Files
@ 6b8b1d4c9061
Branch filter:
Location: majic-ansible-roles/roles/ldap_server/molecule/default/playbook.yml - annotation
6b8b1d4c9061
3.7 KiB
text/x-yaml
MAR-129: Updated backup_server role linting and test configuration:
- Fixed linting issues.
- Use global linting configuration file.
- Moved test variables into group_vars.
- Fixed linting issues.
- Use global linting configuration file.
- Moved test variables into group_vars.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 | 7c07f17e46ba 7c07f17e46ba ec4e3e91c4d3 ec4e3e91c4d3 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 064760bdc9d5 064760bdc9d5 064760bdc9d5 064760bdc9d5 064760bdc9d5 064760bdc9d5 064760bdc9d5 064760bdc9d5 064760bdc9d5 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba ec4e3e91c4d3 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba ec4e3e91c4d3 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba ec4e3e91c4d3 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 064760bdc9d5 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 064760bdc9d5 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba ec4e3e91c4d3 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba | ---
- hosts: parameters-mandatory
become: yes
roles:
- role: ldap_server
ldap_admin_password: adminpassword
# ldap_client
ldap_client_config:
- comment: CA truststore
option: TLS_CACERT
value: /etc/ssl/certs/testca.cert.pem
- comment: Ensure TLS is enforced
option: TLS_REQCERT
value: demand
# common vars (not the role, global common)
tls_private_key_dir: tests/data/x509/
tls_certificate_dir: tests/data/x509/
- hosts: parameters-optional
become: yes
roles:
- role: backup_server
backup_host_ssh_private_keys:
dsa: "{{ lookup('file', 'tests/data/ssh/server_dsa') }}"
rsa: "{{ lookup('file', 'tests/data/ssh/server_rsa') }}"
ed25519: "{{ lookup('file', 'tests/data/ssh/server_ed25519') }}"
ecdsa: "{{ lookup('file', 'tests/data/ssh/server_ecdsa') }}"
backup_clients:
- server: localhost
ip: 127.0.0.1
public_key: "{{ lookup('file', 'tests/data/ssh/parameters-optional.pub') }}"
- hosts: parameters-optional
become: yes
roles:
- role: ldap_server
ldap_admin_password: adminpassword
ldap_entries:
- dn: uid=john,dc=local
attributes:
objectClass:
- inetOrgPerson
- simpleSecurityObject
userPassword: johnpassword
uid: john
cn: John Doe
sn: Doe
- dn: uid=jane,dc=local
attributes:
objectClass:
- inetOrgPerson
- simpleSecurityObject
userPassword: janepassword
uid: jane
cn: Jane Doe
sn: Doe
ldap_permissions:
- >
to *
by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage
by self write
by * read
by dn="cn=admin,dc=local" write
by * none
ldap_server_consumers:
- name: consumer1
password: consumer1password
- name: consumer2
password: consumer2password
state: present
- name: consumer3
password: consumer3password
state: absent
ldap_server_groups:
- name: group1
- name: group2
state: present
- name: group3
state: absent
ldap_server_domain: "local"
ldap_server_organization: "Example"
ldap_server_log_level: 0
ldap_server_tls_certificate: "{{ lookup('file', 'tests/data/x509/parameters-optional.cert.pem') }}"
ldap_server_tls_key: "{{ lookup('file', 'tests/data/x509/parameters-optional.key.pem') }}"
ldap_server_ssf: 0
ldap_tls_ciphers: "NONE:+VERS-TLS1.1:+VERS-TLS1.2:+CTYPE-X509:+COMP-NULL:+SIGN-RSA-SHA256:+SIGN-RSA-SHA384:+SIGN-RSA-SHA512:+DHE-RSA:+ECDHE-RSA:+SHA1:+SHA256:+SHA384:+AEAD:+AES-128-GCM:+AES-128-CBC:+AES-256-GCM:+AES-256-CBC:+CURVE-ALL"
# ldap_client
ldap_client_config:
- comment: CA truststore
option: TLS_CACERT
value: /etc/ssl/certs/testca.cert.pem
- comment: Ensure TLS is enforced
option: TLS_REQCERT
value: demand
# backup_client
enable_backup: yes
backup_client_username: "bak-localhost"
backup_encryption_key: "{{ lookup('file', 'tests/data/gnupg/parameters-optional.asc') }}"
backup_server: localhost
backup_server_host_ssh_public_keys:
- "{{ lookup('file', 'tests/data/ssh/server_dsa.pub') }}"
- "{{ lookup('file', 'tests/data/ssh/server_rsa.pub') }}"
- "{{ lookup('file', 'tests/data/ssh/server_ed25519.pub') }}"
- "{{ lookup('file', 'tests/data/ssh/server_ecdsa.pub') }}"
backup_ssh_key: "{{ lookup('file', 'tests/data/ssh/parameters-optional' ) }}"
|