--- # Copyright 2015, Rackspace US, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - name: Playbook for role testing hosts: localhost pre_tasks: - name: Ensure apt cache is updated before testing apt: update_cache: yes when: ansible_pkg_mgr == 'apt' - name: Ensure OpenStack CI image has a logrotate cron job file: path: /etc/cron.daily/logrotate state: touch when: ansible_os_family == 'RedHat' changed_when: False post_tasks: - name: Stat 20auto-upgrades file stat: path: /etc/apt/apt.conf.d/20auto-upgrades register: auto_upgrades_file when: ansible_pkg_mgr == 'apt' - name: Slurp contents of 50unattended-upgrades file slurp: src: /etc/apt/apt.conf.d/50unattended-upgrades register: unattended_upgrades_file_encoded when: ansible_pkg_mgr == 'apt' - name: Decode slurp'd 50-unattended-upgrades file set_fact: unattended_upgrades_file: "{{ unattended_upgrades_file_encoded.content | b64decode }}" when: ansible_pkg_mgr == 'apt' - name: Ensure auto updates has been enabled assert: that: - auto_upgrades_file.stat.exists when: ansible_pkg_mgr == 'apt' - name: Ensure that auto update notifications has been enabled assert: that: - "'\nUnattended-Upgrade::Mail \"root\";\n' in unattended_upgrades_file" when: ansible_pkg_mgr == 'apt' roles: - role: "openstack-ansible-security" vars: security_unattended_upgrades_enabled: true security_unattended_upgrades_notifications: true