Files
@ 3dd7f39302f8
Branch filter:
Location: majic-ansible-roles/roles/web_server/playbook.yml - annotation
3dd7f39302f8
2.4 KiB
text/x-yaml
MAR-29: Implemented tests for php_website role:
- Install some additional tools for testing everything.
- Updated test playbook to change allowed extensions for running PHP scripts on
parameters-optional.
- Updated error page to use correct extension for parameters-optional test
instance.
- Expanded rewrite configuration slightly for parameters-optional.
- Install libmariadb-client-lgpl-dev-compat to test mysql_config symlink
creation.
- Deploy a number of PHP pages used for testing if pages are served correctly.
- Set file permissions on deployed PHP FPM pool configuraiton files.
- Use expanded syntax when deploying TLS keys/certificates in order to avoid
issues with TAB mangling.
- Fixed set-up of Strict-Transport-Security header when HTTPS enforcement is
disabled.
- Added a number of PHP and static test pages.
- Wrote tests covering full functionality of the role.
- Install some additional tools for testing everything.
- Updated test playbook to change allowed extensions for running PHP scripts on
parameters-optional.
- Updated error page to use correct extension for parameters-optional test
instance.
- Expanded rewrite configuration slightly for parameters-optional.
- Install libmariadb-client-lgpl-dev-compat to test mysql_config symlink
creation.
- Deploy a number of PHP pages used for testing if pages are served correctly.
- Set file permissions on deployed PHP FPM pool configuraiton files.
- Use expanded syntax when deploying TLS keys/certificates in order to avoid
issues with TAB mangling.
- Fixed set-up of Strict-Transport-Security header when HTTPS enforcement is
disabled.
- Added a number of PHP and static test pages.
- Wrote tests covering full functionality of the role.
502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 351cd42e5f56 351cd42e5f56 351cd42e5f56 351cd42e5f56 351cd42e5f56 351cd42e5f56 351cd42e5f56 351cd42e5f56 | ---
- hosts: all
tasks:
- name: Update all caches to avoid errors due to missing remote archives
apt:
update_cache: yes
- hosts: all
tasks:
- name: Set-up /etc/hosts entries
lineinfile:
dest: /etc/hosts
line: "{{ item.key }} {{ item.value }}"
with_dict:
10.31.127.20: "client1"
10.31.127.30: "parameters-mandatory"
10.31.127.31: "parameters-optional"
- hosts: client1
tasks:
- name: Install tool for testing TCP connectivity
apt:
name: hping3
state: installed
- name: Install console-based web browser for interactive testing
apt:
name: lynx
state: installed
- name: Deploy CA certificate
copy:
src: tests/data/x509/ca.cert.pem
dest: /usr/local/share/ca-certificates/testca.crt
owner: root
group: root
mode: 0644
notify:
- Update CA certificate cache
handlers:
- name: Update CA certificate cache
command: /usr/sbin/update-ca-certificates --fresh
- hosts: parameters-mandatory
roles:
- role: web_server
# common
ca_certificates:
testca: "{{ lookup('file', 'tests/data/x509/ca.cert.pem') }}"
# Common parameters (general, not role).
tls_certificate_dir: tests/data/x509/
tls_private_key_dir: tests/data/x509/
- hosts: parameters-optional
roles:
- role: web_server
default_enforce_https: no
default_https_tls_certificate: "{{ lookup('file', 'tests/data/x509/parameters-optional_https.cert.pem') }}"
default_https_tls_key: "{{ lookup('file', 'tests/data/x509/parameters-optional_https.key.pem') }}"
web_default_title: "Optional Welcome"
web_default_message: "Welcome to parameters-optional, default virtual host."
web_server_tls_protocols:
- TLSv1.1
- TLSv1.2
web_server_tls_ciphers: "DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:!aNULL:!MD5:!EXPORT"
# common
ca_certificates:
testca: "{{ lookup('file', 'tests/data/x509/ca.cert.pem') }}"
- hosts: all
tasks:
- name: Install curl for testing redirects and webpage content
apt:
name: curl
state: installed
|