diff options
Diffstat (limited to 'distro/tests/ansible-roles')
34 files changed, 351 insertions, 0 deletions
diff --git a/distro/tests/ansible-roles/knot_resolver/defaults/main.yaml b/distro/tests/ansible-roles/knot_resolver/defaults/main.yaml new file mode 100644 index 0000000..0860c26 --- /dev/null +++ b/distro/tests/ansible-roles/knot_resolver/defaults/main.yaml @@ -0,0 +1,6 @@ +--- +# SPDX-License-Identifier: GPL-3.0-or-later +repos: + - knot-resolver-latest +distro: "{{ ansible_distribution | replace(' ', '_') }}" +update_packages: false diff --git a/distro/tests/ansible-roles/knot_resolver/tasks/configure_dnstap.yaml b/distro/tests/ansible-roles/knot_resolver/tasks/configure_dnstap.yaml new file mode 100644 index 0000000..817b117 --- /dev/null +++ b/distro/tests/ansible-roles/knot_resolver/tasks/configure_dnstap.yaml @@ -0,0 +1,10 @@ +--- +# SPDX-License-Identifier: GPL-3.0-or-later +- name: dnstap_config set up kresd.conf + blockinfile: + marker: -- {mark} ANSIBLE MANAGED BLOCK + block: | + modules.load('dnstap') + assert(dnstap) + path: /etc/knot-resolver/kresd.conf + insertbefore: BOF diff --git a/distro/tests/ansible-roles/knot_resolver/tasks/configure_doh.yaml b/distro/tests/ansible-roles/knot_resolver/tasks/configure_doh.yaml new file mode 100644 index 0000000..1da1789 --- /dev/null +++ b/distro/tests/ansible-roles/knot_resolver/tasks/configure_doh.yaml @@ -0,0 +1,10 @@ +--- +# SPDX-License-Identifier: GPL-3.0-or-later +- name: doh_config set up kresd.conf + blockinfile: + marker: -- {mark} ANSIBLE MANAGED BLOCK + block: | + net.listen('127.0.0.1', 44353, { kind = 'doh' }) + modules.load('http') + path: /etc/knot-resolver/kresd.conf + insertbefore: BOF diff --git a/distro/tests/ansible-roles/knot_resolver/tasks/configure_doh2.yaml b/distro/tests/ansible-roles/knot_resolver/tasks/configure_doh2.yaml new file mode 100644 index 0000000..eebca20 --- /dev/null +++ b/distro/tests/ansible-roles/knot_resolver/tasks/configure_doh2.yaml @@ -0,0 +1,8 @@ +--- +# SPDX-License-Identifier: GPL-3.0-or-later +- name: doh2_config set up kresd.conf + blockinfile: + marker: -- {mark} ANSIBLE MANAGED BLOCK + block: | + net.listen('127.0.0.1', 44354, { kind = 'doh2' }) + path: /etc/knot-resolver/kresd.conf diff --git a/distro/tests/ansible-roles/knot_resolver/tasks/main.yaml b/distro/tests/ansible-roles/knot_resolver/tasks/main.yaml new file mode 100644 index 0000000..921df1b --- /dev/null +++ b/distro/tests/ansible-roles/knot_resolver/tasks/main.yaml @@ -0,0 +1,69 @@ +--- +# SPDX-License-Identifier: GPL-3.0-or-later +- name: Include distribution specific vars + include_vars: "{{ distro }}.yaml" + +- name: Update all packages + package: + name: '*' + state: latest + when: update_packages|bool + +- name: Install packages + package: + name: "{{ packages }}" + state: latest + +- name: Always print package version at the end + block: + + - include: restart_kresd.yaml + + - include: test_udp.yaml + - include: test_tcp.yaml + - include: test_tls.yaml + - include: test_dnssec.yaml + + - include: test_kres_cache_gc.yaml + + - name: Test DoH (new implementation) + block: + - include: configure_doh2.yaml + - include: restart_kresd.yaml + - include: test_doh2.yaml + + - name: Test DoH (legacy) + block: + - name: Install knot-resolver-module-http + package: + name: knot-resolver-module-http + state: latest + + - include: configure_doh.yaml + when: ansible_distribution in ["CentOS", "Fedora", "Debian", "Ubuntu"] + + - include: restart_kresd.yaml + - include: test_doh.yaml + when: distro in ["Fedora", "Debian", "CentOS"] or (distro == "Ubuntu" and ansible_distribution_major_version|int >= 18) + + - name: Test dnstap module + block: + - name: Install knot-resolver-module-dnstap + package: + name: knot-resolver-module-dnstap + state: latest + - include: configure_dnstap.yaml + - include: restart_kresd.yaml + when: distro in ["Fedora", "Debian", "CentOS", "Ubuntu"] + + always: + + - name: Get installed package version + shell: "{{ show_package_version }}" + args: + warn: false + register: package_version + + - name: Show installed version + debug: + var: package_version.stdout diff --git a/distro/tests/ansible-roles/knot_resolver/tasks/restart_kresd.yaml b/distro/tests/ansible-roles/knot_resolver/tasks/restart_kresd.yaml new file mode 100644 index 0000000..00dbf5d --- /dev/null +++ b/distro/tests/ansible-roles/knot_resolver/tasks/restart_kresd.yaml @@ -0,0 +1,16 @@ +--- +# SPDX-License-Identifier: GPL-3.0-or-later +- block: + - name: Restart kresd@1.service + service: + name: kresd@1.service + state: restarted + rescue: + - name: Get kresd@1.service journal + shell: journalctl -u kresd@1 --since -20s + register: journal + - name: Print journal + debug: + var: journal + - name: Restart kresd@*.service failed, see log above + shell: /bin/false diff --git a/distro/tests/ansible-roles/knot_resolver/tasks/test_dnssec.yaml b/distro/tests/ansible-roles/knot_resolver/tasks/test_dnssec.yaml new file mode 100644 index 0000000..52bbbb2 --- /dev/null +++ b/distro/tests/ansible-roles/knot_resolver/tasks/test_dnssec.yaml @@ -0,0 +1,15 @@ +--- +# SPDX-License-Identifier: GPL-3.0-or-later +- name: dnssec_test bogussig.bad-dnssec.wb.sidnlabs.nl. +cd returns NOERROR + tags: + - test + shell: kdig +cd @127.0.0.1 bogussig.bad-dnssec.wb.sidnlabs.nl. + register: res + failed_when: '"status: NOERROR" not in res.stdout' + +- name: dnssec_test bogussig.bad-dnssec.wb.sidnlabs.nl. returns SERVFAIL + tags: + - test + shell: kdig @127.0.0.1 bogussig.bad-dnssec.wb.sidnlabs.nl. + register: res + failed_when: '"status: SERVFAIL" not in res.stdout' diff --git a/distro/tests/ansible-roles/knot_resolver/tasks/test_doh.yaml b/distro/tests/ansible-roles/knot_resolver/tasks/test_doh.yaml new file mode 100644 index 0000000..2c200e1 --- /dev/null +++ b/distro/tests/ansible-roles/knot_resolver/tasks/test_doh.yaml @@ -0,0 +1,9 @@ +--- +# SPDX-License-Identifier: GPL-3.0-or-later +- name: doh_test query localhost. A + get_url: + url: https://127.0.0.1:44353/doh?dns=1Y0BAAABAAAAAAAACWxvY2FsaG9zdAAAAQAB + sha256sum: e5c2710e6ecb78c089ab608ad5861b87be0d1c623c4d58b4eee3b21c06aa2008 + dest: /tmp/doh_test + mode: 0644 + validate_certs: false diff --git a/distro/tests/ansible-roles/knot_resolver/tasks/test_doh2.yaml b/distro/tests/ansible-roles/knot_resolver/tasks/test_doh2.yaml new file mode 100644 index 0000000..32cf295 --- /dev/null +++ b/distro/tests/ansible-roles/knot_resolver/tasks/test_doh2.yaml @@ -0,0 +1,24 @@ +--- +# SPDX-License-Identifier: GPL-3.0-or-later +- name: doh2_test check kdig https support + shell: kdig --help | grep -q '+\S*https' + register: kdig_https + ignore_errors: true + +- name: doh2_test query localhost. A + # use curl instead of ansible builtins (get_url/uri) + # because they currently use unsupported HTTP/1.1 + shell: | + curl -k -o /tmp/doh_test https://127.0.0.1:44354/doh?dns=1Y0BAAABAAAAAAAACWxvY2FsaG9zdAAAAQAB + echo "e5c2710e6ecb78c089ab608ad5861b87be0d1c623c4d58b4eee3b21c06aa2008 /tmp/doh_test" > /tmp/doh_test.sha256 + sha256sum --check /tmp/doh_test.sha256 + args: + # disable warning about using curl - we know what we're doing + warn: false + when: kdig_https is failed + +- name: doh2_test kdig localhost. A + shell: | + kdig @127.0.0.1 -p 44354 +https nic.cz || exit 1 + kdig @127.0.0.1 -p 44354 +https-get nic.cz || exit 2 + when: kdig_https is succeeded diff --git a/distro/tests/ansible-roles/knot_resolver/tasks/test_kres_cache_gc.yaml b/distro/tests/ansible-roles/knot_resolver/tasks/test_kres_cache_gc.yaml new file mode 100644 index 0000000..3a7c9c9 --- /dev/null +++ b/distro/tests/ansible-roles/knot_resolver/tasks/test_kres_cache_gc.yaml @@ -0,0 +1,4 @@ +--- +# SPDX-License-Identifier: GPL-3.0-or-later +- name: check kres-cache-gc.service is active + shell: systemctl is-active -q kres-cache-gc.service diff --git a/distro/tests/ansible-roles/knot_resolver/tasks/test_tcp.yaml b/distro/tests/ansible-roles/knot_resolver/tasks/test_tcp.yaml new file mode 100644 index 0000000..1af18fd --- /dev/null +++ b/distro/tests/ansible-roles/knot_resolver/tasks/test_tcp.yaml @@ -0,0 +1,8 @@ +--- +# SPDX-License-Identifier: GPL-3.0-or-later +- name: tcp_test resolve nic.cz + tags: + - test + shell: kdig +tcp @127.0.0.1 nic.cz + register: res + failed_when: '"status: NOERROR" not in res.stdout' diff --git a/distro/tests/ansible-roles/knot_resolver/tasks/test_tls.yaml b/distro/tests/ansible-roles/knot_resolver/tasks/test_tls.yaml new file mode 100644 index 0000000..c780657 --- /dev/null +++ b/distro/tests/ansible-roles/knot_resolver/tasks/test_tls.yaml @@ -0,0 +1,8 @@ +--- +# SPDX-License-Identifier: GPL-3.0-or-later +- name: tls_test resolve nic.cz + tags: + - test + shell: kdig +tls @127.0.0.1 nic.cz + register: res + failed_when: '"status: NOERROR" not in res.stdout' diff --git a/distro/tests/ansible-roles/knot_resolver/tasks/test_udp.yaml b/distro/tests/ansible-roles/knot_resolver/tasks/test_udp.yaml new file mode 100644 index 0000000..64023ff --- /dev/null +++ b/distro/tests/ansible-roles/knot_resolver/tasks/test_udp.yaml @@ -0,0 +1,8 @@ +--- +# SPDX-License-Identifier: GPL-3.0-or-later +- name: udp_test resolve nic.cz + tags: + - test + shell: kdig @127.0.0.1 nic.cz + register: res + failed_when: '"status: NOERROR" not in res.stdout' diff --git a/distro/tests/ansible-roles/knot_resolver/vars/CentOS.yaml b/distro/tests/ansible-roles/knot_resolver/vars/CentOS.yaml new file mode 100644 index 0000000..d69cb13 --- /dev/null +++ b/distro/tests/ansible-roles/knot_resolver/vars/CentOS.yaml @@ -0,0 +1,6 @@ +--- +# SPDX-License-Identifier: GPL-3.0-or-later +show_package_version: rpm -qi knot-resolver | grep '^Version' +packages: + - knot-resolver + - knot-utils diff --git a/distro/tests/ansible-roles/knot_resolver/vars/Debian.yaml b/distro/tests/ansible-roles/knot_resolver/vars/Debian.yaml new file mode 100644 index 0000000..bcdc37a --- /dev/null +++ b/distro/tests/ansible-roles/knot_resolver/vars/Debian.yaml @@ -0,0 +1,6 @@ +--- +# SPDX-License-Identifier: GPL-3.0-or-later +show_package_version: dpkg -s knot-resolver | grep '^Version' +packages: + - knot-resolver + - knot-dnsutils diff --git a/distro/tests/ansible-roles/knot_resolver/vars/Fedora.yaml b/distro/tests/ansible-roles/knot_resolver/vars/Fedora.yaml new file mode 100644 index 0000000..d69cb13 --- /dev/null +++ b/distro/tests/ansible-roles/knot_resolver/vars/Fedora.yaml @@ -0,0 +1,6 @@ +--- +# SPDX-License-Identifier: GPL-3.0-or-later +show_package_version: rpm -qi knot-resolver | grep '^Version' +packages: + - knot-resolver + - knot-utils diff --git a/distro/tests/ansible-roles/knot_resolver/vars/Ubuntu.yaml b/distro/tests/ansible-roles/knot_resolver/vars/Ubuntu.yaml new file mode 100644 index 0000000..bcdc37a --- /dev/null +++ b/distro/tests/ansible-roles/knot_resolver/vars/Ubuntu.yaml @@ -0,0 +1,6 @@ +--- +# SPDX-License-Identifier: GPL-3.0-or-later +show_package_version: dpkg -s knot-resolver | grep '^Version' +packages: + - knot-resolver + - knot-dnsutils diff --git a/distro/tests/ansible-roles/knot_resolver/vars/openSUSE_Leap.yaml b/distro/tests/ansible-roles/knot_resolver/vars/openSUSE_Leap.yaml new file mode 100644 index 0000000..d69cb13 --- /dev/null +++ b/distro/tests/ansible-roles/knot_resolver/vars/openSUSE_Leap.yaml @@ -0,0 +1,6 @@ +--- +# SPDX-License-Identifier: GPL-3.0-or-later +show_package_version: rpm -qi knot-resolver | grep '^Version' +packages: + - knot-resolver + - knot-utils diff --git a/distro/tests/ansible-roles/knot_resolver/vars/openSUSE_Tumbleweed.yaml b/distro/tests/ansible-roles/knot_resolver/vars/openSUSE_Tumbleweed.yaml new file mode 100644 index 0000000..39d5ef0 --- /dev/null +++ b/distro/tests/ansible-roles/knot_resolver/vars/openSUSE_Tumbleweed.yaml @@ -0,0 +1,7 @@ +--- +# SPDX-License-Identifier: GPL-3.0-or-later +show_package_version: rpm -qi knot-resolver | grep '^Version' +update_packages: true +packages: + - knot-resolver + - knot-utils diff --git a/distro/tests/ansible-roles/obs_repos/defaults/main.yaml b/distro/tests/ansible-roles/obs_repos/defaults/main.yaml new file mode 100644 index 0000000..05ffcb6 --- /dev/null +++ b/distro/tests/ansible-roles/obs_repos/defaults/main.yaml @@ -0,0 +1,4 @@ +--- +# SPDX-License-Identifier: GPL-3.0-or-later +obs_distro: "{{ ansible_distribution | replace(' ', '_') }}" +obs_repofile_url: "https://download.opensuse.org/repositories/home:CZ-NIC:{{ item }}/{{ obs_repo_version }}/home:CZ-NIC:{{ item }}.repo" diff --git a/distro/tests/ansible-roles/obs_repos/tasks/CentOS.yaml b/distro/tests/ansible-roles/obs_repos/tasks/CentOS.yaml new file mode 100644 index 0000000..fecfbea --- /dev/null +++ b/distro/tests/ansible-roles/obs_repos/tasks/CentOS.yaml @@ -0,0 +1,13 @@ +--- +# SPDX-License-Identifier: GPL-3.0-or-later +- name: Install EPEL + yum: + name: epel-release + state: present + +- name: Download repo file(s) + get_url: + url: "{{ obs_repofile_url }}" + dest: /etc/yum.repos.d/home:CZ-NIC:{{ item }}.repo + mode: 0644 + with_items: "{{ repos }}" diff --git a/distro/tests/ansible-roles/obs_repos/tasks/Debian.yaml b/distro/tests/ansible-roles/obs_repos/tasks/Debian.yaml new file mode 100644 index 0000000..6220f89 --- /dev/null +++ b/distro/tests/ansible-roles/obs_repos/tasks/Debian.yaml @@ -0,0 +1,15 @@ +--- +# SPDX-License-Identifier: GPL-3.0-or-later +- name: Add upstream package signing key + get_url: + url: https://gitlab.nic.cz/knot/knot-resolver-release/raw/master/cznic-obs.gpg.asc + dest: /etc/apt/trusted.gpg.d/cznic-obs.gpg.asc + mode: 0644 + +- name: Add OBS repo(s) + apt_repository: + repo: > + deb http://download.opensuse.org/repositories/home:/CZ-NIC:/{{ item }}/{{ obs_repo_version }}/ / + state: present + update_cache: true + with_items: "{{ repos }}" diff --git a/distro/tests/ansible-roles/obs_repos/tasks/Fedora.yaml b/distro/tests/ansible-roles/obs_repos/tasks/Fedora.yaml new file mode 100644 index 0000000..520e057 --- /dev/null +++ b/distro/tests/ansible-roles/obs_repos/tasks/Fedora.yaml @@ -0,0 +1,8 @@ +--- +# SPDX-License-Identifier: GPL-3.0-or-later +- name: Download repo file(s) + get_url: + url: "{{ obs_repofile_url }}" + dest: "/etc/yum.repos.d/home:CZ-NIC:{{ item }}.repo" + mode: 0644 + with_items: "{{ repos }}" diff --git a/distro/tests/ansible-roles/obs_repos/tasks/Ubuntu.yaml b/distro/tests/ansible-roles/obs_repos/tasks/Ubuntu.yaml new file mode 100644 index 0000000..ba424c4 --- /dev/null +++ b/distro/tests/ansible-roles/obs_repos/tasks/Ubuntu.yaml @@ -0,0 +1,14 @@ +--- +# SPDX-License-Identifier: GPL-3.0-or-later +- name: Add upstream package signing key + apt_key: + url: https://gitlab.nic.cz/knot/knot-resolver-release/raw/master/cznic-obs.gpg.asc + state: present + +- name: Add OBS repo(s) + apt_repository: + repo: > + deb http://download.opensuse.org/repositories/home:/CZ-NIC:/{{ item }}/{{ obs_repo_version }}/ / + state: present + update_cache: true + with_items: "{{ repos }}" diff --git a/distro/tests/ansible-roles/obs_repos/tasks/main.yaml b/distro/tests/ansible-roles/obs_repos/tasks/main.yaml new file mode 100644 index 0000000..47976f9 --- /dev/null +++ b/distro/tests/ansible-roles/obs_repos/tasks/main.yaml @@ -0,0 +1,12 @@ +--- +# SPDX-License-Identifier: GPL-3.0-or-later +- name: Include Debian specific vars + include_vars: "{{ obs_distro }}_{{ ansible_distribution_major_version }}.yaml" + when: obs_distro == "Debian" + +- name: Include distribution specific vars + include_vars: "{{ obs_distro }}.yaml" + when: obs_distro != "Debian" + +- name: Configure upstream reporitories + include: "{{ obs_distro }}.yaml" diff --git a/distro/tests/ansible-roles/obs_repos/tasks/openSUSE_Leap.yaml b/distro/tests/ansible-roles/obs_repos/tasks/openSUSE_Leap.yaml new file mode 100644 index 0000000..84ab5a9 --- /dev/null +++ b/distro/tests/ansible-roles/obs_repos/tasks/openSUSE_Leap.yaml @@ -0,0 +1,19 @@ +--- +# SPDX-License-Identifier: GPL-3.0-or-later +- name: Install python-xml dependency for zypper_repository + shell: zypper install -y python-xml + args: + warn: false + +- name: Add upstream repo(s) + zypper_repository: + repo: "{{ obs_repofile_url }}" + state: present + disable_gpg_check: true # auto_import_keys is broken + with_items: "{{ repos }}" + +- name: Refresh all repositories + zypper_repository: + repo: '*' + runrefresh: true + failed_when: false diff --git a/distro/tests/ansible-roles/obs_repos/tasks/openSUSE_Tumbleweed.yaml b/distro/tests/ansible-roles/obs_repos/tasks/openSUSE_Tumbleweed.yaml new file mode 100644 index 0000000..c063014 --- /dev/null +++ b/distro/tests/ansible-roles/obs_repos/tasks/openSUSE_Tumbleweed.yaml @@ -0,0 +1,13 @@ +--- +# SPDX-License-Identifier: GPL-3.0-or-later +- name: Add upstream repo(s) + zypper_repository: + repo: "{{ obs_repofile_url }}" + state: present + disable_gpg_check: true # auto_import_keys is broken + with_items: "{{ repos }}" + +- name: Refresh all repositories + zypper_repository: + repo: '*' + runrefresh: true diff --git a/distro/tests/ansible-roles/obs_repos/vars/CentOS.yaml b/distro/tests/ansible-roles/obs_repos/vars/CentOS.yaml new file mode 100644 index 0000000..22b4795 --- /dev/null +++ b/distro/tests/ansible-roles/obs_repos/vars/CentOS.yaml @@ -0,0 +1,3 @@ +--- +# SPDX-License-Identifier: GPL-3.0-or-later +obs_repo_version: "{{ obs_distro }}_{{ ansible_distribution_major_version }}_EPEL" diff --git a/distro/tests/ansible-roles/obs_repos/vars/Debian_10.yaml b/distro/tests/ansible-roles/obs_repos/vars/Debian_10.yaml new file mode 100644 index 0000000..5db857e --- /dev/null +++ b/distro/tests/ansible-roles/obs_repos/vars/Debian_10.yaml @@ -0,0 +1,3 @@ +--- +# SPDX-License-Identifier: GPL-3.0-or-later +obs_repo_version: "{{ obs_distro }}_{{ ansible_distribution_major_version }}" diff --git a/distro/tests/ansible-roles/obs_repos/vars/Debian_9.yaml b/distro/tests/ansible-roles/obs_repos/vars/Debian_9.yaml new file mode 100644 index 0000000..21cce25 --- /dev/null +++ b/distro/tests/ansible-roles/obs_repos/vars/Debian_9.yaml @@ -0,0 +1,3 @@ +--- +# SPDX-License-Identifier: GPL-3.0-or-later +obs_repo_version: "{{ obs_distro }}_{{ ansible_distribution_major_version }}.0" diff --git a/distro/tests/ansible-roles/obs_repos/vars/Fedora.yaml b/distro/tests/ansible-roles/obs_repos/vars/Fedora.yaml new file mode 100644 index 0000000..5db857e --- /dev/null +++ b/distro/tests/ansible-roles/obs_repos/vars/Fedora.yaml @@ -0,0 +1,3 @@ +--- +# SPDX-License-Identifier: GPL-3.0-or-later +obs_repo_version: "{{ obs_distro }}_{{ ansible_distribution_major_version }}" diff --git a/distro/tests/ansible-roles/obs_repos/vars/Ubuntu.yaml b/distro/tests/ansible-roles/obs_repos/vars/Ubuntu.yaml new file mode 100644 index 0000000..4e5cd2c --- /dev/null +++ b/distro/tests/ansible-roles/obs_repos/vars/Ubuntu.yaml @@ -0,0 +1,3 @@ +--- +# SPDX-License-Identifier: GPL-3.0-or-later +obs_repo_version: "x{{ obs_distro }}_{{ ansible_distribution_version }}" diff --git a/distro/tests/ansible-roles/obs_repos/vars/openSUSE_Leap.yaml b/distro/tests/ansible-roles/obs_repos/vars/openSUSE_Leap.yaml new file mode 100644 index 0000000..7dbd7d8 --- /dev/null +++ b/distro/tests/ansible-roles/obs_repos/vars/openSUSE_Leap.yaml @@ -0,0 +1,3 @@ +--- +# SPDX-License-Identifier: GPL-3.0-or-later +obs_repo_version: "{{ obs_distro }}_{{ ansible_distribution_version }}" diff --git a/distro/tests/ansible-roles/obs_repos/vars/openSUSE_Tumbleweed.yaml b/distro/tests/ansible-roles/obs_repos/vars/openSUSE_Tumbleweed.yaml new file mode 100644 index 0000000..d875db7 --- /dev/null +++ b/distro/tests/ansible-roles/obs_repos/vars/openSUSE_Tumbleweed.yaml @@ -0,0 +1,3 @@ +--- +# SPDX-License-Identifier: GPL-3.0-or-later +obs_repo_version: "{{ obs_distro }}" |