StarlingX

  1. Bug #1988204
  2. Comment #2

Comment 2 for bug 1988204

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to ansible-playbooks (master)

Reviewed: https://review.opendev.org/c/starlingx/ansible-playbooks/+/855362
Committed: https://opendev.org/starlingx/ansible-playbooks/commit/7e0d83ce9fd05bfa0e3afae01e599748637e38d1
Submitter: "Zuul (22348)"
Branch: master

commit 7e0d83ce9fd05bfa0e3afae01e599748637e38d1
Author: Virginia Martins Perozim <email address hidden>
Date: Wed Aug 31 08:33:39 2022 -0400

    transfer ssl_ca file to destiny in remote play

    Background:
    The new parameter ssl_ca_certificate_file was introduced as an option
    in the restore playbook so that the user can indicate which ssl_ca
    certificate file will be installed during restore. This certificate
    will replace the certificate that is in the backup file. This is
    because the certificate in the backup file can be expired.

    Problem:
    But, when the certificate file is on the target host and we are
    running the Ansible playbook remotely with the option
    on_box_data=true, the playbook was not finding the file because
    it was looking for it on the wrong place.

    Solution:
    So, the solution was to set remote mode (remote_src: yes) during
    the file transfering to destiny when on_box_data=true. In addition,
    a validation of file existence is being done according to the
    value of on_box_data and the path indicated in the
    ssl_ca_certificate_file parameter.

    Test Plan:

    PASSED: Ansible control on host (locally)
            ssl_ca certificate file on host under /home/sysadmin
            on_box_data=true or none
            ssl_ca_certificate_file=/home/sysadmin/<ssl_ca cert. file>
            --> Check if ssl_ca certificate file exists
            --> When target is on-box, transfer ssl_ca certificate
                file to /tmp/ca-cert.pem
            --> /tmp/ca_cert.pem updated

    PASSED: Ansible control on host (locally)
            ssl_ca certificate file on host under /home/sysadmin
            on_box_data=false
            ssl_ca_certificate_file=/home/sysadmin/<ssl_ca cert. file>
            --> Check if ssl_ca certificate file exists
            --> When target is off-box, transfer ssl_ca certificate
                file to /tmp/ca-cert.pem
            --> /tmp/ca_cert.pem updated

    PASSED: Ansible control on host (locally)
            ssl_ca certificate file on host under /home/sysadmin
            on_box_data=true or none
            ssl_ca_certificate_file=$HOME/<ssl_ca certificate file>
            --> Check if ssl_ca certificate file exists
            --> Fail if ssl_ca certificate file does not exist on
                the target

    PASSED: Ansible control on host (locally)
            ssl_ca certificate file on host under /home/sysadmin
            on_box_data=false
            ssl_ca_certificate_file=$HOME/<ssl_ca certificate file>
            --> Check if ssl_ca certificate file exists
            --> Fail if ssl_ca certificate file does not exist locally

    PASSED: Ansible control on host (locally)
            ssl_ca certificate file on host under /home/sysadmin
            on_box_data=false
            ssl_ca_certificate_file=
            --> Check if ssl_ca certificate file exists
            --> Fail if ssl_ca certificate file does not exist locally

    PASSED: Ansible control on host (locally)
            ssl_ca certificate file on host under /home/sysadmin
            on_box_data=false
            ssl_ca_certificate_file
            --> Extract ssl_ca certifcate from backup archive
            --> /tmp/ca_cert.pem updated

    PASSED: Ansible control on host (locally)
            on_box_data=true or none
            ssl_ca_certificate_file not defined
            --> Extract ssl_ca certifcate from backup archive
            --> /tmp/ca_cert.pem updated

    PASSED: Ansible control on host (locally)
            on_box_data=false
            ssl_ca_certificate_file not defined
            --> Extract ssl_ca certifcate from backup archive
            --> /tmp/ca_cert.pem updated

    ---------------------------------------------------------------------
    PASSED: Ansible control on local machine (remotely)
            ssl_ca certificate file on local machine under $HOME
            on_box_data=false
            ssl_ca_certificate_file=$HOME/<ssl_ca certificate file>
            --> Check if ssl_ca certificate file exists
            --> When target is off-box, transfer ssl_ca certificate
                file to /tmp/ca-cert.pem
            --> /tmp/ca_cert.pem updated

    PASSED: Ansible control on local machine (remotely)
            ssl_ca certificate file on local machine under $HOME
            on_box_data=false
            ssl_ca_certificate_file=/home/sysadmin/<ssl_ca cert. file>
            --> Check if ssl_ca certificate file exists
            --> Fail if ssl_ca certificate file does not exist locally

    PASSED: Ansible control on local machine (remotely)
            on_box_data=false
            ssl_ca_certificate_file not defined
            --> Extract ssl_ca certificate from backup archive
            --> /tmp/ca_cert.pem updated

    PASSED: Ansible control on local machine (remotely)
            on_box_data=false
            ssl_ca_certificate_file
            --> Extract ssl_ca certificate from backup archive
            --> /tmp/ca_cert.pem updated

    PASSED: Ansible control on local machine (remotely)
            on_box_data=false
            ssl_ca_certificate_file=
            --> Check if ssl_ca certificate file exists
            --> Fail if ssl_ca certificate file does not exist locally

    PASSED: Ansible control on local machine (remotely)
            ssl_ca certificate file on host under /home/sysadmin
            on_box_data=true or none
            ssl_ca_certificate_file=/home/sysadmin/<ssl_ca cert. file>
            --> Check if ssl_ca certificate file exists
            --> When target is on-box, transfer ssl_ca certificate
                file to /tmp/ca-cert.pem
            --> /tmp/ca_cert.pem updated

    PASSED: Ansible control on local machine (remotely)
            ssl_ca certificate file on local machine under $HOME
            on_box_data=true or none
            ssl_ca_certificate_file=$HOME/<ssl_ca certificate file>
            --> Check if ssl_ca certificate file exists
            --> Fail if ssl_ca certificate file does not exist on the
                target

    PASSED: Ansible control on local machine (remotely)
            ssl_ca certificate file on host under /home/sysadmin
            on_box_data=true
            ssl_ca_certificate_file=$HOME/<ssl_ca certificate file>
            --> Check if ssl_ca certificate file exists
            --> Fail if ssl_ca certificate file does not exist on the
                target

    PASSED: Ansible control on local machine (remotely)
            on_box_data=true or none
            ssl_ca_certificate_file not defined
            --> Extract ssl_ca certificate from backup archive
            --> /tmp/ca_cert.pem updated

    Closes-Bug: 1988204
    Signed-off-by: Virginia Martins Perozim <email address hidden>
    Change-Id: I8e7b67052a5acc3486f28e7590e0c60990c66df3