jimbaker · July 28, 2016 16:50
diff --git a/audit.py b/audit.py
 from cratonclient.v1 import make_session, inventory

 # audit workflow

 session = make_session(...)  # or use CRATON_* environ variables...
 osa_base = inventory.Workflow(session).get('openstack-ansible')

 # Defines a new workflow, based on an existing one;
 # in this case we have specific support for OSA containers;
 # although presumably we don't see this actually applying here

 # need to ensure the role is available and setup


 # configurable aspects for each workflow
 # * roles for this workflow (coresponds to keys, but also includes r/w permissions)
 # * keys used by this workflow - input/output - defaults to the name of the workflow
 # * scheduling strategy - example: 'aisle,cabinet'
 # * some sort of packaging, including specific support for OSA; as
 #   well as things we need to push down to tooling like Ansible, eg
 #   the user do the OSA security audit ('root')
 # * packaging config variables
 # * (optional) performance data to help scheduling strategy

 wf = osa_base.define_workflow('osa-audit')  # fails if this workflow name already exists
 wf.strategy = 'aisle,cabinet'
 wf.isolate_host_failure = True
 wf.repo = 'git://git.openstack.org/openstack/openstack-ansible-security'
 wf.ansible_playbook = {
    'name': 'Run openstack-ansible-security'
    'user': 'root',
    'roles': ['openstack-ansible-security']}
 # From
 # http://docs.openstack.org/developer/openstack-ansible-security/configuration.html
 wf.variables['security_ntp_bind_local_interfaces_only'] = False
 wf.save()


 # run workflow

 cell = inventory.Cell(session).get('cell-1')
 audit_workflow = inventory.Workflow(session).get('osa-audit')

 # submit workflows to run on each host in the cell
 with cell.hosts().start_workflows() as t:
    t.run(audit_workflow)

 # alternative way to submit, esp if just one workflow
 t = cell.hosts().start_workflow(audit_workflow)

 # wait by polling for completion, including everything failed;
 # alternatively just test in your own polling loop;
 # or possibly also support asyncio style futures, using await, etc
 t.is_completed(wait=True)

 for failure in t.failures():
    print failure  # instead of just reporting, take some action
                
 for host in cell.hosts():
    # check for out-of-compliance on each host - for now, just print
    print host.resolved[audit_workflow.name]  # may need to look at multiple keys
	from cratonclient.v1 import make_session, inventory

	# audit workflow

	session = make_session(...) # or use CRATON_* environ variables...
	osa_base = inventory.Workflow(session).get('openstack-ansible')

	# Defines a new workflow, based on an existing one;
	# in this case we have specific support for OSA containers;
	# although presumably we don't see this actually applying here

	# need to ensure the role is available and setup


	# configurable aspects for each workflow
	# * roles for this workflow (coresponds to keys, but also includes r/w permissions)
	# * keys used by this workflow - input/output - defaults to the name of the workflow
	# * scheduling strategy - example: 'aisle,cabinet'
	# * some sort of packaging, including specific support for OSA; as
	# well as things we need to push down to tooling like Ansible, eg
	# the user do the OSA security audit ('root')
	# * packaging config variables
	# * (optional) performance data to help scheduling strategy

	wf = osa_base.define_workflow('osa-audit') # fails if this workflow name already exists
	wf.strategy = 'aisle,cabinet'
	wf.isolate_host_failure = True
	wf.repo = 'git://git.openstack.org/openstack/openstack-ansible-security'
	wf.ansible_playbook = {
	'name': 'Run openstack-ansible-security'
	'user': 'root',
	'roles': ['openstack-ansible-security']}
	# From
	# http://docs.openstack.org/developer/openstack-ansible-security/configuration.html
	wf.variables['security_ntp_bind_local_interfaces_only'] = False
	wf.save()


	# run workflow

	cell = inventory.Cell(session).get('cell-1')
	audit_workflow = inventory.Workflow(session).get('osa-audit')

	# submit workflows to run on each host in the cell
	with cell.hosts().start_workflows() as t:
	t.run(audit_workflow)

	# alternative way to submit, esp if just one workflow
	t = cell.hosts().start_workflow(audit_workflow)

	# wait by polling for completion, including everything failed;
	# alternatively just test in your own polling loop;
	# or possibly also support asyncio style futures, using await, etc
	t.is_completed(wait=True)

	for failure in t.failures():
	print failure # instead of just reporting, take some action

	for host in cell.hosts():
	# check for out-of-compliance on each host - for now, just print
	print host.resolved[audit_workflow.name] # may need to look at multiple keys