Skip to content

Commit

Permalink
Merge pull request #715 from jpodivin/restore-virt-pki-validate
Browse files Browse the repository at this point in the history 
Restoring virt-pki-validate check in molecule test
  • Loading branch information
@openshift-merge-bot
openshift-merge-bot[bot] authored Aug 6, 2024
2 parents 27a6d7f + e14e769 commit 64b79fe
Show file tree
Hide file tree
Showing 2 changed files with 19 additions and 15 deletions.
24 changes: 14 additions & 10 deletions roles/edpm_libvirt/molecule/default/verify.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,16 +48,20 @@
key: libvirt
register: libvirt_user

# TODO: Temporarily disabled until we can reconcile new rules
# in the tool with our environment
# - name: validate tls with virt-pki-validate
# become: true
# ansible.builtin.shell: "virt-pki-validate"
# register: virt_pki_validate
# - name: Assert that virt-pki-validate returns no errors
# assert:
# that:
# - "virt_pki_validate.rc == 0"
- name: validate tls with virt-pki-validate
become: true
ansible.builtin.shell: "virt-pki-validate"
register: virt_pki_validate
failed_when: false
- name: Print virt-pki-validate output
debug:
msg: "{{ virt_pki_validate.stdout }}"
- name: Test result of virt-pki-validate
block:
- name: Assert that virt-pki-validate returns no errors
assert:
that: "{{ 'FAIL' not in virt_pki_validate.stdout }}"
when: virt_pki_validate.rc != 0

- name: ensure we can connect to libvirt with virsh via tls
# Note we need become because the client cert is owned by root
Expand Down
10 changes: 5 additions & 5 deletions roles/edpm_libvirt/tasks/configure.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,9 +22,9 @@
loop:
- {"path": "/etc/tmpfiles.d/", "owner": "root", "group": "root"}
- {"path": "/var/lib/edpm-config/firewall", "owner": "root", "group": "root"}
- {"path": "/etc/pki/libvirt", "owner": "root", "group": "root"}
- {"path": "/etc/pki/libvirt/private", "owner": "root", "group": "root"}
- {"path": "/etc/pki/CA", "owner": "root", "group": "root"}
- {"path": "/etc/pki/libvirt", "owner": "root", "group": "root", "mode": "0755"}
- {"path": "/etc/pki/libvirt/private", "owner": "root", "group": "root", "mode": "0755"}
- {"path": "/etc/pki/CA", "owner": "root", "group": "root", "mode": "0755"}
- {"path": "/etc/pki/qemu", "owner": "root", "group": "qemu"}

- name: Render libvirt config files
Expand Down Expand Up @@ -143,15 +143,15 @@
become: true
loop:
- {"src": "{{ edpm_libvirt_tls_cert_src_dir }}/tls.crt", "dest": "/etc/pki/libvirt/servercert.pem"}
- {"src": "{{ edpm_libvirt_tls_cert_src_dir }}/tls.key", "dest": "/etc/pki/libvirt/private/serverkey.pem"}
- {"src": "{{ edpm_libvirt_tls_cert_src_dir }}/tls.key", "dest": "/etc/pki/libvirt/private/serverkey.pem", "mode": "0600"}
- {"src": "{{ edpm_libvirt_tls_cert_src_dir }}/tls.crt", "dest": "/etc/pki/libvirt/clientcert.pem"}
- {"src": "{{ edpm_libvirt_tls_cert_src_dir }}/tls.key", "dest": "/etc/pki/libvirt/private/clientkey.pem"}
- {"src": "{{ edpm_libvirt_tls_cert_src_dir }}/ca.crt", "dest": "/etc/pki/CA/cacert.pem"}
ansible.builtin.copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
remote_src: true
mode: "0644"
mode: "{{ item.mode | default('0644') }}"
owner: "root"
group: "root"
when: edpm_libvirt_tls_certs_enabled
Expand Down

0 comments on commit 64b79fe

Please sign in to comment.