--- - name: Set-up fixtures hosts: localhost connection: local gather_facts: false tasks: - name: Initialise CA hierarchy command: "gimmecert init" args: creates: ".gimmecert/ca/level1.cert.pem" chdir: "tests/data/" - name: Generate server private keys and certificates command: args: chdir: "tests/data/" creates: ".gimmecert/server/{{ item.name }}.cert.pem" argv: "{{ ['gimmecert', 'server', item.name] + item.fqdn }}" with_items: - name: ldap-server_ldap fqdn: - ldap-server - name: parameters-mandatory-buster64_xmpp fqdn: - parameters-mandatory - domain1 - proxy.domain1 - conference.domain1 - name: parameters-optional-buster64_xmpp fqdn: - parameters-optional - domain2 - proxy.domain2 - conference.domain2 - domain3 - proxy.domain3 - conference.domain3 - name: deprecated-buster64_xmpp fqdn: - deprecated - domain4 - proxy.domain4 - conference.domain4 - name: Set-up link to generated X.509 material file: src: ".gimmecert" dest: "tests/data/x509" state: link - name: Prepare hosts: all gather_facts: false tasks: - name: Install python for Ansible raw: test -e /usr/bin/python3 || (apt -y update && apt install -y python3-minimal) become: true changed_when: false - hosts: all become: true tasks: - name: Update all caches to avoid errors due to missing remote archives apt: update_cache: true changed_when: false - name: Install tools for testing apt: name: - gnutls-bin - nmap state: present - name: Use name provided via CLI when running STARTTLS handshake for XMPP via nmap replace: path: "/usr/share/nmap/nselib/sslcert.lua" regexp: "host\\.name\\)" replace: "host.targetname)" - hosts: buster become: true tasks: - name: Set-up the hosts file lineinfile: path: /etc/hosts regexp: "^{{ item.key }}" line: "{{ item.key }} {{ item.value }}" owner: root group: root mode: 0644 state: present with_dict: 192.168.56.10: "ldap-server backup-server" 192.168.56.20: "client-buster" 192.168.56.30: "parameters-mandatory domain1 proxy.domain1 conference.domain1" 192.168.56.31: "parameters-optional domain2 proxy.domain2 conference.domain2 domain3 proxy.domain3 conference.domain3" 192.168.56.32: "deprecated domain4 proxy.domain4 conference.domain4" - name: Enable TLSv1.0+ in global OpenSSL configuration file in order to be able to test the xmpp_server_tls_protocol parameter lineinfile: path: "/etc/ssl/openssl.cnf" regexp: "^MinProtocol =" line: "MinProtocol = TLSv1.0" owner: root group: root mode: 0644 state: present # @WORKAROUND: Prosody repository override # # Prosody project has killed off Debian Buster repositories. Trick # the system to install packages from custom repository location # instead. - name: Override server IP for Prosody repository via hosts file lineinfile: path: /etc/hosts regexp: line: "{{ lookup('dig', 'prosody.repo.majic.rs') }} packages.prosody.im" owner: root group: root mode: 0644 state: present tags: - workaround:prosody_repository_override - name: Add workaround Prosody repository signing key apt_key: data: "{{ lookup('file', 'workaround_prosody_repository_signing_key.asc') }}" state: present tags: - workaround:prosody_repository_override - hosts: deprecated become: true tasks: - name: Add Prosody repository signing key apt_key: data: "{{ lookup('file', 'prosody-debian-gpg-key.asc') }}" state: present - name: Add Prosody repository apt_repository: repo: "deb http://packages.prosody.im/debian {{ ansible_distribution_release }} main" state: present - name: Install Prosody (from Prosody repository) apt: name: prosody-0.11 state: present - name: Set-up directory for storing additional Prosody modules file: path: "/usr/local/lib/prosody/modules/" state: directory owner: root group: root mode: 0755 - hosts: clients become: true tasks: - name: Install tool for testing TCP connectivity apt: name: hping3 state: present - name: Deploy CA certificate copy: src: tests/data/x509/ca/level1.cert.pem dest: /usr/local/share/ca-certificates/testca.crt owner: root group: root mode: 0644 notify: - Update CA certificate cache - name: Install console-based XMPP client (for interactive testing) apt: name: mcabber state: present - name: Install console-based XMPP tool (for non-interactive testing) apt: name: sendxmpp state: present - name: Create dedicated group for testing group: name: user state: present - name: Create dedicated user for testing user: name: user group: user shell: /bin/bash - name: Deploy mcabber configuration files template: src: tests/data/mcabber.cfg.j2 dest: "~user/{{ item.jid }}.cfg" owner: user group: user mode: 0600 with_items: - jid: john.doe@domain1 password: johnpassword server: domain1 security: tls nickname: john.doe - jid: jane.doe@domain2 password: janepassword server: domain2 security: ssl nickname: jane.doe - jid: mick.doe@domain3 password: mickpassword server: domain3 security: tls nickname: mick.doe - jid: noxmpp@domain1 password: noxmpppassword server: domain1 security: tls nickname: noxmpp - jid: eve.doe@domain4 password: evepassword server: domain4 security: tls nickname: eve.doe handlers: - name: Update CA certificate cache command: /usr/sbin/update-ca-certificates --fresh - hosts: ldap-server become: true roles: - ldap_server - backup_server - hosts: ldap-server become: true tasks: - name: Create LDAP accounts for testing ldap_entry: dn: "{{ item.dn }}" objectClass: "{{ item.objectClass }}" attributes: "{{ item.attributes }}" with_items: - dn: uid=john,ou=people,dc=local objectClass: - inetOrgPerson - simpleSecurityObject attributes: userPassword: johnpassword uid: john cn: John Doe sn: Doe mail: john.doe@domain1 - dn: uid=jane,ou=people,dc=local objectClass: - inetOrgPerson - simpleSecurityObject attributes: userPassword: janepassword uid: jane cn: Jane Doe sn: Doe mail: jane.doe@domain2 - dn: uid=mick,ou=people,dc=local objectClass: - inetOrgPerson - simpleSecurityObject attributes: userPassword: mickpassword uid: mick cn: Mick Doe sn: Doe mail: mick.doe@domain3 - dn: uid=noxmpp,ou=people,dc=local objectClass: - inetOrgPerson - simpleSecurityObject attributes: userPassword: noxmpppassword uid: noxmpp cn: No XMPP sn: XMPP mail: noxmpp@domain1 - dn: uid=eve,ou=people,dc=local objectClass: - inetOrgPerson - simpleSecurityObject attributes: userPassword: evepassword uid: eve cn: Eve Doe sn: Doe mail: eve.doe@domain4 - name: Add test accounts to correct group ldap_attr: dn: "cn=xmpp,ou=groups,dc=local" name: uniqueMember state: exact values: - uid=john,ou=people,dc=local - uid=jane,ou=people,dc=local - uid=mick,ou=people,dc=local - uid=eve,ou=people,dc=local - hosts: parameters-mandatory,parameters-optional,deprecated become: true tasks: - name: Install console-based XMPP tool (for non-interactive testing) apt: name: sendxmpp state: present - name: Deploy small Lua script for listing the enabled modules in Prosody copy: src: list_prosody_modules.lua dest: "/usr/local/bin/list_prosody_modules.lua" owner: root group: root mode: 0755