majic-ansible-roles Changeset

Changeset - 449e6423959c

Parent rev.

Child rev.

[Not reviewed]

0 6 1

Branko Majic (branko) - 3 years ago 2021-01-16 21:43:04
branko@majic.rs

MAR-151: Added support for Debian 10 Buster to xmpp_server role:

- Updated role reference documentaiton.
- Updated role meta information.
- Updated tests.
- Enable lower-level TLS protocols (1.0/1.1) in global OpenSSL
configuration file on Buster in order to be able to test the
xmpp_server_tls_protocol parameter (otherwise Prosody completely
refuses to use them even if listed in its configuration).
- Move stretch-specific tests into its own file (for backported
lua-ldap library), and run them on Debian 9 Stretch machines only.

7 files changed with 133 insertions and 39 deletions:

docs/rolereference.rst

roles/xmpp_server/meta/main.yml

roles/xmpp_server/molecule/default/host_vars/ldap-server.yml

roles/xmpp_server/molecule/default/molecule.yml

roles/xmpp_server/molecule/default/prepare.yml

roles/xmpp_server/molecule/default/tests/test_default.py

roles/xmpp_server/molecule/default/tests/test_default_stretch.py

0 comments (0 inline, 0 general)

docs/rolereference.rst

➞

Show inline comments

@@ @@ -999,6 +999,7 @@ Distribution compatibility @@
 Role is compatible with the following distributions:
 - Debian 9 (Stretch)
 - Debian 10 (Buster)
 Examples

roles/xmpp_server/meta/main.yml

➞

Show inline comments

@@ @@ -16,5 +16,5 @@ galaxy_info: @@
   platforms:
     - name: Debian
       versions:
         - 8
         - 9
         - 10

roles/xmpp_server/molecule/default/host_vars/ldap-server.yml

➞

Show inline comments

@@ @@ -42,3 +42,6 @@ backup_clients: @@
   - server: parameters-optional-stretch
     ip: 10.31.127.33
     public_key: "{{ lookup('file', 'tests/data/ssh/parameters-optional.pub') }}"
   - server: parameters-optional-buster
     ip: 10.31.127.31
     public_key: "{{ lookup('file', 'tests/data/ssh/parameters-optional.pub') }}"

roles/xmpp_server/molecule/default/molecule.yml

➞

Show inline comments

@@ @@ -63,6 +63,45 @@ platforms: @@
         network_name: private_network
         type: static
   - name: client-buster
     groups:
       - clients
       - buster
     box: debian/contrib-buster64
     memory: 256
     cpus: 1
     interfaces:
       - auto_config: true
         ip: 10.31.127.20
         network_name: private_network
         type: static
   - name: parameters-mandatory-buster64
     groups:
       - parameters-mandatory
       - buster
     box: debian/contrib-buster64
     memory: 512
     cpus: 1
     interfaces:
       - auto_config: true
         ip: 10.31.127.30
         network_name: private_network
         type: static
   - name: parameters-optional-buster64
     groups:
       - parameters-optional
       - buster
     box: debian/contrib-buster64
     memory: 512
     cpus: 1
     interfaces:
       - auto_config: true
         ip: 10.31.127.31
         network_name: private_network
         type: static
 provisioner:
   name: ansible
   playbooks:

roles/xmpp_server/molecule/default/prepare.yml

➞

Show inline comments

@@ @@ -37,6 +37,21 @@ @@
             - domain3
             - proxy.domain3
             - conference.domain3
         - name: parameters-mandatory-buster64_xmpp
           fqdn:
             - parameters-mandatory
             - domain1
             - proxy.domain1
             - conference.domain1
         - name: parameters-optional-buster64_xmpp
           fqdn:
             - parameters-optional
             - domain2
             - proxy.domain2
             - conference.domain2
             - domain3
             - proxy.domain3
             - conference.domain3
     - name: Set-up link to generated X.509 material
       file:
@@ @@ -94,6 +109,35 @@ @@
 .31.127.32: "parameters-mandatory domain1 proxy.domain1 conference.domain1"
 .31.127.33: "parameters-optional domain2 proxy.domain2 conference.domain2 domain3 proxy.domain3 conference.domain3"
 - hosts: buster
   become: true
   tasks:
     - name: Set-up the hosts file
       lineinfile:
         path: /etc/hosts
         regexp: "^{{ item.key }}"
         line: "{{ item.key }} {{ item.value }}"
         owner: root
         group: root
         mode: 0644
         state: present
       with_dict:
 .31.127.10: "ldap-server backup-server"
 .31.127.20: "client-stretch"
 .31.127.30: "parameters-mandatory domain1 proxy.domain1 conference.domain1"
 .31.127.31: "parameters-optional domain2 proxy.domain2 conference.domain2 domain3 proxy.domain3 conference.domain3"
     - name: Enable TLSv1.0+ in global OpenSSL configuration file in order to be able to test the xmpp_server_tls_protocol parameter
       lineinfile:
         path: "/etc/ssl/openssl.cnf"
         regexp: "^MinProtocol ="
         line: "MinProtocol = TLSv1.0"
         owner: root
         group: root
         mode: 0644
         state: present
 - hosts: clients
   become: true
   tasks:

roles/xmpp_server/molecule/default/tests/test_default.py

➞

Show inline comments

@@ @@ -234,44 +234,6 @@ def test_tls_connectivity(host): @@
     assert 'not-well-formed' in s2s.stdout
 def test_backports_repository(host):
     """
     Tests if backports repository has been added.
     """
     repository = host.file("/etc/apt/sources.list.d/backports.list")
     distribution_release = host.ansible("setup")["ansible_facts"]["ansible_distribution_release"]
     expected_content = "deb http://ftp.debian.org/debian %s-backports main\n" % distribution_release
     assert repository.is_file
     assert repository.user == 'root'
     assert repository.group == 'root'
     assert repository.mode == 0o644
     assert repository.content_string == expected_content
 def test_lua_ldap_pin_and_version(host):
     """
     Tests if lua-ldap package has been correctly pinned to the
     backports repository.
     """
     distribution_major_version = host.ansible("setup")["ansible_facts"]["ansible_distribution_major_version"]
     backports_version_suffix = "bpo%s" % distribution_major_version
     pin_configuration_file = host.file("/etc/apt/preferences.d/lua-ldap")
     lua_ldap = host.package("lua-ldap")
     assert pin_configuration_file.is_file
     assert pin_configuration_file.user == 'root'
     assert pin_configuration_file.group == 'root'
     assert pin_configuration_file.mode == 0o644
     assert backports_version_suffix in lua_ldap.version
 def test_prosody_configuration_validity(host):
     """
     Tests the Prosody configuration file using the 'prosodyctl check'

roles/xmpp_server/molecule/default/tests/test_default_stretch.py

➞

Show inline comments

@@ new file 100644 @@
 import os
 import testinfra.utils.ansible_runner
 testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
     os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('parameters-*-stretch64')
 def test_backports_repository(host):
     """
     Tests if backports repository has been added.
     """
     repository = host.file("/etc/apt/sources.list.d/backports.list")
     distribution_release = host.ansible("setup")["ansible_facts"]["ansible_distribution_release"]
     expected_content = "deb http://ftp.debian.org/debian %s-backports main\n" % distribution_release
     assert repository.is_file
     assert repository.user == 'root'
     assert repository.group == 'root'
     assert repository.mode == 0o644
     assert repository.content_string == expected_content
 def test_lua_ldap_pin_and_version(host):
     """
     Tests if lua-ldap package has been correctly pinned to the
     backports repository.
     """
     distribution_major_version = host.ansible("setup")["ansible_facts"]["ansible_distribution_major_version"]
     backports_version_suffix = "bpo%s" % distribution_major_version
     pin_configuration_file = host.file("/etc/apt/preferences.d/lua-ldap")
     lua_ldap = host.package("lua-ldap")
     assert pin_configuration_file.is_file
     assert pin_configuration_file.user == 'root'
     assert pin_configuration_file.group == 'root'
     assert pin_configuration_file.mode == 0o644
     assert backports_version_suffix in lua_ldap.version

0 comments (0 inline, 0 general)