Browse Source

Add gate config

This patch adds gerrit configuration as well as an
ansible-lint gate job.

Change-Id: I1585516e8caf5db82cbab6fd34e29c9fc219f85f
changes/95/641095/3
Douglas Mendizábal 3 years ago
parent
commit
3076482fda
  1. 1
      .gitignore
  2. 4
      .gitreview
  3. 34
      tasks/client.yaml
  4. 8
      tasks/rfs.yaml
  5. 1
      test-requirements.txt
  6. 11
      tox.ini
  7. 11
      zuul.d/layout.yaml

1
.gitignore

@ -0,0 +1 @@
.tox/

4
.gitreview

@ -0,0 +1,4 @@
[gerrit]
host=review.openstack.org
port=29418
project=openstack/ansible-role-thales-hsm.git

34
tasks/client.yaml

@ -1,53 +1,53 @@
---
- name: Create working directory
file:
path: "{{thales_client_working_dir}}"
path: "{{ thales_client_working_dir }}"
state: directory
mode: 0755
- name: create thales group
group:
name: nfast
gid: "{{thales_client_gid}}"
gid: "{{ thales_client_gid }}"
- name: create thales user
user:
name: nfast
uid: "{{thales_client_uid}}"
group: "{{thales_client_gid}}"
uid: "{{ thales_client_uid }}"
group: "{{ thales_client_gid }}"
create_home: true
home: /opt/nfast
- name: Download Thales client tarball
get_url:
url: "{{thales_client_tarball_location}}"
dest: "{{thales_client_working_dir}}/{{thales_client_tarball_name}}"
url: "{{ thales_client_tarball_location }}"
dest: "{{ thales_client_working_dir }}/{{ thales_client_tarball_name }}"
force: no
- name: Unpack tarball to working directory
unarchive:
src: "{{thales_client_working_dir}}/{{thales_client_tarball_name}}"
dest: "{{thales_client_working_dir}}"
creates: "{{thales_client_working_dir}}/{{thales_client_path}}"
src: "{{ thales_client_working_dir }}/{{ thales_client_tarball_name }}"
dest: "{{ thales_client_working_dir }}"
creates: "{{ thales_client_working_dir }}/{{ thales_client_path }}"
remote_src: yes
- name: Unpack tarball to /opt/nfast
shell: |
for i in `find "{{thales_client_working_dir}}/{{thales_client_path}}" -name *.tar` ; do
for i in `find "{{ thales_client_working_dir }}/{{ thales_client_path }}" -name *.tar` ; do
tar -C / -xvf $i ;
done
args:
creates: /opt/nfast/sbin/install
- name: run installer
- name: run installer # noqa 306
shell: echo "1" | /opt/nfast/sbin/install
args:
creates: /opt/nfast/kmdata
- name: Get the security world data
get_url:
url: "{{thales_km_data_location}}"
dest: "/root/{{thales_km_data_tarball_name}}"
url: "{{ thales_km_data_location }}"
dest: "/root/{{ thales_km_data_tarball_name }}"
force: no
- name: remove the old km_data
@ -57,12 +57,12 @@
- name: replace kmdata
unarchive:
src: "/root/{{thales_km_data_tarball_name}}"
src: "/root/{{ thales_km_data_tarball_name }}"
dest: /opt/nfast
remote_src: yes
- name: run anonkneti to get hash
command: /opt/nfast/bin/anonkneti "{{thales_hsm_ip_address}}"
command: /opt/nfast/bin/anonkneti "{{ thales_hsm_ip_address }}"
register: anonkneti
- name: output of anonkneti
@ -83,7 +83,7 @@
force: yes
- name: enroll client to HSM
command: /opt/nfast/bin/nethsmenroll --force {{thales_hsm_ip_address}} {{anonkneti.stdout_lines[0]}}
command: /opt/nfast/bin/nethsmenroll --force {{ thales_hsm_ip_address }} {{ anonkneti.stdout_lines[0] }}
- name: set selinux contexts for /opt/nfast
command: restorecon -R /opt/nfast
@ -99,4 +99,4 @@
debug: var=enquiry
- name: set up rfs_sync
command: /opt/nfast/bin/rfs-sync --setup --no-authenticate {{thales_rfs_server_ip_address}}
command: /opt/nfast/bin/rfs-sync --setup --no-authenticate {{ thales_rfs_server_ip_address }}

8
tasks/rfs.yaml

@ -1,14 +1,14 @@
---
# This role adds a new IP address to the RFS conf file
- name: run script to add {{thales_client_ips}} to config.new
script: "{{role_path}}/files/add_ips.py --config-dir /opt/nfast/kmdata/{{thales_hsm_config_location}}/config --ips {{thales_client_ips}}"
- name: run script to add {{ thales_client_ips }} to config.new
script: "{{ role_path }}/files/add_ips.py --config-dir /opt/nfast/kmdata/{{ thales_hsm_config_location }}/config --ips {{ thales_client_ips }}"
- name: push new config to the HSM and check that it was successful
shell: "/opt/nfast/bin/cfg-pushnethsm -a {{thales_hsm_ip_address}} /opt/nfast/kmdata/{{thales_hsm_config_location}}/config/config.new && sleep 5 && diff /opt/nfast/kmdata/{{thales_hsm_config_location}}/config/config /opt/nfast/kmdata/{{thales_hsm_config_location}}/config/config.new"
shell: "/opt/nfast/bin/cfg-pushnethsm -a {{ thales_hsm_ip_address }} /opt/nfast/kmdata/{{ thales_hsm_config_location }}/config/config.new && sleep 5 && diff /opt/nfast/kmdata/{{ thales_hsm_config_location }}/config/config /opt/nfast/kmdata/{{ thales_hsm_config_location }}/config/config.new" # noqa 204
register: result
until: result.rc == 0
retries: 10
- name: allow bootstrap server to update the RFS server
command: "/opt/nfast/bin/rfs-setup --gang-client --write-noauth {{thales_bootstrap_client_ip}}"
command: "/opt/nfast/bin/rfs-setup --gang-client --write-noauth {{ thales_bootstrap_client_ip }}"

1
test-requirements.txt

@ -0,0 +1 @@
ansible-lint

11
tox.ini

@ -0,0 +1,11 @@
[tox]
minversion = 2.0
envlist = linters
skipdist = true
[testenv]
deps = -r{toxinidir}/test-requirements.txt
[testenv:linters]
# TODO(redrobot): Don't ignore 301
commands = ansible-lint -x 301 {toxinidir}

11
zuul.d/layout.yaml

@ -0,0 +1,11 @@
---
- project:
check:
jobs:
- openstack-tox-linters
gate:
jobs:
- openstack-tox-linters
post:
jobs:
- publish-openstack-python-branch-tarball
Loading…
Cancel
Save