Adds docker_secret module (#26469)

This commit is contained in:
Chris Houseknecht 2017-07-06 09:22:04 -04:00 committed by GitHub
commit 6af53cf0ef
10 changed files with 503 additions and 0 deletions

View file

@ -0,0 +1,3 @@
posix/ci/group2
skip/osx
skip/freebsd

View file

@ -0,0 +1,3 @@
- name: disable_swarm
command: docker swarm leave --force
ignore_errors: yes

View file

@ -0,0 +1,17 @@
- name: Install Docker pre-reqs
dnf:
name: "{{ item }}"
state: present
items:
- dnf-plugins-core
- name: Add repository
command: dnf config-manager --add-repo https://download.docker.com/linux/fedora/docker-ce.repo
- name: Update cache
command: dnf makecache fast
- name: Install docker
dnf:
name: docker-ce
state: present

View file

@ -0,0 +1,11 @@
- name: Template repo
template:
src: virt.repo.j2
dest: /etc/zypp/repos.d/virt.repo
- name: Install docker 17
zypper:
name: docker-17.04.0_ce-203.6.x86_64
force: yes
disable_gpg_check: yes
update_cache: yes

View file

@ -0,0 +1,21 @@
- name: Install Docker pre-reqs
yum:
name: "{{ item }}"
state: present
items:
- yum-utils
- device-mapper-persistent-data
- lvm2
- python-crypto
- libseccomp
- name: Add repository
command: yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
- name: Update cache
command: yum -y makecache fast
- name: Install docker
yum:
name: docker-ce
state: present

View file

@ -0,0 +1,36 @@
- name: Get OS version
shell: uname -r
register: os_version
- name: Install packages for Trusty
apt:
name: "{{ item }}"
state: present
update_cache: yes
with_items:
- "linux-image-extra-{{ os_version.stdout }}"
- linux-image-extra-virtual
when: ansible_distribution_release == 'trusty'
- name: Install pre-reqs
apt:
name: "{{ item }}"
state: present
update_cache: yes
with_items:
- apt-transport-https
- ca-certificates
- curl
- software-properties-common
- name: Add gpg key
shell: curl -fsSL https://download.docker.com/linux/ubuntu/gpg >key && apt-key add key
- name: Add Docker repo
shell: add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
- name: Install Docker CE
apt:
name: docker-ce
state: present
update_cache: yes

View file

@ -0,0 +1,14 @@
- include: RedHat.yml
when: ansible_os_family == 'RedHat' and ansible_distribution != 'Fedora' and ansible_distribution_major_version != '6'
- include: Fedora.yml
when: ansible_distribution == 'Fedora'
- include: OpenSuse.yml
when: ansible_os_family == 'Suse'
- include: Ubuntu.yml
when: ansible_os_family == 'Debian'
- include: test_secrets.yml
when: ansible_os_family != 'RedHat' or ansible_distribution_major_version != '6'

View file

@ -0,0 +1,104 @@
- name: Install Python requirements
pip:
state: present
name: "{{ item }}"
with_items:
- docker>=2.1.0
- name: Check if already in swarm
shell: docker node ls 2>&1 | grep 'docker swarm init'
register: output
ignore_errors: yes
- name: Enable swarm mode
command: docker swarm init
when: output.rc == 0
notify: disable_swarm
- name: Parameter name should be required
docker_secret:
state: present
ignore_errors: yes
register: output
- name: assert failure when called with no name
assert:
that:
- 'output.failed'
- 'output.msg == "missing required arguments: name"'
- name: Test parameters
docker_secret:
name: foo
state: present
ignore_errors: yes
register: output
- name: assert failure when called with no data
assert:
that:
- 'output.failed'
- 'output.msg == "state is present but the following are missing: data"'
- name: Create secret
docker_secret:
name: db_password
data: opensesame!
state: present
register: output
- name: Create variable secret_id
set_fact:
secret_id: "{{ output.secret_id }}"
- name: Inspect secret
command: "docker secret inspect {{ secret_id }}"
register: inspect
- debug: var=inspect
- name: assert secret creation succeeded
assert:
that:
- "'db_password' in inspect.stdout"
- "'ansible_key' in inspect.stdout"
- name: Create secret again
docker_secret:
name: db_password
data: opensesame!
state: present
register: output
- name: assert create secret is idempotent
assert:
that:
- not output.changed
- name: Update secret
docker_secret:
name: db_password
data: newpassword!
state: present
register: output
- name: assert secret was updated
assert:
that:
- output.changed
- output.secret_id != secret_id
- name: Remove secret
docker_secret:
name: db_password
state: absent
- name: Check that secret is removed
command: "docker secret inspect {{ secret_id }}"
register: output
ignore_errors: yes
- name: assert secret was removed
assert:
that:
- output.failed

View file

@ -0,0 +1,7 @@
[Virtualization_containers]
name=Virtualization:containers (openSUSE_Tumbleweed)
type=rpm-md
baseurl=http://download.opensuse.org/repositories/Virtualization:/containers/openSUSE_Tumbleweed/
gpgcheck=1
gpgkey=http://download.opensuse.org/repositories/Virtualization:/containers/openSUSE_Tumbleweed//repodata/repomd.xml.key
enabled=1