majic-ansible-roles Changeset

Changeset - a5f4c1ec6853

Parent rev.

Child rev.

[Not reviewed]

0 11 2

Branko Majic (branko) - 6 years ago 2018-06-02 21:02:18
branko@majic.rs

MAR-129: Updated web_server role for Ansible 2.5.x and new Molecule:

- Fixed linting errors.
- Include global linting configuration file in the test configuration.
- Moved variables from the test playbook into group variables.
- Updated how hosts are referenced in tests.
- Fixed deprecation warnings.

13 files changed with 67 insertions and 55 deletions:

roles/web_server/defaults/main.yml

roles/web_server/molecule/default/create.yml

roles/web_server/molecule/default/destroy.yml

roles/web_server/molecule/default/group_vars/parameters-mandatory.yml

roles/web_server/molecule/default/group_vars/parameters-optional.yml

roles/web_server/molecule/default/molecule.yml

roles/web_server/molecule/default/playbook.yml

roles/web_server/molecule/default/prepare.yml

roles/web_server/molecule/default/tests/test_client.py

roles/web_server/molecule/default/tests/test_default.py

roles/web_server/molecule/default/tests/test_mandatory.py

roles/web_server/molecule/default/tests/test_optional.py

roles/web_server/tasks/main.yml

0 comments (0 inline, 0 general)

roles/web_server/defaults/main.yml

➞

Show inline comments

 ---
-default_enforce_https: True
+default_enforce_https: true
 default_https_tls_certificate: "{{ lookup('file', tls_certificate_dir + '/' + ansible_fqdn + '_https.pem') }}"
 default_https_tls_key: "{{ lookup('file', tls_private_key_dir + '/' + ansible_fqdn + '_https.key') }}"
 web_default_title: "Welcome"
 web_default_message: "You are attempting to access the web server using a wrong name or an IP address. Please check your URL."
 web_server_tls_protocols:
   - "TLSv1.2"
 web_server_tls_ciphers: "DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:!aNULL:!MD5:!EXPORT"
 web_server_tls_ciphers: "DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-GCM-SHA384:\
 DHE-RSA-AES256-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-GCM-SHA384:\
 ECDHE-RSA-AES256-SHA384:!aNULL:!MD5:!EXPORT"

roles/web_server/molecule/default/create.yml

➞

Show inline comments

@@ @@ -2,7 +2,7 @@ @@
 - name: Create
   hosts: localhost
   connection: local
-  gather_facts: False
+  gather_facts: false
   no_log: "{{ not lookup('env', 'MOLECULE_DEBUG') | bool }}"
   vars:
     molecule_file: "{{ lookup('env', 'MOLECULE_FILE') }}"

roles/web_server/molecule/default/destroy.yml

➞

Show inline comments

@@ @@ -3,7 +3,7 @@ @@
 - name: Destroy
   hosts: localhost
   connection: local
-  gather_facts: False
+  gather_facts: false
   no_log: "{{ not lookup('env', 'MOLECULE_DEBUG') | bool }}"
   vars:
     molecule_file: "{{ lookup('env', 'MOLECULE_FILE') }}"

roles/web_server/molecule/default/group_vars/parameters-mandatory.yml

➞

Show inline comments

@@ new file 100644 @@
 ---
 # common
 ca_certificates:
   testca: "{{ lookup('file', 'tests/data/x509/ca.cert.pem') }}"
 # Common parameters (general, not role).
 tls_certificate_dir: tests/data/x509/
 tls_private_key_dir: tests/data/x509/

roles/web_server/molecule/default/group_vars/parameters-optional.yml

➞

Show inline comments

@@ new file 100644 @@
 ---
 default_enforce_https: false
 default_https_tls_certificate: "{{ lookup('file', 'tests/data/x509/parameters-optional_https.cert.pem') }}"
 default_https_tls_key: "{{ lookup('file', 'tests/data/x509/parameters-optional_https.key.pem') }}"
 web_default_title: "Optional Welcome"
 web_default_message: "Welcome to parameters-optional, default virtual host."
 web_server_tls_protocols:
   - TLSv1.1
   - TLSv1.2
 web_server_tls_ciphers: "DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-GCM-SHA384:\
 DHE-RSA-AES256-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-GCM-SHA384:\
 ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:!aNULL:!MD5:!EXPORT"
 # common
 ca_certificates:
   testca: "{{ lookup('file', 'tests/data/x509/ca.cert.pem') }}"

roles/web_server/molecule/default/molecule.yml

➞

Show inline comments

@@ @@ -9,6 +9,8 @@ driver: @@
 lint:
   name: yamllint
   options:
     config-file: ../../.yamllint.yml
 platforms:

roles/web_server/molecule/default/playbook.yml

➞

Show inline comments

 ---
 - hosts: parameters-mandatory
   become: yes
 - hosts: parameters-mandatory,parameters-optional
   become: true
   roles:
     - role: web_server
       # common
       ca_certificates:
         testca: "{{ lookup('file', 'tests/data/x509/ca.cert.pem') }}"
       # Common parameters (general, not role).
       tls_certificate_dir: tests/data/x509/
       tls_private_key_dir: tests/data/x509/
 - hosts: parameters-optional
   become: yes
   roles:
     - role: web_server
       default_enforce_https: no
       default_https_tls_certificate: "{{ lookup('file', 'tests/data/x509/parameters-optional_https.cert.pem') }}"
       default_https_tls_key: "{{ lookup('file', 'tests/data/x509/parameters-optional_https.key.pem') }}"
       web_default_title: "Optional Welcome"
       web_default_message: "Welcome to parameters-optional, default virtual host."
       web_server_tls_protocols:
         - TLSv1.1
         - TLSv1.2
       web_server_tls_ciphers: "DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:!aNULL:!MD5:!EXPORT"
       # common
       ca_certificates:
         testca: "{{ lookup('file', 'tests/data/x509/ca.cert.pem') }}"
     - web_server

roles/web_server/molecule/default/prepare.yml

➞

Show inline comments

@@ @@ -2,24 +2,24 @@ @@
 - name: Prepare
   hosts: all
-  gather_facts: False
+  gather_facts: false
   tasks:
     - name: Install python for Ansible
       raw: test -e /usr/bin/python || (apt -y update && apt install -y python-minimal)
       become: True
       changed_when: False
       become: true
       changed_when: false
 - hosts: all
-  become: yes
+  become: true
   tasks:
     - name: Update all caches to avoid errors due to missing remote archives
       apt:
         update_cache: yes
       changed_when: False
         update_cache: true
       changed_when: false
 - hosts: all
-  become: yes
+  become: true
   tasks:
     - name: Set-up the hosts file
@@ @@ -39,21 +39,21 @@ @@
     - name: Install curl for testing redirects and webpage content
       apt:
         name: curl
-        state: installed
+        state: present
 - hosts: client1
-  become: yes
+  become: true
   tasks:
     - name: Install tool for testing TCP connectivity
       apt:
         name: hping3
-        state: installed
+        state: present
     - name: Install console-based web browser for interactive testing
       apt:
         name: lynx
-        state: installed
+        state: present
     - name: Deploy CA certificate
       copy:

roles/web_server/molecule/default/tests/test_client.py

➞

Show inline comments

 import os
 import testinfra.utils.ansible_runner
 testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
-    '.molecule/ansible_inventory.yml').get_hosts('client1')
+    os.environ['MOLECULE_INVENTORY_FILE']).get_hosts(['client1'])
 def test_connectivity(host):

roles/web_server/molecule/default/tests/test_default.py

➞

Show inline comments

 import os
 import testinfra.utils.ansible_runner
 testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
-    '.molecule/ansible_inventory.yml').get_hosts(['parameters-mandatory', 'parameters-optional'])
+    os.environ['MOLECULE_INVENTORY_FILE']).get_hosts(['parameters-mandatory', 'parameters-optional'])
 def test_installed_packages(host):

roles/web_server/molecule/default/tests/test_mandatory.py

➞

Show inline comments

 import os
 import testinfra.utils.ansible_runner
 testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
-    '.molecule/ansible_inventory.yml').get_hosts('parameters-mandatory')
+    os.environ['MOLECULE_INVENTORY_FILE']).get_hosts(['parameters-mandatory'])
 def test_nginx_tls_files(host):

roles/web_server/molecule/default/tests/test_optional.py

➞

Show inline comments

 import os
 import testinfra.utils.ansible_runner
 testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
-    '.molecule/ansible_inventory.yml').get_hosts('parameters-optional')
+    os.environ['MOLECULE_INVENTORY_FILE']).get_hosts(['parameters-optional'])
 def test_nginx_tls_files(host):

roles/web_server/tasks/main.yml

➞

Show inline comments

@@ @@ -3,12 +3,12 @@ @@
 - name: Install nginx
   apt:
     name: nginx
-    state: installed
+    state: present
 - name: Allow nginx user to traverse the directory with TLS private keys
   user:
     name: www-data
-    append: yes
+    append: true
     groups: ssl-cert
   notify:
     - Restart nginx
@@ @@ -44,7 +44,7 @@ @@
 - name: Remove TLS protocol configuration from the main configuration file
   lineinfile:
     dest: "/etc/nginx/nginx.conf"
-    backrefs: yes
+    backrefs: true
     regexp: "^\\s*ssl_protocols"
     state: absent
   notify:
@@ @@ -124,13 +124,13 @@ @@
 - name: Enable nginx service
   service:
     name: nginx
-    enabled: yes
+    enabled: true
     state: started
 - name: Install base packages for Python web applications
   apt:
     name: "{{ item }}"
-    state: installed
+    state: present
   with_items:
     - virtualenv
     - virtualenvwrapper
@@ @@ -160,7 +160,7 @@ @@
 - name: Install base packages for PHP web applications
   apt:
     name: "{{ item }}"
-    state: installed
+    state: present
   with_items:
     - php5-fpm
@@ @@ -185,7 +185,7 @@ @@
 - name: Enable service used for running PHP web applications
   service:
     name: "php5-fpm"
-    enabled: yes
+    enabled: true
     state: started
 - name: Read timezone on server

0 comments (0 inline, 0 general)