Files
@ 5ea45eee5187
Branch filter:
Location: majic-ansible-roles/roles/web_server/playbook.yml - annotation
5ea45eee5187
2.4 KiB
text/x-yaml
MAR-124: Updated mail_forwarder test_tls_enforced_towards_relay_mail_server to be a bit robust against race condition.
502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 8f33126c7555 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 502fdc081d35 351cd42e5f56 351cd42e5f56 351cd42e5f56 351cd42e5f56 351cd42e5f56 351cd42e5f56 351cd42e5f56 351cd42e5f56 | ---
- hosts: all
tasks:
- name: Update all caches to avoid errors due to missing remote archives
apt:
update_cache: yes
changed_when: False
- hosts: all
tasks:
- name: Set-up /etc/hosts entries
lineinfile:
dest: /etc/hosts
line: "{{ item.key }} {{ item.value }}"
with_dict:
10.31.127.20: "client1"
10.31.127.30: "parameters-mandatory"
10.31.127.31: "parameters-optional"
- hosts: client1
tasks:
- name: Install tool for testing TCP connectivity
apt:
name: hping3
state: installed
- name: Install console-based web browser for interactive testing
apt:
name: lynx
state: installed
- name: Deploy CA certificate
copy:
src: tests/data/x509/ca.cert.pem
dest: /usr/local/share/ca-certificates/testca.crt
owner: root
group: root
mode: 0644
notify:
- Update CA certificate cache
handlers:
- name: Update CA certificate cache
command: /usr/sbin/update-ca-certificates --fresh
- hosts: parameters-mandatory
roles:
- role: web_server
# common
ca_certificates:
testca: "{{ lookup('file', 'tests/data/x509/ca.cert.pem') }}"
# Common parameters (general, not role).
tls_certificate_dir: tests/data/x509/
tls_private_key_dir: tests/data/x509/
- hosts: parameters-optional
roles:
- role: web_server
default_enforce_https: no
default_https_tls_certificate: "{{ lookup('file', 'tests/data/x509/parameters-optional_https.cert.pem') }}"
default_https_tls_key: "{{ lookup('file', 'tests/data/x509/parameters-optional_https.key.pem') }}"
web_default_title: "Optional Welcome"
web_default_message: "Welcome to parameters-optional, default virtual host."
web_server_tls_protocols:
- TLSv1.1
- TLSv1.2
web_server_tls_ciphers: "DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:!aNULL:!MD5:!EXPORT"
# common
ca_certificates:
testca: "{{ lookup('file', 'tests/data/x509/ca.cert.pem') }}"
- hosts: all
tasks:
- name: Install curl for testing redirects and webpage content
apt:
name: curl
state: installed
|