Add gate config
This patch adds gerrit configuration as well as an ansible-lint gate job. Change-Id: I1585516e8caf5db82cbab6fd34e29c9fc219f85f
This commit is contained in:
parent
369ac53a5a
commit
3076482fda
1
.gitignore
vendored
Normal file
1
.gitignore
vendored
Normal file
@ -0,0 +1 @@
|
||||
.tox/
|
4
.gitreview
Normal file
4
.gitreview
Normal file
@ -0,0 +1,4 @@
|
||||
[gerrit]
|
||||
host=review.openstack.org
|
||||
port=29418
|
||||
project=openstack/ansible-role-thales-hsm.git
|
@ -1,53 +1,53 @@
|
||||
---
|
||||
- name: Create working directory
|
||||
file:
|
||||
path: "{{thales_client_working_dir}}"
|
||||
path: "{{ thales_client_working_dir }}"
|
||||
state: directory
|
||||
mode: 0755
|
||||
|
||||
- name: create thales group
|
||||
group:
|
||||
name: nfast
|
||||
gid: "{{thales_client_gid}}"
|
||||
gid: "{{ thales_client_gid }}"
|
||||
|
||||
- name: create thales user
|
||||
user:
|
||||
name: nfast
|
||||
uid: "{{thales_client_uid}}"
|
||||
group: "{{thales_client_gid}}"
|
||||
uid: "{{ thales_client_uid }}"
|
||||
group: "{{ thales_client_gid }}"
|
||||
create_home: true
|
||||
home: /opt/nfast
|
||||
|
||||
- name: Download Thales client tarball
|
||||
get_url:
|
||||
url: "{{thales_client_tarball_location}}"
|
||||
dest: "{{thales_client_working_dir}}/{{thales_client_tarball_name}}"
|
||||
url: "{{ thales_client_tarball_location }}"
|
||||
dest: "{{ thales_client_working_dir }}/{{ thales_client_tarball_name }}"
|
||||
force: no
|
||||
|
||||
- name: Unpack tarball to working directory
|
||||
unarchive:
|
||||
src: "{{thales_client_working_dir}}/{{thales_client_tarball_name}}"
|
||||
dest: "{{thales_client_working_dir}}"
|
||||
creates: "{{thales_client_working_dir}}/{{thales_client_path}}"
|
||||
src: "{{ thales_client_working_dir }}/{{ thales_client_tarball_name }}"
|
||||
dest: "{{ thales_client_working_dir }}"
|
||||
creates: "{{ thales_client_working_dir }}/{{ thales_client_path }}"
|
||||
remote_src: yes
|
||||
|
||||
- name: Unpack tarball to /opt/nfast
|
||||
shell: |
|
||||
for i in `find "{{thales_client_working_dir}}/{{thales_client_path}}" -name *.tar` ; do
|
||||
for i in `find "{{ thales_client_working_dir }}/{{ thales_client_path }}" -name *.tar` ; do
|
||||
tar -C / -xvf $i ;
|
||||
done
|
||||
args:
|
||||
creates: /opt/nfast/sbin/install
|
||||
|
||||
- name: run installer
|
||||
- name: run installer # noqa 306
|
||||
shell: echo "1" | /opt/nfast/sbin/install
|
||||
args:
|
||||
creates: /opt/nfast/kmdata
|
||||
|
||||
- name: Get the security world data
|
||||
get_url:
|
||||
url: "{{thales_km_data_location}}"
|
||||
dest: "/root/{{thales_km_data_tarball_name}}"
|
||||
url: "{{ thales_km_data_location }}"
|
||||
dest: "/root/{{ thales_km_data_tarball_name }}"
|
||||
force: no
|
||||
|
||||
- name: remove the old km_data
|
||||
@ -57,12 +57,12 @@
|
||||
|
||||
- name: replace kmdata
|
||||
unarchive:
|
||||
src: "/root/{{thales_km_data_tarball_name}}"
|
||||
src: "/root/{{ thales_km_data_tarball_name }}"
|
||||
dest: /opt/nfast
|
||||
remote_src: yes
|
||||
|
||||
- name: run anonkneti to get hash
|
||||
command: /opt/nfast/bin/anonkneti "{{thales_hsm_ip_address}}"
|
||||
command: /opt/nfast/bin/anonkneti "{{ thales_hsm_ip_address }}"
|
||||
register: anonkneti
|
||||
|
||||
- name: output of anonkneti
|
||||
@ -83,7 +83,7 @@
|
||||
force: yes
|
||||
|
||||
- name: enroll client to HSM
|
||||
command: /opt/nfast/bin/nethsmenroll --force {{thales_hsm_ip_address}} {{anonkneti.stdout_lines[0]}}
|
||||
command: /opt/nfast/bin/nethsmenroll --force {{ thales_hsm_ip_address }} {{ anonkneti.stdout_lines[0] }}
|
||||
|
||||
- name: set selinux contexts for /opt/nfast
|
||||
command: restorecon -R /opt/nfast
|
||||
@ -99,4 +99,4 @@
|
||||
debug: var=enquiry
|
||||
|
||||
- name: set up rfs_sync
|
||||
command: /opt/nfast/bin/rfs-sync --setup --no-authenticate {{thales_rfs_server_ip_address}}
|
||||
command: /opt/nfast/bin/rfs-sync --setup --no-authenticate {{ thales_rfs_server_ip_address }}
|
||||
|
@ -1,14 +1,14 @@
|
||||
---
|
||||
# This role adds a new IP address to the RFS conf file
|
||||
|
||||
- name: run script to add {{thales_client_ips}} to config.new
|
||||
script: "{{role_path}}/files/add_ips.py --config-dir /opt/nfast/kmdata/{{thales_hsm_config_location}}/config --ips {{thales_client_ips}}"
|
||||
- name: run script to add {{ thales_client_ips }} to config.new
|
||||
script: "{{ role_path }}/files/add_ips.py --config-dir /opt/nfast/kmdata/{{ thales_hsm_config_location }}/config --ips {{ thales_client_ips }}"
|
||||
|
||||
- name: push new config to the HSM and check that it was successful
|
||||
shell: "/opt/nfast/bin/cfg-pushnethsm -a {{thales_hsm_ip_address}} /opt/nfast/kmdata/{{thales_hsm_config_location}}/config/config.new && sleep 5 && diff /opt/nfast/kmdata/{{thales_hsm_config_location}}/config/config /opt/nfast/kmdata/{{thales_hsm_config_location}}/config/config.new"
|
||||
shell: "/opt/nfast/bin/cfg-pushnethsm -a {{ thales_hsm_ip_address }} /opt/nfast/kmdata/{{ thales_hsm_config_location }}/config/config.new && sleep 5 && diff /opt/nfast/kmdata/{{ thales_hsm_config_location }}/config/config /opt/nfast/kmdata/{{ thales_hsm_config_location }}/config/config.new" # noqa 204
|
||||
register: result
|
||||
until: result.rc == 0
|
||||
retries: 10
|
||||
|
||||
- name: allow bootstrap server to update the RFS server
|
||||
command: "/opt/nfast/bin/rfs-setup --gang-client --write-noauth {{thales_bootstrap_client_ip}}"
|
||||
command: "/opt/nfast/bin/rfs-setup --gang-client --write-noauth {{ thales_bootstrap_client_ip }}"
|
||||
|
1
test-requirements.txt
Normal file
1
test-requirements.txt
Normal file
@ -0,0 +1 @@
|
||||
ansible-lint
|
11
tox.ini
Normal file
11
tox.ini
Normal file
@ -0,0 +1,11 @@
|
||||
[tox]
|
||||
minversion = 2.0
|
||||
envlist = linters
|
||||
skipdist = true
|
||||
|
||||
[testenv]
|
||||
deps = -r{toxinidir}/test-requirements.txt
|
||||
|
||||
[testenv:linters]
|
||||
# TODO(redrobot): Don't ignore 301
|
||||
commands = ansible-lint -x 301 {toxinidir}
|
11
zuul.d/layout.yaml
Normal file
11
zuul.d/layout.yaml
Normal file
@ -0,0 +1,11 @@
|
||||
---
|
||||
- project:
|
||||
check:
|
||||
jobs:
|
||||
- openstack-tox-linters
|
||||
gate:
|
||||
jobs:
|
||||
- openstack-tox-linters
|
||||
post:
|
||||
jobs:
|
||||
- publish-openstack-python-branch-tarball
|
Loading…
Reference in New Issue
Block a user