usmqe-setup/test_teardown.tendrl_httpd_ssl.yml at master · usmqe/usmqe-setup · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
---
# ==================================================
#  Teardown of HTTPS for Tendrl UI, API and Grafana
# ==================================================
#
# This just removes any SSL Tendrl configuration (no matter if default local
# self signed certs or actuall CA is used) and configures Tendrl to use plain
# http again.

- hosts: usm_server
  remote_user: root
  handlers:
    - name: restart httpd
      service: name=httpd state=restarted
  tasks:

    - name: Remove 00_tendrl-ssl.conf file
      file:
        path: /etc/httpd/conf.d/00_tendrl-ssl.conf
        state: absent
      notify: restart httpd

    - name: Restore tendrl.conf from backup
      copy:
        src: /etc/httpd/conf.d/tendrl.conf.usmqe_backup
        dest: /etc/httpd/conf.d/tendrl.conf
        remote_src: yes
        backup: yes
        force: yes
      notify: restart httpd

    - name: Run rpm -qV tendrl-api-httpd to validate config file restoration
      command: rpm -qV tendrl-api-httpd
      changed_when: False
      register: rpm_qv_tendrl_api_httpd
      failed_when: rpm_qv_tendrl_api_httpd.rc > 1

    - name: Recheck result of config file restoration (based on previous task)
      assert:
        that:
          - (rpm_qv_tendrl_api_httpd.rc == 0) or (rpm_qv_tendrl_api_httpd.stdout == '.......T.  c /etc/httpd/conf.d/tendrl.conf')
          - rpm_qv_tendrl_api_httpd.stderr == ''

    - name: Remove mod_ssl package
      yum:
        name: mod_ssl
        state: absent

    - name: Run apachectl configtest to validate new configuration
      command: apachectl -t
      changed_when: False
      register: apachectl_configtest

    - name: Recheck result of config validation (based on previous task)
      assert:
        that:
          - apachectl_configtest.stderr == 'Syntax OK'
          - apachectl_configtest.stdout == ''

    - name: Disable https service in firewalld
      firewalld:
        service=https
        zone=public permanent=true state=disabled immediate=true

    - name: Enable http service in firewalld
      firewalld:
        service=http
        zone=public permanent=true state=enabled immediate=true