New validation: verify_package
This validation will run only on RedHat OS family (CentOS, Fedora, ...). It calls the "rpm --verify|-V" command on the selected package, and return its status. Some notes: - if the package isn't installed, it will fail - if the package is present, but doesn't have the %verifyscript scriptlet, it won't fail - "become" is needed, especially if the verification script in the RPM calls some root-only things, such as "semodule" (this is the case for openstack-selinux, for instance) - if you set the validation to verbose, most of the output will be in the stdout - you therefore will have to go through the validation log to get the complete reason Change-Id: I7be310cac60b6729aa3c1a67f731421f85a78d80
This commit is contained in:
parent
c473b46f30
commit
566dc28121
64
validations_common/playbooks/verify-package.yaml
Normal file
64
validations_common/playbooks/verify-package.yaml
Normal file
@ -0,0 +1,64 @@
|
||||
---
|
||||
# This playbook has been generated by the `validation init` CLI.
|
||||
#
|
||||
# As shown here in this template, the validation playbook requires three
|
||||
# top-level directive:
|
||||
# ``hosts``, ``vars -> metadata`` and ``roles``.
|
||||
#
|
||||
# ``hosts``: specifies which nodes to run the validation on. The options can
|
||||
# be ``all`` (run on all nodes), or you could use the hosts defined
|
||||
# in the inventory.
|
||||
# ``vars``: this section serves for storing variables that are going to be
|
||||
# available to the Ansible playbook. The validations API uses the
|
||||
# ``metadata`` section to read each validation's name and description
|
||||
# These values are then reported by the API.
|
||||
#
|
||||
# The validations can be grouped together by specyfying a ``groups`` metadata.
|
||||
# Groups function similar to tags and a validation can thus be part of many
|
||||
# groups. To get a full list of the groups available and their description,
|
||||
# please run the following command on your Ansible Controller host:
|
||||
#
|
||||
# $ validation show group
|
||||
#
|
||||
# The validations can also be categorized by technical domain and acan belong to
|
||||
# one or multiple ``categories``. For example, if your validation checks some
|
||||
# networking related configuration, you may want to put ``networking`` as a
|
||||
# category. Note that this section is open and you are free to categorize your
|
||||
# validations as you like.
|
||||
#
|
||||
# The ``products`` section refers to the product on which you would like to run
|
||||
# the validation. It's another way to categorized your community validations.
|
||||
# Note that, by default, ``community`` is set in the ``products`` section to
|
||||
# help you list your validations by filtering by products:
|
||||
#
|
||||
# $ validation list --product community
|
||||
#
|
||||
- hosts: all
|
||||
gather_facts: false
|
||||
vars:
|
||||
metadata:
|
||||
name: Verify package on RedHat os_family
|
||||
description: |
|
||||
This validation will run `rpm --verify' on RedHat OS family and
|
||||
returns the status.
|
||||
If selected package isn't installed, it will fail.
|
||||
If selected package doesn't have the %verify scriptlet, it won't fail.
|
||||
groups:
|
||||
- prep
|
||||
- pre-deploy
|
||||
- pre-ugrade
|
||||
- post-upgrade
|
||||
- pre-system-upgrade
|
||||
- post-system-upgrade
|
||||
- pre-undercloud-upgrade
|
||||
- post-undercloud-upgrade
|
||||
- pre-overcloud-upgrade
|
||||
- post-overcloud-upgrade
|
||||
- pre-update
|
||||
- post-update
|
||||
categories:
|
||||
- package
|
||||
products:
|
||||
- common
|
||||
roles:
|
||||
- verify_package
|
37
validations_common/roles/verify_package/README.md
Normal file
37
validations_common/roles/verify_package/README.md
Normal file
@ -0,0 +1,37 @@
|
||||
Role Name
|
||||
=========
|
||||
|
||||
Call `rpm --verify <package>'. Note that this validation only works for
|
||||
rhel-based systems, such as Enterprise Linux, CentOS, Fedora and so on.
|
||||
|
||||
Requirements
|
||||
------------
|
||||
|
||||
None
|
||||
|
||||
Role Variables
|
||||
--------------
|
||||
|
||||
`verify_package_pkg`: (str) Package name to verify
|
||||
`verify_package_verbose`: (bool) toggle verbose option for rpm
|
||||
|
||||
Dependencies
|
||||
------------
|
||||
|
||||
None
|
||||
|
||||
Example Playbook
|
||||
----------------
|
||||
|
||||
Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
|
||||
|
||||
- hosts: servers
|
||||
vars:
|
||||
verify_package_pkg: openstack-selinux
|
||||
roles:
|
||||
- verify_package
|
||||
|
||||
License
|
||||
-------
|
||||
|
||||
BSD
|
@ -0,0 +1,4 @@
|
||||
---
|
||||
# defaults file for verify_package
|
||||
verify_package_pkg: bash
|
||||
verify_package_verbose: false
|
24
validations_common/roles/verify_package/tasks/main.yml
Normal file
24
validations_common/roles/verify_package/tasks/main.yml
Normal file
@ -0,0 +1,24 @@
|
||||
---
|
||||
- name: Ensure we have some facts
|
||||
setup:
|
||||
gather_subset: min
|
||||
|
||||
- name: "Verify package {{ verify_package_pkg }}"
|
||||
become: true
|
||||
when:
|
||||
- ansible_facts['os_family'] == 'RedHat'
|
||||
register: pkg_verification
|
||||
command: "rpm {{verify_package_verbose|ternary('-v','') }} -V {{ verify_package_pkg }}"
|
||||
failed_when: pkg_verification['rc'] not in [0, 1]
|
||||
|
||||
- name: Fail if needed
|
||||
when:
|
||||
- pkg_verification['rc'] != 0
|
||||
fail:
|
||||
msg: "{{ pkg_verification['stderr'] }}"
|
||||
|
||||
- name: Fail if we are not on RedHat family system
|
||||
when:
|
||||
- ansible_facts['os_family'] != 'RedHat'
|
||||
fail:
|
||||
msg: "This validation does not support {{ ansible_facts['os_family'] }}!"
|
Loading…
Reference in New Issue
Block a user