Add vars and tasks to support VGAuth guest operation testing (#465)

Signed-off-by: Qi Zhang <qiz@vmware.com>
vmware · May 31, 2023 · fa31d44 · fa31d44
1 parent c37606b
commit fa31d44
Show file tree

Hide file tree

Showing 19 changed files with 573 additions and 69 deletions.
diff --git a/common/add_vsphere_hosts_in_inventory.yml b/common/add_vsphere_hosts_in_inventory.yml
@@ -0,0 +1,34 @@
+# Copyright 2023 VMware, Inc.
+# SPDX-License-Identifier: BSD-2-Clause
+---
+# Add vCenter Server and ESXi server into memory inventory
+#
+- name: "Add vCenter Server into memory inventory"
+  include_tasks: add_host_in_memory_inventory.yml
+  vars:
+    add_host_in_memory_inventory_ip: "{{ vcenter_hostname }}"
+    add_host_in_memory_inventory_gp: "vcenter"
+    add_host_in_memory_inventory_user: "{{ vcenter_ssh_username }}"
+    add_host_in_memory_inventory_pwd: "{{ vcenter_ssh_password }}"
+    add_host_in_memory_inventory_python: "/bin/python"
+    add_host_in_memory_inventory_ssh_pipeline: true
+    add_host_in_memory_inventory_shell: "/usr/bin/bash"
+  when:
+    - vcenter_hostname is defined
+    - vcenter_hostname
+    - vcenter_ssh_username is defined
+    - vcenter_ssh_username
+    - vcenter_ssh_password is defined
+    - vcenter_ssh_password
+
+- name: "Add ESXi Server into memory inventory"
+  include_tasks: ../common/add_host_in_memory_inventory.yml
+  vars:
+    add_host_in_memory_inventory_ip: "{{ esxi_hostname }}"
+    add_host_in_memory_inventory_gp: "esxi"
+    add_host_in_memory_inventory_user: "{{ esxi_username }}"
+    add_host_in_memory_inventory_pwd: "{{ esxi_password }}"
+    add_host_in_memory_inventory_python: "/bin/python"
+    add_host_in_memory_inventory_ssh_pipeline: true
+    add_host_in_memory_inventory_remote_tmp: "{{ vm_datastore_path }}"
+    add_host_in_memory_inventory_shell: "{{ esxi_shell }}"
diff --git a/common/vcenter_get_domain_user_info.yml b/common/vcenter_get_domain_user_info.yml
@@ -0,0 +1,50 @@
+# Copyright 2023 VMware, Inc.
+# SPDX-License-Identifier: BSD-2-Clause
+---
+# Gather information about a domain user on vCenter Server
+# Parameters:
+#   vcenter_domain_name: The vCenter Server user domain name. Default is same with vcenter_username domain.
+#   vcenter_domain_user_name: The domain user name.
+#
+- name: "Check parameter 'vcenter_domain_user_name' is set"
+  ansible.builtin.assert:
+    that:
+      - vcenter_is_defined is defined
+      - vcenter_is_defined
+      - vcenter_domain_user_name is defined
+      - vcenter_domain_user_name
+    fail_msg: >-
+      vCenter Server information must be defined in testing vars file and
+      parameter 'vcenter_domain_user_name' must be set for gathering domain user info.
+      Current vcenter_is_defined is {{ vcenter_is_defined | default('undefined')}},
+      vcenter_domain_user_name is {{ vcenter_domain_user_name | default('undefined') }}.
+
+- name: "Set default user domain of vCenter Server"
+  ansible.builtin.set_fact:
+    vcenter_domain_name: "{{ vcenter_username.split('@')[-1] }}"
+  when: vcenter_domain_name is undefined or not vcenter_domain_name
+
+- name: "Initialize the fact of vCenter Server domain user"
+  ansible.builtin.set_fact:
+    vcenter_domain_user_info: ""
+
+- name: "Get info of domain user '{{ vcenter_domain_user_name }}@{{ vcenter_domain_name }}'"
+  community.vmware.vcenter_domain_user_group_info:
+    hostname: '{{ vcenter_hostname }}'
+    username: '{{ vcenter_username }}'
+    password: '{{ vcenter_password }}'
+    validate_certs: "{{ validate_certs | default(false) }}"
+    domain: "{{ vcenter_domain_name }}"
+    search_string: "{{ vcenter_domain_name }}\\{{ vcenter_domain_user_name }}"
+    exact_match: true
+  register: get_domain_user_result
+
+- name: "Set fact of vCenter Server domain user"
+  ansible.builtin.set_fact:
+    vcenter_domain_user_info: "{{ get_domain_user_result.domain_user_groups[0] }}"
+  when:
+    - get_domain_user_result.domain_user_groups is defined
+    - get_domain_user_result.domain_user_groups | length > 0
+
+- name: "Display gathered domain user information"
+  ansible.builtin.debug: var=vcenter_domain_user_info
diff --git a/common/vcenter_manage_domain_user.yml b/common/vcenter_manage_domain_user.yml
@@ -0,0 +1,131 @@
+# Copyright 2023 VMware, Inc.
+# SPDX-License-Identifier: BSD-2-Clause
+---
+# Add or delete a domain user on vCenter Server
+# Parameters:
+#   vcenter_domain_user_name: The domain user name.
+#   vcenter_domain_user_password: The domain user password.
+#   vcenter_domain_user_op: The operation of managing domain user: add or delete.
+#   vcenter_domain_name(optional): The vCenter Server user domain name.
+#     Default is vcenter_username domain.
+#   vcenter_domain_user_first_name(optional): The first name of domain user.
+#     Default is same as user name.
+#   vcenter_domain_user_last_name(optional): The last name of domain user.
+#     Default is same as domain name.
+#   vcenter_domain_user_group(optional): The user group which domain user belongs to.
+#     Default is empty.
+#
+# vcenter_is_defined is defined in common/set_vmware_module_hostname.yml
+# groups['vcenter'] is defined in common/add_vsphere_hosts_in_inventory.yml
+# both of them are set at env_setup
+- name: "Check vCenter Server is defined and added into memory inventory"
+  ansible.builtin.assert:
+    that:
+      - vcenter_is_defined is defined
+      - vcenter_is_defined
+      - groups['vcenter'] is defined
+      - vcenter_hostname in groups['vcenter']
+    fail_msg: >-
+      vCenter Server information and its SSH username and password must be set in testing vars file.
+      Current vcenter_is_defined is {{ vcenter_is_defined | default('undefined') }},
+      and vCenter Server hostname in memory inventory is
+      {{ groups['vcenter'] is defined and vcenter_hostname in groups['vcenter'] }}.
+
+- name: "Check vcenter_domain_user_name, vcenter_domain_user_password and vcenter_domain_user_op are set"
+  ansible.builtin.assert:
+    that:
+      - vcenter_domain_user_name is defined
+      - vcenter_domain_user_name
+      - vcenter_domain_user_password is defined
+      - vcenter_domain_user_password
+      - vcenter_domain_user_op is defined
+      - vcenter_domain_user_op in ['add', 'delete']
+    fail_msg: >-
+      Parameter 'vcenter_domain_user_name','vcenter_domain_user_password' and 'vcenter_domain_user_op'
+      must be set correclty for managing domain user.
+      Current vcenter_domain_user_name is {{ vcenter_domain_user_name | default('undefined') }},
+      vcenter_domain_user_password is {{ vcenter_domain_user_password | default('undefined') }},
+      and vcenter_domain_user_op is {{ vcenter_domain_user_op | default('undefined') }}.
+
+- name: "Set default user domain of vCenter Server"
+  ansible.builtin.set_fact:
+    vcenter_domain_name: "{{ vcenter_username.split('@')[-1] }}"
+  when: vcenter_domain_name is undefined or not vcenter_domain_name
+
+- name: "Set command for adding domain user"
+  ansible.builtin.set_fact:
+    manage_domain_user_cmd: >-
+      /usr/lib/vmware-vmafd/bin/dir-cli user create
+      --account "{{ vcenter_domain_user_name }}"
+      --user-password "{{ vcenter_domain_user_password }}"
+      --first-name "{{ vcenter_domain_user_first_name | default(vcenter_domain_user_name) }}"
+      --last-name "{{ vcenter_domain_user_last_name | default(vcenter_domain_name) }}"
+      --login "{{ vcenter_username }}"
+      --password "{{ vcenter_password }}"
+  when: vcenter_domain_user_op == "add"
+
+- name: "Set command for deleteing domain user"
+  ansible.builtin.set_fact:
+    manage_domain_user_cmd: >-
+      /usr/lib/vmware-vmafd/bin/dir-cli user delete
+      --account "{{ vcenter_domain_user_name }}"
+      --login "{{ vcenter_username }}"
+      --password "{{ vcenter_password }}"
+  when: vcenter_domain_user_op == "delete"
+
+- name: "{{ vcenter_domain_user_op | capitalize }} domain user '{{ vcenter_domain_user_name }}@{{ vcenter_domain_name }}'"
+  ansible.builtin.command: "{{ manage_domain_user_cmd }}"
+  ignore_errors: true
+  delegate_to: "{{ vcenter_hostname }}"
+  register: manage_domain_user_result
+
+- name: "Display result of managing domain user"
+  ansible.builtin.debug: var=manage_domain_user_result
+  when: enable_debug | bool
+
+- name: "Check the result of managing domain user '{{ vcenter_domain_user_name }}@{{ vcenter_domain_name }}'"
+  ansible.builtin.assert:
+    that:
+      - manage_domain_user_result.rc is defined
+      - manage_domain_user_result.rc == 0
+    fail_msg: >-
+      Failed to {{ vcenter_domain_user_op }} domain user '{{ vcenter_domain_user_name }}@{{ vcenter_domain_name }}'.
+      Return code is '{{ manage_domain_user_result.rc | default("unknown") }}'.
+      Hit error '{{ manage_domain_user_result.stderr | default("unknown") }}'.
+    success_msg: "{{ manage_domain_user_result.stdout | default(omit) }}"
+
+- name: "Add domain user to user group"
+  block:
+    - name: "Set command for adding domain user to user group"
+      ansible.builtin.set_fact:
+        modify_user_group_cmd: >-
+          /usr/lib/vmware-vmafd/bin/dir-cli group modify
+          --name "{{ vcenter_domain_user_group }}"
+          --add "{{ vcenter_domain_user_name }}"
+          --login "{{ vcenter_username }}"
+          --password "{{ vcenter_password }}"
+
+    - name: "Add domain user to user group '{{ vcenter_domain_user_group }}'"
+      ansible.builtin.command: "{{ modify_user_group_cmd }}"
+      delegate_to: "{{ vcenter_hostname }}"
+      register: modify_user_group_result
+
+    - name: "Display result of adding domain user to user group"
+      ansible.builtin.debug: var=modify_user_group_result
+      when: enable_debug | bool
+
+    - name: "Check the result of adding domain user to user group '{{ vcenter_domain_user_group }}'"
+      ansible.builtin.assert:
+        that:
+          - modify_user_group_result.rc is defined
+          - modify_user_group_result.rc == 0
+        fail_msg: >-
+          Failed to add domain user '{{ vcenter_domain_user_name }}@{{ vcenter_domain_name }}'
+          to user group '{{ vcenter_domain_user_group }}'.
+          Return code is '{{ modify_user_group_result.rc | default("unknown") }}'.
+          Hit error '{{ modify_user_group_result.stderr | default("unknown") }}'
+        success_msg: "{{ modify_user_group_result.stdout | default(omit) }}"
+  when:
+    - vcenter_domain_user_op == "add"
+    - vcenter_domain_user_group is defined
+    - vcenter_domain_user_group
diff --git a/env_setup/env_setup.yml b/env_setup/env_setup.yml
@@ -41,7 +41,7 @@
     - name: "Get vCenter Server version and build"
       include_tasks: ../common/vcenter_get_version_build.yml
       when: vcenter_is_defined is defined and vcenter_is_defined
-    
+
     - name: "Get ESXi version and build"
       include_tasks: ../common/esxi_get_version_build.yml
 
@@ -87,7 +87,7 @@
           include_tasks: check_vm_settings.yml
 
         - name: "Get existing VM info"
-          include_tasks: ../common/vm_get_vm_info.yml        
+          include_tasks: ../common/vm_get_vm_info.yml
       when: vm_exists is defined and vm_exists
 
     - name: Set fact of the VM datastore path
@@ -97,17 +97,8 @@
     - name: Display the datatore path of VM files
       ansible.builtin.debug: var=vm_datastore_path
 
-    - name: "Add esxi host into memory inventory"
-      include_tasks: ../common/add_host_in_memory_inventory.yml
-      vars:
-        add_host_in_memory_inventory_ip: "{{ esxi_hostname }}"
-        add_host_in_memory_inventory_gp: "esxi"
-        add_host_in_memory_inventory_user: "{{ esxi_username }}"
-        add_host_in_memory_inventory_pwd: "{{ esxi_password }}"
-        add_host_in_memory_inventory_python: "/bin/python"
-        add_host_in_memory_inventory_ssh_pipeline: true
-        add_host_in_memory_inventory_remote_tmp: "{{ vm_datastore_path }}"
-        add_host_in_memory_inventory_shell: "{{ esxi_shell }}"
+    - name: "Add vSphere hosts into memory inventory"
+      include_tasks: ../common/add_vsphere_hosts_in_inventory.yml
 
     - name: "Enable guest IP hack on ESXi host to get VM IP address when there is no VMware tools installed or VMware tools is not up"
       include_tasks: ../common/esxi_enable_guest_ip_hack.yml
diff --git a/linux/open_vm_tools/ovt_verify_install.yml b/linux/open_vm_tools/ovt_verify_install.yml
@@ -49,11 +49,14 @@
             - vmtools_is_installed
             - update_vmtools
 
-        # Set the fact of open-vm-tools packages
-        - include_tasks: ../utils/set_ovt_facts.yml
+        - name: "Set facts of open-vm-tools packages, processes and service"
+          include_tasks: ../utils/set_ovt_facts.yml
 
-        # Uninstall open-vm-tools for reinstallation
-        - include_tasks: uninstall_ovt.yml
+        - name: "Set facts of VGAuthService process and service"
+          include_tasks: ../utils/set_vgauth_facts.yml
+
+        - name: "Uninstall open-vm-tools for reinstall"
+          include_tasks: uninstall_ovt.yml
           when:
             - uninstall_tools is defined
             - uninstall_tools

diff --git a/linux/open_vm_tools/ovt_verify_status.yml b/linux/open_vm_tools/ovt_verify_status.yml
@@ -30,7 +30,7 @@
         - block:
             - include_tasks: ../utils/add_user.yml
               vars:
-                os_username: "vmware"
+                guest_user_name: "vmware"
 
             - include_tasks: ../utils/enable_auto_login.yml
               vars:

diff --git a/linux/open_vm_tools/ovt_verify_uninstall.yml b/linux/open_vm_tools/ovt_verify_uninstall.yml
@@ -12,30 +12,37 @@
   tasks:
     - name: "Test case block"
       block:
-        - include_tasks: ../setup/test_setup.yml
+        - name: "Test setup"
+          include_tasks: ../setup/test_setup.yml
 
         # Flatcar doesn't support to uninstall open-vm-tools
-        - include_tasks: ../../common/skip_test_case.yml
+        - name: "Skip test case for {{ guest_os_ansible_distribution }}"
+          include_tasks: ../../common/skip_test_case.yml
           vars:
             skip_msg: "Skip test case because {{ guest_os_ansible_distribution }} doesn't support uninstalling open-vm-tools"
             skip_reason: "Not Supported"
           when: "'Flatcar' in guest_os_ansible_distribution"
 
-        - include_tasks: ../../common/skip_test_case.yml
+        - name: "Block test case when guest OS doesn't install open-vm-tools"
+          include_tasks: ../../common/skip_test_case.yml
           vars:
             skip_msg: "Test case '{{ ansible_play_name }}' is blocked because guest OS doesn't has open-vm-tools"
             skip_reason: "Blocked"
           when: vmtools_is_installed is undefined or not (vmtools_is_installed | bool)
 
-        - block:
-            # Set the fact of open-vm-tools packages
-            - include_tasks: ../utils/set_ovt_facts.yml
+        - name: "Uninstall open-vm-tools"
+          block:
+            - name: "Set facts of open-vm-tools packages, processes and service"
+              include_tasks: ../utils/set_ovt_facts.yml
 
-            # Uninstall open-vm-tools for reinstallation
-            - include_tasks: uninstall_ovt.yml
+            - name: "Set facts of VGAuthService process and service"
+              include_tasks: ../utils/set_vgauth_facts.yml
+
+            - name: "Uninstall open-vm-tools and check result"
+              include_tasks: uninstall_ovt.yml
           when:
-            - "'Flatcar' not in guest_os_ansible_distribution"
             - vmtools_is_installed is defined
             - vmtools_is_installed | bool
       rescue:
-        - include_tasks: ../../common/test_rescue.yml
+        - name: "Test case failure"
+          include_tasks: ../../common/test_rescue.yml
diff --git a/linux/open_vm_tools/uninstall_ovt.yml b/linux/open_vm_tools/uninstall_ovt.yml
@@ -61,7 +61,7 @@
     expected_service_state: "absent"
   with_items:
     - "{{ ovt_service }}"
-    - "{{ vgauth_service }}"
+    - "{{ vgauth_service_name }}"
 
 - name: "Set the fact that open-vm-tools is removed"
   ansible.builtin.set_fact:

diff --git a/linux/utils/add_user.yml b/linux/utils/add_user.yml
@@ -1,37 +1,38 @@
 # Copyright 2021-2023 VMware, Inc.
 # SPDX-License-Identifier: BSD-2-Clause
 ---
-# Add a new user to guest
+# Add a new user in guest OS
 # Parameter:
-#   os_username: The user name to be added
-#   os_group: (Optional)The group name for the new user name.
+#   guest_user_name: The new user name
+#   guest_user_password: The new user's password
+#   guest_user_group: (Optional)The group name for the new user name.
 
 # If user already exists, return changed with 'false'
-- name: "Get user '{{ os_username }}' info"
+- name: "Get user '{{ guest_user_name }}' info"
   ansible.builtin.getent:
     database: passwd
-    key: "{{ os_username }}"
+    key: "{{ guest_user_name }}"
   failed_when: false
   register: getent_user_result
   delegate_to: "{{ vm_guest_ip }}"
 
-- name: "User '{{ os_username }}' already exists"
+- name: "User '{{ guest_user_name }}' already exists"
   ansible.builtin.debug: var=getent_user_result.ansible_facts.getent_passwd
   when:
     - getent_user_result.ansible_facts is defined
     - getent_user_result.ansible_facts.getent_passwd is defined
-    - getent_user_result.ansible_facts.getent_passwd[os_username] is defined
+    - getent_user_result.ansible_facts.getent_passwd[guest_user_name] is defined
 
 # Create a new user if it doesn't exist
-- name: "Add a new user '{{ os_username }}'"
+- name: "Add a new user '{{ guest_user_name }}'"
   ansible.builtin.user:
-    name: "{{ os_username }}"
-    group: "{{ os_group | default('users') }}"
-    password: "{{ vm_password | password_hash('sha512') }}"
+    name: "{{ guest_user_name }}"
+    group: "{{ guest_user_group | default('users') }}"
+    password: "{{ guest_user_password | default(vm_password) | password_hash('sha512') }}"
     update_password: on_create
     expires: -1
   delegate_to: "{{ vm_guest_ip }}"
   when: >
     getent_user_result.ansible_facts is undefined or
     getent_user_result.ansible_facts.getent_passwd is undefined or
-    getent_user_result.ansible_facts.getent_passwd[os_username] is undefined
+    getent_user_result.ansible_facts.getent_passwd[guest_user_name] is undefined