Files
@ 17cf34f73ca6
Branch filter:
Location: majic-ansible-roles/roles/php_website/tasks/main.yml - annotation
17cf34f73ca6
3.0 KiB
text/x-yaml
MAR-28: Implemented additional tests for mail_server role:
- Deploy a number of tools on clients in order to test SMTP, IMAP, and Sieve
services.
- Added one more user to LDAP directory for testing group restrictions.
- Deploy CA certificate on all testing machines for TLS validation purposes.
- Use different custom-configured cipher for mail server ciphers.
- Fixed invalid postmaster address for parameters-optional host.
- Deploy configuration files for use with Imap-CLI on client test machines.
- Updated testing of SMTP server to include checks for users that do not belong
to mail group.
- Extended some SMTP-related tests to cover both test servers.
- Some small fixes in SMTP-related tests for expected output from commands.
- Implemented tests covering Dovecot (IMAP + Sieve) functionality.
- Implemented tests for running/enabled services.
- Implemented tests for ClamAV.
- Implemented tests for firewall and connectivity.
- Implemented tests for Postfix TLS configuration.
- TODO: Tests for Sieve TLS configuration have not been written yet due to
limitation of available tools.
- Deploy a number of tools on clients in order to test SMTP, IMAP, and Sieve
services.
- Added one more user to LDAP directory for testing group restrictions.
- Deploy CA certificate on all testing machines for TLS validation purposes.
- Use different custom-configured cipher for mail server ciphers.
- Fixed invalid postmaster address for parameters-optional host.
- Deploy configuration files for use with Imap-CLI on client test machines.
- Updated testing of SMTP server to include checks for users that do not belong
to mail group.
- Extended some SMTP-related tests to cover both test servers.
- Some small fixes in SMTP-related tests for expected output from commands.
- Implemented tests covering Dovecot (IMAP + Sieve) functionality.
- Implemented tests for running/enabled services.
- Implemented tests for ClamAV.
- Implemented tests for firewall and connectivity.
- Implemented tests for Postfix TLS configuration.
- TODO: Tests for Sieve TLS configuration have not been written yet due to
limitation of available tools.
7727c37bce67 7727c37bce67 1b05bae8e440 1b05bae8e440 3af07319e2f3 7727c37bce67 7727c37bce67 7727c37bce67 7727c37bce67 76e05de03837 7727c37bce67 3af07319e2f3 3af07319e2f3 e15b53d59517 3af07319e2f3 e15b53d59517 e15b53d59517 e15b53d59517 7727c37bce67 7727c37bce67 a40cf7a468ea 4a3c8915f967 7727c37bce67 3f2756d25f85 7727c37bce67 7727c37bce67 7727c37bce67 7727c37bce67 4a3c8915f967 4a3c8915f967 4a3c8915f967 4a3c8915f967 4a3c8915f967 4a3c8915f967 3f2756d25f85 7727c37bce67 922cda0a1834 7727c37bce67 db91799cc8fa db91799cc8fa db91799cc8fa db91799cc8fa 3f2756d25f85 7727c37bce67 7727c37bce67 7727c37bce67 7727c37bce67 d26fe0368a4b 18cd76ec050d d26fe0368a4b d26fe0368a4b d26fe0368a4b d26fe0368a4b d26fe0368a4b 18cd76ec050d d26fe0368a4b d26fe0368a4b d26fe0368a4b d26fe0368a4b aa2802e42d9d aa2802e42d9d aa2802e42d9d aa2802e42d9d 3f2756d25f85 7727c37bce67 be92dd65fc60 7727c37bce67 7727c37bce67 7727c37bce67 3f2756d25f85 7727c37bce67 7727c37bce67 7727c37bce67 7727c37bce67 7387caca37f3 7387caca37f3 7387caca37f3 7387caca37f3 7387caca37f3 7387caca37f3 | ---
- name: Calculate username and home
set_fact:
admin: "admin-{{ fqdn | replace('.', '_') }}"
user: "web-{{ fqdn | replace('.', '_') }}"
home: "/var/www/{{ fqdn }}"
- name: Create PHP website group
group: name="{{ user }}" gid="{{ uid | default(omit) }}" state=present
- name: Create PHP website admin user
user: name="{{ admin }}" uid="{{ admin_uid | default(omit) }}" group="{{ user }}"
shell=/bin/bash createhome=yes home="{{ home }}" state=present
- name: Set-up directory for storing user profile configuration files
file: path="{{ home }}/.profile.d" state=directory
owner="{{ admin }}" group="{{ user }}" mode=750
- name: Create PHP website user
user: name="{{ user }}" uid="{{ uid | default(omit) }}" group="{{ user }}" comment="umask=0007"
system=yes createhome=no state=present home="{{ home }}"
- name: Add nginx user to website group
user: name="www-data" groups="{{ user }}" append="yes"
notify:
- Restart nginx
# Ownership set to root so Postfix would not check if correct user owns the
# file.
- name: Set-up forwarding for mails delivered to local application user/admin
template: src="forward.j2" dest="{{ home }}/.forward"
owner="root" group="{{ user }}" mode=640
- name: Install extra packages for website
apt: name="{{ item }}" state=installed
with_items: "{{ packages }}"
- name: Set-up MariaDB mysql_config symbolic link for compatibility (workaround for Debian bug 766996)
file: src="/usr/bin/mariadb_config" dest="/usr/bin/mysql_config" state=link
when: "'libmariadb-client-lgpl-dev-compat' in packages"
- name: Deploy PHP FPM configuration file for website
template: src="fpm_site.conf.j2" dest="/etc/php5/fpm/pool.d/{{ fqdn }}.conf" validate="php5-fpm -t -y %s"
notify:
- Restart php5-fpm
- name: Deploy nginx TLS private key for website
copy: dest="/etc/ssl/private/{{ fqdn }}_https.key" content="{{ https_tls_key }}"
mode=640 owner=root group=root
notify:
- Restart nginx
- name: Deploy nginx TLS certificate for website
copy: dest="/etc/ssl/certs/{{ fqdn }}_https.pem" content="{{ https_tls_certificate }}"
mode=644 owner=root group=root
notify:
- Restart nginx
- name: Deploy configuration file for checking certificate validity via cron
copy: content="/etc/ssl/certs/{{ fqdn }}_https.pem" dest="/etc/check_certificate/{{ fqdn }}_https.conf"
owner=root group=root mode=644
- name: Deploy nginx configuration file for website
template: src="nginx_site.j2" dest="/etc/nginx/sites-available/{{ fqdn }}"
owner=root group=root mode=640 validate="/usr/local/bin/nginx_verify_site.sh -n '{{ fqdn }}' %s"
notify:
- Restart nginx
- name: Enable website
file: src="/etc/nginx/sites-available/{{ fqdn }}" dest="/etc/nginx/sites-enabled/{{ fqdn }}"
state=link
notify:
- Restart nginx
- name: Explicitly run all handlers
include: ../handlers/main.yml
when: "handlers | default(False) | bool() == True"
tags:
- handlers
|