From 16d2c8d8c19f611312faba6402627840cd8ccc26 Mon Sep 17 00:00:00 2001 From: Alexey Odinokov Date: Fri, 17 Apr 2020 04:00:50 +0000 Subject: [PATCH] Reusing apache-server instead of httpd Since we already introduced apache server for redfish, it will be a good idea to use it for sharing iso also. These changes add file-exchanger config that can be used to share iso. In addition apache allows the specified users (see rbac config) to upload files. This may help in future to better emulate deployment environment, where it will be necessary to do this step after airshipctl generated iso and before airshipctl invokes redfish to run that iso. Change-Id: Ice47fe977fb71cf9df14d39c5ac26e365e2006f2 --- playbooks/airship-airshipctl-build-gate.yaml | 46 ++++--- roles/airship-libvirt-gate/defaults/main.yaml | 19 +++ .../tasks/build-infra.yaml | 11 ++ .../defaults}/main.yaml | 42 +++++-- roles/apache-file-exchanger/tasks/main.yaml | 118 ++++++++++++++++++ roles/apache-file-exchanger/templates/conf.j2 | 53 ++++++++ .../templates/macroses.j2 | 29 +++++ roles/apache-file-exchanger/templates/put | 88 +++++++++++++ .../templates/ssl.conf.j2 | 53 ++++++++ .../defaults/{main.yml => main.yaml} | 6 + .../handlers/{main.yml => main.yaml} | 0 .../tasks/htaccess.yaml} | 9 +- .../tasks/{htpasswd.yml => htpasswd.yaml} | 0 .../tasks/{install.yml => install.yaml} | 0 .../tasks/main.yaml | 2 +- .../tasks/{restart.yml => restart.yaml} | 0 .../apache-server/tasks/{ssl.yml => ssl.yaml} | 2 +- roles/apache-server/templates/htaccess.j2 | 3 + .../defaults/{main.yml => main.yaml} | 0 .../tasks/{backend.yml => backend.yaml} | 0 .../tasks/{frontend.yml => frontend.yaml} | 0 .../tasks/main.yaml} | 2 +- .../apache-wsgi-sushy-emulator/tasks/main.yml | 13 -- .../templates/wsgi-sushy-emulator-ssl.conf.j2 | 2 +- .../templates/wsgi-sushy-emulator.conf.j2 | 2 +- roles/http-fileserver/tasks/install.yaml | 45 ------- roles/http-fileserver/tasks/remove.yaml | 18 --- roles/http-fileserver/tests/main.yaml | 42 ------- roles/http-fileserver/tests/vars.yaml | 16 --- tests/ansible/role-test-runner.yaml | 1 - 30 files changed, 453 insertions(+), 169 deletions(-) rename roles/{http-fileserver/handlers => apache-file-exchanger/defaults}/main.yaml (50%) create mode 100644 roles/apache-file-exchanger/tasks/main.yaml create mode 100644 roles/apache-file-exchanger/templates/conf.j2 create mode 100644 roles/apache-file-exchanger/templates/macroses.j2 create mode 100644 roles/apache-file-exchanger/templates/put create mode 100644 roles/apache-file-exchanger/templates/ssl.conf.j2 rename roles/apache-server/defaults/{main.yml => main.yaml} (86%) rename roles/apache-server/handlers/{main.yml => main.yaml} (100%) rename roles/{http-fileserver/defaults/main.yaml => apache-server/tasks/htaccess.yaml} (81%) rename roles/apache-server/tasks/{htpasswd.yml => htpasswd.yaml} (100%) rename roles/apache-server/tasks/{install.yml => install.yaml} (100%) rename roles/{http-fileserver => apache-server}/tasks/main.yaml (91%) rename roles/apache-server/tasks/{restart.yml => restart.yaml} (100%) rename roles/apache-server/tasks/{ssl.yml => ssl.yaml} (95%) create mode 100644 roles/apache-server/templates/htaccess.j2 rename roles/apache-wsgi-sushy-emulator/defaults/{main.yml => main.yaml} (100%) rename roles/apache-wsgi-sushy-emulator/tasks/{backend.yml => backend.yaml} (100%) rename roles/apache-wsgi-sushy-emulator/tasks/{frontend.yml => frontend.yaml} (100%) rename roles/{apache-server/tasks/main.yml => apache-wsgi-sushy-emulator/tasks/main.yaml} (91%) delete mode 100644 roles/apache-wsgi-sushy-emulator/tasks/main.yml delete mode 100644 roles/http-fileserver/tasks/install.yaml delete mode 100644 roles/http-fileserver/tasks/remove.yaml delete mode 100644 roles/http-fileserver/tests/main.yaml delete mode 100644 roles/http-fileserver/tests/vars.yaml diff --git a/playbooks/airship-airshipctl-build-gate.yaml b/playbooks/airship-airshipctl-build-gate.yaml index 07db6fccd..cf8ad5d47 100644 --- a/playbooks/airship-airshipctl-build-gate.yaml +++ b/playbooks/airship-airshipctl-build-gate.yaml @@ -23,6 +23,14 @@ include_role: name: docker-install + - name: make sure serve directory exists + file: + dest: "{{ serve_dir }}" + state: directory + mode: "0755" + owner: "{{ ansible_user }}" + become: true + - name: deploy-gate include_role: name: airship-libvirt-gate @@ -44,20 +52,26 @@ target_disk_size: 10G disk_format: qcow2 target_vms_count: 1 - - - name: make sure serve directory exists - file: - dest: "{{ serve_dir }}" - state: directory - mode: "0755" - owner: "{{ ansible_user }}" - become: true - - - name: serve iso directory - include_role: - name: http-fileserver - vars: - http_fileserver_serve_dir: "{{ serve_dir }}" - http_fileserver_serve_port: "{{ serve_port }}" - + airship_gate_file_exchanger: + servername: "loacalhost" + ip: + - "127.0.0.1" + - "::1" + http_port: "{{ serve_port }}" + path: "{{ serve_dir }}" + user: + - username: "username" + password: "password" + group: + - name: writers + member: + - username + rbac: + policies: + - role: + - PUT + group: + - writers + default: + all: granted diff --git a/roles/airship-libvirt-gate/defaults/main.yaml b/roles/airship-libvirt-gate/defaults/main.yaml index 9830914b5..7b8d0f920 100644 --- a/roles/airship-libvirt-gate/defaults/main.yaml +++ b/roles/airship-libvirt-gate/defaults/main.yaml @@ -47,6 +47,25 @@ airship_gate_redfish_auth: - username: "username" password: "password" +airship_gate_file_exchanger: + servername: "loacalhost" + ip: + - "127.0.0.1" + - "::1" + http_port: 8100 + path: "/srv" + user: + - username: "username" + password: "password" + rbac: + policies: + - role: + - PUT + user: + - username + default: + all: granted + airship_gate_flavors: small: target_vm_memory_mb: 1024 diff --git a/roles/airship-libvirt-gate/tasks/build-infra.yaml b/roles/airship-libvirt-gate/tasks/build-infra.yaml index 42d0d6e71..475e925f9 100644 --- a/roles/airship-libvirt-gate/tasks/build-infra.yaml +++ b/roles/airship-libvirt-gate/tasks/build-infra.yaml @@ -125,4 +125,15 @@ sushy_emulator_frontend_https_port: "{{ airship_gate_redfish_auth.https_port }}" sushy_emulator_frontend_user: "{{ airship_gate_redfish_auth.user }}" +- name: Add file-exchanger to apache + include_role: + name: apache-file-exchanger + vars: + file_exchanger_name: airship_gate_file_exchanger + file_exchanger_http_port: "{{ airship_gate_file_exchanger.http_port | default(0) }}" + file_exchanger_https_port: "{{ airship_gate_file_exchanger.https_port | default(0) }}" + file_exchanger_path: "{{ airship_gate_file_exchanger.path }}" + file_exchanger_user: "{{ airship_gate_file_exchanger.user | default(None)}}" + file_exchanger_group: "{{ airship_gate_file_exchanger.group | default(None) }}" + file_exchanger_rbac: "{{ airship_gate_file_exchanger.rbac | default(None) }}" diff --git a/roles/http-fileserver/handlers/main.yaml b/roles/apache-file-exchanger/defaults/main.yaml similarity index 50% rename from roles/http-fileserver/handlers/main.yaml rename to roles/apache-file-exchanger/defaults/main.yaml index 1569608ea..a0d69cdfd 100644 --- a/roles/http-fileserver/handlers/main.yaml +++ b/roles/apache-file-exchanger/defaults/main.yaml @@ -10,14 +10,36 @@ # See the License for the specific language governing permissions and # limitations under the License. -- name: reload systemd configuration - become: yes - systemd: - daemon_reload: yes +file_exchanger_name: iso_file_exchanger +file_exchanger_servername: localhost +file_exchanger_ip: + - "127.0.0.1" + - "::1" +file_exchanger_http_port: 8100 -- name: http file server restarted - service: - name: simple-http-{{ http_fileserver_name | default('default') }}.service - state: restarted - enabled: true - become: true \ No newline at end of file +file_exchanger_path: /var/www/iso_file_exchanger/ + +file_exchanger_user: +- username: user1 + password: password +- username: user2 + password: password + +file_exchanger_group: +- name: ReadOnly + member: + - user1 + - user2 +- name: ReadWrite + member: + - user2 + +file_exchanger_rbac: + policies: + - role: + - PUT + group: + - ReadWrite + default: + group: + - ReadOnly diff --git a/roles/apache-file-exchanger/tasks/main.yaml b/roles/apache-file-exchanger/tasks/main.yaml new file mode 100644 index 000000000..ae24dc6cc --- /dev/null +++ b/roles/apache-file-exchanger/tasks/main.yaml @@ -0,0 +1,118 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +- name: ensure OS + when: ansible_distribution != 'Debian' and ansible_distribution != 'Ubuntu' + fail: + msg: "Only Debian|Ubuntu are currently supported" + +- name: Confguring file-exchanger + become: true + block: + + - name: Ensure backend + file: + path: /var/www/file_exchanger_cgi-bin/ + state: directory + + - name: Created put cgi-bin file + template: + src: put + dest: /var/www/file_exchanger_cgi-bin/put + mode: +x + + - name: Ensure path exists + file: + path: "{{ file_exchanger_path }}" + state: directory + owner: www-data + group: root + mode: u+rwx,g-w,o-w + + - name: Enable related modules + apache2_module: + name: "{{ item }}" + state: present + with_items: + - authz_groupfile + - actions + - alias + - cgid + + - name: Create httpasswd file + when: file_exchanger_user is defined and file_exchanger_user != None + include_role: + name: apache-server + vars: + apache_server_action: htpasswd + apache_server_htpasswd_path: "/etc/apache2/sites-available/{{ file_exchanger_name }}.htpasswd" + apache_server_htpasswd_user: "{{ file_exchanger_user }}" + + - name: Create htaccess file + when: file_exchanger_group is defined and file_exchanger_group != None + include_role: + name: apache-server + vars: + apache_server_action: htaccess + apache_server_htaccess_path: "/etc/apache2/sites-available/{{ file_exchanger_name }}.htaccess" + apache_server_htaccess_group: "{{ file_exchanger_group }}" + + - name: Create file-exchanger HTTP virtual host config + when: file_exchanger_http_port is defined and file_exchanger_http_port != "0" + block: + - name: Create file-exchanger virtual host config for HTTP + template: + src: conf.j2 + dest: "/etc/apache2/sites-available/{{ file_exchanger_name }}.conf" + + - name: Enable file-exchanger virtual host + command: "a2ensite {{ file_exchanger_name }}" + + - name: Create file-exchanger HTTPS virtual host config + when: file_exchanger_https_port is defined and file_exchanger_https_port != "0" + block: + - name: Generate certs for casewith alt_names + when: file_exchanger_ip is defined and file_exchanger_ip != None + include_role: + name: apache-server + vars: + apache_server_action: ssl + apache_server_ssl_key_path: "/etc/ssl/private/{{ file_exchanger_name }}.key" + apache_server_ssl_cert_path: "/etc/ssl/certs/{{ file_exchanger_name }}.pem" + apache_server_ssl_cn: "{{ file_exchanger_servername }}" + apache_server_ssl_alt_name: "{{ file_exchanger_ip | map('regex_replace', '(.*)', 'IP:\\1') | list }}" + + - name: Generate certs for case without alt_names + when: file_exchanger_ip is undefined or file_exchanger_ip == None + include_role: + name: apache-server + vars: + apache_server_action: ssl + apache_server_ssl_key_path: "/etc/ssl/private/{{ file_exchanger_name }}.key" + apache_server_ssl_cert_path: "/etc/ssl/certs/{{ file_exchanger_name }}.pem" + apache_server_ssl_cn: "{{ file_exchanger_servername }}" + + - name: Create file-exchanger virtual host config for HTTPS + template: + src: ssl.conf.j2 + dest: "/etc/apache2/sites-available/{{ file_exchanger_name }}-ssl.conf" + + - name: Enable file-exchanger virtual host + command: "a2ensite {{ file_exchanger_name }}-ssl" + + - name: Restart Apache to apply all changes + include_role: + name: apache-server + vars: + apache_server_action: restart + diff --git a/roles/apache-file-exchanger/templates/conf.j2 b/roles/apache-file-exchanger/templates/conf.j2 new file mode 100644 index 000000000..30d05684d --- /dev/null +++ b/roles/apache-file-exchanger/templates/conf.j2 @@ -0,0 +1,53 @@ +{% from 'macroses.j2' import render_rbac as _render_rbac %} + +{% if file_exchanger_http_port != 80 %} +Listen {{ file_exchanger_http_port }} +{% endif %} + + # Add machine's IP address (use ifconfig command) + ServerName {{ file_exchanger_servername }} + +{% if file_exchanger_user is defined and file_exchanger_user != None %} + + AuthType Basic + AuthName "Authorised cgi-bin" + AuthUserFile /etc/apache2/sites-available/{{ file_exchanger_name }}.htpasswd +{% if file_exchanger_group is defined and file_exchanger_group != None %} + AuthGroupFile /etc/apache2/sites-available/{{ file_exchanger_name }}.htaccess +{% endif %} +{% if file_exchanger_rbac is defined and file_exchanger_rbac != None %} +{{ _render_rbac(file_exchanger_rbac) }} +{% else %} + Require valid-user +{% endif %} + + ScriptAlias /cgi-bin /var/www/file_exchanger_cgi-bin/ +{% endif %} + + # Give an alias to to start your website url with + DocumentRoot "{{ file_exchanger_path }}" + + Options Indexes FollowSymLinks + AllowOverride None +{% if file_exchanger_user is defined and file_exchanger_user != None %} + AuthType Basic + AuthName "Authentication Required" + AuthUserFile /etc/apache2/sites-available/{{ file_exchanger_name }}.htpasswd +{% if file_exchanger_group is defined and file_exchanger_group != None %} + AuthGroupFile /etc/apache2/sites-available/{{ file_exchanger_name }}.htaccess +{% endif %} +{% if file_exchanger_rbac is defined and file_exchanger_rbac != None %} +{{ _render_rbac(file_exchanger_rbac) }} +{% else %} + Require valid-user +{% endif %} + Script PUT /cgi-bin/put +{% else %} + Require all granted +{% endif %} + + ErrorLog ${APACHE_LOG_DIR}/error.log + LogLevel warn + CustomLog ${APACHE_LOG_DIR}/access.log combined + + diff --git a/roles/apache-file-exchanger/templates/macroses.j2 b/roles/apache-file-exchanger/templates/macroses.j2 new file mode 100644 index 000000000..82963aa8d --- /dev/null +++ b/roles/apache-file-exchanger/templates/macroses.j2 @@ -0,0 +1,29 @@ +{% macro render_require(item) -%} +{% if item == "valid_user" %} + Require valid-user +{% elif item.group is defined %} + Require group {{ item.group | join(' ') }} +{% elif item.user is defined %} + Require user {{ item.user | join(' ') }} +{% elif item.all is defined %} + Require all {{ item.all }} +{% else %} + Require all denied +{% endif %} +{%- endmacro %} +{% macro render_rbac(rbac) -%} +{# rbac #} +{% if rbac is defined and rbac.policies is defined %} +{% for item in rbac.policies %} + +{{ render_require(item) }} + +{% endfor %} + +{{ render_require(rbac.default) }} + +{% else %} +{{ render_require(rbac.default) }} +{% endif %} +{%- endmacro %} + diff --git a/roles/apache-file-exchanger/templates/put b/roles/apache-file-exchanger/templates/put new file mode 100644 index 000000000..7d4580a74 --- /dev/null +++ b/roles/apache-file-exchanger/templates/put @@ -0,0 +1,88 @@ +#!/usr/bin/env perl + +# http://www.apacheweek.com/features/put with enabling syslog +# Very simple PUT handler. Read the Apache Week article before attempting +# to use this script. You are responsible for ensure that this script is +# used securely. + +# A simple log file, must be writable by the user that this program runs as. +# Should not be within the document tree. +use Sys::Syslog; + +# Check we are using PUT method +if ($ENV{'REQUEST_METHOD'} ne "PUT") { &reply(500, "Request method is not PUT"); } + +# Note: should also check we are an authentication user by checking +# REMOTE_USER + +# Check we got a destination filename +$filename = $ENV{'PATH_TRANSLATED'}; +if (!$filename) { &reply(500, "No PATH_TRANSLATED"); } + +# Check we got some content +$clength = $ENV{'CONTENT_LENGTH'}; +if (!$clength) { &reply(500, "Content-Length missing or zero ($clength)"); } + +# Read the content itself +$toread = $clength; +$content = ""; +while ($toread > 0) +{ + $nread = read(STDIN, $data, $clength); + &reply(500, "Error reading content") if !defined($nread); + $toread -= $nread; + $content = $data; +} + +# Write it out +# Note: doesn't check the location of the file, whether it already +# exists, whether it is a special file, directory or link. Does not +# set the access permissions. Does not handle subdirectories that +# need creating. +open(OUT, "> $filename") || &reply(500, "Cannot write to $filename"); +print OUT $content; +close(OUT); + +# Everything seemed to work, reply with 204 (or 200). Should reply with 201 +# if content was created, not updated. +&reply(204); + +exit(0); + +# +# Send back reply to client for a given status. +# + +sub reply +{ + local($status, $message) = @_; + local($remuser, $remhost, $logline) = (); + + print "Status: $status\n"; + print "Content-Type: text/html\n\n"; + + if ($status == 200) { + print "OK

Content Accepted

\n"; + } elsif ($status == 500) { + print "Error

Error Publishing File

\n"; + print "An error occurred publishing this file ($message).\n"; + } + # Note: status 204 and 201 gives have content part + + # Create a simple log + $remuser = $ENV{'REMOTE_USER'} || "-"; + $remhost = $ENV{'REMOTE_HOST'} || $ENV{'REMOTE_ADDR'} || "-"; + $logline = "$remhost $remuser $filename status $status"; + $logline .= " ($message)" if ($status == 500); + &log($logline); + exit(0); +} + +sub log +{ + local($msg) = @_; + + openlog("", "ndelay,pid", "local0"); + syslog("info", $msg); + closelog(); +} diff --git a/roles/apache-file-exchanger/templates/ssl.conf.j2 b/roles/apache-file-exchanger/templates/ssl.conf.j2 new file mode 100644 index 000000000..7560fbbac --- /dev/null +++ b/roles/apache-file-exchanger/templates/ssl.conf.j2 @@ -0,0 +1,53 @@ +{% from 'macroses.j2' import render_rbac as render_rbac %} + + +{% if file_exchanger_https_port != 443 %} + Listen {{ file_exchanger_https_port }} +{% endif %} + + # Add machine's IP address (use ifconfig command) +{% if file_exchanger_user is defined and file_exchanger_user != None %} + + AuthType Basic + AuthName "Authorised cgi-bin" + AuthUserFile /etc/apache2/sites-available/{{ file_exchanger_name }}.htpasswd +{% if file_exchanger_group is defined and file_exchanger_group != None %} + AuthGroupFile /etc/apache2/sites-available/{{ file_exchanger_name }}.htaccess +{% endif %} +{% if file_exchanger_rbac is defined and file_exchanger_rbac != None %} +{{ render_rbac(file_exchanger_rbac) }} +{% else %} + Require valid-user +{% endif %} + + ScriptAlias /cgi-bin /var/www/file_exchanger_cgi-bin/ +{% endif %} + + # Give an alias to to start your website url with + DocumentRoot "{{ file_exchanger_path }}" + + Options Indexes FollowSymLinks + AllowOverride None +{% if file_exchanger_user is defined and file_exchanger_user != None %} + AuthType Basic + AuthName "Authentication Required" + AuthUserFile /etc/apache2/sites-available/{{ file_exchanger_name }}.htpasswd +{% if file_exchanger_group is defined and file_exchanger_group != None %} + AuthGroupFile /etc/apache2/sites-available/{{ file_exchanger_name }}.htaccess +{% endif %} +{% if file_exchanger_rbac is defined and file_exchanger_rbac != None %} +{{ render_rbac(file_exchanger_rbac) }} +{% else %} + Require valid-user +{% endif %} + Script PUT /cgi-bin/put +{% else %} + Require all granted +{% endif %} + + ErrorLog ${APACHE_LOG_DIR}/error.log + LogLevel warn + CustomLog ${APACHE_LOG_DIR}/access.log combined + + + diff --git a/roles/apache-server/defaults/main.yml b/roles/apache-server/defaults/main.yaml similarity index 86% rename from roles/apache-server/defaults/main.yml rename to roles/apache-server/defaults/main.yaml index c4a047162..7b34d9e77 100644 --- a/roles/apache-server/defaults/main.yml +++ b/roles/apache-server/defaults/main.yaml @@ -18,6 +18,12 @@ apache_server_htpasswd_user: - username: username password: password +apache_server_htaccess_path: /etc/apache2/sites-available/.htaccess +apache_server_htaccess_group: + - name: ReadOnly + member: + - username + apache_server_ssl_cn: localhost apache_server_ssl_alt_name: - "IP:127.0.0.1" diff --git a/roles/apache-server/handlers/main.yml b/roles/apache-server/handlers/main.yaml similarity index 100% rename from roles/apache-server/handlers/main.yml rename to roles/apache-server/handlers/main.yaml diff --git a/roles/http-fileserver/defaults/main.yaml b/roles/apache-server/tasks/htaccess.yaml similarity index 81% rename from roles/http-fileserver/defaults/main.yaml rename to roles/apache-server/tasks/htaccess.yaml index 3d45d4125..16bd45093 100644 --- a/roles/http-fileserver/defaults/main.yaml +++ b/roles/apache-server/tasks/htaccess.yaml @@ -10,6 +10,9 @@ # See the License for the specific language governing permissions and # limitations under the License. -http_fileserver_serve_dir: /srv/http-server -http_fileserver_serve_port: 8099 -http_server_action: install \ No newline at end of file +- name: Generate htaccess file + become: true + template: + src: htaccess.j2 + dest: "{{ apache_server_htaccess_path }}" + diff --git a/roles/apache-server/tasks/htpasswd.yml b/roles/apache-server/tasks/htpasswd.yaml similarity index 100% rename from roles/apache-server/tasks/htpasswd.yml rename to roles/apache-server/tasks/htpasswd.yaml diff --git a/roles/apache-server/tasks/install.yml b/roles/apache-server/tasks/install.yaml similarity index 100% rename from roles/apache-server/tasks/install.yml rename to roles/apache-server/tasks/install.yaml diff --git a/roles/http-fileserver/tasks/main.yaml b/roles/apache-server/tasks/main.yaml similarity index 91% rename from roles/http-fileserver/tasks/main.yaml rename to roles/apache-server/tasks/main.yaml index 4a411235a..0c292a205 100644 --- a/roles/http-fileserver/tasks/main.yaml +++ b/roles/apache-server/tasks/main.yaml @@ -10,4 +10,4 @@ # See the License for the specific language governing permissions and # limitations under the License. -- include_tasks: "{{ http_server_action }}.yaml" +- include_tasks: "{{ apache_server_action }}.yaml" diff --git a/roles/apache-server/tasks/restart.yml b/roles/apache-server/tasks/restart.yaml similarity index 100% rename from roles/apache-server/tasks/restart.yml rename to roles/apache-server/tasks/restart.yaml diff --git a/roles/apache-server/tasks/ssl.yml b/roles/apache-server/tasks/ssl.yaml similarity index 95% rename from roles/apache-server/tasks/ssl.yml rename to roles/apache-server/tasks/ssl.yaml index 7ab988d28..a133916a5 100644 --- a/roles/apache-server/tasks/ssl.yml +++ b/roles/apache-server/tasks/ssl.yaml @@ -37,7 +37,7 @@ common_name: "{{ apache_server_ssl_cn }}" subject_alt_name: "{{ apache_server_ssl_alt_name }}" - - name: Generate the self signed certificate for sushy-emulator + - name: Generate the self signed certificate openssl_certificate: path: "{{ apache_server_ssl_cert_path }}" privatekey_path: "{{ apache_server_ssl_key_path }}" diff --git a/roles/apache-server/templates/htaccess.j2 b/roles/apache-server/templates/htaccess.j2 new file mode 100644 index 000000000..4992c1816 --- /dev/null +++ b/roles/apache-server/templates/htaccess.j2 @@ -0,0 +1,3 @@ +{% for item in apache_server_htaccess_group %} +{{ "{}: {}".format(item.name, item.member | join(' ')) }} +{% endfor %} diff --git a/roles/apache-wsgi-sushy-emulator/defaults/main.yml b/roles/apache-wsgi-sushy-emulator/defaults/main.yaml similarity index 100% rename from roles/apache-wsgi-sushy-emulator/defaults/main.yml rename to roles/apache-wsgi-sushy-emulator/defaults/main.yaml diff --git a/roles/apache-wsgi-sushy-emulator/tasks/backend.yml b/roles/apache-wsgi-sushy-emulator/tasks/backend.yaml similarity index 100% rename from roles/apache-wsgi-sushy-emulator/tasks/backend.yml rename to roles/apache-wsgi-sushy-emulator/tasks/backend.yaml diff --git a/roles/apache-wsgi-sushy-emulator/tasks/frontend.yml b/roles/apache-wsgi-sushy-emulator/tasks/frontend.yaml similarity index 100% rename from roles/apache-wsgi-sushy-emulator/tasks/frontend.yml rename to roles/apache-wsgi-sushy-emulator/tasks/frontend.yaml diff --git a/roles/apache-server/tasks/main.yml b/roles/apache-wsgi-sushy-emulator/tasks/main.yaml similarity index 91% rename from roles/apache-server/tasks/main.yml rename to roles/apache-wsgi-sushy-emulator/tasks/main.yaml index 7887da259..b3ecb612c 100644 --- a/roles/apache-server/tasks/main.yml +++ b/roles/apache-wsgi-sushy-emulator/tasks/main.yaml @@ -10,4 +10,4 @@ # See the License for the specific language governing permissions and # limitations under the License. -- include_tasks: "{{ apache_server_action }}.yml" +- include_tasks: "{{ sushy_emulator_action }}.yaml" diff --git a/roles/apache-wsgi-sushy-emulator/tasks/main.yml b/roles/apache-wsgi-sushy-emulator/tasks/main.yml deleted file mode 100644 index 10c2f2929..000000000 --- a/roles/apache-wsgi-sushy-emulator/tasks/main.yml +++ /dev/null @@ -1,13 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- include_tasks: "{{ sushy_emulator_action }}.yml" diff --git a/roles/apache-wsgi-sushy-emulator/templates/wsgi-sushy-emulator-ssl.conf.j2 b/roles/apache-wsgi-sushy-emulator/templates/wsgi-sushy-emulator-ssl.conf.j2 index 00e234b40..335b7a393 100644 --- a/roles/apache-wsgi-sushy-emulator/templates/wsgi-sushy-emulator-ssl.conf.j2 +++ b/roles/apache-wsgi-sushy-emulator/templates/wsgi-sushy-emulator-ssl.conf.j2 @@ -2,7 +2,7 @@ {% if sushy_emulator_frontend_https_port != 443 %} Listen {{ sushy_emulator_frontend_https_port }} {% endif %} - + # Add machine's IP address (use ifconfig command) ServerName {{ sushy_emulator_frontend_servername }} # Give an alias to to start your website url with diff --git a/roles/apache-wsgi-sushy-emulator/templates/wsgi-sushy-emulator.conf.j2 b/roles/apache-wsgi-sushy-emulator/templates/wsgi-sushy-emulator.conf.j2 index 015a0b060..0cab1d8fe 100644 --- a/roles/apache-wsgi-sushy-emulator/templates/wsgi-sushy-emulator.conf.j2 +++ b/roles/apache-wsgi-sushy-emulator/templates/wsgi-sushy-emulator.conf.j2 @@ -1,7 +1,7 @@ {% if sushy_emulator_frontend_http_port != 80 %} Listen {{ sushy_emulator_frontend_http_port }} {% endif %} - + # Add machine's IP address (use ifconfig command) ServerName {{ sushy_emulator_frontend_servername }} # Give an alias to to start your website url with diff --git a/roles/http-fileserver/tasks/install.yaml b/roles/http-fileserver/tasks/install.yaml deleted file mode 100644 index 9dd8d60ca..000000000 --- a/roles/http-fileserver/tasks/install.yaml +++ /dev/null @@ -1,45 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: install simplehttpserver package - apt: - name: - - python3 - state: present - become: true - -- name: set http server systemd unit content - set_fact: - http_fileserver_unit_content: | - [Unit] - Description=Simple http server - After=syslog.target - - [Service] - Type=simple - ExecStart=/usr/bin/python3 -m http.server {{ http_fileserver_serve_port }} - StandardOutput=syslog - StandardError=syslog - WorkingDirectory={{ http_fileserver_serve_dir }} - - [Install] - WantedBy=multi-user.target - -- name: Create systemd unit - copy: - content: "{{ http_fileserver_unit_content }}" - dest: /etc/systemd/system/simple-http-{{ http_fileserver_name | default('default') }}.service - notify: - - reload systemd configuration - - http file server restarted - become: true - diff --git a/roles/http-fileserver/tasks/remove.yaml b/roles/http-fileserver/tasks/remove.yaml deleted file mode 100644 index 23a6c2b2c..000000000 --- a/roles/http-fileserver/tasks/remove.yaml +++ /dev/null @@ -1,18 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: ensure http service is stopped - service: - name: simple-http-{{ http_fileserver_name | default('default') }}.service - state: stopped - enabled: false - become: true \ No newline at end of file diff --git a/roles/http-fileserver/tests/main.yaml b/roles/http-fileserver/tests/main.yaml deleted file mode 100644 index 38dce1321..000000000 --- a/roles/http-fileserver/tests/main.yaml +++ /dev/null @@ -1,42 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: Include test variables. - include_vars: - file: vars.yaml - -- name: ensure serve directory exists - file: - path: "{{ http_fileserver_serve_dir }}" - state: directory - mode: "0755" - become: true - -- name: install http-fileserver - include_role: - name: http-fileserver - -- name: trigger all saved handlers - meta: flush_handlers - -- name: copy test file to serve directory - become: true - copy: - content: "{{ http_file_server_test_file_content }}" - dest: "{{ http_fileserver_serve_dir }}/{{ http_fileserver_test_file_name }}" - register: file_copy_command - -- name: download test file - get_url: - url: "http://localhost:{{ http_fileserver_serve_port }}/{{ http_fileserver_test_file_name }}" - dest: "/tmp/{{ http_fileserver_test_file_name }}" - checksum: "sha1:{{ file_copy_command.checksum }}" \ No newline at end of file diff --git a/roles/http-fileserver/tests/vars.yaml b/roles/http-fileserver/tests/vars.yaml deleted file mode 100644 index c96e7eb76..000000000 --- a/roles/http-fileserver/tests/vars.yaml +++ /dev/null @@ -1,16 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -http_fileserver_serve_dir: /srv/test-dir -http_fileserver_serve_port: 8095 -http_file_server_test_file_content: "something to test" -http_fileserver_test_file_name: "test-file" \ No newline at end of file diff --git a/tests/ansible/role-test-runner.yaml b/tests/ansible/role-test-runner.yaml index 17b00f542..cb826e7e4 100644 --- a/tests/ansible/role-test-runner.yaml +++ b/tests/ansible/role-test-runner.yaml @@ -22,7 +22,6 @@ - libvirt-domain - apache-wsgi-sushy-emulator - airship-libvirt-gate - - http-fileserver - name: run tests against defined roles include_tasks: "../../roles/{{ role_name }}/tests/main.yaml" with_items: "{{ test_subject_roles | default(test_subject_roles_default) }}"