Files @ 72a32e8be299
Branch filter:

Location: majic-ansible-roles/roles/web_server/molecule/default/prepare.yml

branko
MAR-239: Dropped support for Debian 11 Bullseye from the web_server role.
---

- name: Set-up fixtures
  hosts: localhost
  connection: local
  gather_facts: false
  tasks:

    - name: Initialise CA hierarchy
      command: "gimmecert init"
      args:
        creates: ".gimmecert/ca/level1.cert.pem"
        chdir: "tests/data/"

    - name: Generate server private keys and certificates
      command:
      args:
        chdir: "tests/data/"
        creates: ".gimmecert/server/{{ item.name }}.cert.pem"
        argv:
          - "gimmecert"
          - "server"
          - "{{ item.name }}"
          - "{{ item.fqdn }}"
      with_items:
        - name: parameters-mandatory-bookworm_https
          fqdn: parameters-mandatory-bookworm
        - name: parameters-optional-bookworm_https
          fqdn: parameters-optional-bookworm

    - name: Set-up link to generated X.509 material
      file:
        src: ".gimmecert"
        dest: "tests/data/x509"
        state: link

- name: Prepare
  hosts: all
  gather_facts: false
  tasks:
    - name: Install python for Ansible
      raw: test -e /usr/bin/python3 || (apt -y update && apt install -y python3-minimal)
      become: true
      changed_when: false

- hosts: all
  become: true
  tasks:

    - name: Update all caches to avoid errors due to missing remote archives
      apt:
        update_cache: true
      changed_when: false

    - name: Install tools for testing
      apt:
        name:
          - gnutls-bin
          - nmap
        state: present

- hosts: bookworm
  become: true
  tasks:

    - name: Enable TLSv1.0+ in global OpenSSL configuration file in order to be able to test the web_server_tls_protocols parameter
      blockinfile:
        path: "/etc/ssl/openssl.cnf"
        block: |
          [openssl_init]
          ssl_conf = ssl_sect

          [ssl_sect]
          system_default = system_default_sect

          [system_default_sect]
          MinProtocol = TLSv1.1
          CipherString = DEFAULT@SECLEVEL=0
        owner: root
        group: root
        mode: 0644
        state: present

- hosts: all
  become: true
  tasks:

    - name: Set-up the hosts file
      lineinfile:
        path: /etc/hosts
        regexp: "^{{ item.key }}"
        line: "{{ item.key }} {{ item.value }}"
        owner: root
        group: root
        mode: 0644
        state: present
      with_dict:
        192.168.56.11: "client"
        192.168.56.21: "parameters-mandatory-bookworm"
        192.168.56.22: "parameters-optional-bookworm"

    - name: Install curl for testing redirects and webpage content
      apt:
        name: curl
        state: present

- hosts: client
  become: true
  tasks:

    - name: Install tool for testing TCP connectivity
      apt:
        name: hping3
        state: present

    - name: Install console-based web browser for interactive testing
      apt:
        name: lynx
        state: present

    - name: Deploy CA certificate
      copy:
        src: tests/data/x509/ca/level1.cert.pem
        dest: /usr/local/share/ca-certificates/testca.crt
        owner: root
        group: root
        mode: 0644
      notify:
        - Update CA certificate cache

  handlers:

    - name: Update CA certificate cache
      command: /usr/sbin/update-ca-certificates --fresh