distro/tests/knot-resolver-test.yaml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148

---
- hosts: all

  remote_user: root
  become: true

  vars:
    dig_package:
      Debian: dnsutils
      Ubuntu: dnsutils
      Fedora: bind-utils
      CentOS: bind-utils
      openSUSE Leap: bind-utils
      openSUSE Tumbleweed: bind-utils
      Archlinux: bind-tools
    configure_obs_repo:
      Fedora: |
        dnf config-manager --add-repo https://download.opensuse.org/repositories/home:CZ-NIC:{{ item }}/Fedora_{{ ansible_distribution_major_version }}/home:CZ-NIC:{{ item }}.repo
      CentOS: |
        yum install -y wget &&
        wget -i wget https://download.opensuse.org/repositories/home:CZ-NIC:{{ item }}/CentOS_7_EPEL/home:CZ-NIC:{{ item }}.repo -O /etc/yum.repos.d/home:CZ-NIC:{{ item }}.repo
      Debian: |
        echo 'deb http://download.opensuse.org/repositories/home:/CZ-NIC:/{{ item }}/Debian_9.0/ /' > /etc/apt/sources.list.d/{{ item }}.list &&
        wget -nv https://download.opensuse.org/repositories/home:CZ-NIC:{{ item }}/Debian_9.0/Release.key -O Release.key &&
        apt-key add - < Release.key &&
        apt-get update
      Ubuntu: |
        echo 'deb http://download.opensuse.org/repositories/home:/CZ-NIC:/{{ item }}/xUbuntu_{{ ansible_distribution_version }}/ /' > /etc/apt/sources.list.d/{{ item }}.list &&
        wget -nv https://download.opensuse.org/repositories/home:CZ-NIC:{{ item }}/xUbuntu_{{ ansible_distribution_version }}/Release.key -O Release.key &&
        apt-key add - < Release.key &&
        apt-get update
      openSUSE Tumbleweed: |
        zypper addrepo https://download.opensuse.org/repositories/home:CZ-NIC:{{ item }}/openSUSE_Tumbleweed/home:CZ-NIC:{{ item }}.repo &&
        zypper --gpg-auto-import-keys refresh
      openSUSE Leap: |
        zypper addrepo https://download.opensuse.org/repositories/home:CZ-NIC:{{ item }}/openSUSE_Leap_15.0/home:CZ-NIC:{{ item }}.repo &&
        zypper --gpg-auto-import-keys refresh
    show_package_version:
      Archlinux:
        pacman -Qi knot-resolver | grep '^Version'
      Fedora: &pkg_version_rpm |
        rpm -qi knot-resolver | grep '^Version'
      CentOS: *pkg_version_rpm
      openSUSE Leap: *pkg_version_rpm
      openSUSE Tumbleweed: *pkg_version_rpm
      Debian:
        dpkg -s knot-resolver | grep '^Version'
      Ubuntu: |
        dpkg -s knot-resolver | grep '^Version'
  vars_files:
    - repos.yaml

  gather_facts: false
  pre_tasks:
    - name: install python3 (Arch)
      raw: |
        (pacman-key --init && pacman-key --populate archlinux && \
         pacman -Sy python3 --noconfirm) || :
      ignore_errors: true
    - name: gather facts
      setup:

  tasks:
    - name: install epel
      package:
        name: epel-release
        state: present
      when: ansible_distribution == 'CentOS'

    - name: configure OBS repository
      shell: "{{ configure_obs_repo[ansible_distribution] }}"
      args:
        warn: false
      with_items: "{{ repos }}"
      when: ansible_distribution_file_variety != 'Archlinux'

    - block:
        - name: configure OBS repository (Arch)
          blockinfile:
            block: |
              [home_CZ-NIC_{{ item }}_Arch]
              SigLevel = Never
              Server = https://download.opensuse.org/repositories/home:/CZ-NIC:/{{ item }}/Arch/$arch
            insertbefore: '^\[core\]'
            path: /etc/pacman.conf
            state: present
          with_items: "{{ repos }}"
        - name: set up package mirrors
          copy:
            content: |
              ## Arch Linux repository mirrorlist
              ## Generated on 2018-12-10
              ## Czechia
              Server = http://mirrors.nic.cz/archlinux/$repo/os/$arch
              Server = http://ftp.fi.muni.cz/pub/linux/arch/$repo/os/$arch
              Server = http://ftp.sh.cvut.cz/arch/$repo/os/$arch
              Server = http://gluttony.sin.cvut.cz/arch/$repo/os/$arch
            dest: /etc/pacman.d/mirrorlist
        - name: sync repos (Arch)
          shell: pacman -Syu --noconfirm
          args:
            warn: false
      when: ansible_distribution_file_variety == 'Archlinux'

    - name: install knot-resolver
      package:
        name: knot-resolver
        state: latest

    - name: get installed package version
      shell: "{{ show_package_version[ansible_distribution] }}"
      args:
        warn: false
      register: package_version

    - name: install dig
      package:
        name: "{{ dig_package[ansible_distribution] }}"
        state: present

    - name: testing block
      block:
        - name: start kresd@1.service
          service:
            name: kresd@1.service
            state: restarted

        - name: resolve nic.cz
          shell: dig @127.0.0.1 nic.cz
          register: res
          failed_when: '"status: NOERROR" not in res.stdout'

        - name: test dnssec is turned on
          block:
            - name: test dnssec-failed.org +cd returns NOERROR
              shell: dig +cd @127.0.0.1 dnssec-failed.org
              register: res
              failed_when: '"status: NOERROR" not in res.stdout'

            - name: test dnssec-failed.org returns SERVFAIL
              shell: dig @127.0.0.1 dnssec-failed.org
              register: res
              failed_when: '"status: SERVFAIL" not in res.stdout'

      always:
        - name: show installed version
          debug:
            var: package_version.stdout