Files @ 5ea45eee5187
Branch filter:

Location: majic-ansible-roles/roles/web_server/playbook.yml

branko
MAR-124: Updated mail_forwarder test_tls_enforced_towards_relay_mail_server to be a bit robust against race condition.
---

- hosts: all
  tasks:

    - name: Update all caches to avoid errors due to missing remote archives
      apt:
        update_cache: yes
      changed_when: False

- hosts: all
  tasks:

    - name: Set-up /etc/hosts entries
      lineinfile:
        dest: /etc/hosts
        line: "{{ item.key }} {{ item.value }}"
      with_dict:
        10.31.127.20: "client1"
        10.31.127.30: "parameters-mandatory"
        10.31.127.31: "parameters-optional"

- hosts: client1
  tasks:

    - name: Install tool for testing TCP connectivity
      apt:
        name: hping3
        state: installed

    - name: Install console-based web browser for interactive testing
      apt:
        name: lynx
        state: installed

    - name: Deploy CA certificate
      copy:
        src: tests/data/x509/ca.cert.pem
        dest: /usr/local/share/ca-certificates/testca.crt
        owner: root
        group: root
        mode: 0644
      notify:
        - Update CA certificate cache

  handlers:

    - name: Update CA certificate cache
      command: /usr/sbin/update-ca-certificates --fresh

- hosts: parameters-mandatory
  roles:
    - role: web_server

      # common
      ca_certificates:
        testca: "{{ lookup('file', 'tests/data/x509/ca.cert.pem') }}"

      # Common parameters (general, not role).
      tls_certificate_dir: tests/data/x509/
      tls_private_key_dir: tests/data/x509/

- hosts: parameters-optional
  roles:
    - role: web_server
      default_enforce_https: no
      default_https_tls_certificate: "{{ lookup('file', 'tests/data/x509/parameters-optional_https.cert.pem') }}"
      default_https_tls_key: "{{ lookup('file', 'tests/data/x509/parameters-optional_https.key.pem') }}"
      web_default_title: "Optional Welcome"
      web_default_message: "Welcome to parameters-optional, default virtual host."
      web_server_tls_protocols:
        - TLSv1.1
        - TLSv1.2
      web_server_tls_ciphers: "DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:!aNULL:!MD5:!EXPORT"

      # common
      ca_certificates:
        testca: "{{ lookup('file', 'tests/data/x509/ca.cert.pem') }}"


- hosts: all
  tasks:
    - name: Install curl for testing redirects and webpage content
      apt:
        name: curl
        state: installed