libretic/ansible-sshd
6
0
Fork 0
mirror of https://github.com/willshersystems/ansible-sshd synced 2024-11-08 12:53:29 +01:00
Code Issues Projects Releases Packages Wiki Activity
ansible-sshd/tests/tests_firewall_selinux.yml

142 lines
4.6 KiB
YAML
Raw Permalink Blame History

---
- name: Test managing firewall and selinux from role
hosts: all
gather_facts: true # needs os_family, etc.
vars:
__sshd_test_backup_files:
- /etc/ssh/sshd_config
- /etc/ssh/sshd_config.d/00-ansible_system_role.conf
tasks:
- name: "Backup configuration files"
ansible.builtin.include_tasks: tasks/backup.yml
- name: Call role with no args to get access to __sshd_skip_virt_env
ansible.builtin.include_role:
name: ansible-sshd
public: true
vars:
sshd_enable: false # skip everything but loading vars
- name: See if we can test firewall or selinux
ansible.builtin.set_fact:
sshd_enable: true # reset to true
__sshd_test_firewall: "{{ ansible_facts['os_family'] == 'RedHat' and
ansible_facts['distribution_version'] is version('7', '>=') and
ansible_facts['virtualization_type'] | d(None) not in __sshd_skip_virt_env }}"
__sshd_test_selinux: "{{ ansible_facts['os_family'] == 'RedHat' and
ansible_facts['distribution_version'] is version('6', '>=') and
ansible_facts['virtualization_type'] | d(None) not in __sshd_skip_virt_env }}"
##########
# First test: default port
##########
- name: Configure the role on default port and let it handle firewall settings
ansible.builtin.include_role:
name: ansible-sshd
vars:
sshd_manage_selinux: "{{ __sshd_test_selinux }}"
sshd_manage_firewall: "{{ __sshd_test_firewall }}"
sshd_config:
Port: 22
- name: Verify the options are correctly set
tags: tests::verify
block:
- name: Flush handlers
ansible.builtin.meta: flush_handlers
- name: Print current configuration file
ansible.builtin.slurp:
src: "{{ main_sshd_config }}"
register: config
- name: Check the options are in configuration file
ansible.builtin.assert:
that:
- "'Port 22' in config.content | b64decode"
##########
# Second test: non-default port
##########
# is this going to break some tests running ansible through ssh?
- name: Configure the role on another port and let it handle firewall settings
ansible.builtin.include_role:
name: ansible-sshd
vars:
sshd_manage_firewall: "{{ __sshd_test_firewall }}"
sshd_manage_selinux: "{{ __sshd_test_selinux }}"
sshd_config:
Port: 222
- name: Verify the options are correctly set
tags: tests::verify
block:
- name: Flush handlers
ansible.builtin.meta: flush_handlers
- name: Print current configuration file
ansible.builtin.slurp:
src: "{{ main_sshd_config }}"
register: config
- name: Check the options are in configuration file
ansible.builtin.assert:
that:
- "'Port 222' in config.content | b64decode"
##########
# Third test: multiple ports
##########
- name: Configure the role on several ports and let it handle firewall settings
ansible.builtin.include_role:
name: ansible-sshd
vars:
sshd_manage_firewall: "{{ __sshd_test_firewall }}"
sshd_manage_selinux: "{{ __sshd_test_selinux }}"
sshd_config:
Port:
- 22
- 222
- name: Verify the options are correctly set
tags: tests::verify
block:
- name: Flush handlers
ansible.builtin.meta: flush_handlers
- name: Print current configuration file
ansible.builtin.slurp:
src: "{{ main_sshd_config }}"
register: config
- name: Check the options are in configuration file
ansible.builtin.assert:
that:
- "'Port 222' in config.content | b64decode"
##########
# Cleanup
##########
- name: "Restore configuration files"
ansible.builtin.include_tasks: tasks/restore.yml
- name: Remove the modification to the firewall rules
ansible.builtin.include_role:
name: fedora.linux_system_roles.firewall
vars:
firewall: # noqa: var-naming[no-role-prefix]
- port: "222/tcp"
state: disabled
when: __sshd_test_firewall
- name: Remove the modification to the selinux policy
ansible.builtin.include_role:
name: fedora.linux_system_roles.selinux
vars:
selinux: # noqa: var-naming[no-role-prefix]
port: 222
proto: tcp
setype: ssh_port_t
state: absent
local: true
when: __sshd_test_selinux
Reference in a new issue View git blame Copy permalink