diff --git a/Makefile b/Makefile index ce781690..9227ea54 100644 --- a/Makefile +++ b/Makefile @@ -8,4 +8,4 @@ install-ansible-collections: .PHONY: integration integration: install-python-packages install-ansible-collections - ansible-test integration --no-temp-workdir + ansible-test integration --no-temp-workdir system_settings_test diff --git a/roles/system_settings/README.md b/roles/system_settings/README.md index 397cf421..9d2120c6 100644 --- a/roles/system_settings/README.md +++ b/roles/system_settings/README.md @@ -20,12 +20,9 @@ N/A - **system_settings_validate_certs** - Allows connection when SSL certificates are not valid. Set to false when certificates are not trusted. -### Security -- **system_settings_ntp_servers**: - - List of NTP servers. This method updates old NTP servers from configuration and sets the input NTP servers in the configuration. If NTP based time synchronization is used internally, the NTP daemon will be restarted to reload given NTP configuration. In case NTP based time synchronization is not used, this method only replaces servers in the NTP configuration. +### System settings -- **system_settings_timesync_mode**: - - Set time synchronization mode. +#### General - **system_settings_timezone**: - Set time zone. @@ -36,9 +33,55 @@ N/A - **system_settings_resize_storage**: - Resize all partitions to 100 percent of disk size. Default is `false`. +#### DNS + +- **system_settings_dns_mode**: + - Set the DNS mode - either static or DHCP. + +- **system_settings_dns_servers**: + - List of DNS servers to add/set. + +- **system_settings_dns_mode_append** + - If `true` items from `system_settings_dns_servers` will be added to already configured DNS servers. If `false` servers will be overriden. + +- **system_settings_dns_domains**: + - List of DNS domains to add/set. + +- **system_settings_dns_mode_append** + - If `true` items from `system_settings_dns_domains` will be added to already configured DNS domains. If `false` domains will be overriden. + +- **system_settings_dns_hostname**: + - Set the hostname of the vcenter. + +#### NTP +Note: NTP service will be restarted if configuration is changed. + +- **system_settings_timesync_mode**: + - Set time synchronization mode. + +- **system_settings_ntp_servers**: + - List of NTP servers. This method updates old NTP servers from configuration and sets the input NTP servers in the configuration. If NTP based time synchronization is used internally, the NTP daemon will be restarted to reload given NTP configuration. In case NTP based time synchronization is not used, this method only replaces servers in the NTP configuration. + +#### Proxy + +- **system_settings_noproxy**: + - List of hosts that should be ignored by proxy configuration. + +- **system_settings_proxy**: + - A list of proxy configurations. + + Proxy options: + * enabled: Required. Define if this proxy configuration should be enabled. + * url: Required. Define the URL of the proxy server (including protocol ie. http://...). + * port: Required. Define the port of the proxy server. + * protocol: Required. Define the protocol of the proxy server(FTP, HTTP, HTTPS). + * state: Define if the proxy configuration should be `present` or `absent`. + * username: Define `username` for the proxy server if proxy requires authentication. + * password: Define `password` for the proxy server if proxy requires authentication. + ## Dependencies -- NA +- vmware.vmware_rest ## Example Playbook ```yaml diff --git a/roles/system_settings/defaults/main.yml b/roles/system_settings/defaults/main.yml index b2c9e603..010bd836 100644 --- a/roles/system_settings/defaults/main.yml +++ b/roles/system_settings/defaults/main.yml @@ -1 +1,3 @@ system_settings_resize_storage: false +system_settings_dns_mode_append: false +system_settings_proxy: [] \ No newline at end of file diff --git a/roles/system_settings/handlers/main.yml b/roles/system_settings/handlers/main.yml new file mode 100644 index 00000000..8d97d771 --- /dev/null +++ b/roles/system_settings/handlers/main.yml @@ -0,0 +1,8 @@ +- name: Restart ntpd + vmware.vmware_rest.appliance_services: + vcenter_hostname: "{{ system_settings_hostname | d(omit) }}" + vcenter_password: "{{ system_settings_password | d(omit) }}" + vcenter_username: "{{ system_settings_username | d(omit) }}" + vcenter_validate_certs: "{{ system_settings_validate_certs | d(omit) }}" + service: ntpd + state: restart diff --git a/roles/system_settings/tasks/dns.yml b/roles/system_settings/tasks/dns.yml new file mode 100644 index 00000000..c3b9b68a --- /dev/null +++ b/roles/system_settings/tasks/dns.yml @@ -0,0 +1,54 @@ +- name: Append the DNS servers + vmware.vmware_rest.appliance_networking_dns_servers: + vcenter_hostname: "{{ system_settings_hostname | d(omit) }}" + vcenter_password: "{{ system_settings_password | d(omit) }}" + vcenter_username: "{{ system_settings_username | d(omit) }}" + vcenter_validate_certs: "{{ system_settings_validate_certs | d(omit) }}" + mode: "{{ system_settings_dns_mode | d(omit) }}" + server: "{{ item }}" + state: "add" + loop: "{{ system_settings_dns_servers | d([]) }}" + when: "system_settings_dns_mode is defined or system_settings_dns_servers is defined" + +- name: Set the DNS servers + vmware.vmware_rest.appliance_networking_dns_servers: + vcenter_hostname: "{{ system_settings_hostname | d(omit) }}" + vcenter_password: "{{ system_settings_password | d(omit) }}" + vcenter_username: "{{ system_settings_username | d(omit) }}" + vcenter_validate_certs: "{{ system_settings_validate_certs | d(omit) }}" + mode: "{{ system_settings_dns_mode | d(omit) }}" + servers: "{{ system_settings_dns_servers | d(omit) }}" + state: "set" + when: + "(system_settings_dns_mode is defined or system_settings_dns_servers is defined) and not system_settings_dns_mode_append" + +- name: Append the DNS domains + vmware.vmware_rest.appliance_networking_dns_domains: + vcenter_hostname: "{{ system_settings_hostname | d(omit) }}" + vcenter_password: "{{ system_settings_password | d(omit) }}" + vcenter_username: "{{ system_settings_username | d(omit) }}" + vcenter_validate_certs: "{{ system_settings_validate_certs | d(omit) }}" + domain: "{{ item }}" + state: "add" + loop: "{{ system_settings_dns_domains }}" + when: "system_settings_dns_domains is defined and system_settings_dns_mode_append" + +- name: Set the DNS domains + vmware.vmware_rest.appliance_networking_dns_domains: + vcenter_hostname: "{{ system_settings_hostname | d(omit) }}" + vcenter_password: "{{ system_settings_password | d(omit) }}" + vcenter_username: "{{ system_settings_username | d(omit) }}" + vcenter_validate_certs: "{{ system_settings_validate_certs | d(omit) }}" + domains: "{{ system_settings_dns_domains }}" + state: "set" + when: "system_settings_dns_domains is defined and not system_settings_dns_mode_append" + +- name: Set the DNS hostname + vmware.vmware_rest.appliance_networking_dns_hostname: + vcenter_hostname: "{{ system_settings_hostname | d(omit) }}" + vcenter_password: "{{ system_settings_password | d(omit) }}" + vcenter_username: "{{ system_settings_username | d(omit) }}" + vcenter_validate_certs: "{{ system_settings_validate_certs | d(omit) }}" + name: "{{ system_settings_dns_hostname | d(omit) }}" + state: "set" + when: "system_settings_dns_hostname is defined" diff --git a/roles/system_settings/tasks/main.yml b/roles/system_settings/tasks/main.yml index 7cd7ebd2..58eab7fe 100644 --- a/roles/system_settings/tasks/main.yml +++ b/roles/system_settings/tasks/main.yml @@ -1,37 +1,11 @@ -- name: Set NTP servers - when: system_settings_ntp_servers is defined - block: - - name: Test NTP servers - vmware.vmware_rest.appliance_ntp: - vcenter_hostname: "{{ system_settings_hostname | d(omit) }}" - vcenter_password: "{{ system_settings_password | d(omit) }}" - vcenter_username: "{{ system_settings_username | d(omit) }}" - vcenter_validate_certs: "{{ system_settings_validate_certs | d(omit) }}" - state: test - servers: "{{ system_settings_ntp_servers }}" - register: __ntp_state +- name: Configure ntpd + ansible.builtin.include_tasks: ntpd.yml - - name: Print the state of NTP servers - ansible.builtin.debug: - msg: "Warning: server {{ item.server }} status: {{ item.message }}" - loop: "{{ __ntp_state.value }}" - when: item.status == 'SERVER_UNREACHABLE' +- name: Configure DNS + ansible.builtin.include_tasks: dns.yml - - name: Set NTP servers - vmware.vmware_rest.appliance_ntp: - vcenter_hostname: "{{ system_settings_hostname | d(omit) }}" - vcenter_password: "{{ system_settings_password | d(omit) }}" - vcenter_username: "{{ system_settings_username | d(omit) }}" - vcenter_validate_certs: "{{ system_settings_validate_certs | d(omit) }}" - servers: "{{ system_settings_ntp_servers }}" - - - name: Set the timesync mode - vmware.vmware_rest.appliance_timesync: - vcenter_hostname: "{{ system_settings_hostname | d(omit) }}" - vcenter_password: "{{ system_settings_password | d(omit) }}" - vcenter_username: "{{ system_settings_username | d(omit) }}" - vcenter_validate_certs: "{{ system_settings_validate_certs | d(omit) }}" - mode: "NTP" +- name: Configure proxy + ansible.builtin.include_tasks: proxy.yml - name: Set the timesync mode vmware.vmware_rest.appliance_timesync: diff --git a/roles/system_settings/tasks/ntpd.yml b/roles/system_settings/tasks/ntpd.yml new file mode 100644 index 00000000..4247555d --- /dev/null +++ b/roles/system_settings/tasks/ntpd.yml @@ -0,0 +1,36 @@ +- name: Set NTP servers + when: system_settings_ntp_servers is defined + block: + - name: Test NTP servers + vmware.vmware_rest.appliance_ntp: + vcenter_hostname: "{{ system_settings_hostname | d(omit) }}" + vcenter_password: "{{ system_settings_password | d(omit) }}" + vcenter_username: "{{ system_settings_username | d(omit) }}" + vcenter_validate_certs: "{{ system_settings_validate_certs | d(omit) }}" + state: test + servers: "{{ system_settings_ntp_servers }}" + register: __ntp_state + + - name: Print the state of NTP servers + ansible.builtin.debug: + msg: "Warning: server {{ item.server }} status: {{ item.message }}" + loop: "{{ __ntp_state.value }}" + when: item.status == 'SERVER_UNREACHABLE' + + - name: Set NTP servers + vmware.vmware_rest.appliance_ntp: + vcenter_hostname: "{{ system_settings_hostname | d(omit) }}" + vcenter_password: "{{ system_settings_password | d(omit) }}" + vcenter_username: "{{ system_settings_username | d(omit) }}" + vcenter_validate_certs: "{{ system_settings_validate_certs | d(omit) }}" + servers: "{{ system_settings_ntp_servers }}" + notify: Restart ntpd + + - name: Set the timesync mode + vmware.vmware_rest.appliance_timesync: + vcenter_hostname: "{{ system_settings_hostname | d(omit) }}" + vcenter_password: "{{ system_settings_password | d(omit) }}" + vcenter_username: "{{ system_settings_username | d(omit) }}" + vcenter_validate_certs: "{{ system_settings_validate_certs | d(omit) }}" + mode: "NTP" + notify: Restart ntpd diff --git a/roles/system_settings/tasks/proxy.yml b/roles/system_settings/tasks/proxy.yml new file mode 100644 index 00000000..c66d1876 --- /dev/null +++ b/roles/system_settings/tasks/proxy.yml @@ -0,0 +1,25 @@ +- name: Set the noproxy hosts + vmware.vmware_rest.appliance_networking_noproxy: + vcenter_hostname: "{{ system_settings_hostname | d(omit) }}" + vcenter_password: "{{ system_settings_password | d(omit) }}" + vcenter_username: "{{ system_settings_username | d(omit) }}" + vcenter_validate_certs: "{{ system_settings_validate_certs | d(omit) }}" + servers: "{{ system_settings_noproxy }}" + when: "system_settings_noproxy is defined" + notify: Restart ntpd + +- name: Configure the proxy configuration + vmware.vmware_rest.appliance_networking_proxy: + vcenter_hostname: "{{ system_settings_hostname | d(omit) }}" + vcenter_password: "{{ system_settings_password | d(omit) }}" + vcenter_username: "{{ system_settings_username | d(omit) }}" + vcenter_validate_certs: "{{ system_settings_validate_certs | d(omit) }}" + enabled: "{{ item.enabled | mandatory }}" + server: "{{ item.url | mandatory }}" + port: "{{ item.port | mandatory }}" + protocol: "{{ item.protocol | mandatory }}" + state: "{{ item.state | d(omit) }}" + username: "{{ item.username | d(omit) }}" + password: "{{ item.password | d(omit) }}" + loop: "{{ system_settings_proxy }}" + notify: Restart ntpd diff --git a/tests/integration/targets/system_settings_test/mock.json b/tests/integration/targets/system_settings_test/mock.json index e0cfde64..98f8c7db 100644 --- a/tests/integration/targets/system_settings_test/mock.json +++ b/tests/integration/targets/system_settings_test/mock.json @@ -75,5 +75,44 @@ }, "body": "true" } +}, +{ + "httpRequest": { + "method": "(POST|PUT|GET)", + "path": "/api/appliance/networking/dns/(servers|domains|hostname)" + }, + "httpResponse": { + "statusCode": 200, + "headers": { + "Content-Type": "application/json" + }, + "body": "{}" + } +}, +{ + "httpRequest": { + "method": "(POST|PUT|GET)", + "path": "/api/appliance/networking/(proxy|noproxy)" + }, + "httpResponse": { + "statusCode": 200, + "headers": { + "Content-Type": "application/json" + }, + "body": "{}" + } +}, +{ + "httpRequest": { + "method": "(POST|PUT|GET)", + "path": "/api/appliance/networking/proxy/(http|https|ftp)" + }, + "httpResponse": { + "statusCode": 200, + "headers": { + "Content-Type": "application/json" + }, + "body": "{}" + } } ] diff --git a/tests/integration/targets/system_settings_test/vars.yml b/tests/integration/targets/system_settings_test/vars.yml index bea018df..6650b04d 100644 --- a/tests/integration/targets/system_settings_test/vars.yml +++ b/tests/integration/targets/system_settings_test/vars.yml @@ -9,3 +9,16 @@ system_settings_ntp_servers: [] system_settings_timezone: UTC system_settings_global_fips: true system_settings_resize_storage: true + +# DNS +system_settings_dns_mode: dhcp +system_settings_dns_domains: [domain.com] +system_settings_dns_hostname: vcenter.domain.com + +# Proxy +system_settings_noproxy: [1.2.3.4] +system_settings_proxy: + - protocol: http + url: http://localhost + enabled: true + port: 1234