--- - hosts: all tasks: - name: Update all caches to avoid errors due to missing remote archives apt: update_cache: yes changed_when: False - hosts: all tasks: - name: Set-up /etc/hosts entries lineinfile: dest: /etc/hosts line: "{{ item.key }} {{ item.value }}" with_dict: 10.31.127.10: "ldap-server backup-server" 10.31.127.20: "client1" 10.31.127.30: "parameters-mandatory domain1 proxy.domain1 conference.domain1" 10.31.127.31: "parameters-optional domain2 proxy.domain2 conference.domain2 domain3 proxy.domain3 conference.domain3" - hosts: client1 tasks: - name: Install tool for testing TCP connectivity apt: name: hping3 state: installed - name: Deploy CA certificate copy: src: tests/data/x509/ca.cert.pem dest: /usr/local/share/ca-certificates/testca.crt owner: root group: root mode: 0644 notify: - Update CA certificate cache - name: Install console-based XMPP client (for interactive testing) apt: name: mcabber state: installed - name: Install console-based XMPP tool (for non-interactive testing) apt: name: sendxmpp state: installed - name: Create dedicated group for testing group: name: user state: present - name: Create dedicated user for testing user: name: user group: user shell: /bin/bash - name: Deploy mcabber configuration files template: src: tests/data/mcabber.cfg.j2 dest: "~user/{{ item.jid }}.cfg" owner: user group: user mode: 0600 with_items: - jid: john.doe@domain1 password: johnpassword server: domain1 security: tls nickname: john.doe - jid: jane.doe@domain2 password: janepassword server: domain2 security: ssl nickname: jane.doe - jid: mick.doe@domain3 password: mickpassword server: domain3 security: tls nickname: mick.doe - jid: noxmpp@domain1 password: noxmpppassword server: domain1 security: tls nickname: noxmpp handlers: - name: Update CA certificate cache command: /usr/sbin/update-ca-certificates --fresh - hosts: ldap-server roles: - role: ldap_server ldap_admin_password: admin ldap_entries: # Users - dn: uid=john,ou=people,dc=local attributes: objectClass: - inetOrgPerson - simpleSecurityObject userPassword: johnpassword uid: john cn: John Doe sn: Doe mail: john.doe@domain1 - dn: uid=jane,ou=people,dc=local attributes: objectClass: - inetOrgPerson - simpleSecurityObject userPassword: janepassword uid: jane cn: Jane Doe sn: Doe mail: jane.doe@domain2 - dn: uid=mick,ou=people,dc=local attributes: objectClass: - inetOrgPerson - simpleSecurityObject userPassword: mickpassword uid: mick cn: Mick Doe sn: Doe mail: mick.doe@domain3 - dn: uid=noxmpp,ou=people,dc=local attributes: objectClass: - inetOrgPerson - simpleSecurityObject userPassword: noxmpppassword uid: noxmpp cn: No XMPP sn: XMPP mail: noxmpp@domain1 # Groups - dn: "cn=xmpp,ou=groups,dc=local" state: append attributes: uniqueMember: - uid=john,ou=people,dc=local - uid=jane,ou=people,dc=local - uid=mick,ou=people,dc=local ldap_server_consumers: - name: prosody password: prosodypassword ldap_server_domain: "local" ldap_server_groups: - name: xmpp ldap_server_organization: "Example" ldap_server_tls_certificate: "{{ lookup('file', 'tests/data/x509/ldap-server_ldap.cert.pem') }}" ldap_server_tls_key: "{{ lookup('file', 'tests/data/x509/ldap-server_ldap.key.pem') }}" # common ca_certificates: testca: "{{ lookup('file', 'tests/data/x509/ca.cert.pem') }}" # ldap_client ldap_client_config: - comment: CA truststore option: TLS_CACERT value: /etc/ssl/certs/testca.cert.pem - comment: Ensure TLS is enforced option: TLS_REQCERT value: demand - comment: Base DN option: BASE value: dc=local - comment: URI option: URI value: ldapi:/// - role: backup_server backup_host_ssh_private_keys: dsa: "{{ lookup('file', 'tests/data/ssh/server_dsa') }}" rsa: "{{ lookup('file', 'tests/data/ssh/server_rsa') }}" ed25519: "{{ lookup('file', 'tests/data/ssh/server_ed25519') }}" ecdsa: "{{ lookup('file', 'tests/data/ssh/server_ecdsa') }}" backup_clients: - server: parameters-optional ip: 10.31.127.31 public_key: "{{ lookup('file', 'tests/data/ssh/parameters-optional.pub') }}" - hosts: parameters-mandatory.domain1 roles: - role: xmpp_server xmpp_administrators: - john.doe@domain1 xmpp_ldap_base_dn: dc=local xmpp_ldap_password: prosodypassword xmpp_ldap_server: ldap-server # Common parameters (general, not role). tls_certificate_dir: tests/data/x509/ tls_private_key_dir: tests/data/x509/ # common ca_certificates: testca: "{{ lookup('file', 'tests/data/x509/ca.cert.pem') }}" - hosts: parameters-optional roles: - role: xmpp_server xmpp_administrators: - jane.doe@domain2 - mick.doe@domain3 xmpp_domains: - domain2 - domain3 xmpp_ldap_base_dn: dc=local xmpp_ldap_password: prosodypassword xmpp_ldap_server: ldap-server xmpp_tls_certificate: "{{ lookup('file', 'tests/data/x509/parameters-optional_xmpp.cert.pem') }}" xmpp_tls_key: "{{ lookup('file', 'tests/data/x509/parameters-optional_xmpp.key.pem') }}" # Common parameters (general, not role). tls_certificate_dir: tests/data/x509/ tls_private_key_dir: tests/data/x509/ # common ca_certificates: testca: "{{ lookup('file', 'tests/data/x509/ca.cert.pem') }}" # backup_client enable_backup: yes backup_encryption_key: "{{ lookup('file', 'tests/data/gnupg/parameters-optional.asc') }}" backup_server: backup-server backup_server_host_ssh_public_keys: - "{{ lookup('file', 'tests/data/ssh/server_dsa.pub') }}" - "{{ lookup('file', 'tests/data/ssh/server_rsa.pub') }}" - "{{ lookup('file', 'tests/data/ssh/server_ed25519.pub') }}" - "{{ lookup('file', 'tests/data/ssh/server_ecdsa.pub') }}" backup_ssh_key: "{{ lookup('file', 'tests/data/ssh/parameters-optional' ) }}" - hosts: parameters-optional tasks: - name: Install console-based XMPP tool (for non-interactive testing) apt: name: sendxmpp state: installed