From 9bd9592c2611ae7826a7e4af7920894f7372b422 Mon Sep 17 00:00:00 2001 From: Brian Veltman <2551674+brianveltman@users.noreply.github.com> Date: Tue, 12 Nov 2024 14:57:42 -1000 Subject: [PATCH 1/2] Podman support adds podman support for molecule in the nexus3_config_api repo Add test data for default scenario --- molecule/default-podman/converge.yml | 3 + molecule/default-podman/prepare.yml | 123 +++++++++++++++++++++++++++ molecule/default/group_vars/all.yml | 63 +++++++++++--- 3 files changed, 179 insertions(+), 10 deletions(-) create mode 100644 molecule/default-podman/converge.yml create mode 100644 molecule/default-podman/prepare.yml diff --git a/molecule/default-podman/converge.yml b/molecule/default-podman/converge.yml new file mode 100644 index 0000000..17d904d --- /dev/null +++ b/molecule/default-podman/converge.yml @@ -0,0 +1,3 @@ +--- +- name: Import default converge playbook + import_playbook: ../playbook.yml diff --git a/molecule/default-podman/prepare.yml b/molecule/default-podman/prepare.yml new file mode 100644 index 0000000..ebcb7a2 --- /dev/null +++ b/molecule/default-podman/prepare.yml @@ -0,0 +1,123 @@ +--- +- name: Prepare Nexus3 + hosts: localhost + gather_facts: false + tasks: + - name: Gather facts about the nexus3-oss container + community.docker.docker_container_info: + name: nexus3-oss + register: nexus3_info + + - name: Set nexus3_ip variable for podman network + ansible.builtin.set_fact: + nexus3_ip: localhost + when: "'podman' in nexus3_info.container.NetworkSettings.Networks" + + - name: Set nexus3_ip variable for bridge network + ansible.builtin.set_fact: + nexus3_ip: "{{ nexus3_info.container.NetworkSettings.Networks.bridge.IPAddress }}" + when: "'bridge' in nexus3_info.container.NetworkSettings.Networks" + + - name: Show nexus3_ip + ansible.builtin.debug: + var: nexus3_ip + + - name: Wait for Nexus writable API endpoint to be available + ansible.builtin.uri: + url: "http://{{ nexus3_ip }}:8081/service/rest/v1/status/writable" + method: GET + validate_certs: false + status_code: 200 + register: __nexus_writable__ + until: __nexus_writable__.status == 200 + retries: 30 + delay: 10 + + - name: Fetch the admin.password from the nexus3-oss container + community.docker.docker_container_exec: + container: nexus3-oss + command: "cat /nexus-data/admin.password" + register: __nexus_initial_admin_password__ + + - name: Update password of admin user + ansible.builtin.uri: + url: "http://{{ nexus3_ip }}:8081/service/rest/v1/security/users/admin/change-password" + user: admin + password: "{{ __nexus_initial_admin_password__.stdout }}" + method: PUT + force_basic_auth: true + validate_certs: false + status_code: 204 + headers: + Content-Type: text/plain + accept: application/json + body: "changeme" + body_format: raw + + - name: Disable Anonmous access + ansible.builtin.uri: + url: "http://{{ nexus3_ip }}:8081/service/rest/v1/security/anonymous" + user: admin + password: changeme + method: PUT + force_basic_auth: true + validate_certs: false + status_code: 200 + body: | + { + "enabled": false, + "userId": "anonymous", + "realmName": "NexusAuthorizingRealm" + } + body_format: json + + # - name: Create license file + # ansible.builtin.copy: + # content: "{{ lookup('env', 'NEXUS_LICENSE_B64') | b64decode }}" + # dest: "nexus.lic" + # mode: '0644' + # register: __license_status__ + # when: (lookup('env', 'NEXUS_LICENSE_B64') is defined or nexus_license_b64 is defined) and nexus_enable_pro + + # - name: Upload license file through API + # ansible.builtin.uri: + # url: "http://{{ nexus3_ip }}:8081/service/rest/v1/system/license" + # method: POST + # validate_certs: false + # user: admin + # password: changeme + # force_basic_auth: true + # headers: + # Accept: "application/json" + # Content-Type: "application/octet-stream" + # src: "nexus.lic" + # status_code: 200 + # register: __uploaded_license__ + # when: (lookup('env', 'NEXUS_LICENSE_B64') is defined or nexus_license_b64 is defined) and nexus_enable_pro + # ignore_errors: true + + # - name: Remove license from file system + # ansible.builtin.file: + # path: "nexus.lic" + # state: absent + + # - name: Stop container + # community.docker.docker_container: + # name: nexus3-oss + # state: stopped + + # - name: Start container + # community.docker.docker_container: + # name: nexus3-oss + # state: started + + # - name: Wait for Nexus writable API endpoint to be available + # ansible.builtin.uri: + # url: "http://{{ nexus3_ip }}:8081/service/rest/v1/status/writable" + # method: GET + # validate_certs: false + # status_code: 200 + # register: __nexus_writable__ + # until: __nexus_writable__.status == 200 + # retries: 30 + # delay: 10 diff --git a/molecule/default/group_vars/all.yml b/molecule/default/group_vars/all.yml index ce36499..0f04f9d 100644 --- a/molecule/default/group_vars/all.yml +++ b/molecule/default/group_vars/all.yml @@ -301,6 +301,10 @@ nexus_repos_cleanup_policies: nexus_repos_maven_hosted: - name: repo-1 + online: true + storage: + strictContentTypeValidation: true + writePolicy: ALLOW_ONCE # Disable redeploy cleanup: policyNames: - maven_cleanup @@ -310,37 +314,76 @@ nexus_repos_maven_hosted: versionPolicy: RELEASE layoutPolicy: STRICT contentDisposition: INLINE - - name: maven-snapshots + - name: repo-2 + online: true + storage: + strictContentTypeValidation: false + writePolicy: ALLOW # Allow redeploy cleanup: - policyNames: - - maven_cleanup + policyNames: [] + component: + proprietaryComponents: false + maven: + versionPolicy: SNAPSHOT + layoutPolicy: PERMISSIVE + contentDisposition: ATTACHMENT + - name: repo-3-offline + online: false + storage: + strictContentTypeValidation: false + writePolicy: DENY # Read only + cleanup: + policyNames: [] + component: + proprietaryComponents: false + maven: + versionPolicy: + layoutPolicy: PERMISSIVE + contentDisposition: ATTACHMENT + - name: maven-snapshots + online: true storage: strictContentTypeValidation: true writePolicy: ALLOW_ONCE + cleanup: + policyNames: + - maven_cleanup + component: + proprietaryComponents: true maven: contentDisposition: INLINE layoutPolicy: STRICT versionPolicy: SNAPSHOT - component: - proprietaryComponents: true - - name: maven-releases online: true storage: strictContentTypeValidation: true + cleanup: + policyNames: + - maven_cleanup + component: + proprietaryComponents: true maven: contentDisposition: INLINE layoutPolicy: STRICT versionPolicy: RELEASE - component: - proprietaryComponents: true + - name: repo-cleanup-order-1 cleanup: policyNames: - maven_cleanup - - - name: repo-2 + - maven_releases_cleanup + - maven_prereleases_cleanup + - name: repo-cleanup-order-2 + cleanup: + policyNames: + - maven_releases_cleanup + - maven_cleanup + - maven_prereleases_cleanup + - name: repo-cleanup-order-3 cleanup: policyNames: + - maven_prereleases_cleanup + - maven_releases_cleanup - maven_cleanup nexus_repos_maven_proxy: From 55d8fff901bc8688ed34e4a2bcb30608bd837401 Mon Sep 17 00:00:00 2001 From: Brian Veltman <2551674+brianveltman@users.noreply.github.com> Date: Tue, 12 Nov 2024 14:58:25 -1000 Subject: [PATCH 2/2] Bug fix: sort items in array before comparing if you dont do this ansible will compare the order of the items as you defined them. That will return 'changed' in most cases, even when the value of the items have not changed. --- tasks/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tasks/main.yml b/tasks/main.yml index 272161c..f9d37d6 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -617,7 +617,7 @@ (existing_maven_hosted_repos | selectattr('name', 'equalto', item.name) | first).format | default('maven2') != item.format | default('maven2') or (existing_maven_hosted_repos | selectattr('name', 'equalto', item.name) | first).type | default('hosted') != item.type | default('hosted') or (existing_maven_hosted_repos | selectattr('name', 'equalto', item.name) | first).online | default(true) != item.online | default(true) or - (existing_maven_hosted_repos | selectattr('name', 'equalto', item.name) | first).cleanup.policyNames | default(omit) != item.cleanup.policyNames | default(omit) or + (existing_maven_hosted_repos | selectattr('name', 'equalto', item.name) | first).cleanup.policyNames | default([]) | sort != item.cleanup.policyNames | default([]) | sort or (existing_maven_hosted_repos | selectattr('name', 'equalto', item.name) | first).storage.blobStoreName | default(omit) != item.storage.blobStoreName | default(None) or (existing_maven_hosted_repos | selectattr('name', 'equalto', item.name) | first).storage.strictContentTypeValidation | default(false) != item.storage.strictContentTypeValidation | default(false) or (existing_maven_hosted_repos | selectattr('name', 'equalto', item.name) | first).storage.writePolicy | default(omit) != item.storage.writePolicy | default(None) or @@ -654,7 +654,7 @@ (existing_maven_proxy_repos | selectattr('name', 'equalto', item.name) | first).maven.versionPolicy | default(omit) != item.maven.versionPolicy | default(None) or (existing_maven_proxy_repos | selectattr('name', 'equalto', item.name) | first).maven.layoutPolicy | default(omit) != item.maven.layoutPolicy | default(None) or (existing_maven_proxy_repos | selectattr('name', 'equalto', item.name) | first).maven.contentDisposition | default(omit) != item.maven.contentDisposition | default(None) or - (existing_maven_proxy_repos | selectattr('name', 'equalto', item.name) | first).cleanup.policyNames | default(omit) != item.cleanup.policyNames | default(omit) or + (existing_maven_proxy_repos | selectattr('name', 'equalto', item.name) | first).cleanup.policyNames | default([]) | sort != item.cleanup.policyNames | default([]) | sort or (existing_maven_proxy_repos | selectattr('name', 'equalto', item.name) | first).routingRuleName | default(omit) != item.routingRule | default(omit) - name: Show maven_hosted_repos_to_update