majic-ansible-roles Changeset

Changeset - bb8003ddf790

Parent rev.

Child rev.

[Not reviewed]

0 9 0

Branko Majic (branko) - 5 years ago 2020-10-01 22:35:46
branko@majic.rs

MAR-155: Make the ansible_key parameter in the preseed role mandatory:

- Updated the preseed role.
- Removed default value for the parameter.
- Updated tests.
- Updated role reference documentation.
- Updated release notes.

9 files changed with 10 insertions and 8 deletions:

docs/releasenotes.rst

docs/rolereference.rst

roles/preseed/defaults/main.yml

roles/preseed/molecule/default/group_vars/parameters-mandatory.yml

roles/preseed/molecule/default/group_vars/parameters-optional-with-overrides.yml

roles/preseed/molecule/default/group_vars/parameters-optional.yml

roles/preseed/molecule/default/tests/test_parameters_mandatory.py

roles/preseed/molecule/default/tests/test_parameters_optional.py

roles/preseed/molecule/default/tests/test_parameters_optional_with_overrides.py

0 comments (0 inline, 0 general)

docs/releasenotes.rst

➞

Show inline comments

@@ @@ -40,24 +40,26 @@ Breaking changes: @@
   * Use 2048-bit Diffie-Hellman parameters for relevant TLS
     ciphers. This could introduce incompatibility with older
     clients/servers trying to connect to the SMTP/IMAP server.
   * Updated default set of TLS ciphers used by IMAP/SMTP servers
     (``mail_server_tls_ciphers`` parameter). All CBC ciphers have been
     dropped. This could introduce incompatibility with older clients
     trying to connect to the IMAP/SMTP server.
 * ``preseed`` role
   * Parameter ``ansible_key`` is now mandatory.
   * Parameter ``preseed_directory`` is now mandatory.
 * ``web_server`` role
   * Use 2048-bit Diffie-Hellman parameters for relevant TLS
     ciphers. This could introduce incompatibility with older clients
     trying to connect to the web server.
   * Updated default set of TLS ciphers used by the server
     (``web_server_tls_ciphers`` parameter). All CBC ciphers have been
     dropped. This could introduce incompatibility with older clients
     trying to connect to the server.

docs/rolereference.rst

➞

Show inline comments

@@ @@ -32,25 +32,25 @@ content of preseed files. @@
 It is possible to specify parameter values that should be used for all servers,
 as well for individual servers. It is also possible to combine this approach,
 defining global parameters that get overridden per server.
 The role will by default process all hosts from the inventory, generating one
 preseed file per server.
 Parameters
 ~~~~~~~~~~
-**ansible_key** (string, optional, ``{{ lookup('file', '~/.ssh/id_rsa.pub') }}``)
+**ansible_key** (string, mandatory)
   SSH public key that should be deployed to authorized_keys truststore for
   operating system user ``root``. This is necessary for the bootstrap process
   to work since Debian does not allow password-based logins for root.
 **preseed_country** (string, optional, ``SE``)
   Country.
 **preseed_directory** (string, mandatory)
   Destination directory where the preseed files should be stored.
   .. warning::
      Do not name this directory ``preseed`` if it lies on a path where Ansible

roles/preseed/defaults/main.yml

➞

Show inline comments

 ---
 ansible_key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"
 preseed_country: SE
 preseed_keymap: us
 preseed_language: en
 preseed_locale: en_US.UTF-8
 preseed_mirror_directory: /debian
 preseed_mirror_hostname: ftp.se.debian.org
 preseed_mirror_proxy: ""
 preseed_network_auto: true
 preseed_network_interface: eth0
 preseed_root_password: root
 preseed_server_overrides: {}
 preseed_timezone: Europe/Stockholm

roles/preseed/molecule/default/group_vars/parameters-mandatory.yml

➞

Show inline comments

 ---
 ansible_key: MY_ANSIBLE_KEY
 preseed_directory: "/tmp/preseed_files/"

roles/preseed/molecule/default/group_vars/parameters-optional-with-overrides.yml

➞

Show inline comments

 ---
-ansible_key: CUSTOMKEY
+ansible_key: MY_ANSIBLE_KEY
 preseed_directory: "/tmp/preseed_files/"
 preseed_server_overrides:
   parameters-optional-with-overrides-stretch64:
     country: RS
     dns: 1.1.1.1
     domain: example.com
     gateway: 2.2.2.2
     hostname: testing
     ip: 3.3.3.3
     keymap: sv
     language: sr
     locale: en_UK.UTF-8

roles/preseed/molecule/default/group_vars/parameters-optional.yml

➞

Show inline comments

 ---
-ansible_key: CUSTOMKEY
+ansible_key: MY_ANSIBLE_KEY
 preseed_country: RS
 preseed_directory: "/tmp/preseed_files/"
 preseed_dns: 1.1.1.1
 preseed_domain: example.com
 preseed_gateway: 2.2.2.2
 preseed_hostname: testing
 preseed_ip: 3.3.3.3
 preseed_keymap: sv
 preseed_language: sr
 preseed_locale: en_UK.UTF-8
 preseed_mirror_directory: /
 preseed_mirror_hostname: ftp.de.debian.org

roles/preseed/molecule/default/tests/test_parameters_mandatory.py

➞

Show inline comments

@@ @@ -41,25 +41,25 @@ def test_preseed_configuration_files(host): @@
 def test_preseed_configuration_file_content(host):
     """
     Tests content of generated preseed configuration file.
     """
     hostname = host.run('hostname').stdout.strip()
     with host.sudo():
         preseed_directory_path = "/tmp/preseed_files"
         preseed_file = host.file(os.path.join(preseed_directory_path, "%s.cfg" % hostname))
         preseed_file_content = preseed_file.content_string
-        ssh_public_key = open(os.path.join(os.path.expanduser("~"), ".ssh", "id_rsa.pub")).read().strip()
+        ssh_public_key = "MY_ANSIBLE_KEY"
     assert "d-i debian-installer/language string en" in preseed_file_content
     assert "d-i debian-installer/country string SE" in preseed_file_content
     assert "d-i debian-installer/locale string en_US.UTF-8" in preseed_file_content
     assert "d-i keyboard-configuration/xkb-keymap select us" in preseed_file_content
     assert "d-i netcfg/choose_interface select eth0" in preseed_file_content
     assert """# DHCP network configuration.
 d-i netcfg/disable_autoconfig boolean false
 d-i netcfg/get_hostname string ignored-value
 d-i netcfg/get_domain string ignored-value""" in preseed_file_content

roles/preseed/molecule/default/tests/test_parameters_optional.py

➞

Show inline comments

@@ @@ -40,25 +40,25 @@ def test_preseed_configuration_files(host): @@
 def test_preseed_configuration_file_content(host):
     """
     Tests content of generated preseed configuration file.
     """
     hostname = host.run('hostname').stdout.strip()
     with host.sudo():
         preseed_file = host.file(os.path.join(PRESEED_DIRECTORY, "%s.cfg" % hostname))
         preseed_file_content = preseed_file.content_string
-        ssh_public_key = "CUSTOMKEY"
+        ssh_public_key = "MY_ANSIBLE_KEY"
     assert "d-i debian-installer/language string sr" in preseed_file_content
     assert "d-i debian-installer/country string RS" in preseed_file_content
     assert "d-i debian-installer/locale string en_UK.UTF-8" in preseed_file_content
     assert "d-i keyboard-configuration/xkb-keymap select sv" in preseed_file_content
     assert "d-i netcfg/choose_interface select eth1" in preseed_file_content
     assert """# Manual network configuration.
 d-i netcfg/disable_autoconfig boolean true
 d-i netcfg/get_ipaddress string 3.3.3.3
 d-i netcfg/get_netmask string 255.255.0.0
 d-i netcfg/get_gateway string 2.2.2.2

roles/preseed/molecule/default/tests/test_parameters_optional_with_overrides.py

➞

Show inline comments

@@ @@ -24,25 +24,25 @@ def test_preseed_directory(host): @@
 def test_preseed_configuration_file_content_host_without_overrides(host):
     """
     Tests content of generated preseed configuration file.
     """
     hostname = 'parameters-mandatory-stretch64'
     with host.sudo():
         preseed_file = host.file(os.path.join(PRESEED_DIRECTORY, "%s.cfg" % hostname))
         preseed_file_content = preseed_file.content_string
-        ssh_public_key = "CUSTOMKEY"
+        ssh_public_key = "MY_ANSIBLE_KEY"
     assert "d-i debian-installer/language string en" in preseed_file_content
     assert "d-i debian-installer/country string SE" in preseed_file_content
     assert "d-i debian-installer/locale string en_US.UTF-8" in preseed_file_content
     assert "d-i keyboard-configuration/xkb-keymap select us" in preseed_file_content
     assert "d-i netcfg/choose_interface select eth0" in preseed_file_content
     assert """# DHCP network configuration.
 d-i netcfg/disable_autoconfig boolean false
 d-i netcfg/get_hostname string ignored-value
 d-i netcfg/get_domain string ignored-value""" in preseed_file_content
 def test_preseed_configuration_file_content_host_with_overrides(host):
     """
     Tests content of generated preseed configuration file.
     """
     hostname = 'parameters-optional-with-overrides-stretch64'
     with host.sudo():
         preseed_file = host.file(os.path.join(PRESEED_DIRECTORY, "%s.cfg" % hostname))
         preseed_file_content = preseed_file.content_string
-        ssh_public_key = "CUSTOMKEY"
+        ssh_public_key = "MY_ANSIBLE_KEY"
     assert "d-i debian-installer/language string sr" in preseed_file_content
     assert "d-i debian-installer/country string RS" in preseed_file_content
     assert "d-i debian-installer/locale string en_UK.UTF-8" in preseed_file_content
     assert "d-i keyboard-configuration/xkb-keymap select sv" in preseed_file_content
     assert "d-i netcfg/choose_interface select eth1" in preseed_file_content
     assert """# Manual network configuration.
 d-i netcfg/disable_autoconfig boolean true
 d-i netcfg/get_ipaddress string 3.3.3.3
 d-i netcfg/get_netmask string 255.255.0.0
 d-i netcfg/get_gateway string 2.2.2.2

0 comments (0 inline, 0 general)