Files
@ 814be5def61d
Branch filter:
Location: majic-ansible-roles/roles/mail_forwarder/molecule/default/prepare.yml - annotation
814be5def61d
4.2 KiB
text/x-yaml
MAR-189: Added support for Debian 11 Bullseye to xmpp_server role:
- Roll-out LDAP client configuration since Bullseye does not come with
a stock one at /etc/ldap/ldap.conf that sets the trust anchor
correctly for validating LDAP server certificates.
- Drop the backports pinning in case of Bullseye (for now let's try to
keep the Buster and Bullseye at same versions for simplicity).
- Drop installation of Python apt bindings (no longer used).
- Tests for Buster and Bullseye need to be split-up a bit due to some
differences around backports etc.
- Roll-out LDAP client configuration since Bullseye does not come with
a stock one at /etc/ldap/ldap.conf that sets the trust anchor
correctly for validating LDAP server certificates.
- Drop the backports pinning in case of Bullseye (for now let's try to
keep the Buster and Bullseye at same versions for simplicity).
- Drop installation of Python apt bindings (no longer used).
- Tests for Buster and Bullseye need to be split-up a bit due to some
differences around backports etc.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 | 36e1c9460cd6 36e1c9460cd6 1733003af19f 1733003af19f 1733003af19f 1733003af19f 1733003af19f 1733003af19f 1733003af19f 1733003af19f 1733003af19f 1b36419c4641 1733003af19f 1733003af19f 1733003af19f 1733003af19f 1733003af19f 1733003af19f 1b36419c4641 1733003af19f 1733003af19f 1733003af19f 1733003af19f 1733003af19f 1733003af19f 1733003af19f 1733003af19f 1733003af19f 1733003af19f 1733003af19f 1733003af19f 1733003af19f 1733003af19f 1733003af19f fb5e4e372902 fb5e4e372902 13982172ed2e fb5e4e372902 fb5e4e372902 e75d5d4fba3b 13982172ed2e 13982172ed2e fb5e4e372902 36e1c9460cd6 13982172ed2e 36e1c9460cd6 36e1c9460cd6 36e1c9460cd6 36e1c9460cd6 13982172ed2e 13982172ed2e 36e1c9460cd6 36e1c9460cd6 13982172ed2e 36e1c9460cd6 36e1c9460cd6 fb5e4e372902 36e1c9460cd6 fb5e4e372902 fb5e4e372902 36e1c9460cd6 fb5e4e372902 fb5e4e372902 fb5e4e372902 fb5e4e372902 36e1c9460cd6 638005e20082 638005e20082 638005e20082 638005e20082 638005e20082 fb5e4e372902 ed73868fa196 ed73868fa196 ed73868fa196 ed73868fa196 ed73868fa196 fb5e4e372902 13982172ed2e 36e1c9460cd6 36e1c9460cd6 36e1c9460cd6 36e1c9460cd6 36e1c9460cd6 13982172ed2e 36e1c9460cd6 36e1c9460cd6 36e1c9460cd6 36e1c9460cd6 13982172ed2e 36e1c9460cd6 36e1c9460cd6 36e1c9460cd6 1733003af19f 36e1c9460cd6 36e1c9460cd6 36e1c9460cd6 36e1c9460cd6 36e1c9460cd6 36e1c9460cd6 36e1c9460cd6 36e1c9460cd6 36e1c9460cd6 36e1c9460cd6 36e1c9460cd6 36e1c9460cd6 fb5e4e372902 13982172ed2e 36e1c9460cd6 36e1c9460cd6 36e1c9460cd6 36e1c9460cd6 1733003af19f 36e1c9460cd6 36e1c9460cd6 36e1c9460cd6 36e1c9460cd6 36e1c9460cd6 36e1c9460cd6 36e1c9460cd6 36e1c9460cd6 36e1c9460cd6 1733003af19f 36e1c9460cd6 36e1c9460cd6 36e1c9460cd6 36e1c9460cd6 36e1c9460cd6 36e1c9460cd6 36e1c9460cd6 36e1c9460cd6 36e1c9460cd6 13982172ed2e 13982172ed2e 13982172ed2e 36e1c9460cd6 36e1c9460cd6 13982172ed2e 13982172ed2e 13982172ed2e 13982172ed2e 36e1c9460cd6 36e1c9460cd6 36e1c9460cd6 36e1c9460cd6 36e1c9460cd6 36e1c9460cd6 36e1c9460cd6 36e1c9460cd6 36e1c9460cd6 36e1c9460cd6 36e1c9460cd6 f774e938a4ed f774e938a4ed f774e938a4ed 13982172ed2e f774e938a4ed 01f4b619cfa6 01f4b619cfa6 01f4b619cfa6 13982172ed2e 01f4b619cfa6 23a9ea4219dc 23a9ea4219dc 13982172ed2e 23a9ea4219dc 36e1c9460cd6 36e1c9460cd6 36e1c9460cd6 36e1c9460cd6 36e1c9460cd6 36e1c9460cd6 36e1c9460cd6 36e1c9460cd6 36e1c9460cd6 36e1c9460cd6 36e1c9460cd6 13982172ed2e 36e1c9460cd6 36e1c9460cd6 36e1c9460cd6 36e1c9460cd6 36e1c9460cd6 36e1c9460cd6 36e1c9460cd6 36e1c9460cd6 36e1c9460cd6 36e1c9460cd6 | ---
- name: Set-up fixtures
hosts: localhost
connection: local
gather_facts: false
tasks:
- name: Initialise CA hierarchy
command: "gimmecert init"
args:
creates: ".gimmecert/ca/level1.cert.pem"
chdir: "tests/data/"
- name: Generate server private keys and certificates
command:
args:
chdir: "tests/data/"
creates: ".gimmecert/server/{{ item.name }}.cert.pem"
argv:
- "gimmecert"
- "server"
- "{{ item.name }}"
- "{{ item.fqdn }}"
with_items:
- name: mail-server_smtp
fqdn: mail-server
- name: Set-up link to generated X.509 material
file:
src: ".gimmecert"
dest: "tests/data/x509"
state: link
- name: Prepare
hosts: all
gather_facts: false
tasks:
- name: Install python for Ansible
raw: test -e /usr/bin/python3 || (apt -y update && apt install -y python3-minimal)
become: true
changed_when: false
- hosts: all
become: true
tasks:
- name: Update all caches to avoid errors due to missing remote archives
apt:
update_cache: true
changed_when: false
- hosts: all
become: true
tasks:
- name: Set-up the hosts file
lineinfile:
path: /etc/hosts
regexp: "^{{ item.key }}"
line: "{{ item.key }} {{ item.value }}"
owner: root
group: root
mode: 0644
state: present
with_dict:
192.168.56.10: "mail-server domain1"
192.168.56.11: "client1"
192.168.56.20: "parameters-mandatory-buster64"
192.168.56.21: "parameters-optional-buster64"
192.168.56.22: "parameters-no-incoming-buster64"
- name: Install tools for testing
apt:
name: gnutls-bin
state: present
- hosts: clients
become: true
tasks:
- name: Install SWAKS for testing SMTP capability
apt:
name: swaks
state: present
- name: Install tool for testing TCP connectivity
apt:
name: hping3
state: present
- name: Deploy CA certificate
copy:
src: tests/data/x509/ca/level1.cert.pem
dest: /usr/local/share/ca-certificates/testca.crt
owner: root
group: root
mode: 0644
notify:
- Update CA certificate cache
handlers:
- name: Update CA certificate cache
command: /usr/sbin/update-ca-certificates --fresh
- hosts: mail-servers
become: true
tasks:
- name: Deploy CA certificate
copy:
src: tests/data/x509/ca/level1.cert.pem
dest: /usr/local/share/ca-certificates/testca.crt
owner: root
group: root
mode: 0644
notify:
- Update CA certificate cache
- name: Deploy SMTP private key and certificate
copy:
src: "tests/data/x509/server/{{ item }}"
dest: "/etc/ssl/{{ item }}"
owner: root
group: root
mode: 0600
with_items:
- mail-server_smtp.cert.pem
- mail-server_smtp.key.pem
- name: Install Postfix
apt:
name: "postfix"
state: present
- name: Purge Exim configuration
apt:
name: "exim4*"
state: absent
purge: true
- name: Deploy Postfix configuration
copy:
src: tests/data/main.cf
dest: /etc/postfix/main.cf
owner: root
group: root
mode: 0644
notify:
- Restart Postfix
- name: Install tool for testing TCP connectivity
apt:
name: hping3
state: present
- name: Install SWAKS for testing SMTP capability
apt:
name: swaks
state: present
- name: Set-up port forwarding
command: "iptables -t nat -A PREROUTING -p tcp -m tcp --dport 27 -j REDIRECT --to-ports 25"
changed_when: false
handlers:
- name: Update CA certificate cache
command: /usr/sbin/update-ca-certificates --fresh
- name: Restart Postfix
service:
name: postfix
state: restarted
- hosts: parameters-optional
become: true
tasks:
- name: Create additional group for testing local aliases
group:
name: testuser
- name: Create additional user for testing local aliases
user:
name: testuser
group: testuser
|