From 830407e88f9d40d954356c3754f2647f91d5c06a Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sun, 7 Apr 2024 17:26:00 +0200 Subject: Adding upstream version 5.6.0. Signed-off-by: Daniel Baumann --- .../knot_resolver/tasks/configure_dnstap.yaml | 10 +++ .../knot_resolver/tasks/configure_doh.yaml | 10 +++ .../knot_resolver/tasks/configure_doh2.yaml | 8 +++ .../ansible-roles/knot_resolver/tasks/main.yaml | 71 ++++++++++++++++++++++ .../knot_resolver/tasks/restart_kresd.yaml | 16 +++++ .../knot_resolver/tasks/test_dnssec.yaml | 15 +++++ .../knot_resolver/tasks/test_doh.yaml | 9 +++ .../knot_resolver/tasks/test_doh2.yaml | 24 ++++++++ .../knot_resolver/tasks/test_kres_cache_gc.yaml | 4 ++ .../knot_resolver/tasks/test_tcp.yaml | 8 +++ .../knot_resolver/tasks/test_tls.yaml | 8 +++ .../knot_resolver/tasks/test_udp.yaml | 8 +++ 12 files changed, 191 insertions(+) create mode 100644 distro/tests/ansible-roles/knot_resolver/tasks/configure_dnstap.yaml create mode 100644 distro/tests/ansible-roles/knot_resolver/tasks/configure_doh.yaml create mode 100644 distro/tests/ansible-roles/knot_resolver/tasks/configure_doh2.yaml create mode 100644 distro/tests/ansible-roles/knot_resolver/tasks/main.yaml create mode 100644 distro/tests/ansible-roles/knot_resolver/tasks/restart_kresd.yaml create mode 100644 distro/tests/ansible-roles/knot_resolver/tasks/test_dnssec.yaml create mode 100644 distro/tests/ansible-roles/knot_resolver/tasks/test_doh.yaml create mode 100644 distro/tests/ansible-roles/knot_resolver/tasks/test_doh2.yaml create mode 100644 distro/tests/ansible-roles/knot_resolver/tasks/test_kres_cache_gc.yaml create mode 100644 distro/tests/ansible-roles/knot_resolver/tasks/test_tcp.yaml create mode 100644 distro/tests/ansible-roles/knot_resolver/tasks/test_tls.yaml create mode 100644 distro/tests/ansible-roles/knot_resolver/tasks/test_udp.yaml (limited to 'distro/tests/ansible-roles/knot_resolver/tasks') diff --git a/distro/tests/ansible-roles/knot_resolver/tasks/configure_dnstap.yaml b/distro/tests/ansible-roles/knot_resolver/tasks/configure_dnstap.yaml new file mode 100644 index 0000000..817b117 --- /dev/null +++ b/distro/tests/ansible-roles/knot_resolver/tasks/configure_dnstap.yaml @@ -0,0 +1,10 @@ +--- +# SPDX-License-Identifier: GPL-3.0-or-later +- name: dnstap_config set up kresd.conf + blockinfile: + marker: -- {mark} ANSIBLE MANAGED BLOCK + block: | + modules.load('dnstap') + assert(dnstap) + path: /etc/knot-resolver/kresd.conf + insertbefore: BOF diff --git a/distro/tests/ansible-roles/knot_resolver/tasks/configure_doh.yaml b/distro/tests/ansible-roles/knot_resolver/tasks/configure_doh.yaml new file mode 100644 index 0000000..cd4e749 --- /dev/null +++ b/distro/tests/ansible-roles/knot_resolver/tasks/configure_doh.yaml @@ -0,0 +1,10 @@ +--- +# SPDX-License-Identifier: GPL-3.0-or-later +- name: doh_config set up kresd.conf + blockinfile: + marker: -- {mark} ANSIBLE MANAGED BLOCK + block: | + net.listen('127.0.0.1', 44353, { kind = 'doh_legacy' }) + modules.load('http') + path: /etc/knot-resolver/kresd.conf + insertbefore: BOF diff --git a/distro/tests/ansible-roles/knot_resolver/tasks/configure_doh2.yaml b/distro/tests/ansible-roles/knot_resolver/tasks/configure_doh2.yaml new file mode 100644 index 0000000..eebca20 --- /dev/null +++ b/distro/tests/ansible-roles/knot_resolver/tasks/configure_doh2.yaml @@ -0,0 +1,8 @@ +--- +# SPDX-License-Identifier: GPL-3.0-or-later +- name: doh2_config set up kresd.conf + blockinfile: + marker: -- {mark} ANSIBLE MANAGED BLOCK + block: | + net.listen('127.0.0.1', 44354, { kind = 'doh2' }) + path: /etc/knot-resolver/kresd.conf diff --git a/distro/tests/ansible-roles/knot_resolver/tasks/main.yaml b/distro/tests/ansible-roles/knot_resolver/tasks/main.yaml new file mode 100644 index 0000000..8d683c8 --- /dev/null +++ b/distro/tests/ansible-roles/knot_resolver/tasks/main.yaml @@ -0,0 +1,71 @@ +--- +# SPDX-License-Identifier: GPL-3.0-or-later +- name: Include distribution specific vars + include_vars: "{{ distro }}.yaml" + +- name: Update all packages + package: + name: '*' + state: latest + when: update_packages|bool + +- name: Install packages + package: + name: "{{ packages }}" + state: latest + # knot-utils may be missing on opensuse (depending on upstream vs downstream pkg) + failed_when: false + +- name: Always print package version at the end + block: + + - include: restart_kresd.yaml + + - include: test_udp.yaml + - include: test_tcp.yaml + - include: test_tls.yaml + - include: test_dnssec.yaml + + - include: test_kres_cache_gc.yaml + + - name: Test DoH (new implementation) + block: + - include: configure_doh2.yaml + - include: restart_kresd.yaml + - include: test_doh2.yaml + + - name: Test DoH (legacy) + block: + - name: Install knot-resolver-module-http + package: + name: knot-resolver-module-http + state: latest + + - include: configure_doh.yaml + when: ansible_distribution in ["CentOS", "Rocky", "Fedora", "Debian", "Ubuntu"] + + - include: restart_kresd.yaml + - include: test_doh.yaml + when: distro in ["Fedora", "Debian", "CentOS", "Rocky"] or (distro == "Ubuntu" and ansible_distribution_major_version|int >= 18) + + - name: Test dnstap module + block: + - name: Install knot-resolver-module-dnstap + package: + name: knot-resolver-module-dnstap + state: latest + - include: configure_dnstap.yaml + - include: restart_kresd.yaml + when: distro in ["Fedora", "Debian", "CentOS", "Rocky", "Ubuntu"] + + always: + + - name: Get installed package version + shell: "{{ show_package_version }}" + args: + warn: false + register: package_version + + - name: Show installed version + debug: + var: package_version.stdout diff --git a/distro/tests/ansible-roles/knot_resolver/tasks/restart_kresd.yaml b/distro/tests/ansible-roles/knot_resolver/tasks/restart_kresd.yaml new file mode 100644 index 0000000..00dbf5d --- /dev/null +++ b/distro/tests/ansible-roles/knot_resolver/tasks/restart_kresd.yaml @@ -0,0 +1,16 @@ +--- +# SPDX-License-Identifier: GPL-3.0-or-later +- block: + - name: Restart kresd@1.service + service: + name: kresd@1.service + state: restarted + rescue: + - name: Get kresd@1.service journal + shell: journalctl -u kresd@1 --since -20s + register: journal + - name: Print journal + debug: + var: journal + - name: Restart kresd@*.service failed, see log above + shell: /bin/false diff --git a/distro/tests/ansible-roles/knot_resolver/tasks/test_dnssec.yaml b/distro/tests/ansible-roles/knot_resolver/tasks/test_dnssec.yaml new file mode 100644 index 0000000..1cc6ea3 --- /dev/null +++ b/distro/tests/ansible-roles/knot_resolver/tasks/test_dnssec.yaml @@ -0,0 +1,15 @@ +--- +# SPDX-License-Identifier: GPL-3.0-or-later +- name: dnssec_test rhybar.cz. +cd returns NOERROR + tags: + - test + shell: kdig +cd @127.0.0.1 rhybar.cz. + register: res + failed_when: '"status: NOERROR" not in res.stdout' + +- name: dnssec_test rhybar.cz. returns SERVFAIL + tags: + - test + shell: kdig +timeout=16 @127.0.0.1 rhybar.cz. + register: res + failed_when: '"status: SERVFAIL" not in res.stdout' diff --git a/distro/tests/ansible-roles/knot_resolver/tasks/test_doh.yaml b/distro/tests/ansible-roles/knot_resolver/tasks/test_doh.yaml new file mode 100644 index 0000000..2c200e1 --- /dev/null +++ b/distro/tests/ansible-roles/knot_resolver/tasks/test_doh.yaml @@ -0,0 +1,9 @@ +--- +# SPDX-License-Identifier: GPL-3.0-or-later +- name: doh_test query localhost. A + get_url: + url: https://127.0.0.1:44353/doh?dns=1Y0BAAABAAAAAAAACWxvY2FsaG9zdAAAAQAB + sha256sum: e5c2710e6ecb78c089ab608ad5861b87be0d1c623c4d58b4eee3b21c06aa2008 + dest: /tmp/doh_test + mode: 0644 + validate_certs: false diff --git a/distro/tests/ansible-roles/knot_resolver/tasks/test_doh2.yaml b/distro/tests/ansible-roles/knot_resolver/tasks/test_doh2.yaml new file mode 100644 index 0000000..32cf295 --- /dev/null +++ b/distro/tests/ansible-roles/knot_resolver/tasks/test_doh2.yaml @@ -0,0 +1,24 @@ +--- +# SPDX-License-Identifier: GPL-3.0-or-later +- name: doh2_test check kdig https support + shell: kdig --help | grep -q '+\S*https' + register: kdig_https + ignore_errors: true + +- name: doh2_test query localhost. A + # use curl instead of ansible builtins (get_url/uri) + # because they currently use unsupported HTTP/1.1 + shell: | + curl -k -o /tmp/doh_test https://127.0.0.1:44354/doh?dns=1Y0BAAABAAAAAAAACWxvY2FsaG9zdAAAAQAB + echo "e5c2710e6ecb78c089ab608ad5861b87be0d1c623c4d58b4eee3b21c06aa2008 /tmp/doh_test" > /tmp/doh_test.sha256 + sha256sum --check /tmp/doh_test.sha256 + args: + # disable warning about using curl - we know what we're doing + warn: false + when: kdig_https is failed + +- name: doh2_test kdig localhost. A + shell: | + kdig @127.0.0.1 -p 44354 +https nic.cz || exit 1 + kdig @127.0.0.1 -p 44354 +https-get nic.cz || exit 2 + when: kdig_https is succeeded diff --git a/distro/tests/ansible-roles/knot_resolver/tasks/test_kres_cache_gc.yaml b/distro/tests/ansible-roles/knot_resolver/tasks/test_kres_cache_gc.yaml new file mode 100644 index 0000000..3a7c9c9 --- /dev/null +++ b/distro/tests/ansible-roles/knot_resolver/tasks/test_kres_cache_gc.yaml @@ -0,0 +1,4 @@ +--- +# SPDX-License-Identifier: GPL-3.0-or-later +- name: check kres-cache-gc.service is active + shell: systemctl is-active -q kres-cache-gc.service diff --git a/distro/tests/ansible-roles/knot_resolver/tasks/test_tcp.yaml b/distro/tests/ansible-roles/knot_resolver/tasks/test_tcp.yaml new file mode 100644 index 0000000..1af18fd --- /dev/null +++ b/distro/tests/ansible-roles/knot_resolver/tasks/test_tcp.yaml @@ -0,0 +1,8 @@ +--- +# SPDX-License-Identifier: GPL-3.0-or-later +- name: tcp_test resolve nic.cz + tags: + - test + shell: kdig +tcp @127.0.0.1 nic.cz + register: res + failed_when: '"status: NOERROR" not in res.stdout' diff --git a/distro/tests/ansible-roles/knot_resolver/tasks/test_tls.yaml b/distro/tests/ansible-roles/knot_resolver/tasks/test_tls.yaml new file mode 100644 index 0000000..c780657 --- /dev/null +++ b/distro/tests/ansible-roles/knot_resolver/tasks/test_tls.yaml @@ -0,0 +1,8 @@ +--- +# SPDX-License-Identifier: GPL-3.0-or-later +- name: tls_test resolve nic.cz + tags: + - test + shell: kdig +tls @127.0.0.1 nic.cz + register: res + failed_when: '"status: NOERROR" not in res.stdout' diff --git a/distro/tests/ansible-roles/knot_resolver/tasks/test_udp.yaml b/distro/tests/ansible-roles/knot_resolver/tasks/test_udp.yaml new file mode 100644 index 0000000..64023ff --- /dev/null +++ b/distro/tests/ansible-roles/knot_resolver/tasks/test_udp.yaml @@ -0,0 +1,8 @@ +--- +# SPDX-License-Identifier: GPL-3.0-or-later +- name: udp_test resolve nic.cz + tags: + - test + shell: kdig @127.0.0.1 nic.cz + register: res + failed_when: '"status: NOERROR" not in res.stdout' -- cgit v1.2.3