majic-ansible-roles Changeset

Changeset - c3861b9a54bb

Parent rev.

Child rev.

[Not reviewed]

0 5 0

Branko Majic (branko) - 21 months ago 2024-02-27 18:19:02
branko@majic.rs

MAR-192: Added support for Debian 12 Bookworm to ldap_server role.

5 files changed with 40 insertions and 2 deletions:

docs/rolereference.rst

roles/ldap_server/meta/main.yml

roles/ldap_server/molecule/default/molecule.yml

roles/ldap_server/molecule/default/prepare.yml

roles/ldap_server/molecule/default/tests/test_mandatory.py

0 comments (0 inline, 0 general)

docs/rolereference.rst

➞

Show inline comments

@@ @@ -784,24 +784,25 @@ Parameters @@
   cipher specification that should also include what TLS protocol versions
   should be used. Value should be compatible with OpenLDAP server option
   ``olcTLSCipherSuite``. Default value allows only TLSv1.2 and strong PFS
   ciphers.
 Distribution compatibility
 ~~~~~~~~~~~~~~~~~~~~~~~~~~
 Role is compatible with the following distributions:
 - Debian 11 (Bullseye)
 - Debian 12 (Bookworm)
 Examples
 ~~~~~~~~
 Here is an example configuration for setting-up LDAP server:
 .. code-block:: yaml
   ---
   ldap_server_domain: "example.com"

roles/ldap_server/meta/main.yml

➞

Show inline comments

@@ @@ -9,12 +9,13 @@ dependencies: @@
     backup_patterns:
       - "/srv/backup/slapd.bak"
 galaxy_info:
   author: Branko Majic
   description: Sets-up an OpenLDAP server
   license: BSD
   min_ansible_version: 2.9
   platforms:
     - name: Debian
       versions:
         - 11
         - 12

roles/ldap_server/molecule/default/molecule.yml

➞

Show inline comments

@@ @@ -6,25 +6,25 @@ driver: @@
   name: vagrant
   provider:
     name: virtualbox
 lint:
   name: yamllint
   options:
     config-file: ../../.yamllint.yml
 platforms:
   - name: client
-    box: debian/bullseye64
+    box: debian/bookworm64
     memory: 512
     cpus: 1
     provider_raw_config_args:
       - "customize ['modifyvm', :id, '--paravirtprovider', 'minimal']"
     interfaces:
       - auto_config: true
         ip: 192.168.56.11
         network_name: private_network
         type: static
   - name: parameters-mandatory-bullseye
     groups:
@@ @@ -46,24 +46,53 @@ platforms: @@
       - backup-server
     box: debian/bullseye64
     memory: 256
     cpus: 1
     provider_raw_config_args:
       - "customize ['modifyvm', :id, '--paravirtprovider', 'minimal']"
     interfaces:
       - auto_config: true
         ip: 192.168.56.32
         network_name: private_network
         type: static
   - name: parameters-mandatory-bookworm
     groups:
       - parameters-mandatory
     box: debian/bookworm64
     memory: 384
     cpus: 1
     provider_raw_config_args:
       - "customize ['modifyvm', :id, '--paravirtprovider', 'minimal']"
     interfaces:
       - auto_config: true
         ip: 192.168.56.21
         network_name: private_network
         type: static
   - name: parameters-optional-bookworm
     groups:
       - parameters-optional
       - backup-server
     box: debian/bookworm64
     memory: 384
     cpus: 1
     provider_raw_config_args:
       - "customize ['modifyvm', :id, '--paravirtprovider', 'minimal']"
     interfaces:
       - auto_config: true
         ip: 192.168.56.22
         network_name: private_network
         type: static
 provisioner:
   name: ansible
   playbooks:
     cleanup: cleanup.yml
   config_options:
     defaults:
       force_valid_group_names: "ignore"
       interpreter_python: "/usr/bin/python3"
     ssh_connection:
       pipelining: "True"
   lint:
     name: ansible-lint

roles/ldap_server/molecule/default/prepare.yml

➞

Show inline comments

@@ @@ -18,24 +18,28 @@ @@
         chdir: "tests/data/"
         creates: ".gimmecert/server/{{ item.name }}.cert.pem"
         argv:
           - "gimmecert"
           - "server"
           - "{{ item.name }}"
           - "{{ item.fqdn }}"
       with_items:
         - name: parameters-mandatory-bullseye_ldap
           fqdn: parameters-mandatory
         - name: parameters-optional-bullseye_ldap
           fqdn: parameters-optional
         - name: parameters-mandatory-bookworm_ldap
           fqdn: parameters-mandatory
         - name: parameters-optional-bookworm_ldap
           fqdn: parameters-optional
     - name: Set-up link to generated X.509 material
       file:
         src: ".gimmecert"
         dest: "tests/data/x509"
         state: link
 - name: Prepare
   hosts: all
   gather_facts: false
   tasks:
     - name: Install python for Ansible
@@ @@ -72,24 +76,26 @@ @@
     - name: Set-up /etc/hosts with entries for all servers
       lineinfile:
         path: /etc/hosts
         regexp: "^{{ item.key }}"
         line: "{{ item.key }} {{ item.value }}"
         owner: root
         group: root
         mode: 0644
         state: present
       with_dict:
 .168.56.31: parameters-mandatory-bullseye
 .168.56.32: parameters-optional-bullseye
 .168.56.21: parameters-mandatory-bookworm
 .168.56.22: parameters-optional-bookworm
 - hosts: parameters-optional
   become: true
   tasks:
     - name: Set-up the hosts file
       lineinfile:
         path: /etc/hosts
         regexp: "^{{ item.key }}"
         line: "{{ item.key }} {{ item.value }}"
         owner: root
         group: root

roles/ldap_server/molecule/default/tests/test_mandatory.py

➞

Show inline comments

@@ @@ -119,25 +119,26 @@ def test_ssf_configuration(host): @@
         assert ssf.rc == 0
         assert "olcSecurity: ssf=128" in ssf.stdout
 def test_permissions(host):
     """
     Tests if LDAP directory permissions have been set-up correctly.
     """
     with host.sudo():
         permissions = host.run("ldapsearch -o ldif-wrap=no -H ldapi:/// -Q -LLL -Y EXTERNAL -b 'olcDatabase={1}mdb,cn=config' -s base olcAccess olcAccess")
         expected_permissions = """olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by dn="cn=admin,dc=local" manage by * break
         expected_permissions = \
             """olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by dn="cn=admin,dc=local" manage by * break
 olcAccess: {1}to attrs=userPassword,shadowLastChange by self write by anonymous auth by * none
 olcAccess: {2}to dn.base="" by * read
 olcAccess: {3}to * by self write by dn="cn=admin,dc=local" write by users read by * none"""
         assert permissions.rc == 0
         assert expected_permissions in permissions.stdout
 def test_services_login_entries(host):
     """
     Tests if the service/consumer login entries have been set correctly.
     """

0 comments (0 inline, 0 general)