summaryrefslogtreecommitdiffstats
path: root/distro/tests/ansible-roles
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 15:26:00 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 15:26:00 +0000
commit830407e88f9d40d954356c3754f2647f91d5c06a (patch)
treed6a0ece6feea91f3c656166dbaa884ef8a29740e /distro/tests/ansible-roles
parentInitial commit. (diff)
downloadknot-resolver-upstream.tar.xz
knot-resolver-upstream.zip
Adding upstream version 5.6.0.upstream/5.6.0upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
-rw-r--r--distro/tests/ansible-roles/knot_resolver/defaults/main.yaml6
-rw-r--r--distro/tests/ansible-roles/knot_resolver/tasks/configure_dnstap.yaml10
-rw-r--r--distro/tests/ansible-roles/knot_resolver/tasks/configure_doh.yaml10
-rw-r--r--distro/tests/ansible-roles/knot_resolver/tasks/configure_doh2.yaml8
-rw-r--r--distro/tests/ansible-roles/knot_resolver/tasks/main.yaml71
-rw-r--r--distro/tests/ansible-roles/knot_resolver/tasks/restart_kresd.yaml16
-rw-r--r--distro/tests/ansible-roles/knot_resolver/tasks/test_dnssec.yaml15
-rw-r--r--distro/tests/ansible-roles/knot_resolver/tasks/test_doh.yaml9
-rw-r--r--distro/tests/ansible-roles/knot_resolver/tasks/test_doh2.yaml24
-rw-r--r--distro/tests/ansible-roles/knot_resolver/tasks/test_kres_cache_gc.yaml4
-rw-r--r--distro/tests/ansible-roles/knot_resolver/tasks/test_tcp.yaml8
-rw-r--r--distro/tests/ansible-roles/knot_resolver/tasks/test_tls.yaml8
-rw-r--r--distro/tests/ansible-roles/knot_resolver/tasks/test_udp.yaml8
-rw-r--r--distro/tests/ansible-roles/knot_resolver/vars/CentOS.yaml6
-rw-r--r--distro/tests/ansible-roles/knot_resolver/vars/Debian.yaml6
-rw-r--r--distro/tests/ansible-roles/knot_resolver/vars/Fedora.yaml6
-rw-r--r--distro/tests/ansible-roles/knot_resolver/vars/Rocky.yaml6
-rw-r--r--distro/tests/ansible-roles/knot_resolver/vars/Ubuntu.yaml6
-rw-r--r--distro/tests/ansible-roles/knot_resolver/vars/openSUSE_Leap.yaml6
-rw-r--r--distro/tests/ansible-roles/knot_resolver/vars/openSUSE_Tumbleweed.yaml7
-rw-r--r--distro/tests/ansible-roles/obs_repos/defaults/main.yaml4
-rw-r--r--distro/tests/ansible-roles/obs_repos/tasks/CentOS.yaml18
-rw-r--r--distro/tests/ansible-roles/obs_repos/tasks/Debian.yaml15
-rw-r--r--distro/tests/ansible-roles/obs_repos/tasks/Fedora.yaml8
-rw-r--r--distro/tests/ansible-roles/obs_repos/tasks/Rocky.yaml13
-rw-r--r--distro/tests/ansible-roles/obs_repos/tasks/Ubuntu.yaml14
-rw-r--r--distro/tests/ansible-roles/obs_repos/tasks/main.yaml12
-rw-r--r--distro/tests/ansible-roles/obs_repos/tasks/openSUSE_Leap.yaml19
-rw-r--r--distro/tests/ansible-roles/obs_repos/tasks/openSUSE_Tumbleweed.yaml13
-rw-r--r--distro/tests/ansible-roles/obs_repos/vars/CentOS.yaml3
-rw-r--r--distro/tests/ansible-roles/obs_repos/vars/Debian_10.yaml3
l---------distro/tests/ansible-roles/obs_repos/vars/Debian_11.yaml1
-rw-r--r--distro/tests/ansible-roles/obs_repos/vars/Debian_9.yaml3
-rw-r--r--distro/tests/ansible-roles/obs_repos/vars/Fedora.yaml3
-rw-r--r--distro/tests/ansible-roles/obs_repos/vars/Rocky.yaml3
-rw-r--r--distro/tests/ansible-roles/obs_repos/vars/Ubuntu.yaml3
-rw-r--r--distro/tests/ansible-roles/obs_repos/vars/openSUSE_Leap.yaml3
-rw-r--r--distro/tests/ansible-roles/obs_repos/vars/openSUSE_Tumbleweed.yaml3
38 files changed, 381 insertions, 0 deletions
diff --git a/distro/tests/ansible-roles/knot_resolver/defaults/main.yaml b/distro/tests/ansible-roles/knot_resolver/defaults/main.yaml
new file mode 100644
index 0000000..0860c26
--- /dev/null
+++ b/distro/tests/ansible-roles/knot_resolver/defaults/main.yaml
@@ -0,0 +1,6 @@
+---
+# SPDX-License-Identifier: GPL-3.0-or-later
+repos:
+ - knot-resolver-latest
+distro: "{{ ansible_distribution | replace(' ', '_') }}"
+update_packages: false
diff --git a/distro/tests/ansible-roles/knot_resolver/tasks/configure_dnstap.yaml b/distro/tests/ansible-roles/knot_resolver/tasks/configure_dnstap.yaml
new file mode 100644
index 0000000..817b117
--- /dev/null
+++ b/distro/tests/ansible-roles/knot_resolver/tasks/configure_dnstap.yaml
@@ -0,0 +1,10 @@
+---
+# SPDX-License-Identifier: GPL-3.0-or-later
+- name: dnstap_config set up kresd.conf
+ blockinfile:
+ marker: -- {mark} ANSIBLE MANAGED BLOCK
+ block: |
+ modules.load('dnstap')
+ assert(dnstap)
+ path: /etc/knot-resolver/kresd.conf
+ insertbefore: BOF
diff --git a/distro/tests/ansible-roles/knot_resolver/tasks/configure_doh.yaml b/distro/tests/ansible-roles/knot_resolver/tasks/configure_doh.yaml
new file mode 100644
index 0000000..cd4e749
--- /dev/null
+++ b/distro/tests/ansible-roles/knot_resolver/tasks/configure_doh.yaml
@@ -0,0 +1,10 @@
+---
+# SPDX-License-Identifier: GPL-3.0-or-later
+- name: doh_config set up kresd.conf
+ blockinfile:
+ marker: -- {mark} ANSIBLE MANAGED BLOCK
+ block: |
+ net.listen('127.0.0.1', 44353, { kind = 'doh_legacy' })
+ modules.load('http')
+ path: /etc/knot-resolver/kresd.conf
+ insertbefore: BOF
diff --git a/distro/tests/ansible-roles/knot_resolver/tasks/configure_doh2.yaml b/distro/tests/ansible-roles/knot_resolver/tasks/configure_doh2.yaml
new file mode 100644
index 0000000..eebca20
--- /dev/null
+++ b/distro/tests/ansible-roles/knot_resolver/tasks/configure_doh2.yaml
@@ -0,0 +1,8 @@
+---
+# SPDX-License-Identifier: GPL-3.0-or-later
+- name: doh2_config set up kresd.conf
+ blockinfile:
+ marker: -- {mark} ANSIBLE MANAGED BLOCK
+ block: |
+ net.listen('127.0.0.1', 44354, { kind = 'doh2' })
+ path: /etc/knot-resolver/kresd.conf
diff --git a/distro/tests/ansible-roles/knot_resolver/tasks/main.yaml b/distro/tests/ansible-roles/knot_resolver/tasks/main.yaml
new file mode 100644
index 0000000..8d683c8
--- /dev/null
+++ b/distro/tests/ansible-roles/knot_resolver/tasks/main.yaml
@@ -0,0 +1,71 @@
+---
+# SPDX-License-Identifier: GPL-3.0-or-later
+- name: Include distribution specific vars
+ include_vars: "{{ distro }}.yaml"
+
+- name: Update all packages
+ package:
+ name: '*'
+ state: latest
+ when: update_packages|bool
+
+- name: Install packages
+ package:
+ name: "{{ packages }}"
+ state: latest
+ # knot-utils may be missing on opensuse (depending on upstream vs downstream pkg)
+ failed_when: false
+
+- name: Always print package version at the end
+ block:
+
+ - include: restart_kresd.yaml
+
+ - include: test_udp.yaml
+ - include: test_tcp.yaml
+ - include: test_tls.yaml
+ - include: test_dnssec.yaml
+
+ - include: test_kres_cache_gc.yaml
+
+ - name: Test DoH (new implementation)
+ block:
+ - include: configure_doh2.yaml
+ - include: restart_kresd.yaml
+ - include: test_doh2.yaml
+
+ - name: Test DoH (legacy)
+ block:
+ - name: Install knot-resolver-module-http
+ package:
+ name: knot-resolver-module-http
+ state: latest
+
+ - include: configure_doh.yaml
+ when: ansible_distribution in ["CentOS", "Rocky", "Fedora", "Debian", "Ubuntu"]
+
+ - include: restart_kresd.yaml
+ - include: test_doh.yaml
+ when: distro in ["Fedora", "Debian", "CentOS", "Rocky"] or (distro == "Ubuntu" and ansible_distribution_major_version|int >= 18)
+
+ - name: Test dnstap module
+ block:
+ - name: Install knot-resolver-module-dnstap
+ package:
+ name: knot-resolver-module-dnstap
+ state: latest
+ - include: configure_dnstap.yaml
+ - include: restart_kresd.yaml
+ when: distro in ["Fedora", "Debian", "CentOS", "Rocky", "Ubuntu"]
+
+ always:
+
+ - name: Get installed package version
+ shell: "{{ show_package_version }}"
+ args:
+ warn: false
+ register: package_version
+
+ - name: Show installed version
+ debug:
+ var: package_version.stdout
diff --git a/distro/tests/ansible-roles/knot_resolver/tasks/restart_kresd.yaml b/distro/tests/ansible-roles/knot_resolver/tasks/restart_kresd.yaml
new file mode 100644
index 0000000..00dbf5d
--- /dev/null
+++ b/distro/tests/ansible-roles/knot_resolver/tasks/restart_kresd.yaml
@@ -0,0 +1,16 @@
+---
+# SPDX-License-Identifier: GPL-3.0-or-later
+- block:
+ - name: Restart kresd@1.service
+ service:
+ name: kresd@1.service
+ state: restarted
+ rescue:
+ - name: Get kresd@1.service journal
+ shell: journalctl -u kresd@1 --since -20s
+ register: journal
+ - name: Print journal
+ debug:
+ var: journal
+ - name: Restart kresd@*.service failed, see log above
+ shell: /bin/false
diff --git a/distro/tests/ansible-roles/knot_resolver/tasks/test_dnssec.yaml b/distro/tests/ansible-roles/knot_resolver/tasks/test_dnssec.yaml
new file mode 100644
index 0000000..1cc6ea3
--- /dev/null
+++ b/distro/tests/ansible-roles/knot_resolver/tasks/test_dnssec.yaml
@@ -0,0 +1,15 @@
+---
+# SPDX-License-Identifier: GPL-3.0-or-later
+- name: dnssec_test rhybar.cz. +cd returns NOERROR
+ tags:
+ - test
+ shell: kdig +cd @127.0.0.1 rhybar.cz.
+ register: res
+ failed_when: '"status: NOERROR" not in res.stdout'
+
+- name: dnssec_test rhybar.cz. returns SERVFAIL
+ tags:
+ - test
+ shell: kdig +timeout=16 @127.0.0.1 rhybar.cz.
+ register: res
+ failed_when: '"status: SERVFAIL" not in res.stdout'
diff --git a/distro/tests/ansible-roles/knot_resolver/tasks/test_doh.yaml b/distro/tests/ansible-roles/knot_resolver/tasks/test_doh.yaml
new file mode 100644
index 0000000..2c200e1
--- /dev/null
+++ b/distro/tests/ansible-roles/knot_resolver/tasks/test_doh.yaml
@@ -0,0 +1,9 @@
+---
+# SPDX-License-Identifier: GPL-3.0-or-later
+- name: doh_test query localhost. A
+ get_url:
+ url: https://127.0.0.1:44353/doh?dns=1Y0BAAABAAAAAAAACWxvY2FsaG9zdAAAAQAB
+ sha256sum: e5c2710e6ecb78c089ab608ad5861b87be0d1c623c4d58b4eee3b21c06aa2008
+ dest: /tmp/doh_test
+ mode: 0644
+ validate_certs: false
diff --git a/distro/tests/ansible-roles/knot_resolver/tasks/test_doh2.yaml b/distro/tests/ansible-roles/knot_resolver/tasks/test_doh2.yaml
new file mode 100644
index 0000000..32cf295
--- /dev/null
+++ b/distro/tests/ansible-roles/knot_resolver/tasks/test_doh2.yaml
@@ -0,0 +1,24 @@
+---
+# SPDX-License-Identifier: GPL-3.0-or-later
+- name: doh2_test check kdig https support
+ shell: kdig --help | grep -q '+\S*https'
+ register: kdig_https
+ ignore_errors: true
+
+- name: doh2_test query localhost. A
+ # use curl instead of ansible builtins (get_url/uri)
+ # because they currently use unsupported HTTP/1.1
+ shell: |
+ curl -k -o /tmp/doh_test https://127.0.0.1:44354/doh?dns=1Y0BAAABAAAAAAAACWxvY2FsaG9zdAAAAQAB
+ echo "e5c2710e6ecb78c089ab608ad5861b87be0d1c623c4d58b4eee3b21c06aa2008 /tmp/doh_test" > /tmp/doh_test.sha256
+ sha256sum --check /tmp/doh_test.sha256
+ args:
+ # disable warning about using curl - we know what we're doing
+ warn: false
+ when: kdig_https is failed
+
+- name: doh2_test kdig localhost. A
+ shell: |
+ kdig @127.0.0.1 -p 44354 +https nic.cz || exit 1
+ kdig @127.0.0.1 -p 44354 +https-get nic.cz || exit 2
+ when: kdig_https is succeeded
diff --git a/distro/tests/ansible-roles/knot_resolver/tasks/test_kres_cache_gc.yaml b/distro/tests/ansible-roles/knot_resolver/tasks/test_kres_cache_gc.yaml
new file mode 100644
index 0000000..3a7c9c9
--- /dev/null
+++ b/distro/tests/ansible-roles/knot_resolver/tasks/test_kres_cache_gc.yaml
@@ -0,0 +1,4 @@
+---
+# SPDX-License-Identifier: GPL-3.0-or-later
+- name: check kres-cache-gc.service is active
+ shell: systemctl is-active -q kres-cache-gc.service
diff --git a/distro/tests/ansible-roles/knot_resolver/tasks/test_tcp.yaml b/distro/tests/ansible-roles/knot_resolver/tasks/test_tcp.yaml
new file mode 100644
index 0000000..1af18fd
--- /dev/null
+++ b/distro/tests/ansible-roles/knot_resolver/tasks/test_tcp.yaml
@@ -0,0 +1,8 @@
+---
+# SPDX-License-Identifier: GPL-3.0-or-later
+- name: tcp_test resolve nic.cz
+ tags:
+ - test
+ shell: kdig +tcp @127.0.0.1 nic.cz
+ register: res
+ failed_when: '"status: NOERROR" not in res.stdout'
diff --git a/distro/tests/ansible-roles/knot_resolver/tasks/test_tls.yaml b/distro/tests/ansible-roles/knot_resolver/tasks/test_tls.yaml
new file mode 100644
index 0000000..c780657
--- /dev/null
+++ b/distro/tests/ansible-roles/knot_resolver/tasks/test_tls.yaml
@@ -0,0 +1,8 @@
+---
+# SPDX-License-Identifier: GPL-3.0-or-later
+- name: tls_test resolve nic.cz
+ tags:
+ - test
+ shell: kdig +tls @127.0.0.1 nic.cz
+ register: res
+ failed_when: '"status: NOERROR" not in res.stdout'
diff --git a/distro/tests/ansible-roles/knot_resolver/tasks/test_udp.yaml b/distro/tests/ansible-roles/knot_resolver/tasks/test_udp.yaml
new file mode 100644
index 0000000..64023ff
--- /dev/null
+++ b/distro/tests/ansible-roles/knot_resolver/tasks/test_udp.yaml
@@ -0,0 +1,8 @@
+---
+# SPDX-License-Identifier: GPL-3.0-or-later
+- name: udp_test resolve nic.cz
+ tags:
+ - test
+ shell: kdig @127.0.0.1 nic.cz
+ register: res
+ failed_when: '"status: NOERROR" not in res.stdout'
diff --git a/distro/tests/ansible-roles/knot_resolver/vars/CentOS.yaml b/distro/tests/ansible-roles/knot_resolver/vars/CentOS.yaml
new file mode 100644
index 0000000..d69cb13
--- /dev/null
+++ b/distro/tests/ansible-roles/knot_resolver/vars/CentOS.yaml
@@ -0,0 +1,6 @@
+---
+# SPDX-License-Identifier: GPL-3.0-or-later
+show_package_version: rpm -qi knot-resolver | grep '^Version'
+packages:
+ - knot-resolver
+ - knot-utils
diff --git a/distro/tests/ansible-roles/knot_resolver/vars/Debian.yaml b/distro/tests/ansible-roles/knot_resolver/vars/Debian.yaml
new file mode 100644
index 0000000..bcdc37a
--- /dev/null
+++ b/distro/tests/ansible-roles/knot_resolver/vars/Debian.yaml
@@ -0,0 +1,6 @@
+---
+# SPDX-License-Identifier: GPL-3.0-or-later
+show_package_version: dpkg -s knot-resolver | grep '^Version'
+packages:
+ - knot-resolver
+ - knot-dnsutils
diff --git a/distro/tests/ansible-roles/knot_resolver/vars/Fedora.yaml b/distro/tests/ansible-roles/knot_resolver/vars/Fedora.yaml
new file mode 100644
index 0000000..d69cb13
--- /dev/null
+++ b/distro/tests/ansible-roles/knot_resolver/vars/Fedora.yaml
@@ -0,0 +1,6 @@
+---
+# SPDX-License-Identifier: GPL-3.0-or-later
+show_package_version: rpm -qi knot-resolver | grep '^Version'
+packages:
+ - knot-resolver
+ - knot-utils
diff --git a/distro/tests/ansible-roles/knot_resolver/vars/Rocky.yaml b/distro/tests/ansible-roles/knot_resolver/vars/Rocky.yaml
new file mode 100644
index 0000000..d69cb13
--- /dev/null
+++ b/distro/tests/ansible-roles/knot_resolver/vars/Rocky.yaml
@@ -0,0 +1,6 @@
+---
+# SPDX-License-Identifier: GPL-3.0-or-later
+show_package_version: rpm -qi knot-resolver | grep '^Version'
+packages:
+ - knot-resolver
+ - knot-utils
diff --git a/distro/tests/ansible-roles/knot_resolver/vars/Ubuntu.yaml b/distro/tests/ansible-roles/knot_resolver/vars/Ubuntu.yaml
new file mode 100644
index 0000000..bcdc37a
--- /dev/null
+++ b/distro/tests/ansible-roles/knot_resolver/vars/Ubuntu.yaml
@@ -0,0 +1,6 @@
+---
+# SPDX-License-Identifier: GPL-3.0-or-later
+show_package_version: dpkg -s knot-resolver | grep '^Version'
+packages:
+ - knot-resolver
+ - knot-dnsutils
diff --git a/distro/tests/ansible-roles/knot_resolver/vars/openSUSE_Leap.yaml b/distro/tests/ansible-roles/knot_resolver/vars/openSUSE_Leap.yaml
new file mode 100644
index 0000000..d69cb13
--- /dev/null
+++ b/distro/tests/ansible-roles/knot_resolver/vars/openSUSE_Leap.yaml
@@ -0,0 +1,6 @@
+---
+# SPDX-License-Identifier: GPL-3.0-or-later
+show_package_version: rpm -qi knot-resolver | grep '^Version'
+packages:
+ - knot-resolver
+ - knot-utils
diff --git a/distro/tests/ansible-roles/knot_resolver/vars/openSUSE_Tumbleweed.yaml b/distro/tests/ansible-roles/knot_resolver/vars/openSUSE_Tumbleweed.yaml
new file mode 100644
index 0000000..39d5ef0
--- /dev/null
+++ b/distro/tests/ansible-roles/knot_resolver/vars/openSUSE_Tumbleweed.yaml
@@ -0,0 +1,7 @@
+---
+# SPDX-License-Identifier: GPL-3.0-or-later
+show_package_version: rpm -qi knot-resolver | grep '^Version'
+update_packages: true
+packages:
+ - knot-resolver
+ - knot-utils
diff --git a/distro/tests/ansible-roles/obs_repos/defaults/main.yaml b/distro/tests/ansible-roles/obs_repos/defaults/main.yaml
new file mode 100644
index 0000000..05ffcb6
--- /dev/null
+++ b/distro/tests/ansible-roles/obs_repos/defaults/main.yaml
@@ -0,0 +1,4 @@
+---
+# SPDX-License-Identifier: GPL-3.0-or-later
+obs_distro: "{{ ansible_distribution | replace(' ', '_') }}"
+obs_repofile_url: "https://download.opensuse.org/repositories/home:CZ-NIC:{{ item }}/{{ obs_repo_version }}/home:CZ-NIC:{{ item }}.repo"
diff --git a/distro/tests/ansible-roles/obs_repos/tasks/CentOS.yaml b/distro/tests/ansible-roles/obs_repos/tasks/CentOS.yaml
new file mode 100644
index 0000000..2333a95
--- /dev/null
+++ b/distro/tests/ansible-roles/obs_repos/tasks/CentOS.yaml
@@ -0,0 +1,18 @@
+---
+# SPDX-License-Identifier: GPL-3.0-or-later
+- name: update CA certificates
+ yum:
+ name: ca-certificates
+ state: latest
+
+- name: Install EPEL
+ yum:
+ name: epel-release
+ state: present
+
+- name: Download repo file(s)
+ get_url:
+ url: "{{ obs_repofile_url }}"
+ dest: /etc/yum.repos.d/home:CZ-NIC:{{ item }}.repo
+ mode: 0644
+ with_items: "{{ repos }}"
diff --git a/distro/tests/ansible-roles/obs_repos/tasks/Debian.yaml b/distro/tests/ansible-roles/obs_repos/tasks/Debian.yaml
new file mode 100644
index 0000000..6220f89
--- /dev/null
+++ b/distro/tests/ansible-roles/obs_repos/tasks/Debian.yaml
@@ -0,0 +1,15 @@
+---
+# SPDX-License-Identifier: GPL-3.0-or-later
+- name: Add upstream package signing key
+ get_url:
+ url: https://gitlab.nic.cz/knot/knot-resolver-release/raw/master/cznic-obs.gpg.asc
+ dest: /etc/apt/trusted.gpg.d/cznic-obs.gpg.asc
+ mode: 0644
+
+- name: Add OBS repo(s)
+ apt_repository:
+ repo: >
+ deb http://download.opensuse.org/repositories/home:/CZ-NIC:/{{ item }}/{{ obs_repo_version }}/ /
+ state: present
+ update_cache: true
+ with_items: "{{ repos }}"
diff --git a/distro/tests/ansible-roles/obs_repos/tasks/Fedora.yaml b/distro/tests/ansible-roles/obs_repos/tasks/Fedora.yaml
new file mode 100644
index 0000000..520e057
--- /dev/null
+++ b/distro/tests/ansible-roles/obs_repos/tasks/Fedora.yaml
@@ -0,0 +1,8 @@
+---
+# SPDX-License-Identifier: GPL-3.0-or-later
+- name: Download repo file(s)
+ get_url:
+ url: "{{ obs_repofile_url }}"
+ dest: "/etc/yum.repos.d/home:CZ-NIC:{{ item }}.repo"
+ mode: 0644
+ with_items: "{{ repos }}"
diff --git a/distro/tests/ansible-roles/obs_repos/tasks/Rocky.yaml b/distro/tests/ansible-roles/obs_repos/tasks/Rocky.yaml
new file mode 100644
index 0000000..fecfbea
--- /dev/null
+++ b/distro/tests/ansible-roles/obs_repos/tasks/Rocky.yaml
@@ -0,0 +1,13 @@
+---
+# SPDX-License-Identifier: GPL-3.0-or-later
+- name: Install EPEL
+ yum:
+ name: epel-release
+ state: present
+
+- name: Download repo file(s)
+ get_url:
+ url: "{{ obs_repofile_url }}"
+ dest: /etc/yum.repos.d/home:CZ-NIC:{{ item }}.repo
+ mode: 0644
+ with_items: "{{ repos }}"
diff --git a/distro/tests/ansible-roles/obs_repos/tasks/Ubuntu.yaml b/distro/tests/ansible-roles/obs_repos/tasks/Ubuntu.yaml
new file mode 100644
index 0000000..ba424c4
--- /dev/null
+++ b/distro/tests/ansible-roles/obs_repos/tasks/Ubuntu.yaml
@@ -0,0 +1,14 @@
+---
+# SPDX-License-Identifier: GPL-3.0-or-later
+- name: Add upstream package signing key
+ apt_key:
+ url: https://gitlab.nic.cz/knot/knot-resolver-release/raw/master/cznic-obs.gpg.asc
+ state: present
+
+- name: Add OBS repo(s)
+ apt_repository:
+ repo: >
+ deb http://download.opensuse.org/repositories/home:/CZ-NIC:/{{ item }}/{{ obs_repo_version }}/ /
+ state: present
+ update_cache: true
+ with_items: "{{ repos }}"
diff --git a/distro/tests/ansible-roles/obs_repos/tasks/main.yaml b/distro/tests/ansible-roles/obs_repos/tasks/main.yaml
new file mode 100644
index 0000000..6bae001
--- /dev/null
+++ b/distro/tests/ansible-roles/obs_repos/tasks/main.yaml
@@ -0,0 +1,12 @@
+---
+# SPDX-License-Identifier: GPL-3.0-or-later
+- name: Include Debian specific vars
+ include_vars: "{{ obs_distro }}_{{ ansible_distribution_major_version }}.yaml"
+ when: obs_distro == "Debian"
+
+- name: Include distribution specific vars
+ include_vars: "{{ obs_distro }}.yaml"
+ when: obs_distro != "Debian"
+
+- name: Configure upstream repositories
+ include: "{{ obs_distro }}.yaml"
diff --git a/distro/tests/ansible-roles/obs_repos/tasks/openSUSE_Leap.yaml b/distro/tests/ansible-roles/obs_repos/tasks/openSUSE_Leap.yaml
new file mode 100644
index 0000000..84ab5a9
--- /dev/null
+++ b/distro/tests/ansible-roles/obs_repos/tasks/openSUSE_Leap.yaml
@@ -0,0 +1,19 @@
+---
+# SPDX-License-Identifier: GPL-3.0-or-later
+- name: Install python-xml dependency for zypper_repository
+ shell: zypper install -y python-xml
+ args:
+ warn: false
+
+- name: Add upstream repo(s)
+ zypper_repository:
+ repo: "{{ obs_repofile_url }}"
+ state: present
+ disable_gpg_check: true # auto_import_keys is broken
+ with_items: "{{ repos }}"
+
+- name: Refresh all repositories
+ zypper_repository:
+ repo: '*'
+ runrefresh: true
+ failed_when: false
diff --git a/distro/tests/ansible-roles/obs_repos/tasks/openSUSE_Tumbleweed.yaml b/distro/tests/ansible-roles/obs_repos/tasks/openSUSE_Tumbleweed.yaml
new file mode 100644
index 0000000..c063014
--- /dev/null
+++ b/distro/tests/ansible-roles/obs_repos/tasks/openSUSE_Tumbleweed.yaml
@@ -0,0 +1,13 @@
+---
+# SPDX-License-Identifier: GPL-3.0-or-later
+- name: Add upstream repo(s)
+ zypper_repository:
+ repo: "{{ obs_repofile_url }}"
+ state: present
+ disable_gpg_check: true # auto_import_keys is broken
+ with_items: "{{ repos }}"
+
+- name: Refresh all repositories
+ zypper_repository:
+ repo: '*'
+ runrefresh: true
diff --git a/distro/tests/ansible-roles/obs_repos/vars/CentOS.yaml b/distro/tests/ansible-roles/obs_repos/vars/CentOS.yaml
new file mode 100644
index 0000000..22b4795
--- /dev/null
+++ b/distro/tests/ansible-roles/obs_repos/vars/CentOS.yaml
@@ -0,0 +1,3 @@
+---
+# SPDX-License-Identifier: GPL-3.0-or-later
+obs_repo_version: "{{ obs_distro }}_{{ ansible_distribution_major_version }}_EPEL"
diff --git a/distro/tests/ansible-roles/obs_repos/vars/Debian_10.yaml b/distro/tests/ansible-roles/obs_repos/vars/Debian_10.yaml
new file mode 100644
index 0000000..5db857e
--- /dev/null
+++ b/distro/tests/ansible-roles/obs_repos/vars/Debian_10.yaml
@@ -0,0 +1,3 @@
+---
+# SPDX-License-Identifier: GPL-3.0-or-later
+obs_repo_version: "{{ obs_distro }}_{{ ansible_distribution_major_version }}"
diff --git a/distro/tests/ansible-roles/obs_repos/vars/Debian_11.yaml b/distro/tests/ansible-roles/obs_repos/vars/Debian_11.yaml
new file mode 120000
index 0000000..4babdf4
--- /dev/null
+++ b/distro/tests/ansible-roles/obs_repos/vars/Debian_11.yaml
@@ -0,0 +1 @@
+Debian_10.yaml \ No newline at end of file
diff --git a/distro/tests/ansible-roles/obs_repos/vars/Debian_9.yaml b/distro/tests/ansible-roles/obs_repos/vars/Debian_9.yaml
new file mode 100644
index 0000000..21cce25
--- /dev/null
+++ b/distro/tests/ansible-roles/obs_repos/vars/Debian_9.yaml
@@ -0,0 +1,3 @@
+---
+# SPDX-License-Identifier: GPL-3.0-or-later
+obs_repo_version: "{{ obs_distro }}_{{ ansible_distribution_major_version }}.0"
diff --git a/distro/tests/ansible-roles/obs_repos/vars/Fedora.yaml b/distro/tests/ansible-roles/obs_repos/vars/Fedora.yaml
new file mode 100644
index 0000000..5db857e
--- /dev/null
+++ b/distro/tests/ansible-roles/obs_repos/vars/Fedora.yaml
@@ -0,0 +1,3 @@
+---
+# SPDX-License-Identifier: GPL-3.0-or-later
+obs_repo_version: "{{ obs_distro }}_{{ ansible_distribution_major_version }}"
diff --git a/distro/tests/ansible-roles/obs_repos/vars/Rocky.yaml b/distro/tests/ansible-roles/obs_repos/vars/Rocky.yaml
new file mode 100644
index 0000000..b8b5274
--- /dev/null
+++ b/distro/tests/ansible-roles/obs_repos/vars/Rocky.yaml
@@ -0,0 +1,3 @@
+---
+# SPDX-License-Identifier: GPL-3.0-or-later
+obs_repo_version: "CentOS_{{ ansible_distribution_major_version }}_EPEL"
diff --git a/distro/tests/ansible-roles/obs_repos/vars/Ubuntu.yaml b/distro/tests/ansible-roles/obs_repos/vars/Ubuntu.yaml
new file mode 100644
index 0000000..4e5cd2c
--- /dev/null
+++ b/distro/tests/ansible-roles/obs_repos/vars/Ubuntu.yaml
@@ -0,0 +1,3 @@
+---
+# SPDX-License-Identifier: GPL-3.0-or-later
+obs_repo_version: "x{{ obs_distro }}_{{ ansible_distribution_version }}"
diff --git a/distro/tests/ansible-roles/obs_repos/vars/openSUSE_Leap.yaml b/distro/tests/ansible-roles/obs_repos/vars/openSUSE_Leap.yaml
new file mode 100644
index 0000000..7dbd7d8
--- /dev/null
+++ b/distro/tests/ansible-roles/obs_repos/vars/openSUSE_Leap.yaml
@@ -0,0 +1,3 @@
+---
+# SPDX-License-Identifier: GPL-3.0-or-later
+obs_repo_version: "{{ obs_distro }}_{{ ansible_distribution_version }}"
diff --git a/distro/tests/ansible-roles/obs_repos/vars/openSUSE_Tumbleweed.yaml b/distro/tests/ansible-roles/obs_repos/vars/openSUSE_Tumbleweed.yaml
new file mode 100644
index 0000000..d875db7
--- /dev/null
+++ b/distro/tests/ansible-roles/obs_repos/vars/openSUSE_Tumbleweed.yaml
@@ -0,0 +1,3 @@
+---
+# SPDX-License-Identifier: GPL-3.0-or-later
+obs_repo_version: "{{ obs_distro }}"