# SPDX-License-Identifier: BSD-3-Clause --- - hosts: all vars: interface: 802-1x-test tasks: - name: "INIT: 802.1x tests" debug: msg: "##################################################" - include_tasks: tasks/setup_802.1x.yml - block: - name: "TEST: 802.1x profile with private key password and ca cert" debug: msg: "##################################################" - import_role: name: linux-system-roles.network vars: network_connections: - name: "{{ interface }}" interface_name: veth2 state: up type: ethernet ip: address: - 203.0.113.2/24 dhcp4: "no" auto6: "no" ieee802_1x: identity: myhost eap: tls private_key: /etc/pki/tls/client.key private_key_password: test private_key_password_flags: - none client_cert: /etc/pki/tls/client.pem ca_cert: /etc/pki/tls/cacert.pem - name: "TEST: I can ping the EAP server" command: ping -c1 203.0.113.1 - import_role: name: linux-system-roles.network vars: network_connections: - name: "{{ interface }}" persistent_state: absent state: down - name: >- TEST: 802.1x profile with unencrypted private key, domain suffix match, and system ca certs debug: msg: "##################################################" - name: Copy cacert to system truststore copy: src: cacert.pem dest: /etc/pki/ca-trust/source/anchors/cacert.pem mode: 0644 - name: Update ca trust command: update-ca-trust - import_role: name: linux-system-roles.network vars: network_connections: - name: "{{ interface }}" interface_name: veth2 state: up type: ethernet ip: address: - 203.0.113.2/24 dhcp4: "no" auto6: "no" ieee802_1x: identity: myhost eap: tls private_key: /etc/pki/tls/client.key.nocrypt client_cert: /etc/pki/tls/client.pem private_key_password_flags: - not-required system_ca_certs: True domain_suffix_match: example.com - name: "TEST: I can ping the EAP server" command: ping -c1 203.0.113.1 - import_role: name: linux-system-roles.network vars: network_connections: - name: "{{ interface }}" persistent_state: absent state: down - include_tasks: tasks/test_802.1x_capath.yml always: - block: - import_role: name: linux-system-roles.network vars: network_connections: - name: "{{ interface }}" persistent_state: absent state: down - name: br1 persistent_state: absent state: down ignore_errors: true - include_tasks: tasks/cleanup_802_1x_server.yml - name: Remove test certificates file: state: absent path: "/etc/pki/tls/{{ item }}" with_items: - client.key - client.key.nocrypt - client.pem - cacert.pem - name: Remove test CA file: state: absent path: "{{ item }}" with_items: - /etc/pki/tls/my_ca_certs - /etc/pki/ca-trust/source/anchors/cacert.pem - name: Update ca trust command: update-ca-trust tags: - "tests::cleanup"