MAR-151: Added support for Debian 10 Buster to common role:

- Updated tests.
- Updated role reference documentation.
- Updated role metadata information.
- Refactored IP plan for the test machines for better separation
between different types of machines and versions.
- Parametrised tests for limited connectivity using the maintenance
mode.
- Don't use MariaDB compat package in tests - name differs between
Debian 9 and Debian 10, and relevant parameter is already getting
tested properly using the remaining packages.

MAR-151: Added support for Debian 10 Buster to backup role:

- Updated tests.
- Updated role reference documentation.

MAR-151: Added support for Debian 10 Buster to backup_client role:

- Updated tests.
- Refactored one of the test to determine hostname dynamically.
- Update role reference documentation.

MAR-160: Update release notes, usage instructions, and role reference documentation:

- Describe the maintenance and maintenance_allowed_hosts parameters
for the common role.

MAR-168: Drop the Debian system maintenance user if present:

- Drop the user itself from the MySQL database.
- Update the Debian system maintenance configuration file if root is
not specified as the user within.
- Updated tests.
- Updated release notes.
- Updated role reference documentation.

MAR-168: Clean-up references to database_server root password:

- Updated role reference documentation.
- Updated usage instructions.
- Updated test configurations.
- Remvoed unused files/variables.
- Updated test site configuration.

MAR-168: Drop the user of passwords for the root MySQL account:

- Rely on unix_socket authentication plugin instead.
- Updated role reference documentation.
- Updated tests.

MAR-174: Enable Message Carbons (XEP-0280) and Message Archive Management (XEP-0313) via xmpp_server role:

- Updated release notes.
- Updated role reference documentation.
- Enable the two modules via Prosody configuration file, and set the
archive expiration configuration option for Prosody.
- Updated tests.

MAR-164: Fix Prosody TLS configuration in xmpp_server role:

- Added warning to role reference documentation about what DNS names
need to be included in the subject alternative name of issued
certificate used for Prosody.
- Added crontab with script that validates the certificate on daily
basis.
- Updated tests to include the proxy.DOMAIN and conference.DOMAIN DNS
names in subject alternative name for generated test certificates.
- Added and updated tests that cover new functionality.
- Fixed the Prosody TLS configuration to have common parameters
specified in general section, and any kind of overrides (mainly the
ciphers) in more specific sections.
- Updated release notes.

MAR-170: Always enforce use of HTTPS in the php_server role:

- Dropped the enforce_https parameter.
- Updated tests.
- Updated release notes.
- Update role reference documentation.
- Update usage instructions.

MAR-170: Always enforce use of HTTPS in the wsgi_server role:

- Dropped the enforce_https parameter.
- Updated tests.
- Updated release notes.

MAR-170: Always enforce use of HTTPS in the web_server role:

- Dropped the default_enforce_https parameter.
- Updated tests.
- Updated release notes.

MAR-171: Make the xmpp_domains parameter mandatory:

- Updated release notes.
- Updated role reference documentation.
- Dropped the default value for parameter from the xmpp_server role.
- Updated tests.

MAR-159: Added wsgi_requirements_in parameter to wsgi_website role:

- Added the parameter as optional.
- Updated role reference documentation.
- Updated release notes.
- Updated tests.

MAR-161: Make the ldap_server_domain parameter in the ldap_server role mandatory:

- Updated the ldap_server role.
- Removed default value for the parameter.
- Updated tests.
- Updated role reference documentation.
- Updated release notes.
- Dropped the .local from the Molecule instance names.

MAR-155: Make the ansible_key parameter in the bootstrap role mandatory:

- Updated the preseed role.
- Removed default value for the parameter.
- Updated tests.
- Updated role reference documentation.
- Updated release notes.

MAR-155: Make the ansible_key parameter in the preseed role mandatory:

- Updated the preseed role.
- Removed default value for the parameter.
- Updated tests.
- Updated role reference documentation.
- Updated release notes.

MAR-155: Make the preseed_directory parameter in the preseed role mandatory:

- Updated the preseed role.
- Removed default value for the parameter.
- Updated tests.
- Updated role reference documentation.
- Updated release notes.

MAR-164: Harden the c2s TLS configuration for the XMPP server role:

- Updated the xmpp_server role.
- Added (optional) xmpp_server_tls_protocol and
xmpp_server_tls_ciphers parameters for specifying the desired
TLS protocol version and ciphers for the c2s connections.
- Updated XMPP server configuration to introduce separate TLS
configuration for the s2s and c2s (legacy included) connections.
- Drop support for Prosody 0.9 since it is not possible to have
separate TLS configuration for c2s and s2s connections.
- Updated role reference documentation.

MAR-158: Update default TLS ciphers configuration in the mail_server role:

- Updated the default value for parameter mail_server_tls_ciphers.
- Updated tests, making them explicitly test for enabled and disabled
ciphers.
- Refactored tests for TLS to use nmap ssl-enum-ciphers script for
listing available TLS versions and ciphers.
- Install nmap as part of preparation step.
- Updated role reference documentation.

MAR-158: Update default TLS ciphers configuration in the ldap_server role:

- Updated the default value for parameter ldap_tls_ciphers.
- Updated tests, making them explicitly test for enabled and disabled
ciphers
- Updated role reference documentation.

MAR-158: Update default TLS cipher configuration in the web_server role:

- Updated the default value for parameter web_server_tls_ciphers.
- Updated tests, making them explicitly test for enabled and disabled
ciphers.
- Updated role reference documentation.

MAR-162: Make the smtp_relay_truststore parameter mandatory in mail_forwarder role:

- Dropped the defaults from mail_forwarder role.
- Updated group variables in role tests.
- Updated role reference documentation.
- Updated usage instructions to include the mandatory parameter.
- Deduplicated tests for the TLS files.

MAR-162: Make the xmpp_tls_certificate and xmpp_tls_key parameters mandatory in xmpp_server role:

- Dropped the defaults from wsgi_server role.
- Updated group variables in role tests.
- Changed the key/certificate file extensions to be more descriptive.
- Updated role reference documentation.
- Updated usage instructions to include the mandatory parameters.
- Deduplicated tests for the TLS files.

MAR-162: Make the https_tls_certificate and https_tls_key parameters mandatory in wsgi_website role:

- Dropped the defaults from wsgi_server role.
- Updated group variables in role tests.
- Changed the key/certificate file extensions to be more descriptive.
- Updated role reference documentation.
- Updated usage instructions to include the mandatory parameters.

MAR-162: Make the https_tls_certificate and https_tls_key parameters mandatory in php_website role:

- Dropped the defaults from php_server role.
- Updated group variables in role tests.
- Changed the key/certificate file extensions to be more descriptive.
- Updated role reference documentation.
- Updated usage instructions to include the mandatory parameters.

MAR-162: Make the default_https_tls_certificate and default_https_tls_key parameters mandatory:

- Dropped the defaults from web_server role.
- Updated group variables in role tests.
- Changed the key/certificate file extensions to be more descriptive.
- Updated role reference documentation.
- Updated usage instructions to include the mandatory parameters.

MAR-162: Make the mail_ldap_tls_truststore, imap_tls_key, imap_tls_certificate, smtp_tls_key, and smtp_tls_certificate parameters mandatory:

- Dropped the defaults from mail_server role.
- Updated group variables in role tests.
- Changed the key/certificate file extensions to be more descriptive.
- Updated role reference documentation.
- Updated usage instructions to include the mandatory parameters.

MAR-162: Make the ldap_server_tls_certificate ldap_server_tls_key parameters mandatory:

- Updated release notes.
- Updated role reference documentation.
- Updated usage instructions to cover set-up of CA hierarchy earlier on
in the process.

MAR-153: Updated role reference documentation and release notes:

- Marks the change as breaking because it could mean older
client/servers cannot interoperate with the Majic Ansible Roles TLS
services any longer.

MAR-152: Drop support for Debian 8 Jessie from the backup_client role:

- Simplify the invocation of GnuPG commands (since we don't have to
massage output formats depending on distribution version anymore).

MAR-146: Added separate parameter for Pyhton 3 virtual environment used for upgrade checks:

- Release notes updated to mention the breaking change.
- Updated role reference documentation to cover the new parameter.
- Updated default values for the dedicated Python virtual
environments.
- Update role common to deploy separate requirements for the two
environments.
- Include wheel package in the requirements.

MAR-138: Updated documentation and release notes:

- Document the new xmpp_prosody_package parameter.
- Add the breaking change informaiton in release notes (although most
likely nothing will be really broken).

MAR-132: Update documentation for backup_server role:

- Mention that DSA key is required only on Debian Jessie.
- Remove unused parameter from role defaults.

MAR-132: Added support for Debian 9 (Stretch) to backup_server role:

- Deploy slightly different sshd_config file for Stretch (DSA key
unused).
- Updated Molecule tests to cover testing on Debian 9.
- Updated role reference documentation.

MAR-132: Added support for Debian 9 (Stretch) to database role:

- Updated Molecule test configuration to include Debian 9 Stretch.
- Updated documentation.

MAR-132: Added support for Debian 9 (Stretch) to database_server role:

- Updated Molecule test configuration to include Debian 9 Stretch in
test matrix.
- Updated tests related to UTF-8 configuration (differences between
Debian 8 and 9).
- Deploy UTF-8 configuration in alternate locations depending on what
distro is being used.
- Force set-up of root password on Debian Stretch (default is to use
the unix_socket authentication).

MAR-132: Added support for Debian 9 (Stretch) to wsgi_website role:

- Set the shell for application system account explicitly (workaround
for Debian bug 865762 in Stretch).
- Updated Molecule tests to cover Debian 9.
- Updated Molecule test preparation playbook to account for a number
of differences between Jessie and Stretch (mainly related to mailing
functionality).
- Renamed a couple of variables in test for sending out mails to make
it clearer what is being looked up as part of regex matching.
- Updated Molecule tests where certain paths depend on what Debian
release they are ran against.
- Split-up Jessie-specific tests into separate file.
- Remove the /bin/ss utility instead of renaming it (testinfra socket
tests do not work with /bin/ss).

MAR-132: Added support for Debian 9 (Stretch) to php_website role:

- Implemented the necessary changes related to differences between PHP
versions and related paths (PHP 5 vs PHP 7).
- Set the shell for application system account explicitly (workaround
for Debian bug 865762 in Stretch).
- Updated Molecule tests to cover Debian 9.
- Updated Molecule test preparation playbook to account for a number
of differences between Jessie and Stretch (mainly related to mailing
functionality).
- Use more specific host groups in tests.
- Renamed a couple of variables in test for sending out mails to make
it clearer what is being looked up as part of regex matching.
- Updated Molecule tests where certain paths depend on what Debian
release they are ran against.
- Split-up Jessie-specific tests into separate file.

MAR-132: Added support for Debian 9 (Stretch) to web_server role:

- Introduced internal parameters for controlling differing package
names, service names, and paths for PHP FPM package.
- Added Debian 9 machines to Molecule configuration, including the
client machine.
- Restructured slightly preparaiton playbook to support both Jessie
and Stretch.
- Added custom pytest fixture for having a better way to determine
expected package names etc related to PHP.
- Created copy of private key/certificate pair used for testing of
mandatory parameters (to be used with Stretch machine).
- Fixed invalid specification for hosts on top of which the
connectivity test should be run.
- Updated a couple of task names (avoiding to reference PHP 5).
- Updated documentation.

MAR-132: Added support for Debian 9 (Stretch) to mail_server role:

- Updated Molecule configuration to include set-up of additional
instances for testing.
- Updated configuration for test instances.
- Use separate clients in testing of Jessie/Stretch instances.
- Duplicate private keys/certificates for testing of mandatory
parameters on Debian 9.
- Refactored testing of mail deliveries (via swaks) to use
test-generated message ID - improves reliability and solves some
incompatibilities between swaks version in Jessie and Stretch.
- Updated tests for TLS testing to take into account newer OpenSSL
error/output messages. A bit of an ugly hack at the moment, but
beats duplicating tests for now.

MAR-132: Added support to xmpp_server role for Debian 9 (Stretch):

- Updated tests to include Debian 9 in testing. Existing private keys
are reused where possible (since most of the naming is identical
between the machines with jessie/stretch).
- Updated invocation of sendxmpp in tests as workaround for
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854210.
- Updated testing of imported keys to accomodate differences between
gpg/gpg2 (used by apt-key in Jessie/Stretch).

MAR-132: Add support for Debian 9 (Stretch) to ldap_server role:

- Updated Molecule tests to cover Debian 9 as well.
- Remove the ss utility instead of renaming it when preparing for
tests, and make sure the netstat utility is available.
- Duplicate private key/certificate for mandatory parameters testing.

MAR-131: Added support for specifying Python version in wsgi_website role:

- Introduced additional role parameter for specifying the Python
version.
- Updated tests to verify new functionality.
- Fixed existing tests to account for differences between Python 2 and
Python 3 - including changes to WSGI test applications.
- Updated documentation, documenting new parameter and fixing one
minor typo.
- Updated release notes.
- Bumped default version of Gunicorn/futures used.

MAR-133: Improve output for certificate checks:

- Do not produce warnings in case no certificates have been configured
for checking.
- Only send out mails about certificates that are about to expire.
- Include information in how many days a certificate is going to
expire.
- Include information on whether the certificates has already expired.

MAR-129: Removed m_ldap_entry module:

- Removed the custom m_ldap_entry module used for managing LDAP
entries.
- Replaced the module usage with official ldap_entry and ldap_attr
modules.
- Updated role reference documentation.
- Updated usage instructions since we can't misuse the m_ldap_entry
any longer for adding members to groups.

MAR-127: Updated documentation and testsite configuration for NTP:

- Updated role reference documentation for common role to list the new
functionality and documented the new parameter.
- Updated usage instructions to mention NTP time synchronisation
configuration.
- Updated testsite configuration to set-up the NTP time
synchronisation.

MAR-113: Added option for specifying relay port to mail_forwarder:

- Introduced new option "smtp_relay_host_port".
- Updated the test playbook and tests to make sure new functionality works as
expected.
- Update role reference documentation.
- Updated usage instructions.

MAR-112: Added alternate SMTP port:

- Updated mail_server role to deploy firewall rules that include redirection
from TCP port 27 to TCP port 25.
- Updated documentation to include references to the additional port.
- Updated tests to cover the new functionality.

MAR-105: Added parameter for controlling firewall to mail_forwarder:

- Added new parameter smtp_from_relay_allowed.
- Updated role reference documentation.
- Added small note to usage instructions to mention the parameter's usability in
case of NAT'ed machines or laptops.
- Updated test playbook, adding another instance for testing the parameter, and
added tests that cover new parameter.
- Updated existing connectivity tests to be more specific and reliable.

MAR-28: Implemented scaffolding for testing the mail_server role:

- Added Molecule configuration.
- Added test playbook.
- Restart Postfix for truststore changes.
- Added test data (private keys and certificates).
- Fixed small documentation inaccuracy.

MAR-26: Implemented scaffolding for testing the ldap_server role:

- Fixed role documentation and example for the ldap_server ldap_entries
parameter.
- Fixed missing leading zero when setting mode for deployed files.
- Marked certain tasks for skipping Ansible linting on.
- Fixed invocation of local LDAP commands to use unix socket out of the
box (don't depend on LDAP client configuration).
- Default to state 'present' for ldap_entry (makes things a bit more
readable/clear).
- Added test data for backup and TLS.
- Added dummy default test file.

MAR-108: Implemented initial boilerplate for backup_client tests:

- Fixed backup_client role handling of encryption keys.
- Fixed backup server URI (had too many forward slashes).
- Added Molecule instance configuration file for backup server, one backup
client for testing mandatory parameters, and one backup client for testing
optional parameters.
- Implemented playbook for setting-up the test instances.
- Added test data (SSH, GnuPG keys).
- Added dummy (stock) Molecule test file.

MAR-22: Implemented tests for the common role:

- Added missing documentation for pipreqcheck_uid and pipreqcheck_gid
parameters.
- Use static-hashed passwords for reproducibility during testing in test
playbook.
- Install Emacs and libmariadb-client-lgpl-dev-compat via test playbook on one
of the testing instances in order to test related tasks.
- Fixed parameter for connection limitting in test playbook.
- Added explicit parameters to test playbook for pipreqcheck_gid and
pipreqcheck_uid.
- Fixed deployment of ferm configuration file ot include setting user/group and
mode.
- Added tests covering common deployment, deployment when only mandatory
parameters are provided, and deployment when optional parameters are set as
well.

MAR-22: Linting fixes for test implementation for role 'common':

- Fixed small error in documentation for additional_groups parameter in the
'common' role.
- Do not perform Ansible lint checks on handlers that run commands.
- Fixed permission mode specification to include leading zero (i.e. mode=0640
instead of mode=640) when deploying directories, files, and templates.
- Do not perform Ansible lint checks for task managing update of CA certificate
cache (it must be done at that point).
- Use become_user in conjunction with become.
- Do not perform Ansible lint checks on command tasks that use the 'creates'
parameter.
- Do not use 'latest' version when installing pip in virtual environment used
for performing pip package upgrade checks.