From f2a5410d6c85c26afc47a343966ef1e3f6c2589f Mon Sep 17 00:00:00 2001 From: Patrick Hasler Date: Thu, 5 Sep 2024 12:12:13 +0200 Subject: [PATCH 01/10] fix: '{{ }}' in loop --- tasks/main.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/tasks/main.yml b/tasks/main.yml index d5a7ae9..b9916fc 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -62,12 +62,12 @@ mode: "0640" backup: "{{ bareos_dir_backup_configurations }}" loop: - - src: bareos_dir_tls_ca_cert_src - dest: bareos_dir_tls_ca_cert_dest - - src: bareos_dir_tls_cert_src - dest: bareos_dir_tls_cert_dest - - src: bareos_dir_tls_cert_key_src - dest: bareos_dir_tls_cert_key_dest + - src: "{{ bareos_dir_tls_ca_cert_src }}" + dest: "{{ bareos_dir_tls_ca_cert_dest }}" + - src: "{{ bareos_dir_tls_cert_src }}" + dest: "{{ bareos_dir_tls_cert_dest }}" + - src: "{{ bareos_dir_tls_cert_key_src }}" + dest: "{{ bareos_dir_tls_cert_key_dest }}" when: - bareos_dir_tls_enable - bareos_dir_tls_ca_cert_src != "" From bf11745216cbde2f854ebf9200a1f86d98d3bd14 Mon Sep 17 00:00:00 2001 From: Marlon Moser Date: Tue, 29 Oct 2024 14:28:29 +0100 Subject: [PATCH 02/10] ci: use reusable workflows --- .github/workflows/galaxy.yml | 13 +++---------- .github/workflows/semantic-release.yml | 15 +++++++++++++++ 2 files changed, 18 insertions(+), 10 deletions(-) create mode 100644 .github/workflows/semantic-release.yml diff --git a/.github/workflows/galaxy.yml b/.github/workflows/galaxy.yml index 1f8d455..9c09ba4 100644 --- a/.github/workflows/galaxy.yml +++ b/.github/workflows/galaxy.yml @@ -1,18 +1,11 @@ --- -# -# Ansible managed -# - name: Release to Ansible Galaxy on: release: types: [created, edited, published, released] + jobs: release: - runs-on: ubuntu-20.04 - steps: - - name: galaxy - uses: robertdebock/galaxy-action@1.2.1 - with: - galaxy_api_key: ${{ secrets.galaxy_api_key }} + uses: adfinis/github-workflows-bareos/.github/workflows/ansible-role.yaml@v0.1.0 + secrets: inherit diff --git a/.github/workflows/semantic-release.yml b/.github/workflows/semantic-release.yml new file mode 100644 index 0000000..a7cf072 --- /dev/null +++ b/.github/workflows/semantic-release.yml @@ -0,0 +1,15 @@ +--- +# runs on each push to main and is responsible for creating new tags/releases +name: Create Semantic Release + +on: + push: + branches: + - main + - master + +jobs: + semantic-release: + uses: adfinis/github-workflows-bareos/.github/workflows/semantic-release.yaml@v0.1.0 + secrets: + ADFINISBOT_GITHUB_TOKEN: ${{ secrets.ADFINISBOT_GITHUB_TOKEN }} From 60eaf6c40cbc5fd890f9098cbccdd8cdf568a0e1 Mon Sep 17 00:00:00 2001 From: Patrick Hasler Date: Wed, 30 Oct 2024 09:36:15 +0100 Subject: [PATCH 03/10] fix: bareos-dir.conf.j2 template TLS settings fix the TLS if conditions, add option `bareos_dir_tls_allowed_cns`. --- templates/bareos-dir.conf.j2 | 30 +++++++++++++++++------------- 1 file changed, 17 insertions(+), 13 deletions(-) diff --git a/templates/bareos-dir.conf.j2 b/templates/bareos-dir.conf.j2 index e6a12f1..c4c95bc 100644 --- a/templates/bareos-dir.conf.j2 +++ b/templates/bareos-dir.conf.j2 @@ -8,23 +8,27 @@ Director { Maximum Concurrent Jobs = {{ bareos_dir_max_concurrent_jobs }} {% endif %} Messages = "{{ bareos_dir_message }}" -{% if not bareos_dir_tls_enable %} - TLS Enable = No + + TLS Enable = {{ bareos_dir_tls_enable | ternary("yes","no")}} +{% if bareos_dir_tls_ca_cert_dest is defined and + bareos_dir_tls_cert_dest is defined and + bareos_dir_tls_cert_key_dest is defined +%} + TLS CA Certificate File = {{ bareos_dir_tls_ca_cert_dest }} + TLS Certificate = {{ bareos_dir_tls_cert_dest }} + TLS Key = {{ bareos_dir_tls_cert_key_dest }} {% endif %} -{% if bareos_dir_tls_verify_peer %} - TLS Verify Peer = Yes + + TLS Verify Peer = {{ bareos_dir_tls_verify_peer | default(false) | ternary("yes","no")}} +{% if bareos_dir_tls_allowed_cns is defined and + bareos_dir_tls_allowed_cns is iterable %} +{% for cn in bareos_dir_tls_allowed_cns %} + TLS Allowed CN = "{{ cn }}" +{% endfor %} {% endif %} + {% if bareos_dir_plugins is defined %} Plugin Names = "{{ bareos_dir_plugin_name }}" Plugin Directory = "{{ bareos_dir_plugin_dir }}" {% endif %} -{% if bareos_dir_tls_ca_cert_dest is defined and bareos_dir_tls_ca_cert_dest != "" %} - TLS CA Certificate File = "{{ bareos_dir_tls_ca_cert_dest }}" -{% endif %} -{% if bareos_dir_tls_cert_dest is defined and bareos_dir_tls_cert_dest != "" %} - TLS Certificate = "{{ bareos_dir_tls_cert_dest }}" -{% endif %} -{% if bareos_dir_tls_cert_key_dest is defined and bareos_dir_tls_cert_key_dest != "" %} - TLS Key = "{{ bareos_dir_tls_cert_key_dest }}" -{% endif %} } From 8c500269b3561c4780580ae30294ec2e60dfb649 Mon Sep 17 00:00:00 2001 From: Patrick Hasler Date: Wed, 30 Oct 2024 09:37:57 +0100 Subject: [PATCH 04/10] chore(meta): update TLS argument_specs --- meta/argument_specs.yml | 23 +++++++++++++++++++---- 1 file changed, 19 insertions(+), 4 deletions(-) diff --git a/meta/argument_specs.yml b/meta/argument_specs.yml index 0c2e124..8c9ce2f 100644 --- a/meta/argument_specs.yml +++ b/meta/argument_specs.yml @@ -33,12 +33,20 @@ argument_specs: description: "The messages configuration to use." bareos_dir_tls_enable: type: "bool" - default: yes - description: "Enable TLS." + default: true + description: > + Enable TLS support. + If no certificates are configured PSK (Pre Shared Keys) ciphers will be used. + If the other side does not support TLS, or cleartext is configured the connection will be aborted. bareos_dir_tls_verify_peer: type: "bool" - default: no - description: "Verify the peer." + default: false + description: > + Request and verify the peers certificate. + In server context, unless the TLS Allowed CN configuration directive is specified, + any client certificate signed by a known-CA will be accepted. + In client context, the server certificate CommonName attribute is checked against the + Address and TLS Allowed CN configuration directives. bareos_dir_tls_ca_cert_src: type: "str" description: "The CA Certificate for the Director (src)" @@ -57,6 +65,13 @@ argument_specs: bareos_dir_tls_cert_key_dest: type: "str" description: "The TLS certificate key of the director (dest)" + bareos_dir_tls_allowed_cns: + type: "list" + required: false + description: > + CN attribute of allowed peer certificates. + If `bareos_dir_tls_verify_peer` is true, + all connection request certificates will be checked against this list. bareos_dir_catalogs: type: "list" default: [] From dbc3d54d2993e7b37edfd898cdf31d0b5f1b3ef7 Mon Sep 17 00:00:00 2001 From: Patrick Hasler Date: Wed, 30 Oct 2024 09:40:19 +0100 Subject: [PATCH 05/10] chore(ci): add TLS dummy test files for molecule --- molecule/default/tls_files/molecule-ca.pem | 34 +++++++++++++ molecule/default/tls_files/molecule-test.key | 52 ++++++++++++++++++++ molecule/default/tls_files/molecule-test.pem | 35 +++++++++++++ 3 files changed, 121 insertions(+) create mode 100644 molecule/default/tls_files/molecule-ca.pem create mode 100644 molecule/default/tls_files/molecule-test.key create mode 100644 molecule/default/tls_files/molecule-test.pem diff --git a/molecule/default/tls_files/molecule-ca.pem b/molecule/default/tls_files/molecule-ca.pem new file mode 100644 index 0000000..d22d987 --- /dev/null +++ b/molecule/default/tls_files/molecule-ca.pem @@ -0,0 +1,34 @@ +-----BEGIN CERTIFICATE----- +MIIF6jCCA9KgAwIBAgIUfC/Gz2xsr6KrBFLNc2tpAYOK+BgwDQYJKoZIhvcNAQEL +BQAwgZ8xCzAJBgNVBAYTAkNIMRQwEgYDVQQIDAtCYXNlbC1TdGFkdDEOMAwGA1UE +BwwFQmFzZWwxEzARBgNVBAoMCkFkZmluaXMgQUcxEDAOBgNVBAsMB1Rlc3Rpbmcx +ITAfBgNVBAMMGGJhcmVvcy13ZWJ1aS5leGFtcGxlLmNvbTEgMB4GCSqGSIb3DQEJ +ARYRZHVtbXlAZXhhbXBsZS5jb20wHhcNMjQxMDI4MTMwNDQ1WhcNMjYxMDI4MTMw +NDQ1WjB6MQswCQYDVQQGEwJDSDEUMBIGA1UECAwLQmFzZWwtU3RhZHQxDjAMBgNV +BAcMBUJhc2VsMRAwDgYDVQQKDAdBZGZpbmlzMRAwDgYDVQQLDAdUZXN0aW5nMSEw +HwYDVQQDDBhiYXJlb3Mtd2VidWkuZXhhbXBsZS5jb20wggIiMA0GCSqGSIb3DQEB +AQUAA4ICDwAwggIKAoICAQCZAtCNVtFEvOgW2lbbTpsAnzQvqGDEV42UYgWl4hk/ +bpgl8+NBDHxNuQHDjAnRQcBSmw0ZgfgtKZm1nDvaiIhGmuCuzkxXWeBG31iEp/YS +4+X/ciN6/NPfyIBk08sA905y7fBIjCnYM+8D2gB0w1/INzHujBSrHU/upnkv9yKi +2WpmYo+BtzZu2Lpjs2FIVguoJPsyMfuS+W3oz6QeJZLTMNGdDXyUAoonOyihP0nB +dq3eMTOgB4c+XL+d6fvfxIVXGU4Cos1JVX4QiV2jzK7eIsoxoBUrnq3FwERxqCtr +IibOWDjo69Y2vSfpAAIWXtYqXEiccX70/+wZOz4KFbi2lNmT/9bx3annk+enXJ9J +fUX3QSH6SsyUROnDWMecth/wZeDwPeINzwU8R+iy09IauU4rj464icvQQQXjz5Iq +C/HYgMrUolXg4PIiiXpsMxnqglcvkEbW7H9mFAkJaK1yMdNjBPRKovIeQbo27Lr9 +ODBmXwC8c9LGTaE33QBtAo5CsxNb8Aq4wccZwL/F1dd5G0RNdtdOefGSmIFTyKXS ++rng5utrpZGEAMymZa+zA+bSspQ1gQvuhp3ELKLwO/ByPElcBZX2QMblJRcXFJ7d +eIJ2e++GE9+RhL2h25ePcjDwtAq2BaTQA3NJhCMeXptV0wwFPLBKvbB1Z+qNE4P8 +AQIDAQABo0IwQDAdBgNVHQ4EFgQUTPS2FzCmAWW3arAS978YU8u8fAowHwYDVR0j +BBgwFoAUX/Q1ekxqcabTcuZsDvl9iwVvVrcwDQYJKoZIhvcNAQELBQADggIBAF94 +MGDv75jX2pR4ONE0Uy0/+bc2lz6PL0LfyIDpMh1RELTy08uCp0hCkeHuDZNOsZxc +X8J3PhtF9e5vimd/tbTyvPxvRKy7XQLkq3TumtVH0tu8sGj1LlVNw5+1dBgDrwPC +xX0UMx6RHRweHCbtOLqlNy4AEj+R7h0piU76oen8BWVJuinC+nidp4RDcVHOZAt/ +Y0gEA1wwE9mxo7WGGMzWo9PpbL2PnJIbBfKs/Gj58EoNzmHJWE8dhusADwLEDOu1 +KVUf8mqkzCn2/EHYKtbOBtHHOwG7qseLUiXJ+98e2AwJ9MpdpvBskR3oqMkObmo7 +OiiUZxXI6wEqPwzZeBVJujBY7UmXR1CQgJ3r6i3UBZRthejCxJM91aYR0VIqqcTT +OAs+szVklaUfMB381EX3KFIWZYIHVbc7kHROeu3e6ufgCqRgpWQjhvR47glxHlYR +GH8O5hcSAwvPfhnsQ2zXd6X24nujusNS1SbILX0etBTSI5s8++2g/wVDq2YEc/3l +cMpRRnAx2qH8u/cOUWhShc4jTyJ6+7wRAkglhy/G17e1TDNCCUzTXxSlxoX9NKwm +R3jB8RhzWh7Q/+n4s6vRT2toBu/mbT/Ohukh+wDkd893xbhcQ2db1JT8aocp79RK +D0mLqasMsj2DrmWt2Lsf1XY8cOGoRizUsGops36X +-----END CERTIFICATE----- diff --git a/molecule/default/tls_files/molecule-test.key b/molecule/default/tls_files/molecule-test.key new file mode 100644 index 0000000..bbde1e6 --- /dev/null +++ b/molecule/default/tls_files/molecule-test.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQQIBADANBgkqhkiG9w0BAQEFAASCCSswggknAgEAAoICAQCZAtCNVtFEvOgW +2lbbTpsAnzQvqGDEV42UYgWl4hk/bpgl8+NBDHxNuQHDjAnRQcBSmw0ZgfgtKZm1 +nDvaiIhGmuCuzkxXWeBG31iEp/YS4+X/ciN6/NPfyIBk08sA905y7fBIjCnYM+8D +2gB0w1/INzHujBSrHU/upnkv9yKi2WpmYo+BtzZu2Lpjs2FIVguoJPsyMfuS+W3o +z6QeJZLTMNGdDXyUAoonOyihP0nBdq3eMTOgB4c+XL+d6fvfxIVXGU4Cos1JVX4Q +iV2jzK7eIsoxoBUrnq3FwERxqCtrIibOWDjo69Y2vSfpAAIWXtYqXEiccX70/+wZ +Oz4KFbi2lNmT/9bx3annk+enXJ9JfUX3QSH6SsyUROnDWMecth/wZeDwPeINzwU8 +R+iy09IauU4rj464icvQQQXjz5IqC/HYgMrUolXg4PIiiXpsMxnqglcvkEbW7H9m +FAkJaK1yMdNjBPRKovIeQbo27Lr9ODBmXwC8c9LGTaE33QBtAo5CsxNb8Aq4wccZ +wL/F1dd5G0RNdtdOefGSmIFTyKXS+rng5utrpZGEAMymZa+zA+bSspQ1gQvuhp3E +LKLwO/ByPElcBZX2QMblJRcXFJ7deIJ2e++GE9+RhL2h25ePcjDwtAq2BaTQA3NJ +hCMeXptV0wwFPLBKvbB1Z+qNE4P8AQIDAQABAoICABBTDI0HxivfO6O0h6++Iytd +0OOEw04vSRubmZ6pEKiD1Be4fXZjLp/cLSP/vMxmh25IvI0MIL4wwgVuNbSK/H8L +5wy/VcW8AQGOspL0mHxLdC5crwxgDPrDGW+oaPAhcm0wlYIn8g7u+4EdsQ7ECWQC +/4DD0TCwX+bGPAeyBi/5ojBqM4VTVqtc1AXvDWH6TCQUTfh8/KohkmhUPt44hAGk +I7jtx2zDGJo25Y7Ogb/yOXqLJUbdhsBQhOEEJasp/E/ek0QUunIofNqmzSa8n6tz +ar8ApUGSHFgMu0ClAHzdl+ZL40Z2YtRUOf3R0mcwlwjN77FBKppY84d9mpDY4Gvw +BJZ7X4Sl52lTh2pU9H8a1Pn4fVrxtCcFqEQV5nLemGO9W2APF0KaNGKRVg2ogc5P +1bHR60bUjznU6C+vxaILXy0loeWq0pUZlXJoAf5iNzIOEgFGAei5EdR/pBJcLnNW +I6dmvFcK3I2IqbhNJ3/wah4avsYim36aWR2WjU8ujfbI7PfDyv3NCuV/bm2MRAze +/LHAr347d8I4n+Ft1zrgdQHshtwAEYXCUs5nsD6+cUMYac89LcqbmTvQ++H7QI5M +XgGWxaZAwGK7CO9kgQNdPLtDUYzLkhkvv44GXpBpPSntUNFc7pN6dEWgifPcIzcA +X3+3iTbisda/JUsk2ecBAoIBAQDS4USqV5L03fr8hyI45qh11MDjGgqvlR0Tsphd +0Oj5gVPMoSX8y+KYOm+tOBS9JSkt9aXnuztJ+zPmBvZiGgYh4aRodzDRDUdE7WlY +NFs8Ay870aqsF2I87lKWTtUBNgV7DzgIPXWfcxoS/e4M2jqhrAwwiQohC9EK7Gai +XH0/bPbJsXXTDtPJpKe561rrmrjYvUCSkv9C+l2Y/H/seNijJXFuXZ/h/HEy87ZV +rRV9lihPNkkPr4KDsPGSQf69JsjmrGbeILxzCg27PHpb3Y7SfeGXj7IWMtiy0s6j +hRXZ/Qzms+I9FcsYxn8OdXttmUs6luwjCSEX6IEUWEdA5nlVAoIBAQC5v9V8hvxL +W3n1FHFa1JlwJzljnvMn2D6YWDPVq/ubZt/Bs+AhxUPDt5XqC3SMcYbdzHPNbKbZ +E3PIeAW9h+QGIzkw90DvcZwX0xOAMoAdjFLO3gA0UzyhtOZUaB4iT5tpLuA1Zqg6 +bk5jx2E6GbC5TCsjc5BLsBEqZ8kKNGwbGz4viuFmHA5EjrpKDfAWs1Yd22FYNkog +fEVjB65zlYTl77wn+dvpwDXP4IbRYLITfuNxiipIdn+V0saDQAd+seEZaOUpiUCZ +W3gX/7jvOIZdX6g42RZLCt0Sn1Y5XmHgWK4cB8p+KaidEGBAYn3P8YYSEYGz+v3c +hytbVPi1ucf9AoIBABcRX1KG6+NvWOJA4gR5btoc4NC2645TcG/ULIiurp2EgSc0 +RZSGtQ3T7p1zMgmSxBNr+K8FszGfkgjKoC8RC7SvGy32Q9fKbQ5kLg7hA03oR0Vy +5QmYMT3bEBuzGefdAfJ5MrbsCi7cB3EmZ+DuClXfHSI+C2acBUz9mSiPl3/VqpVb +nTjuOUqogVR8I2D8dtX2tdaSz+uCubRfgpraiVAna2YYRcIRvExHjp2GpoAradNo +a8uUdmFzfKl0IKqOUJGzMDmCOTsYUXI25megL9xkusW6iU+WVlARcVs/1qkW3k9q +RAhMlv/pzsJFJbBSgYEyOziF6iHUZDJWiczWqVUCggEAJ6pigXwl5kW7jm12I2pg +9cU6iR6JWEniXBABybA3Q6E9SRULWMrSRLowhlE56z/XCAg/9m8sVhDEWdvfhfC9 +7d2Zue4i7L77EU9ey7J9D1JG4KwhqQrZWMLTqNSvEq6jRlvfPygT5p5lmQMbrReN +WJR+Zcyo1LDdiYuuL8KwDz3LEsX6ih6VoWhFOckuKvrS+f8+E2NMgxFmk9YxF7en +MJ74NCU0I/+KvkB5Kb8XZ/hhw344t06uwiTHhYGn2BNOOWnf/fW0WMtiouVV7afJ +cakauEELdKz2NqLV+9w+1HS7gXrccAKfYiL8GuOtcDloYvVgGDoR+gTXamKD1fK9 +VQKCAQAHPI4XEf9RQOvyHq4IRNGSqFp9jcSM1Xq5A7fFQ2E+FVmb5j3D1tPCn8gx +cMcOU6giELiwkTGtHzHX2Ys25ya/3HMBSMQtlScJUQAUmdU1ZZPxaWnOw03h/+Zh +kzxAnLdgdkkvEGFyGWJGzOT2Si1vDDegfvucFXiQyUEen539O8+khznu3vuJbgDt +V4jtUB8ZM0vQYQSiKXP6QLMGD+ddOVK3IQEMQAUhXjcO9UPF1RrBIwqgoFZTIm94 +nbs1AK9ChW13yV0OKvJuUYOq0gHPPIMaI/5cVNmC1YjeYHx8++s2r0ZpJ0NAiLka +JCTfWhmiwPKkEyK5rJq5zOQpyf6g +-----END PRIVATE KEY----- diff --git a/molecule/default/tls_files/molecule-test.pem b/molecule/default/tls_files/molecule-test.pem new file mode 100644 index 0000000..5ecfd24 --- /dev/null +++ b/molecule/default/tls_files/molecule-test.pem @@ -0,0 +1,35 @@ +-----BEGIN CERTIFICATE----- +MIIGITCCBAmgAwIBAgIUO3payEGDpdtdlo8hzloqR7OMBAkwDQYJKoZIhvcNAQEL +BQAwgZ8xCzAJBgNVBAYTAkNIMRQwEgYDVQQIDAtCYXNlbC1TdGFkdDEOMAwGA1UE +BwwFQmFzZWwxEzARBgNVBAoMCkFkZmluaXMgQUcxEDAOBgNVBAsMB1Rlc3Rpbmcx +ITAfBgNVBAMMGGJhcmVvcy13ZWJ1aS5leGFtcGxlLmNvbTEgMB4GCSqGSIb3DQEJ +ARYRZHVtbXlAZXhhbXBsZS5jb20wHhcNMjQxMDI4MTI1NDUzWhcNMjkxMDI4MTI1 +NDUzWjCBnzELMAkGA1UEBhMCQ0gxFDASBgNVBAgMC0Jhc2VsLVN0YWR0MQ4wDAYD +VQQHDAVCYXNlbDETMBEGA1UECgwKQWRmaW5pcyBBRzEQMA4GA1UECwwHVGVzdGlu +ZzEhMB8GA1UEAwwYYmFyZW9zLXdlYnVpLmV4YW1wbGUuY29tMSAwHgYJKoZIhvcN +AQkBFhFkdW1teUBleGFtcGxlLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCC +AgoCggIBALG1vmmRPoussCeWddH6LYw/SrhbfwWoGU14G/GuSE+I+rGOq72TDxBz +hUxJSsZFt7b0w+4Fw/iiGL26H/fqpGIRgKV6WqAzzAjLVhKpxT6IHclH6tbEjk97 +1xFW9sJPq2mw7z7C9qY6pDSG+Cz4zcMKcxo6HtFCRL5Nw5l1Dyns1Yv3ODx5wsR3 +qdkSbZfo0Qvx6c7RPfLCiyy41ueX9IpKPzwBieGoBqcPC75vdarGDApBRkydCsjo +5pR+zjAGHpyOmdHvm59cg//RjNIpTwb/VLK6/2F5O3aqfBTro5p9ADR77my/Gc5Q +u0xAd9zPmKPc4HrRlbX0usVyb3JKXUf2LpiGkjkeiNaQuXNhhgSEJvW0aNuuvwcP +JeQ6WJxObfqOq3WSpY4wztzOW90xecx/4BGgB2BDVwSJfDbsxVZhSpLdZ2RPhyvA +G72qyFoRRaDnDOpmGmkMY9I1rzm7o/nUNpwsCHo35V+psWbMW9HPVKK2AcWZb1El +27Y+DvlytidftcObLQKFKsIyxtBidV8sJUvJNlJ3lNf8g3lrzVwDBTm1g8AvzhwS +LyKxGY5jw7KDhL7AXBEg7IiPxwcoolVcf2/+rWooSa5HIHzyOsONk7ZkE00kUlx5 +8C3tgafyqsmxDashlSjfMzNnXmbJo9lW24lot58v4qRnmYhjhe0RAgMBAAGjUzBR +MB0GA1UdDgQWBBRf9DV6TGpxptNy5mwO+X2LBW9WtzAfBgNVHSMEGDAWgBRf9DV6 +TGpxptNy5mwO+X2LBW9WtzAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUA +A4ICAQClXdzTSZZQkg55reHK79O6RomxvLg3ereSmKwKyhrNky4SlZ1HsN6BR8FF +sDFloXIsslIVUzkf3uosg5j7Gp9QPAU+OqzBKThPgjPuwocuT7qBQYGeJgeJ/pwB +dVHlKnDTX0pKatGm1j7xa6JIsLlvo9VHQ3O/Ofj7im6K9lBfnTu13zQq1WU9n0Yk +TYvr6+7FfHITBv9VKv/rCBbYF5iaQD+Nphpk2GOBGkxrscMMeLrifMv9IA/J86K0 +D/aroBpbRmzuO7RWcqduiiULakrWqmFS5JOYEHdVmMys7WMjycr+hrEl3G5aUgp1 +2Ufr32wNQvzmXvssZkS7eKvcWtvjJPLDofZ5T3rWahiHqcP77wBXAklwdk6MBChK +YpxYQVH7qH8K1Q3hdbAs0zZaPLpXSjI8d5Cc03+BWiusxsTms9OOhsXCIa+7cc4x +DK2PNGUb6ug4nCZ/pE16g1k12BePao2MKryEfEMIrh7egJdpdpmWMzI0BcFvR2vR +lFdtBVSdlVqk1BIxmWyN7OfsHSrwqYE9MT5RJz2wszMYk15RyrqvSKZMzKIWEaL9 +VW6OyOmsurs/OsFADX1A8ySjxqz1NPwxh9qXtj01VOA4zm1OgfIIyEYgBKxm2ZnI +6mQkTRV2w2557KjeTjPtruR9ne4jT2YwTbnC9pMnuUAdB2FMxA== +-----END CERTIFICATE----- From 4bf72883099ac1078fb143dfc52629b508634cd7 Mon Sep 17 00:00:00 2001 From: Patrick Hasler Date: Wed, 30 Oct 2024 09:40:55 +0100 Subject: [PATCH 06/10] chore(ci): add TLS vars in molecule converge --- molecule/default/converge.yml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml index 29ccf75..95190e5 100644 --- a/molecule/default/converge.yml +++ b/molecule/default/converge.yml @@ -273,6 +273,15 @@ bareos_dir_plugins: - director-python + bareos_dir_tls_enable: true + bareos_dir_tls_cert_src: "tls_files/molecule-test.pem" + bareos_dir_tls_ca_cert_src: "tls_files/molecule-ca.pem" + bareos_dir_tls_cert_key_src: "tls_files/molecule-test.key" + bareos_dir_tls_verify_peer: true + bareos_dir_tls_allowed_cns: + - "bareos-01@example.com" + - "bareos-02@example.com" + - role: adfinis.bareos_console bareos_console_directors: - name: bareos-dir From 7feead8dc5c09c593836093ef43fa54d71cd7787 Mon Sep 17 00:00:00 2001 From: Patrick Hasler Date: Wed, 30 Oct 2024 09:52:35 +0100 Subject: [PATCH 07/10] chore(ci): remove old distros from matrix --- .github/workflows/molecule.yml | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/.github/workflows/molecule.yml b/.github/workflows/molecule.yml index 9542456..f9e0b44 100644 --- a/.github/workflows/molecule.yml +++ b/.github/workflows/molecule.yml @@ -15,7 +15,7 @@ jobs: runs-on: ubuntu-20.04 steps: - name: checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: ansible-lint uses: ansible-community/ansible-lint-action@main test: @@ -30,18 +30,12 @@ jobs: tag: "latest" - image: "debian" tag: "bullseye" - - image: "debian" - tag: "buster" - image: "enterpriselinux" tag: "8" - image: "enterpriselinux" tag: "latest" - - image: "fedora" - tag: "38" - image: "fedora" tag: "39" - # TODO no packages for fedora 40 yet: https://download.bareos.org/current/ - # pipeline will fail for now. replace 38 as soon as 40 is ready and working. - image: "fedora" tag: "latest" - image: "opensuse" From 2637334f121b6e9e1e1ad1741fa7d07222f7729c Mon Sep 17 00:00:00 2001 From: Patrick Hasler Date: Wed, 30 Oct 2024 10:05:10 +0100 Subject: [PATCH 08/10] fix(ci): drop unsupported distros drop all distros that are sadly incompatible with the `robertdebock.bootstrap` role. --- .github/workflows/molecule.yml | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/.github/workflows/molecule.yml b/.github/workflows/molecule.yml index f9e0b44..5fe1f3f 100644 --- a/.github/workflows/molecule.yml +++ b/.github/workflows/molecule.yml @@ -30,20 +30,16 @@ jobs: tag: "latest" - image: "debian" tag: "bullseye" - - image: "enterpriselinux" - tag: "8" - image: "enterpriselinux" tag: "latest" - image: "fedora" tag: "39" - image: "fedora" tag: "latest" - - image: "opensuse" - tag: "latest" - image: "ubuntu" - tag: "latest" + tag: "jammy" - image: "ubuntu" - tag: "focal" + tag: "latest" steps: - name: checkout uses: actions/checkout@v4 From f288ddf47c9a609afd0082f9dc4818a49d929381 Mon Sep 17 00:00:00 2001 From: Patrick Hasler Date: Wed, 30 Oct 2024 11:49:34 +0100 Subject: [PATCH 09/10] chore(ci): rm TODO, requirements2png actions --- .github/workflows/requirements2png.yml | 35 -------------------------- .github/workflows/todo.yml | 20 --------------- 2 files changed, 55 deletions(-) delete mode 100644 .github/workflows/requirements2png.yml delete mode 100644 .github/workflows/todo.yml diff --git a/.github/workflows/requirements2png.yml b/.github/workflows/requirements2png.yml deleted file mode 100644 index 6ce9be7..0000000 --- a/.github/workflows/requirements2png.yml +++ /dev/null @@ -1,35 +0,0 @@ ---- -# -# Ansible managed -# - -on: - - push - -name: Ansible Graphviz - -jobs: - build: - runs-on: ubuntu-20.04 - permissions: - contents: write - steps: - - name: checkout - uses: actions/checkout@v3 - with: - path: ${{ github.repository }} - - name: create png - uses: robertdebock/graphviz-action@1.0.7 - - name: Commit files - run: | - cd ${{ github.repository }} - git config --local user.email "github-actions[bot]@users.noreply.github.com" - git config --local user.name "github-actions[bot]" - git add requirements.dot requirements.png - git commit -m "Add generated files" - - name: save to png branch - uses: ad-m/github-push-action@master - with: - directory: ${{ github.repository }} - force: true - branch: png diff --git a/.github/workflows/todo.yml b/.github/workflows/todo.yml deleted file mode 100644 index 3e6e417..0000000 --- a/.github/workflows/todo.yml +++ /dev/null @@ -1,20 +0,0 @@ ---- -# -# Ansible managed -# - -name: "TODO 2 Issue" - -on: - push: - -jobs: - build: - runs-on: "ubuntu-20.04" - steps: - - uses: "actions/checkout@master" - - name: "TODO to Issue" - uses: "alstr/todo-to-issue-action@v2.3" - id: "todo" - with: - TOKEN: ${{ secrets.GITHUB_TOKEN }} From d8075698f75313f9a47495d13b23783fedc89312 Mon Sep 17 00:00:00 2001 From: Patrick Hasler Date: Wed, 30 Oct 2024 11:52:53 +0100 Subject: [PATCH 10/10] doc: update README --- README.md | 26 +++----------------------- 1 file changed, 3 insertions(+), 23 deletions(-) diff --git a/README.md b/README.md index 8e0061c..20524c9 100644 --- a/README.md +++ b/README.md @@ -359,40 +359,20 @@ bareos_dir_schedules: [] bareos_dir_storages: [] ``` -## [Requirements](#requirements) - -- pip packages listed in [requirements.txt](https://github.com/adfinis/ansible-role-bareos_dir/blob/master/requirements.txt). - -## [State of used roles](#state-of-used-roles) - -The following roles are used to prepare a system. You can prepare your system in another way. - -| Requirement | GitHub | GitLab | -|-------------|--------|--------| -|[robertdebock.bootstrap](https://galaxy.ansible.com/adfinis/robertdebock.bootstrap)|[![Build Status GitHub](https://github.com/adfinis/robertdebock.bootstrap/workflows/Ansible%20Molecule/badge.svg)](https://github.com/adfinis/robertdebock.bootstrap/actions)|[![Build Status GitLab](https://gitlab.com/robertdebock-iac/robertdebock.bootstrap/badges/master/pipeline.svg)](https://gitlab.com/robertdebock-iac/robertdebock.bootstrap)| -|[adfinis.bareos_repository](https://galaxy.ansible.com/adfinis/bareos_repository)|[![Build Status GitHub](https://github.com/adfinis/ansible-role-bareos_repository/workflows/Ansible%20Molecule/badge.svg)](https://github.com/adfinis/ansible-role-bareos_repository/actions)|[![Build Status GitLab](https://gitlab.com/robertdebock-iac/ansible-role-bareos_repository/badges/master/pipeline.svg)](https://gitlab.com/robertdebock-iac/ansible-role-bareos_repository)| -|[robertdebock.buildtools](https://galaxy.ansible.com/adfinis/robertdebock.buildtools)|[![Build Status GitHub](https://github.com/adfinis/robertdebock.buildtools/workflows/Ansible%20Molecule/badge.svg)](https://github.com/adfinis/robertdebock.buildtools/actions)|[![Build Status GitLab](https://gitlab.com/robertdebock-iac/robertdebock.buildtools/badges/master/pipeline.svg)](https://gitlab.com/robertdebock-iac/robertdebock.buildtools)| -|[robertdebock.epel](https://galaxy.ansible.com/adfinis/robertdebock.epel)|[![Build Status GitHub](https://github.com/adfinis/robertdebock.epel/workflows/Ansible%20Molecule/badge.svg)](https://github.com/adfinis/robertdebock.epel/actions)|[![Build Status GitLab](https://gitlab.com/robertdebock-iac/robertdebock.epel/badges/master/pipeline.svg)](https://gitlab.com/robertdebock-iac/robertdebock.epel)| -|[robertdebock.python_pip](https://galaxy.ansible.com/adfinis/robertdebock.python_pip)|[![Build Status GitHub](https://github.com/adfinis/robertdebock.python_pip/workflows/Ansible%20Molecule/badge.svg)](https://github.com/adfinis/robertdebock.python_pip/actions)|[![Build Status GitLab](https://gitlab.com/robertdebock-iac/robertdebock.python_pip/badges/master/pipeline.svg)](https://gitlab.com/robertdebock-iac/robertdebock.python_pip)| -|[robertdebock.postgres](https://galaxy.ansible.com/adfinis/robertdebock.postgres)|[![Build Status GitHub](https://github.com/adfinis/robertdebock.postgres/workflows/Ansible%20Molecule/badge.svg)](https://github.com/adfinis/robertdebock.postgres/actions)|[![Build Status GitLab](https://gitlab.com/robertdebock-iac/robertdebock.postgres/badges/master/pipeline.svg)](https://gitlab.com/robertdebock-iac/robertdebock.postgres)| - ## [Context](#context) This role is a part of many compatible roles. Have a look at [the documentation of these roles](https://adfinis.com/) for further information. -Here is an overview of related roles: -![dependencies](https://raw.githubusercontent.com/adfinis/ansible-role-bareos_dir/png/requirements.png "Dependencies") - ## [Compatibility](#compatibility) This role has been tested on these [container images](https://hub.docker.com/u/robertdebock): |container|tags| |---------|----| -|[Debian](https://hub.docker.com/r/robertdebock/debian)|buster, bullseye, bookworm| +|[Debian](https://hub.docker.com/r/robertdebock/debian)|bullseye, bookworm| |[EL](https://hub.docker.com/r/robertdebock/enterpriselinux)|9| -|[Fedora](https://hub.docker.com/r/robertdebock/fedora)|38, 39| -|[Ubuntu](https://hub.docker.com/r/robertdebock/ubuntu)|jammy| +|[Fedora](https://hub.docker.com/r/robertdebock/fedora)|39, 40| +|[Ubuntu](https://hub.docker.com/r/robertdebock/ubuntu)|jammy, numbat| The minimum version of Ansible required is 2.12, tests have been done to: