mostly works now and tests on defaults are passing
This commit is contained in:
parent
2dd7548727
commit
0047ad1e1f
@ -3,8 +3,44 @@
|
|||||||
|
|
||||||
def test_hosts_file(host):
|
def test_hosts_file(host):
|
||||||
"""Validate /etc/hosts file."""
|
"""Validate /etc/hosts file."""
|
||||||
f = host.file("/etc/hosts")
|
etc_hosts = host.file("/etc/hosts")
|
||||||
|
assert etc_hosts.exists
|
||||||
|
assert etc_hosts.user == "root"
|
||||||
|
assert etc_hosts.group == "root"
|
||||||
|
|
||||||
assert f.exists
|
def test_consul_template_config(host):
|
||||||
assert f.user == "root"
|
"""Validate /etc/consul-template.d/vault/ files."""
|
||||||
assert f.group == "root"
|
etc_consul_template_d_vault_config_hcl = host.file("/etc/consul-template.d/vault/vault_config.hcl")
|
||||||
|
assert etc_consul_template_d_vault_config_hcl.exists
|
||||||
|
assert etc_consul_template_d_vault_config_hcl.user == "vault"
|
||||||
|
assert etc_consul_template_d_vault_config_hcl.group == "vault"
|
||||||
|
assert etc_consul_template_d_vault_config_hcl.mode == 0o600
|
||||||
|
|
||||||
|
def test_template_files(host):
|
||||||
|
"""Validate /etc/consul-template.d/vault/templates/ files."""
|
||||||
|
vault_cert_pem_tpl = host.file("/etc/consul-template.d/vault/templates/vault_cert.pem.tpl")
|
||||||
|
vault_key_pem_tpl = host.file("/etc/consul-template.d/vault/templates/vault_key.pem.tpl")
|
||||||
|
for file in vault_cert_pem_tpl, vault_key_pem_tpl:
|
||||||
|
assert file.exists
|
||||||
|
assert file.user == "vault"
|
||||||
|
assert file.group == "vault"
|
||||||
|
assert file.mode == 0o600
|
||||||
|
|
||||||
|
def test_vault_certs_service_file(host):
|
||||||
|
"""Validate vault-certs service file."""
|
||||||
|
etc_systemd_system_vault_certs_service = host.file("/etc/systemd/system/vault-certs.service")
|
||||||
|
assert etc_systemd_system_vault_certs_service.exists
|
||||||
|
assert etc_systemd_system_vault_certs_service.user == "root"
|
||||||
|
assert etc_systemd_system_vault_certs_service.group == "root"
|
||||||
|
assert etc_systemd_system_vault_certs_service.mode == 0o644
|
||||||
|
assert etc_systemd_system_vault_certs_service.content_string != ""
|
||||||
|
|
||||||
|
def test_vault_certs_service(host):
|
||||||
|
"""Validate vault-certs service."""
|
||||||
|
vault_certs_service = host.service("vault-certs.service")
|
||||||
|
assert vault_certs_service.is_enabled
|
||||||
|
assert not vault_certs_service.is_running
|
||||||
|
assert vault_certs_service.systemd_properties["Restart"] == "on-failure"
|
||||||
|
assert vault_certs_service.systemd_properties["User"] == "vault"
|
||||||
|
assert vault_certs_service.systemd_properties["Group"] == "vault"
|
||||||
|
assert vault_certs_service.systemd_properties["FragmentPath"] == "/etc/systemd/system/vault-certs.service"
|
||||||
|
@ -16,7 +16,7 @@
|
|||||||
group: "{{ renew_vault_certificates_vault_group }}"
|
group: "{{ renew_vault_certificates_vault_group }}"
|
||||||
mode: '0755'
|
mode: '0755'
|
||||||
|
|
||||||
- name: "Create directory {{ renew_vault_certificates_config_dir }}/templates"
|
- name: "Create directory templates directory in {{ renew_vault_certificates_config_dir }}"
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
path: "{{ renew_vault_certificates_config_dir }}/templates"
|
path: "{{ renew_vault_certificates_config_dir }}/templates"
|
||||||
state: directory
|
state: directory
|
||||||
|
@ -2,11 +2,15 @@
|
|||||||
Description=Automatic renewal of vault certificate using consul-template
|
Description=Automatic renewal of vault certificate using consul-template
|
||||||
Requires=network-online.target
|
Requires=network-online.target
|
||||||
After=network-online.target vault.service
|
After=network-online.target vault.service
|
||||||
|
ConditionFileNotEmpty={{ renew_vault_certificates_config_dir }}/vault_config.hcl
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
Restart=on-failure
|
User={{ renew_vault_certificates_vault_user }}
|
||||||
|
Group={{ renew_vault_certificates_vault_group }}
|
||||||
ExecStart=/usr/bin/consul-template $OPTIONS -config={{ renew_vault_certificates_config_dir }}/vault_config.hcl
|
ExecStart=/usr/bin/consul-template $OPTIONS -config={{ renew_vault_certificates_config_dir }}/vault_config.hcl
|
||||||
|
ExecReload=/bin/kill --signal HUP $MAINPID
|
||||||
KillSignal=SIGINT
|
KillSignal=SIGINT
|
||||||
|
Restart=on-failure
|
||||||
|
|
||||||
[Install]
|
[Install]
|
||||||
WantedBy=multi-user.target
|
WantedBy=multi-user.target
|
Loading…
Reference in New Issue
Block a user