New validation: verify_package
This validation will run only on RedHat OS family (CentOS, Fedora, ...). It calls the "rpm --verify|-V" command on the selected package, and return its status. Some notes: - if the package isn't installed, it will fail - if the package is present, but doesn't have the %verifyscript scriptlet, it won't fail - "become" is needed, especially if the verification script in the RPM calls some root-only things, such as "semodule" (this is the case for openstack-selinux, for instance) - if you set the validation to verbose, most of the output will be in the stdout - you therefore will have to go through the validation log to get the complete reason Change-Id: I7be310cac60b6729aa3c1a67f731421f85a78d80
This commit is contained in:
parent
c473b46f30
commit
566dc28121
64
validations_common/playbooks/verify-package.yaml
Normal file
64
validations_common/playbooks/verify-package.yaml
Normal file
@ -0,0 +1,64 @@
|
|||||||
|
---
|
||||||
|
# This playbook has been generated by the `validation init` CLI.
|
||||||
|
#
|
||||||
|
# As shown here in this template, the validation playbook requires three
|
||||||
|
# top-level directive:
|
||||||
|
# ``hosts``, ``vars -> metadata`` and ``roles``.
|
||||||
|
#
|
||||||
|
# ``hosts``: specifies which nodes to run the validation on. The options can
|
||||||
|
# be ``all`` (run on all nodes), or you could use the hosts defined
|
||||||
|
# in the inventory.
|
||||||
|
# ``vars``: this section serves for storing variables that are going to be
|
||||||
|
# available to the Ansible playbook. The validations API uses the
|
||||||
|
# ``metadata`` section to read each validation's name and description
|
||||||
|
# These values are then reported by the API.
|
||||||
|
#
|
||||||
|
# The validations can be grouped together by specyfying a ``groups`` metadata.
|
||||||
|
# Groups function similar to tags and a validation can thus be part of many
|
||||||
|
# groups. To get a full list of the groups available and their description,
|
||||||
|
# please run the following command on your Ansible Controller host:
|
||||||
|
#
|
||||||
|
# $ validation show group
|
||||||
|
#
|
||||||
|
# The validations can also be categorized by technical domain and acan belong to
|
||||||
|
# one or multiple ``categories``. For example, if your validation checks some
|
||||||
|
# networking related configuration, you may want to put ``networking`` as a
|
||||||
|
# category. Note that this section is open and you are free to categorize your
|
||||||
|
# validations as you like.
|
||||||
|
#
|
||||||
|
# The ``products`` section refers to the product on which you would like to run
|
||||||
|
# the validation. It's another way to categorized your community validations.
|
||||||
|
# Note that, by default, ``community`` is set in the ``products`` section to
|
||||||
|
# help you list your validations by filtering by products:
|
||||||
|
#
|
||||||
|
# $ validation list --product community
|
||||||
|
#
|
||||||
|
- hosts: all
|
||||||
|
gather_facts: false
|
||||||
|
vars:
|
||||||
|
metadata:
|
||||||
|
name: Verify package on RedHat os_family
|
||||||
|
description: |
|
||||||
|
This validation will run `rpm --verify' on RedHat OS family and
|
||||||
|
returns the status.
|
||||||
|
If selected package isn't installed, it will fail.
|
||||||
|
If selected package doesn't have the %verify scriptlet, it won't fail.
|
||||||
|
groups:
|
||||||
|
- prep
|
||||||
|
- pre-deploy
|
||||||
|
- pre-ugrade
|
||||||
|
- post-upgrade
|
||||||
|
- pre-system-upgrade
|
||||||
|
- post-system-upgrade
|
||||||
|
- pre-undercloud-upgrade
|
||||||
|
- post-undercloud-upgrade
|
||||||
|
- pre-overcloud-upgrade
|
||||||
|
- post-overcloud-upgrade
|
||||||
|
- pre-update
|
||||||
|
- post-update
|
||||||
|
categories:
|
||||||
|
- package
|
||||||
|
products:
|
||||||
|
- common
|
||||||
|
roles:
|
||||||
|
- verify_package
|
37
validations_common/roles/verify_package/README.md
Normal file
37
validations_common/roles/verify_package/README.md
Normal file
@ -0,0 +1,37 @@
|
|||||||
|
Role Name
|
||||||
|
=========
|
||||||
|
|
||||||
|
Call `rpm --verify <package>'. Note that this validation only works for
|
||||||
|
rhel-based systems, such as Enterprise Linux, CentOS, Fedora and so on.
|
||||||
|
|
||||||
|
Requirements
|
||||||
|
------------
|
||||||
|
|
||||||
|
None
|
||||||
|
|
||||||
|
Role Variables
|
||||||
|
--------------
|
||||||
|
|
||||||
|
`verify_package_pkg`: (str) Package name to verify
|
||||||
|
`verify_package_verbose`: (bool) toggle verbose option for rpm
|
||||||
|
|
||||||
|
Dependencies
|
||||||
|
------------
|
||||||
|
|
||||||
|
None
|
||||||
|
|
||||||
|
Example Playbook
|
||||||
|
----------------
|
||||||
|
|
||||||
|
Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
|
||||||
|
|
||||||
|
- hosts: servers
|
||||||
|
vars:
|
||||||
|
verify_package_pkg: openstack-selinux
|
||||||
|
roles:
|
||||||
|
- verify_package
|
||||||
|
|
||||||
|
License
|
||||||
|
-------
|
||||||
|
|
||||||
|
BSD
|
@ -0,0 +1,4 @@
|
|||||||
|
---
|
||||||
|
# defaults file for verify_package
|
||||||
|
verify_package_pkg: bash
|
||||||
|
verify_package_verbose: false
|
24
validations_common/roles/verify_package/tasks/main.yml
Normal file
24
validations_common/roles/verify_package/tasks/main.yml
Normal file
@ -0,0 +1,24 @@
|
|||||||
|
---
|
||||||
|
- name: Ensure we have some facts
|
||||||
|
setup:
|
||||||
|
gather_subset: min
|
||||||
|
|
||||||
|
- name: "Verify package {{ verify_package_pkg }}"
|
||||||
|
become: true
|
||||||
|
when:
|
||||||
|
- ansible_facts['os_family'] == 'RedHat'
|
||||||
|
register: pkg_verification
|
||||||
|
command: "rpm {{verify_package_verbose|ternary('-v','') }} -V {{ verify_package_pkg }}"
|
||||||
|
failed_when: pkg_verification['rc'] not in [0, 1]
|
||||||
|
|
||||||
|
- name: Fail if needed
|
||||||
|
when:
|
||||||
|
- pkg_verification['rc'] != 0
|
||||||
|
fail:
|
||||||
|
msg: "{{ pkg_verification['stderr'] }}"
|
||||||
|
|
||||||
|
- name: Fail if we are not on RedHat family system
|
||||||
|
when:
|
||||||
|
- ansible_facts['os_family'] != 'RedHat'
|
||||||
|
fail:
|
||||||
|
msg: "This validation does not support {{ ansible_facts['os_family'] }}!"
|
Loading…
Reference in New Issue
Block a user