majic-ansible-roles Changeset

Changeset - 2c24e973d44a

Parent rev.

Child rev.

[Not reviewed]

0 5 0

Branko Majic (branko) - 2 months ago 2024-02-26 23:25:19
branko@majic.rs

MAR-192: Added support for Debian 12 Bookworm to backup_server role:

- Use test parametrisation instead of looping over a list when testing
correct key usage.
- Replace deprecated key algorithm (in Debian 12 Bookworm) for test
purposes (it just needs to be one of the RSA variants).

5 files changed with 55 insertions and 14 deletions:

docs/rolereference.rst

roles/backup_server/meta/main.yml

roles/backup_server/molecule/default/molecule.yml

roles/backup_server/molecule/default/tests/data/ssh/known_hosts

roles/backup_server/molecule/default/tests/test_parameters_optional.py

0 comments (0 inline, 0 general)

docs/rolereference.rst

➞

Show inline comments

@@ @@ -2240,6 +2240,7 @@ Distribution compatibility @@
 Role is compatible with the following distributions:
 - Debian 11 (Bullseye)
 - Debian 12 (Bookworm)
 Examples

roles/backup_server/meta/main.yml

➞

Show inline comments

@@ @@ -12,3 +12,4 @@ galaxy_info: @@
     - name: Debian
       versions:
         - 11
         - 12

roles/backup_server/molecule/default/molecule.yml

➞

Show inline comments

@@ @@ -42,6 +42,34 @@ platforms: @@
         network_name: private_network
         type: static
   - name: parameters-mandatory-bookworm
     groups:
       - parameters-mandatory
     box: debian/bookworm64
     memory: 384
     cpus: 1
     provider_raw_config_args:
       - "customize ['modifyvm', :id, '--paravirtprovider', 'minimal']"
     interfaces:
       - auto_config: true
         ip: 192.168.56.31
         network_name: private_network
         type: static
   - name: parameters-optional-bookworm
     groups:
       - parameters-optional
     box: debian/bookworm64
     memory: 384
     cpus: 1
     provider_raw_config_args:
       - "customize ['modifyvm', :id, '--paravirtprovider', 'minimal']"
     interfaces:
       - auto_config: true
         ip: 192.168.56.32
         network_name: private_network
         type: static
 provisioner:
   name: ansible
   config_options:

roles/backup_server/molecule/default/tests/data/ssh/known_hosts

➞

Show inline comments

@@ @@ -7,3 +7,13 @@ @@
 [192.168.56.22]:2222 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC2SqbwZNanhTMM8wL1iGtNOR7nYbXcCQNbU65crXN43W1tz4GXoyluHEEXs0we7jmZZyow19X89Ve5w8ODL42KRDtNXoN8wjoLwZ1l7iGsrN1oUXJP7i6i9lH/0F+fudFB3Tm53ieBr0MEMdxAQBpk+MCi64G0iuvZeE0sKG5JfSky82ZZ26m5EchORJuiiKObB17EsUGl091S8eiLXIIiQQvg4d9933oAqNCLe0uxbNfJcbMJAdr+m9rYxyVoPXweUm1beb/6/vZQzAf0HL5+Ic/mbLu3z4httCh0dIlCqjRe/8llqF21psIlN8D8hZkzY6WEo7/v9wHAGFTFFFlJ
 [192.168.56.22]:2222 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLaZb8xcw5PbzQ8Jo8xygcUaI6ziGLs+ZqsAqJSOIou9iN0zSKO9a4ujbeMgIbfZZPB5UWcv1CxNekTZ4tkrAaM=
 [192.168.56.22]:2222 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQzNj16lZ3ucIJvwnFYzR/vZT3SuWiIVPNOhK5JGlq6
 # Bookworm
 [192.168.56.31]:2222 ssh-dss AAAAB3NzaC1kc3MAAACBALf+gfHQnAMOR4N/IjCZlniejPcAkdB6/E8YwiG26aKeRo3x2Q2budFWqJMtbtfcz0++hVAO2LvYYk2uVMe2WoVwWSZGQA4fcGUrs5B4CHTpOl/lHuu3GixNshCz+8ueQDqs/NYp/BdUcU4yIxvUII6+3hB/bkRz8LpczYJKJqVlAAAAFQD6yuMkAdrYcViFtbTciGEytGtBvwAAAIBFUdmJVFPPQd8NynBAkk+eKMUQFR2CcYgD1w/BfT0UP85hL/mYX1Eaiy+U3ylN6g8+RNalQX0IymIYMisXSRPF1gElVpbuCF9VV49c03q/9LfRogV1tRpZeEz9JK5xbBviEnI+kKP8o1ivmIjAVln72lnKdH+t4njma5CBpG9zJQAAAIAYAG/Udg4i/2q8Iemqs5TuP48ge1CxQcyFw4vVl2zr85MPZ24rBf+ZPGy1CsEBpJqHQ5agftMYR9CRcxlqAP44JpIPcSq1NsL59HnXDsdCe/IJjO4JmL1HL+VIcWkXgj0MxGds8hck+HC5lX7jGAKjZBea8ksBZD/Ma2WvYKXpgg==
 [192.168.56.31]:2222 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC2SqbwZNanhTMM8wL1iGtNOR7nYbXcCQNbU65crXN43W1tz4GXoyluHEEXs0we7jmZZyow19X89Ve5w8ODL42KRDtNXoN8wjoLwZ1l7iGsrN1oUXJP7i6i9lH/0F+fudFB3Tm53ieBr0MEMdxAQBpk+MCi64G0iuvZeE0sKG5JfSky82ZZ26m5EchORJuiiKObB17EsUGl091S8eiLXIIiQQvg4d9933oAqNCLe0uxbNfJcbMJAdr+m9rYxyVoPXweUm1beb/6/vZQzAf0HL5+Ic/mbLu3z4httCh0dIlCqjRe/8llqF21psIlN8D8hZkzY6WEo7/v9wHAGFTFFFlJ
 [192.168.56.31]:2222 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLaZb8xcw5PbzQ8Jo8xygcUaI6ziGLs+ZqsAqJSOIou9iN0zSKO9a4ujbeMgIbfZZPB5UWcv1CxNekTZ4tkrAaM=
 [192.168.56.31]:2222 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQzNj16lZ3ucIJvwnFYzR/vZT3SuWiIVPNOhK5JGlq6
 [192.168.56.32]:2222 ssh-dss AAAAB3NzaC1kc3MAAACBALf+gfHQnAMOR4N/IjCZlniejPcAkdB6/E8YwiG26aKeRo3x2Q2budFWqJMtbtfcz0++hVAO2LvYYk2uVMe2WoVwWSZGQA4fcGUrs5B4CHTpOl/lHuu3GixNshCz+8ueQDqs/NYp/BdUcU4yIxvUII6+3hB/bkRz8LpczYJKJqVlAAAAFQD6yuMkAdrYcViFtbTciGEytGtBvwAAAIBFUdmJVFPPQd8NynBAkk+eKMUQFR2CcYgD1w/BfT0UP85hL/mYX1Eaiy+U3ylN6g8+RNalQX0IymIYMisXSRPF1gElVpbuCF9VV49c03q/9LfRogV1tRpZeEz9JK5xbBviEnI+kKP8o1ivmIjAVln72lnKdH+t4njma5CBpG9zJQAAAIAYAG/Udg4i/2q8Iemqs5TuP48ge1CxQcyFw4vVl2zr85MPZ24rBf+ZPGy1CsEBpJqHQ5agftMYR9CRcxlqAP44JpIPcSq1NsL59HnXDsdCe/IJjO4JmL1HL+VIcWkXgj0MxGds8hck+HC5lX7jGAKjZBea8ksBZD/Ma2WvYKXpgg==
 [192.168.56.32]:2222 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC2SqbwZNanhTMM8wL1iGtNOR7nYbXcCQNbU65crXN43W1tz4GXoyluHEEXs0we7jmZZyow19X89Ve5w8ODL42KRDtNXoN8wjoLwZ1l7iGsrN1oUXJP7i6i9lH/0F+fudFB3Tm53ieBr0MEMdxAQBpk+MCi64G0iuvZeE0sKG5JfSky82ZZ26m5EchORJuiiKObB17EsUGl091S8eiLXIIiQQvg4d9933oAqNCLe0uxbNfJcbMJAdr+m9rYxyVoPXweUm1beb/6/vZQzAf0HL5+Ic/mbLu3z4httCh0dIlCqjRe/8llqF21psIlN8D8hZkzY6WEo7/v9wHAGFTFFFlJ
 [192.168.56.32]:2222 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLaZb8xcw5PbzQ8Jo8xygcUaI6ziGLs+ZqsAqJSOIou9iN0zSKO9a4ujbeMgIbfZZPB5UWcv1CxNekTZ4tkrAaM=
 [192.168.56.32]:2222 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQzNj16lZ3ucIJvwnFYzR/vZT3SuWiIVPNOhK5JGlq6

roles/backup_server/molecule/default/tests/test_parameters_optional.py

➞

Show inline comments

@@ @@ -207,27 +207,28 @@ def test_backup_ssh_service_connectivity(host): @@
 @pytest.mark.usefixtures("prepare_ssh_client_private_key_permissions")
 def test_backup_ssh_service_key_fingerprints(host):
 @pytest.mark.parametrize('key_algorithm', [
     'rsa-sha2-512',
     'ssh-ed25519',
     'ecdsa-sha2-nistp256',
 ])
 def test_backup_ssh_service_key_fingerprints(host, key_algorithm):
     """
     Tests fingerprints of backup SSH server in order to ensure correct keys are
     in use.
     """
     key_types = ['ssh-rsa', 'ssh-ed25519', 'ecdsa-sha2-nistp256']
     # Extract first non-IPv6 IP. Crude test, but it should work.
     remote_ip = next(a for a in host.interface("eth1").addresses if ":" not in a)
     local = host.get_host("local://")
     for key_type in key_types:
         login_attempt = local.run("ssh -p 2222 "
                                   "-o PasswordAuthentication=no "
                                   "-o StrictHostKeyChecking=yes "
                                   "-o UserKnownHostsFile=tests/data/ssh/known_hosts "
                                   "-i tests/data/ssh/client1 "
                                   "-o HostKeyAlgorithms=%s "
                                   "bak-client1_backup@%s /bin/echo sshtest" % (key_type, remote_ip))
         assert login_attempt.rc == 1
         assert "This service allows sftp connections only." in login_attempt.stdout
     login_attempt = local.run("ssh -p 2222 "
                               "-o PasswordAuthentication=no "
                               "-o StrictHostKeyChecking=yes "
                               "-o UserKnownHostsFile=tests/data/ssh/known_hosts "
                               "-i tests/data/ssh/client1 "
                               "-o HostKeyAlgorithms=%s "
                               "bak-client1_backup@%s /bin/echo sshtest" % (key_algorithm, remote_ip))
     assert login_attempt.rc == 1
     assert "This service allows sftp connections only." in login_attempt.stdout

0 comments (0 inline, 0 general)