majic-ansible-roles Changeset

Changeset - 5dab5854fcc8

Parent rev.

Child rev.

[Not reviewed]

4 8 4

Branko Majic (branko) - 4 years ago 2020-07-29 14:21:06
branko@majic.rs

MAR-162: Make the xmpp_tls_certificate and xmpp_tls_key parameters mandatory in xmpp_server role:

- Dropped the defaults from wsgi_server role.
- Updated group variables in role tests.
- Changed the key/certificate file extensions to be more descriptive.
- Updated role reference documentation.
- Updated usage instructions to include the mandatory parameters.
- Deduplicated tests for the TLS files.

12 files changed with 35 insertions and 64 deletions:

docs/rolereference.rst

docs/usage.rst

roles/xmpp_server/defaults/main.yml

roles/xmpp_server/molecule/default/group_vars/parameters-mandatory.yml

roles/xmpp_server/molecule/default/group_vars/parameters-optional.yml

roles/xmpp_server/molecule/default/tests/data/x509/parameters-mandatory-stretch64.domain1_xmpp.cert.pem

rename

roles/xmpp_server/molecule/default/tests/data/x509/parameters-mandatory-stretch64.domain1_xmpp.key.pem

rename

roles/xmpp_server/molecule/default/tests/data/x509/parameters-optional-stretch64_xmpp.cert.pem

rename

roles/xmpp_server/molecule/default/tests/data/x509/parameters-optional-stretch64_xmpp.key.pem

rename

roles/xmpp_server/molecule/default/tests/test_default.py

roles/xmpp_server/molecule/default/tests/test_mandatory.py

roles/xmpp_server/molecule/default/tests/test_optional.py

0 comments (0 inline, 0 general)

docs/rolereference.rst

➞

Show inline comments

@@ @@ -938,11 +938,11 @@ Parameters @@
   to switch to a different nightly builds. It should be noted that
   only the default version is getting properly tested.
-**xmpp_tls_certificate** (string, optional, ``{{ lookup('file', tls_certificate_dir + '/' + fqdn + '_xmpp.pem') }}``)
+**xmpp_tls_certificate** (string, mandatory)
   X.509 certificate used for TLS for XMPP service. The file will be stored in
   directory ``/etc/ssl/certs/`` under name ``{{ ansible_fqdn }}_xmpp.pem``.
-**xmpp_tls_key** (string, optional, ``{{ lookup('file', tls_private_key_dir + '/' + fqdn + '_xmpp.key') }}``)
+**xmpp_tls_key** (string, mandatory)
   Private key used for TLS for XMPP service. The file will be stored in
   directory ``/etc/ssl/private/`` under name ``{{ ansible_fqdn }}_xmpp.key``.

docs/usage.rst

➞

Show inline comments

@@ @@ -1057,6 +1057,10 @@ role. @@
    :file:`~/mysite/group_vars/communications.yml`
    ::
       # Set the TLS private key and certificate.
       xmpp_server_tls_certificate: "{{ lookup('file', 'tls/comms.example.com_xmpp.pem') }}"
       xmpp_server_tls_key: "{{ lookup('file', 'tls/comms.example.com_xmpp.key') }}"
       # Set one of the users to also be an XMPP administrator.
       xmpp_administrators:
         - john.doe@example.com

roles/xmpp_server/defaults/main.yml

➞

Show inline comments

@@ @@ -4,5 +4,3 @@ enable_backup: false @@
 xmpp_domains:
   - "{{ ansible_domain }}"
 xmpp_prosody_package: "prosody-0.10"
 xmpp_tls_certificate: "{{ lookup('file', tls_certificate_dir + '/' + ansible_fqdn + '_xmpp.pem') }}"
 xmpp_tls_key: "{{ lookup('file', tls_private_key_dir + '/' + ansible_fqdn + '_xmpp.key') }}"

roles/xmpp_server/molecule/default/group_vars/parameters-mandatory.yml

➞

Show inline comments

@@ @@ -5,10 +5,8 @@ xmpp_administrators: @@
 xmpp_ldap_base_dn: dc=local
 xmpp_ldap_password: prosodypassword
 xmpp_ldap_server: ldap-server
 # Common parameters (general, not role).
 tls_certificate_dir: tests/data/x509/
 tls_private_key_dir: tests/data/x509/
 xmpp_tls_certificate: "{{ lookup('file', 'tests/data/x509/{{ inventory_hostname }}_xmpp.cert.pem') }}"
 xmpp_tls_key: "{{ lookup('file', 'tests/data/x509/{{ inventory_hostname }}_xmpp.key.pem') }}"
 # common
 ca_certificates:

roles/xmpp_server/molecule/default/group_vars/parameters-optional.yml

➞

Show inline comments

@@ @@ -10,12 +10,8 @@ xmpp_ldap_base_dn: dc=local @@
 xmpp_ldap_password: prosodypassword
 xmpp_ldap_server: ldap-server
 xmpp_prosody_package: prosody-0.9
 xmpp_tls_certificate: "{{ lookup('file', 'tests/data/x509/parameters-optional_xmpp.cert.pem') }}"
 xmpp_tls_key: "{{ lookup('file', 'tests/data/x509/parameters-optional_xmpp.key.pem') }}"
 # Common parameters (general, not role).
 tls_certificate_dir: tests/data/x509/
 tls_private_key_dir: tests/data/x509/
 xmpp_tls_certificate: "{{ lookup('file', 'tests/data/x509/{{ inventory_hostname }}_xmpp.cert.pem') }}"
 xmpp_tls_key: "{{ lookup('file', 'tests/data/x509/{{ inventory_hostname }}_xmpp.key.pem') }}"
 # common
 ca_certificates:

roles/xmpp_server/molecule/default/tests/data/x509/parameters-mandatory-stretch64.domain1_xmpp.cert.pem

➞

Show inline comments

file renamed from roles/xmpp_server/molecule/default/tests/data/x509/parameters-mandatory-stretch64.domain1_xmpp.pem to roles/xmpp_server/molecule/default/tests/data/x509/parameters-mandatory-stretch64.domain1_xmpp.cert.pem

roles/xmpp_server/molecule/default/tests/data/x509/parameters-mandatory-stretch64.domain1_xmpp.key.pem

➞

Show inline comments

file renamed from roles/xmpp_server/molecule/default/tests/data/x509/parameters-mandatory-stretch64.domain1_xmpp.key to roles/xmpp_server/molecule/default/tests/data/x509/parameters-mandatory-stretch64.domain1_xmpp.key.pem

roles/xmpp_server/molecule/default/tests/data/x509/parameters-optional-stretch64_xmpp.cert.pem

➞

Show inline comments

file renamed from roles/xmpp_server/molecule/default/tests/data/x509/parameters-optional_xmpp.cert.pem to roles/xmpp_server/molecule/default/tests/data/x509/parameters-optional-stretch64_xmpp.cert.pem

roles/xmpp_server/molecule/default/tests/data/x509/parameters-optional-stretch64_xmpp.key.pem

➞

Show inline comments

file renamed from roles/xmpp_server/molecule/default/tests/data/x509/parameters-optional_xmpp.key.pem to roles/xmpp_server/molecule/default/tests/data/x509/parameters-optional-stretch64_xmpp.key.pem

roles/xmpp_server/molecule/default/tests/test_default.py

➞

Show inline comments

@@ @@ -145,6 +145,31 @@ def test_xmpp_server_dh_parameters_file(host): @@
         assert "DH Parameters: (2048 bit)" in dhparam_info.stdout
 def test_prosody_tls_files(host):
     """
     Tests if Prosody TLS private key and certificage have been deployed
     correctly.
     """
     hostname = host.run('hostname -f').stdout.strip()
     with host.sudo():
         tls_file = host.file('/etc/ssl/private/%s_xmpp.key' % hostname)
         assert tls_file.is_file
         assert tls_file.user == 'root'
         assert tls_file.group == 'prosody'
         assert tls_file.mode == 0o640
         assert tls_file.content_string == open("tests/data/x509/%s_xmpp.key.pem" % hostname, "r").read().rstrip()
         tls_file = host.file('/etc/ssl/certs/%s_xmpp.pem' % hostname)
         assert tls_file.is_file
         assert tls_file.user == 'root'
         assert tls_file.group == 'root'
         assert tls_file.mode == 0o644
         assert tls_file.content_string == open("tests/data/x509/%s_xmpp.cert.pem" % hostname, "r").read().rstrip()
 # @TODO: Tests which were not implemented due to lack of out-of-box tools:
+#
 # - Proxy capability.

roles/xmpp_server/molecule/default/tests/test_mandatory.py

➞

Show inline comments

     os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('parameters-mandatory')
 def test_prosody_tls_files(host):
     """
     Tests if Prosody TLS private key and certificage have been deployed
     correctly.
     """
     hostname = host.run('hostname').stdout.strip()
     with host.sudo():
         tls_file = host.file('/etc/ssl/private/%s.domain1_xmpp.key' % hostname)
         assert tls_file.is_file
         assert tls_file.user == 'root'
         assert tls_file.group == 'prosody'
         assert tls_file.mode == 0o640
         assert tls_file.content_string == open("tests/data/x509/%s.domain1_xmpp.key" % hostname, "r").read().rstrip()
         tls_file = host.file('/etc/ssl/certs/%s.domain1_xmpp.pem' % hostname)
         assert tls_file.is_file
         assert tls_file.user == 'root'
         assert tls_file.group == 'root'
         assert tls_file.mode == 0o644
         assert tls_file.content_string == open("tests/data/x509/%s.domain1_xmpp.pem" % hostname, "r").read().rstrip()
 def test_certificate_validity_check_configuration(host):
     """
     Tests if certificate validity check configuration file has been deployed

roles/xmpp_server/molecule/default/tests/test_optional.py

➞

Show inline comments

     os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('parameters-optional')
 def test_prosody_tls_files(host):
     """
     Tests if Prosody TLS private key and certificage have been deployed
     correctly.
     """
     hostname = host.run('hostname').stdout.strip()
     with host.sudo():
         tls_file = host.file('/etc/ssl/private/%s_xmpp.key' % hostname)
         assert tls_file.is_file
         assert tls_file.user == 'root'
         assert tls_file.group == 'prosody'
         assert tls_file.mode == 0o640
         assert tls_file.content_string == open("tests/data/x509/parameters-optional_xmpp.key.pem", "r").read().rstrip()
         tls_file = host.file('/etc/ssl/certs/%s_xmpp.pem' % hostname)
         assert tls_file.is_file
         assert tls_file.user == 'root'
         assert tls_file.group == 'root'
         assert tls_file.mode == 0o644
         assert tls_file.content_string == open("tests/data/x509/parameters-optional_xmpp.cert.pem", "r").read().rstrip()
 def test_certificate_validity_check_configuration(host):
     """
     Tests if certificate validity check configuration file has been deployed

0 comments (0 inline, 0 general)