Browse Source

New vagrant-based development environment

Luke Cyca 11 years ago
parent
commit
08d6827755

+ 2
- 1
.gitignore View File

@@ -1 +1,2 @@
1
-vars/user.yml
1
+.vagrant
2
+vagrant_ansible_inventory_default

+ 19
- 34
Vagrantfile View File

@@ -2,43 +2,28 @@
2 2
 # https://github.com/mitchellh/vagrant/blob/master/CHANGELOG.md#130-september-5-2013
3 3
 
4 4
 Vagrant.configure('2') do |config|
5
-  config.vm.provider :lxc do |lxc, override|
6
-    override.vm.box     = 'precise64'
7
-    override.vm.box_url = 'http://bit.ly/vagrant-lxc-precise64-2013-05-08'
8
-  end
9 5
 
10 6
   config.vm.provider :virtualbox do |vbox, override|
11
-    override.vm.box     = 'precise64'
12
-    override.vm.box_url = 'http://files.vagrantup.com/precise64.box'
7
+    override.vm.box = 'wheezy64'
8
+    override.vm.box_url = 'https://sovereign.lukecyca.com/vagrant/wheezy64.box'
9
+    vbox.customize ["modifyvm", :id, "--memory", 512]
13 10
   end
14 11
 
15
-  boxes = [
16
-    {
17
-      :name => 'ansible.local',
18
-      :forwards => { 22  => 22222,
19
-                     80  => 80,
20
-                     25  => 25,
21
-                     143 => 143,
22
-                     465 => 465,
23
-                     993 => 993 }
24
-    }
25
-  ]
26
-
27
-  boxes.each do |opts|
28
-    config.vm.hostname = opts[:name]
29
-
30
-    opts[:forwards].each do |guest_port, host_port|
31
-      config.vm.network :forwarded_port, :guest => guest_port, :host => host_port
32
-    end
33
-
34
-    config.vm.provision :shell,
35
-                        :inline => 'if [ ! -e /root/apt.updated ]; then apt-get update && touch /root/apt.updated ; fi; apt-get install -y python-apt'
36
-
37
-    config.vm.provision :ansible do |ansible|
38
-      ansible.playbook = 'site.yml'
39
-    end
40
-
41
-    config.vm.provision :shell,
42
-                        :inline => "echo [test] > /vagrant/hosts.autogen && ifconfig eth0 | grep 'inet addr' | awk '{print $2}' | cut -d: -f2 >> /vagrant/hosts.autogen"
12
+  config.vm.hostname = 'sovereign.local'
13
+
14
+  config.vm.network "private_network", ip: "172.16.100.2"
15
+
16
+  config.vm.provision :ansible do |ansible|
17
+    ansible.playbook = 'site.yml'
18
+    ansible.host_key_checking = false
19
+
20
+    # ansible.tags = ['blog']
21
+    ansible.skip_tags = ['openvpn']
22
+    # ansible.verbose = 'vvvv'
23
+
24
+    # Workaround: https://github.com/mitchellh/vagrant/issues/2174
25
+    extra_vars = { ansible_ssh_user: 'vagrant', testing: true}
26
+    ansible.raw_arguments = "--extra-vars=" + extra_vars.map { |k,v| "#{k}=#{v}" }.join(" ")
43 27
   end
28
+
44 29
 end

+ 18
- 4
roles/common/files/wildcard_ca.pem View File

@@ -1,6 +1,20 @@
1 1
 -----BEGIN CERTIFICATE-----
2
-TODO
3
------END CERTIFICATE-----
4
------BEGIN CERTIFICATE-----
5
-TODO
2
+MIIDPjCCAiYCCQDcHVzv6JwhEzANBgkqhkiG9w0BAQUFADBhMQswCQYDVQQGEwJB
3
+VTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0
4
+cyBQdHkgTHRkMRowGAYDVQQDFBEqLnNvdmVyZWlnbi5sb2NhbDAeFw0xMzExMDIx
5
+OTI4NDlaFw0xNDExMDIxOTI4NDlaMGExCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpT
6
+b21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxGjAY
7
+BgNVBAMUESouc292ZXJlaWduLmxvY2FsMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
8
+MIIBCgKCAQEArpXru3ZQKl+OVlBar2yziN5ZiVSbt6QYuJtTUmMAfAtGsPobueyI
9
+6XLG6QcFNCWNqUd3fa15GPYluFA5Ot7bPAoo3UQXJvM9n/tQ2YWPjPgxaV4sCKrI
10
+yw7UF+f2NwtUVdj1wHB0x7bh9asNv+ZDC5O2ze8dn09CS7Puh13bsVFm1iapngrr
11
+C6ctethJF67A/mRa7UzqHzesAznkgaWfhDLyygNX0PzI5ywVAKbgvxUWndPx3oY6
12
+yx5jrfk+opMUUnDu9AqhthTPaKK1s3JXJBOW2R/rlgYokfO7VBDkRv/ty3B1BnmS
13
+xdOV/01f5JJdgfLlR6PNd2FMmMoCesg9YwIDAQABMA0GCSqGSIb3DQEBBQUAA4IB
14
+AQAX5KZYIYcMuHRdsd/EKwee+pzp0irs1dqbNwYJIj3HS8Zx/qd+LET4irQbY72N
15
+9Z2s0UTSngy4axlyItKrn+k26FUnSW80W8GMb/dEIyKg5Vnu+zLKnKj85dGUBSAP
16
+AzhNyqkwiY5BFFy/tvuFBvjxle9vkBNZrmtsh/PktzaW3BNrYaE9xDMYesT9xi73
17
+aKFMIryVZWzZKmMaJhcMcMarWzAvLftV+0VfJV3EWtzpEbjEu3mIsoBZvD0uGqbU
18
+Llt1yeYyBrcdIbDQZgeRHhrJjC8yx0iqvj5WmnEp8hk6YtqdwGGTJxkpUtxFT/dO
19
++0vEpa88MmGGUdXZ4NWI2IYe
6 20
 -----END CERTIFICATE-----

+ 27
- 3
roles/common/files/wildcard_private.key View File

@@ -1,3 +1,27 @@
1
------BEGIN PRIVATE KEY-----
2
-TODO
3
------END PRIVATE KEY-----
1
+-----BEGIN RSA PRIVATE KEY-----
2
+MIIEpAIBAAKCAQEArpXru3ZQKl+OVlBar2yziN5ZiVSbt6QYuJtTUmMAfAtGsPob
3
+ueyI6XLG6QcFNCWNqUd3fa15GPYluFA5Ot7bPAoo3UQXJvM9n/tQ2YWPjPgxaV4s
4
+CKrIyw7UF+f2NwtUVdj1wHB0x7bh9asNv+ZDC5O2ze8dn09CS7Puh13bsVFm1iap
5
+ngrrC6ctethJF67A/mRa7UzqHzesAznkgaWfhDLyygNX0PzI5ywVAKbgvxUWndPx
6
+3oY6yx5jrfk+opMUUnDu9AqhthTPaKK1s3JXJBOW2R/rlgYokfO7VBDkRv/ty3B1
7
+BnmSxdOV/01f5JJdgfLlR6PNd2FMmMoCesg9YwIDAQABAoIBADm/oYAavJ2nif+H
8
+CNgqDqDhW6CPegqenwbBaihAUzK00CdOM8mmMgt2SdFe3xvGqDssRpwtu3bEROnY
9
+r3WHreEIQ0gdc8MQhnvat32cLkWk+0MtQUeEpnJ0bzeRJOJEPxs+btu+1wIQvmFy
10
+uVOWqOq1a6xmwdemcfl0hRwFsdvO00MefOWgJpmBGBTBKuvhg1rUPP8xkHlD98ga
11
++vpxG0vS5d2vHKa5FxcbbMaV9kxqjsc1Sm79zWlomwdmE5u0dUIIfNV1+VOmPqW2
12
+tjeD+JDieyX3uOKFpRTk7/5rOJd5hzHukIeUpl0n9mC/mY8lvoFAttszeTEwjkv0
13
+EhRBjaECgYEA3Rz8AoWJLDC63wfz3mUhtXzFxrxok85cNT35ohT9btnKyLKykvAE
14
+BCfHeYg8cwFFv0oUXpK9HWOqoJhsYN79+WYA1QE9n0XXAGl1K1/FlKsoAH3h5GAf
15
+CHGLsq6rEY3ixBmqEiKCWjNXgKeoMg9V/gjTNudWYqLvcsgMoD9vJbkCgYEAyiGi
16
+QZUa7pGFSa3+kPJo9wx6FylsAVnBluQETZpPdXSB43cTnfUlGj50OHAwFKwD4MP1
17
+Z+3mTW3+iedpEo3BWs47onanI9DSe6XcUUMXreP+aStJYOkQ3Sl5wr5A61NFF/yr
18
++bdKEzXNXB5My5hbFLuSUtsXNVmVr6B7pz2wyfsCgYEAiXKyCVM/IPQtxeSoqM+O
19
+88VbIB4QmAjIcuRSoHmRzO2fy8ChlwuSQ48Cxb51bTwWQkHnhZ6L5pAFCg2WGWWk
20
+1Pqee8popvCAJSZpCoxfQvpeRGf8Gr3RrKsAnxNLDf94PlSBzwIaq72MoFIYEP5N
21
+gzuzKEcIAQqt9Fj82ER2cCkCgYEAnaEFC+ffjNRnAUJzF04zlRVh0NY4qAT691Ty
22
+FiKUfKBS+rRN1Azs1j6GG81BcZ2DmLC4nEfmJdP1gE26nwF1G/9geh3V0hRzUIHU
23
+Ansz6CO4rwNWwgB/ajmB/uCnd90EMOSWqLLLTZfTglcOxGcYAF8WiQ7aVnx6Qu//
24
+/jgZuikCgYB10Gf8Wl/TcWVBTwbDbA50VqZpUWXkcF+oo/w4FfI2f74TEQVkIs9m
25
+4SVhrtSAz3z2tuBEDB8SM2Uwe00/JSrbuOTvGcVTq64LDgH5fL38Hw8+7IvAZEOx
26
+26mAS685K1pq0HvvCuwzSIAjpo55tso3phG/YxC+DD11DglhL1SpBA==
27
+-----END RSA PRIVATE KEY-----

+ 18
- 1
roles/common/files/wildcard_public_cert.crt View File

@@ -1,3 +1,20 @@
1 1
 -----BEGIN CERTIFICATE-----
2
-TODO
2
+MIIDPjCCAiYCCQDcHVzv6JwhEzANBgkqhkiG9w0BAQUFADBhMQswCQYDVQQGEwJB
3
+VTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0
4
+cyBQdHkgTHRkMRowGAYDVQQDFBEqLnNvdmVyZWlnbi5sb2NhbDAeFw0xMzExMDIx
5
+OTI4NDlaFw0xNDExMDIxOTI4NDlaMGExCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpT
6
+b21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxGjAY
7
+BgNVBAMUESouc292ZXJlaWduLmxvY2FsMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
8
+MIIBCgKCAQEArpXru3ZQKl+OVlBar2yziN5ZiVSbt6QYuJtTUmMAfAtGsPobueyI
9
+6XLG6QcFNCWNqUd3fa15GPYluFA5Ot7bPAoo3UQXJvM9n/tQ2YWPjPgxaV4sCKrI
10
+yw7UF+f2NwtUVdj1wHB0x7bh9asNv+ZDC5O2ze8dn09CS7Puh13bsVFm1iapngrr
11
+C6ctethJF67A/mRa7UzqHzesAznkgaWfhDLyygNX0PzI5ywVAKbgvxUWndPx3oY6
12
+yx5jrfk+opMUUnDu9AqhthTPaKK1s3JXJBOW2R/rlgYokfO7VBDkRv/ty3B1BnmS
13
+xdOV/01f5JJdgfLlR6PNd2FMmMoCesg9YwIDAQABMA0GCSqGSIb3DQEBBQUAA4IB
14
+AQAX5KZYIYcMuHRdsd/EKwee+pzp0irs1dqbNwYJIj3HS8Zx/qd+LET4irQbY72N
15
+9Z2s0UTSngy4axlyItKrn+k26FUnSW80W8GMb/dEIyKg5Vnu+zLKnKj85dGUBSAP
16
+AzhNyqkwiY5BFFy/tvuFBvjxle9vkBNZrmtsh/PktzaW3BNrYaE9xDMYesT9xi73
17
+aKFMIryVZWzZKmMaJhcMcMarWzAvLftV+0VfJV3EWtzpEbjEu3mIsoBZvD0uGqbU
18
+Llt1yeYyBrcdIbDQZgeRHhrJjC8yx0iqvj5WmnEp8hk6YtqdwGGTJxkpUtxFT/dO
19
++0vEpa88MmGGUdXZ4NWI2IYe
3 20
 -----END CERTIFICATE-----

+ 1
- 1
site.yml View File

@@ -7,7 +7,7 @@
7 7
   gather_facts: True
8 8
   vars_files:
9 9
     - vars/defaults.yml
10
-    - vars/user.yml
10
+    - vars/{{ 'testing' if testing else 'user' }}.yml
11 11
 
12 12
   roles:
13 13
     - common

+ 55
- 0
tests.sh View File

@@ -0,0 +1,55 @@
1
+#!/bin/bash
2
+
3
+# use timeout or gtimeout
4
+export TIMEOUT="timeout"
5
+if [ -z `which timeout` ]; then
6
+    export TIMEOUT="gtimeout"
7
+fi
8
+
9
+SUITE_RET=0
10
+
11
+runtest() {
12
+  NAME=$1
13
+  OUTPUT=`$TIMEOUT -k 1 5 bash -c "$2" 2>&1`
14
+  RET="$?"
15
+  if [ $RET -eq 0 ]; then
16
+    printf "$NAME: \e[00;32mPASSED\e[00m\n"
17
+  elif [ $RET -eq 124 ]; then
18
+    printf "$NAME: \e[00;31mTIMEOUT\e[00m\n"
19
+    SUITE_RET=1
20
+  else
21
+    printf "$NAME: \e[00;31mFAILED\e[00m\n"
22
+    echo "$OUTPUT"
23
+    SUITE_RET=1
24
+  fi
25
+}
26
+
27
+
28
+
29
+# SSH
30
+runtest test_ssh "nc -w1 172.16.100.2 22 | grep '^SSH'"
31
+
32
+# SMTP
33
+runtest test_smtp "echo 'quit' | nc -w1 172.16.100.2 25 | grep 'ESMTP Postfix'"
34
+runtest test_smtps "echo '' | openssl s_client -connect 172.16.100.2:465 | grep 'TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA'"
35
+runtest test_smtp_tls "echo '' | openssl s_client -connect 172.16.100.2:25 -starttls smtp | grep 'TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA'"
36
+
37
+# IMAP
38
+runtest test_imaps "echo '' | openssl s_client -connect 172.16.100.2:993 | grep 'TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA'"
39
+
40
+# HTTP/S
41
+runtest test_http "echo 'GET /' | nc -w1 172.16.100.2 80 | grep 'It works!'"
42
+runtest test_https "echo '' | openssl s_client -connect 172.16.100.2:443 | grep 'TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA'"
43
+runtest test_blog_redirect "curl 172.16.100.2:80 -H 'Host: sovereign.local' -v | grep '301 Moved Permanently'"
44
+
45
+# The blog will give 403 because it is an empty directory
46
+runtest test_blog "curl https://172.16.100.2:443/ -H 'Host: sovereign.local' -v --insecure | grep '403 Forbidden'"
47
+
48
+# Other web sites
49
+runtest test_roundcube "curl https://172.16.100.2:443/ -H 'Host: mail.sovereign.local' -v --insecure | grep 'Welcome to Roundcube Webmail'"
50
+runtest test_owncloud "curl https://172.16.100.2:443/ -H 'Host: cloud.sovereign.local' -v --insecure | grep 'ownCloud'"
51
+
52
+# ZNC
53
+runtest test_znc "echo '' | openssl s_client -connect 172.16.100.2:6697 | grep 'TLSv1/SSLv3, Cipher is AES256-SHA'"
54
+
55
+exit $SUITE_RET

+ 52
- 0
vars/testing.yml View File

@@ -0,0 +1,52 @@
1
+---
2
+###############################################################################
3
+# Variables used when testing with Vagrant
4
+# For a complete reference look at the `vars/defaults.yml` file.
5
+###############################################################################
6
+
7
+# common
8
+domain: sovereign.local
9
+main_user_name: sovereign
10
+encfs_password: testPassword
11
+
12
+# ircbouncer
13
+irc_nick: sovereign
14
+irc_ident: sovereign
15
+irc_realname: Mr. Sovereign
16
+irc_quitmsg: Bye
17
+irc_password_hash: "sha256#4bfc209c5e19874337fd89c80675ad194836efea5efd4189b7f73cd9e0a6094f#,i*Msa0B;w9yR23nm1ZB#" #foo
18
+
19
+# mailserver
20
+mail_mysql_password: testPassword
21
+mail_virtual_domains:
22
+  - name: "{{ domain }}"
23
+    pk_id: 1
24
+    primary_user: "{{ main_user_name }}"
25
+mail_virtual_users:
26
+  - address: "{{ main_user_name }}@{{ domain }}"
27
+    password_hash: "$6$.f8oDqN1cDE/$Iyk8.scbwZCxw5pf9Flcvu.VYk9Jk77y/UaM0DyIcw9wouNqifXr3xV1fQPPNgBIM3BEEabAxePtC5Y/iX5vH1" #foo
28
+    domain_pk_id: 1
29
+mail_virtual_aliases:
30
+  - source: "root@{{ domain }}"
31
+    destination: "{{ admin_email }}"
32
+    domain_pk_id: 1
33
+  - source: "postmaster@{{ domain }}"
34
+    destination: "{{ admin_email }}"
35
+    domain_pk_id: 1
36
+  - source: "webmaster@{{ domain }}"
37
+    destination: "{{ admin_email }}"
38
+    domain_pk_id: 1
39
+
40
+# owncloud
41
+owncloud_mysql_password: testPassword
42
+
43
+# vpn
44
+openvpn_key_country:  "US"
45
+openvpn_key_province: "California"
46
+openvpn_key_city: "Beverly Hills"
47
+openvpn_key_org: "ACME CORPORATION"
48
+openvpn_key_ou: "Anvil Department"
49
+openvpn_clients:
50
+  - laptop
51
+  - phone
52
+  - tablet

Loading…
Cancel
Save