Browse Source

Merge "Don't set capabilities in priviledge mode"

changes/50/771150/1
Zuul 3 months ago
committed by Gerrit Code Review
parent
commit
edd80b9369
20 changed files with 11 additions and 46 deletions
  1. +0
    -2
      tripleo_ansible/roles/tripleo_image_serve/molecule/default/molecule.yml
  2. +0
    -2
      tripleo_ansible/roles/tripleo_image_serve/molecule/legacy_vars/molecule.yml
  3. +0
    -4
      tripleo_ansible/roles/tripleo_ovs_dpdk/molecule/default/molecule.yml
  4. +0
    -4
      tripleo_ansible/roles/tripleo_ovs_dpdk/molecule/positive/molecule.yml
  5. +0
    -2
      tripleo_ansible/roles/tripleo_packages/molecule/default/molecule.yml
  6. +0
    -2
      tripleo_ansible/roles/tripleo_packages/molecule/external_upgrade/molecule.yml
  7. +0
    -2
      tripleo_ansible/roles/tripleo_packages/molecule/ffu/molecule.yml
  8. +0
    -2
      tripleo_ansible/roles/tripleo_packages/molecule/update/molecule.yml
  9. +0
    -2
      tripleo_ansible/roles/tripleo_ptp/molecule/default/molecule.yml
  10. +0
    -2
      tripleo_ansible/roles/tripleo_puppet_cache/molecule/default/molecule.yml
  11. +0
    -2
      tripleo_ansible/roles/tripleo_redhat_enforce/molecule/default/molecule.yml
  12. +0
    -2
      tripleo_ansible/roles/tripleo_sshd/molecule/banners/molecule.yml
  13. +0
    -2
      tripleo_ansible/roles/tripleo_sshd/molecule/default/molecule.yml
  14. +0
    -2
      tripleo_ansible/roles/tripleo_systemd_wrapper/molecule/default/molecule.yml
  15. +0
    -2
      tripleo_ansible/roles/tripleo_timezone/molecule/default/molecule.yml
  16. +0
    -4
      tripleo_ansible/roles/tripleo_transfer/molecule/default/molecule.yml
  17. +0
    -4
      tripleo_ansible/roles/tripleo_update_trusted_cas/molecule/default/molecule.yml
  18. +0
    -2
      tripleo_ansible/roles/tripleo_upgrade_hiera/molecule/default/molecule.yml
  19. +0
    -2
      tripleo_ansible/roles/tripleo_validations_package/molecule/default/molecule.yml
  20. +11
    -0
      zuul.d/playbooks/pre.yml

+ 0
- 2
tripleo_ansible/roles/tripleo_image_serve/molecule/default/molecule.yml View File

@ -13,8 +13,6 @@ platforms:
dockerfile: Dockerfile
pkg_extras: python*setuptools
command: /sbin/init
capabilities:
- ALL
volumes:
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
- /etc/pki/rpm-gpg:/etc/pki/rpm-gpg


+ 0
- 2
tripleo_ansible/roles/tripleo_image_serve/molecule/legacy_vars/molecule.yml View File

@ -13,8 +13,6 @@ platforms:
dockerfile: Dockerfile
pkg_extras: python*setuptools
command: /sbin/init
capabilities:
- ALL
volumes:
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
- /etc/pki/rpm-gpg:/etc/pki/rpm-gpg


+ 0
- 4
tripleo_ansible/roles/tripleo_ovs_dpdk/molecule/default/molecule.yml View File

@ -16,8 +16,6 @@ platforms:
http_proxy: "{{ lookup('env', 'http_proxy') }}"
https_proxy: "{{ lookup('env', 'https_proxy') }}"
command: /sbin/init
capabilities:
- ALL
volumes:
- /run/udev:/run/udev:ro
- /sys/fs/cgroup:/sys/fs/cgroup:ro
@ -36,8 +34,6 @@ platforms:
http_proxy: "{{ lookup('env', 'http_proxy') }}"
https_proxy: "{{ lookup('env', 'https_proxy') }}"
command: /sbin/init
capabilities:
- ALL
volumes:
- /run/udev:/run/udev:ro
- /sys/fs/cgroup:/sys/fs/cgroup:ro


+ 0
- 4
tripleo_ansible/roles/tripleo_ovs_dpdk/molecule/positive/molecule.yml View File

@ -16,8 +16,6 @@ platforms:
http_proxy: "{{ lookup('env', 'http_proxy') }}"
https_proxy: "{{ lookup('env', 'https_proxy') }}"
command: /sbin/init
capabilities:
- ALL
volumes:
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
privileged: true
@ -33,8 +31,6 @@ platforms:
http_proxy: "{{ lookup('env', 'http_proxy') }}"
https_proxy: "{{ lookup('env', 'https_proxy') }}"
command: /sbin/init
capabilities:
- ALL
volumes:
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
privileged: true


+ 0
- 2
tripleo_ansible/roles/tripleo_packages/molecule/default/molecule.yml View File

@ -13,8 +13,6 @@ platforms:
dockerfile: Dockerfile
pkg_extras: python*setuptools
command: /sbin/init
capabilities:
- ALL
volumes:
- /dev:/dev
- /lib/modules:/lib/modules


+ 0
- 2
tripleo_ansible/roles/tripleo_packages/molecule/external_upgrade/molecule.yml View File

@ -13,8 +13,6 @@ platforms:
dockerfile: Dockerfile
pkg_extras: python*setuptools
command: /sbin/init
capabilities:
- ALL
volumes:
- /dev:/dev
- /lib/modules:/lib/modules


+ 0
- 2
tripleo_ansible/roles/tripleo_packages/molecule/ffu/molecule.yml View File

@ -13,8 +13,6 @@ platforms:
dockerfile: Dockerfile
pkg_extras: python*setuptools
command: /sbin/init
capabilities:
- ALL
volumes:
- /dev:/dev
- /lib/modules:/lib/modules


+ 0
- 2
tripleo_ansible/roles/tripleo_packages/molecule/update/molecule.yml View File

@ -17,8 +17,6 @@ platforms:
/bin/mkdir -p /var/run/dbus &&
/usr/bin/dbus-uuidgen > /var/lib/dbus/machine-id &&
/usr/bin/dbus-daemon --config-file=/usr/share/dbus-1/system.conf
capabilities:
- ALL
volumes:
- /dev:/dev
- /lib/modules:/lib/modules


+ 0
- 2
tripleo_ansible/roles/tripleo_ptp/molecule/default/molecule.yml View File

@ -13,8 +13,6 @@ platforms:
dockerfile: Dockerfile
pkg_extras: python*setuptools cronie rsyslog
command: /sbin/init
capabilities:
- ALL
volumes:
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
- /etc/pki/rpm-gpg:/etc/pki/rpm-gpg


+ 0
- 2
tripleo_ansible/roles/tripleo_puppet_cache/molecule/default/molecule.yml View File

@ -12,8 +12,6 @@ platforms:
url: registry.access.redhat.com
dockerfile: Dockerfile
pkg_extras: python*setuptools
capabilities:
- ALL
volumes:
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
- /etc/pki/rpm-gpg:/etc/pki/rpm-gpg


+ 0
- 2
tripleo_ansible/roles/tripleo_redhat_enforce/molecule/default/molecule.yml View File

@ -12,8 +12,6 @@ platforms:
url: registry.access.redhat.com
dockerfile: Dockerfile
pkg_extras: python*setuptools
capabilities:
- ALL
volumes:
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
- /etc/pki/rpm-gpg:/etc/pki/rpm-gpg


+ 0
- 2
tripleo_ansible/roles/tripleo_sshd/molecule/banners/molecule.yml View File

@ -13,8 +13,6 @@ platforms:
dockerfile: Dockerfile
pkg_extras: python*setuptools
command: /sbin/init
capabilities:
- ALL
volumes:
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
- /etc/pki/rpm-gpg:/etc/pki/rpm-gpg


+ 0
- 2
tripleo_ansible/roles/tripleo_sshd/molecule/default/molecule.yml View File

@ -13,8 +13,6 @@ platforms:
dockerfile: Dockerfile
pkg_extras: python*setuptools
command: /sbin/init
capabilities:
- ALL
volumes:
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
- /etc/pki/rpm-gpg:/etc/pki/rpm-gpg


+ 0
- 2
tripleo_ansible/roles/tripleo_systemd_wrapper/molecule/default/molecule.yml View File

@ -13,8 +13,6 @@ platforms:
dockerfile: Dockerfile
pkg_extras: python*setuptools
command: /sbin/init
capabilities:
- ALL
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro


+ 0
- 2
tripleo_ansible/roles/tripleo_timezone/molecule/default/molecule.yml View File

@ -13,8 +13,6 @@ platforms:
dockerfile: Dockerfile
pkg_extras: python*setuptools
command: /sbin/init
capabilities:
- ALL
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro


+ 0
- 4
tripleo_ansible/roles/tripleo_transfer/molecule/default/molecule.yml View File

@ -13,8 +13,6 @@ platforms:
dockerfile: Dockerfile
pkg_extras: python*setuptools
command: /sbin/init
capabilities:
- ALL
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
@ -35,8 +33,6 @@ platforms:
dockerfile: Dockerfile
pkg_extras: python*setuptools
command: /sbin/init
capabilities:
- ALL
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro


+ 0
- 4
tripleo_ansible/roles/tripleo_update_trusted_cas/molecule/default/molecule.yml View File

@ -16,8 +16,6 @@ platforms:
http_proxy: "{{ lookup('env', 'http_proxy') }}"
https_proxy: "{{ lookup('env', 'https_proxy') }}"
command: /sbin/init
capabilities:
- ALL
volumes:
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
privileged: true
@ -33,8 +31,6 @@ platforms:
http_proxy: "{{ lookup('env', 'http_proxy') }}"
https_proxy: "{{ lookup('env', 'https_proxy') }}"
command: /sbin/init
capabilities:
- ALL
volumes:
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
privileged: true


+ 0
- 2
tripleo_ansible/roles/tripleo_upgrade_hiera/molecule/default/molecule.yml View File

@ -12,8 +12,6 @@ platforms:
url: registry.access.redhat.com
dockerfile: Dockerfile
pkg_extras: python*setuptools
capabilities:
- ALL
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro


+ 0
- 2
tripleo_ansible/roles/tripleo_validations_package/molecule/default/molecule.yml View File

@ -12,8 +12,6 @@ platforms:
url: registry.access.redhat.com
dockerfile: Dockerfile
pkg_extras: python*setuptools
capabilities:
- ALL
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro


+ 11
- 0
zuul.d/playbooks/pre.yml View File

@ -15,6 +15,17 @@
include_role:
name: ensure-pip
# https://github.com/containers/podman/issues/8965
# podman rootless systemd is broken in 2.0.5, so we use 1.6.4
- name: Pin container-tools
become: true
shell: |
dnf module disable container-tools:rhel8 -y
dnf module enable container-tools:2.0 -y
when:
- (ansible_os_family | lower) == "redhat"
- (ansible_distribution_major_version | int) >= 8
- name: Setup bindep
pip:
name: "bindep"


Loading…
Cancel
Save