diff options
Diffstat (limited to 'test/integration/targets/subversion/roles/subversion/tasks/setup.yml')
-rw-r--r-- | test/integration/targets/subversion/roles/subversion/tasks/setup.yml | 75 |
1 files changed, 68 insertions, 7 deletions
diff --git a/test/integration/targets/subversion/roles/subversion/tasks/setup.yml b/test/integration/targets/subversion/roles/subversion/tasks/setup.yml index 3cf5af56..880c295c 100644 --- a/test/integration/targets/subversion/roles/subversion/tasks/setup.yml +++ b/test/integration/targets/subversion/roles/subversion/tasks/setup.yml @@ -33,6 +33,60 @@ include_tasks: setup_selinux.yml when: ansible_selinux.status == "enabled" +- name: Generate CA and TLS certificates via trustme + vars: + venv_path: >- + {{ subversion_server_dir }}/.venv + venv_python: >- + {{ subversion_server_dir }}/.venv/bin/python + block: + - name: trustme -- provision a venv + command: >- + {{ ansible_python_interpreter }} + -{% if ansible_python.version.major != 2 %}I{% endif %}m + {% if ansible_python.version.major != 2 %}venv{% + else %}virtualenv{% endif %} + + {{ venv_path }} + - name: trustme -- upgrade pip in venv | RHEL 7.9 & 8.8+py36 + when: >- # these don't know how to notice `cryptography` wheels + ansible_distribution == 'RedHat' + and ansible_distribution_major_version | int < 9 + pip: + name: pip + state: latest + virtualenv: >- + {{ venv_path }} + - name: trustme -- install tool + pip: + name: trustme + virtualenv: >- + {{ venv_path }} + - name: trustme -- generate CA and TLS certs + command: + argv: + - >- + {{ venv_python }} + - -{%- if ansible_python.version.major != 2 -%}I{%- endif -%}m + - trustme + - --dir={{ subversion_server_dir }} + +- name: symlink trustme certificates into apache config dir - Red Hat + when: ansible_os_family in ['RedHat'] + # when: ansible_distribution in ['Fedora', 'RedHat'] + file: + src: /tmp/ansible-svn/server.{{ item.trustme_filetype }} + dest: /etc/pki/tls/{{ item.apache_target_path }} + state: link + force: yes # Othewise Apache on CentOS 7 uses its own fake certificate + loop: + - apache_target_path: certs/localhost.crt + trustme_filetype: pem + - apache_target_path: certs/server-chain.crt + trustme_filetype: pem + - apache_target_path: private/localhost.key + trustme_filetype: key + - name: template out configuration file template: src: subversion.conf.j2 @@ -45,11 +99,7 @@ creates: '{{ subversion_server_dir }}/{{ subversion_repo_name }}' - name: add test user to htpasswd for Subversion site - htpasswd: - path: '{{ subversion_server_dir }}/svn-auth-users' - name: '{{ subversion_username }}' - password: '{{ subversion_password }}' - state: present + command: htpasswd -bc {{ subversion_server_dir + '/svn-auth-users' | quote }} {{ subversion_username | quote }} {{ subversion_password | quote }} - name: apply ownership for all SVN directories file: @@ -62,11 +112,22 @@ command: apachectl -k start -f {{ subversion_server_dir }}/subversion.conf async: 3600 # We kill apache manually in the clean up phase poll: 0 - when: ansible_os_family not in ['RedHat', 'Alpine'] + when: ansible_os_family not in ['RedHat'] # On Red Hat based OS', we can't use apachectl to start up own instance, just use the raw httpd - name: start test Apache SVN site - Red Hat command: httpd -k start -f {{ subversion_server_dir }}/subversion.conf async: 3600 # We kill apache manually in the clean up phase poll: 0 - when: ansible_os_family in ['RedHat', 'Alpine'] + when: ansible_os_family in ['RedHat'] + +- lineinfile: + dest: >- + {{ ansible_env.HOME }}/.subversion/servers + regexp: >- + ^#\s*ssl-authority-files\s*=\s* + line: >- + ssl-authority-files = {{ subversion_server_dir }}/client.pem + insertafter: >- + ^\[global\] + state: present |