File: pre.yaml

package info (click to toggle)
python-openstacksdk 4.7.2-3
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 13,904 kB
  • sloc: python: 127,036; sh: 153; makefile: 23
file content (69 lines) | stat: -rw-r--r-- 3,051 bytes parent folder | download | duplicates (3) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
 
---
- hosts: all
  tasks:
    - name: Get temporary token for the cloud
      # nolog is important since content WILL appear in logs
      no_log: true
      ansible.builtin.uri:
        url: "{{ openstack_credentials.auth.auth_url | default(auth_url) }}/v3/auth/tokens"
        method: "POST"
        body_format: "json"
        body:
          auth:
            identity:
              methods: ["password"]
              password:
                user:
                  name: "{{ openstack_credentials.auth.username | default(omit) }}"
                  id: "{{ openstack_credentials.auth.user_id | default(omit) }}"
                  password: "{{ openstack_credentials.auth.password }}"
                  domain:
                    name: "{{ openstack_credentials.auth.user_domain_name | default(omit) }}"
                    id: "{{ openstack_credentials.auth.user_domain_id | default(omit) }}"
            scope:
              project:
                name: "{{ openstack_credentials.auth.project_name | default(omit) }}"
                id: "{{ openstack_credentials.auth.project_id | default(omit) }}"
                domain:
                  name: "{{ openstack_credentials.auth.project_domain_name | default(omit) }}"
                  id: "{{ openstack_credentials.auth.project_domain_id | default(omit) }}"
        return_content: true
        status_code: 201
      register: os_auth

    - name: Verify token
      # nolog is important since content WILL appear in logs
      no_log: true
      ansible.builtin.uri:
        url: "{{ openstack_credentials.auth.auth_url | default(auth_url) }}/v3/auth/tokens"
        method: "GET"
        headers:
          X-Auth-Token: "{{ os_auth.x_subject_token }}"
          X-Subject-Token: "{{ os_auth.x_subject_token }}"

    - name: Include deploy-clouds-config role
      include_role:
        name: deploy-clouds-config
      vars:
        cloud_config:
          clouds:
            acceptance:
              profile: "{{ openstack_credentials.profile | default('') }}"
              auth_type: "token"
              auth:
                auth_url: "{{ openstack_credentials.auth.auth_url | default(auth_url) }}"
                project_name: "{{ openstack_credentials.auth.project_name | default('') }}"
                project_domain_id: "{{ openstack_credentials.auth.project_domain_id | default('') }}"
                project_domain_name: "{{ openstack_credentials.auth.project_domain_name | default('') }}"
                token: "{{ os_auth.x_subject_token }}"
              region_name: "{{ openstack_credentials.region_name | default('') }}"
              verify: "{{ openstack_credentials.verify | default(true) }}"

    # Intruders might want to corrupt clouds.yaml to avoid revoking token in the post phase
    # To prevent this we save token on the executor for later use.
    - name: Save the token
      delegate_to: localhost
      copy:
        dest: "{{ zuul.executor.work_root }}/.{{ zuul.build }}"
        content: "{{ os_auth.x_subject_token }}"
        mode: "0640"