You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
ansible/test/integration/targets/docker_swarm/tasks/tests/options-ca.yml

142 lines
5.0 KiB
YAML

---
- block:
- name: Generate privatekey
openssl_privatekey:
path: "{{ output_dir }}/ansible_{{ key }}.key"
size: 2048
mode: "0666"
loop:
- key1
- key2
loop_control:
loop_var: key
- name: Generate CSR
openssl_csr:
path: "{{ output_dir }}/ansible_{{ key }}.csr"
privatekey_path: "{{ output_dir }}/ansible_{{ key }}.key"
basic_constraints:
- "CA:TRUE"
key_usage:
- keyCertSign
loop:
- key1
- key2
loop_control:
loop_var: key
- name: Generate self-signed certificate
openssl_certificate:
path: "{{ output_dir }}/ansible_{{ key }}.pem"
privatekey_path: "{{ output_dir }}/ansible_{{ key }}.key"
csr_path: "{{ output_dir }}/ansible_{{ key }}.csr"
provider: selfsigned
loop:
- key1
- key2
loop_control:
loop_var: key
###################################################################
## signing_ca_cert and signing_ca_key #############################
###################################################################
- name: signing_ca_cert and signing_ca_key (check mode)
docker_swarm:
advertise_addr: "{{ansible_default_ipv4.address | default('127.0.0.1')}}"
state: present
signing_ca_cert: "{{ lookup('file', role_path ~ '/' ~ output_dir ~ '/ansible_key1.pem') }}"
signing_ca_key: "{{ lookup('file', role_path ~ '/' ~ output_dir ~ '/ansible_key1.key') }}"
timeout: 120
check_mode: yes
diff: yes
register: output_1
- name: signing_ca_cert and signing_ca_key
docker_swarm:
advertise_addr: "{{ansible_default_ipv4.address | default('127.0.0.1')}}"
state: present
signing_ca_cert: "{{ lookup('file', role_path ~ '/' ~ output_dir ~ '/ansible_key1.pem') }}"
signing_ca_key: "{{ lookup('file', role_path ~ '/' ~ output_dir ~ '/ansible_key1.key') }}"
timeout: 120
diff: yes
register: output_2
- name: Private key
debug: msg="{{ lookup('file', role_path ~ '/' ~ output_dir ~ '/ansible_key1.key') }}"
- name: Cert
debug: msg="{{ lookup('file', role_path ~ '/' ~ output_dir ~ '/ansible_key1.pem') }}"
- docker_swarm_facts:
register: output
- debug: var=output
# Idempotence for CA cert and key don't work yet! FIXME
#- name: signing_ca_cert and signing_ca_key (idempotent)
# docker_swarm:
# state: present
# signing_ca_cert: "{{ lookup('file', role_path ~ '/' ~ output_dir ~ '/ansible_key1.pem') }}"
# signing_ca_key: "{{ lookup('file', role_path ~ '/' ~ output_dir ~ '/ansible_key1.key') }}"
# timeout: 120
# diff: yes
# register: output_3
#- name: signing_ca_cert and signing_ca_key (idempotent, check mode)
# docker_swarm:
# state: present
# signing_ca_cert: "{{ lookup('file', role_path ~ '/' ~ output_dir ~ '/ansible_key1.pem') }}"
# signing_ca_key: "{{ lookup('file', role_path ~ '/' ~ output_dir ~ '/ansible_key1.key') }}"
# timeout: 120
# check_mode: yes
# diff: yes
# register: output_4
- name: signing_ca_cert and signing_ca_key (change, check mode)
docker_swarm:
state: present
signing_ca_cert: "{{ lookup('file', role_path ~ '/' ~ output_dir ~ '/ansible_key2.pem') }}"
signing_ca_key: "{{ lookup('file', role_path ~ '/' ~ output_dir ~ '/ansible_key2.key') }}"
timeout: 120
check_mode: yes
diff: yes
register: output_5
- name: signing_ca_cert and signing_ca_key (change)
docker_swarm:
state: present
signing_ca_cert: "{{ lookup('file', role_path ~ '/' ~ output_dir ~ '/ansible_key2.pem') }}"
signing_ca_key: "{{ lookup('file', role_path ~ '/' ~ output_dir ~ '/ansible_key2.key') }}"
timeout: 120
diff: yes
register: output_6
- name: assert signing_ca_cert and signing_ca_key
assert:
that:
- 'output_1 is changed'
- 'output_1.actions[0] | regex_search("New Swarm cluster created: ")'
- 'output_1.diff.before is defined'
- 'output_1.diff.after is defined'
- 'output_2 is changed'
- 'output_2.actions[0] | regex_search("New Swarm cluster created: ")'
- 'output_2.diff.before is defined'
- 'output_2.diff.after is defined'
#- 'output_3 is not changed'
#- 'output_3.actions[0] == "No modification"'
#- 'output_3.diff.before is defined'
#- 'output_3.diff.after is defined'
#- 'output_4 is not changed'
#- 'output_4.actions[0] == "No modification"'
#- 'output_4.diff.before is defined'
#- 'output_4.diff.after is defined'
- 'output_5 is changed'
- 'output_5.actions[0] == "Swarm cluster updated"'
- 'output_5.diff.before is defined'
- 'output_5.diff.after is defined'
- 'output_6 is changed'
- 'output_6.actions[0] == "Swarm cluster updated"'
- 'output_6.diff.before is defined'
- 'output_6.diff.after is defined'
# https://github.com/ansible/ansible/issues/34054: openssl_certificate unusable on RHEL 7
when: pyopenssl_version.stdout is version('0.15', '>=')