Steven Dake a789346727 Fix gate to use world writeable docker socket
A recent change related to sudo securepath broke how sudo -E
works.  Now the PATH is reset by sudo as set by tox.  As a result
we can no longer rely on sudo -E anywhere in our gating system
relating to path inheritence from the parent shell.

This patch uses a shell operation in the setup_nodes.yml code
to chmod the docker socket to 666 so docker containers can build
properly.  Now docker operations don't return a permission denied
and we no longer require the sudo -E operation in any of our tox
scripts.  This isn't a security vulnerability because our gate
scripts are only meant to be run in OpenStack infrastructure.
To make this more clear I recommend moving these shell scripts to
tests/gate.

Change-Id: I5b3d6e280e3c12a25defedb14b5589ba642043fa
Closes-Bug: #1562383
2016-03-26 22:23:35 -07:00

189 lines
5.2 KiB
INI

[tox]
minversion = 1.6
skipsdist = True
envlist = py34,py27,pep8,pypy
[testenv]
usedevelop=True
whitelist_externals = find
rm
install_command = pip install -U {opts} {packages}
deps = -r{toxinidir}/requirements.txt
-r{toxinidir}/test-requirements.txt
passenv = http_proxy HTTP_PROXY https_proxy HTTPS_PROXY no_proxy NO_PROXY
OS_STDOUT_CAPTURE OS_STDERR_CAPTURE OS_LOG_CAPTURE OS_TEST_TIMEOUT
PYTHON OS_TEST_PATH LISTOPT IDOPTION
commands =
find . -type f -name "*.pyc" -delete
python setup.py test --slowest --testr-args='{posargs}'
[testenv:pep8]
commands =
{toxinidir}/tools/run-bashate.sh
flake8 {posargs}
{toxinidir}/tools/validate-all-json.sh
{toxinidir}/tools/validate-all-yaml.sh
{toxinidir}/tools/validate-all-maintainer.sh
[testenv:bandit]
commands = bandit -r ansible/library dev docker kolla tests tools
[testenv:venv]
commands = {posargs}
[testenv:docs]
commands = python setup.py build_sphinx
[testenv:setupenv]
commands =
{toxinidir}/tools/setup_gate.sh
{toxinidir}/tools/dump_info.sh
[testenv:build-centos-binary]
whitelist_externals = find
bash
setenv =
DOCKER_BUILD_TEST=1
commands =
find . -type f -name "*.pyc" -delete
bash -c "if [ ! -d .testrepository ]; then testr init; fi"
testr run test_build.BuildTestCentosBinary
{toxinidir}/tools/dump_info.sh
[testenv:build-centos-source]
whitelist_externals = find
bash
setenv =
DOCKER_BUILD_TEST=1
commands =
find . -type f -name "*.pyc" -delete
bash -c "if [ ! -d .testrepository ]; then testr init; fi"
testr run test_build.BuildTestCentosSource
{toxinidir}/tools/dump_info.sh
[testenv:build-ubuntu-source]
whitelist_externals = find
bash
setenv =
DOCKER_BUILD_TEST=1
commands =
find . -type f -name "*.pyc" -delete
bash -c "if [ ! -d .testrepository ]; then testr init; fi"
testr run test_build.BuildTestUbuntuSource
{toxinidir}/tools/dump_info.sh
[testenv:build-oraclelinux-binary]
whitelist_externals = find
bash
setenv =
DOCKER_BUILD_TEST=1
commands =
find . -type f -name "*.pyc" -delete
bash -c "if [ ! -d .testrepository ]; then testr init; fi"
testr run test_build.BuildTestOracleLinuxBinary
{toxinidir}/tools/dump_info.sh
[testenv:build-oraclelinux-source]
whitelist_externals = find
bash
setenv =
DOCKER_BUILD_TEST=1
commands =
find . -type f -name "*.pyc" -delete
bash -c "if [ ! -d .testrepository ]; then testr init; fi"
testr run test_build.BuildTestOracleLinuxSource
{toxinidir}/tools/dump_info.sh
[testenv:deploy-centos-binary]
whitelist_externals = find
bash
sudo
setenv =
DOCKER_BUILD_TEST=1
commands =
find . -type f -name "*.pyc" -delete
bash -c "if [ ! -d .testrepository ]; then testr init; fi"
testr run test_build.DeployTestCentosBinary
sudo {toxinidir}/tools/deploy_aio.sh centos binary
{toxinidir}/tools/dump_info.sh
[testenv:deploy-centos-source]
whitelist_externals = find
bash
sudo
setenv =
DOCKER_BUILD_TEST=1
commands =
find . -type f -name "*.pyc" -delete
bash -c "if [ ! -d .testrepository ]; then testr init; fi"
testr run test_build.DeployTestCentosSource
sudo {toxinidir}/tools/deploy_aio.sh centos source
{toxinidir}/tools/dump_info.sh
[testenv:deploy-oraclelinux-binary]
whitelist_externals = find
bash
sudo
setenv =
DOCKER_BUILD_TEST=1
commands =
find . -type f -name "*.pyc" -delete
bash -c "if [ ! -d .testrepository ]; then testr init; fi"
testr run test_build.DeployTestOracleLinuxBinary
sudo {toxinidir}/tools/deploy_aio.sh oraclelinux binary
{toxinidir}/tools/dump_info.sh
[testenv:deploy-oraclelinux-source]
whitelist_externals = find
bash
sudo
setenv =
DOCKER_BUILD_TEST=1
commands =
find . -type f -name "*.pyc" -delete
bash -c "if [ ! -d .testrepository ]; then testr init; fi"
testr run test_build.DeployTestOracleLinuxSource
sudo {toxinidir}/tools/deploy_aio.sh oraclelinux source
{toxinidir}/tools/dump_info.sh
[testenv:deploy-ubuntu-source]
whitelist_externals = find
bash
sudo
setenv =
DOCKER_BUILD_TEST=1
commands =
find . -type f -name "*.pyc" -delete
bash -c "if [ ! -d .testrepository ]; then testr init; fi"
testr run test_build.DeployTestUbuntuSource
sudo {toxinidir}/tools/deploy_aio.sh ubuntu source
{toxinidir}/tools/dump_info.sh
[testenv:deploy-multinode-ubuntu-source]
whitelist_externals = find
bash
setenv =
DOCKER_BUILD_TEST=1
commands =
find . -type f -name "*.pyc" -delete
bash -c "if [ ! -d .testrepository ]; then testr init; fi"
testr run test_build.BuildTestUbuntuSource
{toxinidir}/tools/dump_info.sh
[testenv:genconfig]
whitelist_externals = which
commands=
oslo-config-generator --config-file etc/oslo-config-generator/kolla-build.conf
[testenv:releasenotes]
commands =
rm -rf releasenotes/build
sphinx-build -a -E -W -d releasenotes/build/doctrees -b html releasenotes/source releasenotes/build/html
[flake8]
show-source = True
exclude=.eggs,.git,.tox,doc
[hacking]
local-check-factory = kolla.hacking.checks.factory