tls_everywhere

tls_everywhere

Role Documentation

Welcome to the “tls_everywhere” role documentation.

Role Defaults

This section highlights all of the defaults and variables set within the “tls_everywhere” role.

helper_report_path: /tmp/report.txt
helper_status_error: ERROR
helper_status_ok: OK
helper_status_skipped: SKIPPED
helper_undercloud_path: /home/{{ ansible_ssh_user }}
ipa_bin: ipa
kdestroy_bin: kdestroy
kinit_bin: kinit

Molecule Scenarios

Molecule is being used to test the “tls_everywhere” role. The following section highlights the drivers in service and provides an example playbook showing how the role is leveraged.

Scenario: default

Example default configuration
driver:
  name: podman
log: true
platforms:
- easy_install:
  - pip
  environment:
    http_proxy: '{{ lookup(''env'', ''http_proxy'') }}'
    https_proxy: '{{ lookup(''env'', ''https_proxy'') }}'
  hostname: centos7
  image: centos:7
  name: centos7
  pkg_extras: python-setuptools python-enum34 python-netaddr ruby epel-release PyYAML
  ulimits: &id001
  - host
  volumes:
  - /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
- environment:
    http_proxy: '{{ lookup(''env'', ''http_proxy'') }}'
    https_proxy: '{{ lookup(''env'', ''https_proxy'') }}'
  hostname: centos8
  image: centos:8
  name: centos8
  pkg_extras: python*-setuptools python*-enum34 python*-netaddr ruby python*-PyYAML
  ulimits: *id001
  volumes:
  - /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
provisioner:
  env:
    ANSIBLE_LIBRARY: ../../../../library:../../../../roles/roles.galaxy/validations-common/validations_common/library
    ANSIBLE_STDOUT_CALLBACK: yaml
  log: true
  name: ansible
scenario:
  test_sequence:
  - destroy
  - create
  - prepare
  - converge
  - verify
  - destroy
verifier:
  name: testinfra
Example default playbook
- hosts: all
  name: Converge
  tasks:
  - block:
    - include_role:
        name: tls_everywhere
        tasks_from: ipa-server-check
      name: run validation
    name: Run ipa_server_check validation
    rescue:
    - meta: clear_host_errors
      name: clear errors
    - assert:
        that:
        - tls_everywhere_aci_check_kinit_output == "host/undercloud.example.com -k
          -t /etc/krb5.keytab"
        - tls_everywhere_aci_check_dns_record_show_output == "dnsrecord-show example.com
          freeipa-0"
        - tls_everywhere_aci_check_service_show_output == "service-show nova/undercloud.example.com
          --all --raw"
        - ipa_server_aci_check_kdestroy_output == "-A"
        - ipa_server_aci_check_failures|length == 1
        - '"Modify Realm Domains" in ipa_server_aci_check_failures[0]'
      name: check command outputs
    - meta: end_play
      name: End play
  - fail:
      msg: 'The ipa-server-check validation didn''t fail as expected

        '
    name: Fail the test
  vars:
    ipa_bin: echo
    kdestroy_bin: echo
    kinit_bin: echo
    tls_everywhere_undercloud_fqdn: undercloud.example.com
Creative Commons Attribution 3.0 License

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.