99 lines
3.4 KiB
YAML
99 lines
3.4 KiB
YAML
---
|
|
- hosts: all
|
|
any_errors_fatal: true
|
|
tasks:
|
|
# NOTE(yoctozepto): setting vars as facts for all to have them around in all the plays
|
|
- name: Set facts for commonly used variables
|
|
set_fact:
|
|
kolla_ansible_src_dir: "{{ ansible_env.PWD }}/src/{{ zuul.project.canonical_hostname }}/openstack/kolla-ansible"
|
|
kolla_ansible_venv_path: "{{ ansible_env.HOME }}/kolla-ansible-venv"
|
|
upper_constraints_file: "{{ ansible_env.HOME }}/src/opendev.org/openstack/requirements/upper-constraints.txt"
|
|
pip_user_path_env:
|
|
PATH: "{{ ansible_env.HOME + '/.local/bin:' + ansible_env.PATH }}"
|
|
|
|
- hosts: primary
|
|
any_errors_fatal: true
|
|
environment: "{{ pip_user_path_env }}"
|
|
tasks:
|
|
- name: Ensure /etc/kolla exists
|
|
file:
|
|
path: "/etc/kolla"
|
|
state: "directory"
|
|
mode: 0777
|
|
become: true
|
|
|
|
- name: Install Python3.12 on RHEL derivatives
|
|
dnf:
|
|
name:
|
|
- python3.12
|
|
- python3.12-devel
|
|
state: latest
|
|
when: ansible_facts.os_family == 'RedHat'
|
|
become: true
|
|
|
|
- name: Create Kolla Ansible venv
|
|
command:
|
|
cmd: "{{ 'python3.12' if ansible_facts.os_family == 'RedHat' else 'python3' }} -m venv {{ kolla_ansible_venv_path }}"
|
|
creates: "{{ kolla_ansible_venv_path }}"
|
|
|
|
- name: Ensure the latest tested pip
|
|
pip:
|
|
name: "pip==23.*"
|
|
state: latest
|
|
virtualenv: "{{ kolla_ansible_venv_path }}"
|
|
|
|
- name: Ensure the latest tested setuptools
|
|
pip:
|
|
name: "setuptools==67.2.0"
|
|
state: latest
|
|
virtualenv: "{{ kolla_ansible_venv_path }}"
|
|
|
|
- name: Install kolla-ansible and dependencies
|
|
pip:
|
|
extra_args: "-c {{ upper_constraints_file }}"
|
|
name:
|
|
- "{{ kolla_ansible_src_dir }}"
|
|
- "ansible-core{{ ansible_core_version_constraint }}"
|
|
- "ara[server]<1.7"
|
|
virtualenv: "{{ kolla_ansible_venv_path }}"
|
|
|
|
- name: Copy passwords.yml file
|
|
copy:
|
|
src: "{{ kolla_ansible_src_dir }}/etc/kolla/passwords.yml"
|
|
dest: /etc/kolla/passwords.yml
|
|
mode: "0640"
|
|
remote_src: true
|
|
|
|
- name: Generate passwords
|
|
command: "{{ kolla_ansible_venv_path }}/bin/kolla-genpwd"
|
|
|
|
# At this point we have generated all necessary configuration, and are
|
|
# ready to test Hashicorp Vault.
|
|
- name: Run test-hashicorp-vault-passwords.sh script
|
|
script:
|
|
cmd: test-hashicorp-vault-passwords.sh
|
|
executable: /bin/bash
|
|
chdir: "{{ kolla_ansible_src_dir }}"
|
|
environment:
|
|
BASE_DISTRO: "{{ base_distro }}"
|
|
KOLLA_ANSIBLE_VENV_PATH: "{{ kolla_ansible_venv_path }}"
|
|
|
|
- name: Read template file
|
|
slurp:
|
|
src: "/etc/kolla/passwords.yml"
|
|
register: template_file
|
|
|
|
- name: Read generated file
|
|
slurp:
|
|
src: "/tmp/passwords-hashicorp-vault.yml"
|
|
register: generated_file
|
|
|
|
# This test will load in the original input file and the one that was
|
|
# generated by Vault and ensure that the keys are the same in both files.
|
|
# This ensures that we are not missing any passwords.
|
|
- name: Check passwords that were written to Vault are as expected
|
|
vars:
|
|
input_passwords: "{{ template_file['content'] | b64decode | from_yaml | sort }}"
|
|
output_passwords: "{{ generated_file['content'] | b64decode | from_yaml | sort }}"
|
|
assert: { that: "input_passwords == output_passwords" }
|