Files
@ 17cf34f73ca6
Branch filter:
Location: majic-ansible-roles/testsite/group_vars/all.yml - annotation
17cf34f73ca6
2.7 KiB
text/x-yaml
MAR-28: Implemented additional tests for mail_server role:
- Deploy a number of tools on clients in order to test SMTP, IMAP, and Sieve
services.
- Added one more user to LDAP directory for testing group restrictions.
- Deploy CA certificate on all testing machines for TLS validation purposes.
- Use different custom-configured cipher for mail server ciphers.
- Fixed invalid postmaster address for parameters-optional host.
- Deploy configuration files for use with Imap-CLI on client test machines.
- Updated testing of SMTP server to include checks for users that do not belong
to mail group.
- Extended some SMTP-related tests to cover both test servers.
- Some small fixes in SMTP-related tests for expected output from commands.
- Implemented tests covering Dovecot (IMAP + Sieve) functionality.
- Implemented tests for running/enabled services.
- Implemented tests for ClamAV.
- Implemented tests for firewall and connectivity.
- Implemented tests for Postfix TLS configuration.
- TODO: Tests for Sieve TLS configuration have not been written yet due to
limitation of available tools.
- Deploy a number of tools on clients in order to test SMTP, IMAP, and Sieve
services.
- Added one more user to LDAP directory for testing group restrictions.
- Deploy CA certificate on all testing machines for TLS validation purposes.
- Use different custom-configured cipher for mail server ciphers.
- Fixed invalid postmaster address for parameters-optional host.
- Deploy configuration files for use with Imap-CLI on client test machines.
- Updated testing of SMTP server to include checks for users that do not belong
to mail group.
- Extended some SMTP-related tests to cover both test servers.
- Some small fixes in SMTP-related tests for expected output from commands.
- Implemented tests covering Dovecot (IMAP + Sieve) functionality.
- Implemented tests for running/enabled services.
- Implemented tests for ClamAV.
- Implemented tests for firewall and connectivity.
- Implemented tests for Postfix TLS configuration.
- TODO: Tests for Sieve TLS configuration have not been written yet due to
limitation of available tools.
0c81b8598748 0f17841d0aad 0f17841d0aad 0f17841d0aad 0f17841d0aad 0f17841d0aad 0f17841d0aad 0f17841d0aad 0f17841d0aad 0f17841d0aad e705dde5e6c7 e705dde5e6c7 e705dde5e6c7 0c81b8598748 0c81b8598748 0c81b8598748 0c81b8598748 fe6cdb2443c7 fe6cdb2443c7 0c81b8598748 0c81b8598748 0c81b8598748 0c81b8598748 0c81b8598748 fe6cdb2443c7 fe6cdb2443c7 fe6cdb2443c7 0c81b8598748 0c81b8598748 0c81b8598748 0c81b8598748 21122b16bd6b 0c81b8598748 21122b16bd6b 0c81b8598748 0c81b8598748 b453b7fcb189 0c81b8598748 0c81b8598748 0079746d9a8b 21122b16bd6b 76ed37089b33 76ed37089b33 32f61f233098 941f4f372672 941f4f372672 941f4f372672 e1f36d36827b e1f36d36827b e1f36d36827b e1f36d36827b e1f36d36827b e1f36d36827b e1f36d36827b e1f36d36827b e1f36d36827b e1f36d36827b e1f36d36827b e1f36d36827b e1f36d36827b e1f36d36827b e1f36d36827b e1f36d36827b 881a85f08e22 881a85f08e22 881a85f08e22 881a85f08e22 d61d01c00362 c6f217756635 881a85f08e22 c6f217756635 881a85f08e22 881a85f08e22 881a85f08e22 881a85f08e22 881a85f08e22 881a85f08e22 881a85f08e22 881a85f08e22 881a85f08e22 881a85f08e22 f4e9cd36dad4 f4e9cd36dad4 f4e9cd36dad4 f4e9cd36dad4 | ---
# Define domain for the test site that should be used.
testsite_domain: example.com
# Derive some additional values that will be used - basing them on domain.
testsite_domain_underscores: "{{ testsite_domain | regex_replace('\\.', '_') }}"
testsite_domain_alternative: "{{ testsite_domain | regex_replace('\\.[^.]+$', '.something') }}"
testsite_ldap_base: "{{ testsite_domain | regex_replace('\\.', ',dc=') | regex_replace('^', 'dc=') }}"
# Configuration for roles bootstrap and preseed.
ansible_key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"
# Configuration for role 'common', shared across all servers.
os_users:
- name: admin
uid: 1000
additional_groups:
- sudo
authorized_keys:
- "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"
password: '$6$/aerscJY6aevRG$ABBCymEDtk2mHW/dklre9dMEdgZNJvVHsGLCzgjGmy61FssZ.KW7ePcO2wsMGIkHcg3mZlrA4dhYh.APq9OQu0'
- name: johndoe
uid: 1001
additional_groups:
- office
- developer
password: '$6$cJnUatae7cMz23fl$O3HE2TslnEaKaTDSZnvuDDrfqILAiuMV1wOPGVnkUQFxUu3gIWZOyO7AI1OWYkqeQMVBiezpSqYNiQy6NF6bi0'
os_groups:
- name: office
gid: 1500
- name: developer
gid: 1501
common_packages:
- emacs24-nox
- screen
- debconf-utils
- colordiff
- unzip
ca_certificates:
"ca": "{{ lookup('file', inventory_dir + '/tls/ca.pem') }}"
incoming_connection_limit: 2/second
incoming_connection_limit_burst: 6
# Default LDAP client configuration.
ldap_client_config:
- comment: Set the base DN
option: BASE
value: "{{ testsite_ldap_base }}"
- comment: Set the default URI
option: URI
value: ldap://ldap.{{ testsite_domain }}/
- comment: Set the LDAP TLS truststore
option: TLS_CACERT
value: /etc/ssl/certs/ca.pem
- comment: Enforce TLS
option: TLS_REQCERT
value: demand
# Enable and configure backups
enable_backup: yes
backup_additional_encryption_keys:
- "{{ lookup('pipe', 'gpg2 --homedir \"' + inventory_dir + '/backup_keyring' + '\" --armor --export backup.' + testsite_domain ) }}"
backup_encryption_key: "{{ lookup('pipe', 'gpg2 --homedir \"' + inventory_dir + '/backup_keyring' + '\" --armor --export-secret-keys ' + ansible_fqdn ) }}"
backup_server: "backup.{{ testsite_domain }}"
backup_server_host_ssh_public_keys:
- "{{ lookup('file', inventory_dir + '/ssh/backup_server_dsa_key.pub') }}"
- "{{ lookup('file', inventory_dir + '/ssh/backup_server_rsa_key.pub') }}"
- "{{ lookup('file', inventory_dir + '/ssh/backup_server_ed25519_key.pub') }}"
- "{{ lookup('file', inventory_dir + '/ssh/backup_server_ecdsa_key.pub') }}"
backup_ssh_key: "{{ lookup('file', inventory_dir + '/ssh/' + ansible_fqdn) }}"
# Set-up prompt.
prompt_colour: light_purple
prompt_id: MAR
|