From b4bb5105b62404b4f9c5e6f1b0384e5f60b65506 Mon Sep 17 00:00:00 2001 From: Matt Thompson Date: Wed, 10 Feb 2016 23:14:35 +0000 Subject: [PATCH] Skip V-38462 in gate and cap ansible-lint openstack-infra are creating images containing an apt.d configuration that sets AllowUnauthenticated to true to support their custom apt repos which contain unsigned packages. The presence of this file causes openstack-ansible-security to fail. We can either remove the file, or skip the V-38462 tag. Skipping the tag in the gate is probably the better long term solution. Additionally, ansible-lint 2.3.8 was released today and is now causing a number of ANSIBLE0008 errors to fail the gate. This is a temporary cap to unblock the gate. Change-Id: I2c78f4e913e99e5fc5d84fba9e28197b73ac8f25 --- scripts/run-playbooks.sh | 5 ++++- test-requirements.txt | 2 +- tox.ini | 2 +- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/scripts/run-playbooks.sh b/scripts/run-playbooks.sh index 1767fa7048..b1b7139291 100755 --- a/scripts/run-playbooks.sh +++ b/scripts/run-playbooks.sh @@ -44,7 +44,10 @@ pushd "playbooks" install_bits lxc-hosts-setup.yml # Apply security hardening - install_bits security-hardening.yml + # NOTE(mattt): We have to skip V-38462 as openstack-infra are now building + # images with apt config Apt::Get::AllowUnauthenticated set + # to true. + install_bits --skip-tag V-38462 security-hardening.yml # Bring the lxc bridge down and back up to ensures the iptables rules are in-place # This also will ensure that the lxc dnsmasq rules are active. diff --git a/test-requirements.txt b/test-requirements.txt index 0b11c9fabd..6d7193c2e6 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -1,4 +1,4 @@ -ansible-lint>=2.0.3 +ansible-lint>=2.0.3,<2.3.8 flake8==2.2.4 hacking>=0.10.0,<0.11 pep8==1.5.7 diff --git a/tox.ini b/tox.ini index de4ee1b497..bc75ca5106 100644 --- a/tox.ini +++ b/tox.ini @@ -69,7 +69,7 @@ commands = [testenv:ansible-lint] deps = ansible>1.9,<2.0 - ansible-lint + ansible-lint>=2.0.3,<2.3.8 whitelist_externals = bash commands = # Perform an Ansible lint check