Compare commits
3 Commits
646f81e50b
...
9703fad7c9
| Author | SHA1 | Date | |
|---|---|---|---|
9703fad7c9
|
|||
|
01a53c6a3a
|
|||
|
8f1b3cf66a
|
@ -3,168 +3,4 @@
|
|||||||
hosts: all
|
hosts: all
|
||||||
gather_facts: true
|
gather_facts: true
|
||||||
become: true
|
become: true
|
||||||
tasks:
|
tasks: []
|
||||||
- name: "Test: consul user and group"
|
|
||||||
block:
|
|
||||||
- name: "Getent user consul"
|
|
||||||
ansible.builtin.getent:
|
|
||||||
database: passwd
|
|
||||||
key: consul
|
|
||||||
register: consul_user
|
|
||||||
|
|
||||||
- name: "Getent group consul"
|
|
||||||
ansible.builtin.getent:
|
|
||||||
database: group
|
|
||||||
key: consul
|
|
||||||
register: consul_group
|
|
||||||
|
|
||||||
- name: "Verify consul user and group"
|
|
||||||
ansible.builtin.assert:
|
|
||||||
that:
|
|
||||||
- not consul_user.failed
|
|
||||||
- not consul_group.failed
|
|
||||||
- "'consul' in consul_user.ansible_facts.getent_passwd.keys()"
|
|
||||||
- "'/home/consul' in consul_user.ansible_facts.getent_passwd['consul']"
|
|
||||||
- "'/bin/false' in consul_user.ansible_facts.getent_passwd['consul']"
|
|
||||||
- "'consul' in consul_group.ansible_facts.getent_group.keys()"
|
|
||||||
|
|
||||||
- name: "Test: binary /usr/local/bin/consul"
|
|
||||||
block:
|
|
||||||
- name: "Stat binary /usr/local/bin/consul"
|
|
||||||
ansible.builtin.stat:
|
|
||||||
path: "/usr/local/bin/consul"
|
|
||||||
register: stat_usr_local_bin_consul
|
|
||||||
|
|
||||||
- name: "Verify binary /usr/local/bin/consul"
|
|
||||||
ansible.builtin.assert:
|
|
||||||
that:
|
|
||||||
- stat_usr_local_bin_consul.stat.exists
|
|
||||||
- stat_usr_local_bin_consul.stat.isreg
|
|
||||||
- stat_usr_local_bin_consul.stat.pw_name == 'root'
|
|
||||||
- stat_usr_local_bin_consul.stat.gr_name == 'root'
|
|
||||||
- stat_usr_local_bin_consul.stat.mode == '0755'
|
|
||||||
|
|
||||||
- name: "Test: directory /etc/consul.d"
|
|
||||||
block:
|
|
||||||
- name: "Stat directory /etc/consul.d"
|
|
||||||
ansible.builtin.stat:
|
|
||||||
path: "/etc/consul.d"
|
|
||||||
register: stat_etc_consul_d
|
|
||||||
|
|
||||||
- name: "Stat file /etc/consul.d/consul.env"
|
|
||||||
ansible.builtin.stat:
|
|
||||||
path: "/etc/consul.d/consul.env"
|
|
||||||
register: stat_etc_consul_d_consul_env
|
|
||||||
|
|
||||||
- name: "Stat file /etc/consul.d/consul.json"
|
|
||||||
ansible.builtin.stat:
|
|
||||||
path: "/etc/consul.d/consul.json"
|
|
||||||
register: stat_etc_consul_d_consul_json
|
|
||||||
|
|
||||||
- name: "Slurp file /etc/consul.d/consul.json"
|
|
||||||
ansible.builtin.slurp:
|
|
||||||
src: "/etc/consul.d/consul.json"
|
|
||||||
register: slurp_etc_consul_d_consul_json
|
|
||||||
|
|
||||||
- name: "Verify directory /etc/consul.d"
|
|
||||||
ansible.builtin.assert:
|
|
||||||
that:
|
|
||||||
- stat_etc_consul_d.stat.exists
|
|
||||||
- stat_etc_consul_d.stat.isdir
|
|
||||||
- stat_etc_consul_d.stat.pw_name == 'consul'
|
|
||||||
- stat_etc_consul_d.stat.gr_name == 'consul'
|
|
||||||
- stat_etc_consul_d.stat.mode == '0755'
|
|
||||||
- stat_etc_consul_d_consul_env.stat.exists
|
|
||||||
- stat_etc_consul_d_consul_env.stat.isreg
|
|
||||||
- stat_etc_consul_d_consul_env.stat.pw_name == 'consul'
|
|
||||||
- stat_etc_consul_d_consul_env.stat.gr_name == 'consul'
|
|
||||||
- stat_etc_consul_d_consul_env.stat.mode == '0600'
|
|
||||||
- stat_etc_consul_d_consul_json.stat.exists
|
|
||||||
- stat_etc_consul_d_consul_json.stat.isreg
|
|
||||||
- stat_etc_consul_d_consul_json.stat.pw_name == 'consul'
|
|
||||||
- stat_etc_consul_d_consul_json.stat.gr_name == 'consul'
|
|
||||||
- stat_etc_consul_d_consul_json.stat.mode == '0600'
|
|
||||||
- slurp_etc_consul_d_consul_json.content != ''
|
|
||||||
|
|
||||||
- name: "Test: directory /opt/consul"
|
|
||||||
block:
|
|
||||||
- name: "Stat directory /opt/consul"
|
|
||||||
ansible.builtin.stat:
|
|
||||||
path: "/opt/consul"
|
|
||||||
register: stat_opt_consul
|
|
||||||
|
|
||||||
- name: "Verify directory /opt/consul"
|
|
||||||
ansible.builtin.assert:
|
|
||||||
that:
|
|
||||||
- stat_opt_consul.stat.exists
|
|
||||||
- stat_opt_consul.stat.isdir
|
|
||||||
- stat_opt_consul.stat.pw_name == 'consul'
|
|
||||||
- stat_opt_consul.stat.gr_name == 'consul'
|
|
||||||
- stat_opt_consul.stat.mode == '0755'
|
|
||||||
|
|
||||||
- name: "Test: service consul"
|
|
||||||
block:
|
|
||||||
- name: "Get service consul"
|
|
||||||
ansible.builtin.service_facts:
|
|
||||||
|
|
||||||
- name: "Stat file /etc/systemd/system/consul.service"
|
|
||||||
ansible.builtin.stat:
|
|
||||||
path: "/etc/systemd/system/consul.service"
|
|
||||||
register: stat_etc_systemd_system_consul_service
|
|
||||||
|
|
||||||
- name: "Slurp file /etc/systemd/system/consul.service"
|
|
||||||
ansible.builtin.slurp:
|
|
||||||
src: "/etc/systemd/system/consul.service"
|
|
||||||
register: slurp_etc_systemd_system_consul_service
|
|
||||||
|
|
||||||
- name: "Verify service consul"
|
|
||||||
ansible.builtin.assert:
|
|
||||||
that:
|
|
||||||
- stat_etc_systemd_system_consul_service.stat.exists
|
|
||||||
- stat_etc_systemd_system_consul_service.stat.isreg
|
|
||||||
- stat_etc_systemd_system_consul_service.stat.pw_name == 'root'
|
|
||||||
- stat_etc_systemd_system_consul_service.stat.gr_name == 'root'
|
|
||||||
- stat_etc_systemd_system_consul_service.stat.mode == '0644'
|
|
||||||
- slurp_etc_systemd_system_consul_service.content != ''
|
|
||||||
- ansible_facts.services['consul.service'] is defined
|
|
||||||
- ansible_facts.services['consul.service']['source'] == 'systemd'
|
|
||||||
- ansible_facts.services['consul.service']['state'] == 'running'
|
|
||||||
- ansible_facts.services['consul.service']['status'] == 'enabled'
|
|
||||||
|
|
||||||
- name: "Test: interaction consul"
|
|
||||||
block:
|
|
||||||
- name: "Command consul kv put"
|
|
||||||
ansible.builtin.command: "consul kv put foo bar"
|
|
||||||
environment:
|
|
||||||
CONSUL_HTTP_ADDR: "http://{{ ansible_default_ipv4.address }}:8500"
|
|
||||||
changed_when: false
|
|
||||||
register: consul_kv_put
|
|
||||||
|
|
||||||
- name: "Command consul kv get"
|
|
||||||
ansible.builtin.command: "consul kv get foo"
|
|
||||||
environment:
|
|
||||||
CONSUL_HTTP_ADDR: "http://{{ ansible_default_ipv4.address }}:8500"
|
|
||||||
changed_when: false
|
|
||||||
register: consul_kv_get
|
|
||||||
|
|
||||||
- name: "Command consul kv delete"
|
|
||||||
ansible.builtin.command: "consul kv delete foo"
|
|
||||||
environment:
|
|
||||||
CONSUL_HTTP_ADDR: "http://{{ ansible_default_ipv4.address }}:8500"
|
|
||||||
changed_when: false
|
|
||||||
register: consul_kv_delete
|
|
||||||
|
|
||||||
- name: "Command consul members"
|
|
||||||
ansible.builtin.command: "consul members"
|
|
||||||
environment:
|
|
||||||
CONSUL_HTTP_ADDR: "http://{{ ansible_default_ipv4.address }}:8500"
|
|
||||||
changed_when: false
|
|
||||||
register: consul_members
|
|
||||||
|
|
||||||
- name: "Verify consul interaction"
|
|
||||||
ansible.builtin.assert:
|
|
||||||
that:
|
|
||||||
- "'instance' in consul_members.stdout"
|
|
||||||
- consul_kv_put.stdout == 'Success! Data written to: foo'
|
|
||||||
- consul_kv_get.stdout == 'bar'
|
|
||||||
- consul_kv_delete.stdout == 'Success! Deleted key: foo'
|
|
||||||
|
|||||||
@ -17,8 +17,6 @@
|
|||||||
ansible.builtin.assert:
|
ansible.builtin.assert:
|
||||||
that:
|
that:
|
||||||
- _global_config_file.stat.exists
|
- _global_config_file.stat.exists
|
||||||
fail_msg: >-
|
|
||||||
Main configuration file {{ _global_config_file.stat.path }} was not found, cannot continue without it.
|
|
||||||
delegate_to: localhost
|
delegate_to: localhost
|
||||||
|
|
||||||
- name: "Variables | Load global variables"
|
- name: "Variables | Load global variables"
|
||||||
|
|||||||
@ -69,3 +69,12 @@
|
|||||||
|
|
||||||
- name: "Intermediate CA | Generate new intermediate CA if backups were successful"
|
- name: "Intermediate CA | Generate new intermediate CA if backups were successful"
|
||||||
ansible.builtin.include_tasks: ../generate/generate_intermediate.yml
|
ansible.builtin.include_tasks: ../generate/generate_intermediate.yml
|
||||||
|
|
||||||
|
- name: "Intermediate CA | Generate new consul leaf certificates"
|
||||||
|
ansible.builtin.include_tasks: ../renew/renew_consul.yml
|
||||||
|
|
||||||
|
- name: "Intermediate CA | Generate new nomad leaf certificates"
|
||||||
|
ansible.builtin.include_tasks: ../renew/renew_nomad.yml
|
||||||
|
|
||||||
|
- name: "Intermediate CA | Generate new vault leaf certificates"
|
||||||
|
ansible.builtin.include_tasks: ../renew/renew_vault.yml
|
||||||
|
|||||||
@ -55,4 +55,4 @@
|
|||||||
ansible.builtin.include_tasks: ../generate/generate_root.yml
|
ansible.builtin.include_tasks: ../generate/generate_root.yml
|
||||||
|
|
||||||
- name: "Root CA | Generate new intermediate CA"
|
- name: "Root CA | Generate new intermediate CA"
|
||||||
ansible.builtin.include_tasks: ../generate/generate_intermediate.yml
|
ansible.builtin.include_tasks: ../renew/renew_intermediate.yml
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user