Files
@ b68d19ad38a3
Branch filter:
Location: majic-ansible-roles/roles/ldap_server/playbook.yml - annotation
b68d19ad38a3
4.1 KiB
text/x-yaml
MAR-33: Added initial scaffolding for wsgi_website tests:
- Added Molecule configuration file.
- Implemented test playbook that sets-up three separate instances of WSGI
website in order to test all variations of parameters.
- Added name for the set_fact task.
- Fixed linting errors related to mode that lacks leading zero.
- Added skip_ansible_lint tag for command that creates the Python virtual
environment.
- Added missing become keyword wherever become_user is specified.
- Fixed invalid parameter name for specifying if HTTPS should be enforced or
not.
- Added small initial sample WSGI apps that get deployed.
- Added static/media sample files.
- Added TLS material.
- Added initial dummy test file.
- Added Molecule configuration file.
- Implemented test playbook that sets-up three separate instances of WSGI
website in order to test all variations of parameters.
- Added name for the set_fact task.
- Fixed linting errors related to mode that lacks leading zero.
- Added skip_ansible_lint tag for command that creates the Python virtual
environment.
- Added missing become keyword wherever become_user is specified.
- Fixed invalid parameter name for specifying if HTTPS should be enforced or
not.
- Added small initial sample WSGI apps that get deployed.
- Added static/media sample files.
- Added TLS material.
- Added initial dummy test file.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 | 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 064760bdc9d5 064760bdc9d5 064760bdc9d5 064760bdc9d5 064760bdc9d5 064760bdc9d5 064760bdc9d5 064760bdc9d5 064760bdc9d5 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 064760bdc9d5 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 064760bdc9d5 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 064760bdc9d5 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 064760bdc9d5 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 7c07f17e46ba 064760bdc9d5 064760bdc9d5 064760bdc9d5 064760bdc9d5 064760bdc9d5 064760bdc9d5 064760bdc9d5 064760bdc9d5 | ---
- hosts: all
tasks:
- name: Update all caches to avoid errors due to missing remote archives
apt:
update_cache: yes
- hosts: parameters-mandatory.local
roles:
- role: ldap_server
ldap_admin_password: adminpassword
# ldap_client
ldap_client_config:
- comment: CA truststore
option: TLS_CACERT
value: /etc/ssl/certs/testca.cert.pem
- comment: Ensure TLS is enforced
option: TLS_REQCERT
value: demand
# common vars (not the role, global common)
tls_private_key_dir: tests/data/x509/
tls_certificate_dir: tests/data/x509/
- hosts: parameters-optional
roles:
- role: backup_server
backup_host_ssh_private_keys:
dsa: "{{ lookup('file', 'tests/data/ssh/server_dsa') }}"
rsa: "{{ lookup('file', 'tests/data/ssh/server_rsa') }}"
ed25519: "{{ lookup('file', 'tests/data/ssh/server_ed25519') }}"
ecdsa: "{{ lookup('file', 'tests/data/ssh/server_ecdsa') }}"
backup_clients:
- server: parameters-optional
ip: 127.0.0.1
public_key: "{{ lookup('file', 'tests/data/ssh/parameters-optional.pub') }}"
- hosts: parameters-optional
roles:
- role: ldap_server
ldap_admin_password: adminpassword
ldap_entries:
- dn: uid=john,dc=local
attributes:
objectClass:
- inetOrgPerson
- simpleSecurityObject
userPassword: johnpassword
uid: john
cn: John Doe
sn: Doe
- dn: uid=jane,dc=local
attributes:
objectClass:
- inetOrgPerson
- simpleSecurityObject
userPassword: janepassword
uid: jane
cn: Jane Doe
sn: Doe
ldap_permissions:
- >
to *
by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage
by self write
by * read
by dn="cn=admin,dc=local" write
by * none
ldap_server_consumers:
- name: consumer1
password: consumer1password
- name: consumer2
password: consumer2password
state: present
- name: consumer3
password: consumer3password
state: absent
ldap_server_groups:
- name: group1
- name: group2
state: present
- name: group3
state: absent
ldap_server_domain: "local"
ldap_server_organization: "Example"
ldap_server_log_level: 0
ldap_server_tls_certificate: "{{ lookup('file', 'tests/data/x509/parameters-optional.cert.pem') }}"
ldap_server_tls_key: "{{ lookup('file', 'tests/data/x509/parameters-optional.key.pem') }}"
ldap_server_ssf: 0
ldap_tls_ciphers: "NONE:+VERS-TLS1.1:+VERS-TLS1.2:+CTYPE-X509:+COMP-NULL:+SIGN-RSA-SHA256:+SIGN-RSA-SHA384:+SIGN-RSA-SHA512:+DHE-RSA:+ECDHE-RSA:+SHA1:+SHA256:+SHA384:+AEAD:+AES-128-GCM:+AES-128-CBC:+AES-256-GCM:+AES-256-CBC:+CURVE-ALL"
# ldap_client
ldap_client_config:
- comment: CA truststore
option: TLS_CACERT
value: /etc/ssl/certs/testca.cert.pem
- comment: Ensure TLS is enforced
option: TLS_REQCERT
value: demand
# backup_client
enable_backup: yes
backup_encryption_key: "{{ lookup('file', 'tests/data/gnupg/parameters-optional.asc') }}"
backup_server: localhost
backup_server_host_ssh_public_keys:
- "{{ lookup('file', 'tests/data/ssh/server_dsa.pub') }}"
- "{{ lookup('file', 'tests/data/ssh/server_rsa.pub') }}"
- "{{ lookup('file', 'tests/data/ssh/server_ed25519.pub') }}"
- "{{ lookup('file', 'tests/data/ssh/server_ecdsa.pub') }}"
backup_ssh_key: "{{ lookup('file', 'tests/data/ssh/parameters-optional' ) }}"
- hosts: all
tasks:
- name: Deploy CA certificate
copy:
src: tests/data/x509/ca.cert.pem
dest: /etc/ssl/certs/testca.cert.pem
owner: root
group: root
mode: 0644
- hosts: client
tasks:
- name: Install tool for teting TCP connectivity
apt:
name: hping3
state: installed
|