--- - name: Set-up fixtures hosts: localhost connection: local gather_facts: false tasks: - name: Initialise CA hierarchy command: "gimmecert init" args: creates: ".gimmecert/ca/level1.cert.pem" chdir: "tests/data/" - name: Generate server private keys and certificates command: args: chdir: "tests/data/" creates: ".gimmecert/server/{{ item.name }}.cert.pem" argv: - "gimmecert" - "server" - "{{ item.name }}" - "{{ item.fqdn }}" with_items: - name: parameters-mandatory-bullseye_ldap fqdn: parameters-mandatory - name: parameters-optional-bullseye_ldap fqdn: parameters-optional - name: parameters-mandatory-bookworm_ldap fqdn: parameters-mandatory - name: parameters-optional-bookworm_ldap fqdn: parameters-optional - name: Set-up link to generated X.509 material file: src: ".gimmecert" dest: "tests/data/x509" state: link - name: Prepare hosts: all gather_facts: false tasks: - name: Install python for Ansible raw: test -e /usr/bin/python3 || (apt -y update && apt install -y python3-minimal) become: true changed_when: false - hosts: all become: true tasks: - name: Update all caches to avoid errors due to missing remote archives apt: update_cache: true changed_when: false - name: Deploy CA certificate copy: src: tests/data/x509/ca/level1.cert.pem dest: /etc/ssl/certs/testca.cert.pem owner: root group: root mode: 0644 - hosts: client become: true tasks: - name: Install tool for teting TCP connectivity apt: name: hping3 state: present - name: Set-up /etc/hosts with entries for all servers lineinfile: path: /etc/hosts regexp: "^{{ item.key }}" line: "{{ item.key }} {{ item.value }}" owner: root group: root mode: 0644 state: present with_dict: 192.168.56.31: parameters-mandatory-bullseye 192.168.56.32: parameters-optional-bullseye 192.168.56.21: parameters-mandatory-bookworm 192.168.56.22: parameters-optional-bookworm - hosts: parameters-optional become: true tasks: - name: Set-up the hosts file lineinfile: path: /etc/hosts regexp: "^{{ item.key }}" line: "{{ item.key }} {{ item.value }}" owner: root group: root mode: 0644 state: present with_dict: 127.0.2.1: parameters-optional - hosts: parameters-mandatory become: true tasks: - name: Set-up the hosts file lineinfile: path: /etc/hosts regexp: "^{{ item.key }}" line: "{{ item.key }} {{ item.value }}" owner: root group: root mode: 0644 state: present with_dict: 127.0.2.1: parameters-mandatory - hosts: backup-server become: true roles: - role: backup_server backup_host_ssh_private_keys: rsa: "{{ lookup('file', 'tests/data/ssh/server_rsa') }}" ed25519: "{{ lookup('file', 'tests/data/ssh/server_ed25519') }}" ecdsa: "{{ lookup('file', 'tests/data/ssh/server_ecdsa') }}" backup_clients: - server: localhost ip: 127.0.0.1 public_key: "{{ lookup('file', 'tests/data/ssh/parameters-optional.pub') }}" - hosts: parameters-mandatory,parameters-optional become: true tasks: - name: Remove the ss utility (see https://github.com/philpep/testinfra/pull/320) file: path: "/bin/ss" state: absent - name: Install tools for testing apt: name: - net-tools - nmap - gnutls-bin state: present