--- - hosts: all tasks: - name: Update all caches to avoid errors due to missing remote archives apt: update_cache: yes - hosts: parameters-mandatory.local roles: - role: ldap_server ldap_admin_password: adminpassword # ldap_client ldap_client_config: - comment: CA truststore option: TLS_CACERT value: /etc/ssl/certs/testca.cert.pem - comment: Ensure TLS is enforced option: TLS_REQCERT value: demand # common vars (not the role, global common) tls_private_key_dir: tests/data/x509/ tls_certificate_dir: tests/data/x509/ - hosts: parameters-optional roles: - role: backup_server backup_host_ssh_private_keys: dsa: "{{ lookup('file', 'tests/data/ssh/server_dsa') }}" rsa: "{{ lookup('file', 'tests/data/ssh/server_rsa') }}" ed25519: "{{ lookup('file', 'tests/data/ssh/server_ed25519') }}" ecdsa: "{{ lookup('file', 'tests/data/ssh/server_ecdsa') }}" backup_clients: - server: parameters-optional ip: 127.0.0.1 public_key: "{{ lookup('file', 'tests/data/ssh/parameters-optional.pub') }}" - hosts: parameters-optional roles: - role: ldap_server ldap_admin_password: adminpassword ldap_entries: - dn: uid=john,dc=local attributes: objectClass: - inetOrgPerson - simpleSecurityObject userPassword: johnpassword uid: john cn: John Doe sn: Doe - dn: uid=jane,dc=local attributes: objectClass: - inetOrgPerson - simpleSecurityObject userPassword: janepassword uid: jane cn: Jane Doe sn: Doe ldap_permissions: - > to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by self write by * read by dn="cn=admin,dc=local" write by * none ldap_server_consumers: - name: consumer1 password: consumer1password - name: consumer2 password: consumer2password state: present - name: consumer3 password: consumer3password state: absent ldap_server_groups: - name: group1 - name: group2 state: present - name: group3 state: absent ldap_server_domain: "local" ldap_server_organization: "Example" ldap_server_log_level: 0 ldap_server_tls_certificate: "{{ lookup('file', 'tests/data/x509/parameters-optional.cert.pem') }}" ldap_server_tls_key: "{{ lookup('file', 'tests/data/x509/parameters-optional.key.pem') }}" ldap_server_ssf: 0 ldap_tls_ciphers: "NONE:+VERS-TLS1.1:+VERS-TLS1.2:+CTYPE-X509:+COMP-NULL:+SIGN-RSA-SHA256:+SIGN-RSA-SHA384:+SIGN-RSA-SHA512:+DHE-RSA:+ECDHE-RSA:+SHA1:+SHA256:+SHA384:+AEAD:+AES-128-GCM:+AES-128-CBC:+AES-256-GCM:+AES-256-CBC:+CURVE-ALL" # ldap_client ldap_client_config: - comment: CA truststore option: TLS_CACERT value: /etc/ssl/certs/testca.cert.pem - comment: Ensure TLS is enforced option: TLS_REQCERT value: demand # backup_client enable_backup: yes backup_encryption_key: "{{ lookup('file', 'tests/data/gnupg/parameters-optional.asc') }}" backup_server: localhost backup_server_host_ssh_public_keys: - "{{ lookup('file', 'tests/data/ssh/server_dsa.pub') }}" - "{{ lookup('file', 'tests/data/ssh/server_rsa.pub') }}" - "{{ lookup('file', 'tests/data/ssh/server_ed25519.pub') }}" - "{{ lookup('file', 'tests/data/ssh/server_ecdsa.pub') }}" backup_ssh_key: "{{ lookup('file', 'tests/data/ssh/parameters-optional' ) }}" - hosts: all tasks: - name: Deploy CA certificate copy: src: tests/data/x509/ca.cert.pem dest: /etc/ssl/certs/testca.cert.pem owner: root group: root mode: 0644 - hosts: client tasks: - name: Install tool for teting TCP connectivity apt: name: hping3 state: installed