diff --git a/.azure-pipelines/azure-pipelines.yml b/.azure-pipelines/azure-pipelines.yml index a22e98e5ac1..484ae925744 100644 --- a/.azure-pipelines/azure-pipelines.yml +++ b/.azure-pipelines/azure-pipelines.yml @@ -138,6 +138,8 @@ stages: test: rhel/10.1 - name: Ubuntu 24.04 test: ubuntu/24.04 + - name: Ubuntu 26.04 + test: ubuntu/26.04 groups: - 6 - stage: Remote_Targeted @@ -161,10 +163,10 @@ stages: test: alpine323 - name: Fedora 44 test: fedora44 - - name: Ubuntu 22.04 - test: ubuntu2204 - name: Ubuntu 24.04 test: ubuntu2404 + - name: Ubuntu 26.04 + test: ubuntu2604 groups: - 1 - 2 @@ -178,6 +180,8 @@ stages: test: fedora44 - name: Ubuntu 24.04 test: ubuntu2404 + - name: Ubuntu 26.04 + test: ubuntu2604 groups: - 3 - 4 diff --git a/changelogs/fragments/ansible-test-ubuntu-2604.yml b/changelogs/fragments/ansible-test-ubuntu-2604.yml new file mode 100644 index 00000000000..cecde2144e2 --- /dev/null +++ b/changelogs/fragments/ansible-test-ubuntu-2604.yml @@ -0,0 +1,2 @@ +minor_changes: + - ansible-test - Replace Ubuntu 22.04 container and remote with 26.04. diff --git a/test/integration/targets/ansible-test-container/runme.py b/test/integration/targets/ansible-test-container/runme.py index 7205ae74478..ce7b3f37d67 100755 --- a/test/integration/targets/ansible-test-container/runme.py +++ b/test/integration/targets/ansible-test-container/runme.py @@ -179,10 +179,13 @@ def get_test_scenarios() -> list[TestScenario]: # See: https://access.redhat.com/solutions/6816771 enable_sha1 = os_release.id == 'rhel' and os_release.version_id.startswith('9.') and container_name == 'centos6' - # Starting with Fedora 40, use of /usr/sbin/unix-chkpwd fails under Ubuntu 24.04 due to AppArmor. - # This prevents SSH logins from completing due to unix-chkpwd failing to look up the user with getpwnam. - # Disabling the 'unix-chkpwd' profile works around the issue, but does not solve the underlying problem. - disable_apparmor_profile_unix_chkpwd = engine == 'podman' and os_release.id == 'ubuntu' and container_name.startswith('fedora') + # The AppArmor policy for pasta on Ubuntu 26.04 prevents podman from stopping containers. + # Attempting to do so fails with an error like: + # rootless netns: kill network process: permission denied + # AppArmor denials such as the following show up in dmesg output: + # [ 1606.740536] audit: type=1400 audit(1777052086.084:226): apparmor="DENIED" operation="signal" class="signal" profile="pasta" pid=28252 + # comm="podman" requested_mask="receive" denied_mask="receive" signal=term peer="podman" + disable_apparmor_profile_pasta = engine == 'podman' and os_release.id == 'ubuntu' and os_release.version_id == '26.04' cgroup_version = get_docker_info(engine).cgroup_version @@ -237,7 +240,7 @@ def get_test_scenarios() -> list[TestScenario]: enable_sha1=enable_sha1, debug_systemd=debug_systemd, probe_cgroups=probe_cgroups, - disable_apparmor_profile_unix_chkpwd=disable_apparmor_profile_unix_chkpwd, + disable_apparmor_profile_pasta=disable_apparmor_profile_pasta, ) ) @@ -332,9 +335,9 @@ def run_test(scenario: TestScenario) -> TestResult: if scenario.enable_sha1: run_command('update-crypto-policies', '--set', 'DEFAULT:SHA1') - if scenario.disable_apparmor_profile_unix_chkpwd: - os.symlink('/etc/apparmor.d/unix-chkpwd', '/etc/apparmor.d/disable/unix-chkpwd') - run_command('apparmor_parser', '-R', '/etc/apparmor.d/unix-chkpwd') + if scenario.disable_apparmor_profile_pasta: + os.symlink('/etc/apparmor.d/usr.bin.pasta', '/etc/apparmor.d/disable/usr.bin.pasta') + run_command('apparmor_parser', '-R', '/etc/apparmor.d/usr.bin.pasta') for test_command in test_commands: def run_test_command() -> SubprocessResult: @@ -358,9 +361,9 @@ def run_test(scenario: TestScenario) -> TestResult: message = str(ex) display.error(f'{scenario} {message}') finally: - if scenario.disable_apparmor_profile_unix_chkpwd: - os.unlink('/etc/apparmor.d/disable/unix-chkpwd') - run_command('apparmor_parser', '/etc/apparmor.d/unix-chkpwd') + if scenario.disable_apparmor_profile_pasta: + os.unlink('/etc/apparmor.d/disable/usr.bin.pasta') + run_command('apparmor_parser', '/etc/apparmor.d/usr.bin.pasta') if scenario.enable_sha1: run_command('update-crypto-policies', '--set', 'DEFAULT') @@ -621,7 +624,7 @@ class TestScenario: enable_sha1: bool debug_systemd: bool probe_cgroups: bool - disable_apparmor_profile_unix_chkpwd: bool + disable_apparmor_profile_pasta: bool @property def tags(self) -> tuple[str, ...]: @@ -642,8 +645,8 @@ class TestScenario: if self.enable_sha1: tags.append('sha1: enabled') - if self.disable_apparmor_profile_unix_chkpwd: - tags.append('apparmor(unix-chkpwd): disabled') + if self.disable_apparmor_profile_pasta: + tags.append('apparmor(pasta): disabled') return tuple(tags) @@ -1065,7 +1068,7 @@ class AptBootstrapper(Bootstrapper): if cls.install_podman(): # NOTE: Install crun to make it available to podman, otherwise installing docker.io can cause podman to use runc instead. # Using podman rootless requires the `newuidmap` and `slirp4netns` commands. - packages.extend(('podman', 'crun', 'uidmap', 'slirp4netns')) + packages.extend(('podman', 'crun', 'uidmap', 'slirp4netns', 'passt')) run_command('apt-get', 'install', *packages, '-y', '--no-install-recommends', env=apt_env) diff --git a/test/integration/targets/apt/tasks/apt.yml b/test/integration/targets/apt/tasks/apt.yml index da3825279a0..7cc34ce4de2 100644 --- a/test/integration/targets/apt/tasks/apt.yml +++ b/test/integration/targets/apt/tasks/apt.yml @@ -385,11 +385,17 @@ ignore_errors: yes register: apt_result +- name: hello-traditional was removed in newer versions, but we can build if needed. + include_tasks: hello-traditional.yml + when: + - apt_result is failed + - '"No package matching" in apt_result.msg' + - name: verify failure of installing hello-traditional, because it is required to remove hello to install. assert: that: - apt_result is failed - - '"Packages need to be removed but remove is disabled." in apt_result.msg' + - '"Packages need to be removed but remove is disabled." in apt_result.msg or "Conflicts with the installed package" in apt_result.msg' - name: uninstall hello with apt apt: diff --git a/test/integration/targets/apt/tasks/hello-traditional.yml b/test/integration/targets/apt/tasks/hello-traditional.yml new file mode 100644 index 00000000000..1074f809553 --- /dev/null +++ b/test/integration/targets/apt/tasks/hello-traditional.yml @@ -0,0 +1,55 @@ +- name: create hello-traditional from hello, cleanup not needed, OUTPUT_DIR gets cleared + vars: + outdir: '{{lookup("env", "OUTPUT_DIR")}}' + workdir: '{{outdir}}/hello-traditional' + control: '{{workdir}}/DEBIAN/control' + block: + - name: ensure we have our dirs + file: + path: '{{item}}' + state: directory + loop: + - '{{outdir}}' + - '{{workdir}}' + - '{{workdir}}/DEBIAN' + + - name: download deb + shell: + cmd: apt download hello + chdir: '{{outdir}}' + + - name: extract files and metafiles + shell: '{{" ".join(["dpkg-deb", "-" + item.flag, outdir + "/hello_*.deb", workdir + item.dest])}}' + loop: + - flag: e + dest: /DEBIAN/ + - flag: x + dest: / + + - name: in case conflict didn't exist + lineinfile: + path: '{{control}}' + regexp: '^Conflicts: hello' + line: 'Conflicts: hello' + + - name: modify into hello-traditional, conflicting!!! + replace: + path: '{{control}}' + regexp: '{{item.old}}' + replace: '{{item.new}}' + loop: + - old: '^Package: hello$' + new: 'Package: hello-traditional' + - old: '^Conflicts: hello-traditional$' + new: 'Conflicts: hello' + + - name: build hello + shell: dpkg-deb -b {{workdir}} {{outdir}}/hello-traditional.deb + + - name: Try again, now try installing hello-traditional, that conflicts with hello + apt: + deb: '{{outdir}}/hello-traditional.deb' + state: present + fail_on_autoremove: yes + ignore_errors: yes + register: apt_result diff --git a/test/integration/targets/apt/vars/Ubuntu-26.yml b/test/integration/targets/apt/vars/Ubuntu-26.yml new file mode 100644 index 00000000000..6a6bb8e6b94 --- /dev/null +++ b/test/integration/targets/apt/vars/Ubuntu-26.yml @@ -0,0 +1 @@ +multiarch_test_pkg: libunistring5 diff --git a/test/integration/targets/apt_repository/tasks/main.yml b/test/integration/targets/apt_repository/tasks/main.yml index 5d72f6f1114..8b395eaa0ea 100644 --- a/test/integration/targets/apt_repository/tasks/main.yml +++ b/test/integration/targets/apt_repository/tasks/main.yml @@ -16,6 +16,10 @@ # You should have received a copy of the GNU General Public License # along with Ansible. If not, see . +- name: skip test on unsupported platforms + meta: end_play + when: ansible_distribution == 'Ubuntu' and ansible_distribution_version is version('26.04', '>=') + - import_tasks: 'apt.yml' when: ansible_distribution in ('Ubuntu') diff --git a/test/integration/targets/connection_local/test_become_password_handling.yml b/test/integration/targets/connection_local/test_become_password_handling.yml index faf6340fb1b..c7f4c668c50 100644 --- a/test/integration/targets/connection_local/test_become_password_handling.yml +++ b/test/integration/targets/connection_local/test_become_password_handling.yml @@ -159,7 +159,7 @@ - assert: that: - missing_required_password is failed - - missing_required_password.msg is contains "password is required" + - missing_required_password.msg is contains "password is required" or missing_required_password.msg is contains "interactive authentication is required" - name: verify duplicate password prompts are handled (due to incorrect password) raw: echo hi mom diff --git a/test/lib/ansible_test/_data/completion/docker.txt b/test/lib/ansible_test/_data/completion/docker.txt index 7fddb79299d..e34431988e9 100644 --- a/test/lib/ansible_test/_data/completion/docker.txt +++ b/test/lib/ansible_test/_data/completion/docker.txt @@ -3,5 +3,5 @@ default image=quay.io/ansible/default-test-container:v2.22-0 python=3.14,3.9,3.1 default image=quay.io/ansible/ansible-core-test-container:v2.22-0 python=3.14,3.9,3.10,3.11,3.12,3.13,3.15 powershell=7.6 context=ansible-core alpine323 image=quay.io/ansible/alpine-test-container:3.23-v2.22-0 python=3.12 cgroup=none audit=none alias=alpine fedora44 image=quay.io/ansible/fedora-test-container:44-v2.22-1 python=3.14 cgroup=v2-only alias=fedora -ubuntu2204 image=quay.io/ansible/ubuntu-test-container:22.04-v2.22-0 python=3.10 -ubuntu2404 image=quay.io/ansible/ubuntu-test-container:24.04-v2.22-0 python=3.12 alias=ubuntu +ubuntu2404 image=quay.io/ansible/ubuntu-test-container:24.04-v2.22-0 python=3.12 +ubuntu2604 image=quay.io/ansible/ubuntu-test-container:26.04-v2.22-2 python=3.14 alias=ubuntu diff --git a/test/lib/ansible_test/_data/completion/remote.txt b/test/lib/ansible_test/_data/completion/remote.txt index d2103912d8a..91e6906abb7 100644 --- a/test/lib/ansible_test/_data/completion/remote.txt +++ b/test/lib/ansible_test/_data/completion/remote.txt @@ -11,6 +11,6 @@ rhel/8.10 python=3.12 become=sudo provider=aws arch=x86_64 alias=rhel/8 rhel/9.7 python=3.9,3.12 become=sudo provider=aws arch=x86_64 alias=rhel/9 rhel/10.1 python=3.12 become=sudo provider=aws arch=x86_64 alias=rhel/10,rhel/latest rhel become=sudo provider=aws arch=x86_64 -ubuntu/22.04 python=3.10 become=sudo provider=aws arch=x86_64 -ubuntu/24.04 python=3.12 become=sudo provider=aws arch=x86_64 alias=ubuntu/latest +ubuntu/24.04 python=3.12 become=sudo provider=aws arch=x86_64 +ubuntu/26.04 python=3.14 become=sudo provider=aws arch=x86_64 alias=ubuntu/latest ubuntu become=sudo provider=aws arch=x86_64