majic-ansible-roles Changeset

Changeset - 694893c0259a

Parent rev.

Child rev.

[Not reviewed]

0 17 0

Branko Majic (branko) - 16 days ago 2024-09-03 13:00:00
branko@majic.rs

MAR-218: Fix linting errors for unnamed plays:

- All plays should be named at this point.
- Improve naming of some plays.
- Group some of the common tasks together to speed-up the prepare
step.
- Minor refactoring to make the prepare playbooks more consistent
across the roles.

17 files changed with 137 insertions and 146 deletions:

roles/backup/molecule/default/prepare.yml

roles/backup_client/molecule/default/prepare.yml

roles/backup_server/molecule/default/prepare.yml

roles/bootstrap/molecule/default/prepare.yml

roles/common/molecule/default/prepare.yml

roles/database/molecule/default/prepare.yml

roles/database_server/molecule/default/prepare.yml

roles/ldap_client/handlers/main.yml

roles/ldap_client/molecule/default/prepare.yml

roles/ldap_server/molecule/default/prepare.yml

roles/mail_forwarder/molecule/default/prepare.yml

roles/mail_server/molecule/default/prepare.yml

roles/php_website/molecule/default/prepare.yml

roles/preseed/molecule/default/prepare.yml

roles/web_server/molecule/default/prepare.yml

roles/wsgi_website/molecule/default/prepare.yml

roles/xmpp_server/molecule/default/prepare.yml

0 comments (0 inline, 0 general)

roles/backup/molecule/default/prepare.yml

➞

Show inline comments

 ---
 - name: Prepare
   hosts: all
   become: true
   gather_facts: false
   tasks:
     - name: Install python for Ansible
       raw: test -e /usr/bin/python3 || (apt -y update && apt install -y python3-minimal)
       become: true
       changed_when: false
 - hosts: all
   become: true
   tasks:
     - name: Update all caches to avoid errors due to missing remote archives
       apt:
         update_cache: true
       changed_when: false

roles/backup_client/molecule/default/prepare.yml

➞

Show inline comments

 ---
 - name: Prepare
   hosts: all
   become: true
   gather_facts: false
   tasks:
     - name: Install python for Ansible
       raw: test -e /usr/bin/python3 || (apt -y update && apt install -y python3-minimal)
       become: true
       changed_when: false
 - hosts: all
   become: true
   tasks:
     - name: Update all caches to avoid errors due to missing remote archives
       apt:
         update_cache: true
       changed_when: false
 - hosts: backup-server
 - name: Prepare, helpers
   hosts: backup-server
   become: true
   tasks:
     - name: Deploy SSH server keys
       copy:
         content: "{{ lookup('file', item.key) + '\n' }}"
         dest: "{{ item.value }}"
         owner: root
         group: root
         mode: 0600
       with_dict:
         tests/data/ssh/server_rsa: /etc/ssh/ssh_host_rsa_key

roles/backup_server/molecule/default/prepare.yml

➞

Show inline comments

 ---
 - name: Prepare
   hosts: all
   gather_facts: false
   tasks:
 - hosts: localhost
 - name: Prepare, test fixtures
   hosts: localhost
   connection: local
   tasks:
     - name: Fix SSH client file permissions locally, otherwise we get error from SSH
       file:
         path: "{{ item }}"
         mode: g=,o=
       with_items:
         - tests/data/ssh/client1
         - tests/data/ssh/client2
 - hosts: all
 - name: Prepare
   hosts: all
   become: true
   gather_facts: false
   tasks:
     - name: Install python for Ansible
       raw: test -e /usr/bin/python3 || (apt -y update && apt install -y python3-minimal)
       become: true
       changed_when: false
     - name: Update all caches to avoid errors due to missing remote archives
       apt:
         update_cache: true

roles/bootstrap/molecule/default/prepare.yml

➞

Show inline comments

 ---
 - name: Prepare
   hosts: all
   become: true
   gather_facts: false
   tasks:
     - name: Install python for Ansible
       raw: test -e /usr/bin/python3 || (apt -y update && apt install -y python3-minimal)
       become: true
       changed_when: false
     - name: Update all caches to avoid errors due to missing remote archives
       apt:
         update_cache: true
       changed_when: false
 # Put Ansible key into root's authorized_keys to test its removal.
 - hosts: parameters-mandatory
 - name: Prepare, text fixtures
   hosts: parameters-mandatory
   become: true
   tasks:
     - name: Deploy authorized_keys to mimic set-up via preseed file
       authorized_key:
         user: root
         key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"
 # Put Ansible key into root's authorized_keys to test its removal.
 - hosts: parameters-optional
 - name: Prepare, text fixtures
   hosts: parameters-optional
   become: true
   tasks:
     - name: Deploy authorized_keys to mimic set-up via preseed file
       authorized_key:
         user: root
         key: "{{ lookup('file', 'tests/data/ansible_key.pub') }}"

roles/common/molecule/default/prepare.yml

➞

Show inline comments

 ---
-- name: Set-up fixtures
+- name: Prepare, test fixtures
   hosts: localhost
   connection: local
   gather_facts: false
   tasks:
     - name: Initialise CA hierarchy
       command: "gimmecert init --ca-hierarchy-depth 2"
       args:
         creates: ".gimmecert/ca/level1.cert.pem"
         chdir: "tests/data/"
     - name: Set-up link to generated X.509 material
       file:
         src: ".gimmecert"
         dest: "tests/data/x509"
         state: link
 - name: Prepare
   hosts: all
   become: true
   gather_facts: false
   tasks:
     - name: Install python for Ansible
       raw: test -e /usr/bin/python3 || (apt -y update && apt install -y python3-minimal)
       become: true
       changed_when: false
 - hosts: all
   become: true
   tasks:
     - name: Update all caches to avoid errors due to missing remote archives
       apt:
         update_cache: true
       changed_when: false
     - name: Install net-tools for running Testinfra host.socket tests
       apt:
         name: net-tools
         state: present
 - hosts: helper
     - name: Remove the ss utility (see https://github.com/philpep/testinfra/pull/320)
       file:
         path: "/bin/ss"
         state: absent
 - name: Prepare, helpers
   hosts: helper
   become: true
   tasks:
     - name: Install apt-cacher-ng
       apt:
         name: apt-cacher-ng
         state: present
 - hosts: client
 - name: Prepare, helpers
   hosts: client
   become: true
   tasks:
     - name: Install tool for testing TCP connectivity
       apt:
         name: nmap
         state: present
     - name: Set-up /etc/hosts with entries for all servers
       lineinfile:
         path: /etc/hosts
         regexp: "^{{ item.key }}"
         line: "{{ item.key }} {{ item.value }}"
         owner: root
         group: root
         mode: 0644
         state: present
       with_dict:
 .168.56.21: parameters-mandatory-bookworm
 .168.56.22: parameters-optional-bookworm
         fd00::192:168:56:21: parameters-mandatory-bookworm
         fd00::192:168:56:22: parameters-optional-bookworm
 - hosts: parameters-mandatory,parameters-optional
 - name: Prepare, test fixtures
   hosts: parameters-mandatory,parameters-optional
   become: true
   tasks:
     - name: Set-up /etc/hosts with entries for all servers
       lineinfile:
         path: /etc/hosts
         regexp: "^{{ item.key }}"
         line: "{{ item.key }} {{ item.value }}"
         owner: root
         group: root
         mode: 0644
         state: present
@@ @@ -147,21 +151,12 @@ @@
         path: "/etc/cron.d/check_pip_requirements-py3"
         state: touch
         owner: root
         group: root
         mode: 0644
     - name: Install the deprecated/obsolete NTP-related packages
       apt:
         name:
           - ntp
           - ntpdate
         state: present
 - hosts: parameters-mandatory,parameters-optional
   become: true
   tasks:
     - name: Remove the ss utility (see https://github.com/philpep/testinfra/pull/320)
       file:
         path: "/bin/ss"
         state: absent

roles/database/molecule/default/prepare.yml

➞

Show inline comments

 ---
 - name: Prepare
   hosts: all
   become: true
   gather_facts: false
   tasks:
     - name: Install python for Ansible
       raw: test -e /usr/bin/python3 || (apt -y update && apt install -y python3-minimal)
       become: true
       changed_when: false
 - hosts: all
   become: true
   tasks:
     - name: Update all caches to avoid errors due to missing remote archives
       apt:
         update_cache: true
       changed_when: false
 - hosts: backup-server
 - name: Prepare, helpers
   hosts: backup-server
   become: true
   roles:
     - role: backup_server
       backup_host_ssh_private_keys:
         rsa: "{{ lookup('file', 'tests/data/ssh/server_rsa') }}"
         ed25519: "{{ lookup('file', 'tests/data/ssh/server_ed25519') }}"
         ecdsa: "{{ lookup('file', 'tests/data/ssh/server_ecdsa') }}"
       backup_clients:
         - server: localhost
           ip: 127.0.0.1
           public_key: "{{ lookup('file', 'tests/data/ssh/parameters-optional.pub') }}"

roles/database_server/molecule/default/prepare.yml

➞

Show inline comments

 ---
 - name: Prepare
   hosts: all
   become: true
   gather_facts: false
   tasks:
     - name: Install python for Ansible
       raw: test -e /usr/bin/python3 || (apt -y update && apt install -y python3-minimal)
       become: true
       changed_when: false
 - hosts: all
   become: true
   tasks:
     - name: Update all caches to avoid errors due to missing remote archives
       apt:
         update_cache: true
       changed_when: false

roles/ldap_client/handlers/main.yml

➞

Show inline comments

 ---
 - debug:
     msg: "No handlers are available for ldap_client role."
 - name: Dummy handler to suppress Ansible warnings
   debug:
     msg: "This is just a dummy task to suppress the Ansible warning about an empty include."

roles/ldap_client/molecule/default/prepare.yml

➞

Show inline comments

 ---
 - name: Prepare
   hosts: all
   become: true
   gather_facts: false
   tasks:
     - name: Install python for Ansible
       raw: test -e /usr/bin/python3 || (apt -y update && apt install -y python3-minimal)
       become: true
       changed_when: false
 - hosts: all
   become: true
   tasks:
     - name: Update all caches to avoid errors due to missing remote archives
       apt:
         update_cache: true
       changed_when: false

roles/ldap_server/molecule/default/prepare.yml

➞

Show inline comments

 ---
-- name: Set-up fixtures
+- name: Prepare, test fixtures
   hosts: localhost
   connection: local
   gather_facts: false
   tasks:
     - name: Initialise CA hierarchy
       command: "gimmecert init"
       args:
         creates: ".gimmecert/ca/level1.cert.pem"
         chdir: "tests/data/"
     - name: Generate server private keys and certificates
@@ @@ -27,119 +27,116 @@ @@
           fqdn: parameters-mandatory
         - name: parameters-optional-bookworm_ldap
           fqdn: parameters-optional
     - name: Set-up link to generated X.509 material
       file:
         src: ".gimmecert"
         dest: "tests/data/x509"
         state: link
 - name: Prepare
   hosts: all
   become: true
   gather_facts: false
   tasks:
     - name: Install python for Ansible
       raw: test -e /usr/bin/python3 || (apt -y update && apt install -y python3-minimal)
       become: true
       changed_when: false
 - hosts: all
   become: true
   tasks:
     - name: Update all caches to avoid errors due to missing remote archives
       apt:
         update_cache: true
       changed_when: false
     - name: Deploy CA certificate
       copy:
         src: tests/data/x509/ca/level1.cert.pem
         dest: /etc/ssl/certs/testca.cert.pem
         owner: root
         group: root
         mode: 0644
 - hosts: client
     - name: Remove the ss utility (see https://github.com/philpep/testinfra/pull/320)
       file:
         path: "/bin/ss"
         state: absent
     - name: Install tools for testing
       apt:
         name:
           - net-tools
           - nmap
           - gnutls-bin
         state: present
 - name: Prepare, helpers
   hosts: client
   become: true
   tasks:
     - name: Install tool for teting TCP connectivity
       apt:
         name: hping3
         state: present
     - name: Set-up /etc/hosts with entries for all servers
       lineinfile:
         path: /etc/hosts
         regexp: "^{{ item.key }}"
         line: "{{ item.key }} {{ item.value }}"
         owner: root
         group: root
         mode: 0644
         state: present
       with_dict:
 .168.56.21: parameters-mandatory-bookworm
 .168.56.22: parameters-optional-bookworm
 - hosts: parameters-optional
 - name: Prepare, test fixtures
   hosts: parameters-optional
   become: true
   tasks:
     - name: Set-up the hosts file
       lineinfile:
         path: /etc/hosts
         regexp: "^{{ item.key }}"
         line: "{{ item.key }} {{ item.value }}"
         owner: root
         group: root
         mode: 0644
         state: present
       with_dict:
 .0.2.1: parameters-optional
 - hosts: parameters-mandatory
 - name: Prepare, test fixtures
   hosts: parameters-mandatory
   become: true
   tasks:
     - name: Set-up the hosts file
       lineinfile:
         path: /etc/hosts
         regexp: "^{{ item.key }}"
         line: "{{ item.key }} {{ item.value }}"
         owner: root
         group: root
         mode: 0644
         state: present
       with_dict:
 .0.2.1: parameters-mandatory
 - hosts: backup-server
 - name: Prepare, helpers
   hosts: backup-server
   become: true
   roles:
     - role: backup_server
       backup_host_ssh_private_keys:
         rsa: "{{ lookup('file', 'tests/data/ssh/server_rsa') }}"
         ed25519: "{{ lookup('file', 'tests/data/ssh/server_ed25519') }}"
         ecdsa: "{{ lookup('file', 'tests/data/ssh/server_ecdsa') }}"
       backup_clients:
         - server: localhost
           ip: 127.0.0.1
           public_key: "{{ lookup('file', 'tests/data/ssh/parameters-optional.pub') }}"
 - hosts: parameters-mandatory,parameters-optional
   become: true
   tasks:
     - name: Remove the ss utility (see https://github.com/philpep/testinfra/pull/320)
       file:
         path: "/bin/ss"
         state: absent
     - name: Install tools for testing
       apt:
         name:
           - net-tools
           - nmap
           - gnutls-bin
         state: present

roles/mail_forwarder/molecule/default/prepare.yml

➞

Show inline comments

 ---
-- name: Set-up fixtures
+- name: Prepare, test fixtures
   hosts: localhost
   connection: local
   gather_facts: false
   tasks:
     - name: Initialise CA hierarchy
       command: "gimmecert init"
       args:
         creates: ".gimmecert/ca/level1.cert.pem"
         chdir: "tests/data/"
     - name: Generate server private keys and certificates
@@ @@ -25,66 +25,60 @@ @@
       with_items:
         - name: mail-server_smtp
           fqdn: mail-server
     - name: Set-up link to generated X.509 material
       file:
         src: ".gimmecert"
         dest: "tests/data/x509"
         state: link
 - name: Prepare
   hosts: all
   become: true
   gather_facts: false
   tasks:
     - name: Install python for Ansible
       raw: test -e /usr/bin/python3 || (apt -y update && apt install -y python3-minimal)
       become: true
       changed_when: false
 - hosts: all
   become: true
   tasks:
     - name: Update all caches to avoid errors due to missing remote archives
       apt:
         update_cache: true
       changed_when: false
 - hosts: all
   become: true
   tasks:
     - name: Set-up the hosts file
       lineinfile:
         path: /etc/hosts
         regexp: "^{{ item.key }}"
         line: "{{ item.key }} {{ item.value }}"
         owner: root
         group: root
         mode: 0644
         state: present
       with_dict:
 .168.56.11: "mail-server domain1"
 .168.56.12: "client1"
 .168.56.21: "parameters-mandatory-bookworm"
 .168.56.22: "parameters-optional-bookworm"
 .168.56.23: "parameters-no-incoming-bookworm"
     - name: Install tools for testing
       apt:
         name: gnutls-bin
         state: present
 - hosts: clients
 - name: Prepare, helpers
   hosts: clients
   become: true
   tasks:
     - name: Install SWAKS for testing SMTP capability
       apt:
         name: swaks
         state: present
     - name: Install tool for testing TCP connectivity
       apt:
         name: hping3
         state: present
@@ @@ -95,25 +89,26 @@ @@
         dest: /usr/local/share/ca-certificates/testca.crt
         owner: root
         group: root
         mode: 0644
       notify:
         - Update CA certificate cache
   handlers:
     - name: Update CA certificate cache
       command: /usr/sbin/update-ca-certificates --fresh
 - hosts: mail-servers
 - name: Prepare, helpers
   hosts: mail-servers
   become: true
   tasks:
     - name: Deploy CA certificate
       copy:
         src: tests/data/x509/ca/level1.cert.pem
         dest: /usr/local/share/ca-certificates/testca.crt
         owner: root
         group: root
         mode: 0644
       notify:
         - Update CA certificate cache
@@ @@ -165,24 +160,25 @@ @@
       changed_when: false
   handlers:
     - name: Update CA certificate cache
       command: /usr/sbin/update-ca-certificates --fresh
     - name: Restart Postfix
       service:
         name: postfix
         state: restarted
 - hosts: parameters-optional
 - name: Prepare, test fixtures
   hosts: parameters-optional
   become: true
   tasks:
     - name: Create additional group for testing local aliases
       group:
         name: testuser
     - name: Create additional user for testing local aliases
       user:
         name: testuser
         group: testuser

roles/mail_server/molecule/default/prepare.yml

➞

Show inline comments

 ---
-- name: Set-up fixtures
+- name: Prepare, test fixtures
   hosts: localhost
   connection: local
   gather_facts: false
   tasks:
     - name: Initialise CA hierarchy
       command: "gimmecert init"
       args:
         creates: ".gimmecert/ca/level1.cert.pem"
         chdir: "tests/data/"
     - name: Generate server private keys and certificates
@@ @@ -37,48 +37,44 @@ @@
           fqdn: parameters-optional-bookworm
         - name: parameters-optional-bookworm_smtp
           fqdn: parameters-optional-bookworm
     - name: Set-up link to generated X.509 material
       file:
         src: ".gimmecert"
         dest: "tests/data/x509"
         state: link
 - name: Prepare
   hosts: all
   become: true
   gather_facts: false
   tasks:
     - name: Install python for Ansible
       raw: test -e /usr/bin/python3 || (apt -y update && apt install -y python3-minimal)
       become: true
       changed_when: false
 - hosts: all
   become: true
   tasks:
     - name: Update all caches to avoid errors due to missing remote archives
       apt:
         update_cache: true
       changed_when: false
     - name: Install tools for testing
       apt:
         name:
           - gnutls-bin
           - nmap
         state: present
-- name: Set-up a local ClamAV database mirror to avoid hitting upstream rate limits
+- name: Prepare, helpers, local ClamAV database mirror (avoid upstream rate limits)
   hosts: clamav-database
   become: true
   tasks:
     - name: Install system packages for hosting the ClamAV database
       apt:
         name:
           - nginx
           - virtualenv
         state: present
     - name: Set-up directory for ClamAV database sync tool virtual environment
@@ @@ -164,25 +160,26 @@ @@
         group: root
         mode: 0644
       notify:
         - Restart nginx
   handlers:
     - name: Restart nginx
       service:
         name: nginx
         state: restarted
 - hosts: bookworm
 - name: Prepare, test fixtures
   hosts: bookworm
   become: true
   tasks:
     - name: Enable TLSv1.0+ in global OpenSSL configuration file in order to be able to test the web_server_tls_protocols parameter
       blockinfile:
         path: "/etc/ssl/openssl.cnf"
         block: |
           [openssl_init]
           ssl_conf = ssl_sect
           [ssl_sect]
           system_default = system_default_sect
@@ @@ -204,25 +201,26 @@ @@
         group: root
         mode: 0644
         state: present
       with_dict:
         # Force mail servers to use local ClamAV database mirror.
 .168.56.11: "db.local.clamav.net database.clamav.net"
 .168.56.12: "ldap-server backup-server"
 .168.56.21: "client1 smtp-server-requiring-tls"
 .168.56.22: "client2 smtp-server-refusing-tls"
 .168.56.31: "parameters-mandatory parameters-mandatory-bookworm"
 .168.56.32: "parameters-optional parameters-optional-bookworm"
 - hosts: client
 - name: Prepare, helpers
   hosts: client
   become: true
   tasks:
     - name: Install tool for testing SMTP capability
       apt:
         name: swaks
         state: present
     - name: Install tool for testing IMAP
       block:
         - name: Install required system packages
@@ @@ -327,31 +325,33 @@ @@
             enabled: true
   handlers:
     - name: Update CA certificate cache
       command: /usr/sbin/update-ca-certificates --fresh
     - name: Restart Postfix
       service:
         name: postfix
         state: restarted
 - hosts: ldap-server
 - name: Prepare, helpers
   hosts: ldap-server
   become: true
   roles:
     - ldap_server
     - backup_server
 - hosts: ldap-server
 - name: Prepare, test fixtures
   hosts: ldap-server
   become: true
   tasks:
     - name: Create LDAP accounts for testing
       ldap_entry:
         dn: "{{ item.dn }}"
         objectClass: "{{ item.objectClass }}"
         attributes: "{{ item.attributes }}"
       with_items:
         # Users.
         - dn: uid=john,ou=people,dc=local
@@ @@ -411,24 +411,25 @@ @@
             cn: webmaster@domain2
             rfc822MailMember: jane.doe@domain2
     - name: Add test accounts to correct group
       ldap_attr:
         dn: "cn=mail,ou=groups,dc=local"
         name: uniqueMember
         state: exact
         values:
           - uid=john,ou=people,dc=local
           - uid=jane,ou=people,dc=local
 - hosts: parameters-mandatory,parameters-optional
 - name: Prepare, test fixtures
   hosts: parameters-mandatory,parameters-optional
   become: true
   tasks:
     - name: Create group for user used for local mail delivery testing
       group:
         name: localuser
     - name: Create user for local mail delivery testing
       user:
         name: localuser
         group: localuser

roles/php_website/molecule/default/prepare.yml

➞

Show inline comments

 ---
-- name: Set-up fixtures
+- name: Prepare, test fixtures
   hosts: localhost
   connection: local
   gather_facts: false
   tasks:
     - name: Initialise CA hierarchy
       command: "gimmecert init"
       args:
         creates: ".gimmecert/ca/level1.cert.pem"
         chdir: "tests/data/"
     - name: Generate server private keys and certificates
@@ @@ -29,35 +29,33 @@ @@
           fqdn: parameters-optional.local
         - name: php-website_https
           fqdn: php-website
     - name: Set-up link to generated X.509 material
       file:
         src: ".gimmecert"
         dest: "tests/data/x509"
         state: link
 - name: Prepare
   hosts: all
   become: true
   gather_facts: false
   tasks:
     - name: Install python for Ansible
       raw: test -e /usr/bin/python3 || (apt -y update && apt install -y python3-minimal)
       become: true
       changed_when: false
 - hosts: all
   become: true
   tasks:
     - name: Update all caches to avoid errors due to missing remote archives
       apt:
         update_cache: true
       changed_when: false
     - name: Set-up /etc/hosts entries
       lineinfile:
         dest: /etc/hosts
         line: "{{ ansible_eth0.ipv4.address }} parameters-mandatory parameters-optional.local php-website"
     - name: Install curl for testing redirects and webpage content
       apt:

roles/preseed/molecule/default/prepare.yml

➞

Show inline comments

 ---
 - name: Prepare
   hosts: all
   become: true
   gather_facts: false
   tasks:
     - name: Install python for Ansible
       raw: test -e /usr/bin/python3 || (apt -y update && apt install -y python3-minimal)
       become: true
       changed_when: false
     - name: Update all caches to avoid errors due to missing remote archives
       apt:
         update_cache: true
       changed_when: false

roles/web_server/molecule/default/prepare.yml

➞

Show inline comments

 ---
-- name: Set-up fixtures
+- name: Prepare, test fixtures
   hosts: localhost
   connection: local
   gather_facts: false
   tasks:
     - name: Initialise CA hierarchy
       command: "gimmecert init"
       args:
         creates: ".gimmecert/ca/level1.cert.pem"
         chdir: "tests/data/"
     - name: Generate server private keys and certificates
@@ @@ -27,93 +27,93 @@ @@
           fqdn: parameters-mandatory-bookworm
         - name: parameters-optional-bookworm_https
           fqdn: parameters-optional-bookworm
     - name: Set-up link to generated X.509 material
       file:
         src: ".gimmecert"
         dest: "tests/data/x509"
         state: link
 - name: Prepare
   hosts: all
   become: true
   gather_facts: false
   tasks:
     - name: Install python for Ansible
       raw: test -e /usr/bin/python3 || (apt -y update && apt install -y python3-minimal)
       become: true
       changed_when: false
 - hosts: all
   become: true
   tasks:
     - name: Update all caches to avoid errors due to missing remote archives
       apt:
         update_cache: true
       changed_when: false
     - name: Install tools for testing
       apt:
         name:
           - gnutls-bin
           - nmap
         state: present
 - hosts: bookworm
 - name: Prepare, test fixtures
   hosts: bookworm
   become: true
   tasks:
     - name: Enable TLSv1.0+ in global OpenSSL configuration file in order to be able to test the web_server_tls_protocols parameter
       blockinfile:
         path: "/etc/ssl/openssl.cnf"
         block: |
           [openssl_init]
           ssl_conf = ssl_sect
           [ssl_sect]
           system_default = system_default_sect
           [system_default_sect]
           MinProtocol = TLSv1.1
           CipherString = DEFAULT@SECLEVEL=0
         owner: root
         group: root
         mode: 0644
         state: present
 - hosts: all
 - name: Prepare, test fixtures
   hosts: all
   become: true
   tasks:
     - name: Set-up the hosts file
       lineinfile:
         path: /etc/hosts
         regexp: "^{{ item.key }}"
         line: "{{ item.key }} {{ item.value }}"
         owner: root
         group: root
         mode: 0644
         state: present
       with_dict:
 .168.56.11: "client"
 .168.56.21: "parameters-mandatory-bookworm"
 .168.56.22: "parameters-optional-bookworm"
     - name: Install curl for testing redirects and webpage content
       apt:
         name: curl
         state: present
 - hosts: client
 - name: Prepare, helpers
   hosts: client
   become: true
   tasks:
     - name: Install tool for testing TCP connectivity
       apt:
         name: hping3
         state: present
     - name: Install console-based web browser for interactive testing
       apt:
         name: lynx
         state: present

roles/wsgi_website/molecule/default/prepare.yml

➞

Show inline comments

 ---
-- name: Set-up fixtures
+- name: Prepare, test fixtures
   hosts: localhost
   connection: local
   gather_facts: false
   tasks:
     - name: Initialise CA hierarchy
       command: "gimmecert init"
       args:
         creates: ".gimmecert/ca/level1.cert.pem"
         chdir: "tests/data/"
     - name: Generate server private keys and certificates
@@ @@ -31,40 +31,47 @@ @@
           fqdn: parameters-paste-req
         - name: wsgi-website_https
           fqdn: wsgi-website
     - name: Set-up link to generated X.509 material
       file:
         src: ".gimmecert"
         dest: "tests/data/x509"
         state: link
 - name: Prepare
   hosts: all
   become: true
   gather_facts: false
   tasks:
     - name: Install python for Ansible
       raw: test -e /usr/bin/python3 || (apt -y update && apt install -y python3-minimal)
       become: true
       changed_when: false
 - hosts: wsgi-website
   become: true
   tasks:
     - name: Update all caches to avoid errors due to missing remote archives
       apt:
         update_cache: true
       changed_when: false
     - name: Remove the ss utility (see https://github.com/philpep/testinfra/pull/320)
       file:
         path: "/bin/ss"
         state: absent
 - name: Prepare, test fixtures
   hosts: wsgi-website
   become: true
   tasks:
     - name: Set-up /etc/hosts entries
       lineinfile:
         dest: /etc/hosts
         line: "{{ ansible_eth0.ipv4.address }} parameters-mandatory parameters-optional.local parameters-paste-req wsgi-website"
     - name: Install curl for testing redirects and webpage content
       apt:
         name: curl
         state: present
     - name: Install swaks for testing mail forwarding
       apt:
@@ @@ -109,26 +116,21 @@ @@
     - name: Set-up group for an additional user
       group:
         name: user
         state: present
     - name: Set-up additional user for testing mail delivery
       user:
         name: user
         group: user
         shell: /bin/bash
     - name: Remove the ss utility (see https://github.com/philpep/testinfra/pull/320)
       file:
         path: "/bin/ss"
         state: absent
   handlers:
     - name: Restart Postfix
       service:
         name: postfix
         state: restarted
     - name: Generate aliases database
       command: "/usr/bin/newaliases"

roles/xmpp_server/molecule/default/prepare.yml

➞

Show inline comments

 ---
-- name: Set-up fixtures
+- name: Prepare, test fixtures
   hosts: localhost
   connection: local
   gather_facts: false
   tasks:
     - name: Initialise CA hierarchy
       command: "gimmecert init"
       args:
         creates: ".gimmecert/ca/level1.cert.pem"
         chdir: "tests/data/"
     - name: Generate server private keys and certificates
@@ @@ -38,54 +38,53 @@ @@
             - domain3
             - proxy.domain3
             - conference.domain3
     - name: Set-up link to generated X.509 material
       file:
         src: ".gimmecert"
         dest: "tests/data/x509"
         state: link
 - name: Prepare
   hosts: all
   become: true
   gather_facts: false
   tasks:
     - name: Install python for Ansible
       raw: test -e /usr/bin/python3 || (apt -y update && apt install -y python3-minimal)
       become: true
       changed_when: false
 - hosts: all
   become: true
   tasks:
     - name: Update all caches to avoid errors due to missing remote archives
       apt:
         update_cache: true
       changed_when: false
     - name: Install tools for testing
       apt:
         name:
           - gnutls-bin
           - nmap
         state: present
     - name: Use name provided via CLI when running STARTTLS handshake for XMPP via nmap
       replace:
         path: "/usr/share/nmap/nselib/sslcert.lua"
         regexp: "host\\.name\\)"
         replace: "host.targetname)"
 - hosts: bookworm
 - name: Prepare, test fixtures
   hosts: bookworm
   become: true
   tasks:
     - name: Enable TLSv1.0+ in global OpenSSL configuration file in order to be able to test the web_server_tls_protocols parameter
       blockinfile:
         path: "/etc/ssl/openssl.cnf"
         block: |
           [openssl_init]
           ssl_conf = ssl_sect
           [ssl_sect]
           system_default = system_default_sect
@@ @@ -104,25 +103,26 @@ @@
         regexp: "^{{ item.key }}"
         line: "{{ item.key }} {{ item.value }}"
         owner: root
         group: root
         mode: 0644
         state: present
       with_dict:
 .168.56.11: "ldap-server backup-server"
 .168.56.21: "client-bookworm"
 .168.56.31: "parameters-mandatory domain1 proxy.domain1 conference.domain1"
 .168.56.32: "parameters-optional domain2 proxy.domain2 conference.domain2 domain3 proxy.domain3 conference.domain3"
 - hosts: clients
 - name: Prepare, helpers
   hosts: clients
   become: true
   tasks:
     - name: Install tool for testing TCP connectivity
       apt:
         name: hping3
         state: present
     - name: Deploy CA certificate
       copy:
         src: tests/data/x509/ca/level1.cert.pem
         dest: /usr/local/share/ca-certificates/testca.crt
@@ @@ -178,31 +178,33 @@ @@
           nickname: mick.doe
         - jid: noxmpp@domain1
           password: noxmpppassword
           server: domain1
           security: tls
           nickname: noxmpp
   handlers:
     - name: Update CA certificate cache
       command: /usr/sbin/update-ca-certificates --fresh
 - hosts: ldap-server
 - name: Prepare, helpers
   hosts: ldap-server
   become: true
   roles:
     - ldap_server
     - backup_server
 - hosts: ldap-server
 - name: Prepare, test fixtures
   hosts: ldap-server
   become: true
   tasks:
     - name: Create LDAP accounts for testing
       ldap_entry:
         dn: "{{ item.dn }}"
         objectClass: "{{ item.objectClass }}"
         attributes: "{{ item.attributes }}"
       with_items:
         - dn: uid=john,ou=people,dc=local
           objectClass:
             - inetOrgPerson
@@ @@ -249,25 +251,26 @@ @@
     - name: Add test accounts to correct group
       ldap_attr:
         dn: "cn=xmpp,ou=groups,dc=local"
         name: uniqueMember
         state: exact
         values:
           - uid=john,ou=people,dc=local
           - uid=jane,ou=people,dc=local
           - uid=mick,ou=people,dc=local
           - uid=eve,ou=people,dc=local
 - hosts: parameters-mandatory,parameters-optional
 - name: Prepare, test fixtures
   hosts: parameters-mandatory,parameters-optional
   become: true
   tasks:
     - name: Install console-based XMPP tool (for non-interactive testing)
       apt:
         name: "{{ sendxmpp_package }}"
         state: present
       vars:
         sendxmpp_package: "go-sendxmpp"
     - name: Deploy small Lua script for listing the enabled modules in Prosody
       copy:

0 comments (0 inline, 0 general)