Files @ a52f9fdabd0f
Branch filter:

Location: majic-ansible-roles/testsite/group_vars/all.yml

branko
MAR-132: Added support for Debian 9 (Stretch) to web_server role:

- Introduced internal parameters for controlling differing package
names, service names, and paths for PHP FPM package.
- Added Debian 9 machines to Molecule configuration, including the
client machine.
- Restructured slightly preparaiton playbook to support both Jessie
and Stretch.
- Added custom pytest fixture for having a better way to determine
expected package names etc related to PHP.
- Created copy of private key/certificate pair used for testing of
mandatory parameters (to be used with Stretch machine).
- Fixed invalid specification for hosts on top of which the
connectivity test should be run.
- Updated a couple of task names (avoiding to reference PHP 5).
- Updated documentation.
---

# Define domain for the test site that should be used.
testsite_domain: example.com

# Derive some additional values that will be used - basing them on domain.
testsite_domain_underscores: "{{ testsite_domain | regex_replace('\\.', '_') }}"
testsite_domain_alternative: "{{ testsite_domain | regex_replace('\\.[^.]+$', '.something') }}"
testsite_ldap_base: "{{ testsite_domain | regex_replace('\\.', ',dc=') | regex_replace('^', 'dc=') }}"

# Configuration for roles bootstrap and preseed.
ansible_key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"

# Configuration for role 'common', shared across all servers.
os_users:
  - name: admin
    uid: 1000
    additional_groups:
      - sudo
    authorized_keys:
      - "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"
    password: '$6$/aerscJY6aevRG$ABBCymEDtk2mHW/dklre9dMEdgZNJvVHsGLCzgjGmy61FssZ.KW7ePcO2wsMGIkHcg3mZlrA4dhYh.APq9OQu0'
  - name: johndoe
    uid: 1001
    additional_groups:
      - office
      - developer
    password: '$6$cJnUatae7cMz23fl$O3HE2TslnEaKaTDSZnvuDDrfqILAiuMV1wOPGVnkUQFxUu3gIWZOyO7AI1OWYkqeQMVBiezpSqYNiQy6NF6bi0'

os_groups:
  - name: office
    gid: 1500
  - name: developer
    gid: 1501

common_packages:
  - emacs24-nox
  - screen
  - debconf-utils
  - colordiff
  - unzip

ca_certificates:
  "ca": "{{ lookup('file', inventory_dir + '/tls/ca.pem') }}"

incoming_connection_limit: 2/second

incoming_connection_limit_burst: 6

# Default LDAP client configuration.
ldap_client_config:
  - comment: Set the base DN
    option: BASE
    value: "{{ testsite_ldap_base }}"
  - comment: Set the default URI
    option: URI
    value: ldap://ldap.{{ testsite_domain }}/
  - comment: Set the LDAP TLS truststore
    option: TLS_CACERT
    value: /etc/ssl/certs/ca.pem
  - comment: Enforce TLS
    option: TLS_REQCERT
    value: demand

# Enable and configure backups
enable_backup: true

backup_additional_encryption_keys:
  - "{{ lookup('pipe', 'gpg2 --homedir \"' + inventory_dir + '/backup_keyring' + '\" --armor --export backup.' + testsite_domain ) }}"

backup_encryption_key: "{{ lookup('pipe', 'gpg2 --homedir \"' + inventory_dir + '/backup_keyring' + '\" --armor --export-secret-keys ' + ansible_fqdn ) }}"

backup_server: "backup.{{ testsite_domain }}"

backup_server_host_ssh_public_keys:
  - "{{ lookup('file', inventory_dir + '/ssh/backup_server_dsa_key.pub') }}"
  - "{{ lookup('file', inventory_dir + '/ssh/backup_server_rsa_key.pub') }}"
  - "{{ lookup('file', inventory_dir + '/ssh/backup_server_ed25519_key.pub') }}"
  - "{{ lookup('file', inventory_dir + '/ssh/backup_server_ecdsa_key.pub') }}"

backup_ssh_key: "{{ lookup('file', inventory_dir + '/ssh/' + ansible_fqdn) }}"

# Set-up prompt.
prompt_colour: light_purple
prompt_id: MAR

# Set-up NTP time synchronisation.
ntp_servers:
  - "0.debian.pool.ntp.org"
  - "1.debian.pool.ntp.org"
  - "2.debian.pool.ntp.org"
  - "3.debian.pool.ntp.org"