Commit Graph

21 Commits

Author SHA1 Message Date
OpenStack Proposal Bot d608ecd1d1 Updated from OpenStack Ansible Tests
Change-Id: I51564aa762b8f1c5bc9bc74ef3dda0c9281ebfac
2021-03-12 22:23:17 +00:00
OpenStack Proposal Bot 53bcfcf743 Updated from OpenStack Ansible Tests
Change-Id: Idf23e61424fc04fdd4f0804ced5742e25dc5f9b9
2020-06-04 09:21:15 +02:00
Jonathan Rosser 0114e44f3e Add Centos-8 support
Make hardening compatible with CentOS-8. Dependant patch [1] already
passes hardening and another one resolves issue with installing
non-existent packages. So we should merge this one without passing
CentOS 8 tests not to create circular dependency

[1] https://review.opendev.org/689629

Change-Id: I33160b9a6e8331d6db39824e420033c7ab06780b
2020-05-22 11:03:22 +00:00
Ghanshyam Mann 83ac8bfd6d [ussuri][goal] Updates for python 2.7 drop
OpenStack is dropping the py2.7 support in ussuri cycle.

openstack-ansible repos only need updates on requirements
and tox file.

Complete discussion & schedule can be found in
- http://lists.openstack.org/pipermail/openstack-discuss/2019-October/010142.html
- https://etherpad.openstack.org/p/drop-python2-support

Ussuri Communtiy-wide goal:
https://governance.openstack.org/tc/goals/selected/ussuri/drop-py27.html

Change-Id: Idf700e627b5c88059762690aec6dc3e3a345a39f
2020-04-03 21:18:52 +03:00
OpenStack Proposal Bot f0c6c1d00f Updated from OpenStack Ansible Tests
Change-Id: I2b0e1ba4214939d46638132e8e92b4292bb8051d
2019-05-09 11:36:17 +00:00
OpenStack Proposal Bot 018594c606 Updated from OpenStack Ansible Tests
Change-Id: I87746d77ec914d398b685d2c73e28e3aaefa1745
2019-03-22 22:09:21 +00:00
OpenStack Proposal Bot ef8e3d4d65 Updated from OpenStack Ansible Tests
Change-Id: I01eaa1cce43ee3aa10d56b9b13626843a47074a5
2017-12-06 00:07:09 +00:00
OpenStack Proposal Bot d70a404f92 Updated from OpenStack Ansible Tests
Change-Id: Ia8f7d4879793c271eadd97c71709f9890c0a20ba
2017-09-12 23:56:13 +00:00
OpenStack Proposal Bot 9c21000834 Updated from OpenStack Ansible Tests
Change-Id: Ie28f82a5cf70baa46e4b52f2f3466072bec1ca27
2017-09-01 16:47:38 +00:00
Major Hayden 78d37afccc
Manually check apparmor_status
The apparmor systemd unit file simply calls an old SysV init script
to load AppArmor profiles. The init script exits and systemd has no
idea if it's still running or not. This causes Ansible to start
the apparmor unit each time the playbook runs, which breaks the
idempotency checks.

This patch checks the apparmor_status output directly to see what the
status of AppArmor actually is. If the module is loaded, then we
should not try to start AppArmor with the unit file again.

This patch also includes the updates from the openstack-ansible-tests
repository that were included in
https://review.openstack.org/#/c/488489/ so that the gate can be
unblocked.

Partial-Bug: 1710675
Change-Id: If253714d0ca4b5a3d324255751e6f6615ca75dde
2017-08-16 09:02:42 -05:00
OpenStack Proposal Bot f900089c9c Updated from OpenStack Ansible Tests
Change-Id: Iaaf96fcf00ce4df7c126f386d42e45a522e1db92
2017-07-12 18:21:55 +00:00
Major Hayden 97186f8339 Initial Fedora 25 support
This patch adds the initial support for Fedora 25 in the security
role. A non-voting gate job is proposed in the following review:

  https://review.openstack.org/#/c/467297/

Docs and general cleanup for Fedora/Debian support is coming soon.

Change-Id: Ia6c551d2f33255f7f71f7ba9bb328fc8f17f61e0
2017-05-31 13:33:34 +00:00
Major Hayden 61516fba33
Don't install python-ndg_httpsclient
The python-ndg_httpsclient package is no longer needed. This patch
removes the package from bindep.txt.

Change-Id: I63e100c6b2875eeaf2178efb44efe471ffc9852d
2017-05-30 13:18:48 -05:00
Jimmy McCrory 58038d4d39 Install python2-pyOpenSSL package on CentOS
Package pyOpenSSL is obsoleted by python2-pyOpenSSL.

Change-Id: I882398efb0bdeeadd96f6c920894f895c74b24e0
2017-03-03 10:33:02 -08:00
Major Hayden ce386ec8c3 Add libxslt headers to bindep
The security role gate is broken because the lxml module cannot
be built without `xslt-config`.

Change-Id: I008f7388762d326bec7cb60526f03e68823330c4
2016-12-15 08:32:18 -06:00
Joshua Hesketh 8424eb468c Replace github with git.o.o
Change-Id: Iddb0ea1bb1315606fa31e59691366d09ee21bf14
2016-11-03 07:53:23 +00:00
Jesse Pretorius 6d67b6afc6 Rename collected logs for easier CI viewing
OpenStack-CI facilitates the ability to view compressed
files on the log server if they have the suffix .txt.gz.

This patch ensures that all collected log files are renamed
to have a .txt suffix before compressing them.

The following changes are also made:
- The bindep file is also cleaned up a little to reduce
  unnecessary duplication.
- PYTHONUNBUFFERED is set to ensure that the console log
  from the CI jobs are in the exact order of execution.

Change-Id: I89f5734275dc2789f44b5bd9c0b45dc34c4a7a50
2016-09-07 17:55:18 +01:00
Jesse Pretorius 1889953f48 Collect compressed logs after functional test execution
This change enables log collection within the gate so that further
analysis on gate tasks can be performed post build. This is very
useful when debugging problems and also for investigating the
consequences of patches once they've been tested.

Related-Bug: #1620849
Change-Id: I2bb923ebcd73114c1199b14f9b769435596091eb
2016-09-07 13:28:10 +01:00
Major Hayden fb33be7e68 Update to Ansible 2.1.1
This patch bumps the openstack-ansible-security role to use Ansible
2.1 and adds the python-apt package which is now required for
Ansible's check mode on Ubuntu.

Change-Id: I4899e426a7bb5623837704b49920847c1308af53
2016-08-22 21:29:21 +00:00
Shashank Tavildar 2c4393f093 Added SNI support for os_security role via OS packages
Some Linux distributions, such as CentOS 7 and Xenial, have trouble
validating SSL certificates when using get_url with servers
that use Server Name Indication (SNI).

This patch adds those packages to the list of required packages and
uses bindep to install them in developer test environments the same
way that the gate tests install them.

Change-Id: I54118554468278b33c569b4ce19fee5d33454572
2016-08-18 15:16:23 +00:00
Andreas Jaeger f1acb0fc71 Move other-requirements.txt to bindep.txt
The default filename for documenting binary dependencies has been
changed from "other-requirements.txt" to "bindep.txt" with the release
of bindep 2.1.0. While the previous name is still supported, it will
be deprecated.

Move the file around to follow this change.

Note that this change is self-testing, the OpenStack CI infrastructure
will use a "bindep.txt" file to setup nodes for testing.

For more information about bindep, see also:
http://docs.openstack.org/infra/manual/drivers.html#package-requirements
http://docs.openstack.org/infra/bindep/

As well as this announcement:
http://lists.openstack.org/pipermail/openstack-dev/2016-August/101590.html

Change-Id: Ib3f5af076e78e7dba882f34bf2b33faf774b899c
2016-08-14 05:18:30 -05:00