summaryrefslogtreecommitdiffstats
path: root/distro/tests/ansible-roles/knot_resolver
diff options
context:
space:
mode:
Diffstat (limited to 'distro/tests/ansible-roles/knot_resolver')
-rw-r--r--distro/tests/ansible-roles/knot_resolver/defaults/main.yaml6
-rw-r--r--distro/tests/ansible-roles/knot_resolver/tasks/configure_dnstap.yaml10
-rw-r--r--distro/tests/ansible-roles/knot_resolver/tasks/configure_doh.yaml10
-rw-r--r--distro/tests/ansible-roles/knot_resolver/tasks/configure_doh2.yaml8
-rw-r--r--distro/tests/ansible-roles/knot_resolver/tasks/main.yaml71
-rw-r--r--distro/tests/ansible-roles/knot_resolver/tasks/restart_kresd.yaml16
-rw-r--r--distro/tests/ansible-roles/knot_resolver/tasks/test_dnssec.yaml15
-rw-r--r--distro/tests/ansible-roles/knot_resolver/tasks/test_doh.yaml9
-rw-r--r--distro/tests/ansible-roles/knot_resolver/tasks/test_doh2.yaml24
-rw-r--r--distro/tests/ansible-roles/knot_resolver/tasks/test_kres_cache_gc.yaml4
-rw-r--r--distro/tests/ansible-roles/knot_resolver/tasks/test_tcp.yaml8
-rw-r--r--distro/tests/ansible-roles/knot_resolver/tasks/test_tls.yaml8
-rw-r--r--distro/tests/ansible-roles/knot_resolver/tasks/test_udp.yaml8
-rw-r--r--distro/tests/ansible-roles/knot_resolver/vars/CentOS.yaml6
-rw-r--r--distro/tests/ansible-roles/knot_resolver/vars/Debian.yaml6
-rw-r--r--distro/tests/ansible-roles/knot_resolver/vars/Fedora.yaml6
-rw-r--r--distro/tests/ansible-roles/knot_resolver/vars/Rocky.yaml6
-rw-r--r--distro/tests/ansible-roles/knot_resolver/vars/Ubuntu.yaml6
-rw-r--r--distro/tests/ansible-roles/knot_resolver/vars/openSUSE_Leap.yaml6
-rw-r--r--distro/tests/ansible-roles/knot_resolver/vars/openSUSE_Tumbleweed.yaml7
20 files changed, 240 insertions, 0 deletions
diff --git a/distro/tests/ansible-roles/knot_resolver/defaults/main.yaml b/distro/tests/ansible-roles/knot_resolver/defaults/main.yaml
new file mode 100644
index 0000000..0860c26
--- /dev/null
+++ b/distro/tests/ansible-roles/knot_resolver/defaults/main.yaml
@@ -0,0 +1,6 @@
+---
+# SPDX-License-Identifier: GPL-3.0-or-later
+repos:
+ - knot-resolver-latest
+distro: "{{ ansible_distribution | replace(' ', '_') }}"
+update_packages: false
diff --git a/distro/tests/ansible-roles/knot_resolver/tasks/configure_dnstap.yaml b/distro/tests/ansible-roles/knot_resolver/tasks/configure_dnstap.yaml
new file mode 100644
index 0000000..817b117
--- /dev/null
+++ b/distro/tests/ansible-roles/knot_resolver/tasks/configure_dnstap.yaml
@@ -0,0 +1,10 @@
+---
+# SPDX-License-Identifier: GPL-3.0-or-later
+- name: dnstap_config set up kresd.conf
+ blockinfile:
+ marker: -- {mark} ANSIBLE MANAGED BLOCK
+ block: |
+ modules.load('dnstap')
+ assert(dnstap)
+ path: /etc/knot-resolver/kresd.conf
+ insertbefore: BOF
diff --git a/distro/tests/ansible-roles/knot_resolver/tasks/configure_doh.yaml b/distro/tests/ansible-roles/knot_resolver/tasks/configure_doh.yaml
new file mode 100644
index 0000000..cd4e749
--- /dev/null
+++ b/distro/tests/ansible-roles/knot_resolver/tasks/configure_doh.yaml
@@ -0,0 +1,10 @@
+---
+# SPDX-License-Identifier: GPL-3.0-or-later
+- name: doh_config set up kresd.conf
+ blockinfile:
+ marker: -- {mark} ANSIBLE MANAGED BLOCK
+ block: |
+ net.listen('127.0.0.1', 44353, { kind = 'doh_legacy' })
+ modules.load('http')
+ path: /etc/knot-resolver/kresd.conf
+ insertbefore: BOF
diff --git a/distro/tests/ansible-roles/knot_resolver/tasks/configure_doh2.yaml b/distro/tests/ansible-roles/knot_resolver/tasks/configure_doh2.yaml
new file mode 100644
index 0000000..eebca20
--- /dev/null
+++ b/distro/tests/ansible-roles/knot_resolver/tasks/configure_doh2.yaml
@@ -0,0 +1,8 @@
+---
+# SPDX-License-Identifier: GPL-3.0-or-later
+- name: doh2_config set up kresd.conf
+ blockinfile:
+ marker: -- {mark} ANSIBLE MANAGED BLOCK
+ block: |
+ net.listen('127.0.0.1', 44354, { kind = 'doh2' })
+ path: /etc/knot-resolver/kresd.conf
diff --git a/distro/tests/ansible-roles/knot_resolver/tasks/main.yaml b/distro/tests/ansible-roles/knot_resolver/tasks/main.yaml
new file mode 100644
index 0000000..8d683c8
--- /dev/null
+++ b/distro/tests/ansible-roles/knot_resolver/tasks/main.yaml
@@ -0,0 +1,71 @@
+---
+# SPDX-License-Identifier: GPL-3.0-or-later
+- name: Include distribution specific vars
+ include_vars: "{{ distro }}.yaml"
+
+- name: Update all packages
+ package:
+ name: '*'
+ state: latest
+ when: update_packages|bool
+
+- name: Install packages
+ package:
+ name: "{{ packages }}"
+ state: latest
+ # knot-utils may be missing on opensuse (depending on upstream vs downstream pkg)
+ failed_when: false
+
+- name: Always print package version at the end
+ block:
+
+ - include: restart_kresd.yaml
+
+ - include: test_udp.yaml
+ - include: test_tcp.yaml
+ - include: test_tls.yaml
+ - include: test_dnssec.yaml
+
+ - include: test_kres_cache_gc.yaml
+
+ - name: Test DoH (new implementation)
+ block:
+ - include: configure_doh2.yaml
+ - include: restart_kresd.yaml
+ - include: test_doh2.yaml
+
+ - name: Test DoH (legacy)
+ block:
+ - name: Install knot-resolver-module-http
+ package:
+ name: knot-resolver-module-http
+ state: latest
+
+ - include: configure_doh.yaml
+ when: ansible_distribution in ["CentOS", "Rocky", "Fedora", "Debian", "Ubuntu"]
+
+ - include: restart_kresd.yaml
+ - include: test_doh.yaml
+ when: distro in ["Fedora", "Debian", "CentOS", "Rocky"] or (distro == "Ubuntu" and ansible_distribution_major_version|int >= 18)
+
+ - name: Test dnstap module
+ block:
+ - name: Install knot-resolver-module-dnstap
+ package:
+ name: knot-resolver-module-dnstap
+ state: latest
+ - include: configure_dnstap.yaml
+ - include: restart_kresd.yaml
+ when: distro in ["Fedora", "Debian", "CentOS", "Rocky", "Ubuntu"]
+
+ always:
+
+ - name: Get installed package version
+ shell: "{{ show_package_version }}"
+ args:
+ warn: false
+ register: package_version
+
+ - name: Show installed version
+ debug:
+ var: package_version.stdout
diff --git a/distro/tests/ansible-roles/knot_resolver/tasks/restart_kresd.yaml b/distro/tests/ansible-roles/knot_resolver/tasks/restart_kresd.yaml
new file mode 100644
index 0000000..00dbf5d
--- /dev/null
+++ b/distro/tests/ansible-roles/knot_resolver/tasks/restart_kresd.yaml
@@ -0,0 +1,16 @@
+---
+# SPDX-License-Identifier: GPL-3.0-or-later
+- block:
+ - name: Restart kresd@1.service
+ service:
+ name: kresd@1.service
+ state: restarted
+ rescue:
+ - name: Get kresd@1.service journal
+ shell: journalctl -u kresd@1 --since -20s
+ register: journal
+ - name: Print journal
+ debug:
+ var: journal
+ - name: Restart kresd@*.service failed, see log above
+ shell: /bin/false
diff --git a/distro/tests/ansible-roles/knot_resolver/tasks/test_dnssec.yaml b/distro/tests/ansible-roles/knot_resolver/tasks/test_dnssec.yaml
new file mode 100644
index 0000000..1cc6ea3
--- /dev/null
+++ b/distro/tests/ansible-roles/knot_resolver/tasks/test_dnssec.yaml
@@ -0,0 +1,15 @@
+---
+# SPDX-License-Identifier: GPL-3.0-or-later
+- name: dnssec_test rhybar.cz. +cd returns NOERROR
+ tags:
+ - test
+ shell: kdig +cd @127.0.0.1 rhybar.cz.
+ register: res
+ failed_when: '"status: NOERROR" not in res.stdout'
+
+- name: dnssec_test rhybar.cz. returns SERVFAIL
+ tags:
+ - test
+ shell: kdig +timeout=16 @127.0.0.1 rhybar.cz.
+ register: res
+ failed_when: '"status: SERVFAIL" not in res.stdout'
diff --git a/distro/tests/ansible-roles/knot_resolver/tasks/test_doh.yaml b/distro/tests/ansible-roles/knot_resolver/tasks/test_doh.yaml
new file mode 100644
index 0000000..2c200e1
--- /dev/null
+++ b/distro/tests/ansible-roles/knot_resolver/tasks/test_doh.yaml
@@ -0,0 +1,9 @@
+---
+# SPDX-License-Identifier: GPL-3.0-or-later
+- name: doh_test query localhost. A
+ get_url:
+ url: https://127.0.0.1:44353/doh?dns=1Y0BAAABAAAAAAAACWxvY2FsaG9zdAAAAQAB
+ sha256sum: e5c2710e6ecb78c089ab608ad5861b87be0d1c623c4d58b4eee3b21c06aa2008
+ dest: /tmp/doh_test
+ mode: 0644
+ validate_certs: false
diff --git a/distro/tests/ansible-roles/knot_resolver/tasks/test_doh2.yaml b/distro/tests/ansible-roles/knot_resolver/tasks/test_doh2.yaml
new file mode 100644
index 0000000..32cf295
--- /dev/null
+++ b/distro/tests/ansible-roles/knot_resolver/tasks/test_doh2.yaml
@@ -0,0 +1,24 @@
+---
+# SPDX-License-Identifier: GPL-3.0-or-later
+- name: doh2_test check kdig https support
+ shell: kdig --help | grep -q '+\S*https'
+ register: kdig_https
+ ignore_errors: true
+
+- name: doh2_test query localhost. A
+ # use curl instead of ansible builtins (get_url/uri)
+ # because they currently use unsupported HTTP/1.1
+ shell: |
+ curl -k -o /tmp/doh_test https://127.0.0.1:44354/doh?dns=1Y0BAAABAAAAAAAACWxvY2FsaG9zdAAAAQAB
+ echo "e5c2710e6ecb78c089ab608ad5861b87be0d1c623c4d58b4eee3b21c06aa2008 /tmp/doh_test" > /tmp/doh_test.sha256
+ sha256sum --check /tmp/doh_test.sha256
+ args:
+ # disable warning about using curl - we know what we're doing
+ warn: false
+ when: kdig_https is failed
+
+- name: doh2_test kdig localhost. A
+ shell: |
+ kdig @127.0.0.1 -p 44354 +https nic.cz || exit 1
+ kdig @127.0.0.1 -p 44354 +https-get nic.cz || exit 2
+ when: kdig_https is succeeded
diff --git a/distro/tests/ansible-roles/knot_resolver/tasks/test_kres_cache_gc.yaml b/distro/tests/ansible-roles/knot_resolver/tasks/test_kres_cache_gc.yaml
new file mode 100644
index 0000000..3a7c9c9
--- /dev/null
+++ b/distro/tests/ansible-roles/knot_resolver/tasks/test_kres_cache_gc.yaml
@@ -0,0 +1,4 @@
+---
+# SPDX-License-Identifier: GPL-3.0-or-later
+- name: check kres-cache-gc.service is active
+ shell: systemctl is-active -q kres-cache-gc.service
diff --git a/distro/tests/ansible-roles/knot_resolver/tasks/test_tcp.yaml b/distro/tests/ansible-roles/knot_resolver/tasks/test_tcp.yaml
new file mode 100644
index 0000000..1af18fd
--- /dev/null
+++ b/distro/tests/ansible-roles/knot_resolver/tasks/test_tcp.yaml
@@ -0,0 +1,8 @@
+---
+# SPDX-License-Identifier: GPL-3.0-or-later
+- name: tcp_test resolve nic.cz
+ tags:
+ - test
+ shell: kdig +tcp @127.0.0.1 nic.cz
+ register: res
+ failed_when: '"status: NOERROR" not in res.stdout'
diff --git a/distro/tests/ansible-roles/knot_resolver/tasks/test_tls.yaml b/distro/tests/ansible-roles/knot_resolver/tasks/test_tls.yaml
new file mode 100644
index 0000000..c780657
--- /dev/null
+++ b/distro/tests/ansible-roles/knot_resolver/tasks/test_tls.yaml
@@ -0,0 +1,8 @@
+---
+# SPDX-License-Identifier: GPL-3.0-or-later
+- name: tls_test resolve nic.cz
+ tags:
+ - test
+ shell: kdig +tls @127.0.0.1 nic.cz
+ register: res
+ failed_when: '"status: NOERROR" not in res.stdout'
diff --git a/distro/tests/ansible-roles/knot_resolver/tasks/test_udp.yaml b/distro/tests/ansible-roles/knot_resolver/tasks/test_udp.yaml
new file mode 100644
index 0000000..64023ff
--- /dev/null
+++ b/distro/tests/ansible-roles/knot_resolver/tasks/test_udp.yaml
@@ -0,0 +1,8 @@
+---
+# SPDX-License-Identifier: GPL-3.0-or-later
+- name: udp_test resolve nic.cz
+ tags:
+ - test
+ shell: kdig @127.0.0.1 nic.cz
+ register: res
+ failed_when: '"status: NOERROR" not in res.stdout'
diff --git a/distro/tests/ansible-roles/knot_resolver/vars/CentOS.yaml b/distro/tests/ansible-roles/knot_resolver/vars/CentOS.yaml
new file mode 100644
index 0000000..d69cb13
--- /dev/null
+++ b/distro/tests/ansible-roles/knot_resolver/vars/CentOS.yaml
@@ -0,0 +1,6 @@
+---
+# SPDX-License-Identifier: GPL-3.0-or-later
+show_package_version: rpm -qi knot-resolver | grep '^Version'
+packages:
+ - knot-resolver
+ - knot-utils
diff --git a/distro/tests/ansible-roles/knot_resolver/vars/Debian.yaml b/distro/tests/ansible-roles/knot_resolver/vars/Debian.yaml
new file mode 100644
index 0000000..bcdc37a
--- /dev/null
+++ b/distro/tests/ansible-roles/knot_resolver/vars/Debian.yaml
@@ -0,0 +1,6 @@
+---
+# SPDX-License-Identifier: GPL-3.0-or-later
+show_package_version: dpkg -s knot-resolver | grep '^Version'
+packages:
+ - knot-resolver
+ - knot-dnsutils
diff --git a/distro/tests/ansible-roles/knot_resolver/vars/Fedora.yaml b/distro/tests/ansible-roles/knot_resolver/vars/Fedora.yaml
new file mode 100644
index 0000000..d69cb13
--- /dev/null
+++ b/distro/tests/ansible-roles/knot_resolver/vars/Fedora.yaml
@@ -0,0 +1,6 @@
+---
+# SPDX-License-Identifier: GPL-3.0-or-later
+show_package_version: rpm -qi knot-resolver | grep '^Version'
+packages:
+ - knot-resolver
+ - knot-utils
diff --git a/distro/tests/ansible-roles/knot_resolver/vars/Rocky.yaml b/distro/tests/ansible-roles/knot_resolver/vars/Rocky.yaml
new file mode 100644
index 0000000..d69cb13
--- /dev/null
+++ b/distro/tests/ansible-roles/knot_resolver/vars/Rocky.yaml
@@ -0,0 +1,6 @@
+---
+# SPDX-License-Identifier: GPL-3.0-or-later
+show_package_version: rpm -qi knot-resolver | grep '^Version'
+packages:
+ - knot-resolver
+ - knot-utils
diff --git a/distro/tests/ansible-roles/knot_resolver/vars/Ubuntu.yaml b/distro/tests/ansible-roles/knot_resolver/vars/Ubuntu.yaml
new file mode 100644
index 0000000..bcdc37a
--- /dev/null
+++ b/distro/tests/ansible-roles/knot_resolver/vars/Ubuntu.yaml
@@ -0,0 +1,6 @@
+---
+# SPDX-License-Identifier: GPL-3.0-or-later
+show_package_version: dpkg -s knot-resolver | grep '^Version'
+packages:
+ - knot-resolver
+ - knot-dnsutils
diff --git a/distro/tests/ansible-roles/knot_resolver/vars/openSUSE_Leap.yaml b/distro/tests/ansible-roles/knot_resolver/vars/openSUSE_Leap.yaml
new file mode 100644
index 0000000..d69cb13
--- /dev/null
+++ b/distro/tests/ansible-roles/knot_resolver/vars/openSUSE_Leap.yaml
@@ -0,0 +1,6 @@
+---
+# SPDX-License-Identifier: GPL-3.0-or-later
+show_package_version: rpm -qi knot-resolver | grep '^Version'
+packages:
+ - knot-resolver
+ - knot-utils
diff --git a/distro/tests/ansible-roles/knot_resolver/vars/openSUSE_Tumbleweed.yaml b/distro/tests/ansible-roles/knot_resolver/vars/openSUSE_Tumbleweed.yaml
new file mode 100644
index 0000000..39d5ef0
--- /dev/null
+++ b/distro/tests/ansible-roles/knot_resolver/vars/openSUSE_Tumbleweed.yaml
@@ -0,0 +1,7 @@
+---
+# SPDX-License-Identifier: GPL-3.0-or-later
+show_package_version: rpm -qi knot-resolver | grep '^Version'
+update_packages: true
+packages:
+ - knot-resolver
+ - knot-utils
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-02 09:44:04 +0000