From 8082fb04249c5ebd9cc0560528db22f3290ab799 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=F0=9F=87=BA=F0=9F=87=A6=20Sviatoslav=20Sydorenko=20=28?= =?UTF-8?q?=D0=A1=D0=B2=D1=8F=D1=82=D0=BE=D1=81=D0=BB=D0=B0=D0=B2=20=D0=A1?= =?UTF-8?q?=D0=B8=D0=B4=D0=BE=D1=80=D0=B5=D0=BD=D0=BA=D0=BE=29?= Date: Tue, 22 Apr 2025 18:30:34 +0200 Subject: [PATCH] [stable-2.16] default svn URL to 127.0.0.1 for subversion integration tests (#82551) (#85031) * default svn URL to 127.0.0.1 for subversion integration tests * svn client gives up before trying IPv4 addresses when localhost->(::1,127.0.0.1) in dual-stack envs (eg podman, most real hosts) * svn client also requires legacy CN match on cert * IPv6 works, but setup playbook would need a bunch more templating exceptions to conditionally manage `[::1]` * explain IPv4 defaults (cherry picked from commit 4aa109897fec936f11ab0799336a07bb5b93111b) Co-authored-by: Matt Davis <6775756+nitzmahone@users.noreply.github.com> --- .../targets/subversion/roles/subversion/defaults/main.yml | 6 ++++-- .../targets/subversion/roles/subversion/tasks/setup.yml | 2 ++ .../roles/subversion/templates/subversion.conf.j2 | 5 +---- 3 files changed, 7 insertions(+), 6 deletions(-) diff --git a/test/integration/targets/subversion/roles/subversion/defaults/main.yml b/test/integration/targets/subversion/roles/subversion/defaults/main.yml index 02ecd1ea4d6..5feda8ceb7a 100644 --- a/test/integration/targets/subversion/roles/subversion/defaults/main.yml +++ b/test/integration/targets/subversion/roles/subversion/defaults/main.yml @@ -3,7 +3,9 @@ apache_port: 11386 # cannot use 80 as httptester overrides this subversion_test_dir: /tmp/ansible-svn-test-dir subversion_server_dir: /tmp/ansible-svn # cannot use a path in the home dir without userdir or granting exec permission to the apache user subversion_repo_name: ansible-test-repo -subversion_repo_url: https://localhost:{{ apache_port }}/svn/{{ subversion_repo_name }} # svn can't verify TLS certificates against IP addresses -subversion_repo_auth_url: https://localhost:{{ apache_port }}/svnauth/{{ subversion_repo_name }} +# default to explicit IPv4; svn doesn't handle IPv4 fallback if eg "localhost" -> [::1, 127.0.0.1] and ::1 doesn't answer +subversion_repo_ip: 127.0.0.1 +subversion_repo_url: https://{{ subversion_repo_ip }}:{{ apache_port }}/svn/{{ subversion_repo_name }} +subversion_repo_auth_url: https://{{ subversion_repo_ip }}:{{ apache_port }}/svnauth/{{ subversion_repo_name }} subversion_username: subsvn_user''' subversion_password: Password123! diff --git a/test/integration/targets/subversion/roles/subversion/tasks/setup.yml b/test/integration/targets/subversion/roles/subversion/tasks/setup.yml index 880c295cf27..910ef850870 100644 --- a/test/integration/targets/subversion/roles/subversion/tasks/setup.yml +++ b/test/integration/targets/subversion/roles/subversion/tasks/setup.yml @@ -70,6 +70,8 @@ - -{%- if ansible_python.version.major != 2 -%}I{%- endif -%}m - trustme - --dir={{ subversion_server_dir }} + - --identities={{ subversion_repo_ip }} + - --common-name={{ subversion_repo_ip }} - name: symlink trustme certificates into apache config dir - Red Hat when: ansible_os_family in ['RedHat'] diff --git a/test/integration/targets/subversion/roles/subversion/templates/subversion.conf.j2 b/test/integration/targets/subversion/roles/subversion/templates/subversion.conf.j2 index 133c70c6352..343cfd4d113 100644 --- a/test/integration/targets/subversion/roles/subversion/templates/subversion.conf.j2 +++ b/test/integration/targets/subversion/roles/subversion/templates/subversion.conf.j2 @@ -50,10 +50,7 @@ Include /etc/httpd/conf/httpd.conf {% endif %} PidFile {{ subversion_server_dir }}/apache.pid -Listen 127.0.0.1:{{ apache_port }} https -{% if ansible_distribution not in ["Alpine", "CentOS", "Fedora", "openSUSE Leap", "Ubuntu"] %} -Listen [::1]:{{ apache_port }} https -{% endif %} +Listen {{ subversion_repo_ip }}:{{ apache_port }} https SSLEngine on SSLCertificateFile {{ subversion_server_dir }}/server.pem SSLCertificateKeyFile {{ subversion_server_dir }}/server.key