- Working with user namespace and MAC-VLAN, some basic tests.

- Updated TODO list.

- Working with user namespace and MAC-VLAN, some basic tests.
5362fc54 · nimrod · eb496dd1 · 5362fc54 · 5362fc54 · 5362fc54
Commit 5362fc54 authored 8 years ago by nimrod
--- a/README.rst
+++ b/README.rst
@@ -55,4 +55,4 @@ at: https://www.shore.co.il/git/.
 TODO
 ----

- Test mac-vlan on Vagrant.
+- Test that the container is running in a different user namespace.
--- a/molecule.yml
+++ b/molecule.yml
@@ -13,10 +13,10 @@ vagrant:
  - name: virtualbox
    type: virtualbox
  platforms:
-  - name: openbsd
-    box: kaorimatz/openbsd-5.9-amd64
+  - name: debian
+    box: fujimakishouten/debian-stretch64
  instances:
-  - name: ansible-role-example
+  - name: ansible-role-nspawn
    options:
        append_platform_to_hostname: yes
  raw_config_args:

--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -4,16 +4,11 @@
 - assert:
    that:
        - ansible_os_family == 'Debian'
-        - ansible_distribution_release == 'stretch'
+        - ansible_distribution_version == 'stretch/sid'
+        - ansible_service_mgr == 'systemd'

- name: apt-get install
-  apt:
-    name: '{{ item }}'
-    state: present
-    update_cache: yes
-    cache_valid_time: 3600
+- name: APT install
  with_items:
-    - systemd-sysv
    - systemd-container
    - libnss-myhostname
    - libnss-mymachines
@@ -21,11 +16,23 @@
    - btrfs-tools
    - debootstrap
    - yum
+    - uidmap
+  apt:
+    name: '{{ item }}'
+    state: present
+    update_cache: yes
+    cache_valid_time: 3600

 - name: Create npawn configuration directory
  file:
    path: /etc/systemd/nspawn
    owner: root
    group: root
-    mode: '0755'
+    mode: 0o0755
    state: directory
+
+- name: Enable machines target
+  service:
+      name: machines.target
+      enabled: yes
+      state: started
--- a/tests/playbook.yml
+++ b/tests/playbook.yml
 ---
 - hosts: all
-  gather_facts: false
  roles:
-    - role: ansible-role-example
+    - role: ansible-role-nspawn
+  post_tasks:
+      - name: Create Debian Jessie chroot
+        command: /usr/sbin/debootstrap jessie /var/lib/machines/jessie http://httpredir.debian.org/debian
+        args:
+            creates: /var/lib/machines/jessie/etc/machine-id
+
+      - name: Configure container
+        template:
+            src: jessie.nspawn
+            dest: /etc/systemd/nspawn/jessie.nspawn
+            owner: root
+            group: root
+            mode: 0o0644
+
+      - name: Enable container service
+        service:
+            name: systemd-nspawn@jessie.service
+            state: started
+            enabled: yes
--- a/tests/templates/jessie.nspawn
+++ b/tests/templates/jessie.nspawn
+[Exec]
+Boot=yes
+PrivateUsers=yes
+
+[Files]
+PrivateUsersChown=yes
+
+[Network]
+Private=yes
+MACVLAN={{ ansible_default_ipv4['interface'] }}
--- a/tests/test_example.py
+++ b/tests/test_example.py
-def test_example(Command):
-    assert Command('uname').rc == 0
-
-
-def test_ansible(Ansible):
-    assert Ansible('debug', 'msg={{ eleven }}')['msg'] == '11'
--- a/tests/test_nspawn.py
+++ b/tests/test_nspawn.py
+def test_nspawn(Command, Service, Process):
+    assert Service('systemd-nspawn@jessie.service').is_running
+    assert Service('systemd-nspawn@jessie.service').is_enabled
+    assert 'jessie' in Command('machinectl list').stdout