--- - name: Prepare, test fixtures hosts: localhost connection: local gather_facts: false tasks: - name: Initialise CA hierarchy ansible.builtin.command: "gimmecert init" args: creates: ".gimmecert/ca/level1.cert.pem" chdir: "tests/data/" - name: Generate server private keys and certificates ansible.builtin.command: args: chdir: "tests/data/" creates: ".gimmecert/server/{{ item.name }}.cert.pem" argv: - "gimmecert" - "server" - "{{ item.name }}" - "{{ item.fqdn }}" with_items: - name: parameters-mandatory-bookworm_https fqdn: parameters-mandatory-bookworm - name: parameters-optional-bookworm_https fqdn: parameters-optional-bookworm - name: Set-up link to generated X.509 material ansible.builtin.file: src: ".gimmecert" dest: "tests/data/x509" state: link - name: Prepare hosts: all become: true gather_facts: false tasks: - name: Install python for Ansible ansible.builtin.raw: test -e /usr/bin/python3 || (apt -y update && apt install -y python3-minimal) changed_when: false - name: Update all caches to avoid errors due to missing remote archives ansible.builtin.apt: update_cache: true changed_when: false - name: Install tools for testing ansible.builtin.apt: name: - gnutls-bin - nmap state: present - name: Prepare, test fixtures hosts: bookworm become: true tasks: - name: Enable TLSv1.0+ in global OpenSSL configuration file in order to be able to test the web_server_tls_protocols parameter ansible.builtin.blockinfile: path: "/etc/ssl/openssl.cnf" block: | [openssl_init] ssl_conf = ssl_sect [ssl_sect] system_default = system_default_sect [system_default_sect] MinProtocol = TLSv1.1 CipherString = DEFAULT@SECLEVEL=0 owner: root group: root mode: "0644" state: present - name: Prepare, test fixtures hosts: all become: true tasks: - name: Set-up the hosts file ansible.builtin.lineinfile: path: /etc/hosts regexp: "^{{ item.key }}" line: "{{ item.key }} {{ item.value }}" owner: root group: root mode: "0644" state: present with_dict: 192.168.56.11: "client" 192.168.56.21: "parameters-mandatory-bookworm" 192.168.56.22: "parameters-optional-bookworm" - name: Install curl for testing redirects and webpage content ansible.builtin.apt: name: curl state: present - name: Prepare, helpers hosts: client become: true tasks: - name: Install tool for testing TCP connectivity ansible.builtin.apt: name: hping3 state: present - name: Install console-based web browser for interactive testing ansible.builtin.apt: name: lynx state: present - name: Deploy CA certificate ansible.builtin.copy: src: tests/data/x509/ca/level1.cert.pem dest: /usr/local/share/ca-certificates/testca.crt owner: root group: root mode: "0644" notify: - Update CA certificate cache handlers: - name: Update CA certificate cache # noqa no-changed-when ansible.builtin.command: /usr/sbin/update-ca-certificates --fresh # [no-changed-when] Commands should not change things if nothing needs doing # Does not matter in test prepare stage.