Read and write work queue significantly degrades performance on
SSD/NVME devices[1].
In Debian 11 crypttab does not support no-read-workqueue and
no-write-workqueue flags, so the persistent flag is workaround: once
opened with perf parameters persists forever.
[1] https://blog.cloudflare.com/speeding-up-linux-disk-encryption/
Signed-off-by: Yauhen Artsiukhou <jsirex@gmail.com>
* Use community ansible-test images.
* Adjust tests for new operating systems, and pass on Python version as well.
* Fix Python version.
Co-authored-by: David Moreau Simard <moi@dmsimard.com>
* Fix package name.
Co-authored-by: David Moreau Simard <moi@dmsimard.com>
* Allow multiple intermediate CAs to have same subject.
* Add tests.
* Fix test name.
* Don't use CN for SAN.
* Make a bit more compatible.
* Include jinja2 compat for CentOS 6.
* Add basic crypto_info module.
* Improve check.
* Actually test capabilities.
* Also output EC curve list.
* Fix detections.
* Ed25519 and Ed448 are not supported on FreeBSD 12.1.
* Refactor.
* Also retrieve information on the OpenSSL binary.
* Improve splitting.
* Update plugins/modules/crypto_info.py
Co-authored-by: Andrew Pantuso <ajpantuso@gmail.com>
* Replace list by tuple.
Co-authored-by: Andrew Pantuso <ajpantuso@gmail.com>
* Name test tasks in a more explicite manner
* Space test + verification blocks apart
* Apply suggestions from code review
Co-authored-by: Jens Heinrich <github.com/JensHeinrich>
Co-authored-by: Felix Fontein <felix@fontein.de>
* Add new code as fallback which re-serializes de-serialized extensions using the new cryptography API.
* Forgot Base64 encoding.
* Add extension by OID tests.
* There's one value which is different with the new code.
* Differences in CI.
* Working around older Jinjas.
* Value depends on which SAN was included.
* Force complete CI run now since cryptography 36.0.0 is out.
ci_complete
* Remove assertonly backend.
* Remove assertonly tests.
* The expired test is basically a test of assertonly.
* Replace assertonly verification by _info + assert.
* Remove vendored copy of ipaddress.
* Forgot an import.
* Remove sanity ignores and checks related to ipaddress.
* Remove octal IPv4 address.
Such IPs are no longer accepted by ipaddress in Python's standard library (CVE-2021-29921).
* Remove unused import.
Co-authored-by: Sviatoslav Sydorenko <wk.cvs.github@sydorenko.org.ua>
Co-authored-by: Sviatoslav Sydorenko <wk.cvs.github@sydorenko.org.ua>
* Adjust dirName serialization to RFC 4514.
* Adjust deserialization to RFC 4514.
* Add changelog fragment.
* Use Unicode strings, and work around Python 2 and Python 3 differences and problems with old cryptography versions.
* Work with bytes, not Unicode strings, to handle escaping of Unicode endpoints correctly.
* Remove Ubuntu 16.04 (Xenial Xerus) from CI.
* Removing PyOpenSSL backend from everywhere but openssl_pkcs12.
* Remove PyOpenSSL support from module_utils that's not needed for openssl_pkcs12.
* Add changelog fragment.
* Run all tests on all targets. Remove hack in setup_acme.
* Fix some failing tests.
* OpenSSH tests do not work yet with default image on Ansible 2.9. Let's skip them on the cloud target.
* Make tests pass again.
* Make sure to install *latest* versions of cryptography and pyOpenSSL when not installing system packages, whenever possible.
ci_complete
* Update/fix aliases files.
* Install PyOpenSSL and cryptography from PyPi if target Python != system Python.
* Work around some CentOS6, 7, Ubuntu 16.04 problems. Improve jinja2 compatibility handling.
* Skip tasks that require properties that aren't always there.
* Only install OpenSSL when not present.
* Improve output.
* Improve get_certificate integration test graceful failing.
* Fix tests.
* Fix assert.
* OpenSSL peculiarities.
* Fix condition.
* Initial commit
* Matching tests to overwritten permissions behavior with cryptography
* Ensuring key validation only occurs when state=present and accomodating CentOS6 restrictions
* Making ssh-keygen behavior explicit by version in tests
* Ensuring cyrptography not excluded in new conditions
* Adding changelog fragment
* Fixing sanity checks
* Improving readability
* Applying review suggestions
* addressing restore_on_failure conflict
Felix Fontein
Yauhen
Andrew Pantuso
JochenKorge
Jens Heinrich