2017-07-06 09:22:04 -04:00
|
|
|
- name: Install Python requirements
|
|
|
|
pip:
|
|
|
|
state: present
|
|
|
|
name: "{{ item }}"
|
|
|
|
with_items:
|
2018-04-17 13:20:53 -07:00
|
|
|
- docker==2.1.0
|
2017-07-06 09:22:04 -04:00
|
|
|
|
|
|
|
- name: Check if already in swarm
|
|
|
|
shell: docker node ls 2>&1 | grep 'docker swarm init'
|
|
|
|
register: output
|
|
|
|
ignore_errors: yes
|
|
|
|
|
|
|
|
- name: Enable swarm mode
|
|
|
|
command: docker swarm init
|
|
|
|
when: output.rc == 0
|
|
|
|
notify: disable_swarm
|
|
|
|
|
|
|
|
- name: Parameter name should be required
|
|
|
|
docker_secret:
|
|
|
|
state: present
|
|
|
|
ignore_errors: yes
|
|
|
|
register: output
|
|
|
|
|
|
|
|
- name: assert failure when called with no name
|
|
|
|
assert:
|
|
|
|
that:
|
|
|
|
- 'output.failed'
|
|
|
|
- 'output.msg == "missing required arguments: name"'
|
|
|
|
|
|
|
|
- name: Test parameters
|
|
|
|
docker_secret:
|
|
|
|
name: foo
|
|
|
|
state: present
|
|
|
|
ignore_errors: yes
|
|
|
|
register: output
|
|
|
|
|
|
|
|
- name: assert failure when called with no data
|
|
|
|
assert:
|
|
|
|
that:
|
|
|
|
- 'output.failed'
|
2017-10-03 07:17:12 -07:00
|
|
|
- 'output.msg == "state is present but all of the following are missing: data"'
|
2017-07-06 09:22:04 -04:00
|
|
|
|
|
|
|
- name: Create secret
|
|
|
|
docker_secret:
|
|
|
|
name: db_password
|
|
|
|
data: opensesame!
|
|
|
|
state: present
|
|
|
|
register: output
|
|
|
|
|
|
|
|
- name: Create variable secret_id
|
|
|
|
set_fact:
|
|
|
|
secret_id: "{{ output.secret_id }}"
|
|
|
|
|
|
|
|
- name: Inspect secret
|
|
|
|
command: "docker secret inspect {{ secret_id }}"
|
|
|
|
register: inspect
|
|
|
|
|
|
|
|
- debug: var=inspect
|
|
|
|
|
|
|
|
- name: assert secret creation succeeded
|
|
|
|
assert:
|
|
|
|
that:
|
|
|
|
- "'db_password' in inspect.stdout"
|
|
|
|
- "'ansible_key' in inspect.stdout"
|
|
|
|
|
|
|
|
- name: Create secret again
|
|
|
|
docker_secret:
|
|
|
|
name: db_password
|
|
|
|
data: opensesame!
|
|
|
|
state: present
|
|
|
|
register: output
|
|
|
|
|
|
|
|
- name: assert create secret is idempotent
|
|
|
|
assert:
|
|
|
|
that:
|
|
|
|
- not output.changed
|
|
|
|
|
|
|
|
- name: Update secret
|
|
|
|
docker_secret:
|
|
|
|
name: db_password
|
|
|
|
data: newpassword!
|
|
|
|
state: present
|
|
|
|
register: output
|
|
|
|
|
|
|
|
- name: assert secret was updated
|
|
|
|
assert:
|
|
|
|
that:
|
|
|
|
- output.changed
|
|
|
|
- output.secret_id != secret_id
|
|
|
|
|
|
|
|
- name: Remove secret
|
|
|
|
docker_secret:
|
|
|
|
name: db_password
|
|
|
|
state: absent
|
|
|
|
|
|
|
|
- name: Check that secret is removed
|
|
|
|
command: "docker secret inspect {{ secret_id }}"
|
|
|
|
register: output
|
|
|
|
ignore_errors: yes
|
|
|
|
|
|
|
|
- name: assert secret was removed
|
|
|
|
assert:
|
|
|
|
that:
|
|
|
|
- output.failed
|