Files @ 5ea45eee5187
Branch filter:

Location: majic-ansible-roles/roles/mail_forwarder/playbook.yml - annotation

branko
MAR-124: Updated mail_forwarder test_tls_enforced_towards_relay_mail_server to be a bit robust against race condition.
36e1c9460cd6
36e1c9460cd6
36e1c9460cd6
36e1c9460cd6
36e1c9460cd6
36e1c9460cd6
36e1c9460cd6
36e1c9460cd6
8f33126c7555
36e1c9460cd6
36e1c9460cd6
36e1c9460cd6
36e1c9460cd6
36e1c9460cd6
36e1c9460cd6
36e1c9460cd6
36e1c9460cd6
36e1c9460cd6
36e1c9460cd6
36e1c9460cd6
36e1c9460cd6
36e1c9460cd6
d92577936630
36e1c9460cd6
36e1c9460cd6
36e1c9460cd6
36e1c9460cd6
36e1c9460cd6
36e1c9460cd6
36e1c9460cd6
36e1c9460cd6
36e1c9460cd6
36e1c9460cd6
36e1c9460cd6
36e1c9460cd6
36e1c9460cd6
36e1c9460cd6
36e1c9460cd6
36e1c9460cd6
36e1c9460cd6
36e1c9460cd6
36e1c9460cd6
36e1c9460cd6
36e1c9460cd6
36e1c9460cd6
36e1c9460cd6
36e1c9460cd6
36e1c9460cd6
36e1c9460cd6
36e1c9460cd6
36e1c9460cd6
36e1c9460cd6
36e1c9460cd6
36e1c9460cd6
36e1c9460cd6
36e1c9460cd6
36e1c9460cd6
36e1c9460cd6
36e1c9460cd6
36e1c9460cd6
36e1c9460cd6
36e1c9460cd6
36e1c9460cd6
36e1c9460cd6
36e1c9460cd6
36e1c9460cd6
36e1c9460cd6
36e1c9460cd6
36e1c9460cd6
36e1c9460cd6
36e1c9460cd6
36e1c9460cd6
36e1c9460cd6
36e1c9460cd6
36e1c9460cd6
36e1c9460cd6
36e1c9460cd6
36e1c9460cd6
36e1c9460cd6
36e1c9460cd6
36e1c9460cd6
36e1c9460cd6
36e1c9460cd6
36e1c9460cd6
36e1c9460cd6
36e1c9460cd6
36e1c9460cd6
36e1c9460cd6
36e1c9460cd6
36e1c9460cd6
36e1c9460cd6
36e1c9460cd6
f774e938a4ed
f774e938a4ed
f774e938a4ed
f774e938a4ed
f774e938a4ed
01f4b619cfa6
01f4b619cfa6
01f4b619cfa6
01f4b619cfa6
01f4b619cfa6
23a9ea4219dc
23a9ea4219dc
23a9ea4219dc
23a9ea4219dc
36e1c9460cd6
36e1c9460cd6
36e1c9460cd6
36e1c9460cd6
36e1c9460cd6
36e1c9460cd6
36e1c9460cd6
36e1c9460cd6
36e1c9460cd6
36e1c9460cd6
36e1c9460cd6
36e1c9460cd6
36e1c9460cd6
36e1c9460cd6
36e1c9460cd6
36e1c9460cd6
36e1c9460cd6
36e1c9460cd6
36e1c9460cd6
36e1c9460cd6
36e1c9460cd6
36e1c9460cd6
d92577936630
36e1c9460cd6
23a9ea4219dc
36e1c9460cd6
36e1c9460cd6
36e1c9460cd6
36e1c9460cd6
36e1c9460cd6
36e1c9460cd6
d92577936630
d92577936630
d92577936630
d92577936630
d92577936630
d92577936630
d92577936630
d92577936630
d92577936630
d92577936630
d92577936630
36e1c9460cd6
36e1c9460cd6
36e1c9460cd6
36e1c9460cd6
36e1c9460cd6
36e1c9460cd6
36e1c9460cd6
36e1c9460cd6
36e1c9460cd6
36e1c9460cd6
36e1c9460cd6
---

- hosts: all
  tasks:

    - name: Update all caches to avoid errors due to missing remote archives
      apt:
        update_cache: yes
      changed_when: False

- hosts: all
  tasks:

    - name: Set-up /etc/hosts entries
      lineinfile:
        dest: /etc/hosts
        line: "{{ item.key }} {{ item.value }}"
      with_dict:
        10.31.127.10: "mail-server domain1"
        10.31.127.20: "client1"
        10.31.127.30: "parameters-mandatory"
        10.31.127.31: "parameters-optional"
        10.31.127.32: "parameters-no-incoming"

- hosts: client1
  tasks:

    - name: Install SWAKS for testing SMTP capability
      apt:
        name: swaks
        state: installed

    - name: Install tool for testing TCP connectivity
      apt:
        name: hping3
        state: installed

    - name: Deploy CA certificate
      copy:
        src: tests/data/x509/ca.cert.pem
        dest: /usr/local/share/ca-certificates/testca.crt
        owner: root
        group: root
        mode: 0644
      notify:
        - Update CA certificate cache

  handlers:

    - name: Update CA certificate cache
      command: /usr/sbin/update-ca-certificates --fresh

- hosts: mail-server
  tasks:

    - name: Deploy CA certificate
      copy:
        src: tests/data/x509/ca.cert.pem
        dest: /usr/local/share/ca-certificates/testca.crt
        owner: root
        group: root
        mode: 0644
      notify:
        - Update CA certificate cache

    - name: Deploy SMTP private key and certificate
      copy:
        src: "tests/data/x509/{{ item }}"
        dest: "/etc/ssl/{{ item }}"
        owner: root
        group: root
        mode: 0600
      with_items:
        - mail-server_smtp.cert.pem
        - mail-server_smtp.key.pem

    - name: Install Postfix
      apt: name="postfix" state=installed

    - name: Purge Exim configuration
      apt: name="exim4*" state=absent purge=yes

    - name: Deploy Postfix configuration
      copy:
        src: tests/data/main.cf
        dest: /etc/postfix/main.cf
        owner: root
        group: root
        mode: 0644
      notify:
        - Restart Postfix

    - name: Install tool for testing TCP connectivity
      apt:
        name: hping3
        state: installed

    - name: Install SWAKS for testing SMTP capability
      apt:
        name: swaks
        state: installed

    - name: Set-up port forwarding
      command: "iptables -t nat -A PREROUTING -p tcp -m tcp --dport 27 -j REDIRECT --to-ports 25"
      changed_when: False

  handlers:

    - name: Update CA certificate cache
      command: /usr/sbin/update-ca-certificates --fresh

    - name: Restart Postfix
      service:
        name: postfix
        state: restarted

- hosts: parameters-mandatory
  roles:
    - role: mail_forwarder

      # Global common parameters.
      tls_certificate_dir: tests/data/x509/

- hosts: parameters-optional
  roles:
    - role: mail_forwarder
      local_mail_aliases:
        root: "root testuser"
      smtp_from_relay_allowed: True
      smtp_relay_host: mail-server
      smtp_relay_host_port: 27
      smtp_relay_truststore: "{{ lookup('file', 'tests/data/x509/ca.cert.pem') }}"

      # common
      ca_certificates:
        testca: "{{ lookup('file', 'tests/data/x509/ca.cert.pem') }}"

- hosts: parameters-no-incoming
  roles:
    - role: mail_forwarder
      smtp_relay_host: mail-server
      smtp_from_relay_allowed: False
      smtp_relay_truststore: "{{ lookup('file', 'tests/data/x509/ca.cert.pem') }}"

      # common
      ca_certificates:
        testca: "{{ lookup('file', 'tests/data/x509/ca.cert.pem') }}"

- hosts: parameters-optional
  tasks:

    - name: Create additional group for testing local aliases
      group:
        name: testuser

    - name: Create additional user for testing local aliases
      user:
        name: testuser
        group: testuser