MAR-151: Minor fix for wsgi_website role reference documentation:

- List paths for both Python 2 and Python 3 pip requirements upgrade
check directories.

MAR-151: Added support for Debian 10 Buster to xmpp_server role:

- Updated role reference documentaiton.
- Updated role meta information.
- Updated tests.
- Enable lower-level TLS protocols (1.0/1.1) in global OpenSSL
configuration file on Buster in order to be able to test the
xmpp_server_tls_protocol parameter (otherwise Prosody completely
refuses to use them even if listed in its configuration).
- Move stretch-specific tests into its own file (for backported
lua-ldap library), and run them on Debian 9 Stretch machines only.

MAR-151: Added support for Debian 10 Buster to wsgi_website role:

- Updated role reference documentaiton.
- Updated role meta information.
- Updated tests.
- Replace the installation of libmariadbclient-dev-compat library with
atftp - the actual package is differently named under Debian Stretch
and Debian Buster (which would complicate the test without any
benefits).
- Drop the fix for root mail alias in Vagrant image - seems it's no
longer a problem.
- Split-up the test for web application user since it's not possible
to keep it all under one parametrised test due to differences in
assigned system UID numbers for Debian Stretch and Debian Buster.
- Make the test for web application user less dependant on what the
actual UID number is in case of default value. By default user
should be created as system user, which means its UID number should
be less than 1000.

MAR-151: Added support for Debian 10 Buster to php_website role:

- Updated role reference documentaiton.
- Updated role meta information.
- Updated tests.
- Refactor the code to take into account differences in PHP-related
paths between Debian Stretch and Debian Buster.
- Make the test for web application user less dependant on what the
actual UID number is in case of default value. By default user
should be created as system user, which means its UID number should
be less than 1000.
- Drop the installation of libmariadbclient-dev-compat library - the
test is good enough without it, and the actual package is
differently named under Debian Stretch and Debian Buster (which
would complicate the test without any benefits).

MAR-151: Added support for Debian 10 Buster to web_server role:

- Updated role reference documentaiton.
- Updated role meta information.
- Updated tests.
- Refactor the code around handling of different directories and files
for PHP 7.0 (Debian Stretch) and PHP 7.3 (Debian Buster).
- Separate socket directory tests for WSGI and PHP applications (due
to differences in paths for PHP in Debian Stretch and Debian
Buster).

MAR-151: Added support for Debian 10 Buster to preseed role:

- Updated role reference documentaiton.
- Updated role meta information.
- Updated tests.
- Parametrise distribution release in one of the tests to cover both
servers with custom overrides being tested.

MAR-151: Added support for Debian 10 Buster to mail_server role:

- Updated role reference documentaiton.
- Updated role meta information.
- Updated tests.
- Improve handling of configured IP in tests to avoid hard-coding the
value in the relevant test for Postfix configuration file content.

MAR-151: Added support for Debian 10 Buster to mail_forwarder role:

- Updated role reference documentaiton.
- Updated role meta information.
- Updated tests.
- Set the smtpd_relay_restrictions configuration option for Postfix
SMTP server in mail_forwarder role (required for version found in
Debian 10 Buster).

MAR-151: Added support for Debian 10 Buster to ldap_server role:

- Updated role reference documentaiton.
- Updated role meta information.
- Updated tests.

MAR-151: Added support for Debian 10 Buster to ldap_client role:

- Updated role reference documentaiton.
- Updated role meta information.
- Updated tests.

MAR-151: Added support for Debian 10 Buster to database role:

- Updated role reference documentaiton.
- Updated role meta information.
- Updated tests.
- Fix test that produces different outputs during invocation on
Stretch/Buster.

MAR-151: Added support for Debian 10 Buster to database_server role:

- Updated role reference documentaiton.
- Updated role meta information.
- Updated tests.
- Deploy MariaDB client login configuration prior to setting-up
users/passwords for deprecated feature testing to avoid errors when
password gets changed in the middle of a task loop.

MAR-151: Added support for Debian 10 Buster to bootstrap role:

- Updated role reference documentaiton.
- Updated role meta information.
- Updated tests.

MAR-151: Added support for Debian 10 Buster to backup_server role:

- Updated role reference documentation.
- Updated role meta information.
- Updated tests.
- Do not use distribution version-specific SSH configuration file for
backup server SSH daemon.

MAR-151: Added support for Debian 10 Buster to common role:

- Updated tests.
- Updated role reference documentation.
- Updated role metadata information.
- Refactored IP plan for the test machines for better separation
between different types of machines and versions.
- Parametrised tests for limited connectivity using the maintenance
mode.
- Don't use MariaDB compat package in tests - name differs between
Debian 9 and Debian 10, and relevant parameter is already getting
tested properly using the remaining packages.

MAR-151: Added support for Debian 10 Buster to backup role:

- Updated tests.
- Updated role reference documentation.

MAR-151: Added support for Debian 10 Buster to backup_client role:

- Updated tests.
- Refactored one of the test to determine hostname dynamically.
- Update role reference documentation.

MAR-160: Update release notes, usage instructions, and role reference documentation:

- Describe the maintenance and maintenance_allowed_hosts parameters
for the common role.

MAR-168: Drop the Debian system maintenance user if present:

- Drop the user itself from the MySQL database.
- Update the Debian system maintenance configuration file if root is
not specified as the user within.
- Updated tests.
- Updated release notes.
- Updated role reference documentation.

MAR-168: Clean-up references to database_server root password:

- Updated role reference documentation.
- Updated usage instructions.
- Updated test configurations.
- Remvoed unused files/variables.
- Updated test site configuration.

MAR-168: Drop the user of passwords for the root MySQL account:

- Rely on unix_socket authentication plugin instead.
- Updated role reference documentation.
- Updated tests.

MAR-174: Enable Message Carbons (XEP-0280) and Message Archive Management (XEP-0313) via xmpp_server role:

- Updated release notes.
- Updated role reference documentation.
- Enable the two modules via Prosody configuration file, and set the
archive expiration configuration option for Prosody.
- Updated tests.

MAR-164: Fix Prosody TLS configuration in xmpp_server role:

- Added warning to role reference documentation about what DNS names
need to be included in the subject alternative name of issued
certificate used for Prosody.
- Added crontab with script that validates the certificate on daily
basis.
- Updated tests to include the proxy.DOMAIN and conference.DOMAIN DNS
names in subject alternative name for generated test certificates.
- Added and updated tests that cover new functionality.
- Fixed the Prosody TLS configuration to have common parameters
specified in general section, and any kind of overrides (mainly the
ciphers) in more specific sections.
- Updated release notes.

MAR-170: Always enforce use of HTTPS in the php_server role:

- Dropped the enforce_https parameter.
- Updated tests.
- Updated release notes.
- Update role reference documentation.
- Update usage instructions.

MAR-170: Always enforce use of HTTPS in the wsgi_server role:

- Dropped the enforce_https parameter.
- Updated tests.
- Updated release notes.

MAR-170: Always enforce use of HTTPS in the web_server role:

- Dropped the default_enforce_https parameter.
- Updated tests.
- Updated release notes.

MAR-171: Make the xmpp_domains parameter mandatory:

- Updated release notes.
- Updated role reference documentation.
- Dropped the default value for parameter from the xmpp_server role.
- Updated tests.

MAR-159: Added wsgi_requirements_in parameter to wsgi_website role:

- Added the parameter as optional.
- Updated role reference documentation.
- Updated release notes.
- Updated tests.

MAR-161: Make the ldap_server_domain parameter in the ldap_server role mandatory:

- Updated the ldap_server role.
- Removed default value for the parameter.
- Updated tests.
- Updated role reference documentation.
- Updated release notes.
- Dropped the .local from the Molecule instance names.

MAR-155: Make the ansible_key parameter in the bootstrap role mandatory:

- Updated the preseed role.
- Removed default value for the parameter.
- Updated tests.
- Updated role reference documentation.
- Updated release notes.

MAR-155: Make the ansible_key parameter in the preseed role mandatory:

- Updated the preseed role.
- Removed default value for the parameter.
- Updated tests.
- Updated role reference documentation.
- Updated release notes.

MAR-155: Make the preseed_directory parameter in the preseed role mandatory:

- Updated the preseed role.
- Removed default value for the parameter.
- Updated tests.
- Updated role reference documentation.
- Updated release notes.

MAR-164: Harden the c2s TLS configuration for the XMPP server role:

- Updated the xmpp_server role.
- Added (optional) xmpp_server_tls_protocol and
xmpp_server_tls_ciphers parameters for specifying the desired
TLS protocol version and ciphers for the c2s connections.
- Updated XMPP server configuration to introduce separate TLS
configuration for the s2s and c2s (legacy included) connections.
- Drop support for Prosody 0.9 since it is not possible to have
separate TLS configuration for c2s and s2s connections.
- Updated role reference documentation.

MAR-158: Update default TLS ciphers configuration in the mail_server role:

- Updated the default value for parameter mail_server_tls_ciphers.
- Updated tests, making them explicitly test for enabled and disabled
ciphers.
- Refactored tests for TLS to use nmap ssl-enum-ciphers script for
listing available TLS versions and ciphers.
- Install nmap as part of preparation step.
- Updated role reference documentation.

MAR-158: Update default TLS ciphers configuration in the ldap_server role:

- Updated the default value for parameter ldap_tls_ciphers.
- Updated tests, making them explicitly test for enabled and disabled
ciphers
- Updated role reference documentation.

MAR-158: Update default TLS cipher configuration in the web_server role:

- Updated the default value for parameter web_server_tls_ciphers.
- Updated tests, making them explicitly test for enabled and disabled
ciphers.
- Updated role reference documentation.

MAR-162: Make the smtp_relay_truststore parameter mandatory in mail_forwarder role:

- Dropped the defaults from mail_forwarder role.
- Updated group variables in role tests.
- Updated role reference documentation.
- Updated usage instructions to include the mandatory parameter.
- Deduplicated tests for the TLS files.

MAR-162: Make the xmpp_tls_certificate and xmpp_tls_key parameters mandatory in xmpp_server role:

- Dropped the defaults from wsgi_server role.
- Updated group variables in role tests.
- Changed the key/certificate file extensions to be more descriptive.
- Updated role reference documentation.
- Updated usage instructions to include the mandatory parameters.
- Deduplicated tests for the TLS files.

MAR-162: Make the https_tls_certificate and https_tls_key parameters mandatory in wsgi_website role:

- Dropped the defaults from wsgi_server role.
- Updated group variables in role tests.
- Changed the key/certificate file extensions to be more descriptive.
- Updated role reference documentation.
- Updated usage instructions to include the mandatory parameters.

MAR-162: Make the https_tls_certificate and https_tls_key parameters mandatory in php_website role:

- Dropped the defaults from php_server role.
- Updated group variables in role tests.
- Changed the key/certificate file extensions to be more descriptive.
- Updated role reference documentation.
- Updated usage instructions to include the mandatory parameters.

MAR-162: Make the default_https_tls_certificate and default_https_tls_key parameters mandatory:

- Dropped the defaults from web_server role.
- Updated group variables in role tests.
- Changed the key/certificate file extensions to be more descriptive.
- Updated role reference documentation.
- Updated usage instructions to include the mandatory parameters.

MAR-162: Make the mail_ldap_tls_truststore, imap_tls_key, imap_tls_certificate, smtp_tls_key, and smtp_tls_certificate parameters mandatory:

- Dropped the defaults from mail_server role.
- Updated group variables in role tests.
- Changed the key/certificate file extensions to be more descriptive.
- Updated role reference documentation.
- Updated usage instructions to include the mandatory parameters.

MAR-162: Make the ldap_server_tls_certificate ldap_server_tls_key parameters mandatory:

- Updated release notes.
- Updated role reference documentation.
- Updated usage instructions to cover set-up of CA hierarchy earlier on
in the process.

MAR-153: Updated role reference documentation and release notes:

- Marks the change as breaking because it could mean older
client/servers cannot interoperate with the Majic Ansible Roles TLS
services any longer.

MAR-152: Drop support for Debian 8 Jessie from the backup_client role:

- Simplify the invocation of GnuPG commands (since we don't have to
massage output formats depending on distribution version anymore).

MAR-146: Added separate parameter for Pyhton 3 virtual environment used for upgrade checks:

- Release notes updated to mention the breaking change.
- Updated role reference documentation to cover the new parameter.
- Updated default values for the dedicated Python virtual
environments.
- Update role common to deploy separate requirements for the two
environments.
- Include wheel package in the requirements.

MAR-138: Updated documentation and release notes:

- Document the new xmpp_prosody_package parameter.
- Add the breaking change informaiton in release notes (although most
likely nothing will be really broken).

MAR-132: Update documentation for backup_server role:

- Mention that DSA key is required only on Debian Jessie.
- Remove unused parameter from role defaults.

MAR-132: Added support for Debian 9 (Stretch) to backup_server role:

- Deploy slightly different sshd_config file for Stretch (DSA key
unused).
- Updated Molecule tests to cover testing on Debian 9.
- Updated role reference documentation.

MAR-132: Added support for Debian 9 (Stretch) to database role:

- Updated Molecule test configuration to include Debian 9 Stretch.
- Updated documentation.

MAR-132: Added support for Debian 9 (Stretch) to database_server role:

- Updated Molecule test configuration to include Debian 9 Stretch in
test matrix.
- Updated tests related to UTF-8 configuration (differences between
Debian 8 and 9).
- Deploy UTF-8 configuration in alternate locations depending on what
distro is being used.
- Force set-up of root password on Debian Stretch (default is to use
the unix_socket authentication).

MAR-132: Added support for Debian 9 (Stretch) to wsgi_website role:

- Set the shell for application system account explicitly (workaround
for Debian bug 865762 in Stretch).
- Updated Molecule tests to cover Debian 9.
- Updated Molecule test preparation playbook to account for a number
of differences between Jessie and Stretch (mainly related to mailing
functionality).
- Renamed a couple of variables in test for sending out mails to make
it clearer what is being looked up as part of regex matching.
- Updated Molecule tests where certain paths depend on what Debian
release they are ran against.
- Split-up Jessie-specific tests into separate file.
- Remove the /bin/ss utility instead of renaming it (testinfra socket
tests do not work with /bin/ss).

MAR-132: Added support for Debian 9 (Stretch) to php_website role:

- Implemented the necessary changes related to differences between PHP
versions and related paths (PHP 5 vs PHP 7).
- Set the shell for application system account explicitly (workaround
for Debian bug 865762 in Stretch).
- Updated Molecule tests to cover Debian 9.
- Updated Molecule test preparation playbook to account for a number
of differences between Jessie and Stretch (mainly related to mailing
functionality).
- Use more specific host groups in tests.
- Renamed a couple of variables in test for sending out mails to make
it clearer what is being looked up as part of regex matching.
- Updated Molecule tests where certain paths depend on what Debian
release they are ran against.
- Split-up Jessie-specific tests into separate file.

MAR-132: Added support for Debian 9 (Stretch) to web_server role:

- Introduced internal parameters for controlling differing package
names, service names, and paths for PHP FPM package.
- Added Debian 9 machines to Molecule configuration, including the
client machine.
- Restructured slightly preparaiton playbook to support both Jessie
and Stretch.
- Added custom pytest fixture for having a better way to determine
expected package names etc related to PHP.
- Created copy of private key/certificate pair used for testing of
mandatory parameters (to be used with Stretch machine).
- Fixed invalid specification for hosts on top of which the
connectivity test should be run.
- Updated a couple of task names (avoiding to reference PHP 5).
- Updated documentation.

MAR-132: Added support for Debian 9 (Stretch) to mail_server role:

- Updated Molecule configuration to include set-up of additional
instances for testing.
- Updated configuration for test instances.
- Use separate clients in testing of Jessie/Stretch instances.
- Duplicate private keys/certificates for testing of mandatory
parameters on Debian 9.
- Refactored testing of mail deliveries (via swaks) to use
test-generated message ID - improves reliability and solves some
incompatibilities between swaks version in Jessie and Stretch.
- Updated tests for TLS testing to take into account newer OpenSSL
error/output messages. A bit of an ugly hack at the moment, but
beats duplicating tests for now.

MAR-132: Added support to xmpp_server role for Debian 9 (Stretch):

- Updated tests to include Debian 9 in testing. Existing private keys
are reused where possible (since most of the naming is identical
between the machines with jessie/stretch).
- Updated invocation of sendxmpp in tests as workaround for
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854210.
- Updated testing of imported keys to accomodate differences between
gpg/gpg2 (used by apt-key in Jessie/Stretch).

MAR-132: Add support for Debian 9 (Stretch) to ldap_server role:

- Updated Molecule tests to cover Debian 9 as well.
- Remove the ss utility instead of renaming it when preparing for
tests, and make sure the netstat utility is available.
- Duplicate private key/certificate for mandatory parameters testing.

MAR-131: Added support for specifying Python version in wsgi_website role:

- Introduced additional role parameter for specifying the Python
version.
- Updated tests to verify new functionality.
- Fixed existing tests to account for differences between Python 2 and
Python 3 - including changes to WSGI test applications.
- Updated documentation, documenting new parameter and fixing one
minor typo.
- Updated release notes.
- Bumped default version of Gunicorn/futures used.

MAR-133: Improve output for certificate checks:

- Do not produce warnings in case no certificates have been configured
for checking.
- Only send out mails about certificates that are about to expire.
- Include information in how many days a certificate is going to
expire.
- Include information on whether the certificates has already expired.

MAR-129: Removed m_ldap_entry module:

- Removed the custom m_ldap_entry module used for managing LDAP
entries.
- Replaced the module usage with official ldap_entry and ldap_attr
modules.
- Updated role reference documentation.
- Updated usage instructions since we can't misuse the m_ldap_entry
any longer for adding members to groups.

MAR-127: Updated documentation and testsite configuration for NTP:

- Updated role reference documentation for common role to list the new
functionality and documented the new parameter.
- Updated usage instructions to mention NTP time synchronisation
configuration.
- Updated testsite configuration to set-up the NTP time
synchronisation.

MAR-113: Added option for specifying relay port to mail_forwarder:

- Introduced new option "smtp_relay_host_port".
- Updated the test playbook and tests to make sure new functionality works as
expected.
- Update role reference documentation.
- Updated usage instructions.

MAR-112: Added alternate SMTP port:

- Updated mail_server role to deploy firewall rules that include redirection
from TCP port 27 to TCP port 25.
- Updated documentation to include references to the additional port.
- Updated tests to cover the new functionality.

MAR-105: Added parameter for controlling firewall to mail_forwarder:

- Added new parameter smtp_from_relay_allowed.
- Updated role reference documentation.
- Added small note to usage instructions to mention the parameter's usability in
case of NAT'ed machines or laptops.
- Updated test playbook, adding another instance for testing the parameter, and
added tests that cover new parameter.
- Updated existing connectivity tests to be more specific and reliable.

MAR-28: Implemented scaffolding for testing the mail_server role:

- Added Molecule configuration.
- Added test playbook.
- Restart Postfix for truststore changes.
- Added test data (private keys and certificates).
- Fixed small documentation inaccuracy.

MAR-26: Implemented scaffolding for testing the ldap_server role:

- Fixed role documentation and example for the ldap_server ldap_entries
parameter.
- Fixed missing leading zero when setting mode for deployed files.
- Marked certain tasks for skipping Ansible linting on.
- Fixed invocation of local LDAP commands to use unix socket out of the
box (don't depend on LDAP client configuration).
- Default to state 'present' for ldap_entry (makes things a bit more
readable/clear).
- Added test data for backup and TLS.
- Added dummy default test file.

MAR-108: Implemented initial boilerplate for backup_client tests:

- Fixed backup_client role handling of encryption keys.
- Fixed backup server URI (had too many forward slashes).
- Added Molecule instance configuration file for backup server, one backup
client for testing mandatory parameters, and one backup client for testing
optional parameters.
- Implemented playbook for setting-up the test instances.
- Added test data (SSH, GnuPG keys).
- Added dummy (stock) Molecule test file.

MAR-22: Implemented tests for the common role:

- Added missing documentation for pipreqcheck_uid and pipreqcheck_gid
parameters.
- Use static-hashed passwords for reproducibility during testing in test
playbook.
- Install Emacs and libmariadb-client-lgpl-dev-compat via test playbook on one
of the testing instances in order to test related tasks.
- Fixed parameter for connection limitting in test playbook.
- Added explicit parameters to test playbook for pipreqcheck_gid and
pipreqcheck_uid.
- Fixed deployment of ferm configuration file ot include setting user/group and
mode.
- Added tests covering common deployment, deployment when only mandatory
parameters are provided, and deployment when optional parameters are set as
well.

MAR-22: Linting fixes for test implementation for role 'common':

- Fixed small error in documentation for additional_groups parameter in the
'common' role.
- Do not perform Ansible lint checks on handlers that run commands.
- Fixed permission mode specification to include leading zero (i.e. mode=0640
instead of mode=640) when deploying directories, files, and templates.
- Do not perform Ansible lint checks for task managing update of CA certificate
cache (it must be done at that point).
- Use become_user in conjunction with become.
- Do not perform Ansible lint checks on command tasks that use the 'creates'
parameter.
- Do not use 'latest' version when installing pip in virtual environment used
for performing pip package upgrade checks.