diff options
Diffstat (limited to 'ansible/roles')
9 files changed, 92 insertions, 4 deletions
diff --git a/ansible/roles/certificates/defaults/main.yml b/ansible/roles/certificates/defaults/main.yml index ad3422c9..a8bc1769 100644 --- a/ansible/roles/certificates/defaults/main.yml +++ b/ansible/roles/certificates/defaults/main.yml @@ -2,3 +2,11 @@ # Generate certs to local current dir where ansible in run (= playbook_dir) # After ansible run, dir can be deleted but idempotence is lost and certs are re-generated in next run certificates_local_dir: "{{ playbook_dir }}/certs" +root_ca_path: + RedHat: "/etc/pki/ca-trust/source/anchors/" + Debian: "/usr/local/share/ca-certificates/" +extract_root_cert: + RedHat: + update_command: /usr/bin/update-ca-trust extract + Debian: + update_command: update-ca-certificates diff --git a/ansible/roles/certificates/handlers/main.yml b/ansible/roles/certificates/handlers/main.yml index 579b5228..ed80f53f 100644 --- a/ansible/roles/certificates/handlers/main.yml +++ b/ansible/roles/certificates/handlers/main.yml @@ -1,5 +1,5 @@ --- - name: Extract root certificate - command: /usr/bin/update-ca-trust extract + command: "{{ extract_root_cert[ansible_os_family].update_command }}" changed_when: true # this handler is executed just when there is a new cert notify: Restart Docker diff --git a/ansible/roles/certificates/molecule/default/tests/test_default.py b/ansible/roles/certificates/molecule/default/tests/test_default.py index d4314e56..16931fb7 100644 --- a/ansible/roles/certificates/molecule/default/tests/test_default.py +++ b/ansible/roles/certificates/molecule/default/tests/test_default.py @@ -12,8 +12,10 @@ testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( ]) def test_cert_file_installed(host, cert_file): os = host.system_info.distribution - if os == "centos": + if (os == "centos"): f = host.file('/etc/pki/ca-trust/source/anchors/' + cert_file) + if (os == "ubuntu"): + f = host.file('/usr/local/share/ca-certificates/' + cert_file) assert f.exists assert f.user == 'root' diff --git a/ansible/roles/certificates/molecule/default/tests/test_infrastructure.py b/ansible/roles/certificates/molecule/default/tests/test_infrastructure.py index 56b12935..6a0aec03 100644 --- a/ansible/roles/certificates/molecule/default/tests/test_infrastructure.py +++ b/ansible/roles/certificates/molecule/default/tests/test_infrastructure.py @@ -27,7 +27,13 @@ def test_generated_cert_files_copied_to_infra(host, cert_file, group_vars): assert f.user == 'root' assert f.group == 'root' + os = host.system_info.distribution + if (os == "centos"): + node_directory = "certs/" + elif (os == "ubuntu"): + node_directory = "../default/certs/" + # Verify cert files content locally is as in node - with open("certs/" + cert_file) as local_cert_file: + with open(node_directory + cert_file) as local_cert_file: local_content = local_cert_file.read().strip() assert local_content == f.content_string diff --git a/ansible/roles/certificates/molecule/ubuntu/.gitignore b/ansible/roles/certificates/molecule/ubuntu/.gitignore new file mode 100644 index 00000000..df912870 --- /dev/null +++ b/ansible/roles/certificates/molecule/ubuntu/.gitignore @@ -0,0 +1 @@ +certs/ diff --git a/ansible/roles/certificates/molecule/ubuntu/group_vars b/ansible/roles/certificates/molecule/ubuntu/group_vars new file mode 120000 index 00000000..5ce8257f --- /dev/null +++ b/ansible/roles/certificates/molecule/ubuntu/group_vars @@ -0,0 +1 @@ +../default/group_vars/
\ No newline at end of file diff --git a/ansible/roles/certificates/molecule/ubuntu/host_vars b/ansible/roles/certificates/molecule/ubuntu/host_vars new file mode 120000 index 00000000..a7046132 --- /dev/null +++ b/ansible/roles/certificates/molecule/ubuntu/host_vars @@ -0,0 +1 @@ +../default/host_vars/
\ No newline at end of file diff --git a/ansible/roles/certificates/molecule/ubuntu/molecule.yml b/ansible/roles/certificates/molecule/ubuntu/molecule.yml new file mode 100644 index 00000000..051379df --- /dev/null +++ b/ansible/roles/certificates/molecule/ubuntu/molecule.yml @@ -0,0 +1,69 @@ +--- +dependency: + name: galaxy +driver: + name: docker +lint: + name: yamllint +platforms: + - name: infrastructure-server + image: molecule-${PREBUILD_PLATFORM_DISTRO:-ubuntu}:${PREBUILD_DISTRO_VERSION:-18.04} + pre_build_image: true + privileged: true + command: ${MOLECULE_DOCKER_COMMAND:-""} + groups: + - infrastructure + - name: kubernetes-node-1 + image: molecule-${PREBUILD_PLATFORM_DISTRO:-ubuntu}:${PREBUILD_DISTRO_VERSION:-18.04} + pre_build_image: true + privileged: true + command: ${MOLECULE_DOCKER_COMMAND:-""} + groups: + - kubernetes +provisioner: + name: ansible + log: true + lint: + name: ansible-lint + env: + ANSIBLE_ROLES_PATH: ../../../../test/roles + ANSIBLE_LIBRARY: ../../../../library + playbooks: + converge: ../default/playbook.yml + inventory: + links: + group_vars: ../../../../group_vars/ +scenario: + name: ubuntu + test_sequence: + - lint + - cleanup + - destroy + - dependency + - syntax + - create + - prepare + - converge + # - idempotence + # --> Action: 'idempotence' + # ERROR: Idempotence test failed because of the following tasks: + # * [infrastructure-server -> localhost] => certificates : Generate an OpenSSL CSR. + # * [infrastructure-server -> localhost] => certificates : Generate root CA certificate + # * [infrastructure-server] => certificates : Upload certificates to infrastructure server + # * [infrastructure-server] => certificates : Copy root certificate + # * [infrastructure-server] => certificates : Extract root certificate + # * [infrastructure-server] => docker : Setup docker dns settings + # * [kubernetes-node-1] => certificates : Copy root certificate + # * [kubernetes-node-1] => certificates : Extract root certificate + # * [kubernetes-node-1] => certificates : Extract root certificate + - side_effect + - verify + - cleanup + - destroy +verifier: + name: testinfra + options: + verbose: true + lint: + name: flake8 + directory: ../default/tests diff --git a/ansible/roles/certificates/tasks/upload_root_ca.yml b/ansible/roles/certificates/tasks/upload_root_ca.yml index df50b693..d73446b4 100644 --- a/ansible/roles/certificates/tasks/upload_root_ca.yml +++ b/ansible/roles/certificates/tasks/upload_root_ca.yml @@ -2,6 +2,6 @@ - name: Copy root certificate copy: src: "{{ certificates_local_dir }}/rootCA.crt" - dest: /etc/pki/ca-trust/source/anchors/ + dest: "{{ root_ca_path[ansible_os_family] }}" notify: # handler is triggered just when file is changed - Extract root certificate |