4f9dac4680
In order to prepare for implementing requirements management by the
OpenStack requirements management process, and to improve the
reliability and effectiveness of test execution, this patch implements
some changes to the tox configuration:
- The minimum tox version is increased in order to be able to use
constraints for the python packages.
- The OpenStack upper-constraints are used when preparing the test
venv for the linters checks.
- Any proxy environment variables set on the test host are passed
into the venv to enable testing from behind a proxy.
- The environment variables used by Ansible tests are moved into
a new venv called 'ansible' and this environment is inherited
by all Ansible-related tests.
- The docs test will clean-up an existing build directory before
executing the docs build.
- The releasenotes build cannot use upper-constraints at this point,
so it doesn't.
- The Ansible role download will no longer ignore errors so that any
problems discovered will result in a failed test.
- The human readable logging callback plugin is implemented for
functional testing.
- The ansible test requirements are moved into tox.ini to ensure
compliance for requirements.txt/test-requirements.txt for the
global-requirements management contract.
- The ~/.ansible directory as a whole is not deleted. Instead only
the plugins and roles folders are deleted to ensure that zuul's
Ansible artifacts are left in-place.
- The ansible-lint version is updated to support execution against a
folder, and the test now executes against the entire role to ensure
that it captures all applicable files for lint testing.
This is a combined port of the following:
- https://review.openstack.org/323507
- https://review.openstack.org/338193
- https://review.openstack.org/332443
- https://review.openstack.org/338193
- https://review.openstack.org/339493
Change-Id: If42e739002e36669044a9396e233dbd382add4c8
(cherry picked from commit
|
||
|---|---|---|
| defaults | ||
| doc | ||
| files | ||
| handlers | ||
| meta | ||
| releasenotes | ||
| tasks | ||
| templates | ||
| tests | ||
| vars | ||
| .gitignore | ||
| .gitreview | ||
| LICENSE | ||
| README.md | ||
| README.rst | ||
| Vagrantfile | ||
| other-requirements.txt | ||
| run_tests.sh | ||
| setup.cfg | ||
| setup.py | ||
| test-requirements.txt | ||
| tox.ini | ||
README.md
openstack-ansible-security
The goal of the openstack-ansible-security role is to improve security within openstack-ansible deployments. The role is based on the Security Technical Implementation Guide (STIG) for Red Hat Enterprise Linux 6.
Requirements
This role can be used with or without the openstack-ansible role. It requires Ansible 1.8.3 at a minimum.
Role Variables
All of the variables for this role are in defaults/main.yml.
Dependencies
This role has no dependencies.
Example Playbook
Using the role is fairly straightforward:
- hosts: servers
roles:
- openstack-ansible-security
Running with Vagrant
Security Ansible can be easily run for testing using Vagrant.
To do so run:
vagrant destroy To destroy any previously created Vagrant setup
vagrant up Spin up Ubuntu Trusty VM and run ansible-security against it
License
Apache 2.0
Author Information
For more information, join #openstack-ansible on Freenode.