diff --git a/roles/mail_server/playbook.yml b/roles/mail_server/playbook.yml index 3377b0772c409109266dc3b2453ee84622963658..c04c8cb3eaa45563dec83ffe55ea9644dd3400fb 100644 --- a/roles/mail_server/playbook.yml +++ b/roles/mail_server/playbook.yml @@ -13,13 +13,13 @@ - name: Set-up /etc/hosts entries lineinfile: dest: /etc/hosts - line: "{{ item.value }} {{ item.key }}" + line: "{{ item.key }} {{ item.value }}" with_dict: - ldap-server: 10.31.127.10 - client1: 10.31.127.20 - client2: 10.31.127.21 - parameters-mandatory: 10.31.127.30 - parameters-optional: 10.31.127.31 + 10.31.127.10: "ldap-server backup-server" + 10.31.127.20: "client1" + 10.31.127.21: "client2" + 10.31.127.30: "parameters-mandatory" + 10.31.127.31: "parameters-optional" - hosts: client1,client2 tasks: @@ -181,6 +181,17 @@ option: URI value: ldapi:/// + - role: backup_server + backup_host_ssh_private_keys: + dsa: "{{ lookup('file', 'tests/data/ssh/server_dsa') }}" + rsa: "{{ lookup('file', 'tests/data/ssh/server_rsa') }}" + ed25519: "{{ lookup('file', 'tests/data/ssh/server_ed25519') }}" + ecdsa: "{{ lookup('file', 'tests/data/ssh/server_ecdsa') }}" + backup_clients: + - server: parameters-optional + ip: 10.31.127.31 + public_key: "{{ lookup('file', 'tests/data/ssh/parameters-optional.pub') }}" + - hosts: parameters-mandatory roles: - role: mail_server @@ -231,3 +242,14 @@ # common ca_certificates: testca: "{{ lookup('file', 'tests/data/x509/ca.cert.pem') }}" + + # backup_client + enable_backup: yes + backup_encryption_key: "{{ lookup('file', 'tests/data/gnupg/parameters-optional.asc') }}" + backup_server: ldap-server + backup_server_host_ssh_public_keys: + - "{{ lookup('file', 'tests/data/ssh/server_dsa.pub') }}" + - "{{ lookup('file', 'tests/data/ssh/server_rsa.pub') }}" + - "{{ lookup('file', 'tests/data/ssh/server_ed25519.pub') }}" + - "{{ lookup('file', 'tests/data/ssh/server_ecdsa.pub') }}" + backup_ssh_key: "{{ lookup('file', 'tests/data/ssh/parameters-optional' ) }}" diff --git a/roles/mail_server/tests/data/gnupg/parameters-optional.asc b/roles/mail_server/tests/data/gnupg/parameters-optional.asc new file mode 100644 index 0000000000000000000000000000000000000000..36dc4cef758b4b7f10c8056350bdefc01b2987d9 --- /dev/null +++ b/roles/mail_server/tests/data/gnupg/parameters-optional.asc @@ -0,0 +1,19 @@ +-----BEGIN PGP PRIVATE KEY BLOCK----- + +lQHYBFk8WOUBBACx3ucDgYW7KWDO1q1Y00+YpezTqI6X4xZ/JmGGQsb0004RRWha +lCdhPOyVHLZ+JJtIBxd6nvZcEyS7oN4JVkM6un7vWmI7ZdS5hb2muKUPUVxq9bj+ +aKMpMMhT4nKQFFNQtzCYxMmGnt8ju4+ofbCpfoutjtaBMuHdAy8rfujUvQARAQAB +AAP8Cg0uIdkWbRK0CUxBZIUgeOBbh0R9tmCbW1kYZsVsR9aPEVPKR2Aa75hJSE3k +lDFOYx4fegr0ohRk3YOEOKPazaUq9Zd38z5MhJQ3DHDnWmyxzrOhPUlVxeJKYeoB +HFq2ZvGA2Cr2LN2aIhgVliCamoatfCZI+4KDxHHuyqkaQJMCAMv6tb5VqiLrLYu5 +cd4ZtbKWZBI7l124odKx+Vbv2W7BTx5Ox2QztQxBTuGtbYpn1yGsvTdgxUKlvLbh +SMD/2zsCAN87oIo2Vo7cfabi4MSTwq9hvEYZWgH14m8J7ov+JM7I8uo4jnG9IKGU ++FTF+oOHpXKKV97UadHNHboFnD4s4GcB/iU50BziDAiCQHN5VSiPUwBtRN1zsKWM +XKEIy9l9Q3iDBcDZK3RSYDR+MTJw7XKpCR3Sk1Gc8djYucSzVcVIdc2iiLQTcGFy +YW1ldGVycy1vcHRpb25hbIjOBBMBCAA4FiEEqnuyHTJ1tDAgpElXxLKun3pPQAoF +Alk8WOUCGy8FCwkIBwIGFQgJCgsCBBYCAwECHgECF4AACgkQxLKun3pPQAp2dgP/ +cRK3TVbodvQJ9F28UHypufnsiWmqz0mqTE4Vj+4MbBOz7B9wzDsgjhNLOtvP2h1q +0uTDYTGQoOf0rzMvvIHlpzeaTFBLGmeypT3xlMIfZkCoNkeCnMTdGe6g8OkBBAgy +1jVPCbrHMci5LJ3cD618LINi8HvnJX6EAagwiDJ93Cs= +=NWj6 +-----END PGP PRIVATE KEY BLOCK----- diff --git a/roles/mail_server/tests/data/ssh/parameters-optional b/roles/mail_server/tests/data/ssh/parameters-optional new file mode 100644 index 0000000000000000000000000000000000000000..2ccdeaae319790751cdaef141a29864581c282ca --- /dev/null +++ b/roles/mail_server/tests/data/ssh/parameters-optional @@ -0,0 +1,5 @@ +-----BEGIN EC PRIVATE KEY----- +MHcCAQEEICwzh3hupZa3aKFWFwdRosm8kXS6czUWw/sHIvgKWNEcoAoGCCqGSM49 +AwEHoUQDQgAEPh00CkvI6wEACjGfETwsP1RwyekgFsiQl7IvuJ4Nc20GgdvzRw6n +gFDn1F4NkfdJl1Fg2UNLMeXWG4murieuBA== +-----END EC PRIVATE KEY----- \ No newline at end of file diff --git a/roles/mail_server/tests/data/ssh/parameters-optional.pub b/roles/mail_server/tests/data/ssh/parameters-optional.pub new file mode 100644 index 0000000000000000000000000000000000000000..e48c36311949b97097c07bf7c8d00248a865f8ae --- /dev/null +++ b/roles/mail_server/tests/data/ssh/parameters-optional.pub @@ -0,0 +1 @@ +ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBD4dNApLyOsBAAoxnxE8LD9UcMnpIBbIkJeyL7ieDXNtBoHb80cOp4BQ59ReDZH3SZdRYNlDSzHl1huJrq4nrgQ= diff --git a/roles/mail_server/tests/data/ssh/server_dsa b/roles/mail_server/tests/data/ssh/server_dsa new file mode 100644 index 0000000000000000000000000000000000000000..d02624d4fff39fd17fcc134898aa8cd340699e88 --- /dev/null +++ b/roles/mail_server/tests/data/ssh/server_dsa @@ -0,0 +1,12 @@ +-----BEGIN DSA PRIVATE KEY----- +MIIBuwIBAAKBgQC3/oHx0JwDDkeDfyIwmZZ4noz3AJHQevxPGMIhtuminkaN8dkN +m7nRVqiTLW7X3M9PvoVQDti72GJNrlTHtlqFcFkmRkAOH3BlK7OQeAh06Tpf5R7r +txosTbIQs/vLnkA6rPzWKfwXVHFOMiMb1CCOvt4Qf25Ec/C6XM2CSialZQIVAPrK +4yQB2thxWIW1tNyIYTK0a0G/AoGARVHZiVRTz0HfDcpwQJJPnijFEBUdgnGIA9cP +wX09FD/OYS/5mF9RGosvlN8pTeoPPkTWpUF9CMpiGDIrF0kTxdYBJVaW7ghfVVeP +XNN6v/S30aIFdbUaWXhM/SSucWwb4hJyPpCj/KNYr5iIwFZZ+9pZynR/reJ45muQ +gaRvcyUCgYAYAG/Udg4i/2q8Iemqs5TuP48ge1CxQcyFw4vVl2zr85MPZ24rBf+Z +PGy1CsEBpJqHQ5agftMYR9CRcxlqAP44JpIPcSq1NsL59HnXDsdCe/IJjO4JmL1H +L+VIcWkXgj0MxGds8hck+HC5lX7jGAKjZBea8ksBZD/Ma2WvYKXpggIVANDGn68D +y8jb/9mLaOM8bd9VFfdC +-----END DSA PRIVATE KEY----- \ No newline at end of file diff --git a/roles/mail_server/tests/data/ssh/server_dsa.pub b/roles/mail_server/tests/data/ssh/server_dsa.pub new file mode 100644 index 0000000000000000000000000000000000000000..edccdf329b89854629222b2a5f6b7b5740cdb88f --- /dev/null +++ b/roles/mail_server/tests/data/ssh/server_dsa.pub @@ -0,0 +1 @@ +ssh-dss AAAAB3NzaC1kc3MAAACBALf+gfHQnAMOR4N/IjCZlniejPcAkdB6/E8YwiG26aKeRo3x2Q2budFWqJMtbtfcz0++hVAO2LvYYk2uVMe2WoVwWSZGQA4fcGUrs5B4CHTpOl/lHuu3GixNshCz+8ueQDqs/NYp/BdUcU4yIxvUII6+3hB/bkRz8LpczYJKJqVlAAAAFQD6yuMkAdrYcViFtbTciGEytGtBvwAAAIBFUdmJVFPPQd8NynBAkk+eKMUQFR2CcYgD1w/BfT0UP85hL/mYX1Eaiy+U3ylN6g8+RNalQX0IymIYMisXSRPF1gElVpbuCF9VV49c03q/9LfRogV1tRpZeEz9JK5xbBviEnI+kKP8o1ivmIjAVln72lnKdH+t4njma5CBpG9zJQAAAIAYAG/Udg4i/2q8Iemqs5TuP48ge1CxQcyFw4vVl2zr85MPZ24rBf+ZPGy1CsEBpJqHQ5agftMYR9CRcxlqAP44JpIPcSq1NsL59HnXDsdCe/IJjO4JmL1HL+VIcWkXgj0MxGds8hck+HC5lX7jGAKjZBea8ksBZD/Ma2WvYKXpgg== diff --git a/roles/mail_server/tests/data/ssh/server_ecdsa b/roles/mail_server/tests/data/ssh/server_ecdsa new file mode 100644 index 0000000000000000000000000000000000000000..22e62fcf5773fee0cb7b086581dbe53ca0e73345 --- /dev/null +++ b/roles/mail_server/tests/data/ssh/server_ecdsa @@ -0,0 +1,5 @@ +-----BEGIN EC PRIVATE KEY----- +MHcCAQEEICsNfHic+b1E8HsU2kXcQNXozt4SHCb9VQC06GvbTkZuoAoGCCqGSM49 +AwEHoUQDQgAEtplvzFzDk9vNDwmjzHKBxRojrOIYuz5mqwColI4ii72I3TNIo71r +i6Nt4yAht9lk8HlRZy/ULE16RNni2SsBow== +-----END EC PRIVATE KEY----- \ No newline at end of file diff --git a/roles/mail_server/tests/data/ssh/server_ecdsa.pub b/roles/mail_server/tests/data/ssh/server_ecdsa.pub new file mode 100644 index 0000000000000000000000000000000000000000..cb8b45c7164d6af3659281f9c7b06ed2a6ac0344 --- /dev/null +++ b/roles/mail_server/tests/data/ssh/server_ecdsa.pub @@ -0,0 +1 @@ +ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLaZb8xcw5PbzQ8Jo8xygcUaI6ziGLs+ZqsAqJSOIou9iN0zSKO9a4ujbeMgIbfZZPB5UWcv1CxNekTZ4tkrAaM= diff --git a/roles/mail_server/tests/data/ssh/server_ed25519 b/roles/mail_server/tests/data/ssh/server_ed25519 new file mode 100644 index 0000000000000000000000000000000000000000..757290a024ee2567a2452e0542b6ac9f9521c134 --- /dev/null +++ b/roles/mail_server/tests/data/ssh/server_ed25519 @@ -0,0 +1,7 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW +QyNTUxOQAAACDkMzY9epWd7nCCb8JxWM0f72U90rloiFTzToSuSRpaugAAAJDQ62Z20Otm +dgAAAAtzc2gtZWQyNTUxOQAAACDkMzY9epWd7nCCb8JxWM0f72U90rloiFTzToSuSRpaug +AAAEDvdmF74GsQAOmsWcFWmXsbzdcSoHNbLiTkSWaVp0CtV+QzNj16lZ3ucIJvwnFYzR/v +ZT3SuWiIVPNOhK5JGlq6AAAADGJyYW5rb0BtYXJrcwE= +-----END OPENSSH PRIVATE KEY----- \ No newline at end of file diff --git a/roles/mail_server/tests/data/ssh/server_ed25519.pub b/roles/mail_server/tests/data/ssh/server_ed25519.pub new file mode 100644 index 0000000000000000000000000000000000000000..28478f2c8fe9008595d1ca3b8652dcda2fd4762e --- /dev/null +++ b/roles/mail_server/tests/data/ssh/server_ed25519.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQzNj16lZ3ucIJvwnFYzR/vZT3SuWiIVPNOhK5JGlq6 diff --git a/roles/mail_server/tests/data/ssh/server_rsa b/roles/mail_server/tests/data/ssh/server_rsa new file mode 100644 index 0000000000000000000000000000000000000000..a8b3b7720aa6a7af27da156374ac3c483687c4eb --- /dev/null +++ b/roles/mail_server/tests/data/ssh/server_rsa @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAtkqm8GTWp4UzDPMC9YhrTTke52G13AkDW1OuXK1zeN1tbc+B +l6MpbhxBF7NMHu45mWcqMNfV/PVXucPDgy+NikQ7TV6DfMI6C8GdZe4hrKzdaFFy +T+4uovZR/9Bfn7nRQd05ud4nga9DBDHcQEAaZPjAouuBtIrr2XhNLChuSX0pMvNm +WdupuRHITkSbooijmwdexLFBpdPdUvHoi1yCIkEL4OHffd96AKjQi3tLsWzXyXGz +CQHa/pva2MclaD18HlJtW3m/+v72UMwH9By+fiHP5my7t8+IbbQodHSJQqo0Xv/J +ZahdtabCJTfA/IWZM2OlhKO/7/cBwBhUxRRZSQIDAQABAoIBAG/EObKuwQWZH4HT +BX9xkwiX+yC2wgAU7p/yILfmCSST7uIjFjvY6DAA1tAnOIbGXT53CGFGFIeyDYVy +R8+JOmkKCKoZRtkZZOmMXmr+pFrw6hdpyILFcIauK/yCz/5ouap+b0RMt0BGKvrJ +b1dddlFuSv4ZEz+U5aJCpl5qs6QONO5Niz69eYM+b+Pz9uRYL1W/hZoQrDUQR8oD +QBUUhnaSACawe8KBGjFp19K3NrEwtWKYQrdENdc7wb+ho3wBQY0CXgjgA3gTMGbk +VLBBqcDlTMbHlOaWT8iUeq+8nJ6ikJTC9LkUjDHZlhM90dHKs3ZOXyAsgm/u5ybM +yTSEgWECgYEA8C2oDFRHrAZrSCLyAdzDZ/tiOksQ/wYZVQirE3p8cAqcpd9Y3T6Z +kK64aCIV+bOunvK0gewmPsc9HN/XfVtr4PlBHDtfERWmSQFwCmnu+a4V/pkfTBWf +SwhUKTExEMdzlPZ+WnHXiiBaPHdOmq2tZr8gEzCyFyQiuplzYBIQHF0CgYEAwkzM +r6I2EWR3NTFTODr6OqFSUs7HenyVQawG4SSsKZ6xIsmUt0EJ6uJRmJx40cC88bRd +AbclJm68mzdP8Nj3fau50tGMogaf1pFykmnwcP35dVriGWuBM0XtDlXOw6A1asz6 +ul9JXuOjZdTtb9uAGn4j3D2sWgJrlSJP/fRVgd0CgYEAsX0b9diGiqLHvyxL6YJq +STplcaytp7irGcLpIeDferDs6EtwUTeEpn3nutSNptTZE49KQ8Tu0m/MQr1MctAP +nda0/hcF/wsfsk3ErX1xY8P5bwdbMI++AuXpw/MdTkgGqyupXk9IuEOGS67jQL1e +KlLNckEHKsDChWEG+RUAIOUCgYAnq9CbB66sbGveg3yvXXNb5zZMzAV0n91FtF8P +NxKjyM/3/1qK9A+XUrBATappgUXSv/XBdOhz6WY+9tMupM4bbaWaQsjJCDs4bygK +dvDt0R1O9ch2UjnmAx/8rk5yKNLfRIzo4q2zXx0snIYCMbn9LsYZoMoA8r+Oipv0 +iR+wTQKBgQCpVCOigFz1pxUxWdbjQicEwug8k7dOtXkWepNqmXXFQTXUQnhsJ4iP +DlDGllPBJasoReRLAnI4OTkbuU1qECnUilVvFnqnuuox3vJ4IWeTdAxcmUAK7+WD +7EYQgHFDybzjEhxXtXGaMSfndAEVwPMRitZMUXaBjnufFW/j/8mrYg== +-----END RSA PRIVATE KEY----- \ No newline at end of file diff --git a/roles/mail_server/tests/data/ssh/server_rsa.pub b/roles/mail_server/tests/data/ssh/server_rsa.pub new file mode 100644 index 0000000000000000000000000000000000000000..b2b4d8750eedff8cfa91ae676d573db4f16aa250 --- /dev/null +++ b/roles/mail_server/tests/data/ssh/server_rsa.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC2SqbwZNanhTMM8wL1iGtNOR7nYbXcCQNbU65crXN43W1tz4GXoyluHEEXs0we7jmZZyow19X89Ve5w8ODL42KRDtNXoN8wjoLwZ1l7iGsrN1oUXJP7i6i9lH/0F+fudFB3Tm53ieBr0MEMdxAQBpk+MCi64G0iuvZeE0sKG5JfSky82ZZ26m5EchORJuiiKObB17EsUGl091S8eiLXIIiQQvg4d9933oAqNCLe0uxbNfJcbMJAdr+m9rYxyVoPXweUm1beb/6/vZQzAf0HL5+Ic/mbLu3z4httCh0dIlCqjRe/8llqF21psIlN8D8hZkzY6WEo7/v9wHAGFTFFFlJ diff --git a/roles/mail_server/tests/test_backup.py b/roles/mail_server/tests/test_backup.py new file mode 100644 index 0000000000000000000000000000000000000000..9b27b649c348b7887d267f4fa2562593b9bb9037 --- /dev/null +++ b/roles/mail_server/tests/test_backup.py @@ -0,0 +1,43 @@ +import testinfra.utils.ansible_runner + +testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( + '.molecule/ansible_inventory').get_hosts('parameters-optional') + + +def test_backup(Command, File, Sudo): + """ + Tests if mail directory is correctly backed-up. + """ + + # Deliver two mails in order to make sure the directory structure is + # created. + send = Command('swaks --suppress-data --to john.doe@domain1 --server localhost') + assert send.rc == 0 + send = Command('swaks --suppress-data --to jane.doe@domain2 --server localhost') + assert send.rc == 0 + + with Sudo(): + + # Remove restore directory in order to make sure restore has worked + # correctly. + Command("rm -rf /root/restore") + + backup_run = Command('duply main backup') + assert backup_run.rc == 0 + + restore_run = Command('duply main restore /root/restore') + assert restore_run.rc == 0 + + for directory_path in ["/root/restore/var/virtmail/domain1", + "/root/restore/var/virtmail/domain1/john.doe", + "/root/restore/var/virtmail/domain1/john.doe/Maildir", + "/root/restore/var/virtmail/domain2", + "/root/restore/var/virtmail/domain2/jane.doe", + "/root/restore/var/virtmail/domain2/jane.doe/Maildir"]: + + directory = File(directory_path) + + assert directory.is_directory + assert directory.user == "virtmail" + assert directory.group == "virtmail" + assert directory.mode == 0o700