Files
@ 17cf34f73ca6
Branch filter:
Location: majic-ansible-roles/roles/backup_client/playbook.yml - annotation
17cf34f73ca6
3.7 KiB
text/x-yaml
MAR-28: Implemented additional tests for mail_server role:
- Deploy a number of tools on clients in order to test SMTP, IMAP, and Sieve
services.
- Added one more user to LDAP directory for testing group restrictions.
- Deploy CA certificate on all testing machines for TLS validation purposes.
- Use different custom-configured cipher for mail server ciphers.
- Fixed invalid postmaster address for parameters-optional host.
- Deploy configuration files for use with Imap-CLI on client test machines.
- Updated testing of SMTP server to include checks for users that do not belong
to mail group.
- Extended some SMTP-related tests to cover both test servers.
- Some small fixes in SMTP-related tests for expected output from commands.
- Implemented tests covering Dovecot (IMAP + Sieve) functionality.
- Implemented tests for running/enabled services.
- Implemented tests for ClamAV.
- Implemented tests for firewall and connectivity.
- Implemented tests for Postfix TLS configuration.
- TODO: Tests for Sieve TLS configuration have not been written yet due to
limitation of available tools.
- Deploy a number of tools on clients in order to test SMTP, IMAP, and Sieve
services.
- Added one more user to LDAP directory for testing group restrictions.
- Deploy CA certificate on all testing machines for TLS validation purposes.
- Use different custom-configured cipher for mail server ciphers.
- Fixed invalid postmaster address for parameters-optional host.
- Deploy configuration files for use with Imap-CLI on client test machines.
- Updated testing of SMTP server to include checks for users that do not belong
to mail group.
- Extended some SMTP-related tests to cover both test servers.
- Some small fixes in SMTP-related tests for expected output from commands.
- Implemented tests covering Dovecot (IMAP + Sieve) functionality.
- Implemented tests for running/enabled services.
- Implemented tests for ClamAV.
- Implemented tests for firewall and connectivity.
- Implemented tests for Postfix TLS configuration.
- TODO: Tests for Sieve TLS configuration have not been written yet due to
limitation of available tools.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 | 19020779a000 19020779a000 19020779a000 19020779a000 19020779a000 19020779a000 19020779a000 19020779a000 19020779a000 19020779a000 19020779a000 bfafd526bfc3 bfafd526bfc3 19020779a000 bfafd526bfc3 bfafd526bfc3 19020779a000 19020779a000 bfafd526bfc3 bfafd526bfc3 bfafd526bfc3 bfafd526bfc3 bfafd526bfc3 bfafd526bfc3 19020779a000 bfafd526bfc3 bfafd526bfc3 bfafd526bfc3 bfafd526bfc3 bfafd526bfc3 bfafd526bfc3 bfafd526bfc3 bfafd526bfc3 bfafd526bfc3 bfafd526bfc3 bfafd526bfc3 bfafd526bfc3 bfafd526bfc3 bfafd526bfc3 bfafd526bfc3 bfafd526bfc3 bfafd526bfc3 bfafd526bfc3 bfafd526bfc3 bfafd526bfc3 bfafd526bfc3 bfafd526bfc3 bfafd526bfc3 bfafd526bfc3 bfafd526bfc3 bfafd526bfc3 bfafd526bfc3 bfafd526bfc3 bfafd526bfc3 bfafd526bfc3 bfafd526bfc3 bfafd526bfc3 bfafd526bfc3 bfafd526bfc3 19020779a000 bfafd526bfc3 19020779a000 bfafd526bfc3 19020779a000 19020779a000 bfafd526bfc3 bfafd526bfc3 bfafd526bfc3 bfafd526bfc3 bfafd526bfc3 bfafd526bfc3 bfafd526bfc3 19020779a000 19020779a000 19020779a000 19020779a000 bfafd526bfc3 19020779a000 bfafd526bfc3 bfafd526bfc3 bfafd526bfc3 bfafd526bfc3 19020779a000 19020779a000 19020779a000 19020779a000 19020779a000 19020779a000 19020779a000 19020779a000 19020779a000 19020779a000 19020779a000 bfafd526bfc3 19020779a000 19020779a000 bfafd526bfc3 bfafd526bfc3 bfafd526bfc3 bfafd526bfc3 19020779a000 19020779a000 0b4f215b3b4e 0b4f215b3b4e 0b4f215b3b4e 0b4f215b3b4e 0b4f215b3b4e 0b4f215b3b4e 0b4f215b3b4e 0b4f215b3b4e 0b4f215b3b4e 0b4f215b3b4e 0b4f215b3b4e 0b4f215b3b4e 0b4f215b3b4e | ---
- hosts: all
tasks:
- name: Update all caches to avoid errors due to missing remote archives
apt:
update_cache: yes
- hosts: backup-server
tasks:
- name: Deploy SSH server keys
copy:
content: "{{ lookup('file', item.key) + '\n' }}"
dest: "{{ item.value }}"
owner: root
group: root
mode: 0600
with_dict:
tests/data/ssh/server_dsa: /etc/ssh/ssh_host_dsa_key
tests/data/ssh/server_rsa: /etc/ssh/ssh_host_rsa_key
tests/data/ssh/server_ed25519: /etc/ssh/ssh_host_ed25519_key
tests/data/ssh/server_ecdsa: /etc/ssh/ssh_host_ecdsa_key
notify:
- Restart ssh
- name: Set-up backup user groups
group:
name: "{{ item.name }}"
with_items: "{{ backup_users }}"
- name: Set-up backup users
user:
name: "{{ item.name }}"
group: "{{ item.name }}"
with_items: "{{ backup_users }}"
- name: Set-up authorised keys
authorized_key:
user: "{{ item.name }}"
key: "{{ item.key }}"
with_items: "{{ backup_users }}"
- name: Set-up port forwarding
command: "iptables -t nat -A PREROUTING -p tcp -m tcp --dport '{{ item }}' -j REDIRECT --to-ports 22"
changed_when: False
with_items:
- 2222
- 3333
- name: Set-up directory for parameters-mandatory backups
file:
path: /duplicity
state: directory
owner: bak-parameters-mandatory
group: bak-parameters-mandatory
mode: 0700
handlers:
- name: Restart ssh
service:
name: ssh
state: restarted
vars:
backup_users:
- name: bak-parameters-mandatory
key: "{{ lookup('file', 'tests/data/ssh/parameters-mandatory.pub') }}"
- name: backupuser
key: "{{ lookup('file', 'tests/data/ssh/parameters-optional.pub') }}"
- hosts: parameters-mandatory
roles:
- role: backup_client
backup_encryption_key: "{{ lookup('file', 'tests/data/gnupg/parameters-mandatory.asc') }}"
backup_server: 10.31.127.10
backup_server_host_ssh_public_keys:
- "{{ lookup('file', 'tests/data/ssh/server_dsa.pub') }}"
- "{{ lookup('file', 'tests/data/ssh/server_rsa.pub') }}"
- "{{ lookup('file', 'tests/data/ssh/server_ed25519.pub') }}"
- "{{ lookup('file', 'tests/data/ssh/server_ecdsa.pub') }}"
backup_ssh_key: "{{ lookup('file', 'tests/data/ssh/parameters-mandatory' ) }}"
- hosts: parameters-optional
roles:
- role: backup_client
backup_additional_encryption_keys:
- "{{ lookup('file', 'tests/data/gnupg/additional_encryption_key_1.asc') }}"
- "{{ lookup('file', 'tests/data/gnupg/additional_encryption_key_2.asc') }}"
- "{{ lookup('file', 'tests/data/gnupg/additional_encryption_key_3.asc') }}"
backup_client_username: backupuser
backup_encryption_key: "{{ lookup('file', 'tests/data/gnupg/parameters-optional.asc') }}"
backup_server: 10.31.127.10
backup_server_destination: "/home/backupuser"
backup_server_host_ssh_public_keys:
- "{{ lookup('file', 'tests/data/ssh/server_dsa.pub') }}"
- "{{ lookup('file', 'tests/data/ssh/server_rsa.pub') }}"
- "{{ lookup('file', 'tests/data/ssh/server_ed25519.pub') }}"
- "{{ lookup('file', 'tests/data/ssh/server_ecdsa.pub') }}"
backup_server_port: 3333
backup_ssh_key: "{{ lookup('file', 'tests/data/ssh/parameters-optional' ) }}"
# Deploy a dummy pre-backup script for testing purposes.
- hosts: parameters-mandatory,parameters-optional
tasks:
- name: Deploy pre-backup script
copy:
src: tests/data/10-test-pre-backup.sh
dest: /etc/duply/main/pre.d/10-test-pre-backup.sh
owner: root
group: root
mode: 0700
|