distro/tests: additional tests, including DoH

parent d18fc01d
[defaults]
# additional paths to search for roles in, colon separated
roles_path = ../ansible-roles
# Knot Resolver testing role
**WARNING**: This is for testing only, not currently suitable for production.
Role which sets up Knot Resolver and performs checks it is running, including:
- Setting up upstream repositories
- Installing Knot Resolver
- Perfoming basic tests
---
repos:
- knot-resolver-latest
distro: "{{ ansible_distribution | replace(' ', '_') }}"
repo_file_url: "https://download.opensuse.org/repositories/home:CZ-NIC:{{ item }}/{{ obs_distro_name }}/home:CZ-NIC:{{ item }}.repo"
update_packages: false
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2.0.15 (GNU/Linux)
mQENBFqFjysBCADWVYuSgTuduZNAUpq4w+X9EnBwDMibkJCZuNvjvwXNaFeWKOHf
YEwcSFETOazApzjLxBj/eDTHtl0w0wvJUWsbTOEdJjue1X05X3nxQIiyXXIqjtzY
OmMyJa2Y9zUWwdAj+miI81EaWN0aDSoa4LG+9cqlYIOO4jZnAQ3uVvCRypB9Lx6r
2HGTSWaw77l3CHTPD0YVLbv90a5ChNsb3JMpiPhhK8F3pQxu8CfTz/0npEHxbRlK
xWNIr773bhDonnGsapGPfrdy5afb/AxCiUuflKCrG0qg1l8M5OT4LxnnB8sqTXwH
EFwHaWkwhiBG2hRG/Jco3k4sytnwr82VFKD1ABEBAAG0OGhvbWU6Q1otTklDIE9C
UyBQcm9qZWN0IDxob21lOkNaLU5JQ0BidWlsZC5vcGVuc3VzZS5vcmc+iQE+BBMB
CAAoBQJahY8rAhsDBQkEHrAABgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRB0
Bi2zah9ACWtKB/9CB5Ms/zC1kbYP6I7FrDi0KzfekQ/SrXq4acf/UrJwguVGniFs
f/SevD7Knyvg9MBrVXguzE14oOpahJe0jHnDQCFe6S6mT7VybtylOUECx2f3zd2S
MYQ96kzNQiP1yfaWi/bOi+ykpVZC7GYL9rMW2uzKisZSB64KT7Efd+0FQf57np0I
ZnW54m62Oaf1ltX6Y0VNLhz8jOM4xK1EqxwMncj1/a+yB0+a8w1j8gR2yluQTfdG
9QsUNU4VT86he5aYivVTJnY0XgqZYvXrqM0D0YfabjyGosc1zrnWwO5wVrGhcVYM
obTkcAN+C2nm01R2ip2bjJ8fz8nYvYzNGkpniEYEExECAAYFAlqFjywACgkQOzAR
t2udZSNgVACgiu9vroIHHXRMIx/w8JJrNEq/LaoAn2UVyQrPbspOV6mlToaKEa3r
YheD
=IUCb
-----END PGP PUBLIC KEY BLOCK-----
---
- name: doh_config set up kresd.conf
blockinfile:
marker: "-- {mark} ANSIBLE MANAGED BLOCK"
block: |
modules.load('http')
path: /etc/knot-resolver/kresd.conf
---
- name: doh_config set up kresd.conf
blockinfile:
marker: -- {mark} ANSIBLE MANAGED BLOCK
block: |
net.listen('127.0.0.1', 443, { kind = 'doh' })
modules.load('http')
path: /etc/knot-resolver/kresd.conf
insertbefore: BOF
---
- name: Install EPEL
yum:
name: epel-release
state: present
- name: Download repo file(s)
get_url:
url: "{{ repo_file_url }}"
dest: /etc/yum.repos.d/home:CZ-NIC:{{ item }}.repo
with_items: "{{ repos }}"
---
- name: Add upstream package signing key
apt_key:
data: "{{ lookup('file', 'Release.pub') }}"
state: present
- name: Add OBS repo(s)
apt_repository:
repo: >
deb http://download.opensuse.org/repositories/home:/CZ-NIC:/{{ item }}/{{ obs_distro_name }}/ /
state: present
update_cache: true
with_items: "{{ repos }}"
---
- name: Download repo file(s)
get_url:
url: "{{ repo_file_url }}"
dest: "/etc/yum.repos.d/home:CZ-NIC:{{ item }}.repo"
with_items: "{{ repos }}"
---
- name: Add upstream repo(s)
zypper_repository:
repo: "{{ repo_file_url}}"
state: present
disable_gpg_check: true # auto_import_keys is broken
with_items: "{{ repos }}"
- name: Refresh all repositories
zypper_repository:
repo: '*'
runrefresh: true
---
- name: Include distribution specific vars
include_vars: "{{ distro }}.yaml"
- name: Configure upstream reporitories
include: "configure_repos/{{ distro }}.yaml"
- name: Update all packages
package:
name: '*'
state: latest
when: update_packages
- name: Install packages
package:
name: "{{ packages }}"
state: latest
- name: Always print package version at the end
block:
- include: restart_kresd.yaml
- include: test_udp.yaml
- include: test_tcp.yaml
- include: test_tls.yaml
- include: test_dnssec.yaml
- name: Test DoH
block:
- name: Install knot-resolver-module-http
package:
name: knot-resolver-module-http
state: latest
- include: configure_doh.yaml
when: ansible_distribution in ["Fedora", "Debian", "Ubuntu"]
- include: configure_doh_nosocket.yaml
when: ansible_distribution == "CentOS"
- include: restart_kresd.yaml
- include: test_doh.yaml
when: distro in ["Fedora", "Debian", "CentOS"] or (distro == "Ubuntu" and ansible_distribution_major_version|int >= 18)
always:
- name: Get installed package version
shell: "{{ show_package_version }}"
args:
warn: false
register: package_version
- name: Show installed version
debug:
var: package_version.stdout
---
- block:
- name: Restart kresd@1.service
service:
name: kresd@1.service
state: restarted
rescue:
- name: Get kresd@1.service journal
shell: journalctl -u kresd@1 --since -20s
register: journal
- name: Print journal
debug:
var: journal
- name: Restart kresd@*.service failed, see log above
shell: /bin/false
---
- name: dnssec_test dnssec-failed.org +cd returns NOERROR
tags:
- test
shell: kdig +cd @127.0.0.1 dnssec-failed.org
register: res
failed_when: '"status: NOERROR" not in res.stdout'
- name: dnssec_test dnssec-failed.org returns SERVFAIL
tags:
- test
shell: kdig @127.0.0.1 dnssec-failed.org
register: res
failed_when: '"status: SERVFAIL" not in res.stdout'
---
- name: doh_test query localhost. A
get_url:
url: https://127.0.0.1:443/doh?dns=1Y0BAAABAAAAAAAACWxvY2FsaG9zdAAAAQAB
sha256sum: e5c2710e6ecb78c089ab608ad5861b87be0d1c623c4d58b4eee3b21c06aa2008
dest: /tmp/doh_test
validate_certs: false
---
- name: tcp_test resolve nic.cz
tags:
- test
shell: kdig +tcp @127.0.0.1 nic.cz
register: res
failed_when: '"status: NOERROR" not in res.stdout'
---
- name: tls_test resolve nic.cz
tags:
- test
shell: kdig +tls @127.0.0.1 nic.cz
register: res
failed_when: '"status: NOERROR" not in res.stdout'
---
- name: udp_test resolve nic.cz
tags:
- test
shell: kdig @127.0.0.1 nic.cz
register: res
failed_when: '"status: NOERROR" not in res.stdout'
---
obs_distro_name: "{{ distro }}_{{ ansible_distribution_major_version }}_EPEL"
show_package_version: rpm -qi knot-resolver | grep '^Version'
packages:
- knot-resolver
- knot-utils
---
obs_distro_name: "{{ distro }}_9.0"
show_package_version: dpkg -s knot-resolver | grep '^Version'
packages:
- knot-resolver
- knot-dnsutils
---
obs_distro_name: "{{ distro }}_{{ ansible_distribution_major_version }}"
show_package_version: rpm -qi knot-resolver | grep '^Version'
packages:
- knot-resolver
- knot-utils
---
obs_distro_name: "x{{ distro }}_{{ ansible_distribution_version }}"
show_package_version: dpkg -s knot-resolver | grep '^Version'
packages:
- knot-resolver
- knot-dnsutils
---
obs_distro_name: "{{ distro }}_15.0"
show_package_version: rpm -qi knot-resolver | grep '^Version'
packages:
- knot-resolver
- knot-utils
---
obs_distro_name: "{{ distro }}"
show_package_version: rpm -qi knot-resolver | grep '^Version'
update_packages: true
packages:
- knot-resolver
- knot-utils
......@@ -9,7 +9,7 @@ Vagrant.configure(2) do |config|
config.vm.define "centos7_knot-resolver" do |machine|
machine.vm.provision "ansible" do |ansible|
ansible.playbook = "../knot-resolver-test.yaml"
ansible.playbook = "../knot-resolver-pkgtest.yaml"
ansible.extra_vars = {
ansible_python_interpreter: "/usr/bin/python2"
}
......
../.ansible.cfg
\ No newline at end of file
......@@ -9,7 +9,7 @@ Vagrant.configure(2) do |config|
config.vm.define "debian9_knot-resolver" do |machine|
machine.vm.provision "ansible" do |ansible|
ansible.playbook = "../knot-resolver-test.yaml"
ansible.playbook = "../knot-resolver-pkgtest.yaml"
end
end
......
../.ansible.cfg
\ No newline at end of file
......@@ -9,7 +9,7 @@ Vagrant.configure(2) do |config|
config.vm.define "fedora28_knot-resolver" do |machine|
machine.vm.provision "ansible" do |ansible|
ansible.playbook = "../knot-resolver-test.yaml"
ansible.playbook = "../knot-resolver-pkgtest.yaml"
ansible.extra_vars = {
ansible_python_interpreter: "/usr/bin/python3"
}
......
../.ansible.cfg
\ No newline at end of file
......@@ -9,7 +9,7 @@ Vagrant.configure(2) do |config|
config.vm.define "fedora29_knot-resolver" do |machine|
machine.vm.provision "ansible" do |ansible|
ansible.playbook = "../knot-resolver-test.yaml"
ansible.playbook = "../knot-resolver-pkgtest.yaml"
ansible.extra_vars = {
ansible_python_interpreter: "/usr/bin/python3"
}
......
../.ansible.cfg
\ No newline at end of file
---
- hosts: all
remote_user: root
become: true
vars_files:
- repos.yaml
# HACK: (Fedora) make sure we have the latest-greatest Py3 to avoid issues
gather_facts: false
pre_tasks:
- name: dnf update to latest Python 3
raw: |
dnf install -y python3 || \
:
ignore_errors: true
- name: gather facts
setup:
roles:
- knot_resolver
......@@ -9,7 +9,7 @@ Vagrant.configure(2) do |config|
config.vm.define "leap15_knot-resolver" do |machine|
machine.vm.provision "ansible" do |ansible|
ansible.playbook = "../knot-resolver-test.yaml"
ansible.playbook = "../knot-resolver-pkgtest.yaml"
end
end
......
../.ansible.cfg
\ No newline at end of file
......@@ -9,7 +9,7 @@ Vagrant.configure(2) do |config|
config.vm.define "tumbleweed_knot-resolver" do |machine|
machine.vm.provision "ansible" do |ansible|
ansible.playbook = "../knot-resolver-test.yaml"
ansible.playbook = "../knot-resolver-pkgtest.yaml"
end
end
......
../.ansible.cfg
\ No newline at end of file
......@@ -9,7 +9,7 @@ Vagrant.configure(2) do |config|
config.vm.define "ubuntu1604_knot-resolver" do |machine|
machine.vm.provision "ansible" do |ansible|
ansible.playbook = "../knot-resolver-test.yaml"
ansible.playbook = "../knot-resolver-pkgtest.yaml"
ansible.extra_vars = {
ansible_python_interpreter: "/usr/bin/python3"
}
......
../.ansible.cfg
\ No newline at end of file
......@@ -9,7 +9,7 @@ Vagrant.configure(2) do |config|
config.vm.define "ubuntu1804_knot-resolver" do |machine|
machine.vm.provision "ansible" do |ansible|
ansible.playbook = "../knot-resolver-test.yaml"
ansible.playbook = "../knot-resolver-pkgtest.yaml"
ansible.extra_vars = {
ansible_python_interpreter: "/usr/bin/python3"
}
......
../.ansible.cfg
\ No newline at end of file
......@@ -9,7 +9,7 @@ Vagrant.configure(2) do |config|
config.vm.define "ubuntu1810_knot-resolver" do |machine|
machine.vm.provision "ansible" do |ansible|
ansible.playbook = "../knot-resolver-test.yaml"
ansible.playbook = "../knot-resolver-pkgtest.yaml"
ansible.extra_vars = {
ansible_python_interpreter: "/usr/bin/python3"
}
......
../.ansible.cfg
\ No newline at end of file
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment