ansible/test/integration/targets/prepare_http_tests/tasks/main.yml

118 lines
4 KiB
YAML

# The docker --link functionality gives us an ENV var we can key off of to see if we have access to
# the httptester container
- set_fact:
has_httptester: "{{ lookup('env', 'HTTPTESTER') != '' }}"
- name: make sure we have the ansible_os_family and ansible_distribution_version facts
setup:
gather_subset: distribution
when: ansible_facts == {}
# If we are running with access to a httptester container, grab it's cacert and install it
- block:
# Override hostname defaults with httptester linked names
- include_vars: httptester.yml
# Server 2008 R2 uses a 3rd party program to foward the ports and it may
# not be ready straight away, we give it at least 5 minutes before
# conceding defeat
- name: make sure the port forwarder is active - Windows
win_wait_for:
host: ansible.http.tests
port: 80
state: started
timeout: 300
when: ansible_os_family == 'Windows'
- name: RedHat - Enable the dynamic CA configuration feature
command: update-ca-trust force-enable
when: ansible_os_family == 'RedHat'
- name: RedHat - Retrieve test cacert
get_url:
url: "http://ansible.http.tests/cacert.pem"
dest: "/etc/pki/ca-trust/source/anchors/ansible.pem"
when: ansible_os_family == 'RedHat'
- name: Get client cert/key
get_url:
url: "http://ansible.http.tests/{{ item }}"
dest: "{{ remote_tmp_dir }}/{{ item }}"
when: ansible_os_family != 'Windows'
with_items:
- client.pem
- client.key
- name: Windows - Get client cert/key
win_get_url:
url: http://ansible.http.tests/{{ item }}
dest: '{{ remote_tmp_dir }}\{{ item }}'
register: win_download
# Server 2008 R2 is slightly slower, we attempt 5 retries
retries: 5
until: win_download is successful
when: ansible_os_family == 'Windows'
with_items:
- client.pem
- client.key
- name: Suse - Retrieve test cacert
get_url:
url: "http://ansible.http.tests/cacert.pem"
dest: "/etc/pki/trust/anchors/ansible.pem"
when: ansible_os_family == 'Suse'
- name: Debian - Retrieve test cacert
get_url:
url: "http://ansible.http.tests/cacert.pem"
dest: "/usr/local/share/ca-certificates/ansible.crt"
when: ansible_os_family == 'Debian'
- name: Windows - Retrieve test cacert
win_get_url:
url: http://ansible.http.tests/cacert.pem
dest: '{{ remote_tmp_dir }}\cacert.pem'
when: ansible_os_family == 'Windows'
- name: Redhat - Update ca trust
command: update-ca-trust extract
when: ansible_os_family == 'RedHat'
- name: Debian/Suse - Update ca certificates
command: update-ca-certificates
when: ansible_os_family == 'Debian' or ansible_os_family == 'Suse'
- name: Windows - Update ca trust
win_certificate_store:
path: '{{ remote_tmp_dir }}\cacert.pem'
state: present
store_location: LocalMachine
store_name: Root
when: ansible_os_family == 'Windows'
- name: FreeBSD - Retrieve test cacert
get_url:
url: "http://ansible.http.tests/cacert.pem"
dest: "/tmp/ansible.pem"
when: ansible_os_family == 'FreeBSD'
- name: FreeBSD - Add cacert to root certificate store
blockinfile:
path: "/etc/ssl/cert.pem"
block: "{{ lookup('file', '/tmp/ansible.pem') }}"
when: ansible_os_family == 'FreeBSD'
- name: MacOS - Retrieve test cacert
get_url:
url: "http://ansible.http.tests/cacert.pem"
dest: "/usr/local/etc/openssl/certs/ansible.pem"
when: ansible_os_family == 'Darwin'
- name: MacOS - Update ca certificates
command: /usr/local/opt/openssl/bin/c_rehash
when: ansible_os_family == 'Darwin'
when:
- has_httptester|bool
# skip the setup if running on Windows Server 2008 as httptester is not available
- ansible_os_family != 'Windows' or (ansible_os_family == 'Windows' and not ansible_distribution_version.startswith("6.0."))