MAR-189: Refactored admin acocunt handling in the ldap_server role:
- Get rid of the admin entry from the directory, and resort to using the directory's olcRootDN/olcRootPW attributes instead. Aligns Buster package deployment with Bullseye one, as implemented via fix for the following Debian bug:
- Add the helper filter plugin to deal with calculating the salted SHA1 checksum. - Drop the architecture from Molecule instance names. - Move the IPs around a tiny bit for Molecule instances.
MAR-189: Disable the legacy iptables tools by effectively renaming them:
- Somewhat more forceful but better way to deal with ferm in Bullseye explicitly using the legacy tools for some unspecified compatibility reasons. - Renders the tools unusable because the calling name has changed (they are all symlinks to the same file). - Not necessarily required on Debian Buster, but it also won't cause any damage there either.
MAR-189: Added support for Debian 11 Bullseye to common role:
- Drop the architecture suffix from all machines. - Introduced a hack/patch for Ferm utility that disables use of legacy iptables tools. - Minor fixes around package name differences compared to older distribution. - Use versioned binary name for Python 2.7.. Bullseye does not default/have /usr/bin/python pointing to Python 2.7 binary.
MAR-189: Added support for Debian 11 Bullseye to backup_client role:
- Duplicity on Buster and Bullseye uses different Python version (2 vs 3), install the correct Python pexpect package. - Switch the helper backup server to using Bullseye, and tweak its SSHD configuration accordingly.
MAR-189: Refactor hostname pattern for backup_client role (buster/bullseye/bookworm):
- Multiple releases one after the other have names that begin with letter b, making it necessary to use more than just one letter. - Use full distro codename, but shorten the parameters to param in order to avoid issues related to 32-character username limits (when bak-HOSTNAME user gets created). - Drop some leftover references to Debian Stretch. - Drop the arch from hostnames - default is to use 64-bit boxes anyway.
MAR-187: Reorder the deprecation tasks for xmpp_server role to make the runs reliable:
- Deprecated apt repository really needs to be removed first in case it has an unresolvable URL (so the backports repository cache update would trigger correctly). - Use the file removal for Prosody repository as well to make sure the file is dropped.
MAR-186: Reorder the deprecation tasks for xmpp_server role to make the runs reliable:
- Deprecated apt repository really needs to be removed first in case it has an unresolvable URL (so the backports repository cache update would trigger correctly). - Use the file removal for Prosody repository as well to make sure the file is dropped.
MAR-183: Drop the create/destroy playbooks for Molecule tests:
- These playbooks are automatically populated by Molecule runs, and only useful changing in very specific circumstances. - Solves issues about some missing functionality due to oudated playbook code (like mounting of share directory on host with Vagrant).
MAR-184: Update package versions for pip upgrade checks virtual environments:
- Should provide better test coverage compared to previously since newer versions of pip-tools have slightly different ways of resolving packages, as well as output formats.
MAR-181: Install Prosody from Debian backports repository:
- This way we should be able to get way more features available, and reduce chances of breaking upgrades from upstream project towards Debian-provided packages due to eventual bigger differences between the nightly builds and official releases.
MAR-181: Use Debian-provided Prosody package instead of project repository:
- Upstream repository has a tendency to drop support for older Debian releases, and to completely wipe old version repositories. - It should be way less hassle to simply start using the Debian-provided packages instead. - Introduces deprecation tests to check if the role will also clean-up the non-Debian packages.
MAR-181: Added workaround for Debian Buster tests:
- The upstream has dropped the repositories for Debian Buster. - Depend on alternative repository set-up on Majic servers. - Not a permanent fix, but at least it keeps the tests going.
MAR-181: Use Debian-provided Prosody package for testing optional parameter:
- Still properly tests the role, while at the same time making it possible to use custom apt repository for Debian Buster (due to Prosody project dropping all repository archives for it).
MAR-181: Increase memory for mail_server role test machines:
- ClamAV eats-up quite a bit of memory, and 1536MB is not enough. Most likely the memory usage will grow over time as the anti-virus database grows since it is loaded up into memory.
MAR-181: Drop support for Debian 9 Stretch from mail_server role:
- Switch to using IPs from VirtualBox default allowed host-only network subnets. - Use Debian Buster for helper machines. - Drop Stretch-specific code and tests.
MAR-181: Drop support for Debian 9 Stretch from the backup_client role:
- Provide more details on use of pexpect+sftp backed for Duplicity (backend has to be used on Debian 10 Buster as well, not just Debian 9 Stretch). - Switch to using IPs from VirtualBox default allowed host-only network subnets.
MAR-165: Deploy Diffie-Helman parameters for LDAP server in the ldap_server role:
- Not relevant for Debian Strech because of a bug in the OpenLDAP version it ships with. - This should allow use of DHE ciphers with LDAP server. - Generated DH parameters only help pick one of the parameters from RFC-7919 (based on the size of generated ones). - Make the cipher test lists distro-specific due to differences between supported algorithms in respective GnuTLS versions.
- The workaround was needed on Debian Jessie because the systemctl is-enabled command did not behave correctly for SysV init scripts. - Drop the installation of the rcconf package. - Use the "enabled" parameter in service module instead.
MAR-151: Fix The Bug Genie backup example in usage instructions:
- Properly set-up the directory where files are uplaoded. - Update instructions to mention what needs to be done in order to upload some files in The Bug Genie.
MAR-151: Fix authentication issues for backup client in usage instructions:
- Add warning about how Ansible file lookup can mess with trailing newlines. - Disable stripping of newlines when reading the backup client SSH private key.
MAR-151: Update usage instructions for setting-up PHP web application (The Bug Genie):
- Updated The Bug Genie to version 4.3.1. - Updated version of Composer used. Stay away from version 2.x due to idempotency problems in Ansible module (see https://github.com/ansible-collections/community.general/issues/1179). - Fix required version for lib-pcre since Debian Buster links agains lib-pcre 10. This should still work fine. - Instead of listing plaintext web URLs, list just the HTTPS ones.
MAR-151: Switch to Debian 10 Buster in usage instructions:
- Specify that Debian Buster should be used instead of Debian Stretch. - Switch to using https links where possible. - Minor fixes to wording/instructions. - Updated link towards Debian Buster preseed documentation appendix. - Use Python 3 when serving the preseed files. - Fixed DNS subject alternative name for the XMPP server (it should be the domain served by the XMPP server, not its canonical FQDN). - Added small note for database_server role and how it sets-up root account authentication, and update instructions for logging-in into database server as root.
- Include six as dependency for ipcalc (bug in packaging of ipcalc). - Updated requirements for the application. - Specify the wsgi_requirements_in parameter, and update the wsgi_requirements parameter.
MAR-151: Added support for Debian 10 Buster to xmpp_server role:
- Updated role reference documentaiton. - Updated role meta information. - Updated tests. - Enable lower-level TLS protocols (1.0/1.1) in global OpenSSL configuration file on Buster in order to be able to test the xmpp_server_tls_protocol parameter (otherwise Prosody completely refuses to use them even if listed in its configuration). - Move stretch-specific tests into its own file (for backported lua-ldap library), and run them on Debian 9 Stretch machines only.
MAR-151: Added support for Debian 10 Buster to wsgi_website role:
- Updated role reference documentaiton. - Updated role meta information. - Updated tests. - Replace the installation of libmariadbclient-dev-compat library with atftp - the actual package is differently named under Debian Stretch and Debian Buster (which would complicate the test without any benefits). - Drop the fix for root mail alias in Vagrant image - seems it's no longer a problem. - Split-up the test for web application user since it's not possible to keep it all under one parametrised test due to differences in assigned system UID numbers for Debian Stretch and Debian Buster. - Make the test for web application user less dependant on what the actual UID number is in case of default value. By default user should be created as system user, which means its UID number should be less than 1000.
MAR-151: Added support for Debian 10 Buster to php_website role:
- Updated role reference documentaiton. - Updated role meta information. - Updated tests. - Refactor the code to take into account differences in PHP-related paths between Debian Stretch and Debian Buster. - Make the test for web application user less dependant on what the actual UID number is in case of default value. By default user should be created as system user, which means its UID number should be less than 1000. - Drop the installation of libmariadbclient-dev-compat library - the test is good enough without it, and the actual package is differently named under Debian Stretch and Debian Buster (which would complicate the test without any benefits).
MAR-151: Added support for Debian 10 Buster to web_server role:
- Updated role reference documentaiton. - Updated role meta information. - Updated tests. - Refactor the code around handling of different directories and files for PHP 7.0 (Debian Stretch) and PHP 7.3 (Debian Buster). - Separate socket directory tests for WSGI and PHP applications (due to differences in paths for PHP in Debian Stretch and Debian Buster).
MAR-151: Added support for Debian 10 Buster to preseed role:
- Updated role reference documentaiton. - Updated role meta information. - Updated tests. - Parametrise distribution release in one of the tests to cover both servers with custom overrides being tested.
MAR-151: Use 2048-bit DH parameter for IMAP server under Debian 10 Buster:
- Deploy a statically-generated DH parameter. - Set-up DH parameter configuration based on Debian version. - Implemented test for newly-generated file.
MAR-151: Fix tests that fail due to differences between Debian Stretch and Debian Buster:
- Update the regex patterns used to locate deliveries via Dovecot. - Enable verbose mode for gnutls-cli in one of the tests in order to show the DH key size. - Update the list of expected TLS ciphers for SMTP port 25 to account for inclusion of additional ciphers in Debian Buster. - Fix how the allowed relay IP is being fetched, because host.ansible.get_variables method fails to resolve dynamic variables.
MAR-151: Added support for Debian 10 Buster to mail_server role:
- Updated role reference documentaiton. - Updated role meta information. - Updated tests. - Improve handling of configured IP in tests to avoid hard-coding the value in the relevant test for Postfix configuration file content.
MAR-151: Added support for Debian 10 Buster to mail_forwarder role:
- Updated role reference documentaiton. - Updated role meta information. - Updated tests. - Set the smtpd_relay_restrictions configuration option for Postfix SMTP server in mail_forwarder role (required for version found in Debian 10 Buster).
MAR-151: Added support for Debian 10 Buster to database role:
- Updated role reference documentaiton. - Updated role meta information. - Updated tests. - Fix test that produces different outputs during invocation on Stretch/Buster.
MAR-151: Added support for Debian 10 Buster to database_server role:
- Updated role reference documentaiton. - Updated role meta information. - Updated tests. - Deploy MariaDB client login configuration prior to setting-up users/passwords for deprecated feature testing to avoid errors when password gets changed in the middle of a task loop.
MAR-151: Added support for Debian 10 Buster to backup_server role:
- Updated role reference documentation. - Updated role meta information. - Updated tests. - Do not use distribution version-specific SSH configuration file for backup server SSH daemon.