External-Mirrors/kubespray
2
0
Fork 0
mirror of https://github.com/kubernetes-sigs/kubespray.git synced 2026-03-07 19:51:15 -03:30
Code Issues Packages Projects Releases Wiki Activity

Adding yamllinter to ci steps (#1556)

Browse Source 
* Adding yaml linter to ci check

* Minor linting fixes from yamllint

* Changing CI to install python pkgs from requirements.txt

- adding in a secondary requirements.txt for tests
- moving yamllint to tests requirements
This commit is contained in:
Brad Beam
2017-08-24 04:09:52 -05:00
committed by Matthew Mosesohn
parent ecb6dc3679
commit 8b151d12b9
106 changed files with 301 additions and 274 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
roles/vault/defaults/main.yml
View File

@@ -63,7 +63,7 @@ vault_needs_gen: false
vault_port: 8200
# Although "cert" is an option, ansible has no way to auth via cert until
# upstream merges: https://github.com/ansible/ansible/pull/18141
vault_role_auth_method: userpass
vault_role_auth_method: userpass
vault_roles:
- name: etcd
group: etcd

3
roles/vault/tasks/bootstrap/create_etcd_role.yml
View File

@@ -1,8 +1,7 @@
---
- include: ../shared/create_role.yml
vars:
create_role_name: "{{ item.name }}"
create_role_name: "{{ item.name }}"
create_role_group: "{{ item.group }}"
create_role_policy_rules: "{{ item.policy_rules }}"
create_role_options: "{{ item.role_options }}"

3
roles/vault/tasks/bootstrap/start_vault_temp.yml
View File

@@ -1,5 +1,4 @@
---
- name: bootstrap/start_vault_temp | Ensure vault-temp isn't already running
shell: if docker rm -f {{ vault_temp_container_name }} 2>&1 1>/dev/null;then echo true;else echo false;fi
register: vault_temp_stop_check
@@ -13,7 +12,7 @@
-v /etc/vault:/etc/vault
{{ vault_image_repo }}:{{ vault_version }} server
#FIXME(mattymo): Crashes on first start with aufs docker storage. See hashicorp/docker-vault#19
# FIXME(mattymo): Crashes on first start with aufs docker storage. See hashicorp/docker-vault#19
- name: bootstrap/start_vault_temp | Start again single node Vault with file backend
command: docker start {{ vault_temp_container_name }}

2
roles/vault/tasks/bootstrap/sync_vault_certs.yml
View File

@@ -1,5 +1,4 @@
---
- include: ../shared/sync_file.yml
vars:
sync_file: "ca.pem"
@@ -29,4 +28,3 @@
- name: bootstrap/sync_vault_certs | Unset sync_file_results after api.pem sync
set_fact:
sync_file_results: []

3
roles/vault/tasks/cluster/main.yml
View File

@@ -1,5 +1,4 @@
---
- include: ../shared/check_vault.yml
when: inventory_hostname in groups.vault
@@ -26,7 +25,7 @@
- include: ../shared/find_leader.yml
when: inventory_hostname in groups.vault
- include: ../shared/pki_mount.yml
- include: ../shared/pki_mount.yml
when: inventory_hostname == groups.vault|first
- include: ../shared/config_ca.yml

3
roles/vault/tasks/shared/auth_backend.yml
View File

@@ -1,11 +1,10 @@
---
- name: shared/auth_backend | Test if the auth backend exists
uri:
url: "{{ vault_leader_url }}/v1/sys/auth/{{ auth_backend_path }}/tune"
headers: "{{ vault_headers }}"
validate_certs: false
ignore_errors: true
ignore_errors: true
register: vault_auth_backend_check
- name: shared/auth_backend | Add the cert auth backend if needed

5
roles/vault/tasks/shared/check_vault.yml
View File

@@ -1,5 +1,4 @@
---
# Stop temporary Vault if it's running (can linger if playbook fails out)
- name: stop vault-temp container
shell: docker stop {{ vault_temp_container_name }} || rkt stop {{ vault_temp_container_name }}
@@ -22,8 +21,8 @@
vault_is_running: "{{ vault_local_service_health|succeeded }}"
vault_is_initialized: "{{ vault_local_service_health.get('json', {}).get('initialized', false) }}"
vault_is_sealed: "{{ vault_local_service_health.get('json', {}).get('sealed', true) }}"
#vault_in_standby: "{{ vault_local_service_health.get('json', {}).get('standby', true) }}"
#vault_run_version: "{{ vault_local_service_health.get('json', {}).get('version', '') }}"
# vault_in_standby: "{{ vault_local_service_health.get('json', {}).get('standby', true) }}"
# vault_run_version: "{{ vault_local_service_health.get('json', {}).get('version', '') }}"
- name: check_vault | Set fact about the Vault cluster's initialization state
set_fact:

2
roles/vault/tasks/shared/find_leader.yml
View File

@@ -15,7 +15,7 @@
vault_leader_url: "{{ vault_config.listener.tcp.tls_disable|d()|ternary('http', 'https') }}://{{ item }}:{{ vault_port }}"
with_items: "{{ groups.vault }}"
when: "hostvars[item]['vault_leader_check'].get('status') in [200,503]"
#run_once: true
# run_once: true
- name: find_leader| show vault_leader_url
debug: var=vault_leader_url verbosity=2

2
roles/vault/tasks/shared/gen_userpass.yml
View File

@@ -22,7 +22,7 @@
- name: shared/gen_userpass | Copy credentials to all hosts in the group
copy:
content: >
{{
{{
{'username': gen_userpass_username,
'password': gen_userpass_password} | to_nice_json(indent=4)
}}

2
roles/vault/tasks/shared/issue_cert.yml
View File

@@ -26,7 +26,7 @@
- name: issue_cert | Ensure target directory exists
file:
path: "{{ issue_cert_path | dirname }}"
path: "{{ issue_cert_path | dirname }}"
state: directory
group: "{{ issue_cert_file_group | d('root' )}}"
mode: "{{ issue_cert_dir_mode | d('0755') }}"