Files
@ 0004ec73b902
Branch filter:
Location: majic-ansible-roles/roles/mail_server/playbook.yml - annotation
0004ec73b902
5.1 KiB
text/x-yaml
MAR-28: Implemented scaffolding for testing the mail_server role:
- Added Molecule configuration.
- Added test playbook.
- Restart Postfix for truststore changes.
- Added test data (private keys and certificates).
- Fixed small documentation inaccuracy.
- Added Molecule configuration.
- Added test playbook.
- Restart Postfix for truststore changes.
- Added test data (private keys and certificates).
- Fixed small documentation inaccuracy.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 | 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 | ---
- hosts: all
tasks:
- name: Update all caches to avoid errors due to missing remote archives
apt:
update_cache: yes
- hosts: all
tasks:
- name: Set-up /etc/hosts entries
lineinfile:
dest: /etc/hosts
line: "{{ item.value }} {{ item.key }}"
with_dict:
ldap-server: 10.31.127.10
client1: 10.31.127.20
client2: 10.31.127.21
parameters-mandatory: 10.31.127.30
parameters-optional: 10.31.127.31
- hosts: client
tasks:
- name: Install SWAKS for testing SMTP capability
apt:
name: swak
state: installed
- hosts: ldap-server
roles:
- role: ldap_server
ldap_admin_password: admin
ldap_entries:
# Users
- dn: uid=john,ou=people,dc=local
attributes:
objectClass:
- inetOrgPerson
- simpleSecurityObject
userPassword: johnpassword
uid: john
cn: John Doe
sn: Doe
mail: john.doe@domain1
- dn: uid=jane,ou=people,dc=local
attributes:
objectClass:
- inetOrgPerson
- simpleSecurityObject
userPassword: janepassword
uid: jane
cn: Jane Doe
sn: Doe
mail: jane.doe@domain2
# Groups
- dn: "cn=mail,ou=groups,dc=local"
state: append
attributes:
uniqueMember:
- uid=john,ou=people,dc=local
- uid=jane,ou=people,dc=local
# Domains
- dn: dc=domain1,ou=domains,ou=mail,ou=services,dc=local
attributes:
objectClass: dNSDomain
dc: domain1
- dn: dc=domain2,ou=domains,ou=mail,ou=services,dc=local
attributes:
objectClass: dNSDomain
dc: domain2
# Aliases
- dn: cn=postmaster@domain1,ou=aliases,ou=mail,ou=services,dc=local
attributes:
objectClass: nisMailAlias
cn: postmaster@domain1
rfc822MailMember: john.doe@domain1
- dn: cn=webmaster@domain2,ou=aliases,ou=mail,ou=services,dc=local
attributes:
objectClass: nisMailAlias
cn: webmaster@domain2
rfc822MailMember: jane.doe@domain2
ldap_server_consumers:
- name: postfix
password: postfixpassword
- name: dovecot
password: dovecotpoassword
state: present
ldap_server_domain: "local"
ldap_server_groups:
- name: mail
ldap_server_organization: "Example"
ldap_server_tls_certificate: "{{ lookup('file', 'tests/data/x509/ldap-server_ldap.cert.pem') }}"
ldap_server_tls_key: "{{ lookup('file', 'tests/data/x509/ldap-server_ldap.key.pem') }}"
# common
ca_certificates:
testca: "{{ lookup('file', 'tests/data/x509/ca.cert.pem') }}"
# ldap_client
ldap_client_config:
- comment: CA truststore
option: TLS_CACERT
value: /etc/ssl/certs/testca.cert.pem
- comment: Ensure TLS is enforced
option: TLS_REQCERT
value: demand
- comment: Base DN
option: BASE
value: dc=local
- comment: URI
option: URI
value: ldapi:///
- hosts: parameters-mandatory
roles:
- role: mail_server
mail_ldap_base_dn: dc=local
mail_ldap_url: ldap://ldap-server/
mail_ldap_postfix_password: postfixpassword
mail_ldap_dovecot_password: dovecotpassword
# Common parameters (general, not role).
tls_certificate_dir: tests/data/x509/
tls_private_key_dir: tests/data/x509/
- hosts: parameters-optional
roles:
- role: mail_server
mail_ldap_base_dn: dc=local
mail_ldap_url: ldap://ldap-server/
mail_ldap_tls_truststore: "{{ lookup('file', 'tests/data/x509/ca.cert.pem') }}"
mail_ldap_postfix_password: postfixpassword
mail_ldap_dovecot_password: dovecotpassword
mail_server_tls_protocols:
- TLSv1.2
- TLSv1.1
mail_server_tls_ciphers: "DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA:!aNULL:!MD5:!EXPORT"
mail_user: virtmail
mail_user_uid: 5000
mail_user_gid: 5000
imap_max_user_connections_per_ip: 2
imap_tls_certificate: "{{ lookup('file', 'tests/data/x509/parameters-optional_imap.cert.pem') }}"
imap_tls_key: "{{ lookup('file', 'tests/data/x509/parameters-optional_imap.key.pem') }}"
local_mail_aliases:
root:
- john.doe@parameters-optional.local
smtp_tls_certificate: "{{ lookup('file', 'tests/data/x509/parameters-optional_smtp.cert.pem') }}"
smtp_tls_key: "{{ lookup('file', 'tests/data/x509/parameters-optional_smtp.key.pem') }}"
imap_folder_separator: "."
smtp_rbl:
- bl.spamcop.net
- zen.spamhaus.org
mail_postmaster: "webmaster@parameters-optional.local"
smtp_allow_relay_from:
- 10.31.127.20
|