ptoal/toallab-automation
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
28c9375b0df379112ecac5157809916af27a7ce3
toallab-automation/roles/linux-system-roles.network/tests/playbooks/tests_802_1x.yml

125 lines
4.2 KiB
YAML
Raw Blame History

# SPDX-License-Identifier: BSD-3-Clause
---
- hosts: all
vars:
interface: 802-1x-test
tasks:
- name: "INIT: 802.1x tests"
debug:
msg: "##################################################"
- include_tasks: tasks/setup_802.1x.yml
- block:
- name: "TEST: 802.1x profile with private key password and ca cert"
debug:
msg: "##################################################"
- import_role:
name: linux-system-roles.network
vars:
network_connections:
- name: "{{ interface }}"
interface_name: veth2
state: up
type: ethernet
ip:
address:
- 203.0.113.2/24
dhcp4: "no"
auto6: "no"
ieee802_1x:
identity: myhost
eap: tls
private_key: /etc/pki/tls/client.key
private_key_password: test
private_key_password_flags:
- none
client_cert: /etc/pki/tls/client.pem
ca_cert: /etc/pki/tls/cacert.pem
- name: "TEST: I can ping the EAP server"
command: ping -c1 203.0.113.1
- import_role:
name: linux-system-roles.network
vars:
network_connections:
- name: "{{ interface }}"
persistent_state: absent
state: down
- name: >-
TEST: 802.1x profile with unencrypted private key,
domain suffix match, and system ca certs
debug:
msg: "##################################################"
- name: Copy cacert to system truststore
copy:
src: cacert.pem
dest: /etc/pki/ca-trust/source/anchors/cacert.pem
mode: 0644
- name: Update ca trust
command: update-ca-trust
- import_role:
name: linux-system-roles.network
vars:
network_connections:
- name: "{{ interface }}"
interface_name: veth2
state: up
type: ethernet
ip:
address:
- 203.0.113.2/24
dhcp4: "no"
auto6: "no"
ieee802_1x:
identity: myhost
eap: tls
private_key: /etc/pki/tls/client.key.nocrypt
client_cert: /etc/pki/tls/client.pem
private_key_password_flags:
- not-required
system_ca_certs: True
domain_suffix_match: example.com
- name: "TEST: I can ping the EAP server"
command: ping -c1 203.0.113.1
- import_role:
name: linux-system-roles.network
vars:
network_connections:
- name: "{{ interface }}"
persistent_state: absent
state: down
- include_tasks: tasks/test_802.1x_capath.yml
always:
- block:
- import_role:
name: linux-system-roles.network
vars:
network_connections:
- name: "{{ interface }}"
persistent_state: absent
state: down
- name: br1
persistent_state: absent
state: down
ignore_errors: true
- include_tasks: tasks/cleanup_802_1x_server.yml
- name: Remove test certificates
file:
state: absent
path: "/etc/pki/tls/{{ item }}"
with_items:
- client.key
- client.key.nocrypt
- client.pem
- cacert.pem
- name: Remove test CA
file:
state: absent
path: "{{ item }}"
with_items:
- /etc/pki/tls/my_ca_certs
- /etc/pki/ca-trust/source/anchors/cacert.pem
- name: Update ca trust
command: update-ca-trust
tags:
- "tests::cleanup"
Reference in New Issue View Git Blame Copy Permalink