Files
@ 80299693b896
Branch filter:
Location: majic-ansible-roles/roles/wsgi_website/molecule/default/prepare.yml
80299693b896
3.4 KiB
text/x-yaml
MAR-150: Use fixtures for X.509 artefacts in the wsgi_website role:
- Removed the statically generated artefacts.
- Generate X.509 artefacts for tests using Gimmecert.
- Updated paths to point to generated artefacts.
- Introduced cleanup playbook for removing generated artefacts.
- Removed the statically generated artefacts.
- Generate X.509 artefacts for tests using Gimmecert.
- Updated paths to point to generated artefacts.
- Introduced cleanup playbook for removing generated artefacts.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 | ---
- name: Set-up fixtures
hosts: localhost
connection: local
gather_facts: false
tasks:
- name: Initialise CA hierarchy
command: "gimmecert init"
args:
creates: ".gimmecert/ca/level1.cert.pem"
chdir: "tests/data/"
- name: Generate server private keys and certificates
command:
args:
chdir: "tests/data/"
creates: ".gimmecert/server/{{ item.name }}.cert.pem"
argv:
- "gimmecert"
- "server"
- "{{ item.name }}"
- "{{ item.fqdn }}"
with_items:
- name: parameters-mandatory_https
fqdn: parameters-mandatory
- name: parameters-optional.local_https
fqdn: parameters-optional.local
- name: parameters-paste-req_https
fqdn: parameters-paste-req
- name: wsgi-website_https
fqdn: wsgi-website
- name: Set-up link to generated X.509 material
file:
src: ".gimmecert"
dest: "tests/data/x509"
state: link
- name: Prepare
hosts: all
gather_facts: false
tasks:
- name: Install python for Ansible
raw: test -e /usr/bin/python3 || (apt -y update && apt install -y python3-minimal)
become: true
changed_when: false
- hosts: wsgi-website
become: true
tasks:
- name: Update all caches to avoid errors due to missing remote archives
apt:
update_cache: true
changed_when: false
- name: Set-up /etc/hosts entries
lineinfile:
dest: /etc/hosts
line: "{{ ansible_eth0.ipv4.address }} parameters-mandatory parameters-optional.local parameters-paste-req wsgi-website"
- name: Install curl for testing redirects and webpage content
apt:
name: curl
state: present
- name: Install swaks for testing mail forwarding
apt:
name: swaks
state: present
- name: Install net-tools for testing sockets
apt:
name: net-tools
state: present
- name: Install Postfix for testing mail forwarding (Exim4 not covered)
apt:
name: postfix
state: present
- name: Install procmail for consistency with mail_server and mail_forwarder roles
apt:
name: procmail
state: present
- name: Update Postfix configuration
lineinfile:
path: /etc/postfix/main.cf
regexp: "^{{ item.key }}"
line: "{{ item.value }}"
state: present
with_dict:
myhostname: "myhostname = {{ inventory_hostname }}"
mailbox_command: 'mailbox_command = procmail -a "$EXTENSION"'
notify:
- Restart Postfix
- name: Direct all mails from the root account to vagrant (Stretch image does not do that by default)
lineinfile:
path: /etc/aliases
regexp: "^root"
line: "root: vagrant"
state: present
notify:
- Generate aliases database
- name: Set-up group for an additional user
group:
name: user
state: present
- name: Set-up additional user for testing mail delivery
user:
name: user
group: user
shell: /bin/bash
- name: Remove the ss utility (see https://github.com/philpep/testinfra/pull/320)
file:
path: "/bin/ss"
state: absent
handlers:
- name: Restart Postfix
service:
name: postfix
state: restarted
- name: Generate aliases database
command: "/usr/bin/newaliases"
|