diff --git a/test/integration/targets/prepare_http_tests/tasks/default.yml b/test/integration/targets/prepare_http_tests/tasks/default.yml new file mode 100644 index 00000000000..5f098e72063 --- /dev/null +++ b/test/integration/targets/prepare_http_tests/tasks/default.yml @@ -0,0 +1,59 @@ +- name: RedHat - Enable the dynamic CA configuration feature + command: update-ca-trust force-enable + when: ansible_os_family == 'RedHat' + +- name: RedHat - Retrieve test cacert + get_url: + url: "http://ansible.http.tests/cacert.pem" + dest: "/etc/pki/ca-trust/source/anchors/ansible.pem" + when: ansible_os_family == 'RedHat' + +- name: Get client cert/key + get_url: + url: "http://ansible.http.tests/{{ item }}" + dest: "{{ remote_tmp_dir }}/{{ item }}" + with_items: + - client.pem + - client.key + +- name: Suse - Retrieve test cacert + get_url: + url: "http://ansible.http.tests/cacert.pem" + dest: "/etc/pki/trust/anchors/ansible.pem" + when: ansible_os_family == 'Suse' + +- name: Debian - Retrieve test cacert + get_url: + url: "http://ansible.http.tests/cacert.pem" + dest: "/usr/local/share/ca-certificates/ansible.crt" + when: ansible_os_family == 'Debian' + +- name: Redhat - Update ca trust + command: update-ca-trust extract + when: ansible_os_family == 'RedHat' + +- name: Debian/Suse - Update ca certificates + command: update-ca-certificates + when: ansible_os_family == 'Debian' or ansible_os_family == 'Suse' + +- name: FreeBSD - Retrieve test cacert + get_url: + url: "http://ansible.http.tests/cacert.pem" + dest: "/tmp/ansible.pem" + when: ansible_os_family == 'FreeBSD' + +- name: FreeBSD - Add cacert to root certificate store + blockinfile: + path: "/etc/ssl/cert.pem" + block: "{{ lookup('file', '/tmp/ansible.pem') }}" + when: ansible_os_family == 'FreeBSD' + +- name: MacOS - Retrieve test cacert + get_url: + url: "http://ansible.http.tests/cacert.pem" + dest: "/usr/local/etc/openssl/certs/ansible.pem" + when: ansible_os_family == 'Darwin' + +- name: MacOS - Update ca certificates + command: /usr/local/opt/openssl/bin/c_rehash + when: ansible_os_family == 'Darwin' diff --git a/test/integration/targets/prepare_http_tests/tasks/main.yml b/test/integration/targets/prepare_http_tests/tasks/main.yml index 3a270d40010..86e350c24ef 100644 --- a/test/integration/targets/prepare_http_tests/tasks/main.yml +++ b/test/integration/targets/prepare_http_tests/tasks/main.yml @@ -13,105 +13,11 @@ # Override hostname defaults with httptester linked names - include_vars: httptester.yml - # Server 2008 R2 uses a 3rd party program to foward the ports and it may - # not be ready straight away, we give it at least 5 minutes before - # conceding defeat - - name: make sure the port forwarder is active - Windows - win_wait_for: - host: ansible.http.tests - port: 80 - state: started - timeout: 300 - when: ansible_os_family == 'Windows' - - - name: RedHat - Enable the dynamic CA configuration feature - command: update-ca-trust force-enable - when: ansible_os_family == 'RedHat' - - - name: RedHat - Retrieve test cacert - get_url: - url: "http://ansible.http.tests/cacert.pem" - dest: "/etc/pki/ca-trust/source/anchors/ansible.pem" - when: ansible_os_family == 'RedHat' - - - name: Get client cert/key - get_url: - url: "http://ansible.http.tests/{{ item }}" - dest: "{{ remote_tmp_dir }}/{{ item }}" - when: ansible_os_family != 'Windows' - with_items: - - client.pem - - client.key - - - name: Windows - Get client cert/key - win_get_url: - url: http://ansible.http.tests/{{ item }} - dest: '{{ remote_tmp_dir }}\{{ item }}' - register: win_download - # Server 2008 R2 is slightly slower, we attempt 5 retries - retries: 5 - until: win_download is successful - when: ansible_os_family == 'Windows' - with_items: - - client.pem - - client.key - - - name: Suse - Retrieve test cacert - get_url: - url: "http://ansible.http.tests/cacert.pem" - dest: "/etc/pki/trust/anchors/ansible.pem" - when: ansible_os_family == 'Suse' - - - name: Debian - Retrieve test cacert - get_url: - url: "http://ansible.http.tests/cacert.pem" - dest: "/usr/local/share/ca-certificates/ansible.crt" - when: ansible_os_family == 'Debian' - - - name: Windows - Retrieve test cacert - win_get_url: - url: http://ansible.http.tests/cacert.pem - dest: '{{ remote_tmp_dir }}\cacert.pem' - when: ansible_os_family == 'Windows' - - - name: Redhat - Update ca trust - command: update-ca-trust extract - when: ansible_os_family == 'RedHat' - - - name: Debian/Suse - Update ca certificates - command: update-ca-certificates - when: ansible_os_family == 'Debian' or ansible_os_family == 'Suse' - - - name: Windows - Update ca trust - win_certificate_store: - path: '{{ remote_tmp_dir }}\cacert.pem' - state: present - store_location: LocalMachine - store_name: Root - when: ansible_os_family == 'Windows' - - - name: FreeBSD - Retrieve test cacert - get_url: - url: "http://ansible.http.tests/cacert.pem" - dest: "/tmp/ansible.pem" - when: ansible_os_family == 'FreeBSD' - - - name: FreeBSD - Add cacert to root certificate store - blockinfile: - path: "/etc/ssl/cert.pem" - block: "{{ lookup('file', '/tmp/ansible.pem') }}" - when: ansible_os_family == 'FreeBSD' - - - name: MacOS - Retrieve test cacert - get_url: - url: "http://ansible.http.tests/cacert.pem" - dest: "/usr/local/etc/openssl/certs/ansible.pem" - when: ansible_os_family == 'Darwin' - - - name: MacOS - Update ca certificates - command: /usr/local/opt/openssl/bin/c_rehash - when: ansible_os_family == 'Darwin' - + - include_tasks: "{{ lookup('first_found', files)}}" + vars: + files: + - "{{ ansible_os_family | lower }}.yml" + - "default.yml" when: - has_httptester|bool # skip the setup if running on Windows Server 2008 as httptester is not available diff --git a/test/integration/targets/prepare_http_tests/tasks/windows.yml b/test/integration/targets/prepare_http_tests/tasks/windows.yml new file mode 100644 index 00000000000..da8b0eb3d09 --- /dev/null +++ b/test/integration/targets/prepare_http_tests/tasks/windows.yml @@ -0,0 +1,33 @@ +# Server 2008 R2 uses a 3rd party program to foward the ports and it may +# not be ready straight away, we give it at least 5 minutes before +# conceding defeat +- name: Windows - make sure the port forwarder is active + win_wait_for: + host: ansible.http.tests + port: 80 + state: started + timeout: 300 + +- name: Windows - Get client cert/key + win_get_url: + url: http://ansible.http.tests/{{ item }} + dest: '{{ remote_tmp_dir }}\{{ item }}' + register: win_download + # Server 2008 R2 is slightly slower, we attempt 5 retries + retries: 5 + until: win_download is successful + with_items: + - client.pem + - client.key + +- name: Windows - Retrieve test cacert + win_get_url: + url: http://ansible.http.tests/cacert.pem + dest: '{{ remote_tmp_dir }}\cacert.pem' + +- name: Windows - Update ca trust + win_certificate_store: + path: '{{ remote_tmp_dir }}\cacert.pem' + state: present + store_location: LocalMachine + store_name: Root