Files
@ 17cf34f73ca6
Branch filter:
Location: majic-ansible-roles/roles/backup_client/tasks/main.yml - annotation
17cf34f73ca6
3.4 KiB
text/x-yaml
MAR-28: Implemented additional tests for mail_server role:
- Deploy a number of tools on clients in order to test SMTP, IMAP, and Sieve
services.
- Added one more user to LDAP directory for testing group restrictions.
- Deploy CA certificate on all testing machines for TLS validation purposes.
- Use different custom-configured cipher for mail server ciphers.
- Fixed invalid postmaster address for parameters-optional host.
- Deploy configuration files for use with Imap-CLI on client test machines.
- Updated testing of SMTP server to include checks for users that do not belong
to mail group.
- Extended some SMTP-related tests to cover both test servers.
- Some small fixes in SMTP-related tests for expected output from commands.
- Implemented tests covering Dovecot (IMAP + Sieve) functionality.
- Implemented tests for running/enabled services.
- Implemented tests for ClamAV.
- Implemented tests for firewall and connectivity.
- Implemented tests for Postfix TLS configuration.
- TODO: Tests for Sieve TLS configuration have not been written yet due to
limitation of available tools.
- Deploy a number of tools on clients in order to test SMTP, IMAP, and Sieve
services.
- Added one more user to LDAP directory for testing group restrictions.
- Deploy CA certificate on all testing machines for TLS validation purposes.
- Use different custom-configured cipher for mail server ciphers.
- Fixed invalid postmaster address for parameters-optional host.
- Deploy configuration files for use with Imap-CLI on client test machines.
- Updated testing of SMTP server to include checks for users that do not belong
to mail group.
- Extended some SMTP-related tests to cover both test servers.
- Some small fixes in SMTP-related tests for expected output from commands.
- Implemented tests covering Dovecot (IMAP + Sieve) functionality.
- Implemented tests for running/enabled services.
- Implemented tests for ClamAV.
- Implemented tests for firewall and connectivity.
- Implemented tests for Postfix TLS configuration.
- TODO: Tests for Sieve TLS configuration have not been written yet due to
limitation of available tools.
a45dcc06530a a45dcc06530a d2a9e41cd838 6b87dd13b24c 6b87dd13b24c a45dcc06530a a45dcc06530a a45dcc06530a a45dcc06530a a45dcc06530a a45dcc06530a a45dcc06530a d2a9e41cd838 a45dcc06530a a45dcc06530a a45dcc06530a a45dcc06530a a45dcc06530a a45dcc06530a a45dcc06530a a45dcc06530a a45dcc06530a d61d01c00362 c6f217756635 d2a9e41cd838 a45dcc06530a d61d01c00362 d61d01c00362 d61d01c00362 a45dcc06530a d61d01c00362 c6f217756635 d2a9e41cd838 a45dcc06530a d61d01c00362 d61d01c00362 d61d01c00362 a45dcc06530a c6f217756635 6b87dd13b24c c6f217756635 c6f217756635 61e6cfb81789 c6f217756635 c6f217756635 19020779a000 c6f217756635 c6f217756635 c6f217756635 61e6cfb81789 c6f217756635 a45dcc06530a a45dcc06530a d2a9e41cd838 a45dcc06530a a45dcc06530a a45dcc06530a a45dcc06530a d2a9e41cd838 a45dcc06530a 3498d77cad32 3498d77cad32 d2a9e41cd838 3498d77cad32 a45dcc06530a a45dcc06530a d2a9e41cd838 a45dcc06530a 5e15f8ca16fc 5e15f8ca16fc d2a9e41cd838 5e15f8ca16fc 5e15f8ca16fc 5e15f8ca16fc d2a9e41cd838 5e15f8ca16fc 3686169e9565 3686169e9565 7387caca37f3 7387caca37f3 f4962ad6a0ec f4962ad6a0ec f4962ad6a0ec f4962ad6a0ec f4962ad6a0ec f4962ad6a0ec f4962ad6a0ec f4962ad6a0ec f4962ad6a0ec 7387caca37f3 7387caca37f3 7387caca37f3 7387caca37f3 bfafd526bfc3 | ---
- name: Install pexpect for pexpect+sftp Duplicity backend (mainly needed on Stretch)
apt: name="python-pexpect" state=installed
- name: Install backup software
apt: name="{{ item }}" state=installed
with_items:
- duplicity
- duply
- name: Set-up Duply directories
file: path="{{ item }}" state=directory owner=root group=root mode=0700
with_items:
- "/etc/duply"
- "/etc/duply/main"
- "/etc/duply/main/patterns"
- "/etc/duply/main/gnupg"
- "/etc/duply/main/ssh"
- "/var/cache/duply"
- "/var/cache/duply/main"
- name: Deploy GnuPG private keys
copy: content="{{ backup_encryption_key }}" dest="/etc/duply/main/private_keys.asc"
owner=root group=root mode=0600
notify:
- Clean-up GnuPG keyring for import of new keys
- Import private keys
- Import public keys
- name: Deploy GnuPG public keys
copy: content="{{ backup_additional_encryption_keys | join('\n') }}" dest="/etc/duply/main/public_keys.asc"
owner=root group=root mode=0600
notify:
- Clean-up GnuPG keyring for import of new keys
- Import private keys
- Import public keys
- name: Extract encryption key identifier (Duplicty requires key ID in hexadecimal format)
shell: "{{ gnupg_binary }} --list-packets /etc/duply/main/private_keys.asc | grep keyid: | head -n1 | sed -e 's/.*: //' | sed -re 's/^.{{gnupg_key_cutoff}}//'"
register: backup_encryption_key_id
changed_when: False
failed_when: backup_encryption_key_id.stdout == ""
- name: Extract additional encryption keys identifiers (Duplicty requires key ID in hexadecimal format)
shell: "{{ gnupg_binary }} --list-packets /etc/duply/main/public_keys.asc | grep keyid: | sed -e 's/.*: //' | sort -u | sed -re 's/^.{{gnupg_key_cutoff}}//' | tr '\n' ',' | sed -e 's/,$//'"
register: backup_additional_encryption_keys_ids
when: backup_additional_encryption_keys
changed_when: False
failed_when: backup_additional_encryption_keys_ids.stdout == ""
- name: Deploy private SSH key for logging-in into backup server
copy: content="{{ backup_ssh_key }}" dest="/etc/duply/main/ssh/identity"
owner="root" group="root" mode="0600"
no_log: True
- name: Deploy custom known_hosts for backup purposes
template: src="known_hosts.j2" dest="/etc/duply/main/ssh/known_hosts"
owner="root" group="root" mode="0600"
- name: Deploy Duply configuration file
template: src="duply_main_conf.j2" dest="/etc/duply/main/conf"
owner=root group=root mode=0600
- name: Deploy base exclude pattern (exclude all by default)
copy: content="- **" dest="/etc/duply/main/exclude"
owner="root" group="root" mode="0600"
- name: Set-up directory for storing pre-backup scripts
file: path="/etc/duply/main/pre.d/" state=directory
owner="root" group="root" mode="0700"
- name: Set-up script for running all pre-backup scripts
copy: src="duply_pre" dest="/etc/duply/main/pre"
owner="root" group="root" mode="0700"
- name: Deploy crontab entry for running backups
cron: name=backup cron_file=backup hour=2 minute=0 job="/usr/bin/duply main backup"
state=present user=root
- name: Ensure the file with include patterns exists (but do not overwrite)
copy:
content: ""
dest: /etc/duply/main/include
force: no
group: root
owner: root
mode: 0600
- name: Explicitly run all handlers
include: ../handlers/main.yml
when: "handlers | default(False) | bool() == True"
tags:
- handlers
|