From 88290d45ad87787ea8bcf3509439d0e4e0807b80 2017-11-25 23:36:44 From: Branko Majic Date: 2017-11-25 23:36:44 Subject: [PATCH] MAR-128: Upgraded tests for backup_client role: - Switch to new Molecule configuration. - Updated set-up playbook to use become: yes. - Moved some preparatory steps outside of the main playbook (eases idempotence tests). - Updated tests to reference the yml inventory file. - Updated tests to use new fixture (host instead of individual ones). - Updated backup server SSH deployment to have chroot the users for a bit easier set-up, and updated relevants playbooks/tests for this purpose. --- diff --git a/roles/backup_client/molecule.yml b/roles/backup_client/molecule.yml deleted file mode 100644 index b01c5ab9769a947d53804b54eb92d24ba2dec4e8..0000000000000000000000000000000000000000 --- a/roles/backup_client/molecule.yml +++ /dev/null @@ -1,51 +0,0 @@ ---- - -ansible: - ansiblecfg_ssh_connection: - pipelining: True - -dependency: {} - -driver: - name: vagrant - -vagrant: - - platforms: - - name: debian-jessie64 - box: debian/contrib-jessie64 - - name: debian-stretch64 - box: debian/stretch64 - - providers: - - name: virtualbox - type: virtualbox - options: - memory: 512 - cpus: 1 - - instances: - - - name: backup-server - interfaces: - - network_name: private_network - type: static - ip: 10.31.127.10 - auto_config: yes - - - name: parameters-mandatory - interfaces: - - network_name: private_network - type: static - ip: 10.31.127.20 - auto_config: yes - - - name: parameters-optional - interfaces: - - network_name: private_network - type: static - ip: 10.31.127.21 - auto_config: yes - -verifier: - name: testinfra diff --git a/roles/backup_client/molecule/default/create.yml b/roles/backup_client/molecule/default/create.yml new file mode 100644 index 0000000000000000000000000000000000000000..f8eb37cd4df02c540216c02791d0c50870986202 --- /dev/null +++ b/roles/backup_client/molecule/default/create.yml @@ -0,0 +1,56 @@ +--- +- name: Create + hosts: localhost + connection: local + gather_facts: False + no_log: "{{ not lookup('env', 'MOLECULE_DEBUG') | bool }}" + vars: + molecule_file: "{{ lookup('env', 'MOLECULE_FILE') }}" + molecule_instance_config: "{{ lookup('env', 'MOLECULE_INSTANCE_CONFIG') }}" + molecule_yml: "{{ lookup('file', molecule_file) | molecule_from_yaml }}" + tasks: + - name: Create molecule instance(s) + molecule_vagrant: + instance_name: "{{ item.name }}" + instance_interfaces: "{{ item.interfaces | default(omit) }}" + instance_raw_config_args: "{{ item.instance_raw_config_args | default(omit) }}" + + platform_box: "{{ item.box }}" + platform_box_version: "{{ item.box_version | default(omit) }}" + platform_box_url: "{{ item.box_url | default(omit) }}" + + provider_name: "{{ molecule_yml.driver.provider.name }}" + provider_memory: "{{ item.memory | default(omit) }}" + provider_cpus: "{{ item.cpus | default(omit) }}" + provider_raw_config_args: "{{ item.raw_config_args | default(omit) }}" + + state: up + register: server + with_items: "{{ molecule_yml.platforms }}" + + # Mandatory configuration for Molecule to function. + + - name: Populate instance config dict + set_fact: + instance_conf_dict: { + 'instance': "{{ item.Host }}", + 'address': "{{ item.HostName }}", + 'user': "{{ item.User }}", + 'port': "{{ item.Port }}", + 'identity_file': "{{ item.IdentityFile }}", } + with_items: "{{ server.results }}" + register: instance_config_dict + when: server.changed | bool + + - name: Convert instance config dict to a list + set_fact: + instance_conf: "{{ instance_config_dict.results | map(attribute='ansible_facts.instance_conf_dict') | list }}" + when: server.changed | bool + + - name: Dump instance config + copy: + # NOTE(retr0h): Workaround for Ansible 2.2. + # https://github.com/ansible/ansible/issues/20885 + content: "{{ instance_conf | to_json | from_json | molecule_to_yaml | molecule_header }}" + dest: "{{ molecule_instance_config }}" + when: server.changed | bool diff --git a/roles/backup_client/molecule/default/destroy.yml b/roles/backup_client/molecule/default/destroy.yml new file mode 100644 index 0000000000000000000000000000000000000000..3972a2df8fafe515b30a74f951499b83aae8449c --- /dev/null +++ b/roles/backup_client/molecule/default/destroy.yml @@ -0,0 +1,36 @@ +--- + +- name: Destroy + hosts: localhost + connection: local + gather_facts: False + no_log: "{{ not lookup('env', 'MOLECULE_DEBUG') | bool }}" + vars: + molecule_file: "{{ lookup('env', 'MOLECULE_FILE') }}" + molecule_instance_config: "{{ lookup('env',' MOLECULE_INSTANCE_CONFIG') }}" + molecule_yml: "{{ lookup('file', molecule_file) | molecule_from_yaml }}" + tasks: + - name: Destroy molecule instance(s) + molecule_vagrant: + instance_name: "{{ item.name }}" + platform_box: "{{ item.box }}" + provider_name: "{{ molecule_yml.driver.provider.name }}" + force_stop: "{{ item.force_stop | default(True) }}" + + state: destroy + register: server + with_items: "{{ molecule_yml.platforms }}" + + # Mandatory configuration for Molecule to function. + + - name: Populate instance config + set_fact: + instance_conf: {} + + - name: Dump instance config + copy: + # NOTE(retr0h): Workaround for Ansible 2.2. + # https://github.com/ansible/ansible/issues/20885 + content: "{{ instance_conf | to_json | from_json | molecule_to_yaml | molecule_header }}" + dest: "{{ molecule_instance_config }}" + when: server.changed | bool diff --git a/roles/backup_client/molecule/default/molecule.yml b/roles/backup_client/molecule/default/molecule.yml new file mode 100644 index 0000000000000000000000000000000000000000..d773befd136fba816cd0690e7185f75fb60a72a2 --- /dev/null +++ b/roles/backup_client/molecule/default/molecule.yml @@ -0,0 +1,90 @@ +--- + +dependency: {} + +driver: + name: vagrant + provider: + name: virtualbox + +lint: + name: yamllint + +# NOTE: Hostnames are shortened because default values for backup +# usernames are calculated by appending hostname to the "bak-" string, +# which will easily exceed the maximum username length of 32. Yay +# stupid legacy design decisions! +platforms: + - name: backup-server + box: debian/contrib-jessie64 + memory: 512 + cpus: 1 + interfaces: + - auto_config: true + ip: 10.31.127.10 + network_name: private_network + type: static + + - name: parameters-mandatory-j64 + groups: + - parameters-mandatory + box: debian/contrib-jessie64 + memory: 256 + cpus: 1 + interfaces: + - auto_config: true + ip: 10.31.127.20 + network_name: private_network + type: static + + - name: parameters-optional-j64 + groups: + - parameters-optional + box: debian/contrib-jessie64 + memory: 256 + cpus: 1 + interfaces: + - auto_config: true + ip: 10.31.127.21 + network_name: private_network + type: static + + - name: parameters-mandatory-s64 + groups: + - parameters-mandatory + box: debian/contrib-stretch64 + memory: 256 + cpus: 1 + interfaces: + - auto_config: true + ip: 10.31.127.30 + network_name: private_network + type: static + + - name: parameters-optional-s64 + groups: + - parameters-optional + box: debian/contrib-stretch64 + memory: 256 + cpus: 1 + interfaces: + - auto_config: true + ip: 10.31.127.31 + network_name: private_network + type: static + +provisioner: + name: ansible + config_options: + ssh_connection: + pipelining: "True" + lint: + name: ansible-lint + +scenario: + name: default + +verifier: + name: testinfra + lint: + name: flake8 diff --git a/roles/backup_client/molecule/default/playbook.yml b/roles/backup_client/molecule/default/playbook.yml new file mode 100644 index 0000000000000000000000000000000000000000..74e9765d59219bcb46c972d86afe8eeb46ede492 --- /dev/null +++ b/roles/backup_client/molecule/default/playbook.yml @@ -0,0 +1,49 @@ +--- + +- hosts: parameters-mandatory + become: yes + roles: + - role: backup_client + backup_encryption_key: "{{ lookup('file', 'tests/data/gnupg/parameters-mandatory.asc') }}" + backup_server: 10.31.127.10 + backup_server_host_ssh_public_keys: + - "{{ lookup('file', 'tests/data/ssh/server_dsa.pub') }}" + - "{{ lookup('file', 'tests/data/ssh/server_rsa.pub') }}" + - "{{ lookup('file', 'tests/data/ssh/server_ed25519.pub') }}" + - "{{ lookup('file', 'tests/data/ssh/server_ecdsa.pub') }}" + backup_ssh_key: "{{ lookup('file', 'tests/data/ssh/parameters-mandatory' ) }}" + +- hosts: parameters-optional + become: yes + + roles: + - role: backup_client + backup_additional_encryption_keys: + - "{{ lookup('file', 'tests/data/gnupg/additional_encryption_key_1.asc') }}" + - "{{ lookup('file', 'tests/data/gnupg/additional_encryption_key_2.asc') }}" + - "{{ lookup('file', 'tests/data/gnupg/additional_encryption_key_3.asc') }}" + backup_client_username: backupuser + backup_encryption_key: "{{ lookup('file', 'tests/data/gnupg/parameters-optional.asc') }}" + backup_server: 10.31.127.10 + backup_server_destination: "/duplicity/{{ inventory_hostname }}" + backup_server_host_ssh_public_keys: + - "{{ lookup('file', 'tests/data/ssh/server_dsa.pub') }}" + - "{{ lookup('file', 'tests/data/ssh/server_rsa.pub') }}" + - "{{ lookup('file', 'tests/data/ssh/server_ed25519.pub') }}" + - "{{ lookup('file', 'tests/data/ssh/server_ecdsa.pub') }}" + backup_server_port: 3333 + backup_ssh_key: "{{ lookup('file', 'tests/data/ssh/parameters-optional' ) }}" + + +# Deploy a dummy pre-backup script for testing purposes. +- hosts: parameters-mandatory,parameters-optional + become: yes + tasks: + + - name: Deploy pre-backup script + copy: + src: tests/data/10-test-pre-backup.sh + dest: /etc/duply/main/pre.d/10-test-pre-backup.sh + owner: root + group: root + mode: 0700 diff --git a/roles/backup_client/molecule/default/prepare.yml b/roles/backup_client/molecule/default/prepare.yml new file mode 100644 index 0000000000000000000000000000000000000000..a52e9f53682cab2129bd8c3d03ac8c170a504f64 --- /dev/null +++ b/roles/backup_client/molecule/default/prepare.yml @@ -0,0 +1,126 @@ +--- + +- name: Prepare + hosts: all + gather_facts: False + tasks: + - name: Install python for Ansible + raw: test -e /usr/bin/python || (apt -y update && apt install -y python-minimal) + become: True + changed_when: False + +- hosts: all + become: yes + tasks: + + - name: Update all caches to avoid errors due to missing remote archives + apt: + update_cache: yes + changed_when: False + +- hosts: backup-server + become: yes + tasks: + + - name: Deploy SSH server keys + copy: + content: "{{ lookup('file', item.key) + '\n' }}" + dest: "{{ item.value }}" + owner: root + group: root + mode: 0600 + with_dict: + tests/data/ssh/server_dsa: /etc/ssh/ssh_host_dsa_key + tests/data/ssh/server_rsa: /etc/ssh/ssh_host_rsa_key + tests/data/ssh/server_ed25519: /etc/ssh/ssh_host_ed25519_key + tests/data/ssh/server_ecdsa: /etc/ssh/ssh_host_ecdsa_key + notify: + - Restart ssh + + - name: Deploy custom SSH server configuration that chroots users + copy: + src: "tests/data/backup_server_custom-sshd_config" + dest: "/etc/ssh/sshd_config" + owner: root + group: root + mode: 0600 + notify: + - Restart ssh + + - name: Set-up backup group that will contain all backup users + group: + name: "backup-users" + + - name: Set-up backup user groups + group: + name: "{{ item.name }}" + with_items: "{{ backup_users }}" + + - name: Set-up backup users + user: + name: "{{ item.name }}" + group: "{{ item.name }}" + groups: + - "backup-users" + with_items: "{{ backup_users }}" + + - name: Set-up authorised keys + authorized_key: + user: "{{ item.name }}" + key: "{{ item.key }}" + with_items: "{{ backup_users }}" + + - name: Set-up port forwarding + command: "iptables -t nat -A PREROUTING -p tcp -m tcp --dport '{{ item }}' -j REDIRECT --to-ports 22" + changed_when: False + with_items: + - 2222 + - 3333 + + - name: Change ownership of home directories for SFTP chroot to work + file: + path: "{{ item }}" + state: directory + owner: root + group: root + mode: 0755 + with_items: + - /home/backupuser + - /home/bak-parameters-mandatory-s64 + - /home/bak-parameters-mandatory-j64 + + - name: Set-up duplicity backup directories + file: + path: "~{{ item.name }}/duplicity" + state: directory + owner: root + group: backup-users + mode: 0770 + with_items: "{{ backup_users }}" + + + - name: Set-up directories for parameters-optional backups + file: + path: "~backupuser/duplicity/{{ item }}" + state: directory + owner: backupuser + group: backupuser + mode: 0700 + with_items: + - "parameters-optional-s64" + - "parameters-optional-j64" + + handlers: + - name: Restart ssh + service: + name: ssh + state: restarted + + vars: + backup_users: + - name: bak-parameters-mandatory-j64 + key: "{{ lookup('file', 'tests/data/ssh/parameters-mandatory.pub') }}" + - name: bak-parameters-mandatory-s64 + key: "{{ lookup('file', 'tests/data/ssh/parameters-mandatory.pub') }}" + - name: backupuser + key: "{{ lookup('file', 'tests/data/ssh/parameters-optional.pub') }}" diff --git a/roles/backup_client/tests/data/10-test-pre-backup.sh b/roles/backup_client/molecule/default/tests/data/10-test-pre-backup.sh similarity index 100% rename from roles/backup_client/tests/data/10-test-pre-backup.sh rename to roles/backup_client/molecule/default/tests/data/10-test-pre-backup.sh diff --git a/roles/backup_client/molecule/default/tests/data/backup_server_custom-sshd_config b/roles/backup_client/molecule/default/tests/data/backup_server_custom-sshd_config new file mode 100644 index 0000000000000000000000000000000000000000..e3a1df72fe0469bed85963444ecfc99dc831ec3f --- /dev/null +++ b/roles/backup_client/molecule/default/tests/data/backup_server_custom-sshd_config @@ -0,0 +1,93 @@ +# Package generated configuration file +# See the sshd_config(5) manpage for details + +# What ports, IPs and protocols we listen for +Port 22 +# Use these options to restrict which interfaces/protocols sshd will bind to +#ListenAddress :: +#ListenAddress 0.0.0.0 +Protocol 2 +# HostKeys for protocol version 2 +HostKey /etc/ssh/ssh_host_rsa_key +HostKey /etc/ssh/ssh_host_dsa_key +HostKey /etc/ssh/ssh_host_ecdsa_key +HostKey /etc/ssh/ssh_host_ed25519_key +#Privilege Separation is turned on for security +UsePrivilegeSeparation yes + +# Lifetime and size of ephemeral version 1 server key +KeyRegenerationInterval 3600 +ServerKeyBits 1024 + +# Logging +SyslogFacility AUTH +LogLevel INFO + +# Authentication: +LoginGraceTime 120 +PermitRootLogin without-password +StrictModes yes + +RSAAuthentication yes +PubkeyAuthentication yes +#AuthorizedKeysFile %h/.ssh/authorized_keys + +# Don't read the user's ~/.rhosts and ~/.shosts files +IgnoreRhosts yes +# For this to work you will also need host keys in /etc/ssh_known_hosts +RhostsRSAAuthentication no +# similar for protocol version 2 +HostbasedAuthentication no +# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication +#IgnoreUserKnownHosts yes + +# To enable empty passwords, change to yes (NOT RECOMMENDED) +PermitEmptyPasswords no + +# Change to yes to enable challenge-response passwords (beware issues with +# some PAM modules and threads) +ChallengeResponseAuthentication no + +# Change to no to disable tunnelled clear text passwords +#PasswordAuthentication yes + +# Kerberos options +#KerberosAuthentication no +#KerberosGetAFSToken no +#KerberosOrLocalPasswd yes +#KerberosTicketCleanup yes + +# GSSAPI options +#GSSAPIAuthentication no +#GSSAPICleanupCredentials yes + +X11Forwarding yes +X11DisplayOffset 10 +PrintMotd no +PrintLastLog yes +TCPKeepAlive yes +#UseLogin no + +#MaxStartups 10:30:60 +#Banner /etc/issue.net + +# Allow client to pass locale environment variables +AcceptEnv LANG LC_* + +Subsystem sftp internal-sftp + +# Set this to 'yes' to enable PAM authentication, account processing, +# and session processing. If this is enabled, PAM authentication will +# be allowed through the ChallengeResponseAuthentication and +# PasswordAuthentication. Depending on your PAM configuration, +# PAM authentication via ChallengeResponseAuthentication may bypass +# the setting of "PermitRootLogin without-password". +# If you just want the PAM account and session checks to run without +# PAM authentication, then enable this but set PasswordAuthentication +# and ChallengeResponseAuthentication to 'no'. +UsePAM yes +UseDNS no +PasswordAuthentication no + +Match Group backup-users + ChrootDirectory %h \ No newline at end of file diff --git a/roles/backup_client/tests/data/gnupg/additional_encryption_key_1.asc b/roles/backup_client/molecule/default/tests/data/gnupg/additional_encryption_key_1.asc similarity index 100% rename from roles/backup_client/tests/data/gnupg/additional_encryption_key_1.asc rename to roles/backup_client/molecule/default/tests/data/gnupg/additional_encryption_key_1.asc diff --git a/roles/backup_client/tests/data/gnupg/additional_encryption_key_2.asc b/roles/backup_client/molecule/default/tests/data/gnupg/additional_encryption_key_2.asc similarity index 100% rename from roles/backup_client/tests/data/gnupg/additional_encryption_key_2.asc rename to roles/backup_client/molecule/default/tests/data/gnupg/additional_encryption_key_2.asc diff --git a/roles/backup_client/tests/data/gnupg/additional_encryption_key_3.asc b/roles/backup_client/molecule/default/tests/data/gnupg/additional_encryption_key_3.asc similarity index 100% rename from roles/backup_client/tests/data/gnupg/additional_encryption_key_3.asc rename to roles/backup_client/molecule/default/tests/data/gnupg/additional_encryption_key_3.asc diff --git a/roles/backup_client/tests/data/gnupg/parameters-mandatory.asc b/roles/backup_client/molecule/default/tests/data/gnupg/parameters-mandatory.asc similarity index 100% rename from roles/backup_client/tests/data/gnupg/parameters-mandatory.asc rename to roles/backup_client/molecule/default/tests/data/gnupg/parameters-mandatory.asc diff --git a/roles/backup_client/tests/data/gnupg/parameters-optional.asc b/roles/backup_client/molecule/default/tests/data/gnupg/parameters-optional.asc similarity index 100% rename from roles/backup_client/tests/data/gnupg/parameters-optional.asc rename to roles/backup_client/molecule/default/tests/data/gnupg/parameters-optional.asc diff --git a/roles/backup_client/tests/data/gnupg/private-additional_encryption_key_1.asc b/roles/backup_client/molecule/default/tests/data/gnupg/private-additional_encryption_key_1.asc similarity index 100% rename from roles/backup_client/tests/data/gnupg/private-additional_encryption_key_1.asc rename to roles/backup_client/molecule/default/tests/data/gnupg/private-additional_encryption_key_1.asc diff --git a/roles/backup_client/tests/data/gnupg/private-additional_encryption_key_2.asc b/roles/backup_client/molecule/default/tests/data/gnupg/private-additional_encryption_key_2.asc similarity index 100% rename from roles/backup_client/tests/data/gnupg/private-additional_encryption_key_2.asc rename to roles/backup_client/molecule/default/tests/data/gnupg/private-additional_encryption_key_2.asc diff --git a/roles/backup_client/tests/data/gnupg/private-additional_encryption_key_3.asc b/roles/backup_client/molecule/default/tests/data/gnupg/private-additional_encryption_key_3.asc similarity index 100% rename from roles/backup_client/tests/data/gnupg/private-additional_encryption_key_3.asc rename to roles/backup_client/molecule/default/tests/data/gnupg/private-additional_encryption_key_3.asc diff --git a/roles/backup_client/tests/data/ssh/parameters-mandatory b/roles/backup_client/molecule/default/tests/data/ssh/parameters-mandatory similarity index 100% rename from roles/backup_client/tests/data/ssh/parameters-mandatory rename to roles/backup_client/molecule/default/tests/data/ssh/parameters-mandatory diff --git a/roles/backup_client/tests/data/ssh/parameters-mandatory-known_hosts b/roles/backup_client/molecule/default/tests/data/ssh/parameters-mandatory-known_hosts similarity index 100% rename from roles/backup_client/tests/data/ssh/parameters-mandatory-known_hosts rename to roles/backup_client/molecule/default/tests/data/ssh/parameters-mandatory-known_hosts diff --git a/roles/backup_client/tests/data/ssh/parameters-mandatory.pub b/roles/backup_client/molecule/default/tests/data/ssh/parameters-mandatory.pub similarity index 100% rename from roles/backup_client/tests/data/ssh/parameters-mandatory.pub rename to roles/backup_client/molecule/default/tests/data/ssh/parameters-mandatory.pub diff --git a/roles/backup_client/tests/data/ssh/parameters-optional b/roles/backup_client/molecule/default/tests/data/ssh/parameters-optional similarity index 100% rename from roles/backup_client/tests/data/ssh/parameters-optional rename to roles/backup_client/molecule/default/tests/data/ssh/parameters-optional diff --git a/roles/backup_client/tests/data/ssh/parameters-optional-known_hosts b/roles/backup_client/molecule/default/tests/data/ssh/parameters-optional-known_hosts similarity index 100% rename from roles/backup_client/tests/data/ssh/parameters-optional-known_hosts rename to roles/backup_client/molecule/default/tests/data/ssh/parameters-optional-known_hosts diff --git a/roles/backup_client/tests/data/ssh/parameters-optional.pub b/roles/backup_client/molecule/default/tests/data/ssh/parameters-optional.pub similarity index 100% rename from roles/backup_client/tests/data/ssh/parameters-optional.pub rename to roles/backup_client/molecule/default/tests/data/ssh/parameters-optional.pub diff --git a/roles/backup_client/tests/data/ssh/server_dsa b/roles/backup_client/molecule/default/tests/data/ssh/server_dsa similarity index 100% rename from roles/backup_client/tests/data/ssh/server_dsa rename to roles/backup_client/molecule/default/tests/data/ssh/server_dsa diff --git a/roles/backup_client/tests/data/ssh/server_dsa.pub b/roles/backup_client/molecule/default/tests/data/ssh/server_dsa.pub similarity index 100% rename from roles/backup_client/tests/data/ssh/server_dsa.pub rename to roles/backup_client/molecule/default/tests/data/ssh/server_dsa.pub diff --git a/roles/backup_client/tests/data/ssh/server_ecdsa b/roles/backup_client/molecule/default/tests/data/ssh/server_ecdsa similarity index 100% rename from roles/backup_client/tests/data/ssh/server_ecdsa rename to roles/backup_client/molecule/default/tests/data/ssh/server_ecdsa diff --git a/roles/backup_client/tests/data/ssh/server_ecdsa.pub b/roles/backup_client/molecule/default/tests/data/ssh/server_ecdsa.pub similarity index 100% rename from roles/backup_client/tests/data/ssh/server_ecdsa.pub rename to roles/backup_client/molecule/default/tests/data/ssh/server_ecdsa.pub diff --git a/roles/backup_client/tests/data/ssh/server_ed25519 b/roles/backup_client/molecule/default/tests/data/ssh/server_ed25519 similarity index 100% rename from roles/backup_client/tests/data/ssh/server_ed25519 rename to roles/backup_client/molecule/default/tests/data/ssh/server_ed25519 diff --git a/roles/backup_client/tests/data/ssh/server_ed25519.pub b/roles/backup_client/molecule/default/tests/data/ssh/server_ed25519.pub similarity index 100% rename from roles/backup_client/tests/data/ssh/server_ed25519.pub rename to roles/backup_client/molecule/default/tests/data/ssh/server_ed25519.pub diff --git a/roles/backup_client/tests/data/ssh/server_rsa b/roles/backup_client/molecule/default/tests/data/ssh/server_rsa similarity index 100% rename from roles/backup_client/tests/data/ssh/server_rsa rename to roles/backup_client/molecule/default/tests/data/ssh/server_rsa diff --git a/roles/backup_client/tests/data/ssh/server_rsa.pub b/roles/backup_client/molecule/default/tests/data/ssh/server_rsa.pub similarity index 100% rename from roles/backup_client/tests/data/ssh/server_rsa.pub rename to roles/backup_client/molecule/default/tests/data/ssh/server_rsa.pub diff --git a/roles/backup_client/tests/test_default.py b/roles/backup_client/molecule/default/tests/test_default.py similarity index 67% rename from roles/backup_client/tests/test_default.py rename to roles/backup_client/molecule/default/tests/test_default.py index b2e853f037efae28b22dcc671eb565b42d063af5..7a584c24034d4b6daf4a9a5f80ff27c7b220da4b 100644 --- a/roles/backup_client/tests/test_default.py +++ b/roles/backup_client/molecule/default/tests/test_default.py @@ -2,26 +2,26 @@ import testinfra.utils.ansible_runner testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( - '.molecule/ansible_inventory').get_hosts('all') + '.molecule/ansible_inventory.yml').get_hosts('all') testinfra_hosts.remove('backup-server') -def test_installed_packages(Package): +def test_installed_packages(host): """ Tests if the necessary packages are installed. """ - assert Package('python-pexpect').is_installed - assert Package('duply').is_installed - assert Package('duplicity').is_installed + assert host.package('python-pexpect').is_installed + assert host.package('duply').is_installed + assert host.package('duplicity').is_installed -def test_duply_directories(File, Sudo): +def test_duply_directories(host): """ Tests if Duply directories have been set-up correctly. """ - with Sudo(): + with host.sudo(): for directory_path in ["/etc/duply", "/etc/duply/main", @@ -30,7 +30,7 @@ def test_duply_directories(File, Sudo): "/etc/duply/main/ssh", "/var/cache/duply", "/var/cache/duply/main"]: - directory = File(directory_path) + directory = host.file(directory_path) assert directory.is_directory assert directory.user == 'root' @@ -38,15 +38,15 @@ def test_duply_directories(File, Sudo): assert directory.mode == 0o700 -def test_gnupg_private_keys_file(File, Sudo): +def test_gnupg_private_keys_file(host): """ Tests if file containing GnuPG private keys has been created and has correct permissions. """ - with Sudo(): + with host.sudo(): - gnupg_private_keys = File('/etc/duply/main/private_keys.asc') + gnupg_private_keys = host.file('/etc/duply/main/private_keys.asc') assert gnupg_private_keys.is_file assert gnupg_private_keys.user == 'root' @@ -54,15 +54,15 @@ def test_gnupg_private_keys_file(File, Sudo): assert gnupg_private_keys.mode == 0o600 -def test_gnupg_public_keys_file(File, Sudo): +def test_gnupg_public_keys_file(host): """ Tests if file containing additional GnuPG public keys used for encryption has been created and has correct permissions. """ - with Sudo(): + with host.sudo(): - gnupg_public_keys = File('/etc/duply/main/public_keys.asc') + gnupg_public_keys = host.file('/etc/duply/main/public_keys.asc') assert gnupg_public_keys.is_file assert gnupg_public_keys.user == 'root' @@ -70,15 +70,15 @@ def test_gnupg_public_keys_file(File, Sudo): assert gnupg_public_keys.mode == 0o600 -def test_private_ssh_key_file(File, Sudo): +def test_private_ssh_key_file(host): """ Tests if the file containing client SSH key used for logging-in into the backup server has been deployed and has correct permissions. """ - with Sudo(): + with host.sudo(): - ssh_key = File('/etc/duply/main/ssh/identity') + ssh_key = host.file('/etc/duply/main/ssh/identity') assert ssh_key.is_file assert ssh_key.user == 'root' @@ -86,15 +86,15 @@ def test_private_ssh_key_file(File, Sudo): assert ssh_key.mode == 0o600 -def test_known_hosts(File, Sudo): +def test_known_hosts(host): """ Tests if the Duply known_hosts file has been deployed and has correct permissions. """ - with Sudo(): + with host.sudo(): - known_hosts = File('/etc/duply/main/ssh/known_hosts') + known_hosts = host.file('/etc/duply/main/ssh/known_hosts') assert known_hosts.is_file assert known_hosts.user == 'root' @@ -102,15 +102,15 @@ def test_known_hosts(File, Sudo): assert known_hosts.mode == 0o600 -def test_duply_configuration(File, Sudo): +def test_duply_configuration(host): """ Tests if Duply configuraiton file has been deployed and has correct file permissions. """ - with Sudo(): + with host.sudo(): - duply_configuration = File('/etc/duply/main/conf') + duply_configuration = host.file('/etc/duply/main/conf') assert duply_configuration.is_file assert duply_configuration.user == 'root' @@ -118,11 +118,11 @@ def test_duply_configuration(File, Sudo): assert duply_configuration.mode == 0o600 -def test_exclude_file(File, Sudo): +def test_exclude_file(host): - with Sudo(): + with host.sudo(): - exclude = File('/etc/duply/main/exclude') + exclude = host.file('/etc/duply/main/exclude') assert exclude.is_file assert exclude.user == 'root' @@ -131,11 +131,11 @@ def test_exclude_file(File, Sudo): assert exclude.content == "- **" -def test_pre_backup_script_directory(File, Sudo): +def test_pre_backup_script_directory(host): - with Sudo(): + with host.sudo(): - pre_backup_dir = File('/etc/duply/main/pre.d') + pre_backup_dir = host.file('/etc/duply/main/pre.d') assert pre_backup_dir.is_directory assert pre_backup_dir.user == 'root' @@ -143,15 +143,15 @@ def test_pre_backup_script_directory(File, Sudo): assert pre_backup_dir.mode == 0o700 -def test_pre_backup_script(File, Sudo): +def test_pre_backup_script(host): """ Tests if the script used for running pre-backup handles has been deployed and has correct permissions.x """ - with Sudo(): + with host.sudo(): - pre_backup_script = File('/etc/duply/main/pre') + pre_backup_script = host.file('/etc/duply/main/pre') assert pre_backup_script.is_file assert pre_backup_script.user == 'root' @@ -159,12 +159,12 @@ def test_pre_backup_script(File, Sudo): assert pre_backup_script.mode == 0o700 -def test_cron_entry(File): +def test_cron_entry(host): """ Tests if cron job has been correctly set-up for running backups. """ - cron = File('/etc/cron.d/backup') + cron = host.file('/etc/cron.d/backup') assert cron.is_file assert cron.user == 'root' @@ -173,14 +173,14 @@ def test_cron_entry(File): assert cron.content == "#Ansible: backup\n0 2 * * * root /usr/bin/duply main backup" -def test_duply_include_file(File, Sudo): +def test_duply_include_file(host): """ Tests include file existence and permissions. """ - with Sudo(): + with host.sudo(): - include = File('/etc/duply/main/include') + include = host.file('/etc/duply/main/include') assert include.is_file assert include.user == 'root' @@ -188,26 +188,26 @@ def test_duply_include_file(File, Sudo): assert include.mode == 0o600 -def test_backup_and_restore(Ansible, Command, File, Sudo): +def test_backup_and_restore(host): """ Tests a simple backup and restore to a directory. Includes tests for checking if the pre-backup handles are run correctly. """ - with Sudo(): + with host.sudo(): # Remove this file so we can be sure the pre-backup script has been run. - Ansible("file", "path=/var/lib/pre-backup-test state=absent") + host.ansible("file", "path=/var/lib/pre-backup-test state=absent") - backup_run = Command('duply main backup') + backup_run = host.run('duply main backup') assert backup_run.rc == 0 - assert File('/var/lib/pre-backup-test').is_file + assert host.file('/var/lib/pre-backup-test').is_file # Remove restore directory in order to make sure restore has worked # correctly. - Ansible("file", "path=/root/restore state=absent") + host.ansible("file", "path=/root/restore state=absent") - restore_run = Command('duply main restore /root/restore') + restore_run = host.run('duply main restore /root/restore') assert restore_run.rc == 0 - assert File('/root/restore').is_directory + assert host.file('/root/restore').is_directory diff --git a/roles/backup_client/tests/test_parameters_mandatory.py b/roles/backup_client/molecule/default/tests/test_parameters_mandatory.py similarity index 69% rename from roles/backup_client/tests/test_parameters_mandatory.py rename to roles/backup_client/molecule/default/tests/test_parameters_mandatory.py index b15c0e2b2edcd2a3bc8b6adeec91931b84833b79..64217717f2fb10d5f26ef671d749fe7a2661e818 100644 --- a/roles/backup_client/tests/test_parameters_mandatory.py +++ b/roles/backup_client/molecule/default/tests/test_parameters_mandatory.py @@ -2,93 +2,93 @@ import testinfra.utils.ansible_runner testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( - '.molecule/ansible_inventory').get_hosts('parameters-mandatory') + '.molecule/ansible_inventory.yml').get_hosts('parameters-mandatory') -def test_gnupg_private_keys_file_content(File, Sudo): +def test_gnupg_private_keys_file_content(host): """ Tests if correct GnuPG private key used for encryption and signing has been deployed. """ - with Sudo(): - gnupg_private_keys = File('/etc/duply/main/private_keys.asc') + with host.sudo(): + gnupg_private_keys = host.file('/etc/duply/main/private_keys.asc') assert gnupg_private_keys.content == open('tests/data/gnupg/parameters-mandatory.asc', 'r').read().strip() -def test_gnupg_public_keys_file_content(File, Sudo): +def test_gnupg_public_keys_file_content(host): """ Tests if no additional public GnuPG keys have been deployed (should be default without optional parameters). """ - with Sudo(): - gnupg_public_keys = File('/etc/duply/main/public_keys.asc') + with host.sudo(): + gnupg_public_keys = host.file('/etc/duply/main/public_keys.asc') assert gnupg_public_keys.content == "" -def test_backup_ssh_key_file_content(File, Sudo): +def test_backup_ssh_key_file_content(host): """ Tests if correct key has been deployed for SSH client authentication. """ - with Sudo(): + with host.sudo(): - ssh_key = File('/etc/duply/main/ssh/identity') + ssh_key = host.file('/etc/duply/main/ssh/identity') assert ssh_key.content == open('tests/data/ssh/parameters-mandatory', 'r').read().strip() -def test_known_hosts_content(File, Sudo): +def test_known_hosts_content(host): """ Tests if known hosts file has been set-up with correct content. """ - with Sudo(): + with host.sudo(): - known_hosts = File('/etc/duply/main/ssh/known_hosts') + known_hosts = host.file('/etc/duply/main/ssh/known_hosts') assert known_hosts.content == open('tests/data/ssh/parameters-mandatory-known_hosts', 'r').read().rstrip() -def test_duply_configuration_content(Ansible, File, Sudo): +def test_duply_configuration_content(host): """ Tests if duply configuration has been set-up correctly. """ - with Sudo(): + with host.sudo(): - ansible_facts = Ansible("setup")["ansible_facts"] + ansible_facts = host.ansible("setup")["ansible_facts"] - duply_configuration = File('/etc/duply/main/conf') + duply_configuration = host.file('/etc/duply/main/conf') if ansible_facts['ansible_distribution_release'] == 'jessie': assert "GPG_KEYS_ENC='1A129C54'" in duply_configuration.content assert "GPG_KEY_SIGN='1A129C54'" in duply_configuration.content - assert "TARGET='sftp://bak-parameters-mandatory@10.31.127.10:2222//duplicity'" in duply_configuration.content + assert "TARGET='sftp://bak-parameters-mandatory-j64@10.31.127.10:2222//duplicity'" in duply_configuration.content assert "DUPL_PARAMS=\"$DUPL_PARAMS --ssh-backend pexpect --ssh-options='-oLogLevel=ERROR -oUserKnownHostsFile=/dev/null " \ "-oGlobalKnownHostsFile=/etc/duply/main/ssh/known_hosts -oIdentityFile=/etc/duply/main/ssh/identity'\"" in duply_configuration.content elif ansible_facts['ansible_distribution_release'] == 'stretch': assert "GPG_KEYS_ENC='59C26F031A129C54'" in duply_configuration.content assert "GPG_KEY_SIGN='59C26F031A129C54'" in duply_configuration.content - assert "TARGET='pexpect+sftp://bak-parameters-mandatory@10.31.127.10:2222//duplicity'" in duply_configuration.content + assert "TARGET='pexpect+sftp://bak-parameters-mandatory-s64@10.31.127.10:2222//duplicity'" in duply_configuration.content assert "DUPL_PARAMS=\"$DUPL_PARAMS --ssh-options='-oLogLevel=ERROR -oUserKnownHostsFile=/dev/null " \ "-oGlobalKnownHostsFile=/etc/duply/main/ssh/known_hosts -oIdentityFile=/etc/duply/main/ssh/identity'\"" in duply_configuration.content else: raise Exception("Failed to execute content check for: %s" % ansible_facts['ansible_distribution_release']) -def test_duply_gnupg_keyring_private_keys(Ansible, Command, Sudo): +def test_duply_gnupg_keyring_private_keys(host): """ Tests if private key used for encryption/signing has been correctly imporeted into Duply GnuPG keyring. """ - with Sudo(): - ansible_facts = Ansible("setup")["ansible_facts"] + with host.sudo(): + ansible_facts = host.ansible("setup")["ansible_facts"] if ansible_facts['ansible_distribution_release'] == 'jessie': gpg_binary = 'gpg2' @@ -99,7 +99,7 @@ def test_duply_gnupg_keyring_private_keys(Ansible, Command, Sudo): else: raise Exception("Failed to execute check for distribution release: %s" % ansible_facts['ansible_distribution_release']) - private_key_listing = Command('%s --homedir /etc/duply/main/gnupg --list-public-keys' % gpg_binary) + private_key_listing = host.run('%s --homedir /etc/duply/main/gnupg --list-public-keys' % gpg_binary) assert private_key_listing.rc == 0 assert '59C26F031A129C54'[key_offset:] in private_key_listing.stdout diff --git a/roles/backup_client/tests/test_parameters_optional.py b/roles/backup_client/molecule/default/tests/test_parameters_optional.py similarity index 74% rename from roles/backup_client/tests/test_parameters_optional.py rename to roles/backup_client/molecule/default/tests/test_parameters_optional.py index 035f4adb9f4333ebb0ab9f52e5e0bcd8d9302510..afa6e847c5c91e184c5e35f12b809ebed94c4403 100644 --- a/roles/backup_client/tests/test_parameters_optional.py +++ b/roles/backup_client/molecule/default/tests/test_parameters_optional.py @@ -2,71 +2,71 @@ import testinfra.utils.ansible_runner testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( - '.molecule/ansible_inventory').get_hosts('parameters-optional') + '.molecule/ansible_inventory.yml').get_hosts('parameters-optional') -def test_gnupg_private_keys_file_content(File, Sudo): +def test_gnupg_private_keys_file_content(host): """ Tests if correct GnuPG private key used for encryption and signing has been deployed. """ - with Sudo(): - gnupg_private_keys = File('/etc/duply/main/private_keys.asc') + with host.sudo(): + gnupg_private_keys = host.file('/etc/duply/main/private_keys.asc') assert gnupg_private_keys.content == open('tests/data/gnupg/parameters-optional.asc', 'r').read().strip() -def test_gnupg_public_keys_file_content(File, Sudo): +def test_gnupg_public_keys_file_content(host): """ Tests if correct additional public GnuPG keys have been deployed. """ - with Sudo(): - gnupg_public_keys = File('/etc/duply/main/public_keys.asc') + with host.sudo(): + gnupg_public_keys = host.file('/etc/duply/main/public_keys.asc') assert open('tests/data/gnupg/additional_encryption_key_1.asc', 'r').read().strip() in gnupg_public_keys.content assert open('tests/data/gnupg/additional_encryption_key_2.asc', 'r').read().strip() in gnupg_public_keys.content assert open('tests/data/gnupg/additional_encryption_key_3.asc', 'r').read().strip() in gnupg_public_keys.content -def test_backup_ssh_key_file_content(File, Sudo): +def test_backup_ssh_key_file_content(host): """ Tests if correct key has been deployed for SSH client authentication. """ - with Sudo(): + with host.sudo(): - ssh_key = File('/etc/duply/main/ssh/identity') + ssh_key = host.file('/etc/duply/main/ssh/identity') assert ssh_key.content == open('tests/data/ssh/parameters-optional', 'r').read().strip() -def test_known_hosts_content(File, Sudo): +def test_known_hosts_content(host): """ Tests if known hosts file has been set-up with correct content. """ - with Sudo(): + with host.sudo(): - known_hosts = File('/etc/duply/main/ssh/known_hosts') + known_hosts = host.file('/etc/duply/main/ssh/known_hosts') assert known_hosts.content == open('tests/data/ssh/parameters-optional-known_hosts', 'r').read().rstrip() -def test_duply_configuration_content(Ansible, File, Sudo): +def test_duply_configuration_content(host): """ Tests if duply configuration has been set-up correctly. """ - with Sudo(): + with host.sudo(): - ansible_facts = Ansible("setup")["ansible_facts"] + ansible_facts = host.ansible("setup")["ansible_facts"] - duply_configuration = File('/etc/duply/main/conf') + duply_configuration = host.file('/etc/duply/main/conf') if ansible_facts['ansible_distribution_release'] == 'jessie': - assert "TARGET='sftp://backupuser@10.31.127.10:3333//home/backupuser'" in duply_configuration.content + assert "TARGET='sftp://backupuser@10.31.127.10:3333//duplicity/parameters-optional-j64'" in duply_configuration.content assert "DUPL_PARAMS=\"$DUPL_PARAMS --ssh-backend pexpect --ssh-options='-oLogLevel=ERROR -oUserKnownHostsFile=/dev/null " \ "-oGlobalKnownHostsFile=/etc/duply/main/ssh/known_hosts -oIdentityFile=/etc/duply/main/ssh/identity'\"" in duply_configuration.content assert "GPG_KEYS_ENC='7A4F400A,C3A9444B,28063B3F,71223B72'" in duply_configuration.content @@ -74,21 +74,21 @@ def test_duply_configuration_content(Ansible, File, Sudo): elif ansible_facts['ansible_distribution_release'] == 'stretch': assert "GPG_KEYS_ENC='C4B2AE9F7A4F400A,3093C91BC3A9444B,86816FD928063B3F,8A14CD6C71223B72'" in duply_configuration.content assert "GPG_KEY_SIGN='C4B2AE9F7A4F400A'" in duply_configuration.content - assert "TARGET='pexpect+sftp://backupuser@10.31.127.10:3333//home/backupuser'" in duply_configuration.content + assert "TARGET='pexpect+sftp://backupuser@10.31.127.10:3333//duplicity/parameters-optional-s64'" in duply_configuration.content assert "DUPL_PARAMS=\"$DUPL_PARAMS --ssh-options='-oLogLevel=ERROR -oUserKnownHostsFile=/dev/null " \ "-oGlobalKnownHostsFile=/etc/duply/main/ssh/known_hosts -oIdentityFile=/etc/duply/main/ssh/identity'\"" in duply_configuration.content else: raise Exception("Failed to execute check for distribution release: %s" % ansible_facts['ansible_distribution_release']) -def test_duply_gnupg_keyring_private_keys(Ansible, Command, Sudo): +def test_duply_gnupg_keyring_private_keys(host): """ Tests if private key used for encryption/signing has been correctly imporeted into Duply GnuPG keyring. """ - with Sudo(): - ansible_facts = Ansible("setup")["ansible_facts"] + with host.sudo(): + ansible_facts = host.ansible("setup")["ansible_facts"] if ansible_facts['ansible_distribution_release'] == 'jessie': gpg_binary = 'gpg2' @@ -99,20 +99,20 @@ def test_duply_gnupg_keyring_private_keys(Ansible, Command, Sudo): else: raise Exception("Failed to execute check for distribution release: %s" % ansible_facts['ansible_distribution_release']) - private_key_listing = Command('%s --homedir /etc/duply/main/gnupg --list-public-keys' % gpg_binary) + private_key_listing = host.run('%s --homedir /etc/duply/main/gnupg --list-public-keys' % gpg_binary) assert private_key_listing.rc == 0 assert 'C4B2AE9F7A4F400A'[key_offset:] in private_key_listing.stdout -def test_duply_gnupg_keyring_public_keys(Ansible, Command, Sudo): +def test_duply_gnupg_keyring_public_keys(host): """ Tests if additional public keys used for encryption have been correctly imporeted into Duply GnuPG keyring. """ - with Sudo(): - ansible_facts = Ansible("setup")["ansible_facts"] + with host.sudo(): + ansible_facts = host.ansible("setup")["ansible_facts"] if ansible_facts['ansible_distribution_release'] == 'jessie': gpg_binary = 'gpg2' @@ -123,7 +123,7 @@ def test_duply_gnupg_keyring_public_keys(Ansible, Command, Sudo): else: raise Exception("Failed to execute check for distribution release: %s" % ansible_facts['ansible_distribution_release']) - public_key_listing = Command('%s --homedir /etc/duply/main/gnupg --list-public-keys' % gpg_binary) + public_key_listing = host.run('%s --homedir /etc/duply/main/gnupg --list-public-keys' % gpg_binary) keys = ['3093C91BC3A9444B', '86816FD928063B3F', '8A14CD6C71223B72'] diff --git a/roles/backup_client/playbook.yml b/roles/backup_client/playbook.yml deleted file mode 100644 index 68d6493dac6bf34c8f3fb1055ad7ee7518ae82a7..0000000000000000000000000000000000000000 --- a/roles/backup_client/playbook.yml +++ /dev/null @@ -1,116 +0,0 @@ ---- - -- hosts: all - tasks: - - - name: Update all caches to avoid errors due to missing remote archives - apt: - update_cache: yes - changed_when: False - -- hosts: backup-server - tasks: - - - name: Deploy SSH server keys - copy: - content: "{{ lookup('file', item.key) + '\n' }}" - dest: "{{ item.value }}" - owner: root - group: root - mode: 0600 - with_dict: - tests/data/ssh/server_dsa: /etc/ssh/ssh_host_dsa_key - tests/data/ssh/server_rsa: /etc/ssh/ssh_host_rsa_key - tests/data/ssh/server_ed25519: /etc/ssh/ssh_host_ed25519_key - tests/data/ssh/server_ecdsa: /etc/ssh/ssh_host_ecdsa_key - notify: - - Restart ssh - - - name: Set-up backup user groups - group: - name: "{{ item.name }}" - with_items: "{{ backup_users }}" - - - name: Set-up backup users - user: - name: "{{ item.name }}" - group: "{{ item.name }}" - with_items: "{{ backup_users }}" - - - name: Set-up authorised keys - authorized_key: - user: "{{ item.name }}" - key: "{{ item.key }}" - with_items: "{{ backup_users }}" - - - name: Set-up port forwarding - command: "iptables -t nat -A PREROUTING -p tcp -m tcp --dport '{{ item }}' -j REDIRECT --to-ports 22" - changed_when: False - with_items: - - 2222 - - 3333 - - - name: Set-up directory for parameters-mandatory backups - file: - path: /duplicity - state: directory - owner: bak-parameters-mandatory - group: bak-parameters-mandatory - mode: 0700 - - handlers: - - name: Restart ssh - service: - name: ssh - state: restarted - - vars: - backup_users: - - name: bak-parameters-mandatory - key: "{{ lookup('file', 'tests/data/ssh/parameters-mandatory.pub') }}" - - name: backupuser - key: "{{ lookup('file', 'tests/data/ssh/parameters-optional.pub') }}" - -- hosts: parameters-mandatory - roles: - - role: backup_client - backup_encryption_key: "{{ lookup('file', 'tests/data/gnupg/parameters-mandatory.asc') }}" - backup_server: 10.31.127.10 - backup_server_host_ssh_public_keys: - - "{{ lookup('file', 'tests/data/ssh/server_dsa.pub') }}" - - "{{ lookup('file', 'tests/data/ssh/server_rsa.pub') }}" - - "{{ lookup('file', 'tests/data/ssh/server_ed25519.pub') }}" - - "{{ lookup('file', 'tests/data/ssh/server_ecdsa.pub') }}" - backup_ssh_key: "{{ lookup('file', 'tests/data/ssh/parameters-mandatory' ) }}" - -- hosts: parameters-optional - roles: - - role: backup_client - backup_additional_encryption_keys: - - "{{ lookup('file', 'tests/data/gnupg/additional_encryption_key_1.asc') }}" - - "{{ lookup('file', 'tests/data/gnupg/additional_encryption_key_2.asc') }}" - - "{{ lookup('file', 'tests/data/gnupg/additional_encryption_key_3.asc') }}" - backup_client_username: backupuser - backup_encryption_key: "{{ lookup('file', 'tests/data/gnupg/parameters-optional.asc') }}" - backup_server: 10.31.127.10 - backup_server_destination: "/home/backupuser" - backup_server_host_ssh_public_keys: - - "{{ lookup('file', 'tests/data/ssh/server_dsa.pub') }}" - - "{{ lookup('file', 'tests/data/ssh/server_rsa.pub') }}" - - "{{ lookup('file', 'tests/data/ssh/server_ed25519.pub') }}" - - "{{ lookup('file', 'tests/data/ssh/server_ecdsa.pub') }}" - backup_server_port: 3333 - backup_ssh_key: "{{ lookup('file', 'tests/data/ssh/parameters-optional' ) }}" - - -# Deploy a dummy pre-backup script for testing purposes. -- hosts: parameters-mandatory,parameters-optional - tasks: - - - name: Deploy pre-backup script - copy: - src: tests/data/10-test-pre-backup.sh - dest: /etc/duply/main/pre.d/10-test-pre-backup.sh - owner: root - group: root - mode: 0700