Add docker compose CI

.env

@@ -0,0 +1,4 @@
+# This is the docker-compose environment file.
+# Copy it to .env or use --env-file=env.example on docker-compose command.
+REGISTRY=quay.io/ftrivino
+TAG=latest

.github/workflows/docker-compose.yml

@@ -0,0 +1,25 @@
+name: docker-compose-integration-tests
+on:
+  pull_request:
+  push:
+    branches: [main]
+
+jobs:
+  docker:
+    timeout-minutes: 10
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v1
+
+    - name: Start containers
+      run: docker-compose -f "docker-compose.yml" up -d --build
+
+    - name: Install dependencies
+      run: |
+        pip install -r src/install/requirements.txt
+
+    - name: Stop containers
+      if: always()
+      run: docker-compose -f "docker-compose.yml" down

data/configs/dnsmasq.conf

@@ -0,0 +1,27 @@
+# dnsmasq configuration for sssd containers
+#
+# This makes sure that all machines are accessible through DNS including
+# SRV and PTR records.
+
+log-queries
+log-facility=-
+local=/test/
+
+# These zones have their own DNS server
+server=/ipa.test/172.16.100.10
+server=/samba.test/172.16.100.30
+server=/ad.test/172.16.200.10
+
+# Add A records for LDAP and client machines
+address=/master.ldap.test/172.16.100.20
+address=/client.test/172.16.100.40
+
+# Add SRV record for LDAP
+srv-host=_ldap._tcp.ldap.test,master.ldap.test,389
+
+# Add PTR records for all machines
+ptr-record=10.100.16.172.in-addr.arpa,master.ipa.test
+ptr-record=20.100.16.172.in-addr.arpa,master.ldap.test
+ptr-record=30.100.16.172.in-addr.arpa,dc.samba.test
+ptr-record=40.100.16.172.in-addr.arpa,client.test
+ptr-record=10.200.16.172.in-addr.arpa,dc.ad.test

data/configs/nm_enable_dnsmasq.conf

@@ -0,0 +1,2 @@
+[main]
+dns=dnsmasq

data/configs/nm_zone_test.conf

@@ -0,0 +1,6 @@
+# dnsmasq configuration for sssd-ci
+#
+# This makes sure that all machines are accessible through DNS including
+# SRV and PTR records.
+
+server=/test/172.16.100.2

data/configs/openssl_ca.cfg

@@ -0,0 +1,16 @@
+[req]
+default_bits = 4096
+default_md = sha256
+encrypt_key = no
+prompt = no
+utf8 = yes
+distinguished_name = distinguished_name
+x509_extensions = ca_extensions
+
+[ distinguished_name ]
+
+[ ca_extensions ]
+authorityKeyIdentifier=keyid,issuer
+basicConstraints=CA:TRUE
+keyUsage = keyCertSign,cRLSign
+subjectKeyIdentifier=hash

data/configs/openssl_sign_ca.ext

@@ -0,0 +1,4 @@
+authorityKeyIdentifier=keyid,issuer
+basicConstraints=CA:TRUE
+keyUsage = keyCertSign,cRLSign
+subjectKeyIdentifier=hash

data/configs/openssl_sign_service.ext

@@ -0,0 +1,4 @@
+authorityKeyIdentifier=keyid,issuer
+basicConstraints=CA:FALSE
+keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
+subjectKeyIdentifier=hash

docker-compose.yml

@@ -0,0 +1,141 @@
+services:
+  dns:
+    restart: always
+    image: ${REGISTRY}/ci-dns:latest
+    container_name: dns
+    env_file: ./env.containers
+    volumes:
+    - ./data/configs/dnsmasq.conf:/etc/dnsmasq.conf
+    cap_add:
+    - NET_RAW
+    - NET_ADMIN
+    security_opt:
+    - apparmor=unconfined
+    - label=disable
+    - seccomp=unconfined
+    networks:
+      sssd:
+        ipv4_address: 172.16.100.2
+
+  ipa:
+    image: ${REGISTRY}/ci-ipa:${TAG}
+    container_name: ipa
+    hostname: master.ipa.test
+    dns: 172.16.100.2
+    env_file: ./env.containers
+    volumes:
+    - ./shared:/shared:rw
+    cap_add:
+    - SYS_ADMIN
+    - SYS_PTRACE
+    - AUDIT_WRITE
+    security_opt:
+    - apparmor=unconfined
+    - label=disable
+    - seccomp=unconfined
+    networks:
+      sssd:
+        ipv4_address: 172.16.100.10
+
+  keycloak:
+    image: ${REGISTRY}/keycloak:${TAG}
+    container_name: keycloak
+    hostname: master.keycloak.test
+    dns: 172.16.100.2
+    env_file: ./env.containers
+    volumes:
+    - ./shared:/shared:rw
+    cap_add:
+    - SYS_ADMIN
+    - SYS_PTRACE
+    - AUDIT_WRITE
+    security_opt:
+    - apparmor=unconfined
+    - label=disable
+    - seccomp=unconfined
+    networks:
+      sssd:
+        ipv4_address: 172.16.100.11
+  nextcloud:
+    image: ${REGISTRY}/nextcloud:${TAG}
+    container_name: nextcloud
+    hostname: master.nextcloud.test
+    dns: 172.16.100.2
+    env_file: ./env.containers
+    volumes:
+    - ./shared:/shared:rw
+    cap_add:
+    - SYS_ADMIN
+    - SYS_PTRACE
+    - AUDIT_WRITE
+    security_opt:
+    - apparmor=unconfined
+    - label=disable
+    - seccomp=unconfined
+    networks:
+      sssd:
+        ipv4_address: 172.16.100.12
+  mariadb:
+    image: ${REGISTRY}/mariadb:${TAG}
+    container_name: mariadb
+    hostname: master.mariadb.test
+    dns: 172.16.100.2
+    env_file: ./env.containers
+    volumes:
+    - ./shared:/shared:rw
+    cap_add:
+    - SYS_ADMIN
+    - SYS_PTRACE
+    - AUDIT_WRITE
+    security_opt:
+    - apparmor=unconfined
+    - label=disable
+    - seccomp=unconfined
+    networks:
+      sssd:
+        ipv4_address: 172.16.100.13
+  ldap:
+    image: ${REGISTRY}/ci-ldap:${TAG}
+    container_name: ldap
+    hostname: master.ldap.test
+    dns: 172.16.100.2
+    env_file: ./env.containers
+    volumes:
+    - ./shared:/shared:rw
+    cap_add:
+    - SYS_PTRACE
+    - AUDIT_WRITE
+    security_opt:
+    - apparmor=unconfined
+    - label=disable
+    - seccomp=unconfined
+    networks:
+      sssd:
+        ipv4_address: 172.16.100.20
+  client:
+    image: ${REGISTRY}/ci-client:${TAG}
+    container_name: client
+    hostname: client.test
+    dns: 172.16.100.2
+    env_file: ./env.containers
+    volumes:
+    - ./shared:/shared:rw
+    cap_add:
+    - SYS_ADMIN
+    - SYS_PTRACE
+    - AUDIT_WRITE
+    security_opt:
+    - apparmor=unconfined
+    - label=disable
+    - seccomp=unconfined
+    networks:
+      sssd:
+        ipv4_address: 172.16.100.40
+networks:
+  sssd:
+    name: sssd-ci
+    driver: bridge
+    ipam:
+     config:
+       - subnet: 172.16.100.0/24
+         gateway: 172.16.100.1

env.containers

@@ -0,0 +1,2 @@
+# Environment variables set in all started containers
+CONTAINER=yes

env.example

@@ -0,0 +1,4 @@
+# This is the docker-compose environment file.
+# Copy it to .env or use --env-file=env.example on docker-compose command.
+REGISTRY=quay.io/ftrivino
+TAG=latest