controller_token¶
Role Documentation¶
Welcome to the “controller_token” role documentation.
Role Defaults¶
This section highlights all of the defaults and variables set within the “controller_token” role.
keystone_conf_file: /var/lib/config-data/puppet-generated/keystone/etc/keystone/keystone.conf
Role Variables: main.yml¶
metadata:
name: Verify that keystone admin token is disabled
description: >
This validation checks that keystone admin token is disabled on both
undercloud and overcloud controller after deployment.
groups:
- post-deployment
- post-update
- pre-update
Molecule Scenarios¶
Molecule is being used to test the “controller_token” role. The following section highlights the drivers in service and provides an example playbook showing how the role is leveraged.
- Driver: podman:
Scenario: default¶
Molecule Platform(s)¶
- name: centos
hostname: centos
image: centos/centos:stream8
registry:
url: quay.io
dockerfile: ../../../../.config/molecule/Dockerfile
pkg_extras: python*-setuptools python*-pyyaml
volumes:
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
privileged: true
environment:
http_proxy: "{{ lookup('env', 'http_proxy') }}"
https_proxy: "{{ lookup('env', 'https_proxy') }}"
ulimits:
- host
Molecule Inventory¶
hosts:
all:
hosts:
centos:
ansible_python_interpreter: /usr/bin/python3
Example default playbook¶
- name: Converge
hosts: all
gather_facts: false
tasks:
- name: pass validation
include_role:
name: controller_token
- name: fail validation
block:
- name: provide configuration file
copy:
dest: /keystone.conf
content: |
[DEFAULT]
admin_token = CHANGEME
- include_role:
name: controller_token
vars:
keystone_conf_file: /keystone.conf
rescue:
- name: Clear host errors
meta: clear_host_errors
- debug:
msg: The validation works! End the playbook run
- name: End play
meta: end_play
- name: Fail the test
fail:
msg: |
Controller-token validation failed finding bad configuration!