0.0:443")
|
|
assert zuul_https.is_listening
|
|
zuul_http = host.socket("tcp://0.0.0.0:80")
|
|
assert zuul_http.is_listening
|
|
zuul_finger = host.socket("tcp://0.0.0.0:79")
|
|
assert zuul_finger.is_listening
|
|
|
|
def test_haproxy_statsd_running(host):
|
|
cmd = host.run("docker inspect haproxy-docker-haproxy-statsd-1")
|
|
out = json.loads(cmd.stdout)
|
|
assert out[0]["State"]["Status"] == "running"
|
|
assert out[0]["RestartCount"] == 0
|