From 5c6ba2e7844a8ee1808b4b4fa4f9e88a972855fa Mon Sep 17 00:00:00 2001 From: Mark Goddard Date: Thu, 11 Apr 2024 15:33:31 +0000 Subject: [PATCH] Add support for specifying a CA certificate for Rally/Tempest The tempest_cacert variable may specify the CA certificate path. Depends on https://github.com/stackhpc/docker-rally/pull/16 --- ansible/kayobe-automation-run-tempest.yml | 25 +++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/ansible/kayobe-automation-run-tempest.yml b/ansible/kayobe-automation-run-tempest.yml index 4568ba9..434d503 100644 --- a/ansible/kayobe-automation-run-tempest.yml +++ b/ansible/kayobe-automation-run-tempest.yml @@ -26,6 +26,13 @@ suffix: rally-results register: results_path_remote + - name: Create temporary CA certificate directory + ansible.builtin.tempfile: + state: directory + suffix: rally-cacert + register: cacert_path_remote + when: tempest_cacert is defined + - name: Ensure docker user has permissions to write to results directory file: path: "{{ results_path_remote.path }}" @@ -80,6 +87,15 @@ become: true when: tempest_accounts_path is defined + - name: Copy tempest CA certificate to remote host + copy: + src: "{{ tempest_cacert }}" + dest: "{{ cacert_path_remote.path }}/" + owner: "65500" + group: "1000" + become: true + when: tempest_cacert is defined + - name: Run tempest command: |- docker run --rm --entrypoint=/usr/bin/rally-verify-wrapper.sh @@ -101,6 +117,9 @@ {% if tempest_accounts_path is defined -%} -v {{ accounts_path_remote }}:/home/rally/tempest-accounts:ro {% endif -%} + {% if tempest_cacert is defined -%} + -v {{ cacert_path_remote.path }}:/usr/local/share/ca-certificates:ro + {% endif -%} --network host {{ rally_image_full }} environment: @@ -148,3 +167,9 @@ path: "{{ results_path_remote.path }}" state: absent when: results_path_remote.path is defined + + - name: cleanup CA certificate + file: + path: "{{ cacert_path_remote.path }}" + state: absent + when: cacert_path_remote.path is defined