a3d1af2413
TripleO's TLS implementation using nova in the undercloud relies on instance metadata that contains the services a particular instance is going to host. For example, metadata for a controller (e.g., controller-0) will contain JSON that describes the services and interfaces that are supposed to be hosted on controller (e.g., haproxy/controller-0.ctlplane.example.test). For TLS, we need to generate certificates for those services automatically. This requires us to parse the metadata for the instance, determine the services that are supposed to the hosted by that instance, and then curate unique principals that we add to FreeIPA. Once the appropriate hosts (e.g., controller-0.example.test), sub-hosts (e.g., controller-0.ctlplane.example.test), and principals (e.g., haproxy/controller-0.ctlplane.example.test) have been added to FreeIPA, we can generate certificates for that service and configure it to use TLS. The commit attempts to introduce a filter that parses metadata from the instance and returns a list of tuples to the caller. Each tuple is unique to each service being hosted on an instance and we use them to generate the requisite entities in FreeIPA for TLS certificates using ansible-freeipa later. The functionality was formally a part of novajoin, which is a nova metadata service. This patch adds unit tests and relevant env configuration. Change-Id: Ibbac29a9d2570280cad0f426ad0b0367587bfee7
50 lines
2.0 KiB
YAML
50 lines
2.0 KiB
YAML
---
|
|
repos:
|
|
- repo: https://github.com/pre-commit/pre-commit-hooks
|
|
rev: v2.1.0
|
|
hooks:
|
|
- id: end-of-file-fixer
|
|
- id: trailing-whitespace
|
|
- id: mixed-line-ending
|
|
- id: check-byte-order-marker
|
|
- id: check-executables-have-shebangs
|
|
- id: check-merge-conflict
|
|
- id: debug-statements
|
|
- id: flake8
|
|
entry: flake8 --ignore=E24,E121,E122,E123,E124,E126,E226,E265,E305,E402,F401,F405,E501,E704,F403,F841,W503
|
|
# TODO(cloudnull): These codes were added to pass the lint check.
|
|
# All of these ignore codes should be resolved in
|
|
# future PRs.
|
|
- id: check-yaml
|
|
files: .*\.(yaml|yml)$
|
|
- repo: https://github.com/adrienverge/yamllint.git
|
|
rev: v1.15.0
|
|
hooks:
|
|
- id: yamllint
|
|
files: \.(yaml|yml)$
|
|
types: [file, yaml]
|
|
entry: yamllint --strict -f parsable
|
|
- repo: https://github.com/ansible/ansible-lint
|
|
rev: v4.1.1a2
|
|
hooks:
|
|
- id: ansible-lint
|
|
files: \.(yaml|yml)$
|
|
entry: >-
|
|
ansible-lint --force-color -v -x "ANSIBLE0006,ANSIBLE0007,ANSIBLE0010,ANSIBLE0012,ANSIBLE0013,ANSIBLE0016"
|
|
--exclude=tripleo_ansible/roles.galaxy
|
|
# TODO(cloudnull): These codes were added to pass the lint check.
|
|
# Things found within roles.galaxy are external
|
|
# and not something maintained here.
|
|
- repo: https://github.com/openstack-dev/bashate.git
|
|
rev: 0.6.0
|
|
hooks:
|
|
- id: bashate
|
|
entry: bashate --error . --verbose --ignore=E006,E040
|
|
# Run bashate check for all bash scripts
|
|
# Ignores the following rules:
|
|
# E006: Line longer than 79 columns (as many scripts use jinja
|
|
# templating, this is very difficult)
|
|
# E040: Syntax error determined using `bash -n` (as many scripts
|
|
# use jinja templating, this will often fail and the syntax
|
|
# error will be discovered in execution anyway)
|