Merge "Remove haproxy validation from validations-common"

2021-06-29 23:05:41 +00:00 · 2021-06-29 23:05:41 +00:00 · 7395ec86f3
commit 7395ec86f3
parent fb29b03c1f e6c6cc8b53
11 changed files with 0 additions and 368 deletions
--- a/.zuul.yaml
+++ b/.zuul.yaml
@ -107,7 +107,6 @@
        - validations-common-centos-8-molecule-advanced_format_512e_support
        - validations-common-centos-8-molecule-check_latest_packages_version
        - validations-common-centos-8-molecule-dns
        - validations-common-centos-8-molecule-haproxy
        - validations-common-centos-8-molecule-ntp
        - validations-common-centos-8-molecule-service_status
        - validations-common-centos-8-molecule-check_cpu
@ -120,7 +119,6 @@
      jobs:
        - validations-common-centos-8-molecule-check_latest_packages_version
        - validations-common-centos-8-molecule-dns
        - validations-common-centos-8-molecule-haproxy
        - validations-common-centos-8-molecule-check_cpu
        - validations-common-centos-8-molecule-check_disk_space
        - validations-common-centos-8-molecule-check_ram
@ -185,17 +183,6 @@
    parent: validations-common-centos-8-base
    vars:
      validations_common_role_name: dns
 - job:
    files:
      - ^validations_common/roles/haproxy/.*
      - ^tests/prepare-test-host.yml
      - ^playbooks/molecule/pre.yml
      - ^playbooks/molecule/run.yml
      - ^molecule-requirements.txt
    name: validations-common-centos-8-molecule-haproxy
    parent: validations-common-centos-8-base
    vars:
      validations_common_role_name: haproxy
 - job:
    files:
      - ^validations_common/roles/check_cpu/.*
--- a/doc/source/modules/modules-haproxy_conf.rst
+++ b/doc/source/modules/modules-haproxy_conf.rst
@ -1,14 +0,0 @@
 =====================
 Module - haproxy_conf
 =====================
 This module provides for the following ansible plugin:
    * haproxy_conf
 .. ansibleautoplugin::
   :module: validations_common/library/haproxy_conf.py
   :documentation: true
   :examples: true
--- a/doc/source/roles/role-haproxy.rst
+++ b/doc/source/roles/role-haproxy.rst
@ -1,6 +0,0 @@
 =======
 haproxy
 =======
 .. ansibleautoplugin::
   :role: validations_common/roles/haproxy
--- a/validations_common/library/haproxy_conf.py
+++ b/validations_common/library/haproxy_conf.py
@ -1,87 +0,0 @@
 # -*- coding: utf-8 -*-
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
 #    http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
 # implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 import re
 from ansible.module_utils.basic import AnsibleModule
 from yaml import safe_load as yaml_safe_load
 DOCUMENTATION = '''
 ---
 module: haproxy_conf
 short_description: Gather the HAProxy config
 description:
    - Gather the HAProxy config
 options:
    path:
        required: true
        description:
            - file path to the config file
        type: str
 author: "Tomas Sedovic"
 '''
 EXAMPLES = '''
 - hosts: webservers
  tasks:
    - name: Gather the HAProxy config
      haproxy_conf: path=/etc/haproxy/haproxy.cfg
 '''
 # ConfigParser chokes on both mariadb and haproxy files. Luckily They have
 # a syntax approaching ini config file so they are relatively easy to parse.
 # This generic ini style config parser is not perfect -- it can ignore some
 # valid options --  but good enough for our use case.
 def generic_ini_style_conf_parser(file_path, section_regex, option_regex):
    config = {}
    current_section = None
    with open(file_path) as config_file:
        for line in config_file:
            match_section = re.match(section_regex, line)
            if match_section:
                current_section = match_section.group(1)
                config[current_section] = {}
            match_option = re.match(option_regex, line)
            if match_option and current_section:
                option = re.sub(r'\s+', ' ', match_option.group(1))
                config[current_section][option] = match_option.group(2)
    return config
 def parse_haproxy_conf(file_path):
    section_regex = r'^(\w+)'
    option_regex = r'^(?:\s+)(\w+(?:\s+\w+)*?)\s+([\w/]*)$'
    return generic_ini_style_conf_parser(file_path, section_regex,
                                         option_regex)
 def main():
    module = AnsibleModule(
        argument_spec=yaml_safe_load(DOCUMENTATION)['options']
    )
    haproxy_conf_path = module.params.get('path')
    try:
        config = parse_haproxy_conf(haproxy_conf_path)
    except IOError:
        module.fail_json(msg="Could not open the haproxy conf file at: '%s'" %
                         haproxy_conf_path)
    module.exit_json(changed=False, ansible_facts={u'haproxy_conf': config})
 if __name__ == '__main__':
    main()
--- a/validations_common/playbooks/haproxy.yaml
+++ b/validations_common/playbooks/haproxy.yaml
@ -1,17 +0,0 @@
 ---
 - hosts: all
  vars:
    metadata:
      name: HAProxy configuration
      description: Verify the HAProxy configuration has recommended values.
      groups:
        - post-deployment
    config_file: '/var/lib/config-data/puppet-generated/haproxy/etc/haproxy/haproxy.cfg'
    global_maxconn_min: 20480
    defaults_maxconn_min: 4096
    defaults_timeout_queue: '2m'
    defaults_timeout_client: '2m'
    defaults_timeout_server: '2m'
    defaults_timeout_check: '10s'
  roles:
    - haproxy
--- a/validations_common/roles/haproxy/README.md
+++ b/validations_common/roles/haproxy/README.md
@ -1,42 +0,0 @@
 haproxy
 =======
 An Ansible role to check if the HAProxy configuration has recommended values.
 Requirements
 ------------
 This role requires an Up and Running Overcloud
 Role Variables
 --------------
 - config_file: '/var/lib/config-data/puppet-generated/haproxy/etc/haproxy/haproxy.cfg'
 - global_maxconn_min: 20480
 - defaults_maxconn_min: 4096
 - defaults_timeout_queue: '2m'
 - defaults_timeout_client: '2m'
 - defaults_timeout_server: '2m'
 - defaults_timeout_check: '10s'
 Dependencies
 ------------
 No dependencies
 Example Playbook
 ----------------
    - hosts: undercloud
      roles:
         - { role: haproxy }
 License
 -------
 Apache
 Author Information
 ------------------
 Red Hat TripleO Validations Team.
--- a/validations_common/roles/haproxy/defaults/main.yml
+++ b/validations_common/roles/haproxy/defaults/main.yml
@ -1,8 +0,0 @@
 ---
 haproxy_config_file: '/var/lib/config-data/puppet-generated/haproxy/etc/haproxy/haproxy.cfg'
 global_maxconn_min: 20480
 defaults_maxconn_min: 4096
 defaults_timeout_queue: '2m'
 defaults_timeout_client: '2m'
 defaults_timeout_server: '2m'
 defaults_timeout_check: '10s'
--- a/validations_common/roles/haproxy/molecule/default/converge.yml
+++ b/validations_common/roles/haproxy/molecule/default/converge.yml
@ -1,71 +0,0 @@
 ---
 # Copyright 2019 Red Hat, Inc.
 # All Rights Reserved.
 #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may
 # not use this file except in compliance with the License. You may obtain
 # a copy of the License at
 #
 #     http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
 # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
 # License for the specific language governing permissions and limitations
 # under the License.
 - name: Converge
  hosts: all
  gather_facts: false
  vars:
    haproxy_config_file: /haproxy.cfg
  tasks:
    - name: create haproxy config file
      copy:
        dest: /haproxy.cfg
        content: |
          # This file managed by Puppet
          global
            daemon
            group  haproxy
            log  /dev/log local0
            maxconn  100
            pidfile  /var/run/haproxy.pid
            ssl-default-bind-ciphers  !SSLv2:kEECDH:kRSA:kEDH:kPSK:+3DES:!aNULL:!eNULL:!MD5:!EXP:!RC4:!SEED:!IDEA:!DES
            ssl-default-bind-options  no-sslv3 no-tlsv10
            stats  socket /var/lib/haproxy/stats mode 600 level user
            stats  timeout 1s
            user  haproxy
          defaults
            log  global
            maxconn  100
            mode  tcp
            retries  1
            timeout  http-request 1s
            timeout  queue 1s
            timeout  connect 1s
            timeout  client 1s
            timeout  server 1s
            timeout  check 1s
    - block:
        - include_role:
            name: haproxy
      rescue:
        - name: Clear host errors
          meta: clear_host_errors
        - debug:
            msg: The validation works! End the playbook run
        - name: End play
          meta: end_play
    - name: Fail the test
      fail:
        msg: |
          The haproxy role should have detected issues within haproxy
          configuration file!
--- a/validations_common/roles/haproxy/molecule/default/molecule.yml
+++ b/validations_common/roles/haproxy/molecule/default/molecule.yml
@ -1,3 +0,0 @@
 ---
 # inherits tripleo-validations/.config/molecule/config.yml
 # To override default values, please take a look at the config.yml.
--- a/validations_common/roles/haproxy/tasks/main.yml
+++ b/validations_common/roles/haproxy/tasks/main.yml
@ -1,51 +0,0 @@
 ---
 - name: Gather the HAProxy config
  become: true
  haproxy_conf:
    path: "{{ haproxy_config_file }}"
 - name: Verify global maxconn
  fail:
    msg: >-
      The 'global maxconn' value '{{ haproxy_conf.global.maxconn }}'
      must be greater than {{ global_maxconn_min }}
  failed_when: haproxy_conf.global.maxconn|int < global_maxconn_min
 - name: Verify defaults maxconn
  fail:
    msg: >-
      The 'defaults maxconn' value '{{ haproxy_conf.defaults.maxconn }}'
      must be greater than {{ defaults_maxconn_min }}
  failed_when: haproxy_conf.defaults.maxconn|int < defaults_maxconn_min
 - name: Verify defaults timeout queue
  fail:
    msg: >-
      The 'timeout queue' option in 'defaults' is
      '{{ haproxy_conf.defaults['timeout queue'] }}',
      but must be set to {{ defaults_timeout_queue }}
  failed_when: "haproxy_conf.defaults['timeout queue'] != defaults_timeout_queue"
 - name: Verify defaults timeout client
  fail:
    msg: >-
      The 'timeout client' option in 'defaults' is
      '{{ haproxy_conf.defaults['timeout client'] }}',
      but must be set to {{ defaults_timeout_client }}
  failed_when: "haproxy_conf.defaults['timeout client'] != defaults_timeout_client"
 - name: Verify defaults timeout server
  fail:
    msg: >-
      The 'timeout server' option in 'defaults' is
      '{{ haproxy_conf.defaults['timeout server'] }}',
      but must be set to {{ defaults_timeout_server }}
  failed_when: "haproxy_conf.defaults['timeout server'] != defaults_timeout_server"
 - name: Verify defaults timeout check
  fail:
    msg: >-
      The 'timeout check' option in 'defaults' is
      '{{ haproxy_conf.defaults['timeout check'] }}',
      but must be set to {{ defaults_timeout_check }}
  failed_when: "haproxy_conf.defaults['timeout check'] != defaults_timeout_check"
--- a/validations_common/tests/library/test_haproxy_conf.py
+++ b/validations_common/tests/library/test_haproxy_conf.py
@ -1,56 +0,0 @@
 # -*- coding: utf-8 -*-
 # Licensed under the Apache License, Version 2.0 (the "License"); you may
 # not use this file except in compliance with the License. You may obtain
 # a copy of the License at
 #
 #      http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
 # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
 # License for the specific language governing permissions and limitations
 # under the License.
 try:
    from unittest import mock
 except ImportError:
    import mock
 from validations_common.tests import base
 from validations_common.tests import fakes
 from validations_common.library import haproxy_conf
 class TestHaproxyConf(base.TestCase):
    def setUp(self):
        super(TestHaproxyConf, self).setUp()
        self.h_conf = haproxy_conf
    @mock.patch('validations_common.library.haproxy_conf.generic_ini_style_conf_parser')
    def test_parse_haproxy_conf(self, mock_generic_ini_style_conf_parser):
        """ Despite the appearences this test is not using regex at all.
        These are merely raw strings, that it asserts are passed to the `generic_ini_style_conf_parser`.
        From the pov of the test it is irrelevant what form they have.
        It's the `generic_ini_style_conf_parser` function that is supposed to receive these strings as arguments.
        Test is merely checking that the code immediately preceding it's call does what it should do.
        The regexes are finally used for parsing haproxy.cfg, which has a rather vague syntax.
        In short: The regexes are supposed to match all possibilities described here, and some more:
        https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/load_balancer_administration/ch-haproxy-setup-vsa
        """
        file_path = './foo/bar'
        args = {
            'file_path': file_path,
            'section_regex': r'^(\w+)',
            'option_regex': r'^(?:\s+)(\w+(?:\s+\w+)*?)\s+([\w/]*)$'
        }
        self.h_conf.parse_haproxy_conf(file_path)
        mock_generic_ini_style_conf_parser.assert_called_once_with(
            args['file_path'],
            args['section_regex'],
            args['option_regex']
        )