diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..33defe4 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.tox/ diff --git a/.gitreview b/.gitreview new file mode 100644 index 0000000..7cb36b1 --- /dev/null +++ b/.gitreview @@ -0,0 +1,4 @@ +[gerrit] +host=review.openstack.org +port=29418 +project=openstack/ansible-role-thales-hsm.git diff --git a/tasks/client.yaml b/tasks/client.yaml index 5ea6c0d..7308727 100644 --- a/tasks/client.yaml +++ b/tasks/client.yaml @@ -1,53 +1,53 @@ --- - name: Create working directory file: - path: "{{thales_client_working_dir}}" + path: "{{ thales_client_working_dir }}" state: directory mode: 0755 - name: create thales group group: name: nfast - gid: "{{thales_client_gid}}" + gid: "{{ thales_client_gid }}" - name: create thales user user: name: nfast - uid: "{{thales_client_uid}}" - group: "{{thales_client_gid}}" + uid: "{{ thales_client_uid }}" + group: "{{ thales_client_gid }}" create_home: true home: /opt/nfast - name: Download Thales client tarball get_url: - url: "{{thales_client_tarball_location}}" - dest: "{{thales_client_working_dir}}/{{thales_client_tarball_name}}" + url: "{{ thales_client_tarball_location }}" + dest: "{{ thales_client_working_dir }}/{{ thales_client_tarball_name }}" force: no - name: Unpack tarball to working directory unarchive: - src: "{{thales_client_working_dir}}/{{thales_client_tarball_name}}" - dest: "{{thales_client_working_dir}}" - creates: "{{thales_client_working_dir}}/{{thales_client_path}}" + src: "{{ thales_client_working_dir }}/{{ thales_client_tarball_name }}" + dest: "{{ thales_client_working_dir }}" + creates: "{{ thales_client_working_dir }}/{{ thales_client_path }}" remote_src: yes - name: Unpack tarball to /opt/nfast shell: | - for i in `find "{{thales_client_working_dir}}/{{thales_client_path}}" -name *.tar` ; do + for i in `find "{{ thales_client_working_dir }}/{{ thales_client_path }}" -name *.tar` ; do tar -C / -xvf $i ; done args: creates: /opt/nfast/sbin/install -- name: run installer +- name: run installer # noqa 306 shell: echo "1" | /opt/nfast/sbin/install args: creates: /opt/nfast/kmdata - name: Get the security world data get_url: - url: "{{thales_km_data_location}}" - dest: "/root/{{thales_km_data_tarball_name}}" + url: "{{ thales_km_data_location }}" + dest: "/root/{{ thales_km_data_tarball_name }}" force: no - name: remove the old km_data @@ -57,12 +57,12 @@ - name: replace kmdata unarchive: - src: "/root/{{thales_km_data_tarball_name}}" + src: "/root/{{ thales_km_data_tarball_name }}" dest: /opt/nfast remote_src: yes - name: run anonkneti to get hash - command: /opt/nfast/bin/anonkneti "{{thales_hsm_ip_address}}" + command: /opt/nfast/bin/anonkneti "{{ thales_hsm_ip_address }}" register: anonkneti - name: output of anonkneti @@ -83,7 +83,7 @@ force: yes - name: enroll client to HSM - command: /opt/nfast/bin/nethsmenroll --force {{thales_hsm_ip_address}} {{anonkneti.stdout_lines[0]}} + command: /opt/nfast/bin/nethsmenroll --force {{ thales_hsm_ip_address }} {{ anonkneti.stdout_lines[0] }} - name: set selinux contexts for /opt/nfast command: restorecon -R /opt/nfast @@ -99,4 +99,4 @@ debug: var=enquiry - name: set up rfs_sync - command: /opt/nfast/bin/rfs-sync --setup --no-authenticate {{thales_rfs_server_ip_address}} + command: /opt/nfast/bin/rfs-sync --setup --no-authenticate {{ thales_rfs_server_ip_address }} diff --git a/tasks/rfs.yaml b/tasks/rfs.yaml index 3ef2792..c1f1ca8 100644 --- a/tasks/rfs.yaml +++ b/tasks/rfs.yaml @@ -1,14 +1,14 @@ --- # This role adds a new IP address to the RFS conf file -- name: run script to add {{thales_client_ips}} to config.new - script: "{{role_path}}/files/add_ips.py --config-dir /opt/nfast/kmdata/{{thales_hsm_config_location}}/config --ips {{thales_client_ips}}" +- name: run script to add {{ thales_client_ips }} to config.new + script: "{{ role_path }}/files/add_ips.py --config-dir /opt/nfast/kmdata/{{ thales_hsm_config_location }}/config --ips {{ thales_client_ips }}" - name: push new config to the HSM and check that it was successful - shell: "/opt/nfast/bin/cfg-pushnethsm -a {{thales_hsm_ip_address}} /opt/nfast/kmdata/{{thales_hsm_config_location}}/config/config.new && sleep 5 && diff /opt/nfast/kmdata/{{thales_hsm_config_location}}/config/config /opt/nfast/kmdata/{{thales_hsm_config_location}}/config/config.new" + shell: "/opt/nfast/bin/cfg-pushnethsm -a {{ thales_hsm_ip_address }} /opt/nfast/kmdata/{{ thales_hsm_config_location }}/config/config.new && sleep 5 && diff /opt/nfast/kmdata/{{ thales_hsm_config_location }}/config/config /opt/nfast/kmdata/{{ thales_hsm_config_location }}/config/config.new" # noqa 204 register: result until: result.rc == 0 retries: 10 - name: allow bootstrap server to update the RFS server - command: "/opt/nfast/bin/rfs-setup --gang-client --write-noauth {{thales_bootstrap_client_ip}}" + command: "/opt/nfast/bin/rfs-setup --gang-client --write-noauth {{ thales_bootstrap_client_ip }}" diff --git a/test-requirements.txt b/test-requirements.txt new file mode 100644 index 0000000..6dd128e --- /dev/null +++ b/test-requirements.txt @@ -0,0 +1 @@ +ansible-lint diff --git a/tox.ini b/tox.ini new file mode 100644 index 0000000..2e0aabd --- /dev/null +++ b/tox.ini @@ -0,0 +1,11 @@ +[tox] +minversion = 2.0 +envlist = linters +skipdist = true + +[testenv] +deps = -r{toxinidir}/test-requirements.txt + +[testenv:linters] +# TODO(redrobot): Don't ignore 301 +commands = ansible-lint -x 301 {toxinidir} diff --git a/zuul.d/layout.yaml b/zuul.d/layout.yaml new file mode 100644 index 0000000..2b85502 --- /dev/null +++ b/zuul.d/layout.yaml @@ -0,0 +1,11 @@ +--- +- project: + check: + jobs: + - openstack-tox-linters + gate: + jobs: + - openstack-tox-linters + post: + jobs: + - publish-openstack-python-branch-tarball