majic-ansible-roles Changeset

Changeset - 0bbda2001d43

Parent rev.

Child rev.

[Not reviewed]

1 5 0

Branko Majic (branko) - 5 months ago 2023-11-30 23:31:47
branko@majic.rs

MAR-189: Added support for Debian 11 Bullseye to ldap_server role.

6 files changed with 66 insertions and 40 deletions:

docs/rolereference.rst

roles/ldap_server/meta/main.yml

roles/ldap_server/molecule/default/molecule.yml

roles/ldap_server/molecule/default/prepare.yml

roles/ldap_server/molecule/default/tests/test_default.py

roles/ldap_server/molecule/default/tests/test_default_buster.py

0 comments (0 inline, 0 general)

docs/rolereference.rst

➞

Show inline comments

@@ @@ -809,6 +809,7 @@ Distribution compatibility @@
 Role is compatible with the following distributions:
 - Debian 10 (Buster)
 - Debian 11 (Bullseye)
 Examples

roles/ldap_server/meta/main.yml

➞

Show inline comments

@@ @@ -18,3 +18,4 @@ galaxy_info: @@
     - name: Debian
       versions:
         - 10
         - 11

roles/ldap_server/molecule/default/molecule.yml

➞

Show inline comments

@@ @@ -49,6 +49,31 @@ platforms: @@
         network_name: private_network
         type: static
   - name: parameters-mandatory-bullseye
     groups:
       - parameters-mandatory
     box: debian/bullseye64
     memory: 256
     cpus: 1
     interfaces:
       - auto_config: true
         ip: 192.168.56.31
         network_name: private_network
         type: static
   - name: parameters-optional-bullseye
     groups:
       - parameters-optional
       - backup-server
     box: debian/bullseye64
     memory: 256
     cpus: 1
     interfaces:
       - auto_config: true
         ip: 192.168.56.32
         network_name: private_network
         type: static
 provisioner:
   name: ansible
   playbooks:

roles/ldap_server/molecule/default/prepare.yml

➞

Show inline comments

@@ @@ -27,6 +27,10 @@ @@
           fqdn: parameters-mandatory
         - name: parameters-optional-buster_ldap
           fqdn: parameters-optional
         - name: parameters-mandatory-bullseye_ldap
           fqdn: parameters-mandatory
         - name: parameters-optional-bullseye_ldap
           fqdn: parameters-optional
     - name: Set-up link to generated X.509 material
       file:
@@ @@ -81,6 +85,8 @@ @@
       with_dict:
 .168.56.21: parameters-mandatory-buster
 .168.56.22: parameters-optional-buster
 .168.56.31: parameters-mandatory-bullseye
 .168.56.32: parameters-optional-bullseye
 - hosts: parameters-optional
   become: true

roles/ldap_server/molecule/default/tests/test_default.py

➞

Show inline comments

@@ @@ -251,3 +251,36 @@ def test_ldap_server_dh_parameter_file(host): @@
         dhparam_info = host.run("openssl dhparam -noout -text -in %s", dhparam_file_path)
         assert "DH Parameters: (2048 bit)" in dhparam_info.stdout
 def test_ldap_server_uses_correct_dh_parameters(host):
     """
     Tests if the LDAP server uses the generated Diffie-Hellman
     parameter.
     """
     # Technically we should be testing here against deployed DH
     # parameters file, however... When linked against GnuTLS, slapd
     # seems to only take into account the size of pointed-to DH
     # parameters, and then picks one of the parameters from the
     # RFC-7919 (https://www.ietf.org/rfc/rfc7919.txt)
     # instead. Therefore we list here the 2048-bit DH parameter from
     # the RFC instead.
     expected_dhparam = """-----BEGIN DH PARAMETERS-----
 MIIBCAKCAQEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz
 +8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a
 VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7
 YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi
 MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD
 ssbzSibBsu/6iGtCOGEoXJf//////////wIBAg==
 -----END DH PARAMETERS-----"""
     connection = host.run("gnutls-cli --no-ca-verification --starttls-proto=ldap --port 389 "
                           "--priority 'NONE:+VERS-TLS1.2:+CTYPE-X509:+COMP-NULL:+SIGN-RSA-SHA384:+DHE-RSA:+SHA384:+AEAD:+AES-256-GCM' --verbose localhost")
     output = connection.stdout
     begin_marker = "-----BEGIN DH PARAMETERS-----"
     end_marker = "-----END DH PARAMETERS-----"
     used_dhparam = output[output.find(begin_marker):output.find(end_marker) + len(end_marker)]
     assert used_dhparam == expected_dhparam

roles/ldap_server/molecule/default/tests/test_default_buster.py

➞

Show inline comments

deleted file

0 comments (0 inline, 0 general)