1498d0d61d
This functionality can be used to install any CA certificates that the deployer requires into any combination of hosts/containers. Change-Id: Ic1292e18c8add78e8cb30f624be96292b153d4fe
151 lines
5.0 KiB
YAML
151 lines
5.0 KiB
YAML
---
|
|
# Copyright 2015, Rackspace US, Inc.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
# Add some data to use for verification later
|
|
- name: Playbook for test setup
|
|
hosts: localhost
|
|
connection: local
|
|
become: true
|
|
gather_facts: true
|
|
pre_tasks:
|
|
# NOTE(mhayden): We skip this task when we're running the final
|
|
# idempotence check because this task will always mess with the hosts
|
|
# file and cause related tasks to show as `changed`.
|
|
- name: Add entries to hosts file
|
|
blockinfile:
|
|
dest: /etc/hosts
|
|
block: |
|
|
127.111.111.102 test2
|
|
127.111.111.103 test3.openstack.local
|
|
127.111.111.103 test3.additional
|
|
marker: ""
|
|
changed_when: false
|
|
when:
|
|
- "'idempotence' not in lookup('env', 'ANSIBLE_LOG_PATH')"
|
|
|
|
- name: Ensure extra host packages are not present
|
|
package:
|
|
name: "{{ item }}"
|
|
state: absent
|
|
with_items:
|
|
- "{{ extra_host_package }}"
|
|
- "{{ extra_metal_package }}"
|
|
when:
|
|
- "'idempotence' not in lookup('env', 'ANSIBLE_LOG_PATH')"
|
|
|
|
# Create certificate authority and test server cert
|
|
- name: Playbook for test setup
|
|
hosts: localhost
|
|
become: true
|
|
gather_facts: true
|
|
pre_tasks:
|
|
tasks:
|
|
- name: Create test CA
|
|
include_tasks: test-create-ca.yml
|
|
when:
|
|
- "'idempotence' not in lookup('env', 'ANSIBLE_LOG_PATH')"
|
|
|
|
# Prepare the user ssh keys
|
|
- import_playbook: common/test-prepare-keys.yml
|
|
|
|
# Set nodepool variables when running in the OpenStack CI environment
|
|
- import_playbook: common/setting-nodepool-variables.yml
|
|
|
|
# Execute the role
|
|
- import_playbook: common/test-install-openstack-hosts.yml
|
|
|
|
- name: Playbook for role testing
|
|
hosts: localhost
|
|
become: true
|
|
gather_facts: true
|
|
tasks:
|
|
- name: Open modules file
|
|
slurp:
|
|
src: "{{ openstack_host_module_file }}"
|
|
register: modules_file
|
|
|
|
- name: Open sysctl file
|
|
slurp:
|
|
src: /etc/sysctl.conf
|
|
register: sysctl_file
|
|
|
|
- name: Open hosts file
|
|
slurp:
|
|
src: /etc/hosts
|
|
register: hosts_file
|
|
|
|
- name: Open /etc/environment file
|
|
slurp:
|
|
src: /etc/environment
|
|
register: environment_file
|
|
|
|
- name: Read files
|
|
set_fact:
|
|
modules_content: "{{ modules_file.content | b64decode }}"
|
|
sysctl_content: "{{ sysctl_file.content | b64decode }}"
|
|
hosts_content: "{{ hosts_file.content | b64decode }}"
|
|
environment_content: "{{ environment_file.content | b64decode }}"
|
|
|
|
- name: Check for release file
|
|
stat:
|
|
path: /etc/openstack-release
|
|
register: release_file
|
|
|
|
- name: Check for systat file
|
|
stat:
|
|
path: "{{ openstack_host_sysstat_file }}"
|
|
register: systat_file
|
|
|
|
- name: Check for ssh dir
|
|
stat:
|
|
path: "{{ ansible_env.HOME}}/.ssh"
|
|
register: ssh_dir
|
|
|
|
- name: Check for extra host package present on host
|
|
package:
|
|
name: "{{ extra_host_package }}"
|
|
state: present
|
|
register: extra_distro_package_host
|
|
|
|
- name: Check for extra metal package present on host
|
|
package:
|
|
name: "{{ extra_metal_package }}"
|
|
state: present
|
|
register: extra_metal_distro_package_host
|
|
|
|
- name: Validate server certificate against system trust store
|
|
command: certtool --verify --infile "{{ test_cert_dir }}/server.pem"
|
|
changed_when: false
|
|
|
|
- name: Check role functions
|
|
assert:
|
|
that:
|
|
- "'dm_multipath' in modules_content"
|
|
- "'ebtables' in modules_content"
|
|
- "'vm.swappiness' in sysctl_content"
|
|
- "'127.0.0.1 {{ ansible_hostname }}.openstack.local localhost {{ ansible_hostname }}' in hosts_content"
|
|
- "'127.0.1.1 {{ ansible_hostname }}.openstack.local localhost {{ ansible_hostname }}' in hosts_content"
|
|
- "'127.111.111.101 {{ ansible_hostname }}.openstack.local test1 {{ ansible_hostname }}' in hosts_content"
|
|
- "'127.111.111.102 {{ ansible_hostname }}.openstack.local test2 {{ ansible_hostname }}' in hosts_content"
|
|
- "'127.111.111.103 {{ ansible_hostname }}.openstack.local test3 {{ ansible_hostname }}' in hosts_content"
|
|
- "'127.111.111.103 test3.additional' not in hosts_content"
|
|
- "release_file.stat.exists"
|
|
- "systat_file.stat.exists"
|
|
- "'PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin' in environment_content"
|
|
- "ssh_dir.stat.isdir"
|
|
- extra_distro_package_host.changed == false
|
|
- extra_metal_distro_package_host.changed == false
|
|
|