--- - name: Prepare, test fixtures hosts: localhost connection: local gather_facts: false tasks: - name: Initialise CA hierarchy command: "gimmecert init --ca-hierarchy-depth 2" args: creates: ".gimmecert/ca/level1.cert.pem" chdir: "tests/data/" - name: Set-up link to generated X.509 material file: src: ".gimmecert" dest: "tests/data/x509" state: link - name: Prepare hosts: all become: true gather_facts: false tasks: - name: Install python for Ansible raw: test -e /usr/bin/python3 || (apt -y update && apt install -y python3-minimal) changed_when: false - name: Update all caches to avoid errors due to missing remote archives apt: update_cache: true changed_when: false - name: Install net-tools for running Testinfra host.socket tests apt: name: net-tools state: present - name: Remove the ss utility (see https://github.com/philpep/testinfra/pull/320) file: path: "/bin/ss" state: absent - name: Prepare, helpers hosts: helper become: true tasks: - name: Install apt-cacher-ng apt: name: apt-cacher-ng state: present - name: Prepare, helpers hosts: client become: true tasks: - name: Install tool for testing TCP connectivity apt: name: nmap state: present - name: Set-up /etc/hosts with entries for all servers lineinfile: path: /etc/hosts regexp: "^{{ item.key }}" line: "{{ item.key }} {{ item.value }}" owner: root group: root mode: "0644" state: present with_dict: 192.168.56.21: parameters-mandatory-bookworm 192.168.56.22: parameters-optional-bookworm fd00::192:168:56:21: parameters-mandatory-bookworm fd00::192:168:56:22: parameters-optional-bookworm - name: Prepare, test fixtures hosts: parameters-mandatory,parameters-optional become: true tasks: - name: Set-up /etc/hosts with entries for all servers lineinfile: path: /etc/hosts regexp: "^{{ item.key }}" line: "{{ item.key }} {{ item.value }}" owner: root group: root mode: "0644" state: present with_dict: 192.168.56.3: client1 192.168.56.4: client2 - name: Load legacy iptables to test their removal modprobe: name: "{{ item }}" state: present with_items: - iptable_filter - iptable_nat - iptable_mangle - iptable_security - iptable_raw - ip6table_filter - ip6table_nat - ip6table_mangle - ip6table_security - ip6table_raw - name: Create some custom legacy iptables chains for testing their removal (max chain name length is 29) # noqa no-changed-when # [no-changed-when] Commands should not change things if nothing needs doing # Does not matter in test prepare stage. command: "iptables-legacy -t '{{ item }}' -N '{{ (ansible_date_time.iso8601_micro | to_uuid)[:28] }}'" with_items: - filter - nat - mangle - security - raw - name: Create some custom legacy ip6tables chains for testing their removal (max chain name length is 29) # noqa no-changed-when # [no-changed-when] Commands should not change things if nothing needs doing # Does not matter in test prepare stage. command: "ip6tables-legacy -t '{{ item }}' -N '{{ (ansible_date_time.iso8601_micro | to_uuid)[:28] }}'" with_items: - filter - nat - mangle - security - raw - name: Create deprecated directory for storing requirements files created using Python 3 (pip requirements upgrade checks) file: path: "/etc/pip_check_requirements_upgrades-py3" state: directory owner: root group: root mode: "0750" - name: Create deprecated directory for Python 3 virtual environment (pip requirements upgrade checks) file: path: "/var/lib/pipreqcheck/virtualenv-py3/" state: directory owner: root group: root mode: "0750" - name: Create deprecated cronjob file for Python 3 (pip requirements upgrade checks) file: path: "/etc/cron.d/check_pip_requirements-py3" state: touch owner: root group: root mode: "0644" - name: Install the deprecated/obsolete NTP-related packages apt: name: - ntp - ntpdate state: present