majic-ansible-roles Changeset

Changeset - 694893c0259a

Parent rev.

Child rev.

[Not reviewed]

0 17 0

Branko Majic (branko) - 16 days ago 2024-09-03 13:00:00
branko@majic.rs

MAR-218: Fix linting errors for unnamed plays:

- All plays should be named at this point.
- Improve naming of some plays.
- Group some of the common tasks together to speed-up the prepare
step.
- Minor refactoring to make the prepare playbooks more consistent
across the roles.

17 files changed with 137 insertions and 146 deletions:

roles/backup/molecule/default/prepare.yml

roles/backup_client/molecule/default/prepare.yml

roles/backup_server/molecule/default/prepare.yml

roles/bootstrap/molecule/default/prepare.yml

roles/common/molecule/default/prepare.yml

roles/database/molecule/default/prepare.yml

roles/database_server/molecule/default/prepare.yml

roles/ldap_client/handlers/main.yml

roles/ldap_client/molecule/default/prepare.yml

roles/ldap_server/molecule/default/prepare.yml

roles/mail_forwarder/molecule/default/prepare.yml

roles/mail_server/molecule/default/prepare.yml

roles/php_website/molecule/default/prepare.yml

roles/preseed/molecule/default/prepare.yml

roles/web_server/molecule/default/prepare.yml

roles/wsgi_website/molecule/default/prepare.yml

roles/xmpp_server/molecule/default/prepare.yml

0 comments (0 inline, 0 general)

roles/backup/molecule/default/prepare.yml

➞

Show inline comments

 ---
 - name: Prepare
   hosts: all
   become: true
   gather_facts: false
   tasks:
     - name: Install python for Ansible
       raw: test -e /usr/bin/python3 || (apt -y update && apt install -y python3-minimal)
       become: true
       changed_when: false
 - hosts: all
   become: true
   tasks:
     - name: Update all caches to avoid errors due to missing remote archives
       apt:
         update_cache: true
       changed_when: false

roles/backup_client/molecule/default/prepare.yml

➞

Show inline comments

 ---
 - name: Prepare
   hosts: all
   become: true
   gather_facts: false
   tasks:
     - name: Install python for Ansible
       raw: test -e /usr/bin/python3 || (apt -y update && apt install -y python3-minimal)
       become: true
       changed_when: false
 - hosts: all
   become: true
   tasks:
     - name: Update all caches to avoid errors due to missing remote archives
       apt:
         update_cache: true
       changed_when: false
 - hosts: backup-server
 - name: Prepare, helpers
   hosts: backup-server
   become: true
   tasks:
     - name: Deploy SSH server keys
       copy:
         content: "{{ lookup('file', item.key) + '\n' }}"
         dest: "{{ item.value }}"
         owner: root
         group: root
         mode: 0600
       with_dict:
         tests/data/ssh/server_rsa: /etc/ssh/ssh_host_rsa_key
         tests/data/ssh/server_ed25519: /etc/ssh/ssh_host_ed25519_key
         tests/data/ssh/server_ecdsa: /etc/ssh/ssh_host_ecdsa_key
       notify:
         - Restart ssh
     - name: Drop the outdated public keys
       file:
         path: "{{ item }}"
         state: absent
       with_items:
         - /etc/ssh/ssh_host_rsa_key.pub
         - /etc/ssh/ssh_host_ed25519_key.pub
         - /etc/ssh/ssh_host_ecdsa_key.pub
     - name: Force the use of internal-sftp subsystem for SFTP
       lineinfile:
         path: /etc/ssh/sshd_config
         regexp: "^Subsystem.*sftp"
         line: "Subsystem sftp internal-sftp"
         state: present
     - name: Deploy custom SSH server configuration that chroots users
       copy:
         src: "tests/data/backup_server-sshd-chroot_backup_users.conf"
         dest: "/etc/ssh/sshd_config.d/chroot_backup_users.conf"
         owner: root
         group: root
         mode: 0600
       notify:
         - Restart ssh
     - name: Set-up backup group that will contain all backup users
       group:
         name: "backup-users"
     - name: Set-up backup user groups
       group:
         name: "{{ item.name }}"
       with_items: "{{ backup_users }}"
     - name: Set-up backup users
       user:
         name: "{{ item.name }}"
         group: "{{ item.name }}"
         groups:
           - "backup-users"
       with_items: "{{ backup_users }}"
     - name: Set-up authorised keys
       authorized_key:
         user: "{{ item.name }}"
         key: "{{ item.key }}"
       with_items: "{{ backup_users }}"
     - name: Set-up port forwarding
       command: "iptables -t nat -A PREROUTING -p tcp -m tcp --dport '{{ item }}' -j REDIRECT --to-ports 22"
       changed_when: false
       with_items:
         - 2222
         - 3333
     - name: Change ownership of home directories for SFTP chroot to work
       file:
         path: "/home/{{ item.name }}"
         state: directory
         owner: root
         group: root
         mode: 0755
       with_items: "{{ backup_users }}"
     - name: Set-up duplicity backup directories
       file:
         path: "~{{ item.name }}/duplicity"
         state: directory
         owner: root
         group: backup-users
         mode: 0770
       with_items: "{{ backup_users }}"
   handlers:
     - name: Restart ssh
       service:
         name: ssh
         state: restarted

roles/backup_server/molecule/default/prepare.yml

➞

Show inline comments

 ---
 - name: Prepare
   hosts: all
   gather_facts: false
   tasks:
 - hosts: localhost
 - name: Prepare, test fixtures
   hosts: localhost
   connection: local
   tasks:
     - name: Fix SSH client file permissions locally, otherwise we get error from SSH
       file:
         path: "{{ item }}"
         mode: g=,o=
       with_items:
         - tests/data/ssh/client1
         - tests/data/ssh/client2
 - hosts: all
 - name: Prepare
   hosts: all
   become: true
   gather_facts: false
   tasks:
     - name: Install python for Ansible
       raw: test -e /usr/bin/python3 || (apt -y update && apt install -y python3-minimal)
       become: true
       changed_when: false
     - name: Update all caches to avoid errors due to missing remote archives
       apt:
         update_cache: true

roles/bootstrap/molecule/default/prepare.yml

➞

Show inline comments

 ---
 - name: Prepare
   hosts: all
   become: true
   gather_facts: false
   tasks:
     - name: Install python for Ansible
       raw: test -e /usr/bin/python3 || (apt -y update && apt install -y python3-minimal)
       become: true
       changed_when: false
     - name: Update all caches to avoid errors due to missing remote archives
       apt:
         update_cache: true
       changed_when: false
 # Put Ansible key into root's authorized_keys to test its removal.
 - hosts: parameters-mandatory
 - name: Prepare, text fixtures
   hosts: parameters-mandatory
   become: true
   tasks:
     - name: Deploy authorized_keys to mimic set-up via preseed file
       authorized_key:
         user: root
         key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"
 # Put Ansible key into root's authorized_keys to test its removal.
 - hosts: parameters-optional
 - name: Prepare, text fixtures
   hosts: parameters-optional
   become: true
   tasks:
     - name: Deploy authorized_keys to mimic set-up via preseed file
       authorized_key:
         user: root
         key: "{{ lookup('file', 'tests/data/ansible_key.pub') }}"

roles/common/molecule/default/prepare.yml

➞

Show inline comments

 ---
-- name: Set-up fixtures
+- name: Prepare, test fixtures
   hosts: localhost
   connection: local
   gather_facts: false
   tasks:
     - name: Initialise CA hierarchy
       command: "gimmecert init --ca-hierarchy-depth 2"
       args:
         creates: ".gimmecert/ca/level1.cert.pem"
         chdir: "tests/data/"
     - name: Set-up link to generated X.509 material
       file:
         src: ".gimmecert"
         dest: "tests/data/x509"
         state: link
 - name: Prepare
   hosts: all
   become: true
   gather_facts: false
   tasks:
     - name: Install python for Ansible
       raw: test -e /usr/bin/python3 || (apt -y update && apt install -y python3-minimal)
       become: true
       changed_when: false
 - hosts: all
   become: true
   tasks:
     - name: Update all caches to avoid errors due to missing remote archives
       apt:
         update_cache: true
       changed_when: false
     - name: Install net-tools for running Testinfra host.socket tests
       apt:
         name: net-tools
         state: present
 - hosts: helper
     - name: Remove the ss utility (see https://github.com/philpep/testinfra/pull/320)
       file:
         path: "/bin/ss"
         state: absent
 - name: Prepare, helpers
   hosts: helper
   become: true
   tasks:
     - name: Install apt-cacher-ng
       apt:
         name: apt-cacher-ng
         state: present
 - hosts: client
 - name: Prepare, helpers
   hosts: client
   become: true
   tasks:
     - name: Install tool for testing TCP connectivity
       apt:
         name: nmap
         state: present
     - name: Set-up /etc/hosts with entries for all servers
       lineinfile:
         path: /etc/hosts
         regexp: "^{{ item.key }}"
         line: "{{ item.key }} {{ item.value }}"
         owner: root
         group: root
         mode: 0644
         state: present
       with_dict:
 .168.56.21: parameters-mandatory-bookworm
 .168.56.22: parameters-optional-bookworm
         fd00::192:168:56:21: parameters-mandatory-bookworm
         fd00::192:168:56:22: parameters-optional-bookworm
 - hosts: parameters-mandatory,parameters-optional
 - name: Prepare, test fixtures
   hosts: parameters-mandatory,parameters-optional
   become: true
   tasks:
     - name: Set-up /etc/hosts with entries for all servers
       lineinfile:
         path: /etc/hosts
         regexp: "^{{ item.key }}"
         line: "{{ item.key }} {{ item.value }}"
         owner: root
         group: root
         mode: 0644
         state: present
       with_dict:
 .168.56.3: client1
 .168.56.4: client2
     - name: Load legacy iptables to test their removal
       modprobe:
         name: "{{ item }}"
         state: present
       with_items:
         - iptable_filter
         - iptable_nat
         - iptable_mangle
         - iptable_security
         - iptable_raw
         - ip6table_filter
         - ip6table_nat
         - ip6table_mangle
         - ip6table_security
         - ip6table_raw
     - name: Create some custom legacy iptables chains for testing their removal (max chain name length is 29)
       command: "iptables-legacy -t '{{ item }}' -N '{{ (ansible_date_time.iso8601_micro | to_uuid)[:28] }}'"
       with_items:
         - filter
         - nat
         - mangle
         - security
         - raw
     - name: Create some custom legacy ip6tables chains for testing their removal (max chain name length is 29)
       command: "ip6tables-legacy -t '{{ item }}' -N '{{ (ansible_date_time.iso8601_micro | to_uuid)[:28] }}'"
       with_items:
         - filter
         - nat
         - mangle
         - security
         - raw
     - name: Create deprecated directory for storing requirements files created using Python 3 (pip requirements upgrade checks)
       file:
         path: "/etc/pip_check_requirements_upgrades-py3"
         state: directory
         owner: root
         group: root
         mode: 0750
     - name: Create deprecated directory for Python 3 virtual environment (pip requirements upgrade checks)
       file:
         path: "/var/lib/pipreqcheck/virtualenv-py3/"
         state: directory
         owner: root
         group: root
         mode: 0750
     - name: Create deprecated cronjob file for Python 3 (pip requirements upgrade checks)
       file:
         path: "/etc/cron.d/check_pip_requirements-py3"
         state: touch
         owner: root
         group: root
         mode: 0644
     - name: Install the deprecated/obsolete NTP-related packages
       apt:
         name:
           - ntp
           - ntpdate
         state: present
 - hosts: parameters-mandatory,parameters-optional
   become: true
   tasks:
     - name: Remove the ss utility (see https://github.com/philpep/testinfra/pull/320)
       file:
         path: "/bin/ss"
         state: absent

roles/database/molecule/default/prepare.yml

➞

Show inline comments

 ---
 - name: Prepare
   hosts: all
   become: true
   gather_facts: false
   tasks:
     - name: Install python for Ansible
       raw: test -e /usr/bin/python3 || (apt -y update && apt install -y python3-minimal)
       become: true
       changed_when: false
 - hosts: all
   become: true
   tasks:
     - name: Update all caches to avoid errors due to missing remote archives
       apt:
         update_cache: true
       changed_when: false
 - hosts: backup-server
 - name: Prepare, helpers
   hosts: backup-server
   become: true
   roles:
     - role: backup_server
       backup_host_ssh_private_keys:
         rsa: "{{ lookup('file', 'tests/data/ssh/server_rsa') }}"
         ed25519: "{{ lookup('file', 'tests/data/ssh/server_ed25519') }}"
         ecdsa: "{{ lookup('file', 'tests/data/ssh/server_ecdsa') }}"
       backup_clients:
         - server: localhost
           ip: 127.0.0.1
           public_key: "{{ lookup('file', 'tests/data/ssh/parameters-optional.pub') }}"

roles/database_server/molecule/default/prepare.yml

➞

Show inline comments

 ---
 - name: Prepare
   hosts: all
   become: true
   gather_facts: false
   tasks:
     - name: Install python for Ansible
       raw: test -e /usr/bin/python3 || (apt -y update && apt install -y python3-minimal)
       become: true
       changed_when: false
 - hosts: all
   become: true
   tasks:
     - name: Update all caches to avoid errors due to missing remote archives
       apt:
         update_cache: true
       changed_when: false

roles/ldap_client/handlers/main.yml

➞

Show inline comments

 ---
 - debug:
     msg: "No handlers are available for ldap_client role."
 - name: Dummy handler to suppress Ansible warnings
   debug:
     msg: "This is just a dummy task to suppress the Ansible warning about an empty include."

roles/ldap_client/molecule/default/prepare.yml

➞

Show inline comments

 ---
 - name: Prepare
   hosts: all
   become: true
   gather_facts: false
   tasks:
     - name: Install python for Ansible
       raw: test -e /usr/bin/python3 || (apt -y update && apt install -y python3-minimal)
       become: true
       changed_when: false
 - hosts: all
   become: true
   tasks:
     - name: Update all caches to avoid errors due to missing remote archives
       apt:
         update_cache: true
       changed_when: false

roles/ldap_server/molecule/default/prepare.yml

➞

Show inline comments

 ---
-- name: Set-up fixtures
+- name: Prepare, test fixtures
   hosts: localhost
   connection: local
   gather_facts: false
   tasks:
     - name: Initialise CA hierarchy
       command: "gimmecert init"
       args:
         creates: ".gimmecert/ca/level1.cert.pem"
         chdir: "tests/data/"
     - name: Generate server private keys and certificates
       command:
       args:
         chdir: "tests/data/"
         creates: ".gimmecert/server/{{ item.name }}.cert.pem"
         argv:
           - "gimmecert"
           - "server"
           - "{{ item.name }}"
           - "{{ item.fqdn }}"
       with_items:
         - name: parameters-mandatory-bookworm_ldap
           fqdn: parameters-mandatory
         - name: parameters-optional-bookworm_ldap
           fqdn: parameters-optional
     - name: Set-up link to generated X.509 material
       file:
         src: ".gimmecert"
         dest: "tests/data/x509"
         state: link
 - name: Prepare
   hosts: all
   become: true
   gather_facts: false
   tasks:
     - name: Install python for Ansible
       raw: test -e /usr/bin/python3 || (apt -y update && apt install -y python3-minimal)
       become: true
       changed_when: false
 - hosts: all
   become: true
   tasks:
     - name: Update all caches to avoid errors due to missing remote archives
       apt:
         update_cache: true
       changed_when: false
     - name: Deploy CA certificate
       copy:
         src: tests/data/x509/ca/level1.cert.pem
         dest: /etc/ssl/certs/testca.cert.pem
         owner: root
         group: root
         mode: 0644
 - hosts: client
     - name: Remove the ss utility (see https://github.com/philpep/testinfra/pull/320)
       file:
         path: "/bin/ss"
         state: absent
     - name: Install tools for testing
       apt:
         name:
           - net-tools
           - nmap
           - gnutls-bin
         state: present
 - name: Prepare, helpers
   hosts: client
   become: true
   tasks:
     - name: Install tool for teting TCP connectivity
       apt:
         name: hping3
         state: present
     - name: Set-up /etc/hosts with entries for all servers
       lineinfile:
         path: /etc/hosts
         regexp: "^{{ item.key }}"
         line: "{{ item.key }} {{ item.value }}"
         owner: root
         group: root
         mode: 0644
         state: present
       with_dict:
 .168.56.21: parameters-mandatory-bookworm
 .168.56.22: parameters-optional-bookworm
 - hosts: parameters-optional
 - name: Prepare, test fixtures
   hosts: parameters-optional
   become: true
   tasks:
     - name: Set-up the hosts file
       lineinfile:
         path: /etc/hosts
         regexp: "^{{ item.key }}"
         line: "{{ item.key }} {{ item.value }}"
         owner: root
         group: root
         mode: 0644
         state: present
       with_dict:
 .0.2.1: parameters-optional
 - hosts: parameters-mandatory
 - name: Prepare, test fixtures
   hosts: parameters-mandatory
   become: true
   tasks:
     - name: Set-up the hosts file
       lineinfile:
         path: /etc/hosts
         regexp: "^{{ item.key }}"
         line: "{{ item.key }} {{ item.value }}"
         owner: root
         group: root
         mode: 0644
         state: present
       with_dict:
 .0.2.1: parameters-mandatory
 - hosts: backup-server
 - name: Prepare, helpers
   hosts: backup-server
   become: true
   roles:
     - role: backup_server
       backup_host_ssh_private_keys:
         rsa: "{{ lookup('file', 'tests/data/ssh/server_rsa') }}"
         ed25519: "{{ lookup('file', 'tests/data/ssh/server_ed25519') }}"
         ecdsa: "{{ lookup('file', 'tests/data/ssh/server_ecdsa') }}"
       backup_clients:
         - server: localhost
           ip: 127.0.0.1
           public_key: "{{ lookup('file', 'tests/data/ssh/parameters-optional.pub') }}"
 - hosts: parameters-mandatory,parameters-optional
   become: true
   tasks:
     - name: Remove the ss utility (see https://github.com/philpep/testinfra/pull/320)
       file:
         path: "/bin/ss"
         state: absent
     - name: Install tools for testing
       apt:
         name:
           - net-tools
           - nmap
           - gnutls-bin
         state: present

roles/mail_forwarder/molecule/default/prepare.yml

➞

Show inline comments

 ---
-- name: Set-up fixtures
+- name: Prepare, test fixtures
   hosts: localhost
   connection: local
   gather_facts: false
   tasks:
     - name: Initialise CA hierarchy
       command: "gimmecert init"
       args:
         creates: ".gimmecert/ca/level1.cert.pem"
         chdir: "tests/data/"
     - name: Generate server private keys and certificates
       command:
       args:
         chdir: "tests/data/"
         creates: ".gimmecert/server/{{ item.name }}.cert.pem"
         argv:
           - "gimmecert"
           - "server"
           - "{{ item.name }}"
           - "{{ item.fqdn }}"
       with_items:
         - name: mail-server_smtp
           fqdn: mail-server
     - name: Set-up link to generated X.509 material
       file:
         src: ".gimmecert"
         dest: "tests/data/x509"
         state: link
 - name: Prepare
   hosts: all
   become: true
   gather_facts: false
   tasks:
     - name: Install python for Ansible
       raw: test -e /usr/bin/python3 || (apt -y update && apt install -y python3-minimal)
       become: true
       changed_when: false
 - hosts: all
   become: true
   tasks:
     - name: Update all caches to avoid errors due to missing remote archives
       apt:
         update_cache: true
       changed_when: false
 - hosts: all
   become: true
   tasks:
     - name: Set-up the hosts file
       lineinfile:
         path: /etc/hosts
         regexp: "^{{ item.key }}"
         line: "{{ item.key }} {{ item.value }}"
         owner: root
         group: root
         mode: 0644
         state: present
       with_dict:
 .168.56.11: "mail-server domain1"
 .168.56.12: "client1"
 .168.56.21: "parameters-mandatory-bookworm"
 .168.56.22: "parameters-optional-bookworm"
 .168.56.23: "parameters-no-incoming-bookworm"
     - name: Install tools for testing
       apt:
         name: gnutls-bin
         state: present
 - hosts: clients
 - name: Prepare, helpers
   hosts: clients
   become: true
   tasks:
     - name: Install SWAKS for testing SMTP capability
       apt:
         name: swaks
         state: present
     - name: Install tool for testing TCP connectivity
       apt:
         name: hping3
         state: present
     - name: Deploy CA certificate
       copy:
         src: tests/data/x509/ca/level1.cert.pem
         dest: /usr/local/share/ca-certificates/testca.crt
         owner: root
         group: root
         mode: 0644
       notify:
         - Update CA certificate cache
   handlers:
     - name: Update CA certificate cache
       command: /usr/sbin/update-ca-certificates --fresh
 - hosts: mail-servers
 - name: Prepare, helpers
   hosts: mail-servers
   become: true
   tasks:
     - name: Deploy CA certificate
       copy:
         src: tests/data/x509/ca/level1.cert.pem
         dest: /usr/local/share/ca-certificates/testca.crt
         owner: root
         group: root
         mode: 0644
       notify:
         - Update CA certificate cache
     - name: Deploy SMTP private key and certificate
       copy:
         src: "tests/data/x509/server/{{ item }}"
         dest: "/etc/ssl/{{ item }}"
         owner: root
         group: root
         mode: 0600
       with_items:
         - mail-server_smtp.cert.pem
         - mail-server_smtp.key.pem
     - name: Install Postfix
       apt:
         name: "postfix"
         state: present
     - name: Purge Exim configuration
       apt:
         name: "exim4*"
         state: absent
         purge: true
     - name: Deploy Postfix configuration
       copy:
         src: tests/data/main.cf
         dest: /etc/postfix/main.cf
         owner: root
         group: root
         mode: 0644
       notify:
         - Restart Postfix
     - name: Install tool for testing TCP connectivity
       apt:
         name: hping3
         state: present
     - name: Install SWAKS for testing SMTP capability
       apt:
         name: swaks
         state: present
     - name: Set-up port forwarding
       command: "iptables -t nat -A PREROUTING -p tcp -m tcp --dport 27 -j REDIRECT --to-ports 25"
       changed_when: false
   handlers:
     - name: Update CA certificate cache
       command: /usr/sbin/update-ca-certificates --fresh
     - name: Restart Postfix
       service:
         name: postfix
         state: restarted
 - hosts: parameters-optional
 - name: Prepare, test fixtures
   hosts: parameters-optional
   become: true
   tasks:
     - name: Create additional group for testing local aliases
       group:
         name: testuser
     - name: Create additional user for testing local aliases
       user:
         name: testuser
         group: testuser

roles/mail_server/molecule/default/prepare.yml

➞

Show inline comments

 ---
-- name: Set-up fixtures
+- name: Prepare, test fixtures
   hosts: localhost
   connection: local
   gather_facts: false
   tasks:
     - name: Initialise CA hierarchy
       command: "gimmecert init"
       args:
         creates: ".gimmecert/ca/level1.cert.pem"
         chdir: "tests/data/"
     - name: Generate server private keys and certificates
       command:
       args:
         chdir: "tests/data/"
         creates: ".gimmecert/server/{{ item.name }}.cert.pem"
         argv:
           - "gimmecert"
           - "server"
           - "{{ item.name }}"
           - "{{ item.fqdn }}"
           - "{{ item.fqdn[: item.fqdn.rfind('-')] }}"
       with_items:
         - name: clamav-database_https
           fqdn: database.clamav.net
         - name: ldap-server_ldap
           fqdn: ldap-server
         - name: parameters-mandatory-bookworm_imap
           fqdn: parameters-mandatory-bookworm
         - name: parameters-mandatory-bookworm_smtp
           fqdn: parameters-mandatory-bookworm
         - name: parameters-optional-bookworm_imap
           fqdn: parameters-optional-bookworm
         - name: parameters-optional-bookworm_smtp
           fqdn: parameters-optional-bookworm
     - name: Set-up link to generated X.509 material
       file:
         src: ".gimmecert"
         dest: "tests/data/x509"
         state: link
 - name: Prepare
   hosts: all
   become: true
   gather_facts: false
   tasks:
     - name: Install python for Ansible
       raw: test -e /usr/bin/python3 || (apt -y update && apt install -y python3-minimal)
       become: true
       changed_when: false
 - hosts: all
   become: true
   tasks:
     - name: Update all caches to avoid errors due to missing remote archives
       apt:
         update_cache: true
       changed_when: false
     - name: Install tools for testing
       apt:
         name:
           - gnutls-bin
           - nmap
         state: present
-- name: Set-up a local ClamAV database mirror to avoid hitting upstream rate limits
+- name: Prepare, helpers, local ClamAV database mirror (avoid upstream rate limits)
   hosts: clamav-database
   become: true
   tasks:
     - name: Install system packages for hosting the ClamAV database
       apt:
         name:
           - nginx
           - virtualenv
         state: present
     - name: Set-up directory for ClamAV database sync tool virtual environment
       file:
         path: /var/lib/cvdupdate
         state: directory
         owner: vagrant
         group: vagrant
         mode: 0755
     - name: Create virtual environment for running ClamAV database sync tool
       become_user: vagrant
       command:
         cmd: "/usr/bin/virtualenv --python /usr/bin/python3 --prompt '(cvdupdate) ' /var/lib/cvdupdate"
         creates: "/var/lib/cvdupdate"
     - name: Deploy pip requirements file for running the ClamAV database sync tool
       copy:
         src: cvdupdate-requirements.txt
         dest: /var/lib/cvdupdate/requirements.txt
         owner: vagrant
         group: vagrant
         mode: 0644
     - name: Install requirements in the pipreqcheck virtual environment
       become_user: vagrant
       pip:
         requirements: /var/lib/cvdupdate/requirements.txt
         virtualenv: /var/lib/cvdupdate
     - name: Allow traversal of Vagrant directory by the http server user
       file:
         path: /vagrant/
         mode: 0711
     - name: Create directory for storing ClamAV database files
       file:
         path: /vagrant/clamav-database
         state: directory
         owner: vagrant
         group: vagrant
         mode: 0755
     - name: Configure default location for storing ClamAV database files
       become_user: vagrant
       command: "/var/lib/cvdupdate/bin/cvd config set --dbdir /vagrant/clamav-database/"
     - name: Download/update the ClamAV database files
       become_user: vagrant
       command: "/var/lib/cvdupdate/bin/cvd update"
     - name: Allow all users to read ClamAV database files
       file:
         path: "/vagrant/clamav-database/"
         mode: "g=u-w,o=u-w"
         recurse: true
     - name: Deploy nginx TLS private key
       copy:
         dest: "/etc/ssl/private/nginx_https.key"
         content: "{{ clamav_database_http_server_tls_key }}"
         mode: 0640
         owner: root
         group: root
       notify:
         - Restart nginx
     - name: Deploy nginx TLS certificate
       copy:
         dest: "/etc/ssl/certs/nginx_https.pem"
         content: "{{ clamav_database_http_server_tls_certificate }}"
         mode: 0644
         owner: root
         group: root
       notify:
         - Restart nginx
     - name: Deploy nginx configuration for serving the ClamAV database files
       copy:
         src: clamav-database-nginx.conf
         dest: /etc/nginx/sites-available/default
         owner: root
         group: root
         mode: 0644
       notify:
         - Restart nginx
   handlers:
     - name: Restart nginx
       service:
         name: nginx
         state: restarted
 - hosts: bookworm
 - name: Prepare, test fixtures
   hosts: bookworm
   become: true
   tasks:
     - name: Enable TLSv1.0+ in global OpenSSL configuration file in order to be able to test the web_server_tls_protocols parameter
       blockinfile:
         path: "/etc/ssl/openssl.cnf"
         block: |
           [openssl_init]
           ssl_conf = ssl_sect
           [ssl_sect]
           system_default = system_default_sect
           [system_default_sect]
           MinProtocol = TLSv1.1
           CipherString = DEFAULT@SECLEVEL=0
         owner: root
         group: root
         mode: 0644
         state: present
     - name: Set-up the hosts file
       lineinfile:
         path: /etc/hosts
         regexp: "^{{ item.key }}"
         line: "{{ item.key }} {{ item.value }}"
         owner: root
         group: root
         mode: 0644
         state: present
       with_dict:
         # Force mail servers to use local ClamAV database mirror.
 .168.56.11: "db.local.clamav.net database.clamav.net"
 .168.56.12: "ldap-server backup-server"
 .168.56.21: "client1 smtp-server-requiring-tls"
 .168.56.22: "client2 smtp-server-refusing-tls"
 .168.56.31: "parameters-mandatory parameters-mandatory-bookworm"
 .168.56.32: "parameters-optional parameters-optional-bookworm"
 - hosts: client
 - name: Prepare, helpers
   hosts: client
   become: true
   tasks:
     - name: Install tool for testing SMTP capability
       apt:
         name: swaks
         state: present
     - name: Install tool for testing IMAP
       block:
         - name: Install required system packages
           apt:
             name: python3-venv
             state: present
         - name: Set-up dedicated Python virtual environment for running the tool
           command: "python3 -m venv /opt/imap-cli"
           args:
             creates: /opt/imap-cli/bin/python
         - name: Install IMAP CLI
           pip:
             name:
               - Imap-CLI==0.7
               - six
             state: present
             virtualenv: /opt/imap-cli
         - name: Set-up symlinks for running the tool
           file:
             src: "/opt/imap-cli/bin/{{ item }}"
             dest: "/usr/local/bin/{{ item }}"
             owner: root
             group: root
             state: link
           with_items:
             - imapcli
             - imap-cli-flag
             - imap-cli-delete
             - imap-cli-copy
             - imap-api
             - imap-shell
             - imap-notify
             - imap-cli-status
             - imap-cli-search
             - imap-cli-read
             - imap-cli-list
     - name: Install tool for testing SIEVE
       apt:
         name: sieve-connect
         state: present
     - name: Install tool for testing TCP connectivity
       apt:
         name: hping3
         state: present
     - name: Deploy IMAP CLI configuration
       copy:
         src: "tests/data/{{ item }}"
         dest: "/home/vagrant/{{ item }}"
         owner: vagrant
         group: vagrant
         mode: 0600
       with_items:
         - imapcli-parameters-mandatory-john_doe.conf
         - imapcli-parameters-mandatory-jane_doe.conf
         - imapcli-parameters-optional-john_doe.conf
         - imapcli-parameters-optional-jane_doe.conf
     - name: Deploy CA certificate
       copy:
         src: tests/data/x509/ca/level1.cert.pem
         dest: /usr/local/share/ca-certificates/testca.crt
         owner: root
         group: root
         mode: 0644
       notify:
         - Update CA certificate cache
     - name: Install and configure Postfix for testing mail sending from managed servers
       block:
         - name: Install Postfix
           apt:
             name: postfix
             state: present
         - name: Purge Exim
           apt:
             name: "exim4*"
             state: absent
             purge: true
         - name: Configure Postfix
           template:
             src: "helper_smtp_main.cf.j2"
             dest: "/etc/postfix/main.cf"
             owner: root
             group: root
             mode: 0644
           notify:
             - Restart Postfix
         - name: Enable Postfix service
           service:
             name: postfix
             state: started
             enabled: true
   handlers:
     - name: Update CA certificate cache
       command: /usr/sbin/update-ca-certificates --fresh
     - name: Restart Postfix
       service:
         name: postfix
         state: restarted
 - hosts: ldap-server
 - name: Prepare, helpers
   hosts: ldap-server
   become: true
   roles:
     - ldap_server
     - backup_server
 - hosts: ldap-server
 - name: Prepare, test fixtures
   hosts: ldap-server
   become: true
   tasks:
     - name: Create LDAP accounts for testing
       ldap_entry:
         dn: "{{ item.dn }}"
         objectClass: "{{ item.objectClass }}"
         attributes: "{{ item.attributes }}"
       with_items:
         # Users.
         - dn: uid=john,ou=people,dc=local
           objectClass:
             - inetOrgPerson
             - simpleSecurityObject
           attributes:
             userPassword: johnpassword
             uid: john
             cn: John Doe
             sn: Doe
             mail: john.doe@domain1
         - dn: uid=jane,ou=people,dc=local
           objectClass:
             - inetOrgPerson
             - simpleSecurityObject
           attributes:
             userPassword: janepassword
             uid: jane
             cn: Jane Doe
             sn: Doe
             mail: jane.doe@domain2
         - dn: uid=nomail,ou=people,dc=local
           objectClass:
             - inetOrgPerson
             - simpleSecurityObject
           attributes:
             userPassword: nomailpassword
             uid: nomail
             cn: No Mail
             sn: Mail
             mail: nomail@domain1
         # Domains
         - dn: dc=domain1,ou=domains,ou=mail,ou=services,dc=local
           objectClass: dNSDomain
           attributes:
             dc: domain1
         - dn: dc=domain2,ou=domains,ou=mail,ou=services,dc=local
           objectClass: dNSDomain
           attributes:
             dc: domain2
         # Aliases
         - dn: cn=postmaster@domain1,ou=aliases,ou=mail,ou=services,dc=local
           objectClass: nisMailAlias
           attributes:
             cn: postmaster@domain1
             rfc822MailMember: john.doe@domain1
         - dn: cn=webmaster@domain2,ou=aliases,ou=mail,ou=services,dc=local
           objectClass: nisMailAlias
           attributes:
             cn: webmaster@domain2
             rfc822MailMember: jane.doe@domain2
     - name: Add test accounts to correct group
       ldap_attr:
         dn: "cn=mail,ou=groups,dc=local"
         name: uniqueMember
         state: exact
         values:
           - uid=john,ou=people,dc=local
           - uid=jane,ou=people,dc=local
 - hosts: parameters-mandatory,parameters-optional
 - name: Prepare, test fixtures
   hosts: parameters-mandatory,parameters-optional
   become: true
   tasks:
     - name: Create group for user used for local mail delivery testing
       group:
         name: localuser
     - name: Create user for local mail delivery testing
       user:
         name: localuser
         group: localuser

roles/php_website/molecule/default/prepare.yml

➞

Show inline comments

 ---
-- name: Set-up fixtures
+- name: Prepare, test fixtures
   hosts: localhost
   connection: local
   gather_facts: false
   tasks:
     - name: Initialise CA hierarchy
       command: "gimmecert init"
       args:
         creates: ".gimmecert/ca/level1.cert.pem"
         chdir: "tests/data/"
     - name: Generate server private keys and certificates
       command:
       args:
         chdir: "tests/data/"
         creates: ".gimmecert/server/{{ item.name }}.cert.pem"
         argv:
           - "gimmecert"
           - "server"
           - "{{ item.name }}"
           - "{{ item.fqdn }}"
       with_items:
         - name: parameters-mandatory_https
           fqdn: parameters-mandatory
         - name: parameters-optional_https
           fqdn: parameters-optional.local
         - name: php-website_https
           fqdn: php-website
     - name: Set-up link to generated X.509 material
       file:
         src: ".gimmecert"
         dest: "tests/data/x509"
         state: link
 - name: Prepare
   hosts: all
   become: true
   gather_facts: false
   tasks:
     - name: Install python for Ansible
       raw: test -e /usr/bin/python3 || (apt -y update && apt install -y python3-minimal)
       become: true
       changed_when: false
 - hosts: all
   become: true
   tasks:
     - name: Update all caches to avoid errors due to missing remote archives
       apt:
         update_cache: true
       changed_when: false
     - name: Set-up /etc/hosts entries
       lineinfile:
         dest: /etc/hosts
         line: "{{ ansible_eth0.ipv4.address }} parameters-mandatory parameters-optional.local php-website"
     - name: Install curl for testing redirects and webpage content
       apt:
         name: curl
         state: present
     - name: Install swaks for testing mail forwarding
       apt:
         name: swaks
         state: present
     - name: Install Postfix for testing mail forwarding (Exim4 not covered)
       apt:
         name: postfix
         state: present
     - name: Install procmail for consistency with mail_server and mail_forwarder roles
       apt:
         name: procmail
         state: present
     - name: Update Postfix configuration
       lineinfile:
         path: /etc/postfix/main.cf
         regexp: "^{{ item.key }}"
         line: "{{ item.value }}"
         state: present
       with_dict:
         myhostname: "myhostname = {{ inventory_hostname }}"
         mailbox_command: 'mailbox_command = procmail -a "$EXTENSION"'
       notify:
         - Restart Postfix
     - name: Direct all mails from the root account to vagrant
       lineinfile:
         path: /etc/aliases
         regexp: "^root"
         line: "root: vagrant"
         state: present
       notify:
         - Generate aliases database
     - name: Set-up group for an additional user
       group:
         name: user
         state: present
     - name: Set-up additional user for testing mail delivery
       user:
         name: user
         group: user
         shell: /bin/bash
   handlers:
     - name: Restart Postfix
       service:
         name: postfix
         state: restarted
     - name: Generate aliases database
       command: "/usr/bin/newaliases"

roles/preseed/molecule/default/prepare.yml

➞

Show inline comments

 ---
 - name: Prepare
   hosts: all
   become: true
   gather_facts: false
   tasks:
     - name: Install python for Ansible
       raw: test -e /usr/bin/python3 || (apt -y update && apt install -y python3-minimal)
       become: true
       changed_when: false
     - name: Update all caches to avoid errors due to missing remote archives
       apt:
         update_cache: true
       changed_when: false

roles/web_server/molecule/default/prepare.yml

➞

Show inline comments

 ---
-- name: Set-up fixtures
+- name: Prepare, test fixtures
   hosts: localhost
   connection: local
   gather_facts: false
   tasks:
     - name: Initialise CA hierarchy
       command: "gimmecert init"
       args:
         creates: ".gimmecert/ca/level1.cert.pem"
         chdir: "tests/data/"
     - name: Generate server private keys and certificates
       command:
       args:
         chdir: "tests/data/"
         creates: ".gimmecert/server/{{ item.name }}.cert.pem"
         argv:
           - "gimmecert"
           - "server"
           - "{{ item.name }}"
           - "{{ item.fqdn }}"
       with_items:
         - name: parameters-mandatory-bookworm_https
           fqdn: parameters-mandatory-bookworm
         - name: parameters-optional-bookworm_https
           fqdn: parameters-optional-bookworm
     - name: Set-up link to generated X.509 material
       file:
         src: ".gimmecert"
         dest: "tests/data/x509"
         state: link
 - name: Prepare
   hosts: all
   become: true
   gather_facts: false
   tasks:
     - name: Install python for Ansible
       raw: test -e /usr/bin/python3 || (apt -y update && apt install -y python3-minimal)
       become: true
       changed_when: false
 - hosts: all
   become: true
   tasks:
     - name: Update all caches to avoid errors due to missing remote archives
       apt:
         update_cache: true
       changed_when: false
     - name: Install tools for testing
       apt:
         name:
           - gnutls-bin
           - nmap
         state: present
 - hosts: bookworm
 - name: Prepare, test fixtures
   hosts: bookworm
   become: true
   tasks:
     - name: Enable TLSv1.0+ in global OpenSSL configuration file in order to be able to test the web_server_tls_protocols parameter
       blockinfile:
         path: "/etc/ssl/openssl.cnf"
         block: |
           [openssl_init]
           ssl_conf = ssl_sect
           [ssl_sect]
           system_default = system_default_sect
           [system_default_sect]
           MinProtocol = TLSv1.1
           CipherString = DEFAULT@SECLEVEL=0
         owner: root
         group: root
         mode: 0644
         state: present
 - hosts: all
 - name: Prepare, test fixtures
   hosts: all
   become: true
   tasks:
     - name: Set-up the hosts file
       lineinfile:
         path: /etc/hosts
         regexp: "^{{ item.key }}"
         line: "{{ item.key }} {{ item.value }}"
         owner: root
         group: root
         mode: 0644
         state: present
       with_dict:
 .168.56.11: "client"
 .168.56.21: "parameters-mandatory-bookworm"
 .168.56.22: "parameters-optional-bookworm"
     - name: Install curl for testing redirects and webpage content
       apt:
         name: curl
         state: present
 - hosts: client
 - name: Prepare, helpers
   hosts: client
   become: true
   tasks:
     - name: Install tool for testing TCP connectivity
       apt:
         name: hping3
         state: present
     - name: Install console-based web browser for interactive testing
       apt:
         name: lynx
         state: present
     - name: Deploy CA certificate
       copy:
         src: tests/data/x509/ca/level1.cert.pem
         dest: /usr/local/share/ca-certificates/testca.crt
         owner: root
         group: root
         mode: 0644
       notify:
         - Update CA certificate cache
   handlers:
     - name: Update CA certificate cache
       command: /usr/sbin/update-ca-certificates --fresh

roles/wsgi_website/molecule/default/prepare.yml

➞

Show inline comments

 ---
-- name: Set-up fixtures
+- name: Prepare, test fixtures
   hosts: localhost
   connection: local
   gather_facts: false
   tasks:
     - name: Initialise CA hierarchy
       command: "gimmecert init"
       args:
         creates: ".gimmecert/ca/level1.cert.pem"
         chdir: "tests/data/"
     - name: Generate server private keys and certificates
       command:
       args:
         chdir: "tests/data/"
         creates: ".gimmecert/server/{{ item.name }}.cert.pem"
         argv:
           - "gimmecert"
           - "server"
           - "{{ item.name }}"
           - "{{ item.fqdn }}"
       with_items:
         - name: parameters-mandatory_https
           fqdn: parameters-mandatory
         - name: parameters-optional.local_https
           fqdn: parameters-optional.local
         - name: parameters-paste-req_https
           fqdn: parameters-paste-req
         - name: wsgi-website_https
           fqdn: wsgi-website
     - name: Set-up link to generated X.509 material
       file:
         src: ".gimmecert"
         dest: "tests/data/x509"
         state: link
 - name: Prepare
   hosts: all
   become: true
   gather_facts: false
   tasks:
     - name: Install python for Ansible
       raw: test -e /usr/bin/python3 || (apt -y update && apt install -y python3-minimal)
       become: true
       changed_when: false
 - hosts: wsgi-website
   become: true
   tasks:
     - name: Update all caches to avoid errors due to missing remote archives
       apt:
         update_cache: true
       changed_when: false
     - name: Remove the ss utility (see https://github.com/philpep/testinfra/pull/320)
       file:
         path: "/bin/ss"
         state: absent
 - name: Prepare, test fixtures
   hosts: wsgi-website
   become: true
   tasks:
     - name: Set-up /etc/hosts entries
       lineinfile:
         dest: /etc/hosts
         line: "{{ ansible_eth0.ipv4.address }} parameters-mandatory parameters-optional.local parameters-paste-req wsgi-website"
     - name: Install curl for testing redirects and webpage content
       apt:
         name: curl
         state: present
     - name: Install swaks for testing mail forwarding
       apt:
         name: swaks
         state: present
     - name: Install net-tools for testing sockets
       apt:
         name: net-tools
         state: present
     - name: Install Postfix for testing mail forwarding (Exim4 not covered)
       apt:
         name: postfix
         state: present
     - name: Install procmail for consistency with mail_server and mail_forwarder roles
       apt:
         name: procmail
         state: present
     - name: Update Postfix configuration
       lineinfile:
         path: /etc/postfix/main.cf
         regexp: "^{{ item.key }}"
         line: "{{ item.value }}"
         state: present
       with_dict:
         myhostname: "myhostname = {{ inventory_hostname }}"
         mailbox_command: 'mailbox_command = procmail -a "$EXTENSION"'
       notify:
         - Restart Postfix
     - name: Direct all mails from the root account to vagrant
       lineinfile:
         path: /etc/aliases
         regexp: "^root"
         line: "root: vagrant"
         state: present
       notify:
         - Generate aliases database
     - name: Set-up group for an additional user
       group:
         name: user
         state: present
     - name: Set-up additional user for testing mail delivery
       user:
         name: user
         group: user
         shell: /bin/bash
     - name: Remove the ss utility (see https://github.com/philpep/testinfra/pull/320)
       file:
         path: "/bin/ss"
         state: absent
   handlers:
     - name: Restart Postfix
       service:
         name: postfix
         state: restarted
     - name: Generate aliases database
       command: "/usr/bin/newaliases"

roles/xmpp_server/molecule/default/prepare.yml

➞

Show inline comments

 ---
-- name: Set-up fixtures
+- name: Prepare, test fixtures
   hosts: localhost
   connection: local
   gather_facts: false
   tasks:
     - name: Initialise CA hierarchy
       command: "gimmecert init"
       args:
         creates: ".gimmecert/ca/level1.cert.pem"
         chdir: "tests/data/"
     - name: Generate server private keys and certificates
       command:
       args:
         chdir: "tests/data/"
         creates: ".gimmecert/server/{{ item.name }}.cert.pem"
         argv: "{{ ['gimmecert', 'server', item.name] + item.fqdn }}"
       with_items:
         - name: ldap-server_ldap
           fqdn:
             - ldap-server
         - name: parameters-mandatory-bookworm_xmpp
           fqdn:
             - parameters-mandatory
             - domain1
             - proxy.domain1
             - conference.domain1
         - name: parameters-optional-bookworm_xmpp
           fqdn:
             - parameters-optional
             - domain2
             - proxy.domain2
             - conference.domain2
             - domain3
             - proxy.domain3
             - conference.domain3
     - name: Set-up link to generated X.509 material
       file:
         src: ".gimmecert"
         dest: "tests/data/x509"
         state: link
 - name: Prepare
   hosts: all
   become: true
   gather_facts: false
   tasks:
     - name: Install python for Ansible
       raw: test -e /usr/bin/python3 || (apt -y update && apt install -y python3-minimal)
       become: true
       changed_when: false
 - hosts: all
   become: true
   tasks:
     - name: Update all caches to avoid errors due to missing remote archives
       apt:
         update_cache: true
       changed_when: false
     - name: Install tools for testing
       apt:
         name:
           - gnutls-bin
           - nmap
         state: present
     - name: Use name provided via CLI when running STARTTLS handshake for XMPP via nmap
       replace:
         path: "/usr/share/nmap/nselib/sslcert.lua"
         regexp: "host\\.name\\)"
         replace: "host.targetname)"
 - hosts: bookworm
 - name: Prepare, test fixtures
   hosts: bookworm
   become: true
   tasks:
     - name: Enable TLSv1.0+ in global OpenSSL configuration file in order to be able to test the web_server_tls_protocols parameter
       blockinfile:
         path: "/etc/ssl/openssl.cnf"
         block: |
           [openssl_init]
           ssl_conf = ssl_sect
           [ssl_sect]
           system_default = system_default_sect
           [system_default_sect]
           MinProtocol = TLSv1.1
           CipherString = DEFAULT@SECLEVEL=0
         owner: root
         group: root
         mode: 0644
         state: present
     - name: Set-up the hosts file
       lineinfile:
         path: /etc/hosts
         regexp: "^{{ item.key }}"
         line: "{{ item.key }} {{ item.value }}"
         owner: root
         group: root
         mode: 0644
         state: present
       with_dict:
 .168.56.11: "ldap-server backup-server"
 .168.56.21: "client-bookworm"
 .168.56.31: "parameters-mandatory domain1 proxy.domain1 conference.domain1"
 .168.56.32: "parameters-optional domain2 proxy.domain2 conference.domain2 domain3 proxy.domain3 conference.domain3"
 - hosts: clients
 - name: Prepare, helpers
   hosts: clients
   become: true
   tasks:
     - name: Install tool for testing TCP connectivity
       apt:
         name: hping3
         state: present
     - name: Deploy CA certificate
       copy:
         src: tests/data/x509/ca/level1.cert.pem
         dest: /usr/local/share/ca-certificates/testca.crt
         owner: root
         group: root
         mode: 0644
       notify:
         - Update CA certificate cache
     - name: Install console-based XMPP client (for interactive testing)
       apt:
         name: mcabber
         state: present
     - name: Install console-based XMPP tool (for non-interactive testing)
       apt:
         name: go-sendxmpp
         state: present
     - name: Create dedicated group for testing
       group:
         name: user
         state: present
     - name: Create dedicated user for testing
       user:
         name: user
         group: user
         shell: /bin/bash
     - name: Deploy mcabber configuration files
       template:
         src: tests/data/mcabber.cfg.j2
         dest: "~user/{{ item.jid }}.cfg"
         owner: user
         group: user
         mode: 0600
       with_items:
         - jid: john.doe@domain1
           password: johnpassword
           server: domain1
           security: tls
           nickname: john.doe
         - jid: jane.doe@domain2
           password: janepassword
           server: domain2
           security: ssl
           nickname: jane.doe
         - jid: mick.doe@domain3
           password: mickpassword
           server: domain3
           security: tls
           nickname: mick.doe
         - jid: noxmpp@domain1
           password: noxmpppassword
           server: domain1
           security: tls
           nickname: noxmpp
   handlers:
     - name: Update CA certificate cache
       command: /usr/sbin/update-ca-certificates --fresh
 - hosts: ldap-server
 - name: Prepare, helpers
   hosts: ldap-server
   become: true
   roles:
     - ldap_server
     - backup_server
 - hosts: ldap-server
 - name: Prepare, test fixtures
   hosts: ldap-server
   become: true
   tasks:
     - name: Create LDAP accounts for testing
       ldap_entry:
         dn: "{{ item.dn }}"
         objectClass: "{{ item.objectClass }}"
         attributes: "{{ item.attributes }}"
       with_items:
         - dn: uid=john,ou=people,dc=local
           objectClass:
             - inetOrgPerson
             - simpleSecurityObject
           attributes:
             userPassword: johnpassword
             uid: john
             cn: John Doe
             sn: Doe
             mail: john.doe@domain1
         - dn: uid=jane,ou=people,dc=local
           objectClass:
             - inetOrgPerson
             - simpleSecurityObject
           attributes:
             userPassword: janepassword
             uid: jane
             cn: Jane Doe
             sn: Doe
             mail: jane.doe@domain2
         - dn: uid=mick,ou=people,dc=local
           objectClass:
             - inetOrgPerson
             - simpleSecurityObject
           attributes:
             userPassword: mickpassword
             uid: mick
             cn: Mick Doe
             sn: Doe
             mail: mick.doe@domain3
         - dn: uid=noxmpp,ou=people,dc=local
           objectClass:
             - inetOrgPerson
             - simpleSecurityObject
           attributes:
             userPassword: noxmpppassword
             uid: noxmpp
             cn: No XMPP
             sn: XMPP
             mail: noxmpp@domain1
     - name: Add test accounts to correct group
       ldap_attr:
         dn: "cn=xmpp,ou=groups,dc=local"
         name: uniqueMember
         state: exact
         values:
           - uid=john,ou=people,dc=local
           - uid=jane,ou=people,dc=local
           - uid=mick,ou=people,dc=local
           - uid=eve,ou=people,dc=local
 - hosts: parameters-mandatory,parameters-optional
 - name: Prepare, test fixtures
   hosts: parameters-mandatory,parameters-optional
   become: true
   tasks:
     - name: Install console-based XMPP tool (for non-interactive testing)
       apt:
         name: "{{ sendxmpp_package }}"
         state: present
       vars:
         sendxmpp_package: "go-sendxmpp"
     - name: Deploy small Lua script for listing the enabled modules in Prosody
       copy:
         src: list_prosody_modules.lua
         dest: "/usr/local/bin/list_prosody_modules.lua"
         owner: root
         group: root
         mode: 0755

0 comments (0 inline, 0 general)