diff --git a/roles/xmpp_server/defaults/main.yml b/roles/xmpp_server/defaults/main.yml index a5827c4d9333125de67d07acf7655ef787ac5bc6..65e34e7ca5edd3cac7932f01ee053e365aa0e82e 100644 --- a/roles/xmpp_server/defaults/main.yml +++ b/roles/xmpp_server/defaults/main.yml @@ -1,6 +1,6 @@ --- -enable_backup: False +enable_backup: false xmpp_domains: - "{{ ansible_domain }}" xmpp_tls_certificate: "{{ lookup('file', tls_certificate_dir + '/' + ansible_fqdn + '_xmpp.pem') }}" diff --git a/roles/xmpp_server/molecule/default/create.yml b/roles/xmpp_server/molecule/default/create.yml index f8eb37cd4df02c540216c02791d0c50870986202..ce8657f9bae3be7f42731fd1efe77e87a62afcd9 100644 --- a/roles/xmpp_server/molecule/default/create.yml +++ b/roles/xmpp_server/molecule/default/create.yml @@ -2,7 +2,7 @@ - name: Create hosts: localhost connection: local - gather_facts: False + gather_facts: false no_log: "{{ not lookup('env', 'MOLECULE_DEBUG') | bool }}" vars: molecule_file: "{{ lookup('env', 'MOLECULE_FILE') }}" diff --git a/roles/xmpp_server/molecule/default/destroy.yml b/roles/xmpp_server/molecule/default/destroy.yml index 3972a2df8fafe515b30a74f951499b83aae8449c..8f0a3703672765e77f4f1a3a8046a1f2b561a7a8 100644 --- a/roles/xmpp_server/molecule/default/destroy.yml +++ b/roles/xmpp_server/molecule/default/destroy.yml @@ -3,7 +3,7 @@ - name: Destroy hosts: localhost connection: local - gather_facts: False + gather_facts: false no_log: "{{ not lookup('env', 'MOLECULE_DEBUG') | bool }}" vars: molecule_file: "{{ lookup('env', 'MOLECULE_FILE') }}" diff --git a/roles/xmpp_server/molecule/default/group_vars/parameters-mandatory.yml b/roles/xmpp_server/molecule/default/group_vars/parameters-mandatory.yml new file mode 100644 index 0000000000000000000000000000000000000000..57596b9126bf453d96371c90e76de9e15a9b4628 --- /dev/null +++ b/roles/xmpp_server/molecule/default/group_vars/parameters-mandatory.yml @@ -0,0 +1,15 @@ +--- + +xmpp_administrators: + - john.doe@domain1 +xmpp_ldap_base_dn: dc=local +xmpp_ldap_password: prosodypassword +xmpp_ldap_server: ldap-server + +# Common parameters (general, not role). +tls_certificate_dir: tests/data/x509/ +tls_private_key_dir: tests/data/x509/ + +# common +ca_certificates: + testca: "{{ lookup('file', 'tests/data/x509/ca.cert.pem') }}" diff --git a/roles/xmpp_server/molecule/default/group_vars/parameters-optional.yml b/roles/xmpp_server/molecule/default/group_vars/parameters-optional.yml new file mode 100644 index 0000000000000000000000000000000000000000..743e7ee86474d6e6123aebbe6d1c6eb8bec47172 --- /dev/null +++ b/roles/xmpp_server/molecule/default/group_vars/parameters-optional.yml @@ -0,0 +1,33 @@ +--- + +xmpp_administrators: + - jane.doe@domain2 + - mick.doe@domain3 +xmpp_domains: + - domain2 + - domain3 +xmpp_ldap_base_dn: dc=local +xmpp_ldap_password: prosodypassword +xmpp_ldap_server: ldap-server +xmpp_tls_certificate: "{{ lookup('file', 'tests/data/x509/parameters-optional_xmpp.cert.pem') }}" +xmpp_tls_key: "{{ lookup('file', 'tests/data/x509/parameters-optional_xmpp.key.pem') }}" + +# Common parameters (general, not role). +tls_certificate_dir: tests/data/x509/ +tls_private_key_dir: tests/data/x509/ + +# common +ca_certificates: + testca: "{{ lookup('file', 'tests/data/x509/ca.cert.pem') }}" + +# backup_client +enable_backup: true +backup_client_username: bak-parameters-optional +backup_encryption_key: "{{ lookup('file', 'tests/data/gnupg/parameters-optional.asc') }}" +backup_server: backup-server +backup_server_host_ssh_public_keys: + - "{{ lookup('file', 'tests/data/ssh/server_dsa.pub') }}" + - "{{ lookup('file', 'tests/data/ssh/server_rsa.pub') }}" + - "{{ lookup('file', 'tests/data/ssh/server_ed25519.pub') }}" + - "{{ lookup('file', 'tests/data/ssh/server_ecdsa.pub') }}" +backup_ssh_key: "{{ lookup('file', 'tests/data/ssh/parameters-optional' ) }}" diff --git a/roles/xmpp_server/molecule/default/host_vars/ldap-server.yml b/roles/xmpp_server/molecule/default/host_vars/ldap-server.yml new file mode 100644 index 0000000000000000000000000000000000000000..f21581ec0ce601e3b7828fbadc09e259144be512 --- /dev/null +++ b/roles/xmpp_server/molecule/default/host_vars/ldap-server.yml @@ -0,0 +1,98 @@ +--- + +# ldap_server role. +ldap_admin_password: admin +ldap_entries: + + # Users + - dn: uid=john,ou=people,dc=local + attributes: + objectClass: + - inetOrgPerson + - simpleSecurityObject + userPassword: johnpassword + uid: john + cn: John Doe + sn: Doe + mail: john.doe@domain1 + - dn: uid=jane,ou=people,dc=local + attributes: + objectClass: + - inetOrgPerson + - simpleSecurityObject + userPassword: janepassword + uid: jane + cn: Jane Doe + sn: Doe + mail: jane.doe@domain2 + - dn: uid=mick,ou=people,dc=local + attributes: + objectClass: + - inetOrgPerson + - simpleSecurityObject + userPassword: mickpassword + uid: mick + cn: Mick Doe + sn: Doe + mail: mick.doe@domain3 + + - dn: uid=noxmpp,ou=people,dc=local + attributes: + objectClass: + - inetOrgPerson + - simpleSecurityObject + userPassword: noxmpppassword + uid: noxmpp + cn: No XMPP + sn: XMPP + mail: noxmpp@domain1 + + # Groups + - dn: "cn=xmpp,ou=groups,dc=local" + state: append + attributes: + uniqueMember: + - uid=john,ou=people,dc=local + - uid=jane,ou=people,dc=local + - uid=mick,ou=people,dc=local + +ldap_server_consumers: + - name: prosody + password: prosodypassword + +ldap_server_domain: "local" +ldap_server_groups: + - name: xmpp +ldap_server_organization: "Example" +ldap_server_tls_certificate: "{{ lookup('file', 'tests/data/x509/ldap-server_ldap.cert.pem') }}" +ldap_server_tls_key: "{{ lookup('file', 'tests/data/x509/ldap-server_ldap.key.pem') }}" + +# common +ca_certificates: + testca: "{{ lookup('file', 'tests/data/x509/ca.cert.pem') }}" + +# ldap_client +ldap_client_config: + - comment: CA truststore + option: TLS_CACERT + value: /etc/ssl/certs/testca.cert.pem + - comment: Ensure TLS is enforced + option: TLS_REQCERT + value: demand + - comment: Base DN + option: BASE + value: dc=local + - comment: URI + option: URI + value: ldapi:/// + +# backup_server role. +backup_host_ssh_private_keys: + dsa: "{{ lookup('file', 'tests/data/ssh/server_dsa') }}" + rsa: "{{ lookup('file', 'tests/data/ssh/server_rsa') }}" + ed25519: "{{ lookup('file', 'tests/data/ssh/server_ed25519') }}" + ecdsa: "{{ lookup('file', 'tests/data/ssh/server_ecdsa') }}" +backup_clients: + - server: parameters-optional + ip: 10.31.127.31 + public_key: "{{ lookup('file', 'tests/data/ssh/parameters-optional.pub') }}" diff --git a/roles/xmpp_server/molecule/default/molecule.yml b/roles/xmpp_server/molecule/default/molecule.yml index 7d5535b29b3d31f727a100bfc38c6c93cd4d8a29..bd65c068cf1545d45550ffbcdb01bdc1c0a18e9d 100644 --- a/roles/xmpp_server/molecule/default/molecule.yml +++ b/roles/xmpp_server/molecule/default/molecule.yml @@ -9,6 +9,8 @@ driver: lint: name: yamllint + options: + config-file: ../../.yamllint.yml platforms: diff --git a/roles/xmpp_server/molecule/default/playbook.yml b/roles/xmpp_server/molecule/default/playbook.yml index ca17d4a91af07aabb65aec7f5d8c18461c48750b..28027f6e59874d5ac59044ec106661d2b9e80c76 100644 --- a/roles/xmpp_server/molecule/default/playbook.yml +++ b/roles/xmpp_server/molecule/default/playbook.yml @@ -1,55 +1,6 @@ --- -- hosts: parameters-mandatory - become: yes +- hosts: parameters-mandatory,parameters-optional + become: true roles: - - role: xmpp_server - xmpp_administrators: - - john.doe@domain1 - xmpp_ldap_base_dn: dc=local - xmpp_ldap_password: prosodypassword - xmpp_ldap_server: ldap-server - - # Common parameters (general, not role). - tls_certificate_dir: tests/data/x509/ - tls_private_key_dir: tests/data/x509/ - - # common - ca_certificates: - testca: "{{ lookup('file', 'tests/data/x509/ca.cert.pem') }}" - -- hosts: parameters-optional - become: yes - roles: - - role: xmpp_server - xmpp_administrators: - - jane.doe@domain2 - - mick.doe@domain3 - xmpp_domains: - - domain2 - - domain3 - xmpp_ldap_base_dn: dc=local - xmpp_ldap_password: prosodypassword - xmpp_ldap_server: ldap-server - xmpp_tls_certificate: "{{ lookup('file', 'tests/data/x509/parameters-optional_xmpp.cert.pem') }}" - xmpp_tls_key: "{{ lookup('file', 'tests/data/x509/parameters-optional_xmpp.key.pem') }}" - - # Common parameters (general, not role). - tls_certificate_dir: tests/data/x509/ - tls_private_key_dir: tests/data/x509/ - - # common - ca_certificates: - testca: "{{ lookup('file', 'tests/data/x509/ca.cert.pem') }}" - - # backup_client - enable_backup: yes - backup_client_username: bak-parameters-optional - backup_encryption_key: "{{ lookup('file', 'tests/data/gnupg/parameters-optional.asc') }}" - backup_server: backup-server - backup_server_host_ssh_public_keys: - - "{{ lookup('file', 'tests/data/ssh/server_dsa.pub') }}" - - "{{ lookup('file', 'tests/data/ssh/server_rsa.pub') }}" - - "{{ lookup('file', 'tests/data/ssh/server_ed25519.pub') }}" - - "{{ lookup('file', 'tests/data/ssh/server_ecdsa.pub') }}" - backup_ssh_key: "{{ lookup('file', 'tests/data/ssh/parameters-optional' ) }}" + - xmpp_server diff --git a/roles/xmpp_server/molecule/default/prepare.yml b/roles/xmpp_server/molecule/default/prepare.yml index 731236009345f9e0520cea86b3058e53d511ef0c..30ec05e897377b04761353736ae4b513a635ad75 100644 --- a/roles/xmpp_server/molecule/default/prepare.yml +++ b/roles/xmpp_server/molecule/default/prepare.yml @@ -2,21 +2,21 @@ - name: Prepare hosts: all - gather_facts: False + gather_facts: false tasks: - name: Install python for Ansible raw: test -e /usr/bin/python || (apt -y update && apt install -y python-minimal) - become: True - changed_when: False + become: true + changed_when: false - hosts: all - become: yes + become: true tasks: - name: Update all caches to avoid errors due to missing remote archives apt: - update_cache: yes - changed_when: False + update_cache: true + changed_when: false - name: Set-up the hosts file lineinfile: @@ -34,13 +34,13 @@ 10.31.127.31: "parameters-optional domain2 proxy.domain2 conference.domain2 domain3 proxy.domain3 conference.domain3" - hosts: client1 - become: yes + become: true tasks: - name: Install tool for testing TCP connectivity apt: name: hping3 - state: installed + state: present - name: Deploy CA certificate copy: @@ -55,12 +55,12 @@ - name: Install console-based XMPP client (for interactive testing) apt: name: mcabber - state: installed + state: present - name: Install console-based XMPP tool (for non-interactive testing) apt: name: sendxmpp - state: installed + state: present - name: Create dedicated group for testing group: @@ -108,110 +108,16 @@ command: /usr/sbin/update-ca-certificates --fresh - hosts: ldap-server - become: yes + become: true roles: - - role: ldap_server - ldap_admin_password: admin - ldap_entries: - - # Users - - dn: uid=john,ou=people,dc=local - attributes: - objectClass: - - inetOrgPerson - - simpleSecurityObject - userPassword: johnpassword - uid: john - cn: John Doe - sn: Doe - mail: john.doe@domain1 - - dn: uid=jane,ou=people,dc=local - attributes: - objectClass: - - inetOrgPerson - - simpleSecurityObject - userPassword: janepassword - uid: jane - cn: Jane Doe - sn: Doe - mail: jane.doe@domain2 - - dn: uid=mick,ou=people,dc=local - attributes: - objectClass: - - inetOrgPerson - - simpleSecurityObject - userPassword: mickpassword - uid: mick - cn: Mick Doe - sn: Doe - mail: mick.doe@domain3 - - - dn: uid=noxmpp,ou=people,dc=local - attributes: - objectClass: - - inetOrgPerson - - simpleSecurityObject - userPassword: noxmpppassword - uid: noxmpp - cn: No XMPP - sn: XMPP - mail: noxmpp@domain1 - - # Groups - - dn: "cn=xmpp,ou=groups,dc=local" - state: append - attributes: - uniqueMember: - - uid=john,ou=people,dc=local - - uid=jane,ou=people,dc=local - - uid=mick,ou=people,dc=local - - ldap_server_consumers: - - name: prosody - password: prosodypassword - - ldap_server_domain: "local" - ldap_server_groups: - - name: xmpp - ldap_server_organization: "Example" - ldap_server_tls_certificate: "{{ lookup('file', 'tests/data/x509/ldap-server_ldap.cert.pem') }}" - ldap_server_tls_key: "{{ lookup('file', 'tests/data/x509/ldap-server_ldap.key.pem') }}" - - # common - ca_certificates: - testca: "{{ lookup('file', 'tests/data/x509/ca.cert.pem') }}" - - # ldap_client - ldap_client_config: - - comment: CA truststore - option: TLS_CACERT - value: /etc/ssl/certs/testca.cert.pem - - comment: Ensure TLS is enforced - option: TLS_REQCERT - value: demand - - comment: Base DN - option: BASE - value: dc=local - - comment: URI - option: URI - value: ldapi:/// - - - role: backup_server - backup_host_ssh_private_keys: - dsa: "{{ lookup('file', 'tests/data/ssh/server_dsa') }}" - rsa: "{{ lookup('file', 'tests/data/ssh/server_rsa') }}" - ed25519: "{{ lookup('file', 'tests/data/ssh/server_ed25519') }}" - ecdsa: "{{ lookup('file', 'tests/data/ssh/server_ecdsa') }}" - backup_clients: - - server: parameters-optional - ip: 10.31.127.31 - public_key: "{{ lookup('file', 'tests/data/ssh/parameters-optional.pub') }}" + - ldap_server + - backup_server - hosts: parameters-optional - become: yes + become: true tasks: - name: Install console-based XMPP tool (for non-interactive testing) apt: name: sendxmpp - state: installed + state: present diff --git a/roles/xmpp_server/molecule/default/tests/test_backup.py b/roles/xmpp_server/molecule/default/tests/test_backup.py index b451b6b3c6c8da1ef4f9e272fbb34da2e0e4ae23..01fd2ff54b426de188eb11c5d98986eeac38db47 100644 --- a/roles/xmpp_server/molecule/default/tests/test_backup.py +++ b/roles/xmpp_server/molecule/default/tests/test_backup.py @@ -1,8 +1,10 @@ +import os + import testinfra.utils.ansible_runner testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( - '.molecule/ansible_inventory.yml').get_hosts('parameters-optional') + os.environ['MOLECULE_INVENTORY_FILE']).get_hosts(['parameters-optional']) def test_backup(host): diff --git a/roles/xmpp_server/molecule/default/tests/test_client.py b/roles/xmpp_server/molecule/default/tests/test_client.py index 25895f19cde89bc904e83650d90eed87afe639ed..c9990af29e129ebdc6cceb335d503233dcb708d8 100644 --- a/roles/xmpp_server/molecule/default/tests/test_client.py +++ b/roles/xmpp_server/molecule/default/tests/test_client.py @@ -1,8 +1,10 @@ +import os + import testinfra.utils.ansible_runner testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( - '.molecule/ansible_inventory.yml').get_hosts('client1') + os.environ['MOLECULE_INVENTORY_FILE']).get_hosts(['client1']) def test_connectivity(host): diff --git a/roles/xmpp_server/molecule/default/tests/test_default.py b/roles/xmpp_server/molecule/default/tests/test_default.py index c9eb3fd14f7708dcfdbdbdc5bc783b739d7206f9..a62534da312368d6fdf6c2c6f34fe7845a7246ba 100644 --- a/roles/xmpp_server/molecule/default/tests/test_default.py +++ b/roles/xmpp_server/molecule/default/tests/test_default.py @@ -1,8 +1,10 @@ +import os + import testinfra.utils.ansible_runner testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( - '.molecule/ansible_inventory.yml').get_hosts(['parameters-mandatory', 'parameters-optional']) + os.environ['MOLECULE_INVENTORY_FILE']).get_hosts(['parameters-mandatory', 'parameters-optional']) def test_installed_packages(host): diff --git a/roles/xmpp_server/molecule/default/tests/test_mandatory.py b/roles/xmpp_server/molecule/default/tests/test_mandatory.py index 2a34c99200184f89ea1a6629d1cf40316f7e71b0..3375065e1ed6034d6f004b659f3ab3e3928a8651 100644 --- a/roles/xmpp_server/molecule/default/tests/test_mandatory.py +++ b/roles/xmpp_server/molecule/default/tests/test_mandatory.py @@ -1,8 +1,10 @@ +import os + import testinfra.utils.ansible_runner testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( - '.molecule/ansible_inventory.yml').get_hosts('parameters-mandatory') + os.environ['MOLECULE_INVENTORY_FILE']).get_hosts(['parameters-mandatory']) def test_prosody_tls_files(host): diff --git a/roles/xmpp_server/molecule/default/tests/test_optional.py b/roles/xmpp_server/molecule/default/tests/test_optional.py index 770827c522dec7f31381453cbb95964ceea1c074..ea7bf36be569aa2ca87c66865324789db423336a 100644 --- a/roles/xmpp_server/molecule/default/tests/test_optional.py +++ b/roles/xmpp_server/molecule/default/tests/test_optional.py @@ -1,8 +1,10 @@ +import os + import testinfra.utils.ansible_runner testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( - '.molecule/ansible_inventory.yml').get_hosts('parameters-optional') + os.environ['MOLECULE_INVENTORY_FILE']).get_hosts(['parameters-optional']) def test_prosody_tls_files(host): diff --git a/roles/xmpp_server/tasks/main.yml b/roles/xmpp_server/tasks/main.yml index 4b6a9bd0ffe993c55f819ae84730e7aa7a0fd103..8893b89bbf4d4ad1c10be02f693fd8f68869339c 100644 --- a/roles/xmpp_server/tasks/main.yml +++ b/roles/xmpp_server/tasks/main.yml @@ -17,22 +17,22 @@ - name: Install Lua Sec library (needed for TLS) apt: name: lua-sec - state: installed + state: present - name: Install Lua LDAP library apt: name: lua-ldap - state: installed + state: present - name: Install Prosody apt: name: prosody - state: installed + state: present - name: Allow Prosody user to traverse the directory with TLS private keys user: name: prosody - append: yes + append: true groups: ssl-cert - name: Deploy XMPP TLS private key