|
branko
|
325b9d16a72b
|
4 years ago
|
|
MAR-151: Added support for Debian 10 Buster to common role:
- Updated tests. - Updated role reference documentation. - Updated role metadata information. - Refactored IP plan for the test machines for better separation between different types of machines and versions. - Parametrised tests for limited connectivity using the maintenance mode. - Don't use MariaDB compat package in tests - name differs between Debian 9 and Debian 10, and relevant parameter is already getting tested properly using the remaining packages.
|
|
branko
|
ae57a0d1d5cc
|
4 years ago
|
|
MAR-151: Added support for Debian 10 Buster to backup role:
- Updated tests. - Updated role reference documentation.
|
|
branko
|
eeec809e0f90
|
4 years ago
|
|
MAR-151: Added support for Debian 10 Buster to backup_client role:
- Updated tests. - Refactored one of the test to determine hostname dynamically. - Update role reference documentation.
|
|
branko
|
b990e0d82f39
|
4 years ago
|
|
MAR-160: Update release notes, usage instructions, and role reference documentation:
- Describe the maintenance and maintenance_allowed_hosts parameters for the common role.
|
|
branko
|
aee44319ba2c
|
4 years ago
|
|
MAR-168: Drop the Debian system maintenance user if present:
- Drop the user itself from the MySQL database. - Update the Debian system maintenance configuration file if root is not specified as the user within. - Updated tests. - Updated release notes. - Updated role reference documentation.
|
|
branko
|
5283779cf2aa
|
4 years ago
|
|
MAR-168: Clean-up references to database_server root password:
- Updated role reference documentation. - Updated usage instructions. - Updated test configurations. - Remvoed unused files/variables. - Updated test site configuration.
|
|
branko
|
5dd6b0b1cc59
|
4 years ago
|
|
MAR-168: Drop the user of passwords for the root MySQL account:
- Rely on unix_socket authentication plugin instead. - Updated role reference documentation. - Updated tests.
|
|
branko
|
c95f61f32b67
|
4 years ago
|
|
MAR-174: Enable Message Carbons (XEP-0280) and Message Archive Management (XEP-0313) via xmpp_server role:
- Updated release notes. - Updated role reference documentation. - Enable the two modules via Prosody configuration file, and set the archive expiration configuration option for Prosody. - Updated tests.
|
|
branko
|
91e4754320e6
|
4 years ago
|
|
MAR-164: Fix Prosody TLS configuration in xmpp_server role:
- Added warning to role reference documentation about what DNS names need to be included in the subject alternative name of issued certificate used for Prosody. - Added crontab with script that validates the certificate on daily basis. - Updated tests to include the proxy.DOMAIN and conference.DOMAIN DNS names in subject alternative name for generated test certificates. - Added and updated tests that cover new functionality. - Fixed the Prosody TLS configuration to have common parameters specified in general section, and any kind of overrides (mainly the ciphers) in more specific sections. - Updated release notes.
|
|
branko
|
40e5ccacc5fd
|
4 years ago
|
|
|
|
branko
|
5b102c4afcb3
|
4 years ago
|
|
MAR-170: Always enforce use of HTTPS in the php_server role:
- Dropped the enforce_https parameter. - Updated tests. - Updated release notes. - Update role reference documentation. - Update usage instructions.
|
|
branko
|
5b6d00b0beab
|
4 years ago
|
|
MAR-170: Always enforce use of HTTPS in the wsgi_server role:
- Dropped the enforce_https parameter. - Updated tests. - Updated release notes.
|
|
branko
|
51c92f71fa0a
|
4 years ago
|
|
MAR-170: Always enforce use of HTTPS in the web_server role:
- Dropped the default_enforce_https parameter. - Updated tests. - Updated release notes.
|
|
branko
|
eb6d9c7d6651
|
4 years ago
|
|
MAR-171: Make the xmpp_domains parameter mandatory:
- Updated release notes. - Updated role reference documentation. - Dropped the default value for parameter from the xmpp_server role. - Updated tests.
|
|
branko
|
23bc0fa0d5c7
|
4 years ago
|
|
MAR-159: Added wsgi_requirements_in parameter to wsgi_website role:
- Added the parameter as optional. - Updated role reference documentation. - Updated release notes. - Updated tests.
|
|
branko
|
3ec086a76011
|
4 years ago
|
|
|
|
branko
|
5a36f75bc297
|
4 years ago
|
|
MAR-161: Make the ldap_server_domain parameter in the ldap_server role mandatory:
- Updated the ldap_server role. - Removed default value for the parameter. - Updated tests. - Updated role reference documentation. - Updated release notes. - Dropped the .local from the Molecule instance names.
|
|
branko
|
f0ffcf83f46a
|
4 years ago
|
|
MAR-155: Make the ansible_key parameter in the bootstrap role mandatory:
- Updated the preseed role. - Removed default value for the parameter. - Updated tests. - Updated role reference documentation. - Updated release notes.
|
|
branko
|
bb8003ddf790
|
4 years ago
|
|
MAR-155: Make the ansible_key parameter in the preseed role mandatory:
- Updated the preseed role. - Removed default value for the parameter. - Updated tests. - Updated role reference documentation. - Updated release notes.
|
|
branko
|
d44e023cf7bb
|
4 years ago
|
|
MAR-155: Make the preseed_directory parameter in the preseed role mandatory:
- Updated the preseed role. - Removed default value for the parameter. - Updated tests. - Updated role reference documentation. - Updated release notes.
|
|
branko
|
dd07a2a94e56
|
4 years ago
|
|
|
|
branko
|
52c4a4001c46
|
4 years ago
|
|
MAR-164: Harden the c2s TLS configuration for the XMPP server role:
- Updated the xmpp_server role. - Added (optional) xmpp_server_tls_protocol and xmpp_server_tls_ciphers parameters for specifying the desired TLS protocol version and ciphers for the c2s connections. - Updated XMPP server configuration to introduce separate TLS configuration for the s2s and c2s (legacy included) connections. - Drop support for Prosody 0.9 since it is not possible to have separate TLS configuration for c2s and s2s connections. - Updated role reference documentation.
|
|
branko
|
c2f446ec7e2a
|
4 years ago
|
|
MAR-158: Update default TLS ciphers configuration in the mail_server role:
- Updated the default value for parameter mail_server_tls_ciphers. - Updated tests, making them explicitly test for enabled and disabled ciphers. - Refactored tests for TLS to use nmap ssl-enum-ciphers script for listing available TLS versions and ciphers. - Install nmap as part of preparation step. - Updated role reference documentation.
|
|
branko
|
2e3af1a245a5
|
4 years ago
|
|
MAR-158: Update default TLS ciphers configuration in the ldap_server role:
- Updated the default value for parameter ldap_tls_ciphers. - Updated tests, making them explicitly test for enabled and disabled ciphers - Updated role reference documentation.
|
|
branko
|
36cc127035aa
|
4 years ago
|
|
MAR-158: Update default TLS cipher configuration in the web_server role:
- Updated the default value for parameter web_server_tls_ciphers. - Updated tests, making them explicitly test for enabled and disabled ciphers. - Updated role reference documentation.
|
|
branko
|
d5b70f2e098c
|
4 years ago
|
|
|
|
branko
|
be01ee86b9dd
|
4 years ago
|
|
MAR-162: Make the smtp_relay_truststore parameter mandatory in mail_forwarder role:
- Dropped the defaults from mail_forwarder role. - Updated group variables in role tests. - Updated role reference documentation. - Updated usage instructions to include the mandatory parameter. - Deduplicated tests for the TLS files.
|
|
branko
|
5dab5854fcc8
|
4 years ago
|
|
MAR-162: Make the xmpp_tls_certificate and xmpp_tls_key parameters mandatory in xmpp_server role:
- Dropped the defaults from wsgi_server role. - Updated group variables in role tests. - Changed the key/certificate file extensions to be more descriptive. - Updated role reference documentation. - Updated usage instructions to include the mandatory parameters. - Deduplicated tests for the TLS files.
|
|
branko
|
f428e318d2ca
|
4 years ago
|
|
MAR-162: Make the https_tls_certificate and https_tls_key parameters mandatory in wsgi_website role:
- Dropped the defaults from wsgi_server role. - Updated group variables in role tests. - Changed the key/certificate file extensions to be more descriptive. - Updated role reference documentation. - Updated usage instructions to include the mandatory parameters.
|
|
branko
|
f073c9637d47
|
4 years ago
|
|
MAR-162: Make the https_tls_certificate and https_tls_key parameters mandatory in php_website role:
- Dropped the defaults from php_server role. - Updated group variables in role tests. - Changed the key/certificate file extensions to be more descriptive. - Updated role reference documentation. - Updated usage instructions to include the mandatory parameters.
|
|
branko
|
ddcc0a5f7312
|
4 years ago
|
|
MAR-162: Make the default_https_tls_certificate and default_https_tls_key parameters mandatory:
- Dropped the defaults from web_server role. - Updated group variables in role tests. - Changed the key/certificate file extensions to be more descriptive. - Updated role reference documentation. - Updated usage instructions to include the mandatory parameters.
|
|
branko
|
b3d83bcce226
|
4 years ago
|
|
MAR-162: Make the mail_ldap_tls_truststore, imap_tls_key, imap_tls_certificate, smtp_tls_key, and smtp_tls_certificate parameters mandatory:
- Dropped the defaults from mail_server role. - Updated group variables in role tests. - Changed the key/certificate file extensions to be more descriptive. - Updated role reference documentation. - Updated usage instructions to include the mandatory parameters.
|
|
branko
|
e3eaa053564d
|
4 years ago
|
|
MAR-162: Make the ldap_server_tls_certificate ldap_server_tls_key parameters mandatory:
- Updated release notes. - Updated role reference documentation. - Updated usage instructions to cover set-up of CA hierarchy earlier on in the process.
|
|
branko
|
90bda8fea4aa
|
4 years ago
|
|
|
|
branko
|
35fff2909917
|
4 years ago
|
|
|
|
branko
|
2e340af74a96
|
4 years ago
|
|
MAR-153: Updated role reference documentation and release notes:
- Marks the change as breaking because it could mean older client/servers cannot interoperate with the Majic Ansible Roles TLS services any longer.
|
|
branko
|
cd0056b93cda
|
4 years ago
|
|
|
|
branko
|
b69aa445807f
|
4 years ago
|
|
|
|
branko
|
6d1bf102bdba
|
4 years ago
|
|
|
|
branko
|
879d27016133
|
4 years ago
|
|
|
|
branko
|
7d6c3c67caee
|
4 years ago
|
|
|
|
branko
|
b5000711fe78
|
4 years ago
|
|
|
|
branko
|
d5533c949fa2
|
4 years ago
|
|
|
|
branko
|
9a06395ab828
|
4 years ago
|
|
|
|
branko
|
220f30ece4bf
|
4 years ago
|
|
|
|
branko
|
6d46b300aa0b
|
4 years ago
|
|
|
|
branko
|
9c0b92a5d2c6
|
4 years ago
|
|
|
|
branko
|
364c0adf308e
|
4 years ago
|
|
MAR-152: Drop support for Debian 8 Jessie from the backup_client role:
- Simplify the invocation of GnuPG commands (since we don't have to massage output formats depending on distribution version anymore).
|
|
branko
|
d075c64c765d
|
4 years ago
|
|
|
|
branko
|
4c0b2aa9cb69
|
4 years ago
|
|
|
|
branko
|
e9c5e116996a
|
4 years ago
|
|
|
|
branko
|
b7de8e615ffd
|
4 years ago
|
|
|
|
branko
|
398dcbce5d84
|
4 years ago
|
|
|
|
branko
|
180d7b99f777
|
5 years ago
|
|
MAR-146: Added separate parameter for Pyhton 3 virtual environment used for upgrade checks:
- Release notes updated to mention the breaking change. - Updated role reference documentation to cover the new parameter. - Updated default values for the dedicated Python virtual environments. - Update role common to deploy separate requirements for the two environments. - Include wheel package in the requirements.
|
|
branko
|
324dde5671de
|
6 years ago
|
|
|
|
branko
|
1fa3378833d3
|
6 years ago
|
|
MAR-138: Updated documentation and release notes:
- Document the new xmpp_prosody_package parameter. - Add the breaking change informaiton in release notes (although most likely nothing will be really broken).
|
|
branko
|
14f69ca7bbdf
|
6 years ago
|
|
|
|
branko
|
1e913ad42420
|
6 years ago
|
|
MAR-132: Update documentation for backup_server role:
- Mention that DSA key is required only on Debian Jessie. - Remove unused parameter from role defaults.
|
|
branko
|
7282cffb132f
|
6 years ago
|
|
MAR-132: Added support for Debian 9 (Stretch) to backup_server role:
- Deploy slightly different sshd_config file for Stretch (DSA key unused). - Updated Molecule tests to cover testing on Debian 9. - Updated role reference documentation.
|
|
branko
|
7c9e208bcc74
|
6 years ago
|
|
MAR-132: Added support for Debian 9 (Stretch) to database role:
- Updated Molecule test configuration to include Debian 9 Stretch. - Updated documentation.
|
|
branko
|
30d5b3fa5b93
|
6 years ago
|
|
MAR-132: Added support for Debian 9 (Stretch) to database_server role:
- Updated Molecule test configuration to include Debian 9 Stretch in test matrix. - Updated tests related to UTF-8 configuration (differences between Debian 8 and 9). - Deploy UTF-8 configuration in alternate locations depending on what distro is being used. - Force set-up of root password on Debian Stretch (default is to use the unix_socket authentication).
|
|
branko
|
f05151d6f802
|
6 years ago
|
|
MAR-132: Added support for Debian 9 (Stretch) to wsgi_website role:
- Set the shell for application system account explicitly (workaround for Debian bug 865762 in Stretch). - Updated Molecule tests to cover Debian 9. - Updated Molecule test preparation playbook to account for a number of differences between Jessie and Stretch (mainly related to mailing functionality). - Renamed a couple of variables in test for sending out mails to make it clearer what is being looked up as part of regex matching. - Updated Molecule tests where certain paths depend on what Debian release they are ran against. - Split-up Jessie-specific tests into separate file. - Remove the /bin/ss utility instead of renaming it (testinfra socket tests do not work with /bin/ss).
|
|
branko
|
ff510f233909
|
6 years ago
|
|
MAR-132: Added support for Debian 9 (Stretch) to php_website role:
- Implemented the necessary changes related to differences between PHP versions and related paths (PHP 5 vs PHP 7). - Set the shell for application system account explicitly (workaround for Debian bug 865762 in Stretch). - Updated Molecule tests to cover Debian 9. - Updated Molecule test preparation playbook to account for a number of differences between Jessie and Stretch (mainly related to mailing functionality). - Use more specific host groups in tests. - Renamed a couple of variables in test for sending out mails to make it clearer what is being looked up as part of regex matching. - Updated Molecule tests where certain paths depend on what Debian release they are ran against. - Split-up Jessie-specific tests into separate file.
|
|
branko
|
a52f9fdabd0f
|
6 years ago
|
|
MAR-132: Added support for Debian 9 (Stretch) to web_server role:
- Introduced internal parameters for controlling differing package names, service names, and paths for PHP FPM package. - Added Debian 9 machines to Molecule configuration, including the client machine. - Restructured slightly preparaiton playbook to support both Jessie and Stretch. - Added custom pytest fixture for having a better way to determine expected package names etc related to PHP. - Created copy of private key/certificate pair used for testing of mandatory parameters (to be used with Stretch machine). - Fixed invalid specification for hosts on top of which the connectivity test should be run. - Updated a couple of task names (avoiding to reference PHP 5). - Updated documentation.
|
|
branko
|
5c5d8636f699
|
6 years ago
|
|
MAR-132: Added support for Debian 9 (Stretch) to mail_server role:
- Updated Molecule configuration to include set-up of additional instances for testing. - Updated configuration for test instances. - Use separate clients in testing of Jessie/Stretch instances. - Duplicate private keys/certificates for testing of mandatory parameters on Debian 9. - Refactored testing of mail deliveries (via swaks) to use test-generated message ID - improves reliability and solves some incompatibilities between swaks version in Jessie and Stretch. - Updated tests for TLS testing to take into account newer OpenSSL error/output messages. A bit of an ugly hack at the moment, but beats duplicating tests for now.
|
|
branko
|
ceb51ff23ae3
|
6 years ago
|
|
MAR-132: Added support to xmpp_server role for Debian 9 (Stretch): - Updated tests to include Debian 9 in testing. Existing private keys are reused where possible (since most of the naming is identical between the machines with jessie/stretch). - Updated invocation of sendxmpp in tests as workaround for https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854210. - Updated testing of imported keys to accomodate differences between gpg/gpg2 (used by apt-key in Jessie/Stretch).
|
|
branko
|
f1b75f1d4b5e
|
6 years ago
|
|
MAR-132: Add support for Debian 9 (Stretch) to ldap_server role:
- Updated Molecule tests to cover Debian 9 as well. - Remove the ss utility instead of renaming it when preparing for tests, and make sure the netstat utility is available. - Duplicate private key/certificate for mandatory parameters testing.
|
|
branko
|
2b85b3594a76
|
6 years ago
|
|
|
|
branko
|
6f78f2d06f04
|
6 years ago
|
|
|
|
branko
|
c8d4251a6ea5
|
6 years ago
|
|
MAR-131: Added support for specifying Python version in wsgi_website role:
- Introduced additional role parameter for specifying the Python version. - Updated tests to verify new functionality. - Fixed existing tests to account for differences between Python 2 and Python 3 - including changes to WSGI test applications. - Updated documentation, documenting new parameter and fixing one minor typo. - Updated release notes. - Bumped default version of Gunicorn/futures used.
|
|
branko
|
0b86d3da5a29
|
6 years ago
|
|
MAR-133: Improve output for certificate checks:
- Do not produce warnings in case no certificates have been configured for checking. - Only send out mails about certificates that are about to expire. - Include information in how many days a certificate is going to expire. - Include information on whether the certificates has already expired.
|
|
branko
|
ba3f7dcdd68b
|
6 years ago
|
|
|
|
branko
|
a6f0fe607199
|
6 years ago
|
|
MAR-129: Removed m_ldap_entry module:
- Removed the custom m_ldap_entry module used for managing LDAP entries. - Replaced the module usage with official ldap_entry and ldap_attr modules. - Updated role reference documentation. - Updated usage instructions since we can't misuse the m_ldap_entry any longer for adding members to groups.
|
|
branko
|
91b1e458dd17
|
7 years ago
|
|
MAR-127: Updated documentation and testsite configuration for NTP:
- Updated role reference documentation for common role to list the new functionality and documented the new parameter. - Updated usage instructions to mention NTP time synchronisation configuration. - Updated testsite configuration to set-up the NTP time synchronisation.
|
|
branko
|
23a9ea4219dc
|
7 years ago
|
|
MAR-113: Added option for specifying relay port to mail_forwarder:
- Introduced new option "smtp_relay_host_port". - Updated the test playbook and tests to make sure new functionality works as expected. - Update role reference documentation. - Updated usage instructions.
|
|
branko
|
1bb9f7ac1072
|
7 years ago
|
|
MAR-112: Added alternate SMTP port:
- Updated mail_server role to deploy firewall rules that include redirection from TCP port 27 to TCP port 25. - Updated documentation to include references to the additional port. - Updated tests to cover the new functionality.
|
|
branko
|
d92577936630
|
7 years ago
|
|
MAR-105: Added parameter for controlling firewall to mail_forwarder:
- Added new parameter smtp_from_relay_allowed. - Updated role reference documentation. - Added small note to usage instructions to mention the parameter's usability in case of NAT'ed machines or laptops. - Updated test playbook, adding another instance for testing the parameter, and added tests that cover new parameter. - Updated existing connectivity tests to be more specific and reliable.
|
|
branko
|
0004ec73b902
|
7 years ago
|
|
MAR-28: Implemented scaffolding for testing the mail_server role:
- Added Molecule configuration. - Added test playbook. - Restart Postfix for truststore changes. - Added test data (private keys and certificates). - Fixed small documentation inaccuracy.
|
|
branko
|
7c07f17e46ba
|
7 years ago
|
|
MAR-26: Implemented scaffolding for testing the ldap_server role:
- Fixed role documentation and example for the ldap_server ldap_entries parameter. - Fixed missing leading zero when setting mode for deployed files. - Marked certain tasks for skipping Ansible linting on. - Fixed invocation of local LDAP commands to use unix socket out of the box (don't depend on LDAP client configuration). - Default to state 'present' for ldap_entry (makes things a bit more readable/clear). - Added test data for backup and TLS. - Added dummy default test file.
|
|
branko
|
63aa7946b529
|
7 years ago
|
|
|
|
branko
|
19020779a000
|
7 years ago
|
|
MAR-108: Implemented initial boilerplate for backup_client tests:
- Fixed backup_client role handling of encryption keys. - Fixed backup server URI (had too many forward slashes). - Added Molecule instance configuration file for backup server, one backup client for testing mandatory parameters, and one backup client for testing optional parameters. - Implemented playbook for setting-up the test instances. - Added test data (SSH, GnuPG keys). - Added dummy (stock) Molecule test file.
|
|
branko
|
ea69b2719d8e
|
7 years ago
|
|
MAR-22: Implemented tests for the common role:
- Added missing documentation for pipreqcheck_uid and pipreqcheck_gid parameters. - Use static-hashed passwords for reproducibility during testing in test playbook. - Install Emacs and libmariadb-client-lgpl-dev-compat via test playbook on one of the testing instances in order to test related tasks. - Fixed parameter for connection limitting in test playbook. - Added explicit parameters to test playbook for pipreqcheck_gid and pipreqcheck_uid. - Fixed deployment of ferm configuration file ot include setting user/group and mode. - Added tests covering common deployment, deployment when only mandatory parameters are provided, and deployment when optional parameters are set as well.
|
|
branko
|
9ac50dd4765d
|
7 years ago
|
|
MAR-22: Linting fixes for test implementation for role 'common':
- Fixed small error in documentation for additional_groups parameter in the 'common' role. - Do not perform Ansible lint checks on handlers that run commands. - Fixed permission mode specification to include leading zero (i.e. mode=0640 instead of mode=640) when deploying directories, files, and templates. - Do not perform Ansible lint checks for task managing update of CA certificate cache (it must be done at that point). - Use become_user in conjunction with become. - Do not perform Ansible lint checks on command tasks that use the 'creates' parameter. - Do not use 'latest' version when installing pip in virtual environment used for performing pip package upgrade checks.
|
|
branko
|
8ccec95cdfa5
|
7 years ago
|
|
|
|
branko
|
ae30483e6fc2
|
7 years ago
|
|
|
|
branko
|
b3b2b6d5e9e2
|
8 years ago
|
|
|
|
branko
|
6b87dd13b24c
|
8 years ago
|
|
|
|
branko
|
4b964a31bd96
|
8 years ago
|
|
|
|
branko
|
6bc64e4e9c35
|
8 years ago
|
|
|
|
branko
|
f344ed6181a9
|
8 years ago
|
|
|
|
branko
|
430eb250e244
|
8 years ago
|
|
|
|
branko
|
111e954e826d
|
8 years ago
|
|
|
|
branko
|
f454072704fa
|
8 years ago
|
|
|
|
branko
|
67dd87d59abb
|
8 years ago
|
|
|
|
branko
|
4ca98a158269
|
8 years ago
|
|
|
|
branko
|
4a3c8915f967
|
8 years ago
|
|
|
|
branko
|
3bd270c9e860
|
8 years ago
|
|
|
|
branko
|
13fd27e4004c
|
8 years ago
|
|
|
|
branko
|
7c58a0eb0e5a
|
8 years ago
|
|
|
|
branko
|
4dc3b09894e9
|
8 years ago
|
|
|