From 1d3b5b99f6bb4030dbf3ca7da4ff25a33c8e3f16 Mon Sep 17 00:00:00 2001 From: Francisco Trivino Date: Tue, 18 Oct 2022 16:16:22 +0200 Subject: [PATCH] Add docker compose CI --- .env | 4 + .github/workflows/docker-compose.yml | 25 +++++ data/configs/dnsmasq.conf | 27 +++++ data/configs/nm_enable_dnsmasq.conf | 2 + data/configs/nm_zone_test.conf | 6 ++ data/configs/openssl_ca.cfg | 16 +++ data/configs/openssl_sign_ca.ext | 4 + data/configs/openssl_sign_service.ext | 4 + docker-compose.yml | 141 ++++++++++++++++++++++++++ env.containers | 2 + env.example | 4 + 11 files changed, 235 insertions(+) create mode 100644 .env create mode 100644 .github/workflows/docker-compose.yml create mode 100644 data/configs/dnsmasq.conf create mode 100644 data/configs/nm_enable_dnsmasq.conf create mode 100644 data/configs/nm_zone_test.conf create mode 100644 data/configs/openssl_ca.cfg create mode 100644 data/configs/openssl_sign_ca.ext create mode 100644 data/configs/openssl_sign_service.ext create mode 100644 docker-compose.yml create mode 100644 env.containers create mode 100644 env.example diff --git a/.env b/.env new file mode 100644 index 00000000..803b0a30 --- /dev/null +++ b/.env @@ -0,0 +1,4 @@ +# This is the docker-compose environment file. +# Copy it to .env or use --env-file=env.example on docker-compose command. +REGISTRY=quay.io/ftrivino +TAG=latest diff --git a/.github/workflows/docker-compose.yml b/.github/workflows/docker-compose.yml new file mode 100644 index 00000000..146ad467 --- /dev/null +++ b/.github/workflows/docker-compose.yml @@ -0,0 +1,25 @@ +name: docker-compose-integration-tests +on: + pull_request: + push: + branches: [main] + +jobs: + docker: + timeout-minutes: 10 + runs-on: ubuntu-latest + + steps: + - name: Checkout + uses: actions/checkout@v1 + + - name: Start containers + run: docker-compose -f "docker-compose.yml" up -d --build + + - name: Install dependencies + run: | + pip install -r src/install/requirements.txt + + - name: Stop containers + if: always() + run: docker-compose -f "docker-compose.yml" down diff --git a/data/configs/dnsmasq.conf b/data/configs/dnsmasq.conf new file mode 100644 index 00000000..477f3e34 --- /dev/null +++ b/data/configs/dnsmasq.conf @@ -0,0 +1,27 @@ +# dnsmasq configuration for sssd containers +# +# This makes sure that all machines are accessible through DNS including +# SRV and PTR records. + +log-queries +log-facility=- +local=/test/ + +# These zones have their own DNS server +server=/ipa.test/172.16.100.10 +server=/samba.test/172.16.100.30 +server=/ad.test/172.16.200.10 + +# Add A records for LDAP and client machines +address=/master.ldap.test/172.16.100.20 +address=/client.test/172.16.100.40 + +# Add SRV record for LDAP +srv-host=_ldap._tcp.ldap.test,master.ldap.test,389 + +# Add PTR records for all machines +ptr-record=10.100.16.172.in-addr.arpa,master.ipa.test +ptr-record=20.100.16.172.in-addr.arpa,master.ldap.test +ptr-record=30.100.16.172.in-addr.arpa,dc.samba.test +ptr-record=40.100.16.172.in-addr.arpa,client.test +ptr-record=10.200.16.172.in-addr.arpa,dc.ad.test diff --git a/data/configs/nm_enable_dnsmasq.conf b/data/configs/nm_enable_dnsmasq.conf new file mode 100644 index 00000000..53a8b172 --- /dev/null +++ b/data/configs/nm_enable_dnsmasq.conf @@ -0,0 +1,2 @@ +[main] +dns=dnsmasq diff --git a/data/configs/nm_zone_test.conf b/data/configs/nm_zone_test.conf new file mode 100644 index 00000000..10374418 --- /dev/null +++ b/data/configs/nm_zone_test.conf @@ -0,0 +1,6 @@ +# dnsmasq configuration for sssd-ci +# +# This makes sure that all machines are accessible through DNS including +# SRV and PTR records. + +server=/test/172.16.100.2 diff --git a/data/configs/openssl_ca.cfg b/data/configs/openssl_ca.cfg new file mode 100644 index 00000000..38c867ce --- /dev/null +++ b/data/configs/openssl_ca.cfg @@ -0,0 +1,16 @@ +[req] +default_bits = 4096 +default_md = sha256 +encrypt_key = no +prompt = no +utf8 = yes +distinguished_name = distinguished_name +x509_extensions = ca_extensions + +[ distinguished_name ] + +[ ca_extensions ] +authorityKeyIdentifier=keyid,issuer +basicConstraints=CA:TRUE +keyUsage = keyCertSign,cRLSign +subjectKeyIdentifier=hash diff --git a/data/configs/openssl_sign_ca.ext b/data/configs/openssl_sign_ca.ext new file mode 100644 index 00000000..b1b4d7de --- /dev/null +++ b/data/configs/openssl_sign_ca.ext @@ -0,0 +1,4 @@ +authorityKeyIdentifier=keyid,issuer +basicConstraints=CA:TRUE +keyUsage = keyCertSign,cRLSign +subjectKeyIdentifier=hash diff --git a/data/configs/openssl_sign_service.ext b/data/configs/openssl_sign_service.ext new file mode 100644 index 00000000..c0de9089 --- /dev/null +++ b/data/configs/openssl_sign_service.ext @@ -0,0 +1,4 @@ +authorityKeyIdentifier=keyid,issuer +basicConstraints=CA:FALSE +keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment +subjectKeyIdentifier=hash diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 00000000..401b7c30 --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,141 @@ +services: + dns: + restart: always + image: ${REGISTRY}/ci-dns:latest + container_name: dns + env_file: ./env.containers + volumes: + - ./data/configs/dnsmasq.conf:/etc/dnsmasq.conf + cap_add: + - NET_RAW + - NET_ADMIN + security_opt: + - apparmor=unconfined + - label=disable + - seccomp=unconfined + networks: + sssd: + ipv4_address: 172.16.100.2 + + ipa: + image: ${REGISTRY}/ci-ipa:${TAG} + container_name: ipa + hostname: master.ipa.test + dns: 172.16.100.2 + env_file: ./env.containers + volumes: + - ./shared:/shared:rw + cap_add: + - SYS_ADMIN + - SYS_PTRACE + - AUDIT_WRITE + security_opt: + - apparmor=unconfined + - label=disable + - seccomp=unconfined + networks: + sssd: + ipv4_address: 172.16.100.10 + + keycloak: + image: ${REGISTRY}/keycloak:${TAG} + container_name: keycloak + hostname: master.keycloak.test + dns: 172.16.100.2 + env_file: ./env.containers + volumes: + - ./shared:/shared:rw + cap_add: + - SYS_ADMIN + - SYS_PTRACE + - AUDIT_WRITE + security_opt: + - apparmor=unconfined + - label=disable + - seccomp=unconfined + networks: + sssd: + ipv4_address: 172.16.100.11 + nextcloud: + image: ${REGISTRY}/nextcloud:${TAG} + container_name: nextcloud + hostname: master.nextcloud.test + dns: 172.16.100.2 + env_file: ./env.containers + volumes: + - ./shared:/shared:rw + cap_add: + - SYS_ADMIN + - SYS_PTRACE + - AUDIT_WRITE + security_opt: + - apparmor=unconfined + - label=disable + - seccomp=unconfined + networks: + sssd: + ipv4_address: 172.16.100.12 + mariadb: + image: ${REGISTRY}/mariadb:${TAG} + container_name: mariadb + hostname: master.mariadb.test + dns: 172.16.100.2 + env_file: ./env.containers + volumes: + - ./shared:/shared:rw + cap_add: + - SYS_ADMIN + - SYS_PTRACE + - AUDIT_WRITE + security_opt: + - apparmor=unconfined + - label=disable + - seccomp=unconfined + networks: + sssd: + ipv4_address: 172.16.100.13 + ldap: + image: ${REGISTRY}/ci-ldap:${TAG} + container_name: ldap + hostname: master.ldap.test + dns: 172.16.100.2 + env_file: ./env.containers + volumes: + - ./shared:/shared:rw + cap_add: + - SYS_PTRACE + - AUDIT_WRITE + security_opt: + - apparmor=unconfined + - label=disable + - seccomp=unconfined + networks: + sssd: + ipv4_address: 172.16.100.20 + client: + image: ${REGISTRY}/ci-client:${TAG} + container_name: client + hostname: client.test + dns: 172.16.100.2 + env_file: ./env.containers + volumes: + - ./shared:/shared:rw + cap_add: + - SYS_ADMIN + - SYS_PTRACE + - AUDIT_WRITE + security_opt: + - apparmor=unconfined + - label=disable + - seccomp=unconfined + networks: + sssd: + ipv4_address: 172.16.100.40 +networks: + sssd: + name: sssd-ci + driver: bridge + ipam: + config: + - subnet: 172.16.100.0/24 + gateway: 172.16.100.1 diff --git a/env.containers b/env.containers new file mode 100644 index 00000000..87a732e7 --- /dev/null +++ b/env.containers @@ -0,0 +1,2 @@ +# Environment variables set in all started containers +CONTAINER=yes diff --git a/env.example b/env.example new file mode 100644 index 00000000..803b0a30 --- /dev/null +++ b/env.example @@ -0,0 +1,4 @@ +# This is the docker-compose environment file. +# Copy it to .env or use --env-file=env.example on docker-compose command. +REGISTRY=quay.io/ftrivino +TAG=latest