From 262f540d2dbfd79ef9c20696b1526cdc4c97cb3d Mon Sep 17 00:00:00 2001 From: Jackie Huang Date: Tue, 25 May 2021 17:12:25 +0800 Subject: [PATCH] python-ansible: add crypto module for stx 5.0 * crypto module is required for stx 5.0, or the ansible bootstrap failed with: ``` fatal: [localhost]: FAILED! => { "reason": "no action detected in task. This often indicates a misspelled module name, or incorrect module path.\n\nThe error appears to be in '/usr/share/ansible/stx-ansible/playbooks/roles/common/create-etcd-certs/tasks/main.yml': line 12, column 3, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n- name: Generate private key for etcd server and client\n ^ here\n" } ``` * add a patch for crypto module to allow the constraint value to be lower case to avoid the following issue: ``` File "/tmp/ansible_openssl_csr_payload_OzIIJq/ansible_openssl_csr_payload.zip/ansible/module_utils/crypto.py", line 1821, in cryptography_get_basic_constraints raise OpenSSLObjectError('Unknown basic constraint value "{0}" for CA'.format(constraint[3:])) ``` Issue-ID: INF-215 Signed-off-by: Jackie Huang Change-Id: I856fc8f0ba9cdcb3137de2cffe3e5d9d13765f74 --- ...llow-the-constraint-value-to-be-lower-cas.patch | 31 ++++++++++++++++++++++ .../python/python-ansible_%.bbappend | 8 +++++- 2 files changed, 38 insertions(+), 1 deletion(-) create mode 100644 meta-starlingx/meta-stx-cloud/recipes-devtools/python/files/python-ansible/python-ansible-crypto.py-allow-the-constraint-value-to-be-lower-cas.patch diff --git a/meta-starlingx/meta-stx-cloud/recipes-devtools/python/files/python-ansible/python-ansible-crypto.py-allow-the-constraint-value-to-be-lower-cas.patch b/meta-starlingx/meta-stx-cloud/recipes-devtools/python/files/python-ansible/python-ansible-crypto.py-allow-the-constraint-value-to-be-lower-cas.patch new file mode 100644 index 0000000..1e37ad2 --- /dev/null +++ b/meta-starlingx/meta-stx-cloud/recipes-devtools/python/files/python-ansible/python-ansible-crypto.py-allow-the-constraint-value-to-be-lower-cas.patch @@ -0,0 +1,31 @@ +From 1efb4cc41494201f6773ce2e92a562c96708dcb7 Mon Sep 17 00:00:00 2001 +From: Jackie Huang +Date: Wed, 26 May 2021 14:17:07 +0800 +Subject: [PATCH] crypto.py: allow the constraint value to be lower case + +Upstream-Status: Inappropriate [poky-stx specific] + +Signed-off-by: Jackie Huang +--- + lib/ansible/module_utils/crypto.py | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/lib/ansible/module_utils/crypto.py b/lib/ansible/module_utils/crypto.py +index 9b579a8..550ec26 100644 +--- a/lib/ansible/module_utils/crypto.py ++++ b/lib/ansible/module_utils/crypto.py +@@ -1813,9 +1813,9 @@ def cryptography_get_basic_constraints(constraints): + if constraints: + for constraint in constraints: + if constraint.startswith('CA:'): +- if constraint == 'CA:TRUE': ++ if constraint == 'CA:TRUE' or constraint == 'CA:true': + ca = True +- elif constraint == 'CA:FALSE': ++ elif constraint == 'CA:FALSE' or constraint == 'CA:false': + ca = False + else: + raise OpenSSLObjectError('Unknown basic constraint value "{0}" for CA'.format(constraint[3:])) +-- +2.7.4 + diff --git a/meta-starlingx/meta-stx-cloud/recipes-devtools/python/python-ansible_%.bbappend b/meta-starlingx/meta-stx-cloud/recipes-devtools/python/python-ansible_%.bbappend index 2014f06..816c580 100644 --- a/meta-starlingx/meta-stx-cloud/recipes-devtools/python/python-ansible_%.bbappend +++ b/meta-starlingx/meta-stx-cloud/recipes-devtools/python/python-ansible_%.bbappend @@ -8,7 +8,12 @@ PV = "2.8.5" SRCNAME = "ansible" -SRC_URI = "http://releases.ansible.com/ansible/${SRCNAME}-${PV}.tar.gz" +FILESEXTRAPATHS_prepend := "${THISDIR}/files/${BPN}:" + +SRC_URI = " \ + http://releases.ansible.com/ansible/${SRCNAME}-${PV}.tar.gz \ + file://python-ansible-crypto.py-allow-the-constraint-value-to-be-lower-cas.patch \ + " SRC_URI[md5sum] = "86f0c18250895338709243d997005de3" SRC_URI[sha256sum] = "8e9403e755ce8ef27b6066cdd7a4c567aa80ebe2fd90d0ff8efa0a725d246986" @@ -22,6 +27,7 @@ ANSIBLE_WHITELIST_MODULES = " \ cloud \ clustering \ commands \ + crypto \ database \ files \ identity \ -- 2.16.6