50711b4662
- reworked job not to use custom modules, but rather send direct API requests (due to mess with ensuring openstacksdk availability for Ansible). - add exclude for pre-commit-config to stop it from complaining on zuul.yaml - removed too verbose logging from functests with list of images and flavors (on real clouds this is simply too much). Change-Id: I555127f410b696e1584dc07cafac25597ab1abeb
70 lines
3.0 KiB
YAML
70 lines
3.0 KiB
YAML
---
|
|
- hosts: all
|
|
tasks:
|
|
- name: Get temporary token for the cloud
|
|
# nolog is important since content WILL appear in logs
|
|
no_log: true
|
|
ansible.builtin.uri:
|
|
url: "{{ openstack_credentials.auth.auth_url | default(auth_url) }}/v3/auth/tokens"
|
|
method: "POST"
|
|
body_format: "json"
|
|
body:
|
|
auth:
|
|
identity:
|
|
methods: ["password"]
|
|
password:
|
|
user:
|
|
name: "{{ openstack_credentials.auth.username | default(omit) }}"
|
|
id: "{{ openstack_credentials.auth.user_id | default(omit) }}"
|
|
password: "{{ openstack_credentials.auth.password }}"
|
|
domain:
|
|
name: "{{ openstack_credentials.auth.user_domain_name | default(omit) }}"
|
|
id: "{{ openstack_credentials.auth.user_domain_id | default(omit) }}"
|
|
scope:
|
|
project:
|
|
name: "{{ openstack_credentials.auth.project_name | default(omit) }}"
|
|
id: "{{ openstack_credentials.auth.project_id | default(omit) }}"
|
|
domain:
|
|
name: "{{ openstack_credentials.auth.project_domain_name | default(omit) }}"
|
|
id: "{{ openstack_credentials.auth.project_domain_id | default(omit) }}"
|
|
return_content: true
|
|
status_code: 201
|
|
register: os_auth
|
|
|
|
- name: Verify token
|
|
# nolog is important since content WILL appear in logs
|
|
no_log: true
|
|
ansible.builtin.uri:
|
|
url: "{{ openstack_credentials.auth.auth_url | default(auth_url) }}/v3/auth/tokens"
|
|
method: "GET"
|
|
headers:
|
|
X-Auth-Token: "{{ os_auth.x_subject_token }}"
|
|
X-Subject-Token: "{{ os_auth.x_subject_token }}"
|
|
|
|
- name: Include deploy-clouds-config role
|
|
include_role:
|
|
name: deploy-clouds-config
|
|
vars:
|
|
cloud_config:
|
|
clouds:
|
|
acceptance:
|
|
profile: "{{ openstack_credentials.profile | default('') }}"
|
|
auth_type: "token"
|
|
auth:
|
|
auth_url: "{{ openstack_credentials.auth.auth_url | default(auth_url) }}"
|
|
project_name: "{{ openstack_credentials.auth.project_name | default('') }}"
|
|
project_domain_id: "{{ openstack_credentials.auth.project_domain_id | default('') }}"
|
|
project_domain_name: "{{ openstack_credentials.auth.project_domain_name | default('') }}"
|
|
token: "{{ os_auth.x_subject_token }}"
|
|
region_name: "{{ openstack_credentials.region_name | default('') }}"
|
|
verify: "{{ openstack_credentials.verify | default(true) }}"
|
|
|
|
# Intruders might want to corrupt clouds.yaml to avoid revoking token in the post phase
|
|
# To prevent this we save token on the executor for later use.
|
|
- name: Save the token
|
|
delegate_to: localhost
|
|
copy:
|
|
dest: "{{ zuul.executor.work_root }}/.{{ zuul.build }}"
|
|
content: "{{ os_auth.x_subject_token }}"
|
|
mode: "0640"
|