majic-ansible-roles Changeset

Changeset - 2ada86e90026

Parent rev.

Child rev.

[Not reviewed]

0 12 3

Branko Majic (branko) - 7 years ago 2018-06-03 11:34:50
branko@majic.rs

MAR-129: Updated xmpp_server role for Ansible 2.5.x and new Molecule:

- Include top-level lint configuration in test configuration.
- Fixed linting errors.
- Moved test playbook variables into group_vars and host_vars.
- Fixed deprecation warnings from Ansible.
- Updated how hosts are referenced within tests.

15 files changed with 188 insertions and 173 deletions:

roles/xmpp_server/defaults/main.yml

roles/xmpp_server/molecule/default/create.yml

roles/xmpp_server/molecule/default/destroy.yml

roles/xmpp_server/molecule/default/group_vars/parameters-mandatory.yml

roles/xmpp_server/molecule/default/group_vars/parameters-optional.yml

roles/xmpp_server/molecule/default/host_vars/ldap-server.yml

roles/xmpp_server/molecule/default/molecule.yml

roles/xmpp_server/molecule/default/playbook.yml

roles/xmpp_server/molecule/default/prepare.yml

109

roles/xmpp_server/molecule/default/tests/test_backup.py

roles/xmpp_server/molecule/default/tests/test_client.py

roles/xmpp_server/molecule/default/tests/test_default.py

roles/xmpp_server/molecule/default/tests/test_mandatory.py

roles/xmpp_server/molecule/default/tests/test_optional.py

roles/xmpp_server/tasks/main.yml

0 comments (0 inline, 0 general)

roles/xmpp_server/defaults/main.yml

➞

Show inline comments

 ---
-enable_backup: False
+enable_backup: false
 xmpp_domains:
   - "{{ ansible_domain }}"
 xmpp_tls_certificate: "{{ lookup('file', tls_certificate_dir + '/' + ansible_fqdn + '_xmpp.pem') }}"
 xmpp_tls_key: "{{ lookup('file', tls_private_key_dir + '/' + ansible_fqdn + '_xmpp.key') }}"

roles/xmpp_server/molecule/default/create.yml

➞

Show inline comments

 ---
 - name: Create
   hosts: localhost
   connection: local
-  gather_facts: False
+  gather_facts: false
   no_log: "{{ not lookup('env', 'MOLECULE_DEBUG') | bool }}"
   vars:
     molecule_file: "{{ lookup('env', 'MOLECULE_FILE') }}"
     molecule_instance_config: "{{ lookup('env', 'MOLECULE_INSTANCE_CONFIG') }}"
     molecule_yml: "{{ lookup('file', molecule_file) | molecule_from_yaml }}"
   tasks:

roles/xmpp_server/molecule/default/destroy.yml

➞

Show inline comments

 ---
 - name: Destroy
   hosts: localhost
   connection: local
-  gather_facts: False
+  gather_facts: false
   no_log: "{{ not lookup('env', 'MOLECULE_DEBUG') | bool }}"
   vars:
     molecule_file: "{{ lookup('env', 'MOLECULE_FILE') }}"
     molecule_instance_config: "{{ lookup('env',' MOLECULE_INSTANCE_CONFIG') }}"
     molecule_yml: "{{ lookup('file', molecule_file) | molecule_from_yaml }}"
   tasks:

roles/xmpp_server/molecule/default/group_vars/parameters-mandatory.yml

➞

Show inline comments

@@ new file 100644 @@
 ---
 xmpp_administrators:
   - john.doe@domain1
 xmpp_ldap_base_dn: dc=local
 xmpp_ldap_password: prosodypassword
 xmpp_ldap_server: ldap-server
 # Common parameters (general, not role).
 tls_certificate_dir: tests/data/x509/
 tls_private_key_dir: tests/data/x509/
 # common
 ca_certificates:
   testca: "{{ lookup('file', 'tests/data/x509/ca.cert.pem') }}"

roles/xmpp_server/molecule/default/group_vars/parameters-optional.yml

➞

Show inline comments

@@ new file 100644 @@
 ---
 xmpp_administrators:
   - jane.doe@domain2
   - mick.doe@domain3
 xmpp_domains:
   - domain2
   - domain3
 xmpp_ldap_base_dn: dc=local
 xmpp_ldap_password: prosodypassword
 xmpp_ldap_server: ldap-server
 xmpp_tls_certificate: "{{ lookup('file', 'tests/data/x509/parameters-optional_xmpp.cert.pem') }}"
 xmpp_tls_key: "{{ lookup('file', 'tests/data/x509/parameters-optional_xmpp.key.pem') }}"
 # Common parameters (general, not role).
 tls_certificate_dir: tests/data/x509/
 tls_private_key_dir: tests/data/x509/
 # common
 ca_certificates:
   testca: "{{ lookup('file', 'tests/data/x509/ca.cert.pem') }}"
 # backup_client
 enable_backup: true
 backup_client_username: bak-parameters-optional
 backup_encryption_key: "{{ lookup('file', 'tests/data/gnupg/parameters-optional.asc') }}"
 backup_server: backup-server
 backup_server_host_ssh_public_keys:
   - "{{ lookup('file', 'tests/data/ssh/server_dsa.pub') }}"
   - "{{ lookup('file', 'tests/data/ssh/server_rsa.pub') }}"
   - "{{ lookup('file', 'tests/data/ssh/server_ed25519.pub') }}"
   - "{{ lookup('file', 'tests/data/ssh/server_ecdsa.pub') }}"
 backup_ssh_key: "{{ lookup('file', 'tests/data/ssh/parameters-optional' ) }}"

roles/xmpp_server/molecule/default/host_vars/ldap-server.yml

➞

Show inline comments

@@ new file 100644 @@
 ---
 # ldap_server role.
 ldap_admin_password: admin
 ldap_entries:
   # Users
   - dn: uid=john,ou=people,dc=local
     attributes:
       objectClass:
         - inetOrgPerson
         - simpleSecurityObject
       userPassword: johnpassword
       uid: john
       cn: John Doe
       sn: Doe
       mail: john.doe@domain1
   - dn: uid=jane,ou=people,dc=local
     attributes:
       objectClass:
         - inetOrgPerson
         - simpleSecurityObject
       userPassword: janepassword
       uid: jane
       cn: Jane Doe
       sn: Doe
       mail: jane.doe@domain2
   - dn: uid=mick,ou=people,dc=local
     attributes:
       objectClass:
         - inetOrgPerson
         - simpleSecurityObject
       userPassword: mickpassword
       uid: mick
       cn: Mick Doe
       sn: Doe
       mail: mick.doe@domain3
   - dn: uid=noxmpp,ou=people,dc=local
     attributes:
       objectClass:
         - inetOrgPerson
         - simpleSecurityObject
       userPassword: noxmpppassword
       uid: noxmpp
       cn: No XMPP
       sn: XMPP
       mail: noxmpp@domain1
   # Groups
   - dn: "cn=xmpp,ou=groups,dc=local"
     state: append
     attributes:
       uniqueMember:
         - uid=john,ou=people,dc=local
         - uid=jane,ou=people,dc=local
         - uid=mick,ou=people,dc=local
 ldap_server_consumers:
   - name: prosody
     password: prosodypassword
 ldap_server_domain: "local"
 ldap_server_groups:
   - name: xmpp
 ldap_server_organization: "Example"
 ldap_server_tls_certificate: "{{ lookup('file', 'tests/data/x509/ldap-server_ldap.cert.pem') }}"
 ldap_server_tls_key: "{{ lookup('file', 'tests/data/x509/ldap-server_ldap.key.pem') }}"
 # common
 ca_certificates:
   testca: "{{ lookup('file', 'tests/data/x509/ca.cert.pem') }}"
 # ldap_client
 ldap_client_config:
   - comment: CA truststore
     option: TLS_CACERT
     value: /etc/ssl/certs/testca.cert.pem
   - comment: Ensure TLS is enforced
     option: TLS_REQCERT
     value: demand
   - comment: Base DN
     option: BASE
     value: dc=local
   - comment: URI
     option: URI
     value: ldapi:///
 # backup_server role.
 backup_host_ssh_private_keys:
   dsa: "{{ lookup('file', 'tests/data/ssh/server_dsa') }}"
   rsa: "{{ lookup('file', 'tests/data/ssh/server_rsa') }}"
   ed25519: "{{ lookup('file', 'tests/data/ssh/server_ed25519') }}"
   ecdsa: "{{ lookup('file', 'tests/data/ssh/server_ecdsa') }}"
 backup_clients:
   - server: parameters-optional
     ip: 10.31.127.31
     public_key: "{{ lookup('file', 'tests/data/ssh/parameters-optional.pub') }}"

roles/xmpp_server/molecule/default/molecule.yml

➞

Show inline comments

@@ @@ -6,12 +6,14 @@ driver: @@
   name: vagrant
   provider:
     name: virtualbox
 lint:
   name: yamllint
   options:
     config-file: ../../.yamllint.yml
 platforms:
   - name: ldap-server
     box: debian/contrib-jessie64
     memory: 512

roles/xmpp_server/molecule/default/playbook.yml

➞

Show inline comments

 ---
 - hosts: parameters-mandatory
   become: yes
 - hosts: parameters-mandatory,parameters-optional
   become: true
   roles:
     - role: xmpp_server
       xmpp_administrators:
         - john.doe@domain1
       xmpp_ldap_base_dn: dc=local
       xmpp_ldap_password: prosodypassword
       xmpp_ldap_server: ldap-server
       # Common parameters (general, not role).
       tls_certificate_dir: tests/data/x509/
       tls_private_key_dir: tests/data/x509/
       # common
       ca_certificates:
         testca: "{{ lookup('file', 'tests/data/x509/ca.cert.pem') }}"
 - hosts: parameters-optional
   become: yes
   roles:
     - role: xmpp_server
       xmpp_administrators:
         - jane.doe@domain2
         - mick.doe@domain3
       xmpp_domains:
         - domain2
         - domain3
       xmpp_ldap_base_dn: dc=local
       xmpp_ldap_password: prosodypassword
       xmpp_ldap_server: ldap-server
       xmpp_tls_certificate: "{{ lookup('file', 'tests/data/x509/parameters-optional_xmpp.cert.pem') }}"
       xmpp_tls_key: "{{ lookup('file', 'tests/data/x509/parameters-optional_xmpp.key.pem') }}"
       # Common parameters (general, not role).
       tls_certificate_dir: tests/data/x509/
       tls_private_key_dir: tests/data/x509/
       # common
       ca_certificates:
         testca: "{{ lookup('file', 'tests/data/x509/ca.cert.pem') }}"
       # backup_client
       enable_backup: yes
       backup_client_username: bak-parameters-optional
       backup_encryption_key: "{{ lookup('file', 'tests/data/gnupg/parameters-optional.asc') }}"
       backup_server: backup-server
       backup_server_host_ssh_public_keys:
         - "{{ lookup('file', 'tests/data/ssh/server_dsa.pub') }}"
         - "{{ lookup('file', 'tests/data/ssh/server_rsa.pub') }}"
         - "{{ lookup('file', 'tests/data/ssh/server_ed25519.pub') }}"
         - "{{ lookup('file', 'tests/data/ssh/server_ecdsa.pub') }}"
       backup_ssh_key: "{{ lookup('file', 'tests/data/ssh/parameters-optional' ) }}"
     - xmpp_server

roles/xmpp_server/molecule/default/prepare.yml

➞

Show inline comments

 ---
 - name: Prepare
   hosts: all
-  gather_facts: False
+  gather_facts: false
   tasks:
     - name: Install python for Ansible
       raw: test -e /usr/bin/python || (apt -y update && apt install -y python-minimal)
       become: True
       changed_when: False
       become: true
       changed_when: false
 - hosts: all
-  become: yes
+  become: true
   tasks:
     - name: Update all caches to avoid errors due to missing remote archives
       apt:
         update_cache: yes
       changed_when: False
         update_cache: true
       changed_when: false
     - name: Set-up the hosts file
       lineinfile:
         path: /etc/hosts
         regexp: "^{{ item.key }}"
         line: "{{ item.key }} {{ item.value }}"
@@ @@ -31,19 +31,19 @@ @@
 .31.127.10: "ldap-server backup-server"
 .31.127.20: "client1"
 .31.127.30: "parameters-mandatory domain1 proxy.domain1 conference.domain1"
 .31.127.31: "parameters-optional domain2 proxy.domain2 conference.domain2 domain3 proxy.domain3 conference.domain3"
 - hosts: client1
-  become: yes
+  become: true
   tasks:
     - name: Install tool for testing TCP connectivity
       apt:
         name: hping3
-        state: installed
+        state: present
     - name: Deploy CA certificate
       copy:
         src: tests/data/x509/ca.cert.pem
         dest: /usr/local/share/ca-certificates/testca.crt
         owner: root
@@ @@ -52,18 +52,18 @@ @@
       notify:
         - Update CA certificate cache
     - name: Install console-based XMPP client (for interactive testing)
       apt:
         name: mcabber
-        state: installed
+        state: present
     - name: Install console-based XMPP tool (for non-interactive testing)
       apt:
         name: sendxmpp
-        state: installed
+        state: present
     - name: Create dedicated group for testing
       group:
         name: user
         state: present
@@ @@ -105,113 +105,19 @@ @@
   handlers:
     - name: Update CA certificate cache
       command: /usr/sbin/update-ca-certificates --fresh
 - hosts: ldap-server
-  become: yes
+  become: true
   roles:
     - role: ldap_server
       ldap_admin_password: admin
       ldap_entries:
         # Users
         - dn: uid=john,ou=people,dc=local
           attributes:
             objectClass:
               - inetOrgPerson
               - simpleSecurityObject
             userPassword: johnpassword
             uid: john
             cn: John Doe
             sn: Doe
             mail: john.doe@domain1
         - dn: uid=jane,ou=people,dc=local
           attributes:
             objectClass:
               - inetOrgPerson
               - simpleSecurityObject
             userPassword: janepassword
             uid: jane
             cn: Jane Doe
             sn: Doe
             mail: jane.doe@domain2
         - dn: uid=mick,ou=people,dc=local
           attributes:
             objectClass:
               - inetOrgPerson
               - simpleSecurityObject
             userPassword: mickpassword
             uid: mick
             cn: Mick Doe
             sn: Doe
             mail: mick.doe@domain3
         - dn: uid=noxmpp,ou=people,dc=local
           attributes:
             objectClass:
               - inetOrgPerson
               - simpleSecurityObject
             userPassword: noxmpppassword
             uid: noxmpp
             cn: No XMPP
             sn: XMPP
             mail: noxmpp@domain1
         # Groups
         - dn: "cn=xmpp,ou=groups,dc=local"
           state: append
           attributes:
             uniqueMember:
               - uid=john,ou=people,dc=local
               - uid=jane,ou=people,dc=local
               - uid=mick,ou=people,dc=local
       ldap_server_consumers:
         - name: prosody
           password: prosodypassword
       ldap_server_domain: "local"
       ldap_server_groups:
         - name: xmpp
       ldap_server_organization: "Example"
       ldap_server_tls_certificate: "{{ lookup('file', 'tests/data/x509/ldap-server_ldap.cert.pem') }}"
       ldap_server_tls_key: "{{ lookup('file', 'tests/data/x509/ldap-server_ldap.key.pem') }}"
       # common
       ca_certificates:
         testca: "{{ lookup('file', 'tests/data/x509/ca.cert.pem') }}"
       # ldap_client
       ldap_client_config:
         - comment: CA truststore
           option: TLS_CACERT
           value: /etc/ssl/certs/testca.cert.pem
         - comment: Ensure TLS is enforced
           option: TLS_REQCERT
           value: demand
         - comment: Base DN
           option: BASE
           value: dc=local
         - comment: URI
           option: URI
           value: ldapi:///
     - role: backup_server
       backup_host_ssh_private_keys:
         dsa: "{{ lookup('file', 'tests/data/ssh/server_dsa') }}"
         rsa: "{{ lookup('file', 'tests/data/ssh/server_rsa') }}"
         ed25519: "{{ lookup('file', 'tests/data/ssh/server_ed25519') }}"
         ecdsa: "{{ lookup('file', 'tests/data/ssh/server_ecdsa') }}"
       backup_clients:
         - server: parameters-optional
           ip: 10.31.127.31
           public_key: "{{ lookup('file', 'tests/data/ssh/parameters-optional.pub') }}"
     - ldap_server
     - backup_server
 - hosts: parameters-optional
-  become: yes
+  become: true
   tasks:
     - name: Install console-based XMPP tool (for non-interactive testing)
       apt:
         name: sendxmpp
-        state: installed
+        state: present

roles/xmpp_server/molecule/default/tests/test_backup.py

➞

Show inline comments

 import os
 import testinfra.utils.ansible_runner
 testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
-    '.molecule/ansible_inventory.yml').get_hosts('parameters-optional')
+    os.environ['MOLECULE_INVENTORY_FILE']).get_hosts(['parameters-optional'])
 def test_backup(host):
     """
     Tests if Prosody data directory is correctly backed-up.
     """

roles/xmpp_server/molecule/default/tests/test_client.py

➞

Show inline comments

 import os
 import testinfra.utils.ansible_runner
 testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
-    '.molecule/ansible_inventory.yml').get_hosts('client1')
+    os.environ['MOLECULE_INVENTORY_FILE']).get_hosts(['client1'])
 def test_connectivity(host):
     """
     Tests connectivity to the XMPP server (ports that should be reachable).
     """

roles/xmpp_server/molecule/default/tests/test_default.py

➞

Show inline comments

 import os
 import testinfra.utils.ansible_runner
 testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
-    '.molecule/ansible_inventory.yml').get_hosts(['parameters-mandatory', 'parameters-optional'])
+    os.environ['MOLECULE_INVENTORY_FILE']).get_hosts(['parameters-mandatory', 'parameters-optional'])
 def test_installed_packages(host):
     """
     Tests if all the necessary packages have been installed.
     """

roles/xmpp_server/molecule/default/tests/test_mandatory.py

➞

Show inline comments

 import os
 import testinfra.utils.ansible_runner
 testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
-    '.molecule/ansible_inventory.yml').get_hosts('parameters-mandatory')
+    os.environ['MOLECULE_INVENTORY_FILE']).get_hosts(['parameters-mandatory'])
 def test_prosody_tls_files(host):
     """
     Tests if Prosody TLS private key and certificage have been deployed
     correctly.

roles/xmpp_server/molecule/default/tests/test_optional.py

➞

Show inline comments

 import os
 import testinfra.utils.ansible_runner
 testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
-    '.molecule/ansible_inventory.yml').get_hosts('parameters-optional')
+    os.environ['MOLECULE_INVENTORY_FILE']).get_hosts(['parameters-optional'])
 def test_prosody_tls_files(host):
     """
     Tests if Prosody TLS private key and certificage have been deployed
     correctly.

roles/xmpp_server/tasks/main.yml

➞

Show inline comments

@@ @@ -14,28 +14,28 @@ @@
     repo: "deb http://packages.prosody.im/debian jessie main"
     state: present
 - name: Install Lua Sec library (needed for TLS)
   apt:
     name: lua-sec
-    state: installed
+    state: present
 - name: Install Lua LDAP library
   apt:
     name: lua-ldap
-    state: installed
+    state: present
 - name: Install Prosody
   apt:
     name: prosody
-    state: installed
+    state: present
 - name: Allow Prosody user to traverse the directory with TLS private keys
   user:
     name: prosody
-    append: yes
+    append: true
     groups: ssl-cert
 - name: Deploy XMPP TLS private key
   copy:
     dest: "/etc/ssl/private/{{ ansible_fqdn }}_xmpp.key"
     content: "{{ xmpp_tls_key }}"

0 comments (0 inline, 0 general)