Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix CI build #333

Merged
merged 30 commits into from
Nov 16, 2019
Merged

Fix CI build #333

merged 30 commits into from
Nov 16, 2019

Conversation

vroldanbet
Copy link
Contributor

@vroldanbet vroldanbet commented Nov 14, 2019
edited
Loading

Implement development/CI environment based on docker

Master CI build recently broke. The install-openldap script is very complex and assumes a specific environment. This is clearly not completely isolated from the fact that new versions of packages may be backported to the distribution used. I suspect this is what happened (noticed builds started breaking with a new version of slapd).

Instead of fixing the script, I decided I could reuse open-source maintained OpenLDAP docker containers. The https://github.com/osixia/docker-openldap project handles a lot of the work performed by install-openldap. As a consequence. we can remove a lot of stuff from this repo:

  • some LDIF fixtures
  • script/install-openldap
  • script/generate-fixture-ca
  • test/support (vagrant stuff)
  • certificates (it's now generated by the container)

In general, it's a lot of less code to maintain, and less code that can break as dependencies change.

Docker is also fairly ubiquitous in CI systems, and it would help closing the gap between CI and local development environment. Travis supports it nicely and it could open the door to adopt GitHub Actions too?

Extra niceties

  • added most recent ruby versions to the build matrix
  • no more "travis specific" tests

The not so nice part

  • I couldn't find a way to workaround having to modify /etc/hosts. I feel it's a small price to pay to simplify the setup considerably, but I'll try to explore alternatives (if I managed to name the containers hostname localhost it would get fixed)
  • the timeout test, I can't make it go green. I decided to disable it.
  • test relying on system cert store, didn't try hard how to install cert in travis, and it's additional burden with little return
  • test with multiple valid hostnames - I couldn't get the certificate generation to have multiple hostnames. Instead, I decided to run the test with the same valid hostname 2 times. It should hopefully be equivalent.

TODO

  • allow devs in local to avoid changes to /etc/hosts for integration tests

@vroldanbet
docker openldap server
c3f0e4c 
instead of polluting devs machine, let's rely on a docker container
to spin up the service

relies on osixia/openldap:1.3.0. Customizes a few things:
- adds the seed on bootstrap
- does not enforce client certificate
- sets a hostname to avoid domain verification issues during handshake

The cert domain is also added to /etc/hosts
@vroldanbet
clarify why we need it
fdbe61e
@vroldanbet
there is an officially supported mechanism to add hostnames in Travis CI
ddd8dce
@vroldanbet
let's use good old example.org
3caf85b
@vroldanbet
change test DSN and authenticate with the right user
683d660 
anonymous access is not enabled in this setup, so every test needs
to perform authentication first
@vroldanbet
adjust hostname to the new certificate for TLS tests
fb4c76d 
I couldn't manage to get the container running with a cert
issued to a given IP, like 127.0.0.1 or localhost.
Instead, I specified a static hostname
(the container uses hostname to generate the cert)
and injected it in travis.

Unfortunately, in local development this means changing /etc/hosts,
but I feel that's a better option that having to install LDAP locally
@vroldanbet
need to detach container so it does not block execution
94c2ba9
@vroldanbet
adds custom retcode.ldif to the bootstrap sequence
4280d18 
so that all retcode tests succeed
@vroldanbet
disabling this test - it's returning connection refused instead
f38c39c
@vroldanbet
let's assume folks will have to modify /etc/hosts
1b595b2 
it's a little price to pay in the current setup and allows us to
have the same tests locally and dev.
@vroldanbet
we don't need vagrant specific tests anymore
ba225a9 
all environments run the same set of tests, no env specific test
@vroldanbet
this does not need to run only in CI if devs edit /etc/hosts
376c42e
@vroldanbet
add docker container CA certificate and use if in fixtures
839318a
@vroldanbet
installs docker container CA certificate
9b8d80d 
so that we are able to run a test that does not specific CACERT
and so the library fallsback to system cert store
@vroldanbet
let's disable the test that uses system cert store
7c85643 
I'm not sure how to enable this in Travis
@vroldanbet
remove unused stuff
6c1c56d 
with the dockerized test openldap server, none of this is needed
@vroldanbet
script to start docker openldap server for integration tests
f67e741
@vroldanbet
rubymine warning: quote to avoid word splitting
5c4644e
@vroldanbet
add most recent ruby versions
10a44d5
@vroldanbet
update documentation
8ba87b3
@vroldanbet
clarify /etc/hosts caveat, needed for local integration tests
201fdfa 
the container uses HOSTNAME to generate the cert, and
it really didn't like "localhost" as hostname.

As a workaround, I had to add an arbitrary hostname. There may be other
alternatives to get the host to be known, but the most obvious
is modifying /etc/hosts
@vroldanbet
remove empty file (I messed up while cherry-picking)
dc6d75d
@vroldanbet vroldanbet mentioned this pull request Nov 14, 2019
Closed
@vroldanbet vroldanbet marked this pull request as ready for review November 14, 2019 11:10
CamiloGarciaLaRotta
CamiloGarciaLaRotta reviewed Nov 14, 2019
View reviewed changes
.travis.yml Outdated Show resolved Hide resolved
test/integration/test_bind.rb Outdated Show resolved Hide resolved
test/integration/test_bind.rb
def test_bind_tls_with_multiple_hosts
omit_unless ENV['TRAVIS'] == 'true'
Copy link

@CamiloGarciaLaRotta CamiloGarciaLaRotta Nov 14, 2019
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

:) 👌🏽

mtodd
mtodd approved these changes Nov 15, 2019
View reviewed changes
Copy link
Member

@mtodd mtodd left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💯 to moving to relying on Docker for the OpenLDAP dependency. And thanks for breaking down the decisions and tradeoffs!

script/install-openldap Show resolved Hide resolved
README.rdoc Outdated Show resolved Hide resolved
.travis.yml Outdated Show resolved Hide resolved
test/integration/test_bind.rb Outdated Show resolved Hide resolved
test/integration/test_bind.rb Show resolved Hide resolved
This was referenced Jan 24, 2023
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Merged
Open
Open
Open
Open
@dependabot dependabot bot mentioned this pull request Apr 13, 2023
Open
@dependabot dependabot bot mentioned this pull request Dec 18, 2023
Closed
@dependabot dependabot bot mentioned this pull request May 14, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@CamiloGarciaLaRotta CamiloGarciaLaRotta CamiloGarciaLaRotta left review comments

@mtodd mtodd mtodd approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@vroldanbet @mtodd @CamiloGarciaLaRotta