--- - hosts: all tasks: - name: Update all caches to avoid errors due to missing remote archives apt: update_cache: yes - hosts: all tasks: - name: Set-up /etc/hosts entries lineinfile: dest: /etc/hosts line: "{{ item.key }} {{ item.value }}" with_dict: 10.31.127.20: "client1" 10.31.127.30: "parameters-mandatory" 10.31.127.31: "parameters-optional" - hosts: client1 tasks: - name: Install tool for testing TCP connectivity apt: name: hping3 state: installed - name: Install console-based web browser for interactive testing apt: name: lynx state: installed - name: Deploy CA certificate copy: src: tests/data/x509/ca.cert.pem dest: /usr/local/share/ca-certificates/testca.crt owner: root group: root mode: 0644 notify: - Update CA certificate cache handlers: - name: Update CA certificate cache command: /usr/sbin/update-ca-certificates --fresh - hosts: parameters-mandatory roles: - role: web_server # common ca_certificates: testca: "{{ lookup('file', 'tests/data/x509/ca.cert.pem') }}" # Common parameters (general, not role). tls_certificate_dir: tests/data/x509/ tls_private_key_dir: tests/data/x509/ - hosts: parameters-optional roles: - role: web_server default_enforce_https: no default_https_tls_certificate: "{{ lookup('file', 'tests/data/x509/parameters-optional_https.cert.pem') }}" default_https_tls_key: "{{ lookup('file', 'tests/data/x509/parameters-optional_https.key.pem') }}" web_default_title: "Optional Welcome" web_default_message: "Welcome to parameters-optional, default virtual host." web_server_tls_protocols: - TLSv1.1 - TLSv1.2 web_server_tls_ciphers: "DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:!aNULL:!MD5:!EXPORT" # common ca_certificates: testca: "{{ lookup('file', 'tests/data/x509/ca.cert.pem') }}"