x/tripleo-ipa
Code Issues Proposed changes
tripleo-ipa/tripleo_ipa/molecule/default/prepare.yml
Grzegorz Grasza e65f11baed Fix lint and molecule jobs after release of cryptography3.4 
Molecule job fails with:

ModuleNotFoundError: No module named 'setuptools_rust'

This error appeared following the release of cryptography 3.4, which
now includes Rust code. It can be installed without Rust using a
Python wheel, but only with more recent pip than version 9.0.3
available as RPM on CentOS 8.

The cryptography bug report [1] recommends pip>=19.1.1

The new pip is not supported on Python 2 / CentOS 7, so this change
also upgrades to CentOS 8 images.

This change also upgrades and fixes the ansible-lint job dependencies
and configuration.

[1] https://github.com/pyca/cryptography/issues/5753

Change-Id: I923020e7ec1f2ecbd7089096f22dd92fb36254a5
2021-03-17 14:42:12 +01:00

94 lines
2.9 KiB
YAML
Raw Blame History

---
# Copyright 2020 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
- hosts: localhost
connection: local
tasks:
- name: set facts for domains
set_fact:
domain: example.test
ipa_password: password123
- name: Download FreeIPA Container
docker_image:
name: freeipa/freeipa-server:fedora-28
source: pull
- name: Make IPA data dir
file:
path: /tmp/ipa-data
state: directory
- name: Toggle SELinux boolean
seboolean:
name: container_manage_cgroup
state: true
persistent: true
become: true
- name: Remove any old IPA container
docker_container:
name: freeipa-server-container
state: absent
- name: Create network
docker_network:
name: ipa_network
ipam_config:
- subnet: 172.18.0.0/16
- name: Configure FreeIPA
shell: >
docker run --name freeipa-server-container
--sysctl net.ipv6.conf.lo.disable_ipv6=0
--security-opt seccomp=unconfined
--net ipa_network --ip 172.18.0.22
-e IPA_SERVER_IP={{ ansible_default_ipv4.address | default('127.0.0.1') }}
-e PASSWORD={{ ipa_password }}
-h ipa.{{ domain }}
--read-only --tmpfs /run --tmpfs /tmp
-v /sys/fs/cgroup:/sys/fs/cgroup:ro
-v /tmp/ipa-data:/data:Z freeipa/freeipa-server:fedora-28 no-exit
-U -r {{ domain | upper }} --setup-dns --no-reverse --no-ntp
--forwarder={{ unbound_primary_nameserver_v4 | default('1.1.1.1') }}
--forwarder={{ unbound_secondary_nameserver_v4 | default('8.8.8.8') }} &
- name: Wait for FreeIPA server install
wait_for:
path: "/tmp/ipa-data/var/log/ipaserver-install.log"
search_regex: "(INFO The ipa-server-install command was successful|ERROR The ipa-server-install command failed)"
timeout: 900
become: true
- name: Wait for FreeIPA LDAP port to open
wait_for:
host=172.18.0.22
port=389
delay=1
timeout=300
ignore_errors: true
- name: Check the status of ipactl to make sure all services are started
command: "docker exec freeipa-server-container ipactl status"
retries: 10
delay: 3
register: result
until: result.rc == 0
- name: Print ipactl status
debug:
msg: "{{result.stdout}}"
View Git Blame Copy Permalink