Files
@ 72a32e8be299
Branch filter:
Location: majic-ansible-roles/roles/web_server/molecule/default/prepare.yml
72a32e8be299
3.1 KiB
text/x-yaml
MAR-239: Dropped support for Debian 11 Bullseye from the web_server role.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 | ---
- name: Set-up fixtures
hosts: localhost
connection: local
gather_facts: false
tasks:
- name: Initialise CA hierarchy
command: "gimmecert init"
args:
creates: ".gimmecert/ca/level1.cert.pem"
chdir: "tests/data/"
- name: Generate server private keys and certificates
command:
args:
chdir: "tests/data/"
creates: ".gimmecert/server/{{ item.name }}.cert.pem"
argv:
- "gimmecert"
- "server"
- "{{ item.name }}"
- "{{ item.fqdn }}"
with_items:
- name: parameters-mandatory-bookworm_https
fqdn: parameters-mandatory-bookworm
- name: parameters-optional-bookworm_https
fqdn: parameters-optional-bookworm
- name: Set-up link to generated X.509 material
file:
src: ".gimmecert"
dest: "tests/data/x509"
state: link
- name: Prepare
hosts: all
gather_facts: false
tasks:
- name: Install python for Ansible
raw: test -e /usr/bin/python3 || (apt -y update && apt install -y python3-minimal)
become: true
changed_when: false
- hosts: all
become: true
tasks:
- name: Update all caches to avoid errors due to missing remote archives
apt:
update_cache: true
changed_when: false
- name: Install tools for testing
apt:
name:
- gnutls-bin
- nmap
state: present
- hosts: bookworm
become: true
tasks:
- name: Enable TLSv1.0+ in global OpenSSL configuration file in order to be able to test the web_server_tls_protocols parameter
blockinfile:
path: "/etc/ssl/openssl.cnf"
block: |
[openssl_init]
ssl_conf = ssl_sect
[ssl_sect]
system_default = system_default_sect
[system_default_sect]
MinProtocol = TLSv1.1
CipherString = DEFAULT@SECLEVEL=0
owner: root
group: root
mode: 0644
state: present
- hosts: all
become: true
tasks:
- name: Set-up the hosts file
lineinfile:
path: /etc/hosts
regexp: "^{{ item.key }}"
line: "{{ item.key }} {{ item.value }}"
owner: root
group: root
mode: 0644
state: present
with_dict:
192.168.56.11: "client"
192.168.56.21: "parameters-mandatory-bookworm"
192.168.56.22: "parameters-optional-bookworm"
- name: Install curl for testing redirects and webpage content
apt:
name: curl
state: present
- hosts: client
become: true
tasks:
- name: Install tool for testing TCP connectivity
apt:
name: hping3
state: present
- name: Install console-based web browser for interactive testing
apt:
name: lynx
state: present
- name: Deploy CA certificate
copy:
src: tests/data/x509/ca/level1.cert.pem
dest: /usr/local/share/ca-certificates/testca.crt
owner: root
group: root
mode: 0644
notify:
- Update CA certificate cache
handlers:
- name: Update CA certificate cache
command: /usr/sbin/update-ca-certificates --fresh
|