majic-ansible-roles Changeset

Changeset - f176b9957d1b

Parent rev.

Child rev.

[Not reviewed]

0 3 0

Branko Majic (branko) - 2 months ago 2024-09-03 17:11:46
branko@majic.rs

MAR-218: Drop the workaround for running connectivity tests:

- Relevant PR has been long merged into testinfra, and no longer poses
an issue.

3 files changed with 0 insertions and 15 deletions:

roles/common/molecule/default/prepare.yml

roles/ldap_server/molecule/default/prepare.yml

roles/wsgi_website/molecule/default/prepare.yml

0 comments (0 inline, 0 general)

roles/common/molecule/default/prepare.yml

➞

Show inline comments

 ---
 - name: Prepare, test fixtures
   hosts: localhost
   connection: local
   gather_facts: false
   tasks:
     - name: Initialise CA hierarchy
       ansible.builtin.command: "gimmecert init --ca-hierarchy-depth 2"
       args:
         creates: ".gimmecert/ca/level1.cert.pem"
         chdir: "tests/data/"
     - name: Set-up link to generated X.509 material
       ansible.builtin.file:
         src: ".gimmecert"
         dest: "tests/data/x509"
         state: link
 - name: Prepare
   hosts: all
   become: true
   gather_facts: false
   tasks:
     - name: Install python for Ansible
       ansible.builtin.raw: test -e /usr/bin/python3 || (apt -y update && apt install -y python3-minimal)
       changed_when: false
     - name: Update all caches to avoid errors due to missing remote archives
       ansible.builtin.apt:
         update_cache: true
       changed_when: false
     - name: Install net-tools for running Testinfra host.socket tests
       ansible.builtin.apt:
         name: net-tools
         state: present
     - name: Remove the ss utility (see https://github.com/philpep/testinfra/pull/320)
       ansible.builtin.file:
         path: "/bin/ss"
         state: absent
 - name: Prepare, helpers
   hosts: helper
   become: true
   tasks:
     - name: Install apt-cacher-ng
       ansible.builtin.apt:
         name: apt-cacher-ng
         state: present
 - name: Prepare, helpers
   hosts: client
   become: true
   tasks:
     - name: Install tool for testing TCP connectivity
       ansible.builtin.apt:
         name: nmap
         state: present
     - name: Set-up /etc/hosts with entries for all servers
       ansible.builtin.lineinfile:
         path: /etc/hosts
         regexp: "^{{ item.key }}"
         line: "{{ item.key }} {{ item.value }}"
         owner: root
         group: root
         mode: "0644"
         state: present
       with_dict:
 .168.56.21: parameters-mandatory-bookworm
 .168.56.22: parameters-optional-bookworm
         fd00::192:168:56:21: parameters-mandatory-bookworm
         fd00::192:168:56:22: parameters-optional-bookworm
 - name: Prepare, test fixtures
   hosts: parameters-mandatory,parameters-optional
   become: true
   tasks:
     - name: Set-up /etc/hosts with entries for all servers
       ansible.builtin.lineinfile:
         path: /etc/hosts
         regexp: "^{{ item.key }}"
         line: "{{ item.key }} {{ item.value }}"
         owner: root
         group: root
         mode: "0644"
         state: present
       with_dict:
 .168.56.3: client1
 .168.56.4: client2
     - name: Load legacy iptables to test their removal
       community.general.modprobe:
         name: "{{ item }}"
         state: present
       with_items:
         - iptable_filter
         - iptable_nat
         - iptable_mangle
         - iptable_security
         - iptable_raw
         - ip6table_filter
         - ip6table_nat
         - ip6table_mangle
         - ip6table_security
         - ip6table_raw
     - name: Create some custom legacy iptables chains for testing their removal (max chain name length is 29)  # noqa no-changed-when
       # [no-changed-when] Commands should not change things if nothing needs doing
       #   Does not matter in test prepare stage.
       ansible.builtin.command: "iptables-legacy -t '{{ item }}' -N '{{ (ansible_date_time.iso8601_micro | to_uuid)[:28] }}'"
       with_items:
         - filter
         - nat
         - mangle
         - security
         - raw
     - name: Create some custom legacy ip6tables chains for testing their removal (max chain name length is 29)  # noqa no-changed-when
       # [no-changed-when] Commands should not change things if nothing needs doing
       #   Does not matter in test prepare stage.
       ansible.builtin.command: "ip6tables-legacy -t '{{ item }}' -N '{{ (ansible_date_time.iso8601_micro | to_uuid)[:28] }}'"
       with_items:
         - filter
         - nat
         - mangle
         - security
         - raw
     - name: Create deprecated directory for storing requirements files created using Python 3 (pip requirements upgrade checks)
       ansible.builtin.file:
         path: "/etc/pip_check_requirements_upgrades-py3"
         state: directory
         owner: root
         group: root
         mode: "0750"
     - name: Create deprecated directory for Python 3 virtual environment (pip requirements upgrade checks)
       ansible.builtin.file:
         path: "/var/lib/pipreqcheck/virtualenv-py3/"
         state: directory
         owner: root
         group: root
         mode: "0750"
     - name: Create deprecated cronjob file for Python 3 (pip requirements upgrade checks)
       ansible.builtin.file:
         path: "/etc/cron.d/check_pip_requirements-py3"
         state: touch
         owner: root
         group: root
         mode: "0644"
     - name: Install the deprecated/obsolete NTP-related packages
       ansible.builtin.apt:
         name:
           - ntp
           - ntpdate
         state: present

roles/ldap_server/molecule/default/prepare.yml

➞

Show inline comments

 ---
 - name: Prepare, test fixtures
   hosts: localhost
   connection: local
   gather_facts: false
   tasks:
     - name: Initialise CA hierarchy
       ansible.builtin.command: "gimmecert init"
       args:
         creates: ".gimmecert/ca/level1.cert.pem"
         chdir: "tests/data/"
     - name: Generate server private keys and certificates
       ansible.builtin.command:
       args:
         chdir: "tests/data/"
         creates: ".gimmecert/server/{{ item.name }}.cert.pem"
         argv:
           - "gimmecert"
           - "server"
           - "{{ item.name }}"
           - "{{ item.fqdn }}"
       with_items:
         - name: parameters-mandatory-bookworm_ldap
           fqdn: parameters-mandatory
         - name: parameters-optional-bookworm_ldap
           fqdn: parameters-optional
     - name: Set-up link to generated X.509 material
       ansible.builtin.file:
         src: ".gimmecert"
         dest: "tests/data/x509"
         state: link
 - name: Prepare
   hosts: all
   become: true
   gather_facts: false
   tasks:
     - name: Install python for Ansible
       ansible.builtin.raw: test -e /usr/bin/python3 || (apt -y update && apt install -y python3-minimal)
       changed_when: false
     - name: Update all caches to avoid errors due to missing remote archives
       ansible.builtin.apt:
         update_cache: true
       changed_when: false
     - name: Deploy CA certificate
       ansible.builtin.copy:
         src: tests/data/x509/ca/level1.cert.pem
         dest: /etc/ssl/certs/testca.cert.pem
         owner: root
         group: root
         mode: "0644"
     - name: Remove the ss utility (see https://github.com/philpep/testinfra/pull/320)
       ansible.builtin.file:
         path: "/bin/ss"
         state: absent
     - name: Install tools for testing
       ansible.builtin.apt:
         name:
           - net-tools
           - nmap
           - gnutls-bin
         state: present
 - name: Prepare, helpers
   hosts: client
   become: true
   tasks:
     - name: Install tool for teting TCP connectivity
       ansible.builtin.apt:
         name: hping3
         state: present
     - name: Set-up /etc/hosts with entries for all servers
       ansible.builtin.lineinfile:
         path: /etc/hosts
         regexp: "^{{ item.key }}"
         line: "{{ item.key }} {{ item.value }}"
         owner: root
         group: root
         mode: "0644"
         state: present
       with_dict:
 .168.56.21: parameters-mandatory-bookworm
 .168.56.22: parameters-optional-bookworm
 - name: Prepare, test fixtures
   hosts: parameters-optional
   become: true
   tasks:
     - name: Set-up the hosts file
       ansible.builtin.lineinfile:
         path: /etc/hosts
         regexp: "^{{ item.key }}"
         line: "{{ item.key }} {{ item.value }}"
         owner: root
         group: root
         mode: "0644"
         state: present
       with_dict:
 .0.2.1: parameters-optional
 - name: Prepare, test fixtures
   hosts: parameters-mandatory
   become: true
   tasks:
     - name: Set-up the hosts file
       ansible.builtin.lineinfile:
         path: /etc/hosts
         regexp: "^{{ item.key }}"
         line: "{{ item.key }} {{ item.value }}"
         owner: root
         group: root
         mode: "0644"
         state: present
       with_dict:
 .0.2.1: parameters-mandatory
 - name: Prepare, helpers
   hosts: backup-server
   become: true
   roles:
     - role: backup_server
       backup_host_ssh_private_keys:
         rsa: "{{ lookup('file', 'tests/data/ssh/server_rsa') }}"
         ed25519: "{{ lookup('file', 'tests/data/ssh/server_ed25519') }}"
         ecdsa: "{{ lookup('file', 'tests/data/ssh/server_ecdsa') }}"
       backup_clients:
         - server: localhost
           ip: 127.0.0.1
           public_key: "{{ lookup('file', 'tests/data/ssh/parameters-optional.pub') }}"

roles/wsgi_website/molecule/default/prepare.yml

➞

Show inline comments

 ---
 - name: Prepare, test fixtures
   hosts: localhost
   connection: local
   gather_facts: false
   tasks:
     - name: Initialise CA hierarchy
       ansible.builtin.command: "gimmecert init"
       args:
         creates: ".gimmecert/ca/level1.cert.pem"
         chdir: "tests/data/"
     - name: Generate server private keys and certificates
       ansible.builtin.command:
       args:
         chdir: "tests/data/"
         creates: ".gimmecert/server/{{ item.name }}.cert.pem"
         argv:
           - "gimmecert"
           - "server"
           - "{{ item.name }}"
           - "{{ item.fqdn }}"
       with_items:
         - name: parameters-mandatory_https
           fqdn: parameters-mandatory
         - name: parameters-optional.local_https
           fqdn: parameters-optional.local
         - name: parameters-paste-req_https
           fqdn: parameters-paste-req
         - name: wsgi-website_https
           fqdn: wsgi-website
     - name: Set-up link to generated X.509 material
       ansible.builtin.file:
         src: ".gimmecert"
         dest: "tests/data/x509"
         state: link
 - name: Prepare
   hosts: all
   become: true
   gather_facts: false
   tasks:
     - name: Install python for Ansible
       ansible.builtin.raw: test -e /usr/bin/python3 || (apt -y update && apt install -y python3-minimal)
       changed_when: false
     - name: Update all caches to avoid errors due to missing remote archives
       ansible.builtin.apt:
         update_cache: true
       changed_when: false
     - name: Remove the ss utility (see https://github.com/philpep/testinfra/pull/320)
       ansible.builtin.file:
         path: "/bin/ss"
         state: absent
 - name: Prepare, test fixtures
   hosts: wsgi-website
   become: true
   tasks:
     - name: Set-up /etc/hosts entries
       ansible.builtin.lineinfile:
         dest: /etc/hosts
         line: "{{ ansible_eth0.ipv4.address }} parameters-mandatory parameters-optional.local parameters-paste-req wsgi-website"
     - name: Install curl for testing redirects and webpage content
       ansible.builtin.apt:
         name: curl
         state: present
     - name: Install swaks for testing mail forwarding
       ansible.builtin.apt:
         name: swaks
         state: present
     - name: Install net-tools for testing sockets
       ansible.builtin.apt:
         name: net-tools
         state: present
     - name: Install Postfix for testing mail forwarding (Exim4 not covered)
       ansible.builtin.apt:
         name: postfix
         state: present
     - name: Install procmail for consistency with mail_server and mail_forwarder roles
       ansible.builtin.apt:
         name: procmail
         state: present
     - name: Update Postfix configuration
       ansible.builtin.lineinfile:
         path: /etc/postfix/main.cf
         regexp: "^{{ item.key }}"
         line: "{{ item.value }}"
         state: present
       with_dict:
         myhostname: "myhostname = {{ inventory_hostname }}"
         mailbox_command: 'mailbox_command = procmail -a "$EXTENSION"'
       notify:
         - Restart Postfix
     - name: Direct all mails from the root account to vagrant
       ansible.builtin.lineinfile:
         path: /etc/aliases
         regexp: "^root"
         line: "root: vagrant"
         state: present
       notify:
         - Generate aliases database
     - name: Set-up group for an additional user
       ansible.builtin.group:
         name: user
         state: present
     - name: Set-up additional user for testing mail delivery
       ansible.builtin.user:
         name: user
         group: user
         shell: /bin/bash
   handlers:
     - name: Restart Postfix
       ansible.builtin.service:
         name: postfix
         state: restarted
     - name: Generate aliases database  # noqa no-changed-when
       ansible.builtin.command: "/usr/bin/newaliases"
       # [no-changed-when] Commands should not change things if nothing needs doing
       #   Does not matter in test prepare stage.

0 comments (0 inline, 0 general)