Files @ 5ea45eee5187
Branch filter:

Location: majic-ansible-roles/roles/ldap_server/playbook.yml

branko
MAR-124: Updated mail_forwarder test_tls_enforced_towards_relay_mail_server to be a bit robust against race condition.
---

- hosts: all
  tasks:

    - name: Update all caches to avoid errors due to missing remote archives
      apt:
        update_cache: yes
      changed_when: False

- hosts: parameters-mandatory.local
  roles:
    - role: ldap_server
      ldap_admin_password: adminpassword

      # ldap_client
      ldap_client_config:
        - comment: CA truststore
          option: TLS_CACERT
          value: /etc/ssl/certs/testca.cert.pem
        - comment: Ensure TLS is enforced
          option: TLS_REQCERT
          value: demand

      # common vars (not the role, global common)
      tls_private_key_dir: tests/data/x509/
      tls_certificate_dir: tests/data/x509/

- hosts: parameters-optional
  roles:
    - role: backup_server
      backup_host_ssh_private_keys:
        dsa: "{{ lookup('file', 'tests/data/ssh/server_dsa') }}"
        rsa: "{{ lookup('file', 'tests/data/ssh/server_rsa') }}"
        ed25519: "{{ lookup('file', 'tests/data/ssh/server_ed25519') }}"
        ecdsa: "{{ lookup('file', 'tests/data/ssh/server_ecdsa') }}"
      backup_clients:
        - server: parameters-optional
          ip: 127.0.0.1
          public_key: "{{ lookup('file', 'tests/data/ssh/parameters-optional.pub') }}"

- hosts: parameters-optional
  roles:
    - role: ldap_server
      ldap_admin_password: adminpassword
      ldap_entries:
        - dn: uid=john,dc=local
          attributes:
            objectClass:
              - inetOrgPerson
              - simpleSecurityObject
            userPassword: johnpassword
            uid: john
            cn: John Doe
            sn: Doe
        - dn: uid=jane,dc=local
          attributes:
            objectClass:
              - inetOrgPerson
              - simpleSecurityObject
            userPassword: janepassword
            uid: jane
            cn: Jane Doe
            sn: Doe

      ldap_permissions:
        - >
          to *
          by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage
          by self write
          by * read
          by dn="cn=admin,dc=local" write
          by * none

      ldap_server_consumers:
        - name: consumer1
          password: consumer1password
        - name: consumer2
          password: consumer2password
          state: present
        - name: consumer3
          password: consumer3password
          state: absent

      ldap_server_groups:
        - name: group1
        - name: group2
          state: present
        - name: group3
          state: absent

      ldap_server_domain: "local"
      ldap_server_organization: "Example"
      ldap_server_log_level: 0
      ldap_server_tls_certificate: "{{ lookup('file', 'tests/data/x509/parameters-optional.cert.pem') }}"
      ldap_server_tls_key: "{{ lookup('file', 'tests/data/x509/parameters-optional.key.pem') }}"
      ldap_server_ssf: 0
      ldap_tls_ciphers: "NONE:+VERS-TLS1.1:+VERS-TLS1.2:+CTYPE-X509:+COMP-NULL:+SIGN-RSA-SHA256:+SIGN-RSA-SHA384:+SIGN-RSA-SHA512:+DHE-RSA:+ECDHE-RSA:+SHA1:+SHA256:+SHA384:+AEAD:+AES-128-GCM:+AES-128-CBC:+AES-256-GCM:+AES-256-CBC:+CURVE-ALL"

      # ldap_client
      ldap_client_config:
        - comment: CA truststore
          option: TLS_CACERT
          value: /etc/ssl/certs/testca.cert.pem
        - comment: Ensure TLS is enforced
          option: TLS_REQCERT
          value: demand

      # backup_client
      enable_backup: yes
      backup_encryption_key: "{{ lookup('file', 'tests/data/gnupg/parameters-optional.asc') }}"
      backup_server: localhost
      backup_server_host_ssh_public_keys:
        - "{{ lookup('file', 'tests/data/ssh/server_dsa.pub') }}"
        - "{{ lookup('file', 'tests/data/ssh/server_rsa.pub') }}"
        - "{{ lookup('file', 'tests/data/ssh/server_ed25519.pub') }}"
        - "{{ lookup('file', 'tests/data/ssh/server_ecdsa.pub') }}"
      backup_ssh_key: "{{ lookup('file', 'tests/data/ssh/parameters-optional' ) }}"

- hosts: all
  tasks:

    - name: Deploy CA certificate
      copy:
        src: tests/data/x509/ca.cert.pem
        dest: /etc/ssl/certs/testca.cert.pem
        owner: root
        group: root
        mode: 0644

- hosts: client
  tasks:

    - name: Install tool for teting TCP connectivity
      apt:
        name: hping3
        state: installed