starlingx/ansible-playbooks
Code Issues Proposed changes
1,695 Commits 21 Branches 32 Tags
0bea99af7827bc70b241109163c605256160f859
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Rei Oliveira 0bea99af78 Validate CA certificate issuer on cert recovery 
This code change prevents an issue with cert-manager
certificates where it will renew leaf certificates even
when the issuer CA certificate is expired. This behaviour
is wrong and can lead to SSL verification failures in
apis that verify the server certificates against the
issuer copy in the system bundle.

It also fixes 3 smaller issues:
- remove the mention from migrate-certificates playbook
from the platform certificates manual action error
- warning about unnecessary use of {{ }} in ansible
- Missing stdout error in the 'Running in other nodes' log.

Test Plan:

Below tested with DX and standard subcloud types:

PASS: Certificate recovery rehoming with platform certificates
      manually installed with 'system certificate-install'
PASS: Certificate recovery rehoming with platform certificates
      managed by cert-manager and issued by system-local-ca
PASS: Certificate recovery rehoming with platform certificates
      managed by cert-manager and issued by an issuer other than
      system-local-ca

Note: I'm summarizing the test case description here. I went thru all
the process of advancing time in bios to cause certificate expiration
and then re-homed each subcloud to recover certificates. I don't think
it's necessary to go into much detail about that. Let me know if you
disagree and I can add it.

Story: 2010815
Task: 49575

Change-Id: I59eaf1803c7282692d978bff99fa9e9b631a9628
Signed-off-by: Rei Oliveira <Reinildes.JoseMateusOliveira@windriver.com>
2024-02-16 12:41:27 +00:00
examples
Rework platform certificates migration
2023-11-17 13:17:13 +00:00
playbookconfig
Validate CA certificate issuer on cert recovery
2024-02-16 12:41:27 +00:00
.ansible-lint
Fix zuul failures from new release of ansible-lint
2020-08-18 10:49:30 -05:00
.gitignore
Fixing up tox -e cover for stx-config
2018-12-20 08:53:15 -06:00
.gitreview
Added .gitreview
2019-06-15 14:03:07 -05:00
.yamllint
Enable yamllint for ansible playbook .yml files
2019-06-24 13:27:26 -05:00
.zuul.yaml
Fix github mirroring for this repo
2023-04-28 12:38:49 -04:00
centos_build_layer.cfg
Build layering, add layer build config file
2019-10-15 19:47:15 +08:00
centos_iso_image.inc
Fix remote bootstrap from Windows control host
2019-07-09 17:28:06 -04:00
centos_pkg_dirs
Clean up repo import
2019-06-15 14:21:19 -05:00
CONTRIBUTORS.wrs
Clean up repo import
2019-06-15 14:21:19 -05:00
debian_build_layer.cfg
Add debian_build_layer.cfg file
2021-10-05 14:04:06 -04:00
debian_iso_image.inc
Add debian_iso_image.inc file
2021-10-27 01:56:02 -04:00
debian_pkg_dirs
Add debian package for playbookconfig
2021-09-29 18:32:15 +03:00
LICENSE
Clean up repo import
2019-06-15 14:21:19 -05:00
README.rst
starlingx/ansible-playbooks README improvement
2023-07-19 12:13:55 -03:00
requirements.txt
Fix remote play for backup and restore
2022-08-17 14:51:35 -03:00
test-requirements.txt
Fix tox ansible lint failure due to a new module
2022-01-10 11:04:20 -06:00
tox.ini
Update tox.ini to work with tox 4
2022-12-26 21:52:05 +00:00

README.rst

stx-ansible-playbooks

StarlingX Bootstrap and Deployment Ansible1 Playbooks

Execution environment

  • Unix like OS (recent Linux based distributions, MacOS, Cygwin)
  • Python 3.8 and later

Additional Required Packages

In addition to the pakages listed in requirements.txt and test-requirements.txt, the following packages are required to run the playbooks remotely:

  • python3-pexpect
  • python3-ptyprocess
  • sshpass

Supported StarlingX Releases

The playbooks are compatible with StarlingX R8.0 and later.

Executing StarlingX Playbooks

Bootstrap Playbook

For instructions on how to set up and execute the bootstrap playbook from another host, please refer to the StarlingX Documentation2, at Installation Guides, section Configure controller-0 of the respective system deployment type.

Developer Notes

This repository is not intended to be developed standalone, but rather as part of the StarlingX Source System, which is defined by the StarlingX manifest3.

References

  1. https://docs.ansible.com/ansible/latest/installation_guide↩︎

  2. https://docs.starlingx.io↩︎

  3. https://opendev.org/starlingx/manifest.git↩︎

View Git Blame Copy Permalink
Description
StarlingX Ansible Playbooks
Readme 34 MiB
Languages
Jinja 73.1%
Python 17.4%
Shell 6.5%
Smarty 2.9%