Files
@ d0c6f26ece9f
Branch filter:
Location: majic-ansible-roles/roles/mail_server/molecule/default/prepare.yml - annotation
d0c6f26ece9f
6.9 KiB
text/x-yaml
MAR-182: Added ability to specify input requirements for running pip package upgrade checks against helper virtual environments:
- These environments are used for running the package upgrade checks
themselves.
- These environments are used for running the package upgrade checks
themselves.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 | 0004ec73b902 0004ec73b902 6844c0a01173 6844c0a01173 6844c0a01173 6844c0a01173 6844c0a01173 6844c0a01173 6844c0a01173 6844c0a01173 6844c0a01173 1b36419c4641 6844c0a01173 6844c0a01173 6844c0a01173 6844c0a01173 6844c0a01173 6844c0a01173 1b36419c4641 6844c0a01173 6844c0a01173 6844c0a01173 6844c0a01173 6844c0a01173 6844c0a01173 6844c0a01173 6844c0a01173 6844c0a01173 7d9696a7b5cc 7d9696a7b5cc 7d9696a7b5cc 7d9696a7b5cc 7d9696a7b5cc 7d9696a7b5cc 7d9696a7b5cc 7d9696a7b5cc 6844c0a01173 6844c0a01173 6844c0a01173 6844c0a01173 6844c0a01173 6844c0a01173 6844c0a01173 d7f5980cc68a d7f5980cc68a b0c92677ba93 d7f5980cc68a d7f5980cc68a e75d5d4fba3b b0c92677ba93 b0c92677ba93 d7f5980cc68a 0004ec73b902 b0c92677ba93 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 b0c92677ba93 b0c92677ba93 0004ec73b902 4e121413ca5c 4e121413ca5c c2f446ec7e2a c2f446ec7e2a c2f446ec7e2a 4e121413ca5c 4e121413ca5c 7d9696a7b5cc 7d9696a7b5cc 7d9696a7b5cc 7d9696a7b5cc 7d9696a7b5cc 7d9696a7b5cc 7d9696a7b5cc 7d9696a7b5cc 7d9696a7b5cc 7d9696a7b5cc 7d9696a7b5cc 7d9696a7b5cc 7d9696a7b5cc 7d9696a7b5cc 01e9035dac41 01e9035dac41 01e9035dac41 01e9035dac41 01e9035dac41 7d9696a7b5cc d7f5980cc68a b0c92677ba93 0004ec73b902 0004ec73b902 0004ec73b902 0004ec73b902 277c561f3f52 b0c92677ba93 0004ec73b902 17cf34f73ca6 17cf34f73ca6 8b486fb8e632 b0c92677ba93 17cf34f73ca6 17cf34f73ca6 17cf34f73ca6 32f778c49981 17cf34f73ca6 17cf34f73ca6 17cf34f73ca6 17cf34f73ca6 17cf34f73ca6 b0c92677ba93 17cf34f73ca6 17cf34f73ca6 17cf34f73ca6 17cf34f73ca6 b0c92677ba93 17cf34f73ca6 17cf34f73ca6 17cf34f73ca6 17cf34f73ca6 17cf34f73ca6 17cf34f73ca6 17cf34f73ca6 17cf34f73ca6 17cf34f73ca6 17cf34f73ca6 17cf34f73ca6 17cf34f73ca6 17cf34f73ca6 17cf34f73ca6 17cf34f73ca6 17cf34f73ca6 6844c0a01173 17cf34f73ca6 17cf34f73ca6 17cf34f73ca6 17cf34f73ca6 17cf34f73ca6 17cf34f73ca6 17cf34f73ca6 c063f27000b9 c063f27000b9 c063f27000b9 c063f27000b9 c063f27000b9 c063f27000b9 c063f27000b9 c063f27000b9 c063f27000b9 c063f27000b9 c063f27000b9 c063f27000b9 c063f27000b9 c063f27000b9 c063f27000b9 c063f27000b9 c063f27000b9 c063f27000b9 c063f27000b9 c063f27000b9 c063f27000b9 c063f27000b9 c063f27000b9 c063f27000b9 c063f27000b9 c063f27000b9 c063f27000b9 c063f27000b9 c063f27000b9 c063f27000b9 17cf34f73ca6 17cf34f73ca6 17cf34f73ca6 17cf34f73ca6 17cf34f73ca6 c063f27000b9 c063f27000b9 c063f27000b9 c063f27000b9 c063f27000b9 0004ec73b902 b0c92677ba93 0004ec73b902 b0c92677ba93 b0c92677ba93 0255167ebb5e 0255167ebb5e 0255167ebb5e 0255167ebb5e 0255167ebb5e 0255167ebb5e 0255167ebb5e 0255167ebb5e 0255167ebb5e 0255167ebb5e 0255167ebb5e 0255167ebb5e 0255167ebb5e 0255167ebb5e 0255167ebb5e 0255167ebb5e 0255167ebb5e 0255167ebb5e 0255167ebb5e 0255167ebb5e 0255167ebb5e 0255167ebb5e 0255167ebb5e 0255167ebb5e 0255167ebb5e 0255167ebb5e 0255167ebb5e 0255167ebb5e 0255167ebb5e 0255167ebb5e 0255167ebb5e 0255167ebb5e 0255167ebb5e 0255167ebb5e 0255167ebb5e 0255167ebb5e 0255167ebb5e 0255167ebb5e 0255167ebb5e 0255167ebb5e 0255167ebb5e 0255167ebb5e 0255167ebb5e 0255167ebb5e 0255167ebb5e 0255167ebb5e 0255167ebb5e 0255167ebb5e 0255167ebb5e 0255167ebb5e 0255167ebb5e 0255167ebb5e 0255167ebb5e 0255167ebb5e 0255167ebb5e 0255167ebb5e 0255167ebb5e 0255167ebb5e 0255167ebb5e 0255167ebb5e 0255167ebb5e 0255167ebb5e 0255167ebb5e 0255167ebb5e 0255167ebb5e 0255167ebb5e 0255167ebb5e 0255167ebb5e 0255167ebb5e 0255167ebb5e 0255167ebb5e 0255167ebb5e 0255167ebb5e 0255167ebb5e 0255167ebb5e 0255167ebb5e 0255167ebb5e 0255167ebb5e 6f3bc2a8facd 6f3bc2a8facd 6f3bc2a8facd 6f3bc2a8facd 6f3bc2a8facd 6f3bc2a8facd 6f3bc2a8facd 6f3bc2a8facd 6f3bc2a8facd 6f3bc2a8facd 6f3bc2a8facd 6f3bc2a8facd 6f3bc2a8facd | ---
- name: Set-up fixtures
hosts: localhost
connection: local
gather_facts: false
tasks:
- name: Initialise CA hierarchy
command: "gimmecert init"
args:
creates: ".gimmecert/ca/level1.cert.pem"
chdir: "tests/data/"
- name: Generate server private keys and certificates
command:
args:
chdir: "tests/data/"
creates: ".gimmecert/server/{{ item.name }}.cert.pem"
argv:
- "gimmecert"
- "server"
- "{{ item.name }}"
- "{{ item.fqdn }}"
- "{{ item.fqdn[:item.fqdn.rfind('-')] }}"
with_items:
- name: ldap-server_ldap
fqdn: ldap-server
- name: parameters-mandatory-buster64_imap
fqdn: parameters-mandatory-buster64
- name: parameters-mandatory-buster64_smtp
fqdn: parameters-mandatory-buster64
- name: parameters-optional-buster64_imap
fqdn: parameters-optional-buster64
- name: parameters-optional-buster64_smtp
fqdn: parameters-optional-buster64
- name: Set-up link to generated X.509 material
file:
src: ".gimmecert"
dest: "tests/data/x509"
state: link
- name: Prepare
hosts: all
gather_facts: false
tasks:
- name: Install python for Ansible
raw: test -e /usr/bin/python3 || (apt -y update && apt install -y python3-minimal)
become: true
changed_when: false
- hosts: all
become: true
tasks:
- name: Update all caches to avoid errors due to missing remote archives
apt:
update_cache: true
changed_when: false
- name: Install tools for testing
apt:
name:
- gnutls-bin
- nmap
state: present
- hosts: buster
become: true
tasks:
- name: Set-up the hosts file
lineinfile:
path: /etc/hosts
regexp: "^{{ item.key }}"
line: "{{ item.key }} {{ item.value }}"
owner: root
group: root
mode: 0644
state: present
with_dict:
192.168.56.10: "ldap-server backup-server"
192.168.56.20: "client1 smtp-server-requiring-tls"
192.168.56.21: "client2 smtp-server-refusing-tls"
192.168.56.30: "parameters-mandatory parameters-mandatory-buster64"
192.168.56.31: "parameters-optional parameters-optional-buster64"
- hosts: client
become: true
tasks:
- name: Install SWAKS for testing SMTP capability
apt:
name: swaks
state: present
- name: Install pip
apt:
name: python3-pip
state: present
- name: Install IMAP CLI tool
pip:
name: Imap-CLI==0.7
state: present
- name: Install tool for testing SIEVE
apt:
name: sieve-connect
state: present
- name: Install tool for testing TCP connectivity
apt:
name: hping3
state: present
- name: Deploy IMAP CLI configuration
copy:
src: "tests/data/{{ item }}"
dest: "/home/vagrant/{{ item }}"
owner: vagrant
group: vagrant
mode: 0600
with_items:
- imapcli-parameters-mandatory-john_doe.conf
- imapcli-parameters-mandatory-jane_doe.conf
- imapcli-parameters-optional-john_doe.conf
- imapcli-parameters-optional-jane_doe.conf
- name: Deploy CA certificate
copy:
src: tests/data/x509/ca/level1.cert.pem
dest: /usr/local/share/ca-certificates/testca.crt
owner: root
group: root
mode: 0644
notify:
- Update CA certificate cache
- name: Install and configure Postfix for testing mail sending from managed servers
block:
- name: Install Postfix
apt:
name: postfix
state: present
- name: Purge Exim
apt:
name: "exim4*"
state: absent
purge: true
- name: Configure Postfix
template:
src: "helper_smtp_main.cf.j2"
dest: "/etc/postfix/main.cf"
owner: root
group: root
mode: 0644
notify:
- Restart Postfix
- name: Enable Postfix service
service:
name: postfix
state: started
enabled: true
handlers:
- name: Update CA certificate cache
command: /usr/sbin/update-ca-certificates --fresh
- name: Restart Postfix
service:
name: postfix
state: restarted
- hosts: ldap-server
become: true
roles:
- ldap_server
- backup_server
- hosts: ldap-server
become: true
tasks:
- name: Create LDAP accounts for testing
ldap_entry:
dn: "{{ item.dn }}"
objectClass: "{{ item.objectClass }}"
attributes: "{{ item.attributes }}"
with_items:
# Users.
- dn: uid=john,ou=people,dc=local
objectClass:
- inetOrgPerson
- simpleSecurityObject
attributes:
userPassword: johnpassword
uid: john
cn: John Doe
sn: Doe
mail: john.doe@domain1
- dn: uid=jane,ou=people,dc=local
objectClass:
- inetOrgPerson
- simpleSecurityObject
attributes:
userPassword: janepassword
uid: jane
cn: Jane Doe
sn: Doe
mail: jane.doe@domain2
- dn: uid=nomail,ou=people,dc=local
objectClass:
- inetOrgPerson
- simpleSecurityObject
attributes:
userPassword: nomailpassword
uid: nomail
cn: No Mail
sn: Mail
mail: nomail@domain1
# Domains
- dn: dc=domain1,ou=domains,ou=mail,ou=services,dc=local
objectClass: dNSDomain
attributes:
dc: domain1
- dn: dc=domain2,ou=domains,ou=mail,ou=services,dc=local
objectClass: dNSDomain
attributes:
dc: domain2
# Aliases
- dn: cn=postmaster@domain1,ou=aliases,ou=mail,ou=services,dc=local
objectClass: nisMailAlias
attributes:
cn: postmaster@domain1
rfc822MailMember: john.doe@domain1
- dn: cn=webmaster@domain2,ou=aliases,ou=mail,ou=services,dc=local
objectClass: nisMailAlias
attributes:
cn: webmaster@domain2
rfc822MailMember: jane.doe@domain2
- name: Add test accounts to correct group
ldap_attr:
dn: "cn=mail,ou=groups,dc=local"
name: uniqueMember
state: exact
values:
- uid=john,ou=people,dc=local
- uid=jane,ou=people,dc=local
- hosts: parameters-mandatory,parameters-optional
become: true
tasks:
- name: Create group for user used for local mail delivery testing
group:
name: localuser
- name: Create user for local mail delivery testing
user:
name: localuser
group: localuser
|