d21c02c87b
Due to incorrect processing IP:port pairs using 'regex_replace' filter, roles-test gate job fails. This patches fixes all the related errors and CI gate check itself. Change-Id: Ifd7f890166195df0af9b34e1ccff59b7abd2d9ab Relates-To: #305 Closes: #305 Signed-off-by: Ruslan Aliev <raliev@mirantis.com>
151 lines
5.6 KiB
YAML
151 lines
5.6 KiB
YAML
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
|
|
- name: ensure OS
|
|
when: ansible_distribution != 'Debian' and ansible_distribution != 'Ubuntu'
|
|
fail:
|
|
msg: "Only Debian|Ubuntu are currently supported"
|
|
|
|
- name: Confguring sushy-emulator frontend
|
|
become: yes
|
|
block:
|
|
- name: Ensure sushy-emulator backend
|
|
include_role:
|
|
name: apache-wsgi-sushy-emulator
|
|
vars:
|
|
sushy_emulator_action: backend
|
|
|
|
- name: Create htpasswd file
|
|
when: sushy_emulator_frontend_user is defined
|
|
include_role:
|
|
name: apache-server
|
|
vars:
|
|
apache_server_action: htpasswd
|
|
apache_server_htpasswd_path: "/etc/apache2/sites-available/{{ sushy_emulator_frontend_name }}.htpasswd"
|
|
apache_server_htpasswd_user: "{{ sushy_emulator_frontend_user }}"
|
|
|
|
- name: Create sushy-emulator HTTP virtual host config
|
|
when: sushy_emulator_frontend_http_port is defined
|
|
block:
|
|
- name: Create sushy-emulator virtual host config for HTTP
|
|
template:
|
|
src: wsgi-sushy-emulator.conf.j2
|
|
dest: "/etc/apache2/sites-available/{{ sushy_emulator_frontend_name }}.conf"
|
|
|
|
- name: Enable sushy-emulator virtual host
|
|
command: "a2ensite {{ sushy_emulator_frontend_name }}"
|
|
|
|
- name: Insert a accept rule for non-SSL port
|
|
iptables:
|
|
chain: INPUT
|
|
protocol: tcp
|
|
destination_port: "{{ sushy_emulator_frontend_http_port }}"
|
|
destination: "{{ item }}"
|
|
jump: ACCEPT
|
|
action: insert
|
|
with_items: "{{ sushy_emulator_frontend_ip }}"
|
|
when: "item | ipv4"
|
|
|
|
- name: Create sushy-emulator HTTPS virtual host config
|
|
when: sushy_emulator_frontend_https_port is defined
|
|
block:
|
|
- name: Generate certs for casewith alt_names
|
|
when: sushy_emulator_frontend_ip is defined
|
|
include_role:
|
|
name: apache-server
|
|
vars:
|
|
apache_server_action: ssl
|
|
apache_server_ssl_key_path: "/etc/ssl/private/{{ sushy_emulator_frontend_name }}.key"
|
|
apache_server_ssl_cert_path: "/etc/ssl/certs/{{ sushy_emulator_frontend_name }}.pem"
|
|
apache_server_ssl_cn: "{{ sushy_emulator_frontend_servername }}"
|
|
apache_server_ssl_alt_name: "{{ sushy_emulator_frontend_ip | map('regex_replace', '^(.*)$', 'IP:\\1') | list }}"
|
|
|
|
- name: Generate certs for case without alt_names
|
|
when: sushy_emulator_frontend_ip is undefined
|
|
include_role:
|
|
name: apache-server
|
|
vars:
|
|
apache_server_action: ssl
|
|
apache_server_ssl_key_path: "/etc/ssl/private/{{ sushy_emulator_frontend_name }}.key"
|
|
apache_server_ssl_cert_path: "/etc/ssl/certs/{{ sushy_emulator_frontend_name }}.pem"
|
|
apache_server_ssl_cn: "{{ sushy_emulator_frontend_servername }}"
|
|
|
|
- name: Create sushy-emulator virtual host config for HTTPS
|
|
template:
|
|
src: wsgi-sushy-emulator-ssl.conf.j2
|
|
dest: "/etc/apache2/sites-available/{{ sushy_emulator_frontend_name }}-ssl.conf"
|
|
|
|
- name: Enable sushy-emulator virtual host
|
|
command: "a2ensite {{ sushy_emulator_frontend_name }}-ssl"
|
|
|
|
- name: Insert a accept rule for SSL port
|
|
iptables:
|
|
chain: INPUT
|
|
protocol: tcp
|
|
destination_port: "{{ sushy_emulator_frontend_https_port }}"
|
|
destination: "{{ item }}"
|
|
jump: ACCEPT
|
|
action: insert
|
|
with_items: "{{ sushy_emulator_frontend_ip }}"
|
|
when: "item | ipv4"
|
|
|
|
- name: Restart Apache to apply all changes
|
|
include_role:
|
|
name: apache-server
|
|
vars:
|
|
apache_server_action: restart
|
|
|
|
- name: Sanity check for HTTP
|
|
when: sushy_emulator_frontend_check and sushy_emulator_frontend_http_port is defined
|
|
block:
|
|
- name: Check without auth
|
|
when: sushy_emulator_frontend_user is undefined
|
|
uri:
|
|
url: http://{{ sushy_emulator_frontend_servername }}:{{ sushy_emulator_frontend_http_port }}/redfish/v1/Systems?format=json
|
|
method: GET
|
|
return_content: yes
|
|
register: sushy_get_result
|
|
until: sushy_get_result.status == 200
|
|
retries: 18
|
|
delay: 10
|
|
|
|
- name: Check with auth
|
|
when: sushy_emulator_frontend_user is defined
|
|
uri:
|
|
url: http://{{ sushy_emulator_frontend_servername }}:{{ sushy_emulator_frontend_http_port }}/redfish/v1/Systems?format=json
|
|
url_username: "{{ sushy_emulator_frontend_user[0].username }}"
|
|
url_password: "{{ sushy_emulator_frontend_user[0].password }}"
|
|
method: GET
|
|
return_content: yes
|
|
|
|
- name: Sanity check for HTTPS
|
|
when: sushy_emulator_frontend_check and sushy_emulator_frontend_https_port is defined
|
|
block:
|
|
- name: Check without auth
|
|
when: sushy_emulator_frontend_user is undefined
|
|
uri:
|
|
url: https://{{ sushy_emulator_frontend_servername }}:{{ sushy_emulator_frontend_https_port }}/redfish/v1/Systems?format=json
|
|
method: GET
|
|
validate_certs: false
|
|
return_content: yes
|
|
- name: Check with auth
|
|
when: sushy_emulator_frontend_user is defined
|
|
uri:
|
|
url: https://{{ sushy_emulator_frontend_servername }}:{{ sushy_emulator_frontend_https_port }}/redfish/v1/Systems?format=json
|
|
url_username: "{{ sushy_emulator_frontend_user[0].username }}"
|
|
url_password: "{{ sushy_emulator_frontend_user[0].password }}"
|
|
validate_certs: false
|
|
method: GET
|
|
return_content: yes
|
|
|