summaryrefslogtreecommitdiffstats
path: root/test
diff options
context:
space:
mode:
authorMatt Clay <matt@mystile.com>2024-06-25 17:42:51 +0200
committerGitHub <noreply@github.com>2024-06-25 17:42:51 +0200
commit8f1fddb161559c0ff1ee92263d8229c6d5d7355c (patch)
treec40f1a28e7a6d195d11339343819a46a907b4f6f /test
parentlinear strategy, show templated task name on start (#83473) (diff)
downloadansible-8f1fddb161559c0ff1ee92263d8229c6d5d7355c.tar.xz
ansible-8f1fddb161559c0ff1ee92263d8229c6d5d7355c.zip
Enable Ubuntu 24.04 group 6 in CI (#83466)
* Enable Ubuntu 24.04 group 6 in CI * Disable rootfull Podman on Ubuntu * Disable unix-chkpwd AppArmor profile on Ubuntu for Fedora 40 tests * Document AppArmor and rootfull issues
Diffstat (limited to 'test')
-rwxr-xr-xtest/integration/targets/ansible-test-container/runme.py25
1 files changed, 23 insertions, 2 deletions
diff --git a/test/integration/targets/ansible-test-container/runme.py b/test/integration/targets/ansible-test-container/runme.py
index b29e18344d..98e78d97e8 100755
--- a/test/integration/targets/ansible-test-container/runme.py
+++ b/test/integration/targets/ansible-test-container/runme.py
@@ -181,6 +181,11 @@ def get_test_scenarios() -> list[TestScenario]:
# See: https://access.redhat.com/solutions/6816771
enable_sha1 = os_release.id == 'rhel' and os_release.version_id.startswith('9.') and container_name == 'centos6'
+ # Starting with Fedora 40, use of /usr/sbin/unix-chkpwd fails under Ubuntu 24.04 due to AppArmor.
+ # This prevents SSH logins from completing due to unix-chkpwd failing to look up the user with getpwnam.
+ # Disabling the 'unix-chkpwd' profile works around the issue, but does not solve the underlying problem.
+ disable_apparmor_profile_unix_chkpwd = engine == 'podman' and os_release.id == 'ubuntu' and container_name == 'fedora40'
+
cgroup_version = get_docker_info(engine).cgroup_version
user_scenarios = [
@@ -189,14 +194,17 @@ def get_test_scenarios() -> list[TestScenario]:
]
if engine == 'podman':
- user_scenarios.append(UserScenario(ssh=ROOT_USER))
+ if os_release.id not in ('ubuntu',):
+ # rootfull podman is not supported by all systems
+ user_scenarios.append(UserScenario(ssh=ROOT_USER))
# TODO: test podman remote on Alpine and Ubuntu hosts
# TODO: combine remote with ssh using different unprivileged users
if os_release.id not in ('alpine', 'ubuntu'):
user_scenarios.append(UserScenario(remote=unprivileged_user))
- if LOGINUID_MISMATCH:
+ if LOGINUID_MISMATCH and os_release.id not in ('ubuntu',):
+ # rootfull podman is not supported by all systems
user_scenarios.append(UserScenario())
for user_scenario in user_scenarios:
@@ -225,6 +233,7 @@ def get_test_scenarios() -> list[TestScenario]:
enable_sha1=enable_sha1,
debug_systemd=debug_systemd,
probe_cgroups=probe_cgroups,
+ disable_apparmor_profile_unix_chkpwd=disable_apparmor_profile_unix_chkpwd,
)
)
@@ -319,6 +328,10 @@ def run_test(scenario: TestScenario) -> TestResult:
if scenario.enable_sha1:
run_command('update-crypto-policies', '--set', 'DEFAULT:SHA1')
+ if scenario.disable_apparmor_profile_unix_chkpwd:
+ os.symlink('/etc/apparmor.d/unix-chkpwd', '/etc/apparmor.d/disable/unix-chkpwd')
+ run_command('apparmor_parser', '-R', '/etc/apparmor.d/unix-chkpwd')
+
for test_command in test_commands:
def run_test_command() -> SubprocessResult:
if os_release.id == 'alpine' and scenario.user_scenario.actual.name != 'root':
@@ -341,6 +354,10 @@ def run_test(scenario: TestScenario) -> TestResult:
message = str(ex)
display.error(f'{scenario} {message}')
finally:
+ if scenario.disable_apparmor_profile_unix_chkpwd:
+ os.unlink('/etc/apparmor.d/disable/unix-chkpwd')
+ run_command('apparmor_parser', '/etc/apparmor.d/unix-chkpwd')
+
if scenario.enable_sha1:
run_command('update-crypto-policies', '--set', 'DEFAULT')
@@ -600,6 +617,7 @@ class TestScenario:
enable_sha1: bool
debug_systemd: bool
probe_cgroups: bool
+ disable_apparmor_profile_unix_chkpwd: bool
@property
def tags(self) -> tuple[str, ...]:
@@ -620,6 +638,9 @@ class TestScenario:
if self.enable_sha1:
tags.append('sha1: enabled')
+ if self.disable_apparmor_profile_unix_chkpwd:
+ tags.append('apparmor(unix-chkpwd): disabled')
+
return tuple(tags)
@property