Skip to content

Commit 5c6ba2e

Browse files
committed
Add support for specifying a CA certificate for Rally/Tempest
The tempest_cacert variable may specify the CA certificate path. Depends on stackhpc/docker-rally#16
1 parent 382d1d3 commit 5c6ba2e

File tree

1 file changed

+25
-0
lines changed

1 file changed

+25
-0
lines changed

ansible/kayobe-automation-run-tempest.yml

Lines changed: 25 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -26,6 +26,13 @@
2626
suffix: rally-results
2727
register: results_path_remote
2828

29+
- name: Create temporary CA certificate directory
30+
ansible.builtin.tempfile:
31+
state: directory
32+
suffix: rally-cacert
33+
register: cacert_path_remote
34+
when: tempest_cacert is defined
35+
2936
- name: Ensure docker user has permissions to write to results directory
3037
file:
3138
path: "{{ results_path_remote.path }}"
@@ -80,6 +87,15 @@
8087
become: true
8188
when: tempest_accounts_path is defined
8289

90+
- name: Copy tempest CA certificate to remote host
91+
copy:
92+
src: "{{ tempest_cacert }}"
93+
dest: "{{ cacert_path_remote.path }}/"
94+
owner: "65500"
95+
group: "1000"
96+
become: true
97+
when: tempest_cacert is defined
98+
8399
- name: Run tempest
84100
command: |-
85101
docker run --rm --entrypoint=/usr/bin/rally-verify-wrapper.sh
@@ -101,6 +117,9 @@
101117
{% if tempest_accounts_path is defined -%}
102118
-v {{ accounts_path_remote }}:/home/rally/tempest-accounts:ro
103119
{% endif -%}
120+
{% if tempest_cacert is defined -%}
121+
-v {{ cacert_path_remote.path }}:/usr/local/share/ca-certificates:ro
122+
{% endif -%}
104123
--network host
105124
{{ rally_image_full }}
106125
environment:
@@ -148,3 +167,9 @@
148167
path: "{{ results_path_remote.path }}"
149168
state: absent
150169
when: results_path_remote.path is defined
170+
171+
- name: cleanup CA certificate
172+
file:
173+
path: "{{ cacert_path_remote.path }}"
174+
state: absent
175+
when: cacert_path_remote.path is defined

0 commit comments

Comments
 (0)