22c4c21583
This patch adds initial support for CentOS 7 and Ubuntu 16.04 to the security role. Documentation and tests still need updates in subsequent patches. Release notes are included. Change-Id: Iae936bb307a5938651c55e703d68d39a7716d178
134 lines
4.6 KiB
INI
134 lines
4.6 KiB
INI
[tox]
|
|
minversion = 1.6
|
|
skipsdist = True
|
|
envlist = docs,linters,functional
|
|
|
|
|
|
[testenv]
|
|
usedevelop = True
|
|
install_command = pip install -U {opts} {packages}
|
|
deps = -r{toxinidir}/test-requirements.txt
|
|
commands = /usr/bin/find . -type f -name "*.pyc" -delete
|
|
passenv =
|
|
HOME
|
|
whitelist_externals =
|
|
bash
|
|
cat
|
|
git
|
|
rm
|
|
setenv =
|
|
VIRTUAL_ENV={envdir}
|
|
ANSIBLE_HOST_KEY_CHECKING = False
|
|
ANSIBLE_SSH_CONTROL_PATH = /tmp/%%h-%%r
|
|
# TODO (odyssey4me) These are only here as they are non-standard folder
|
|
# names for Ansible 1.9.x. We are using the standard folder names for
|
|
# Ansible v2.x. We can remove this when we move to Ansible 2.x.
|
|
ANSIBLE_ACTION_PLUGINS = {homedir}/.ansible/plugins/action
|
|
ANSIBLE_CALLBACK_PLUGINS = {homedir}/.ansible/plugins/callback
|
|
ANSIBLE_FILTER_PLUGINS = {homedir}/.ansible/plugins/filter
|
|
ANSIBLE_LOOKUP_PLUGINS = {homedir}/.ansible/plugins/lookup
|
|
# This is required as the default is the current path or a path specified
|
|
# in ansible.cfg
|
|
ANSIBLE_LIBRARY = {homedir}/.ansible/plugins/library
|
|
# This is required as the default is '/etc/ansible/roles' or a path
|
|
# specified in ansible.cfg
|
|
ANSIBLE_ROLES_PATH = {homedir}/.ansible/roles:{toxinidir}/..
|
|
|
|
|
|
[testenv:docs]
|
|
commands=
|
|
python setup.py build_sphinx
|
|
|
|
|
|
# environment used by the -infra templated docs job
|
|
[testenv:venv]
|
|
deps = -r{toxinidir}/test-requirements.txt
|
|
commands = {posargs}
|
|
|
|
|
|
[testenv:pep8]
|
|
commands =
|
|
# Run hacking/flake8 check for all python files
|
|
bash -c "grep --recursive --binary-files=without-match \
|
|
--files-with-match '^.!.*python$' \
|
|
--exclude-dir .eggs \
|
|
--exclude-dir .git \
|
|
--exclude-dir .tox \
|
|
--exclude-dir *.egg-info \
|
|
--exclude-dir doc \
|
|
{toxinidir} | xargs flake8 --verbose"
|
|
|
|
[flake8]
|
|
# Ignores the following rules due to how ansible modules work in general
|
|
# F403 'from ansible.module_utils.basic import *' used;
|
|
# unable to detect undefined names
|
|
# H303 No wildcard (*) import.
|
|
ignore=F403,H303
|
|
|
|
|
|
[testenv:bashate]
|
|
commands =
|
|
# Run bashate check for all bash scripts
|
|
# Ignores the following rules:
|
|
# E003: Indent not multiple of 4 (we prefer to use multiples of 2)
|
|
# E006: Line longer than 79 columns (as many scripts use jinja
|
|
# templating, this is very difficult)
|
|
# E040: Syntax error determined using `bash -n` (as many scripts
|
|
# use jinja templating, this will often fail and the syntax
|
|
# error will be discovered in execution anyway)
|
|
bash -c "grep --recursive --binary-files=without-match \
|
|
--files-with-match '^.!.*\(ba\)\?sh$' \
|
|
--exclude-dir .tox \
|
|
--exclude-dir .git \
|
|
{toxinidir} | xargs bashate --error . --verbose --ignore=E003,E006,E040"
|
|
|
|
|
|
[testenv:ansible-syntax]
|
|
commands =
|
|
rm -rf {homedir}/.ansible
|
|
git clone https://git.openstack.org/openstack/openstack-ansible-plugins \
|
|
{homedir}/.ansible/plugins
|
|
ansible-playbook -i {toxinidir}/tests/inventory \
|
|
--syntax-check \
|
|
--list-tasks \
|
|
-e "rolename={toxinidir}" \
|
|
-t ssh \
|
|
{toxinidir}/tests/test.yml
|
|
|
|
|
|
[testenv:ansible-lint]
|
|
commands =
|
|
ansible-lint {toxinidir}/tests/test.yml
|
|
|
|
|
|
[testenv:functional]
|
|
# NOTE(odyssey4me): We have to skip V-38462 as openstack-infra are now building
|
|
# images with apt config Apt::Get::AllowUnauthenticated set
|
|
# to true.
|
|
# NOTE(mhayden): V-51337: OpenStack infra images don't have AppArmor
|
|
# enabled, so it must be skipped.
|
|
# V-38674: OpenStack infra images have graphical target
|
|
# enabled, so it must be skipped.
|
|
# V-38574: OpenStack infra images have non-standard pam
|
|
# configurations that don't match a standard CentOS 7 server
|
|
# or cloud image. It must be skipped.
|
|
commands =
|
|
rm -rf {homedir}/.ansible
|
|
git clone https://git.openstack.org/openstack/openstack-ansible-plugins \
|
|
{homedir}/.ansible/plugins
|
|
ansible-playbook -i {toxinidir}/tests/inventory \
|
|
-e "rolename={toxinidir}" \
|
|
--skip-tag V-38462,V-51337,V-38574,V-38674 \
|
|
{toxinidir}/tests/test.yml
|
|
|
|
|
|
[testenv:linters]
|
|
commands =
|
|
{[testenv:pep8]commands}
|
|
{[testenv:bashate]commands}
|
|
{[testenv:ansible-lint]commands}
|
|
{[testenv:ansible-syntax]commands}
|
|
|
|
[testenv:releasenotes]
|
|
commands = sphinx-build -a -E -d releasenotes/build/doctrees -b html releasenotes/source releasenotes/build/html
|