Browse Source

add test files

main
Markus Bergholz 7 months ago
parent
commit
a2d6ce2df0
7 changed files with 62 additions and 22 deletions
  1. +21
    -0
      Makefile
  2. +3
    -0
      ansible.cfg
  3. +2
    -0
      inventories/test.ini
  4. +1
    -1
      localhost.yml
  5. +9
    -0
      roles/ssh/handlers/main.yml
  6. +22
    -21
      roles/ssh/tasks/main.yml
  7. +4
    -0
      test/Dockerfile.ubuntu

+ 21
- 0
Makefile View File

@ -0,0 +1,21 @@
.PHONY: help test
help: ## This help.
@awk 'BEGIN {FS = ":.*?## "} /^[a-zA-Z_-]+:.*?## / {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}' $(MAKEFILE_LIST)
.DEFAULT_GOAL := help
clean: ## delete all *.retry files
find . -name '*.retry' -delete
run: ## start test container
docker run \
--name ubuntu \
--rm -d \
-v /var/run/docker.sock:/var/run/docker.sock \
-v /sys/fs/cgroup:/sys/fs/cgroup:ro \
--cap-add SYS_ADMIN \
--privileged test /sbin/init
test: ## run playbook against local docker container
ansible-playbook -i inventories/test.ini localhost.yml

+ 3
- 0
ansible.cfg View File

@ -0,0 +1,3 @@
[defaults]
roles_path = ~/.ansible/roles
interpreter_python = /usr/bin/python

+ 2
- 0
inventories/test.ini View File

@ -0,0 +1,2 @@
[testing]
ubuntu ansible_connection=docker

+ 1
- 1
localhost.yml View File

@ -1,5 +1,5 @@
---
- hosts: local
- hosts: all
roles:
- ssh

+ 9
- 0
roles/ssh/handlers/main.yml View File

@ -0,0 +1,9 @@
- name: sshd is started
service:
state: started
name: sshd
- name: restart sshd
service:
state: restarted
name: sshd

+ 22
- 21
roles/ssh/tasks/main.yml View File

@ -5,6 +5,23 @@
block:
- name: install packages
package:
name: openssh
state: present
ignore_errors: yes
notify:
- sshd is started
register: SSH
- name: install openssh-server
package:
name: openssh-server
state: present
when: SSH.failed
notify:
- sshd is started
- name: delete sshd_config file
file:
state: absent
@ -23,34 +40,18 @@
mode: 0600
- name: create new sshd_config
blockinfile:
path: /etc/ssh/sshd_config
block: |
copy:
dest: /etc/ssh/sshd_config
content: |
PermitRootLogin no
PasswordAuthentication no
TrustedUserCAKeys /etc/ssh/id_ecdsa_sk.pub
PubkeyAuthentication yes
RhostsRSAAuthentication no
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
AllowUsers m
notify:
- restart sshd
- name: limit ssh access
ufw:
rule: limit
port: ssh
proto: tcp
- name: restart sshd
systemd:
state: restarted
daemon_reload: yes
name: sshd
- name: enable UFW
ufw:
state: enabled
...

+ 4
- 0
test/Dockerfile.ubuntu View File

@ -0,0 +1,4 @@
FROM ubuntu:20.04
RUN apt update && apt install -y init sudo python curl procps

Loading…
Cancel
Save