diff --git a/.gitignore b/.gitignore index c9b2377..f56f5b5 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ *.retry -tests/test.sh +*/__pycache__ +*.pyc diff --git a/.travis.yml b/.travis.yml index 47ab110..6e475ce 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,23 +1,33 @@ --- +language: python services: docker env: - - distro: centos7 - - distro: centos6 - playbook: test-source-install.yml - - distro: ubuntu1604 - - distro: ubuntu1404 - playbook: test-source-install.yml - - distro: debian8 - playbook: test-source-install.yml + global: + - ROLE_NAME: certbot + matrix: + - MOLECULE_DISTRO: centos7 + - MOLECULE_DISTRO: centos6 + MOLECULE_PLAYBOOK: playbook-source-install.yml + - MOLECULE_DISTRO: ubuntu1804 + - MOLECULE_DISTRO: ubuntu1604 + - MOLECULE_DISTRO: ubuntu1404 + MOLECULE_PLAYBOOK: playbook-source-install.yml + - MOLECULE_DISTRO: debian9 + +install: + # Install test dependencies. + - pip install molecule docker + +before_script: + # Use actual Ansible Galaxy role name for the project directory. + - cd ../ + - mv ansible-role-$ROLE_NAME geerlingguy.$ROLE_NAME + - cd geerlingguy.$ROLE_NAME script: - # Download test shim. - - wget -O ${PWD}/tests/test.sh https://gist.githubusercontent.com/geerlingguy/73ef1e5ee45d8694570f334be385e181/raw/ - - chmod +x ${PWD}/tests/test.sh - # Run tests. - - ${PWD}/tests/test.sh + - molecule test notifications: webhooks: https://galaxy.ansible.com/api/v1/notifications/ diff --git a/README.md b/README.md index 6e51e36..3eb2616 100644 --- a/README.md +++ b/README.md @@ -8,25 +8,66 @@ Installs and configures Certbot (for Let's Encrypt). If installing from source, Git is required. You can install Git using the `geerlingguy.git` role. +Generally, installing from source (see section `Source Installation from Git`) leads to a better experience using Certbot and Let's Encrypt, especially if you're using an older OS release. + ## Role Variables The variable `certbot_install_from_source` controls whether to install Certbot from Git or package management. The latter is the default, so the variable defaults to `no`. certbot_auto_renew: true - certbot_auto_renew_user: "{{ ansible_user }}" + certbot_auto_renew_user: "{{ ansible_user | default(lookup('env', 'USER')) }}" certbot_auto_renew_hour: 3 certbot_auto_renew_minute: 30 + certbot_auto_renew_options: "--quiet --no-self-upgrade" By default, this role installs a systemd service that runs under the provided user account and a timer that fires at the given hour and minute, every day. The defaults run `certbot renew` (or `certbot-auto renew`) every day at 03:30:00 by the user you use in your Ansible playbook. It's preferred that you set a custom user/hour/minute so the renewal is during a low-traffic period and done by a non-root user account. +### Automatic Certificate Generation + +Currently there is one built-in method for generating new certificates using this role: `standalone`. Other methods (e.g. using nginx or apache and a webroot) may be added in the future. + +**For a complete example**: see the fully functional test playbook in [molecule/default/playbook-standalone-nginx-aws.yml](molecule/default/playbook-standalone-nginx-aws.yml). + + certbot_create_if_missing: false + certbot_create_method: standalone + +Set `certbot_create_if_missing` to `yes` or `True` to let this role generate certs. Set the method used for generating certs with the `certbot_create_method` variable—current allowed values include: `standalone`. + + certbot_admin_email: email@example.com + +The email address used to agree to Let's Encrypt's TOS and subscribe to cert-related notifications. This should be customized and set to an email address that you or your organization regularly monitors. + + certbot_certs: [] + # - email: janedoe@example.com + # domains: + # - example1.com + # - example2.com + # - domains: + # - example3.com + +A list of domains (and other data) for which certs should be generated. You can add an `email` key to any list item to override the `certbot_admin_email`. + + certbot_create_command: "{{ certbot_script }} certonly --standalone --noninteractive --agree-tos --email {{ cert_item.email | default(certbot_admin_email) }} -d {{ cert_item.domains | join(',') }}" + +The `certbot_create_command` defines the command used to generate the cert. + +#### Standalone Certificate Generation + + certbot_create_standalone_stop_services: + - nginx + +Services that should be stopped while `certbot` runs it's own standalone server on ports 80 and 443. If you're running Apache, set this to `apache2` (Ubuntu), or `httpd` (RHEL), or if you have Nginx on port 443 and something else on port 80 (e.g. Varnish, a Java app, or something else), add it to the list so it is stopped when the certificate is generated. + +These services will only be stopped the first time a new cert is generated. + ### Source Installation from Git You can install Certbot from it's Git source repository if desired. This might be useful in several cases, but especially when older distributions don't have Certbot packages available (e.g. CentOS < 7, Ubuntu < 16.10 and Debian < 8). - certbot_install_from_source: no + certbot_install_from_source: false certbot_repo: https://github.com/certbot/certbot.git certbot_version: master - certbot_keep_updated: yes + certbot_keep_updated: true Certbot Git repository options. To install from source, set `certbot_install_from_source` to `yes`. This clones the configured `certbot_repo`, respecting the `certbot_version` setting. If `certbot_keep_updated` is set to `yes`, the repository is updated every time this role runs. @@ -34,6 +75,12 @@ Certbot Git repository options. To install from source, set `certbot_install_fro The directory inside which Certbot will be cloned. +### Wildcard Certificates + +Let's Encrypt supports [generating wildcard certificates](https://community.letsencrypt.org/t/acme-v2-and-wildcard-certificate-support-is-live/55579), but the process for generating and using them is slightly more involved. See comments in [this pull request](https://github.com/geerlingguy/ansible-role-certbot/pull/60#issuecomment-423919284) for an example of how to use this role to maintain wildcard certs. + +Michael Porter also has a walkthrough of [Creating A Let’s Encrypt Wildcard Cert With Ansible](https://www.michaelpporter.com/2018/09/creating-a-wildcard-cert-with-ansible/), specifically with Cloudflare. + ## Dependencies None. @@ -50,9 +97,13 @@ None. roles: - geerlingguy.certbot -### Creating certificates with certbot +See other examples in the `tests/` directory. -After installation, you can create certificates using the `certbot` (or `certbot-auto`) script (use `letsencrypt` on Ubuntu 16.04, or use `/opt/certbot/certbot-auto` if installing from source/Git. Here are some example commands to configure certificates with Certbot: +### Manually creating certificates with certbot + +_Note: You can have this role automatically generate certificates; see the "Automatic Certificate Generation" documentation above._ + +You can manually create certificates using the `certbot` (or `certbot-auto`) script (use `letsencrypt` on Ubuntu 16.04, or use `/opt/certbot/certbot-auto` if installing from source/Git. Here are some example commands to configure certificates with Certbot: # Automatically add certs for all Apache virtualhosts (use with caution!). certbot --apache @@ -60,15 +111,15 @@ After installation, you can create certificates using the `certbot` (or `certbot # Generate certs, but don't modify Apache configuration (safer). certbot --apache certonly -If you want to fully automate the process of adding a new certificate, you can do so using the command line options to register, accept the terms of service, and then generate a cert using the standalone server: +If you want to fully automate the process of adding a new certificate, but don't want to use this role's built in functionality, you can do so using the command line options to register, accept the terms of service, and then generate a cert using the standalone server: - 1. Make sure any services listening on port 80 (Apache, Nginx, Varnish, etc.) are stopped. + 1. Make sure any services listening on ports 80 and 443 (Apache, Nginx, Varnish, etc.) are stopped. 2. Register with something like `certbot register --agree-tos --email [your-email@example.com]` - Note: You won't need to do this step in the future, when generating additional certs on the same server. 3. Generate a cert for a domain whose DNS points to this server: `certbot certonly --noninteractive --standalone -d example.com -d www.example.com` - 4. Re-start whatever was listening on port 80 before. + 4. Re-start whatever was listening on ports 80 and 443 before. 5. Update your webserver's virtualhost TLS configuration to point at the new certificate (`fullchain.pem`) and private key (`privkey.pem`) Certbot just generated for the domain you passed in the `certbot` command. - 6. Restart your webserver so it uses the new HTTPS virtualhost configuration. + 6. Reload or restart your webserver so it uses the new HTTPS virtualhost configuration. ### Certbot certificate auto-renewal diff --git a/defaults/main.yml b/defaults/main.yml index 819dd2a..12d31b7 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,16 +1,41 @@ --- # Certbot auto-renew cron job configuration (for certificate renewals). certbot_auto_renew: true -certbot_auto_renew_user: "{{ lookup('env', 'USER') }}" +certbot_auto_renew_user: "{{ ansible_user | default(lookup('env', 'USER')) }}" certbot_auto_renew_hour: 3 certbot_auto_renew_minute: 30 +certbot_auto_renew_options: "--quiet --no-self-upgrade" + +# Use a systemd timer instead of a cron job to renew certificates +certbot_auto_renew_systemd: false + +# Parameters used when creating new Certbot certs. +certbot_create_if_missing: false +certbot_create_method: standalone +certbot_admin_email: email@example.com +certbot_certs: [] +# - email: janedoe@example.com +# domains: +# - example1.com +# - example2.com +# - domains: +# - example3.com +certbot_create_command: >- + {{ certbot_script }} certonly --standalone --noninteractive --agree-tos + --email {{ cert_item.email | default(certbot_admin_email) }} + -d {{ cert_item.domains | join(',') }} + +certbot_create_standalone_stop_services: + - nginx + # - apache + # - varnish # To install from source (on older OSes or if you need a specific or newer # version of Certbot), set this variable to `yes` and configure other options. -certbot_install_from_source: no +certbot_install_from_source: false certbot_repo: https://github.com/certbot/certbot.git certbot_version: master -certbot_keep_updated: yes +certbot_keep_updated: true # Where to put Certbot when installing from source. certbot_dir: /opt/certbot diff --git a/handlers/main.yml b/handlers/main.yml index b463112..f01c056 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -1,8 +1,8 @@ --- -- name: Restart certbot-renew service +- name: Restart certbot-renew timer service: name: certbot-renew.timer state: restarted enabled: true - listen: restart-certbot-renew-service + listen: certbot restart renew timer diff --git a/meta/main.yml b/meta/main.yml index aa00a88..e9b4a60 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -6,7 +6,7 @@ galaxy_info: description: "Installs and configures Certbot (for Let's Encrypt)." company: "Midwestern Mac, LLC" license: "license (BSD, MIT)" - min_ansible_version: 2.0 + min_ansible_version: 2.4 platforms: - name: EL versions: diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml new file mode 100644 index 0000000..2ca6fea --- /dev/null +++ b/molecule/default/molecule.yml @@ -0,0 +1,29 @@ +--- +dependency: + name: galaxy +driver: + name: docker +lint: + name: yamllint + options: + config-file: molecule/default/yaml-lint.yml +platforms: + - name: instance + image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible:latest" + command: ${MOLECULE_DOCKER_COMMAND:-""} + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro + privileged: true + pre_build_image: true +provisioner: + name: ansible + lint: + name: ansible-lint + playbooks: + converge: ${MOLECULE_PLAYBOOK:-playbook.yml} +scenario: + name: default +verifier: + name: testinfra + lint: + name: flake8 diff --git a/tests/test-source-install.yml b/molecule/default/playbook-source-install.yml similarity index 59% rename from tests/test-source-install.yml rename to molecule/default/playbook-source-install.yml index 2c1fc64..bc46234 100644 --- a/tests/test-source-install.yml +++ b/molecule/default/playbook-source-install.yml @@ -1,8 +1,11 @@ --- -- hosts: all +- name: Converge + hosts: all + become: true vars: - certbot_install_from_source: yes + certbot_install_from_source: true + certbot_auto_renew_user: root pre_tasks: - name: Update apt cache. @@ -12,4 +15,4 @@ roles: - geerlingguy.git - - role_under_test + - geerlingguy.certbot diff --git a/molecule/default/playbook-standalone-nginx-aws.yml b/molecule/default/playbook-standalone-nginx-aws.yml new file mode 100644 index 0000000..481c688 --- /dev/null +++ b/molecule/default/playbook-standalone-nginx-aws.yml @@ -0,0 +1,179 @@ +--- +# To run: +# 1. Ensure Ansible and Boto are installed (pip install ansible boto). +# 2. Ensure you have AWS credentials stored where Boto can find them, and they +# are under the profile 'mm'. +# 3. Ensure you have a pubkey available at ~/.ssh/id_rsa.pub. +# 3. Run the playbook: ansible-playbook test-standalone-nginx-aws.yml + +# Play 1: Provision EC2 instance and A record. +- hosts: localhost + connection: local + gather_facts: false + + tasks: + - name: Configure EC2 Security Group. + ec2_group: + profile: mm + name: certbot_test_http + description: HTTP security group for Certbot testing. + region: "us-east-1" + state: present + rules: + - proto: tcp + from_port: 80 + to_port: 80 + cidr_ip: 0.0.0.0/0 + - proto: tcp + from_port: 443 + to_port: 443 + cidr_ip: 0.0.0.0/0 + - proto: tcp + from_port: 22 + to_port: 22 + cidr_ip: 0.0.0.0/0 + rules_egress: [] + + - name: Add EC2 Key Pair. + ec2_key: + profile: mm + region: "us-east-1" + name: certbot_test + key_material: "{{ item }}" + with_file: ~/.ssh/id_rsa.pub + + - name: Provision EC2 instance. + ec2: + profile: mm + key_name: certbot_test + instance_tags: + Name: "certbot-standalone-nginx-test" + group: ['default', 'certbot_test_http'] + instance_type: t2.micro + # CentOS Linux 7 x86_64 HVM EBS + image: ami-02e98f78 + region: "us-east-1" + wait: true + wait_timeout: 500 + exact_count: 1 + count_tag: + Name: "certbot-standalone-nginx-test" + register: created_instance + + - name: Add A record for the new EC2 instance IP in Route53. + route53: + profile: mm + command: create + zone: servercheck.in + record: certbot-test.servercheck.in + type: A + ttl: 300 + value: "{{ created_instance.tagged_instances.0.public_ip }}" + wait: true + overwrite: true + + - name: Add EC2 instance to inventory groups. + add_host: + name: "certbot-test.servercheck.in" + groups: "aws,aws_nginx" + ansible_ssh_user: centos + host_key_checking: false + when: created_instance.tagged_instances.0.id is defined + +# Play 2: Configure EC2 instance with Certbot and Nginx. +- hosts: aws_nginx + gather_facts: true + become: true + + vars: + certbot_admin_email: https@servercheck.in + certbot_create_if_missing: true + certbot_create_standalone_stop_services: [] + certbot_certs: + - domains: + - certbot-test.servercheck.in + nginx_vhosts: + - listen: "443 ssl http2" + server_name: "certbot-test.servercheck.in" + root: "/usr/share/nginx/html" + index: "index.html index.htm" + state: "present" + template: "{{ nginx_vhost_template }}" + filename: "certbot_test.conf" + extra_parameters: | + ssl_certificate /etc/letsencrypt/live/certbot-test.servercheck.in/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/certbot-test.servercheck.in/privkey.pem; + ssl_protocols TLSv1.1 TLSv1.2; + ssl_ciphers HIGH:!aNULL:!MD5; + + pre_tasks: + - name: Update apt cache. + apt: update_cache=true cache_valid_time=600 + when: ansible_os_family == 'Debian' + changed_when: false + + - name: Install dependencies (RedHat). + yum: name={{ item }} state=present + when: ansible_os_family == 'RedHat' + with_items: + - cronie + - epel-release + + - name: Install cron (Debian). + apt: name=cron state=present + when: ansible_os_family == 'Debian' + + roles: + - geerlingguy.certbot + - geerlingguy.nginx + + tasks: + - name: Flush handlers in case any configs have changed. + meta: flush_handlers + + - name: Test secure connection to SSL domain. + uri: + url: https://certbot-test.servercheck.in/ + status_code: 200 + delegate_to: localhost + become: false + +# Play 3: Tear down EC2 instance and A record. +- hosts: localhost + connection: local + gather_facts: false + + tasks: + - name: Destroy EC2 instance. + ec2: + profile: mm + instance_ids: ["{{ created_instance.tagged_instances.0.id }}"] + region: "us-east-1" + state: absent + wait: true + wait_timeout: 500 + + - name: Delete Security Group. + ec2_group: + profile: mm + name: certbot_test_http + region: "us-east-1" + state: absent + + - name: Delete Key Pair. + ec2_key: + profile: mm + name: certbot_test + region: "us-east-1" + state: absent + + - name: Delete Route53 record. + route53: + profile: mm + state: delete + zone: servercheck.in + record: certbot-test.servercheck.in + type: A + ttl: 300 + # See: https://github.com/ansible/ansible/pull/32297 + value: [] diff --git a/molecule/default/playbook.yml b/molecule/default/playbook.yml new file mode 100644 index 0000000..9d6e5e7 --- /dev/null +++ b/molecule/default/playbook.yml @@ -0,0 +1,27 @@ +--- +- name: Converge + hosts: all + become: true + + vars: + certbot_auto_renew_user: root + + pre_tasks: + - name: Update apt cache. + apt: update_cache=yes cache_valid_time=600 + when: ansible_os_family == 'Debian' + changed_when: false + + - name: Install dependencies (RedHat). + yum: name={{ item }} state=present + when: ansible_os_family == 'RedHat' + with_items: + - cronie + - epel-release + + - name: Install cron (Debian). + apt: name=cron state=present + when: ansible_os_family == 'Debian' + + roles: + - geerlingguy.certbot diff --git a/tests/requirements.yml b/molecule/default/requirements.yml similarity index 51% rename from tests/requirements.yml rename to molecule/default/requirements.yml index 6208520..0b31312 100644 --- a/tests/requirements.yml +++ b/molecule/default/requirements.yml @@ -1,2 +1,3 @@ --- - src: geerlingguy.git +- src: geerlingguy.nginx diff --git a/molecule/default/tests/test_default.py b/molecule/default/tests/test_default.py new file mode 100644 index 0000000..eedd64a --- /dev/null +++ b/molecule/default/tests/test_default.py @@ -0,0 +1,14 @@ +import os + +import testinfra.utils.ansible_runner + +testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( + os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') + + +def test_hosts_file(host): + f = host.file('/etc/hosts') + + assert f.exists + assert f.user == 'root' + assert f.group == 'root' diff --git a/molecule/default/yaml-lint.yml b/molecule/default/yaml-lint.yml new file mode 100644 index 0000000..a3dbc38 --- /dev/null +++ b/molecule/default/yaml-lint.yml @@ -0,0 +1,6 @@ +--- +extends: default +rules: + line-length: + max: 120 + level: warning diff --git a/tasks/create-cert-standalone.yml b/tasks/create-cert-standalone.yml new file mode 100644 index 0000000..6f25b8a --- /dev/null +++ b/tasks/create-cert-standalone.yml @@ -0,0 +1,23 @@ +--- +- name: Check if certificate already exists. + stat: + path: /etc/letsencrypt/live/{{ cert_item.domains | first | replace('*.', '') }}/cert.pem + register: letsencrypt_cert + +- name: Stop services to allow certbot to generate a cert. + service: + name: "{{ item }}" + state: stopped + when: not letsencrypt_cert.stat.exists + with_items: "{{ certbot_create_standalone_stop_services }}" + +- name: Generate new certificate if one doesn't exist. + command: "{{ certbot_create_command }}" + when: not letsencrypt_cert.stat.exists + +- name: Start services after cert has been generated. + service: + name: "{{ item }}" + state: started + when: not letsencrypt_cert.stat.exists + with_items: "{{ certbot_create_standalone_stop_services }}" diff --git a/tasks/install-from-source.yml b/tasks/install-from-source.yml index 7d97f9b..bfca668 100644 --- a/tasks/install-from-source.yml +++ b/tasks/install-from-source.yml @@ -5,7 +5,7 @@ dest: "{{ certbot_dir }}" version: "{{ certbot_version }}" update: "{{ certbot_keep_updated }}" - force: yes + force: true - name: Set Certbot script variable. set_fact: @@ -14,4 +14,4 @@ - name: Ensure certbot-auto is executable. file: path: "{{ certbot_script }}" - mode: 0755 + mode: 0o755 diff --git a/tasks/main.yml b/tasks/main.yml index 9c28cb8..665a471 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,11 +1,26 @@ --- -- include: include-vars.yml +- import_tasks: include-vars.yml -- include: install-with-package.yml +- import_tasks: install-with-package.yml when: not certbot_install_from_source -- include: install-from-source.yml +- import_tasks: install-from-source.yml when: certbot_install_from_source +- include_tasks: create-cert-standalone.yml + with_items: "{{ certbot_certs }}" + when: + - certbot_create_if_missing + - certbot_create_method == 'standalone' + loop_control: + loop_var: cert_item + - include: systemd.yml - when: certbot_auto_renew + when: + - certbot_auto_renew + - certbot_auto_renew_systemd + +- import_tasks: renew-cron.yml + when: + - certbot_auto_renew + - not certbot_auto_renew_systemd diff --git a/tasks/renew-cron.yml b/tasks/renew-cron.yml new file mode 100644 index 0000000..394a30e --- /dev/null +++ b/tasks/renew-cron.yml @@ -0,0 +1,8 @@ +--- +- name: Add cron job for certbot renewal (if configured). + cron: + name: Certbot automatic renewal. + job: "{{ certbot_script }} renew {{ certbot_auto_renew_options }}" + minute: "{{ certbot_auto_renew_minute }}" + hour: "{{ certbot_auto_renew_hour }}" + user: "{{ certbot_auto_renew_user }}" diff --git a/tasks/systemd.yml b/tasks/systemd.yml index 5c4fe3d..2a08aea 100644 --- a/tasks/systemd.yml +++ b/tasks/systemd.yml @@ -1,19 +1,13 @@ --- -- name: Resolve absolute path for certbot script - command: "which {{ certbot_script }}" - register: certbot_script_absolute - when: not certbot_install_from_source - changed_when: false - - name: Create certbot-renew service template: src: certbot-renew.service.j2 dest: /etc/systemd/system/certbot-renew.service - notify: restart-certbot-renew-service + notify: certbot restart renew timer - name: Create certbot-renew timer template: src: certbot-renew.timer.j2 dest: /etc/systemd/system/certbot-renew.timer - notify: restart-certbot-renew-service + notify: certbot restart renew timer diff --git a/templates/certbot-renew.service.j2 b/templates/certbot-renew.service.j2 index 4b70735..1270240 100644 --- a/templates/certbot-renew.service.j2 +++ b/templates/certbot-renew.service.j2 @@ -4,10 +4,6 @@ Description=Let's Encrypt renewal service [Service] User={{ certbot_auto_renew_user }} Type=oneshot -{% if certbot_script_absolute.stdout is defined %} - ExecStart={{ certbot_script_absolute.stdout }} renew --quiet --agree-tos -{% else %} - ExecStart={{ certbot_script }} renew --quiet --agree-tos -{% endif %} +ExecStart={{ certbot_script }} renew --quiet --agree-tos ExecStartPost=/bin/systemctl reload {{ certbot_web_service }}.service diff --git a/tests/README.md b/tests/README.md deleted file mode 100644 index 6fb2117..0000000 --- a/tests/README.md +++ /dev/null @@ -1,11 +0,0 @@ -# Ansible Role tests - -To run the test playbook(s) in this directory: - - 1. Install and start Docker. - 1. Download the test shim (see .travis.yml file for the URL) into `tests/test.sh`: - - `wget -O tests/test.sh https://gist.githubusercontent.com/geerlingguy/73ef1e5ee45d8694570f334be385e181/raw/` - 1. Make the test shim executable: `chmod +x tests/test.sh`. - 1. Run (from the role root directory) `distro=[distro] playbook=[playbook] ./tests/test.sh` - -If you don't want the container to be automatically deleted after the test playbook is run, add the following environment variables: `cleanup=false container_id=$(date +%s)` diff --git a/tests/test.yml b/tests/test.yml deleted file mode 100644 index 8801ef8..0000000 --- a/tests/test.yml +++ /dev/null @@ -1,11 +0,0 @@ ---- -- hosts: all - - pre_tasks: - - name: Update apt cache. - apt: update_cache=yes cache_valid_time=600 - when: ansible_os_family == 'Debian' - changed_when: false - - roles: - - role_under_test