majic-ansible-roles Changeset

Changeset - f0ffcf83f46a

Parent rev.

Child rev.

[Not reviewed]

0 5 0

Branko Majic (branko) - 5 years ago 2020-10-01 22:59:53
branko@majic.rs

MAR-155: Make the ansible_key parameter in the bootstrap role mandatory:

- Updated the preseed role.
- Removed default value for the parameter.
- Updated tests.
- Updated role reference documentation.
- Updated release notes.

5 files changed with 9 insertions and 5 deletions:

docs/releasenotes.rst

docs/rolereference.rst

roles/bootstrap/defaults/main.yml

roles/bootstrap/molecule/default/group_vars/parameters-mandatory.yml

roles/bootstrap/molecule/default/tests/test_parameters_mandatory.py

0 comments (0 inline, 0 general)

docs/releasenotes.rst

➞

Show inline comments

@@ @@ -14,24 +14,28 @@ Breaking changes: @@
   documentation has been updated.
 * Switched to using Python 3 on both controller and managed server
   side. Python 2.7 can no longer be used for this purpose. Support for
   WSGI applications running on Python 2.7 remains.
 * All roles
   * Support for Debian 8 Jessie has been dropped.
   * Common parameters ``tls_private_key_dir`` and
     ``tls_certificate_dir`` are no longer used.
   * TLS private key and certificate parameters are now mandatory.
 * ``bootstrap`` role
   * Parameter ``ansible_key`` is now mandatory.
 * ``mail_forwarder`` role
   * Use 2048-bit Diffie-Hellman parameters for relevant TLS
     ciphers. This could introduce incompatibility with older
     clients/servers trying to connect to the SMTP server.
 * ``ldap_server`` role
   * Updated default set of TLS ciphers used by server
     (``ldap_tls_ciphers`` parameter). All CBC ciphers have been
     dropped. This could introduce incompatibility with older clients
     trying to connect to the LDAP server.

docs/rolereference.rst

➞

Show inline comments

@@ @@ -182,25 +182,25 @@ The role implements the following: @@
 * Sets-up an authorized_key for operating system user ``ansible`` (for remote
   SSH access).
 * Configures sudo to allow operating system user ``ansible`` to run sudo
   commands without password authentication.
 * Removes the Ansible user's key from the list of authorized keys for user root
   at the end of bootstrap process. This key was necessary only for the bootstrap
   process.
 Parameters
 ~~~~~~~~~~
-**ansible_key** (string, optional, ``{{ lookup('file', '~/.ssh/id_rsa.pub') }}``)
+**ansible_key** (string, mandatory)
   SSH public key that should be deployed to authorized_keys truststore for
   operating system user ``ansible``.
 Distribution compatibility
 ~~~~~~~~~~~~~~~~~~~~~~~~~~
 Role is compatible with the following distributions:
 - Debian 9 (Stretch)

roles/bootstrap/defaults/main.yml

➞

Show inline comments

		---

		ansible_key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"

roles/bootstrap/molecule/default/group_vars/parameters-mandatory.yml

➞

Show inline comments

		---

		ansible_key: "{{ lookup('file', 'tests/data/ansible_key.pub') }}"

roles/bootstrap/molecule/default/tests/test_parameters_mandatory.py

➞

Show inline comments

@@ @@ -5,29 +5,29 @@ import testinfra.utils.ansible_runner @@
 testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
     os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('parameters-mandatory')
 def test_authorized_keys(host):
     """
     Tests if Ansible user authorized_keys has been set-up correctly.
     """
     with host.sudo():
-        ssh_key = open(os.path.expanduser('~/.ssh/id_rsa.pub'), 'r').read().strip()
+        ssh_key = open('tests/data/ansible_key.pub', 'r').read().strip()
         authorized_keys = host.file('/home/ansible/.ssh/authorized_keys')
         assert authorized_keys.is_file
         assert ssh_key in authorized_keys.content_string
 def test_root_authorized_keys(host):
     """
     Tests if Ansible key been removed from root's authorized keys.
     """
     with host.sudo():
-        ssh_key = open(os.path.expanduser('~/.ssh/id_rsa.pub'), 'r').read().strip()
+        ssh_key = open('tests/data/ansible_key.pub', 'r').read().strip()
         assert ssh_key not in host.file('/root/.ssh/authorized_keys').content_string

0 comments (0 inline, 0 general)