mirror of
https://github.com/willshersystems/ansible-sshd
synced 2024-12-23 09:00:19 +01:00
tests: Implement backup & restore of important files for separate tests
This commit is contained in:
parent
e04dd2a1dc
commit
9ccbe04b7f
13 changed files with 199 additions and 16 deletions
|
@ -27,12 +27,12 @@ script:
|
|||
# Test 1a: Run the role
|
||||
- "ANSIBLE_FORCE_COLOR=1 ansible-playbook -i tests/inventory tests/tests_default.yml --connection=local --become -v"
|
||||
|
||||
# Test 1b: Run the role through include
|
||||
- "ANSIBLE_FORCE_COLOR=1 ansible-playbook -i tests/inventory tests/tests_default_include.yml --connection=local --become -v"
|
||||
# Test 1b: Run the role through include (skipping backup)
|
||||
- "ANSIBLE_FORCE_COLOR=1 ansible-playbook -i tests/inventory tests/tests_default_include.yml -e sshd_test_backup_skip=yes --connection=local --become -v"
|
||||
|
||||
# Test 2: Run the role/playbook again, checking to make sure it's idempotent.
|
||||
# Test 2: Run the role/playbook again, checking to make sure it's idempotent (skipping backup)
|
||||
- >
|
||||
ansible-playbook -i tests/inventory tests/tests_default.yml --connection=local --become | grep -q 'changed=0.*failed=0'
|
||||
ANSIBLE_FORCE_COLOR=1 ansible-playbook -i tests/inventory tests/tests_default.yml --connection=local -e sshd_test_backup_skip=yes --become | grep -q 'changed=0.*failed=0'
|
||||
&& (echo 'Idempotence test: pass' && exit 0)
|
||||
|| (echo 'Idempotence test: fail' && exit 1)
|
||||
|
||||
|
|
25
tests/tasks/backup.yml
Normal file
25
tests/tasks/backup.yml
Normal file
|
@ -0,0 +1,25 @@
|
|||
---
|
||||
- name: Create a temporary directory for backup files
|
||||
tempfile:
|
||||
state: directory
|
||||
register: __sshd_test_backup
|
||||
changed_when: False
|
||||
when:
|
||||
- sshd_test_backup_skip is not defined
|
||||
|
||||
- name: Make sure openssh is installed before creating backup
|
||||
package:
|
||||
name: openssh-server
|
||||
state: present
|
||||
|
||||
- name: Backup files
|
||||
shell: >
|
||||
if test -f {{ item }}; then
|
||||
mkdir -p {{ __sshd_test_backup.path }}/$(dirname {{ item }});
|
||||
cp {{ item }} {{ __sshd_test_backup.path }}/$(dirname {{ item }})
|
||||
fi
|
||||
changed_when: False
|
||||
loop: "{{ __sshd_test_backup_files | d([]) }}"
|
||||
when:
|
||||
- __sshd_test_backup is defined
|
||||
- __sshd_test_backup.path is defined
|
34
tests/tasks/restore.yml
Normal file
34
tests/tasks/restore.yml
Normal file
|
@ -0,0 +1,34 @@
|
|||
---
|
||||
- name: Restore backed up files and remove what was not present
|
||||
shell: >
|
||||
if test -f {{ __sshd_test_backup.path }}/{{ item }}; then
|
||||
cp {{ __sshd_test_backup.path }}/{{ item }} $(dirname {{ item }})
|
||||
elif test -f {{ item }}; then
|
||||
rm {{ item }}
|
||||
fi
|
||||
changed_when: False
|
||||
loop: "{{ __sshd_test_backup_files | d([]) }}"
|
||||
when:
|
||||
- __sshd_test_backup is defined
|
||||
- __sshd_test_backup.path is defined
|
||||
|
||||
- name: Remove temporary directory for backup files
|
||||
file:
|
||||
path: "{{ __sshd_test_backup.path }}"
|
||||
state: absent
|
||||
changed_when: False
|
||||
when:
|
||||
- __sshd_test_backup is defined
|
||||
- __sshd_test_backup.path is defined
|
||||
|
||||
- name: Restart sshd service
|
||||
service:
|
||||
name: sshd
|
||||
state: reloaded
|
||||
changed_when: False
|
||||
when:
|
||||
- __sshd_test_backup is defined
|
||||
- ansible_virtualization_type|default(None) != 'docker'
|
||||
- ansible_virtualization_type|default(None) != 'VirtualPC' # for Github Actions
|
||||
- ansible_connection != 'chroot'
|
||||
- ansible_os_family != 'AIX'
|
|
@ -1,6 +1,15 @@
|
|||
---
|
||||
- hosts: all
|
||||
vars:
|
||||
__sshd_test_backup_files:
|
||||
- /etc/ssh/sshd_config
|
||||
- /etc/ssh/sshd_config.d/00-ansible_system_role.conf
|
||||
- /etc/ssh/sshd_config_custom
|
||||
- /etc/ssh/sshd_config_custom_second
|
||||
tasks:
|
||||
- name: "Backup configuration files"
|
||||
include_tasks: tasks/backup.yml
|
||||
|
||||
- name: Configure alternative sshd_config file
|
||||
include_role:
|
||||
name: ansible-sshd
|
||||
|
@ -90,3 +99,6 @@
|
|||
- "'MaxStartups 100' not in config3.content | b64decode"
|
||||
- "'Compression no' not in config3.content | b64decode"
|
||||
tags: tests::verify
|
||||
|
||||
- name: "Restore configuration files"
|
||||
include_tasks: tasks/restore.yml
|
||||
|
|
|
@ -1,4 +1,22 @@
|
|||
---
|
||||
- hosts: all
|
||||
vars:
|
||||
__sshd_test_backup_files:
|
||||
- /etc/ssh/sshd_config
|
||||
- /etc/ssh/sshd_config.d/00-ansible_system_role.conf
|
||||
tasks:
|
||||
- name: "Backup configuration files"
|
||||
include_tasks: tasks/backup.yml
|
||||
|
||||
- hosts: all
|
||||
roles:
|
||||
- ansible-sshd
|
||||
|
||||
- hosts: all
|
||||
vars:
|
||||
__sshd_test_backup_files:
|
||||
- /etc/ssh/sshd_config
|
||||
- /etc/ssh/sshd_config.d/00-ansible_system_role.conf
|
||||
tasks:
|
||||
- name: "Restore configuration files"
|
||||
include_tasks: tasks/restore.yml
|
||||
|
|
|
@ -1,6 +1,16 @@
|
|||
---
|
||||
- hosts: all
|
||||
vars:
|
||||
__sshd_test_backup_files:
|
||||
- /etc/ssh/sshd_config
|
||||
- /etc/ssh/sshd_config.d/00-ansible_system_role.conf
|
||||
tasks:
|
||||
- name: "Backup configuration files"
|
||||
include_tasks: tasks/backup.yml
|
||||
|
||||
- name: "Configure sshd"
|
||||
include_role:
|
||||
name: ansible-sshd
|
||||
|
||||
- name: "Restore configuration files"
|
||||
include_tasks: tasks/restore.yml
|
||||
|
|
|
@ -1,6 +1,14 @@
|
|||
---
|
||||
- hosts: all
|
||||
vars:
|
||||
__sshd_test_backup_files:
|
||||
- /etc/ssh/sshd_config
|
||||
- /etc/ssh/sshd_config.d/00-ansible_system_role.conf
|
||||
- /tmp/ssh_host_ed25519_key
|
||||
tasks:
|
||||
- name: "Backup configuration files"
|
||||
include_tasks: tasks/backup.yml
|
||||
|
||||
- name: Remove host key before the test
|
||||
file:
|
||||
path: /tmp/ssh_host_ed25519_key
|
||||
|
@ -68,3 +76,6 @@
|
|||
- privkey.stat.mode == '0664'
|
||||
- pubkey.stat.exists
|
||||
tags: tests::verify
|
||||
|
||||
- name: "Restore configuration files"
|
||||
include_tasks: tasks/restore.yml
|
||||
|
|
|
@ -1,6 +1,14 @@
|
|||
---
|
||||
- hosts: all
|
||||
vars:
|
||||
__sshd_test_backup_files:
|
||||
- /etc/ssh/sshd_config
|
||||
- /etc/ssh/sshd_config.d/00-ansible_system_role.conf
|
||||
- /tmp/missing_ssh_host_rsa_key
|
||||
tasks:
|
||||
- name: "Backup configuration files"
|
||||
include_tasks: tasks/backup.yml
|
||||
|
||||
- name: Configure sshd with missing host keys and prevent their creation
|
||||
block:
|
||||
- name: Configure missing hostkey
|
||||
|
@ -24,10 +32,23 @@
|
|||
- ansible_failed_result.msg != 'UNREACH'
|
||||
- not role_result.changed
|
||||
msg: "Role has not failed when it should have"
|
||||
tags: tests::verify
|
||||
|
||||
- name: Make sure service is still running
|
||||
service:
|
||||
name: sshd
|
||||
state: started
|
||||
register: result
|
||||
failed_when: result.changed
|
||||
- name: Make sure the key was not created
|
||||
file:
|
||||
path: /tmp/missing_ssh_host_rsa_key
|
||||
state: missing
|
||||
register: key
|
||||
failed_when: key.changed
|
||||
tags: tests::verify
|
||||
|
||||
- name: Make sure service is still running
|
||||
service:
|
||||
name: sshd
|
||||
state: started
|
||||
register: result
|
||||
failed_when: result.changed
|
||||
tags: tests::verify
|
||||
|
||||
- name: "Restore configuration files"
|
||||
include_tasks: tasks/restore.yml
|
||||
|
|
|
@ -1,6 +1,13 @@
|
|||
---
|
||||
- hosts: all
|
||||
vars:
|
||||
__sshd_test_backup_files:
|
||||
- /etc/ssh/sshd_config
|
||||
- /etc/ssh/sshd_config.d/00-ansible_system_role.conf
|
||||
tasks:
|
||||
- name: "Backup configuration files"
|
||||
include_tasks: tasks/backup.yml
|
||||
|
||||
- name: Configure sshd
|
||||
include_role:
|
||||
name: ansible-sshd
|
||||
|
@ -79,3 +86,6 @@
|
|||
- "'Match User sftponly' in config.content | b64decode"
|
||||
- "'Match User root' in config.content | b64decode"
|
||||
tags: tests::verify
|
||||
|
||||
- name: "Restore configuration files"
|
||||
include_tasks: tasks/restore.yml
|
||||
|
|
|
@ -1,6 +1,13 @@
|
|||
---
|
||||
- hosts: all
|
||||
vars:
|
||||
__sshd_test_backup_files:
|
||||
- /etc/ssh/sshd_config
|
||||
- /etc/ssh/sshd_config.d/00-ansible_system_role.conf
|
||||
tasks:
|
||||
- name: "Backup configuration files"
|
||||
include_tasks: tasks/backup.yml
|
||||
|
||||
- name: Configure sshd
|
||||
include_role:
|
||||
name: ansible-sshd
|
||||
|
@ -77,3 +84,6 @@
|
|||
- "'Match User sftponly' in config.content | b64decode"
|
||||
- "'Match User root' in config.content | b64decode"
|
||||
tags: tests::verify
|
||||
|
||||
- name: "Restore configuration files"
|
||||
include_tasks: tasks/restore.yml
|
||||
|
|
|
@ -1,6 +1,13 @@
|
|||
---
|
||||
- hosts: all
|
||||
vars:
|
||||
__sshd_test_backup_files:
|
||||
- /etc/ssh/sshd_config
|
||||
- /etc/ssh/sshd_config.d/00-ansible_system_role.conf
|
||||
tasks:
|
||||
- name: "Backup configuration files"
|
||||
include_tasks: tasks/backup.yml
|
||||
|
||||
- name: Configure sshd
|
||||
include_role:
|
||||
name: ansible-sshd
|
||||
|
@ -42,3 +49,6 @@
|
|||
- "'Ciphers aes256-gcm@openssh.com' in config.content | b64decode"
|
||||
- "'Subsystem sftp internal-sftp' in config.content | b64decode"
|
||||
tags: tests::verify
|
||||
|
||||
- name: "Restore configuration files"
|
||||
include_tasks: tasks/restore.yml
|
||||
|
|
|
@ -1,6 +1,13 @@
|
|||
---
|
||||
- hosts: all
|
||||
vars:
|
||||
__sshd_test_backup_files:
|
||||
- /etc/ssh/sshd_config
|
||||
- /etc/ssh/sshd_config.d/00-ansible_system_role.conf
|
||||
tasks:
|
||||
- name: "Backup configuration files"
|
||||
include_tasks: tasks/backup.yml
|
||||
|
||||
- name: Configure sshd with uncommon options, making sure it keeps running
|
||||
block:
|
||||
- name: Configure ssh with unsupported options
|
||||
|
@ -42,9 +49,13 @@
|
|||
- not role_result.changed
|
||||
msg: "Role has not failed when it should have"
|
||||
|
||||
- name: Make sure service is still running
|
||||
service:
|
||||
name: sshd
|
||||
state: started
|
||||
register: result
|
||||
failed_when: result.changed
|
||||
- name: Make sure service is still running
|
||||
service:
|
||||
name: sshd
|
||||
state: started
|
||||
register: result
|
||||
failed_when: result.changed
|
||||
tags: tests::verify
|
||||
|
||||
- name: "Restore configuration files"
|
||||
include_tasks: tasks/restore.yml
|
||||
|
|
|
@ -1,6 +1,14 @@
|
|||
---
|
||||
- hosts: all
|
||||
vars:
|
||||
__sshd_test_backup_files:
|
||||
- /etc/ssh/sshd_config
|
||||
- /etc/ssh/sshd_config.d/00-ansible_system_role.conf
|
||||
- /etc/sysconfig/sshd
|
||||
tasks:
|
||||
- name: "Backup configuration files"
|
||||
include_tasks: tasks/backup.yml
|
||||
|
||||
- name: Configure sshd
|
||||
include_role:
|
||||
name: ansible-sshd
|
||||
|
@ -39,3 +47,6 @@
|
|||
- ansible_facts['os_family'] == "RedHat"
|
||||
- ansible_facts['distribution'] != 'Fedora'
|
||||
tags: tests::verify
|
||||
|
||||
- name: "Restore configuration files"
|
||||
include_tasks: tasks/restore.yml
|
||||
|
|
Loading…
Reference in a new issue