76 lines
1.8 KiB
YAML
76 lines
1.8 KiB
YAML
# SPDX-License-Identifier: BSD-3-Clause
|
|
---
|
|
- name: Install hostapd
|
|
package:
|
|
name: hostapd
|
|
state: present
|
|
|
|
- name: Create directory for test certificates
|
|
file:
|
|
state: directory
|
|
path: /etc/pki/tls/hostapd_test
|
|
- name: Copy server certificates
|
|
copy:
|
|
src: "{{ item }}"
|
|
dest: "/etc/pki/tls/hostapd_test/{{ item }}"
|
|
with_items:
|
|
- server.key
|
|
- dh.pem
|
|
- server.pem
|
|
- cacert.pem
|
|
|
|
- name: Create test interfaces
|
|
shell: |
|
|
ip link add veth1 type veth peer name veth1-br
|
|
ip link add veth2 type veth peer name veth2-br
|
|
|
|
ip link add br1 type bridge
|
|
ip link set br1 up
|
|
|
|
ip netns add ns1
|
|
|
|
ip link set veth1 netns ns1
|
|
|
|
ip netns exec ns1 ip addr add 203.0.113.1/24 dev veth1
|
|
|
|
ip link set veth1-br up
|
|
ip link set veth2-br up
|
|
|
|
ip link set veth1-br master br1
|
|
ip link set veth2-br master br1
|
|
|
|
ip netns exec ns1 ip link set veth1 up
|
|
ip link set veth2 up
|
|
|
|
# Enable forwarding of EAP 802.1x messages through software bridge "br1".
|
|
echo 8 > /sys/class/net/br1/bridge/group_fwd_mask
|
|
|
|
- name: Create hostapd config
|
|
copy:
|
|
content: |
|
|
interface=veth1
|
|
driver=wired
|
|
debug=2
|
|
ieee8021x=1
|
|
eap_reauth_period=3600
|
|
eap_server=1
|
|
use_pae_group_addr=1
|
|
eap_user_file=/etc/hostapd/hostapd.eap_user
|
|
ca_cert=/etc/pki/tls/hostapd_test/cacert.pem
|
|
dh_file=/etc/pki/tls/hostapd_test/dh.pem
|
|
server_cert=/etc/pki/tls/hostapd_test/server.pem
|
|
private_key=/etc/pki/tls/hostapd_test/server.key
|
|
private_key_passwd=test
|
|
logger_syslog=-1
|
|
logger_syslog_level=0
|
|
dest: /etc/hostapd/wired.conf
|
|
|
|
- name: Create eap_user_file config
|
|
copy:
|
|
content: |
|
|
* TLS
|
|
dest: /etc/hostapd/hostapd.eap_user
|
|
|
|
- name: Run hostapd in namespace
|
|
shell: ip netns exec ns1 hostapd -B /etc/hostapd/wired.conf && sleep 5
|