ansible-role-wireguard/tests/run.yaml

---
- hosts: all
  become: true
  tasks:
    - name: Flush firewall rules
      iptables:
        flush: true
    # NOTE(mnaser): Wireguard on CentOS requires EPEL, this role does not
    #               manage it for you.
    - name: Enable EPEL
      yum_repository:
        name: epel
        description: Extra Packages for Enterprise Linux 7 - $basearch
        baseurl: "http://{{ zuul_site_mirror_fqdn }}/epel/7/$basearch"
        enabled: true
      when: ansible_os_family == 'RedHat'
    # NOTE(mnaser): Glean interferes with the interfaces, disable for now
    #               Drop when https://review.opendev.org/651680 lands.
    - name: Disable Glean
      file:
        path: /etc/udev/rules.d/99-glean.rules
        state: absent

- hosts: primary
  roles:
    - wireguard
  vars:
    wireguard_links:
      - name: wg0
        address: 10.0.0.1
        port: 51820
        private_key: eCpvWOe8zI0HCj/KjK3TZP71kd+glDxvDo5JaQhw3mw=
        peers:
          - public_key: UB9Lhk0JgwAPFD8F3k3Dq9iS7r/jLD+oYMX98T+fmGw=
            endpoint: "{{ hostvars['secondary']['ansible_host'] }}:51820"
            allowed_ips: 10.0.0.2

- hosts: secondary
  roles:
      - wireguard
  vars:
    wireguard_links:
      - name: wg0
        address: 10.0.0.2
        port: 51820
        private_key: aIPcdRd6ncwRa+DJLaiq0Jmbvx1FjtLnWE2EApgcr2E=
        peers:
          - public_key: E/MU5hNb1mQ55ww0H0luxigNTXNNo/x49MRm5AcHLSI=
            endpoint: "{{ hostvars['primary']['ansible_host'] }}:51820"
            allowed_ips: 10.0.0.1

- hosts: primary
  tasks:
    - name: Check if primary can reach secondary
      shell: ping -c4 -W 1 10.0.0.2

- hosts: secondary
  tasks:
    - name: Check if secondary can reach primary
      shell: ping -c4 -W 1 10.0.0.1