MAR-122: Fixed handling of complex package versions for pip with Ansible 2.x:
- Use list for installing specific version of pip in the "pipreqcheck" virtual environment in common role. - Removed superficious (and incorrect) definition for application admin username in wsgi_website role. - Updated test playbook for wsgi_website role to test the fix. - Switched to passing-in package list for installing packages in virtual environment instead of using "with_items" in wsgi_website role.
MAR-118: Replaced handler with parametrised name in wsgi_website:
- Updated wsgi_website role. - Replaced handler with parametrised name used for restarting a single service with a generic handler that will restart zero or more services. - Updated test site roles to introduce explicit handler in them. - Updated usage instructions to include set-up of explicit handler for restarting the Wiki service.
MAR-117: Renamed ldap_entry and ldap_permissions modules:
- Renamed ldap_entry module to m_ldap_entry. - Renamed ldap_permissions module to m_ldap_permissions. - Renames done to avoid collisions with official modules (at least for ldap_entry).
MAR-114: Updated task syntax for bootstrap, preseed and xmpp roles:
- Updated web_server, php_website, and wsgi_website roles. - Added and removed quoting where it makes sense. - Switched to using expanded syntax (instead of one-liners). - Updated ordering of arguments in task definitions.
MAR-114: Updated task syntax for web server/application roles:
- Updated web_server, php_website, and wsgi_website roles. - Added and removed quoting where it makes sense. - Switched to using expanded syntax (instead of one-liners). - Updated ordering of arguments in task definitions.
- Updated mail_server and mail_forwarder roles. - Added and removed quoting where it makes sense. - Switched to using expanded syntax (instead of one-liners). - Updated ordering of arguments in task definitions.
- Updated ldap_client and ldap_server roles. - Added and removed quoting where it makes sense. - Switched to using expanded syntax (instead of one-liners).
- Updated database and database_server roles. - Added and removed quoting where it makes sense. - Switched to using expanded syntax (instead of one-liners).
- Updated backup, backup_client, and backup_server. - Added and removed quoting where it makes sense. - Switched to using expanded syntax (instead of one-liners). - Updated ordering of arguments in task definitions.
- Added quoting where it makes sense. - Switched to using expanded syntax (instead of one-liners). - Updated ordering of arguments in task definitions.
MAR-114: Moved set_fact for wsgi_website and php_website roles:
- Moved set_fact for setting application admin, user, and home directory into defaults/main.yml. - Updated test playbook for wsgi_website to fixate the ptpython and dnspython versions (including their dependencies). - Updated tests for wsgi_website to use new fixated versions for ptpython, dnspython, and their dependencies.
MAR-113: Added option for specifying relay port to mail_forwarder:
- Introduced new option "smtp_relay_host_port". - Updated the test playbook and tests to make sure new functionality works as expected. - Update role reference documentation. - Updated usage instructions.
- Updated mail_server role to deploy firewall rules that include redirection from TCP port 27 to TCP port 25. - Updated documentation to include references to the additional port. - Updated tests to cover the new functionality.
MAR-105: Added parameter for controlling firewall to mail_forwarder:
- Added new parameter smtp_from_relay_allowed. - Updated role reference documentation. - Added small note to usage instructions to mention the parameter's usability in case of NAT'ed machines or laptops. - Updated test playbook, adding another instance for testing the parameter, and added tests that cover new parameter. - Updated existing connectivity tests to be more specific and reliable.
MAR-110: Implemented script for running tests for all roles:
- Updated gitignore file to ignore test reports. - Updated instructions for running tests. - Added Bash script that wraps around Molecule and allows output of reports into a directory.
MAR-33: Implemented tests for the wsgi_website role:
- Updated test playbook to have better coverage of functionality. - Fixed some additional permission mode issues (leading zero). - Use expanded syntax for deploying TLS material in order to avoid mangling of TABs. - Implemented proper WSGI applications in order to test everything. - Implemented tests covering mandatory parameters, optional parameters, and the use of WSGI requirements/Paster.
MAR-33: Added initial scaffolding for wsgi_website tests:
- Added Molecule configuration file. - Implemented test playbook that sets-up three separate instances of WSGI website in order to test all variations of parameters. - Added name for the set_fact task. - Fixed linting errors related to mode that lacks leading zero. - Added skip_ansible_lint tag for command that creates the Python virtual environment. - Added missing become keyword wherever become_user is specified. - Fixed invalid parameter name for specifying if HTTPS should be enforced or not. - Added small initial sample WSGI apps that get deployed. - Added static/media sample files. - Added TLS material. - Added initial dummy test file.
- Install some additional tools for testing everything. - Updated test playbook to change allowed extensions for running PHP scripts on parameters-optional. - Updated error page to use correct extension for parameters-optional test instance. - Expanded rewrite configuration slightly for parameters-optional. - Install libmariadb-client-lgpl-dev-compat to test mysql_config symlink creation. - Deploy a number of PHP pages used for testing if pages are served correctly. - Set file permissions on deployed PHP FPM pool configuraiton files. - Use expanded syntax when deploying TLS keys/certificates in order to avoid issues with TAB mangling. - Fixed set-up of Strict-Transport-Security header when HTTPS enforcement is disabled. - Added a number of PHP and static test pages. - Wrote tests covering full functionality of the role.
MAR-29: Added scaffolding for testing the php_website role:
- Added molecule configuration with a single instance. - Added playbook that sets-up the test instances. - Fixed issues related to incorrect mode syntax when deploying files (missing leading zero). - Added test data. - Added dummy tests.
- Updated test playbook to deploy some additional test tools. - Use expanded syntax for deploying TLS keys and certificates in order to preserve tabs. - Added a number of tests that should cover full functionality of the server.
MAR-32: Added initial scaffolding for testing web_server role:
- Added Molecule configuration for for bringing up a couple of instances. - Added test playbook that sets-up test instances. - Fixed issues with file mode in tasks (added leading 0). - Added test data (TLS private keys and certificates). - Added dummy test file.
MAR-31: Implemented tests and small fixes for xmpp_server role:
- Updated test playbook to deploy simple XMPP non-interactive tool. - Updated test playbook to include an additional administrator for server hosting domain2 and domain3. - Updated test playbook to enable backup on parameters-optional test instance. - Use expanded syntax for deploying TLS key and certificate in order to prevent mangling of tab characters. - Set permissions on deployed Prosody configuration file in order to prevent LDAP password from being world-readable. - Implemented tests for backup functionality. - Implemented tests for client connectivity. - Implemented a number of tests that ensure XMPP server is deployed correctly. - Full functionality cannot be tested (like MUC and file proxy) due to partial lack of CLI-based tools.
MAR-31: Added scaffolding for testing xmpp_server role:
- Fixed wrong default for xmpp_domains parameter (should be a list). - Added Molecule configuration file with LDAP server, client, and two XMPP server instances. - Added test playbook that sets-up all servers. - Fixed mode syntax issues (use lead zero). - Added data required for testing. - Added dummy file with tests.
- Install swaks on mail-server instance for testing SMTP. - Install procmail via mail_forwarder role (needed to be explicit for Debian Stretch). - Introduce small sleep when mails are sent to localhost for delivery to remote hosts before checking the logs in order to allow Postfix to process the queue.
MAR-27: Implemented tests for mail_forwarder role:
- Install hping3 (for testing connectivity) on mail-server test machine. - Changed syntax used for deploying the SMTP relay truststore in order to ensure that tabs are preserved. - Implemented tests for the mail_fotwarder role. - Updated tests for mail_server role to check for new setting added (smtp_host_lookup).
MAR-27: Added initial scaffolding for testing mail_forwarder role:
- Fixed issues reported by Ansible linting check (some mode-related syntax and one ignore. - Added Molecule configuration for testing mandatory and optional parameters. Covers both Debian Jessie and Debian Stretch. - Added test playbook for setting-up the test instances. A helper relay mail server. - Updated both mail_server and mail_forwarder to fall-back to using native (/etc/hosts) resolving if DNS fails. Solves issue with test environment not having proper DNS set-up for all domains etc. - Added a number of data/config files associated with tests. - Added dummy test file.
MAR-28: Implemented backup tests for mail_server role:
- Reworked slightly how /etc/hosts is set-up to allow for multiple names to be associated with the same IP in test playbook. - Updated LDAP server to behave as backup server as well. - Enabled backups on server used for testing optional parameters. - Implemented backup tests. - Added necessary test data for backups (keys etc).
- Take into account different extension for ClamAV database (cvd or cld) that could happen in cases where the test VM has been running for a long time. - Before checking Dovecot directory permissions, make sure to send out at least two mails so the directory structure will get created. - Fixed incorrect directory path for testing Dovecot directory permissions.
MAR-28: Implemented additional tests for mail_server role:
- Deploy a number of tools on clients in order to test SMTP, IMAP, and Sieve services. - Added one more user to LDAP directory for testing group restrictions. - Deploy CA certificate on all testing machines for TLS validation purposes. - Use different custom-configured cipher for mail server ciphers. - Fixed invalid postmaster address for parameters-optional host. - Deploy configuration files for use with Imap-CLI on client test machines. - Updated testing of SMTP server to include checks for users that do not belong to mail group. - Extended some SMTP-related tests to cover both test servers. - Some small fixes in SMTP-related tests for expected output from commands. - Implemented tests covering Dovecot (IMAP + Sieve) functionality. - Implemented tests for running/enabled services. - Implemented tests for ClamAV. - Implemented tests for firewall and connectivity. - Implemented tests for Postfix TLS configuration. - TODO: Tests for Sieve TLS configuration have not been written yet due to limitation of available tools.
MAR-28: Impelmented general and SMTP-related tests for mail_server:
- Increased amount of memory in test instances to 768MB. - Fixed playbook for runs against client test instances. - Fixed typos and invalid settings in test playbook. - Switched to expanded syntax in tasks used for deploying TLS keys and certificates in order to avoid mangling of TAB characters. - Fixed missing permissions set-up for Postfix main configuration file. - Fixed deployment of Postfix master.cf configuration file to take into account configurable virtual mail user. - Implemented tests covering SMTP functionality.
MAR-28: Implemented scaffolding for testing the mail_server role:
- Added Molecule configuration. - Added test playbook. - Restart Postfix for truststore changes. - Added test data (private keys and certificates). - Fixed small documentation inaccuracy.
MAR-26: Implemented tests and fixes ldap_server role:
- Use static network configuration in order to make it easier to test connectivity from dedicated client. - Added client machine for testing firewall. - Added missing LDAP client configuration on instance used for testing of mandatory options. - Fixed name of server for backup testing purposes. - Expanded a bit the cipher configuration for LDAP server for testing optional parameters. - Fixed wrongly populated Debian selections setting for LDAP organisation. - Use templates for deploying LDAP TLS keys and certificates in order to avoid Ansible munching the TAB characters. - Implemented tests covering fully functionality of the role.
MAR-26: Implemented scaffolding for testing the ldap_server role:
- Fixed role documentation and example for the ldap_server ldap_entries parameter. - Fixed missing leading zero when setting mode for deployed files. - Marked certain tasks for skipping Ansible linting on. - Fixed invocation of local LDAP commands to use unix socket out of the box (don't depend on LDAP client configuration). - Default to state 'present' for ldap_entry (makes things a bit more readable/clear). - Added test data for backup and TLS. - Added dummy default test file.
- Updated test playbook to set-up backup_server as separate play in order to avoid skipping of backup_client role. - Updated test playbook to correctly set-up a single backup client. - Do not manage permissions on /srv/ directory in database role. This can interfere with backup client access. - Do not manage permissions on /srv/ directory in ldap_server role. This can interfere with backup client access. - Implemented common tests. - Implemented tests related to database backup.
MAR-23: Implemented initial scaffolding for testing database role:
- Added Molecule configuration. - Implemented basic playbook for setting-up the two instances used for testing mandatory parameters and backups. - Added data necessary for setting-up all roles. - Updated database_serve role Molecule configuration not to depends on the Ansible Galaxy.
MAR-24: Implemented tests for 'database_server' role:
- Added Molecule configuration for single platform and instance. - Added test playbook that deploys database_server role for testing. - Fixed mode setting by appending leading zero. - Ignore task that immediatelly restarts MariaDB database server. - Implemented tests for the role covering full functionality.
MAR-109: Added initial scaffolding for testing the 'backup' role:
- Added Molecule configuration file with two platforms and two instances. - Added test playbook that sets-up instances for testing of mandatory and optional parameters. - Added test data requiered for meta-dependency backup_client. - Added dummy default test.
MAR-108: Implemented tests for the backup_client role:
- Updated test playbook to deploy a simple script for testing pre-backup handles. - Added sample known_hosts to test data for comparison purposes. - Implemented a number of tests covering common set-up, set-up using only mandatory parameters, and set-up using optional parameters.
- Make sure that the /etc/duply/main/include file exists even if no backup patterns (via backup role) have been provided). - Fixed issue with backup_server_port not being used in the Duply configuration file.
MAR-108: Applied linting fixes for backup_client role:
- Ignore the two handlers for Ansible lint checks since they are only called via notify and if user explicitly requested so. - Simplify the playbook by installing python-pexpect unconditionally on all versions of Debian. - Fixed a number of file mode parameters to use leading zero.
- Refactored how the internal parameters for GnuPG binary name and length of key ID used in Duply configuration is set-up (use defaults/main.yml instead of set_facts module). - Added Debian Stretch as supported platform to molecule tests. - Replaced use of backup_server role for deployment with regular server with SSH properly set-up. - Use IP address for backup server instead of hostname for backup_client configuration. - Fixed key lookup for known hosts to use public keys (and not private keys). - Added public keys of server for deployment in client known_hosts file.
MAR-108: Implemented initial boilerplate for backup_client tests:
- Fixed backup_client role handling of encryption keys. - Fixed backup server URI (had too many forward slashes). - Added Molecule instance configuration file for backup server, one backup client for testing mandatory parameters, and one backup client for testing optional parameters. - Implemented playbook for setting-up the test instances. - Added test data (SSH, GnuPG keys). - Added dummy (stock) Molecule test file.
MAR-107: Test implementation for role 'backup_server':
- Implemented common set of tests. - Implemented tests for role usage where only mandatory parameters are supplied. - Implemented tests that are relevant to optional parameters. - Tests cover full functionality of the backup server.
MAR-107: Minor Ansible linting fixes for backup_server role:
- Use proper mode (with leading zero). - Deploy the backup server SSH keys via template in order to ensure the files end with newlines (otherwise OpenSSH server in Debian Jessie might not pick-up the ed25519 key).
MAR-107: Initial test config for role 'backup_server':
- Added Molecule configuration with two instances (for testing mandatory and optional parameters). - Added test playbook that sets-up the two instances. - Added test data (SSH keys).
- Use plain spaces in sudo configuration to make it easier to test. - Added testing for both Debian Stretch and Debian Jessie. - Fixed Ansible liniting for file mode. - Implemented a couple of basic tests.
MAR-22: Updated tests for common role to work against Debian Stretch:
- Use different package name in test playbook for MariaDB client development libraries based on debian release. - Be more specific in task that sets-up compatibility symbolic link for mysql_config. - Replaced one of the CA sample certificates to make tests less ambigious (use different subject DN). - Removed some unused CA certificates. - Updated a couple of tests to distinguish between Debian Stretch and Debian Jessie.
MAR-22: Added missing tests for common role and did small clean-up:
- Removed deployment of SSH client configuration from helper machine. - Added tests for verifying backup configuration (deployed via meta dependencies).
- Added missing documentation for pipreqcheck_uid and pipreqcheck_gid parameters. - Use static-hashed passwords for reproducibility during testing in test playbook. - Install Emacs and libmariadb-client-lgpl-dev-compat via test playbook on one of the testing instances in order to test related tasks. - Fixed parameter for connection limitting in test playbook. - Added explicit parameters to test playbook for pipreqcheck_gid and pipreqcheck_uid. - Fixed deployment of ferm configuration file ot include setting user/group and mode. - Added tests covering common deployment, deployment when only mandatory parameters are provided, and deployment when optional parameters are set as well.
MAR-22: Linting fixes for test implementation for role 'common':
- Fixed small error in documentation for additional_groups parameter in the 'common' role. - Do not perform Ansible lint checks on handlers that run commands. - Fixed permission mode specification to include leading zero (i.e. mode=0640 instead of mode=640) when deploying directories, files, and templates. - Do not perform Ansible lint checks for task managing update of CA certificate cache (it must be done at that point). - Use become_user in conjunction with become. - Do not perform Ansible lint checks on command tasks that use the 'creates' parameter. - Do not use 'latest' version when installing pip in virtual environment used for performing pip package upgrade checks.
MAR-22: Initial test implementation for role 'common':
- Added Molecule configuration covering all platforms with two hosts for testing mandatory and optional parameters, as well as helper machine. - Created test playbook for deploying necessary roles to servers with specific configuration settings. - Added sample data used by the test playbook. - Added stock test file.
MAR-30: Fixes for multiple platforms and more extensive testing:
- Include instructions on how to run tests against different platforms (Debian versions). - Use correct base box for Debian Stretch when testing role 'preseed'. - Use fixed hostnames when runnig teets for role 'preseed'. - Make sure to test preseed configuration file when providing overrides for a host that does not include overrides as well in role 'preseed'.
MAR-30: Added documentation related to development:
- Moved existing test site documentation under the new 'Development' chapter. - Added instructions for preparing development environment. - Added instructions for running Ansible role tests. - Added requirement input and txt files for use with pip-tools.
- Added global flake8 configuration to allow up to 160 characters per line (for Python linting checks). - Updated gitignore file to ignore Molecule artefacts. - Role is tested against 64-bit Debian Jessie and 64-bit Debian Stretch. - Tests cover variations on optional parameter inclusion, as well as generated preseed files.