Role rework plus deployment tests (#116)

* Role-rework

* Update readme.

.circleci/config.yml

@@ -120,6 +120,20 @@ jobs:
           key: initialize-{{ .Environment.CIRCLE_SHA1 }}
       - run: yarn workspace ui run coverage
       - run: yarn workspace ui run coveralls
+  deployment:
+    machine:
+      image: circleci/classic:latest
+      docker_layer_caching: true
+    steps:
+      - checkout
+      - run: git submodule update --init
+      - run: sudo add-apt-repository ppa:jonathonf/python-3.6 -y
+      - run: sudo apt-get update
+      - run: sudo apt-get install python3.6 -y
+      - run: sudo apt-get install python3-pip python3.6-dev -y
+      - run: cd deployment && virtualenv -p python3.6 venv
+      - run: cd deployment && source venv/bin/activate && pip install -r requirements.txt
+      - run: cd deployment && source venv/bin/activate && molecule test
 workflows:
   version: 2
   tokenbridge:
@@ -148,3 +162,4 @@ workflows:
       - oracle-e2e
       - ui-e2e
       - monitor-e2e
+      - deployment

.gitignore

@@ -43,6 +43,8 @@ hosts
 Vagrantfile
 vagrant-hosts.yml
 .vagrant
+deployment/venv
+__pycache__
 
 #monitor
 monitor/responses/*

deployment/.yamllint

@@ -0,0 +1,11 @@
+extends: default
+
+rules:
+  braces:
+    max-spaces-inside: 1
+    level: error
+  brackets:
+    max-spaces-inside: 1
+    level: error
+  line-length: disable
+  truthy: disable

deployment/CONFIGURATION.md

@@ -25,11 +25,13 @@ cp hosts.yml.example hosts.yml
 
 ```yaml
 <bridge_name>:
-    hosts:
+  children:
+    oracle:
+      hosts:
         <host_ip>:
-            ansible_user: <user>
-            VALIDATOR_ADDRESS_PRIVATE_KEY: "<private_key>"
-            #syslog_server_port: "<protocol>://<ip>:<port>" # When this parameter is set all bridge logs will be redirected to <ip>:<port> address.
+          ansible_user: <user>
+          VALIDATOR_ADDRESS_PRIVATE_KEY: "<private_key>"
+          #syslog_server_port: "<protocol>://<ip>:<port>" # When this parameter is set all bridge logs will be redirected to <ip>:<port> address.
 ```
 
 | Value | Description |

deployment/README.md

@@ -14,11 +14,9 @@ Please refer to [Configuration](./CONFIGURATION.md).
 
 Please refer to [Execution](./EXECUTION.md).
 
-## Linting
+## Testing
 
-- [ansible-lint](https://github.com/ansible/ansible-lint) is required
-
-`yarn ansible-lint`
+Please refer to [Testing](./TESTING.md).
 
 ## Contributing
 

deployment/TESTING.md

@@ -0,0 +1,24 @@
+# POA Token Bridge / Deployment Testing
+
+The deployment playbooks are tested using [Molecule](https://molecule.readthedocs.io).
+
+## Prepare virtual python environment
+
+```
+command -v virtualenv || pip3 install virtualenv
+virtualenv -p python3 venv
+source venv/bin/activate
+pip install -r requirements.txt
+```
+
+## Run the tests
+
+```
+molecule test
+```
+
+## Exit the virtual environment
+
+```
+deactivate
+```

deployment/hosts.yml.example

@@ -1,6 +1,8 @@
 sokol-kovan:
-    hosts:
+  children:
+    oracle:
+      hosts:
         127.0.0.1:
-            ansible_user: ubuntu
-            VALIDATOR_ADDRESS_PRIVATE_KEY: "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" 
-            #syslog_server_port: "udp://127.0.0.1:514"
+          ansible_user: ubuntu
+          VALIDATOR_ADDRESS_PRIVATE_KEY: "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" 
+          #syslog_server_port: "udp://127.0.0.1:514"

deployment/molecule/default/Dockerfile.j2

@@ -0,0 +1,14 @@
+# Molecule managed
+
+{% if item.registry is defined %}
+FROM {{ item.registry.url }}/{{ item.image }}
+{% else %}
+FROM {{ item.image }}
+{% endif %}
+
+RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \
+    elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python*-dnf bash && dnf clean all; \
+    elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl bash && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \
+    elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml && zypper clean -a; \
+    elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates; \
+    elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates && xbps-remove -O; fi

deployment/molecule/default/molecule.yml

@@ -0,0 +1,49 @@
+---
+dependency:
+  name: galaxy
+driver:
+  name: docker
+lint:
+  name: yamllint
+  enabled: False
+platforms:
+  - name: oracle-host
+    groups:
+      - example
+    children:
+      - oracle
+    image: ubuntu:16.04
+    privileged: true
+    network_mode: host
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+provisioner:
+  name: ansible
+  lint:
+    name: ansible-lint
+    enabled: False
+  playbooks:
+    prepare: prepare.yml
+    converge: ../../site.yml
+  inventory:
+    host_vars:
+      oracle-host:
+        VALIDATOR_ADDRESS_PRIVATE_KEY: "8e829f695aed89a154550f30262f1529582cc49dc30eff74a6b491359e0230f9" 
+        syslog_server_port: "udp://127.0.0.1:514"
+verifier:
+  name: testinfra
+  lint:
+    name: flake8
+scenario:
+  name: default
+  test_sequence:
+    - lint
+    - cleanup
+    - destroy
+    - dependency
+    - syntax
+    - create
+    - prepare
+    - converge
+    - verify
+    - destroy

deployment/molecule/default/prepare.yml

@@ -0,0 +1,13 @@
+---
+- name: prepare
+  hosts: all
+  tasks:
+    - name: install apt packages
+      apt:
+        name: "{{ packages }}"
+      vars:
+        packages:
+        - apt-transport-https
+        - rsyslog
+    - shell: service rsyslog start
+    - shell: groupadd docker && chgrp docker /var/run/docker.sock

deployment/molecule/default/tests/test_all.py

@@ -0,0 +1,20 @@
+import os
+import testinfra.utils.ansible_runner
+
+testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
+    os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all')
+
+
+def test_repo(host):
+    assert host.file('/home/poadocker/bridge').exists
+    assert host.file('/home/poadocker/bridge').is_directory
+    assert host.file('/home/poadocker/bridge/package.json').exists
+
+
+def test_docker_group(host):
+    assert host.group('docker').exists
+
+
+def test_user(host):
+    assert host.user('poadocker').exists
+    assert 'docker' in host.user('poadocker').groups

deployment/molecule/default/tests/test_oracle.py

@@ -0,0 +1,37 @@
+import os
+import pytest
+import testinfra.utils.ansible_runner
+
+testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
+    os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('oracle')
+
+
+@pytest.mark.parametrize("name", [
+    ("oracle_rabbit_1"),
+    ("oracle_redis_1"),
+    ("oracle_bridge_request_1"),
+    ("oracle_bridge_collected_1"),
+    ("oracle_bridge_affirmation_1"),
+    ("oracle_bridge_senderhome_1"),
+    ("oracle_bridge_senderforeign_1"),
+])
+def test_docker_containers(host, name):
+    container = host.docker(name)
+    assert container.is_running
+
+
+@pytest.mark.parametrize("service", [
+    ("poabridge"),
+    ("rsyslog")
+])
+def test_services(host, service):
+    assert host.service(service).is_enabled
+    assert host.service(service).is_running
+
+
+def test_remote_logging(host):
+    assert host.file('/etc/rsyslog.d/35-remote-logging.conf').exists
+
+
+def test_docker_config(host):
+    assert host.file('/etc/docker/daemon.json').exists

deployment/requirements.txt

@@ -0,0 +1,4 @@
+# pre-release because it contains "CI Fixes for ansible 2.8"
+molecule==2.22rc1
+docker
+flake8

deployment/roles/common/defaults/main.yml

@@ -1,3 +1,5 @@
+docker_compose_version: 1.23.2
+compose_service_user: poadocker
 bridge_path: "/home/{{ compose_service_user }}/bridge"
 bridge_repo: https://github.com/poanetwork/tokenbridge.git
 bridge_repo_branch: master

deployment/roles/common/tasks/dependencies.yml

@@ -67,7 +67,7 @@
 - name: Configure docker engine
   copy:
     src: daemon.json
-    dest: /etc/docker/daemon.json
+    dest: /etc/docker/
     owner: root
     group: root
     mode: 0640

deployment/roles/common/tasks/main.yml

@@ -0,0 +1,3 @@
+- include_tasks: python.yml
+- include_tasks: dependencies.yml
+- include_tasks: repo.yml

deployment/roles/common/tasks/python.yml

@@ -0,0 +1,2 @@
+- name: Install python if necessary
+  raw: "test -e {{ ansible_python_interpreter | default ('/usr/bin/python') }} || (sudo apt -y update && sudo apt install -y python-minimal)"

deployment/roles/dependencies/README.md

@@ -1,17 +0,0 @@
-This role installs required dependencies:
-
-* apt-transport-https
-
-* ca-certificates
-
-* curl
-
-* software-properties-common
-
-* docker-ce (+python library)
-
-* docker-compose (+python library)
-
-* git
-
-* python-pip

deployment/roles/dependencies/defaults/main.yml

@@ -1,2 +0,0 @@
-docker_compose_version: 1.22.0
-compose_service_user: poadocker

deployment/roles/jumpbox/README.md

@@ -1 +0,0 @@
-This role brings up a docker container using docker-compose.

deployment/roles/jumpbox/defaults/main.yml

@@ -1 +0,0 @@
-bridge_path: "/home/{{ compose_service_user }}/bridge"

deployment/roles/logging/README.md

@@ -1 +0,0 @@
-This role sets up remote logging for services.

deployment/roles/logging/defaults/main.yml

@@ -1,2 +0,0 @@
-bridge_path: "/home/{{ compose_service_user }}/bridge"
-syslog_server_port: udp://127.0.0.1:514

deployment/roles/oracle/defaults/main.yml

@@ -1,6 +1,7 @@
 bridge_path: "/home/{{ compose_service_user }}/bridge"
-
 ALLOW_HTTP: no
 QUEUE_URL: amqp://rabbit
 REDIS_URL: redis://redis
 REDIS_LOCK_TTL: 1000
+syslog_server_port: udp://127.0.0.1:514
+keyfile_path: "/root/.key"

deployment/roles/oracle/meta/main.yml

@@ -0,0 +1,2 @@
+dependencies:
+  - role: common

deployment/roles/oracle/tasks/main.yml

@@ -0,0 +1,5 @@
+- include_tasks: pre_config.yml
+- include_tasks: jumpbox.yml
+- include_tasks: post_config.yml
+- include_tasks: logging.yml
+- include_tasks: servinstall.yml

deployment/roles/oracle/tasks/servinstall.yml

@@ -0,0 +1,17 @@
+# This role creates a poabridge service which is designed to manage docker-compose bridge deployment.
+# /etc/init.d/poabridge start, status, stop, restart - does what the services usually do in such cases.
+# /etc/init.d/poabridge rebuild - builds a new bridge deployment from scratch.
+---
+- name: "Set poabridge service"
+  template:
+    src: poabridge.j2
+    dest: "/etc/init.d/poabridge"
+    owner: root
+    mode: 755
+    
+- name: "Start/Enable poabridge service"
+  service:
+    name: "poabridge"
+    state: started
+    enabled: yes
+    use: service

deployment/roles/post_config/README.md

@@ -1 +0,0 @@
-This role gets the start blocks for both home and foreign networks.

deployment/roles/post_config/defaults/main.yml

@@ -1 +0,0 @@
-bridge_path: "/home/{{ compose_service_user }}/bridge"

deployment/roles/pre_config/README.md

@@ -1 +0,0 @@
-This role sets the .env config (excluding starting blocks).

deployment/roles/repo/README.md

@@ -1 +0,0 @@
-This role clones the repo from a specified URL. 

deployment/roles/servinstall/README.md

@@ -1,5 +0,0 @@
-This role creates a poabridge service which is designed to manage docker-compose bridge deployment.
-
-/etc/init.d/poabridge start, status, stop, restart - does what the services usually do in such cases.
-
-/etc/init.d/poabridge rebuild - builds a new bridge deployment from scratch.

deployment/roles/servinstall/defaults/main.yml

@@ -1,4 +0,0 @@
----
-# defaults
-bridge_path: "/home/{{ compose_service_user }}/bridge"
-keyfile_path: "/root/.key"

deployment/roles/servinstall/tasks/main.yml

@@ -1,14 +0,0 @@
----
-- name: "Set poabridge service"
-  template:
-    src: poabridge.j2
-    dest: "/etc/init.d/poabridge"
-    owner: root
-    mode: 755
-    
-- name: "Start/Enable poabridge service"
-  service:
-    name: "poabridge"
-    state: started
-    enabled: yes
-    use: service

deployment/site.yml

@@ -1,19 +1,5 @@
-- name: Install python if necessary
-  hosts: all
-  gather_facts: false
+- name: Install Oracle
+  hosts: oracle
   become: true
-  tasks:
-    - name: Install python
-      raw: "test -e {{ ansible_python_interpreter | default ('/usr/bin/python') }} || (sudo apt -y update && sudo apt install -y python-minimal)"
-  tags: install_dependencies
-
-- name: Install bridge
-  hosts: all
   roles: 
-    - { role: dependencies, tags: install_dependencies, become: true }
-    - { role: repo, tags: clone_repo, become: true }
-    - { role: pre_config, tags: pre_config, become: true }
-    - { role: jumpbox, tags: launch_jumpbox, become: true }
-    - { role: post_config, tags: post_config, become: true }
-    - { role: logging, tags: set_logging, become: true}
-    - { role: servinstall, tags: install_service, become: true }
+    - { role: oracle }