added integration tests with molecule testinfra

.ansible-lint

@@ -1,2 +1,9 @@
 skip_list:
   - 'yaml'
+  - unnamed-task
+warn_list:
+  - command-instead-of-shell
+  - risky-file-permissions
+  - literal-compare
+  - meta-incorrect
+  - meta-no-info

molecule/default/converge.yml

@@ -2,6 +2,22 @@
 
 - name: Converge
   hosts: all
+  vars:
+    icinga2_confd: false
+    icinga2_features:
+      - name: checker
+      - name: mainlog
+      - name: api
+        ca_host: none
+        endpoints:
+          - name: "{{ ansible_fqdn }}"
+        zones:
+          - name: "main"
+            endpoints:
+              - "{{ ansible_fqdn }}"
+    icinga2_config_directories:
+      - zones.d/main/hosts
+      - zones.d/main/services
   collections:
     icinga.icinga
   tasks:

molecule/default/host_vars/icinga-default.yaml

@@ -0,0 +1,47 @@
+icinga2_objects:
+  icinga-default:
+    - name: agent.localdomain
+      type: Endpoint
+      file: zones.d/main/hosts/agent.localdomain.conf
+    - name: agent.localdomain
+      type: Zone
+      file: zones.d/main/hosts/agent.localdomain.conf
+      parent: main
+      endpoints:
+        - agent.localdomain
+    - name: agent.localdomain
+      type: Host
+      file: zones.d/main/hosts/agent.localdomain.conf
+      check_command: hostalive
+      address: 127.0.0.1
+      check_interval: 3m
+    - name: generic-service
+      type: Service
+      file: zones.d/main/services/services.conf
+      template: true
+      check_interval: 300s
+      retry_interval: 30s
+      order: 1
+    - name: ping
+      type: Service
+      apply: true
+      file: zones.d/main/services/services.conf
+      imports:
+        - generic-service
+      check_command: ping4
+      assign:
+        - host.address
+      ignore:
+        - match(no*, host.name)
+    - name: group-ping
+      type: ServiceGroup
+      file: zones.d/main/servicegroups.conf
+      display_name: "Ping Services"
+      assign:
+        - match(ping*, service.check_command)
+    - name: group-linux
+      type: HostGroup
+      file: zones.d/main/hostgroups.conf
+      display_name: Linux Hosts
+      assign:
+        - match(linux, host.vars.os)

molecule/default/molecule.yml

@@ -13,9 +13,13 @@ platforms:
     pre_build_image: true
 provisioner:
   name: ansible
+  inventory:
+    link:
+      host_vars: host_vars/
 verifier:
-  name: ansible
+  name: testinfra
+  directory: tests/integration/
 lint: |
   set -e
-  yamllint .
-  ansible-lint .
+  yamllint --no-warnings roles/
+  ansible-lint roles/

molecule/default/prepare.yml

@@ -5,7 +5,7 @@
     - name: Install requirements for Debian
       apt:
         name:
-        - gpg
-        - apt-transport-https
+          - gpg
+          - apt-transport-https
         update_cache: yes
       when: ansible_os_family == "Debian"

molecule/default/tests/integration/test_icinga2.py

@@ -0,0 +1,119 @@
+def test_icinga2_package(host):
+    icinga2_pkg = host.package("icinga2")
+    assert icinga2_pkg.is_installed
+
+def test_icinga2_configdir(host):
+    icinga2_cdir = host.file("/etc/icinga2/zones.d/main")
+    assert icinga2_cdir.is_directory
+    if host.system_info.distribution == 'centos':
+      assert icinga2_cdir.user == "icinga"
+      assert icinga2_cdir.group == "icinga"
+    if host.system_info.distribution == 'debian':
+      assert icinga2_cdir.user == "nagios"
+      assert icinga2_cdir.group == "nagios"
+
+def test_icinga2_zones_dir(host):
+    i2_zones_dir = host.file("/etc/icinga2/zones.d/main/hosts")
+    if host.system_info.distribution == 'centos':
+      assert i2_zones_dir.is_directory
+      assert i2_zones_dir.user == "icinga"
+      assert i2_zones_dir.group == "icinga"
+    if host.system_info.distribution == 'debian':
+      assert i2_zones_dir.is_directory
+      assert i2_zones_dir.user == "nagios"
+      assert i2_zones_dir.group == "nagios"
+
+def test_icinga2_object_host(host):
+    i2_file = host.file("/etc/icinga2/zones.d/main/hosts/agent.localdomain.conf")
+    print(i2_file.content_string)
+    assert i2_file.is_file
+    assert i2_file.contains('object Zone "agent.localdomain" {')
+    assert i2_file.contains('object Endpoint "agent.localdomain" {')
+    assert i2_file.contains('object Host "agent.localdomain" {')
+    if host.system_info.distribution == 'centos':
+      assert i2_file.user == "icinga"
+      assert i2_file.group == "icinga"
+      assert i2_file.mode == 0o644
+    if host.system_info.distribution == 'debian':
+      assert i2_file.user == "nagios"
+      assert i2_file.group == "nagios"
+      assert i2_file.mode == 0o644
+
+def test_icinga2_object_service(host):
+    i2_file = host.file("/etc/icinga2/zones.d/main/services/services.conf")
+    print(i2_file.content_string)
+    assert i2_file.is_file
+    assert i2_file.contains('apply Service "ping" {')
+    assert i2_file.contains('template Service "generic-service" {')
+    if host.system_info.distribution == 'centos':
+      assert i2_file.user == "icinga"
+      assert i2_file.group == "icinga"
+      assert i2_file.mode == 0o644
+    if host.system_info.distribution == 'debian':
+      assert i2_file.user == "nagios"
+      assert i2_file.group == "nagios"
+      assert i2_file.mode == 0o644
+
+def test_icinga2_certificate(host):
+    i2_file = host.file("/var/lib/icinga2/certs/icinga-default.crt")
+    assert i2_file.is_file
+    if host.system_info.distribution == 'centos':
+      assert i2_file.user == "icinga"
+      assert i2_file.group == "icinga"
+      assert i2_file.mode == 0o644
+    if host.system_info.distribution == 'debian':
+      assert i2_file.user == "nagios"
+      assert i2_file.group == "nagios"
+      assert i2_file.mode == 0o644
+
+def test_icinga2_crt_key(host):
+    i2_file = host.file("/var/lib/icinga2/certs/icinga-default.key")
+    assert i2_file.is_file
+    if host.system_info.distribution == 'centos':
+      assert i2_file.user == "icinga"
+      assert i2_file.group == "icinga"
+      assert i2_file.mode == 0o600
+    if host.system_info.distribution == 'debian':
+      assert i2_file.user == "nagios"
+      assert i2_file.group == "nagios"
+      assert i2_file.mode == 0o600
+
+def test_icinga2_dir(host):
+    icinga2_dir = host.file("/etc/icinga2")
+    assert icinga2_dir.is_directory
+
+def test_icinga2_feature_checker(host):
+    i2_file = host.file("/etc/icinga2/features-available/checker.conf")
+    i2_link = host.file("/etc/icinga2/features-enabled/checker.conf")
+    assert i2_file.exists
+    assert i2_link.linked_to == "/etc/icinga2/features-available/checker.conf"
+    if host.system_info.distribution == 'centos':
+      assert i2_file.user == "icinga"
+      assert i2_file.group == "icinga"
+    if host.system_info.distribution == 'debian':
+      assert i2_file.user == "nagios"
+      assert i2_file.group == "nagios"
+
+def test_icinga2_feature_mainlog(host):
+    i2_file = host.file("/etc/icinga2/features-available/mainlog.conf")
+    i2_link = host.file("/etc/icinga2/features-enabled/mainlog.conf")
+    assert i2_file.exists
+    assert i2_link.linked_to == "/etc/icinga2/features-available/mainlog.conf"
+    if host.system_info.distribution == 'centos':
+      assert i2_file.user == "icinga"
+      assert i2_file.group == "icinga"
+    if host.system_info.distribution == 'debian':
+      assert i2_file.user == "nagios"
+      assert i2_file.group == "nagios"
+
+def test_icinga2_feature_api(host):
+    i2_file = host.file("/etc/icinga2/features-available/api.conf")
+    i2_link = host.file("/etc/icinga2/features-enabled/api.conf")
+    assert i2_file.exists
+    assert i2_link.linked_to == "/etc/icinga2/features-available/api.conf"
+    if host.system_info.distribution == 'centos':
+      assert i2_file.user == "icinga"
+      assert i2_file.group == "icinga"
+    if host.system_info.distribution == 'debian':
+      assert i2_file.user == "nagios"
+      assert i2_file.group == "nagios"

molecule/default/tests/integration/test_repos.py

@@ -0,0 +1,9 @@
+def test_repos(host):
+    if host.system_info.distribution == 'debian':
+      repofile = host.file("/etc/apt/sources.list.d/icinga.list")
+      assert repofile.is_file
+      assert repofile.user == "root"
+    if host.system_info.distribution == 'centos':
+      repofile = host.file("/etc/yum.repos.d/ICINGA-release.repo")
+      assert repofile.is_file
+      assert repofile.user == "root"

molecule/default/tests/integration/test_service.py

@@ -0,0 +1,4 @@
+def test_icinga2_service(host):
+    service = host.service("icinga2")
+    assert service.is_running
+    assert service.is_enabled

requirements-test.txt

@@ -2,3 +2,4 @@ ansible
 ansible-lint
 molecule
 molecule-docker
+pytest-testinfra

roles/icinga2/tasks/configure.yml

@@ -84,6 +84,8 @@
     src: "{{ item.path }}"
     dest: "{{ item.path |regex_replace('^'+icinga2_fragments_path, '/etc/icinga2') }}"
     delimiter: ' '
+    owner: "{{ icinga2_user }}"
+    group: "{{ icinga2_group }}"
   loop: "{{ result.files }}"
   notify: reload icinga2 service
 

roles/icinga2/tasks/features/api.yml

@@ -139,6 +139,8 @@
       copy:
         src: "{{ icinga2_ca_path }}/ca.crt"
         dest: "{{ icinga2_cert_path }}/ca.crt"
+        owner: "{{ icinga2_user }}"
+        group: "{{ icinga2_group }}"
         remote_src: yes
       when: icinga2_ca_host == 'none'
   when: (icinga2_ssl_cert_path.stat.exists == false or icinga2_ssl_key_path.stat.exists == false or icinga2_force_newcert) and icinga2_ssl_cacert is not defined