Browse Source

infrastructure, preprod: move test domain to VM creation

keep-around/441bb62798e1d13de9e6fa259e2b013ebcc09baf
Loïc Dachary 4 years ago
parent
commit
2f14f67b70
  1. 5
      inventory/group_vars/all/infrastructure.yml
  2. 1
      inventory/group_vars/all/with_fake_LE.yml
  3. 1
      inventory/group_vars/all/with_https.yml
  4. 29
      molecule/infrastructure/create.yml
  5. 2
      molecule/infrastructure/molecule.yml
  6. 16
      molecule/preprod/playbook.yml
  7. 30
      molecule/preprod/preprod-playbook.yml
  8. 25
      molecule/preprod/roles/prepare_preprod/tasks/main.yml

5
inventory/group_vars/all/infrastructure.yml

@ -1,5 +0,0 @@
domain: securedrop.club
# use Let's Encrypt staging environment
# undef it to avoid
with_fake_LE: true

1
inventory/group_vars/all/with_fake_LE.yml

@ -0,0 +1 @@
#with_fake_LE: true

1
inventory/group_vars/all/with_https.yml

@ -0,0 +1 @@
#with_https: true

29
molecule/infrastructure/create.yml

@ -49,6 +49,35 @@
}
}
- block:
- name: generate subdomain
shell: date +%S%M%H%d | base64
register: cmd
- set_fact:
domain: "{{ cmd.stdout|lower }}.test.securedrop.club"
- name: create NS record in test zone (requires access to bind-host.securedrop.club)
shell: |
ssh debian@bind-host.securedrop.club nsupdate <<EOF
server localhost
zone test.securedrop.club
update add ns-{{ domain }}. 1800 A {{ hosts_updates['all']['hosts']['bind-host']['ansible_host'] }}
update add {{ domain }}. 1800 NS ns-{{ domain }}.
show
send
quit
EOF
- name: save the test sub-domain
copy:
content: |
domain: {{ domain }}
dest: "../../inventory/group_vars/all/domain.yml"
when: hosts_updates['all']['hosts']['bind-host'] is defined and with_fake_LE is defined
- name: Dump instance config
copy:
# NOTE(retr0h): Workaround for Ansible 2.2.

2
molecule/infrastructure/molecule.yml

@ -4,7 +4,7 @@ driver:
lint:
name: yamllint
platforms:
- name: infrastructure-host
- name: bind-host
flavor: "s1-2"
provisioner:
name: ansible

16
molecule/preprod/playbook.yml

@ -1,23 +1,9 @@
---
- import_playbook: ../icinga/test-icinga-playbook.yml
- import_playbook: preprod-playbook.yml
- name: assert testing domain has been set for all hosts
hosts: 'all:localhost'
tasks:
- name: test spoofing
debug:
var: domain
- assert:
that:
- '".test." in domain'
msg: "{{ domain }} doesn't looks like a preprod testing domain."
- import_playbook: ../../securedrop-club-playbook.yml
- name: recall testing domain name
- name: display domain name
hosts: localhost
tasks:
- debug:

30
molecule/preprod/preprod-playbook.yml

@ -1,30 +0,0 @@
---
- name: prepare testing domain
hosts: localhost
connection: local
gather_facts: False
become: false
roles:
- role: prepare_preprod
- name: spoof domain
hosts: 'all:localhost'
tasks:
- set_fact:
domain_file: "/tmp/testing-domain-for-{{ domain }}"
- name: deploy domain file on all hosts
copy:
src: "{{ domain_file }}"
dest: "{{ domain_file }}"
- name: load domain for spoofing
set_fact:
domain: "{{ lookup ('file', '{{ domain_file }}') }}"
- name: clean
file:
path: "{{ domain_file }}"
state: absent

25
molecule/preprod/roles/prepare_preprod/tasks/main.yml

@ -1,25 +0,0 @@
---
- name: generate subdomain
shell: date +%S%M%H%d | base64
register: cmd
- set_fact:
new_domain: "{{ cmd.stdout|lower }}.test.{{ domain }}"
- name: create NS record in test zone
shell: |
ssh debian@bind-host.{{ domain }} nsupdate <<EOF
server localhost
zone test.{{ domain }}
update add ns-{{ new_domain }}. 1800 A {{ hostvars["bind-host"].ansible_host }}
update add {{ new_domain }}. 1800 NS ns-{{ new_domain }}.
show
send
quit
EOF
- name: save locally domain for spoofing
copy:
content: "{{ new_domain }}"
dest: "/tmp/testing-domain-for-{{ domain }}"
Loading…
Cancel
Save