openstack/openstack-ansible
Code Issues Proposed changes
6963b8e805
openstack-ansible/tests/get-ansible-role-requirements.yml
Major Hayden 2798cf403c Use new ansible-hardening role 
The openstack-ansible-security role and repository is being phased
out in favor of the ansible-hardening role. This patch adjusts
all references of the old role to use the new name.

Depends-On: I711aed6daf6391de71d3c2b47fbfc00fe6b66d9f
Change-Id: I9cbdddde71fb0d71d8c412d3f62f0b0f6a241aee
2017-06-12 18:26:14 +00:00

122 lines
4.4 KiB
YAML
Raw Blame History

---
# Copyright 2016, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Clone the role ansible-role-requirements
hosts: localhost
connection: local
user: root
tasks:
- name: Check whether zuul-cloner is installed and provide the path to it
shell: |
which zuul-cloner || { [[ -x /usr/zuul-env/bin/zuul-cloner ]] && echo '/usr/zuul-env/bin/zuul-cloner'; }
args:
executable: /bin/bash
changed_when: false
failed_when: false
register: _zuul_cloner_check
- name: Remove target directory if required
shell: |
if [[ ! -d "{{ item.path | default(role_path_default) }}/{{ item.name | default(item.src | basename) }}/.git" ]]; then
rm -rf "{{ item.path | default(role_path_default) }}/{{ item.name | default(item.src | basename) }}"
fi
args:
executable: /bin/bash
when:
- item.scm == "git" or item.scm is undefined
with_items: "{{ roles }}"
- name: Prepare git clone list
set_fact:
git_roles: >
{%- set filtered_role_list = [] %}
{%- for role in roles %}
{%- if not role.src | match(".*git.openstack.org.*") %}
{%- set _ = filtered_role_list.append(role) %}
{%- endif %}
{%- endfor %}
{{- filtered_role_list -}}
zuul_roles: >
{%- set filtered_role_list = [] %}
{%- for role in roles %}
{%- if role.src | match(".*git.openstack.org.*") %}
{%- set role_src_cleaned = role.src | regex_replace('https://git.openstack.org/', '') %}
{%- set _ = filtered_role_list.append(role_src_cleaned) %}
{%- endif %}
{%- endfor %}
{{- filtered_role_list -}}
openstack_repo_list: >
{%- set filtered_repo_list = [] %}
{%- set repo_list = lookup('env', 'ZUUL_CHANGES').split('^') %}
{%- for repo in repo_list %}
{%- set repo_cleaned = repo | regex_replace(':.*$', '') %}
{%- if not repo_cleaned | match("^openstack/openstack-ansible.*") %}
{%- set _ = filtered_repo_list.append(repo_cleaned) %}
{%- endif %}
{%- endfor %}
{{- filtered_repo_list -}}
when:
- _zuul_cloner_check.rc == 0
- name: Clone git repos (with git)
git:
repo: "{{ item.src }}"
dest: "{{ item.path | default(role_path_default) }}/{{ item.name | default(item.src | basename) }}"
version: "{{ item.version | default('master') }}"
refspec: "{{ item.refspec | default(omit) }}"
update: true
force: true
when:
- item.scm == "git" or item.scm is undefined
with_items: "{{ git_roles | default(roles) }}"
register: git_clone
until: git_clone | success
retries: "{{ git_clone_retries }}"
delay: "{{ git_clone_retry_delay }}"
- name: Create clone map
copy:
content: |
clonemap:
- name: 'openstack/ansible-hardening'
dest: '{{ role_path_default }}/ansible-hardening'
- name: 'openstack/openstack-ansible-(.*)'
dest: '{{ role_path_default }}/\1'
- name: 'openstack/(?!(openstack-ansible|ansible-hardening))(.*)'
dest: '/tmp/openstack/\1'
dest: "/tmp/zuul-clonemap.yml"
when:
- _zuul_cloner_check.rc == 0
- name: Clone git repos (with zuul-cloner)
shell: |
{{ _zuul_cloner_check.stdout }} \
-m /tmp/zuul-clonemap.yml \
--cache-dir /opt/git \
git://git.openstack.org \
{% for repo in zuul_roles + openstack_repo_list %}
{{ repo }} \
{% endfor %}
when:
- _zuul_cloner_check.rc == 0
vars:
roles: "{{ lookup('file', role_file) | from_yaml }}"
role_file: '../ansible-role-requirements.yml'
role_path_default: '/etc/ansible/roles'
git_clone_retries: 2
git_clone_retry_delay: 5
View Git Blame Copy Permalink