Unpin ansible-lint

This patch unpins ansible-lint to fix the failing gate.  All lint
errors have been fixed.

Change-Id: I2f8c90db5add09e27f71cf8aecca8d0e108a3de3
(cherry picked from commit 45081528b1)
This commit is contained in:
Douglas Mendizábal 2023-09-21 17:10:19 -04:00
parent f7494ce7dd
commit 5b26d929b4
9 changed files with 128 additions and 119 deletions

View File

@ -1,5 +1,5 @@
--- ---
- name: legacy vars warning - name: Legacy vars warning
debug: ansible.builtin.debug:
msg: "WARNING: Using legacy thales_hsm_ip_address and msg: "WARNING: Using legacy thales_hsm_ip_address and
thales_hsm_config_location variables. Please udpate your vars file." thales_hsm_config_location variables. Please udpate your vars file."

7
meta/main.yaml Normal file
View File

@ -0,0 +1,7 @@
---
galaxy_info:
role_name: thales_hsm
author: OpenStack Community
license: Apache-2.0
description: Manages Entrust nShield Connect HSMs and clients.
min_ansible_version: '2.8'

View File

@ -1,2 +1,2 @@
pbr>=1.6 pbr>=1.6
ansible ansible>=2.8.0

View File

@ -1,117 +1,120 @@
--- ---
- name: Create working directory - name: Create working directory
file: ansible.builtin.file:
path: "{{ thales_client_working_dir }}" path: "{{ thales_client_working_dir }}"
state: directory state: directory
mode: 0755 mode: '755'
- name: create thales group - name: Create thales group
group: ansible.builtin.group:
name: nfast name: nfast
gid: "{{ thales_client_gid }}" gid: "{{ thales_client_gid }}"
- name: create thales user - name: Create thales user
user: ansible.builtin.user:
name: nfast name: nfast
uid: "{{ thales_client_uid }}" uid: "{{ thales_client_uid }}"
group: "{{ thales_client_gid }}" group: "{{ thales_client_gid }}"
create_home: true create_home: true
home: /opt/nfast home: /opt/nfast
- name: set selinux bool to allow barbican containers to access /opt/nfast - name: Set selinux bool to allow barbican containers to access /opt/nfast
seboolean: ansible.posix.seboolean:
name: os_barbican_write_pki name: os_barbican_write_pki
state: yes state: true
persistent: yes persistent: true
when: ansible_os_family | lower == 'redhat' when: ansible_os_family | lower == 'redhat'
- name: Download Thales client tarball - name: Download Thales client tarball
get_url: ansible.builtin.get_url:
url: "{{ thales_client_tarball_location }}" url: "{{ thales_client_tarball_location }}"
dest: "{{ thales_client_working_dir }}/{{ thales_client_tarball_name }}" dest: "{{ thales_client_working_dir }}/{{ thales_client_tarball_name }}"
force: no mode: '644'
force: false
- name: Unpack tarball to working directory - name: Unpack tarball to working directory
unarchive: ansible.builtin.unarchive:
src: "{{ thales_client_working_dir }}/{{ thales_client_tarball_name }}" src: "{{ thales_client_working_dir }}/{{ thales_client_tarball_name }}"
dest: "{{ thales_client_working_dir }}" dest: "{{ thales_client_working_dir }}"
creates: "{{ thales_client_working_dir }}/{{ thales_client_path }}" creates: "{{ thales_client_working_dir }}/{{ thales_client_path }}"
remote_src: yes remote_src: true
- name: Unpack tarball to /opt/nfast - name: Unpack tarball to /opt/nfast
shell: | ansible.builtin.shell: |
for i in `find "{{ thales_client_working_dir }}/{{ thales_client_path }}" -name *.tar` ; do for i in `find "{{ thales_client_working_dir }}/{{ thales_client_path }}" -name *.tar` ; do
tar -C / -xvf $i ; tar -C / -xvf $i ;
done done
args: args:
creates: /opt/nfast/sbin/install creates: /opt/nfast/sbin/install
- name: check for libnsl dependency - name: Check for libnsl dependency
stat: ansible.builtin.stat:
path: /lib64/libnsl.so.1 path: /lib64/libnsl.so.1
register: st register: st
- name: ensure libnsl dependency is installed - name: Ensure libnsl dependency is installed
package: ansible.builtin.package:
name: libnsl name: libnsl
state: present state: present
when: not st.stat.exists when: not st.stat.exists
- name: run installer # noqa 306 - name: Run installer
shell: echo "1" | /opt/nfast/sbin/install ansbile.builtin.shell: set -o pipefail && echo "1" | /opt/nfast/sbin/install
args: args:
creates: /opt/nfast/kmdata creates: /opt/nfast/kmdata
- name: Get the security world data - name: Get the security world data
get_url: ansible.builtin.get_url:
url: "{{ thales_km_data_location }}" url: "{{ thales_km_data_location }}"
dest: "/root/{{ thales_km_data_tarball_name }}" dest: "/root/{{ thales_km_data_tarball_name }}"
force: no mode: '644'
force: false
- name: remove the old km_data - name: Remove the old km_data
file: ansible.builtin.file:
path: /opt/nfast/kmdata path: /opt/nfast/kmdata
state: absent state: absent
- name: replace kmdata - name: Replace kmdata
unarchive: ansible.builtin.unarchive:
src: "/root/{{ thales_km_data_tarball_name }}" src: "/root/{{ thales_km_data_tarball_name }}"
dest: /opt/nfast dest: /opt/nfast
remote_src: yes remote_src: true
- name: create cknfastrc - name: Create cknfastrc
template: ansible.builtin.template:
src: cknfastrc.j2 src: cknfastrc.j2
dest: /opt/nfast/cknfastrc dest: /opt/nfast/cknfastrc
mode: 0644 mode: '644'
- name: create snmp.conf - name: Create snmp.conf
copy: ansible.builtin.copy:
dest: /opt/nfast/etc/snmp/snmp.conf dest: /opt/nfast/etc/snmp/snmp.conf
content: | content: |
defaultPort 21161 defaultPort 21161
force: yes force: true
mode: 0644 mode: '644'
- name: enroll client to hsms - name: Enroll client to hsms
include_tasks: client_enroll.yaml ansible.builtin.include_tasks: client_enroll.yaml
loop: "{{ nshield_hsms }}" loop: "{{ nshield_hsms }}"
- name: set selinux contexts for /opt/nfast - name: Set selinux contexts for /opt/nfast
command: restorecon -R /opt/nfast ansible.builtin.command: restorecon -R /opt/nfast
- name: restart hardserver - name: Restart hardserver
command: /opt/nfast/sbin/init.d-ncipher restart ansible.builtin.command: /opt/nfast/sbin/init.d-ncipher restart
- name: do an enquiry to confirm connection - name: Do an enquiry to confirm connection
command: /opt/nfast/bin/enquiry ansible.builtin.command: /opt/nfast/bin/enquiry
register: enquiry register: enquiry
- name: enquiry result - name: Enquiry result
debug: var=enquiry ansible.builtin.debug:
var: enquiry
- name: set up rfs_sync - name: Set up rfs_sync
command: /opt/nfast/bin/rfs-sync --setup --no-authenticate {{ thales_rfs_server_ip_address }} ansible.builtin.command: /opt/nfast/bin/rfs-sync --setup --no-authenticate {{ thales_rfs_server_ip_address }}
- name: get keys from rfs server - name: Get keys from rfs server
command: /opt/nfast/bin/rfs-sync --update ansible.builtin.command: /opt/nfast/bin/rfs-sync --update

View File

@ -1,10 +1,11 @@
--- ---
- name: run anonkneti to get hash for "{{ item.ip }}" - name: Run anonkneti to get hash for "{{ item.ip }}"
command: /opt/nfast/bin/anonkneti "{{ item.ip }}" ansible.builtin.command: /opt/nfast/bin/anonkneti "{{ item.ip }}"
register: anonkneti register: anonkneti
- name: output of anonkneti - name: Output of anonkneti
debug: var=anonkneti.stdout_lines ansible.builtin.debug:
var: anonkneti.stdout_lines
- name: enroll client to HSM "{{ item.ip }}" - name: Enroll client to HSM "{{ item.ip }}"
command: /opt/nfast/bin/nethsmenroll --force {{ item.ip }} {{ anonkneti.stdout_lines[0] }} ansible.builtin.command: /opt/nfast/bin/nethsmenroll --force {{ item.ip }} {{ anonkneti.stdout_lines[0] }}

View File

@ -1,17 +1,16 @@
--- ---
- name: allow using legacy variables for backwards compatibility - name: Allow using legacy variables for backwards compatibility
set_fact: ansible.builtin.set_fact:
args: nshield_hsms:
nshield_hsms: - name: Legacy variables HSM
- name: Legacy variables HSM ip: "{{ thales_hsm_ip_address }}"
ip: "{{ thales_hsm_ip_address }}"
when: nshield_hsms is not defined and thales_hsm_ip_address is defined when: nshield_hsms is not defined and thales_hsm_ip_address is defined
notify: legacy vars warning notify: Legacy vars warning
- name: Include RFS tasks - name: Include RFS tasks
include_tasks: rfs.yaml ansible.builtin.include_tasks: rfs.yaml
when: thales_configure_rfs when: thales_configure_rfs
- name: Include client installation tasks - name: Include client installation tasks
include_tasks: client.yaml ansible.builtin.include_tasks: client.yaml
when: thales_install_client when: thales_install_client

View File

@ -1,9 +1,9 @@
--- ---
# This role adds a new IP address to the RFS conf file # This role adds a new IP address to the RFS conf file
- name: add client ips to hsms - name: Add client ips to hsms
include_tasks: rfs_register_client.yaml ansbile.builtin.include_tasks: rfs_register_client.yaml
loop: "{{ nshield_hsms }}" loop: "{{ nshield_hsms }}"
- name: allow bootstrap server to update the RFS server - name: Allow bootstrap server to update the RFS server
command: "/opt/nfast/bin/rfs-setup --gang-client --write-noauth {{ thales_bootstrap_client_ip }}" ansible.builtin.command: "/opt/nfast/bin/rfs-setup --gang-client --write-noauth {{ thales_bootstrap_client_ip }}"

View File

@ -1,21 +1,24 @@
--- ---
- name: run anonkneti to get esn for "{{ item.ip }}" - name: Run anonkneti to get esn for "{{ item.ip }}"
command: /opt/nfast/bin/anonkneti "{{ item.ip }}" ansible.builtin.command: /opt/nfast/bin/anonkneti "{{ item.ip }}"
register: anonkneti register: anonkneti
- name: output of anonkneti - name: Output of anonkneti
debug: var=anonkneti.stdout_lines ansible.builtin.debug:
var: anonkneti.stdout_lines
- name: get the esn - name: Get the esn
set_fact: ansible.builtin.set_fact:
esn: "{{ anonkneti.stdout_lines[0].split()[0] }}" esn: "{{ anonkneti.stdout_lines[0].split()[0] }}"
- name: run script to add {{ thales_client_ips }} to config.new on "{{ item.ip }}" esn "{{ esn }}" - name: "Adding client IPs to config for HSM {{ esn }}"
script: "{{ role_path }}/files/add_ips.py --config-dir /opt/nfast/kmdata/hsm-{{ esn }}/config --ips {{ thales_client_ips }}" ansible.builtin.script: "{{ role_path }}/files/add_ips.py --config-dir /opt/nfast/kmdata/hsm-{{ esn }}/config --ips {{ thales_client_ips }}"
- name: push new config to the HSM and check that it was successful - name: Push new config to the HSM and check that it was successful
shell: "/opt/nfast/bin/cfg-pushnethsm -a {{ item.ip }} /opt/nfast/kmdata/hsm-{{ esn }}/config/config.new && sleep 5 && diff /opt/nfast/kmdata/hsm-{{ esn }}/config/config /opt/nfast/kmdata/hsm-{{ esn }}/config/config.new" # noqa 204 ansible.builtin.shell: |
/opt/nfast/bin/cfg-pushnethsm -a {{ item.ip }} /opt/nfast/kmdata/hsm-{{ esn }}/config/config.new && \
sleep 5 && \
diff /opt/nfast/kmdata/hsm-{{ esn }}/config/config /opt/nfast/kmdata/hsm-{{ esn }}/config/config.new
register: result register: result
until: result.rc == 0 until: result.rc == 0
retries: 10 retries: 10

View File

@ -1,5 +1 @@
# NOTE(elod.illes): ansible 6.0.0 introduced new rules that needs to be ansible-lint
# fixed, like fqcn-builtins, etc. Due to Yoga release happens soon
# let's just cap ansible-lint. This needs a separate fix in the future
# to be able to remove the cap.
ansible-lint<6.0.0