Files @ 49af212543b0
Branch filter:

Location: majic-ansible-roles/roles/common/molecule/default/prepare.yml

49af212543b0 4.3 KiB text/x-yaml Show Annotation Show as Raw Download as Raw
branko
MAR-192: Switch to using NTP pools instead of servers:

- This is the recommended configuration by NTPsec, and also default on
Debian. Previuosly suggested values for servers have been pool
addresses in any case.
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
---

- name: Set-up fixtures
  hosts: localhost
  connection: local
  gather_facts: false
  tasks:

    - name: Initialise CA hierarchy
      command: "gimmecert init --ca-hierarchy-depth 2"
      args:
        creates: ".gimmecert/ca/level1.cert.pem"
        chdir: "tests/data/"

    - name: Set-up link to generated X.509 material
      file:
        src: ".gimmecert"
        dest: "tests/data/x509"
        state: link

- name: Prepare
  hosts: all
  gather_facts: false
  tasks:

    - name: Install python for Ansible
      raw: test -e /usr/bin/python3 || (apt -y update && apt install -y python3-minimal)
      become: true
      changed_when: false

- hosts: all
  become: true
  tasks:

    - name: Update all caches to avoid errors due to missing remote archives
      apt:
        update_cache: true
      changed_when: false

    - name: Install net-tools for running Testinfra host.socket tests
      apt:
        name: net-tools
        state: present

- hosts: helper
  become: true
  tasks:

    - name: Install apt-cacher-ng
      apt:
        name: apt-cacher-ng
        state: present

- hosts: client
  become: true
  tasks:

    - name: Install tool for testing TCP connectivity
      apt:
        name: nmap
        state: present

    - name: Set-up /etc/hosts with entries for all servers
      lineinfile:
        path: /etc/hosts
        regexp: "^{{ item.key }}"
        line: "{{ item.key }} {{ item.value }}"
        owner: root
        group: root
        mode: 0644
        state: present
      with_dict:
        192.168.56.31: parameters-mandatory-bullseye
        192.168.56.32: parameters-optional-bullseye
        fd00::192:168:56:31: parameters-mandatory-bullseye
        fd00::192:168:56:32: parameters-optional-bullseye

- hosts: parameters-mandatory,parameters-optional
  become: true
  tasks:

    - name: Set-up /etc/hosts with entries for all servers
      lineinfile:
        path: /etc/hosts
        regexp: "^{{ item.key }}"
        line: "{{ item.key }} {{ item.value }}"
        owner: root
        group: root
        mode: 0644
        state: present
      with_dict:
        192.168.56.3: client1
        192.168.56.4: client2

    - name: Load legacy iptables to test their removal
      modprobe:
        name: "{{ item }}"
        state: present
      with_items:
        - iptable_filter
        - iptable_nat
        - iptable_mangle
        - iptable_security
        - iptable_raw
        - ip6table_filter
        - ip6table_nat
        - ip6table_mangle
        - ip6table_security
        - ip6table_raw

    - name: Create some custom legacy iptables chains for testing their removal (max chain name length is 29)
      command: "iptables-legacy -t '{{ item }}' -N '{{ (ansible_date_time.iso8601_micro | to_uuid)[:28] }}'"
      with_items:
        - filter
        - nat
        - mangle
        - security
        - raw

    - name: Create some custom legacy ip6tables chains for testing their removal (max chain name length is 29)
      command: "ip6tables-legacy -t '{{ item }}' -N '{{ (ansible_date_time.iso8601_micro | to_uuid)[:28] }}'"
      with_items:
        - filter
        - nat
        - mangle
        - security
        - raw

    - name: Create deprecated directory for storing requirements files created using Python 3 (pip requirements upgrade checks)
      file:
        path: "/etc/pip_check_requirements_upgrades-py3"
        state: directory
        owner: root
        group: root
        mode: 0750

    - name: Create deprecated directory for Python 3 virtual environment (pip requirements upgrade checks)
      file:
        path: "/var/lib/pipreqcheck/virtualenv-py3/"
        state: directory
        owner: root
        group: root
        mode: 0750

    - name: Create deprecated cronjob file for Python 3 (pip requirements upgrade checks)
      file:
        path: "/etc/cron.d/check_pip_requirements-py3"
        state: touch
        owner: root
        group: root
        mode: 0644

    - name: Install the deprecated/obsolete NTP-related packages
      apt:
        name:
          - ntp
          - ntpdate
        state: present

- hosts: parameters-mandatory,parameters-optional
  become: true
  tasks:

    - name: Remove the ss utility (see https://github.com/philpep/testinfra/pull/320)
      file:
        path: "/bin/ss"
        state: absent
This site is powered by Kallithea 0.7.0, which is © 2010–2023 by various authors & licensed under GPLv3.