From 01e9035dac41b7c391caf6e4f4603d1e28a8634f 2023-08-10 00:30:49 From: Branko Majic Date: 2023-08-10 00:30:49 Subject: [PATCH] MAR-181: Drop support for Debian 9 Stretch from mail_server role: - Switch to using IPs from VirtualBox default allowed host-only network subnets. - Use Debian Buster for helper machines. - Drop Stretch-specific code and tests. --- diff --git a/docs/rolereference.rst b/docs/rolereference.rst index a44de955ae21dc13dcd83f18fa867db692c6732e..8ddb51f63361231fcc8598ba2f7c4ae36a0489b0 100644 --- a/docs/rolereference.rst +++ b/docs/rolereference.rst @@ -1243,7 +1243,6 @@ Distribution compatibility Role is compatible with the following distributions: -- Debian 9 (Stretch) - Debian 10 (Buster) diff --git a/roles/mail_server/meta/main.yml b/roles/mail_server/meta/main.yml index 77309db93eeee164ad59ce6696f99c764f91220d..458900512cdcbee3be3ad66f0764f566f2bd18ca 100644 --- a/roles/mail_server/meta/main.yml +++ b/roles/mail_server/meta/main.yml @@ -16,5 +16,4 @@ galaxy_info: platforms: - name: Debian versions: - - 9 - 10 diff --git a/roles/mail_server/molecule/default/group_vars/parameters-optional.yml b/roles/mail_server/molecule/default/group_vars/parameters-optional.yml index 75de4e2778e997ae39f05f8864b0393e88c46f10..8cfe8c0089771117a1ff6bb05e09e3baa086cf82 100644 --- a/roles/mail_server/molecule/default/group_vars/parameters-optional.yml +++ b/roles/mail_server/molecule/default/group_vars/parameters-optional.yml @@ -33,14 +33,13 @@ mail_message_size_limit: 20480001 # Variables dependant on distribution release. release_based_smtp_allow_relay_from: - stretch: "10.31.127.22" - buster: "10.31.127.20" + buster: "192.168.56.20" # common ca_certificates: testca: "{{ lookup('file', 'tests/data/x509/ca/level1.cert.pem') }}" -# backup_client (backup username should end in -s64 for Stretch). +# backup_client (backup username should end in -b64 for Buster). enable_backup: true backup_client_username: "bak-parameters-optional-{{ ansible_distribution_release[0] }}64" backup_encryption_key: "{{ lookup('file', 'tests/data/gnupg/parameters-optional.asc') }}" diff --git a/roles/mail_server/molecule/default/host_vars/ldap-server.yml b/roles/mail_server/molecule/default/host_vars/ldap-server.yml index 29861c658662ba08ba3205c7527bef272aef5455..a8be5b51027c69abb5c5665b027c5f7ebdc5fc7d 100644 --- a/roles/mail_server/molecule/default/host_vars/ldap-server.yml +++ b/roles/mail_server/molecule/default/host_vars/ldap-server.yml @@ -43,10 +43,6 @@ backup_host_ssh_private_keys: ecdsa: "{{ lookup('file', 'tests/data/ssh/server_ecdsa') }}" backup_clients: - - server: parameters-optional-s64 - ip: 10.31.127.33 - public_key: "{{ lookup('file', 'tests/data/ssh/parameters-optional.pub') }}" - - server: parameters-optional-b64 - ip: 10.31.127.31 + ip: 192.168.56.31 public_key: "{{ lookup('file', 'tests/data/ssh/parameters-optional.pub') }}" diff --git a/roles/mail_server/molecule/default/molecule.yml b/roles/mail_server/molecule/default/molecule.yml index b7182f8b63c6c770ca320ee91bf0106789d64f2a..d7126ff07176f472b30cb2174eef3522f95874f7 100644 --- a/roles/mail_server/molecule/default/molecule.yml +++ b/roles/mail_server/molecule/default/molecule.yml @@ -15,68 +15,12 @@ lint: platforms: - name: ldap-server - box: debian/contrib-stretch64 - memory: 256 - cpus: 1 - interfaces: - - auto_config: true - ip: 10.31.127.10 - network_name: private_network - type: static - - - name: client1-stretch - groups: - - client - - client-relay-allowed - - stretch - - smtp-server-requiring-tls - box: debian/contrib-stretch64 - memory: 256 - cpus: 1 - interfaces: - - auto_config: true - ip: 10.31.127.22 - network_name: private_network - type: static - - - name: client2-stretch - groups: - - client - - client-relay-forbidden - - stretch - - smtp-server-refusing-tls - box: debian/contrib-stretch64 + box: debian/contrib-buster64 memory: 256 cpus: 1 interfaces: - auto_config: true - ip: 10.31.127.23 - network_name: private_network - type: static - - - name: parameters-mandatory-stretch64 - groups: - - parameters-mandatory - - stretch - box: debian/contrib-stretch64 - memory: 1536 - cpus: 1 - interfaces: - - auto_config: true - ip: 10.31.127.32 - network_name: private_network - type: static - - - name: parameters-optional-stretch64 - groups: - - parameters-optional - - stretch - box: debian/contrib-stretch64 - memory: 1536 - cpus: 1 - interfaces: - - auto_config: true - ip: 10.31.127.33 + ip: 192.168.56.10 network_name: private_network type: static @@ -91,7 +35,7 @@ platforms: cpus: 1 interfaces: - auto_config: true - ip: 10.31.127.20 + ip: 192.168.56.20 network_name: private_network type: static @@ -106,7 +50,7 @@ platforms: cpus: 1 interfaces: - auto_config: true - ip: 10.31.127.21 + ip: 192.168.56.21 network_name: private_network type: static @@ -119,7 +63,7 @@ platforms: cpus: 1 interfaces: - auto_config: true - ip: 10.31.127.30 + ip: 192.168.56.30 network_name: private_network type: static @@ -132,7 +76,7 @@ platforms: cpus: 1 interfaces: - auto_config: true - ip: 10.31.127.31 + ip: 192.168.56.31 network_name: private_network type: static diff --git a/roles/mail_server/molecule/default/prepare.yml b/roles/mail_server/molecule/default/prepare.yml index fa5b9fb3c9d2cfdbc3ef1d85ac97e663136823f5..45d8cab07a5d33ee2f654a3014fddd15316c32b6 100644 --- a/roles/mail_server/molecule/default/prepare.yml +++ b/roles/mail_server/molecule/default/prepare.yml @@ -26,14 +26,6 @@ with_items: - name: ldap-server_ldap fqdn: ldap-server - - name: parameters-mandatory-stretch64_imap - fqdn: parameters-mandatory-stretch64 - - name: parameters-mandatory-stretch64_smtp - fqdn: parameters-mandatory-stretch64 - - name: parameters-optional-stretch64_imap - fqdn: parameters-optional-stretch64 - - name: parameters-optional-stretch64_smtp - fqdn: parameters-optional-stretch64 - name: parameters-mandatory-buster64_imap fqdn: parameters-mandatory-buster64 - name: parameters-mandatory-buster64_smtp @@ -74,26 +66,6 @@ - nmap state: present -- hosts: stretch - become: true - tasks: - - - name: Set-up the hosts file - lineinfile: - path: /etc/hosts - regexp: "^{{ item.key }}" - line: "{{ item.key }} {{ item.value }}" - owner: root - group: root - mode: 0644 - state: present - with_dict: - 10.31.127.10: "ldap-server backup-server" - 10.31.127.22: "client1 smtp-server-requiring-tls" - 10.31.127.23: "client2 smtp-server-refusing-tls" - 10.31.127.32: "parameters-mandatory parameters-mandatory-stretch64" - 10.31.127.33: "parameters-optional parameters-optional-stretch64" - - hosts: buster become: true tasks: @@ -108,11 +80,11 @@ mode: 0644 state: present with_dict: - 10.31.127.10: "ldap-server backup-server" - 10.31.127.20: "client1 smtp-server-requiring-tls" - 10.31.127.21: "client2 smtp-server-refusing-tls" - 10.31.127.30: "parameters-mandatory parameters-mandatory-buster64" - 10.31.127.31: "parameters-optional parameters-optional-buster64" + 192.168.56.10: "ldap-server backup-server" + 192.168.56.20: "client1 smtp-server-requiring-tls" + 192.168.56.21: "client2 smtp-server-refusing-tls" + 192.168.56.30: "parameters-mandatory parameters-mandatory-buster64" + 192.168.56.31: "parameters-optional parameters-optional-buster64" - hosts: client become: true diff --git a/roles/mail_server/molecule/default/tests/test_default.py b/roles/mail_server/molecule/default/tests/test_default.py index 5c98a7da89cac8631c2a5fc39f143041c39084b1..abd135c20b0aab821fb54f3a2ce824bd71a14f1d 100644 --- a/roles/mail_server/molecule/default/tests/test_default.py +++ b/roles/mail_server/molecule/default/tests/test_default.py @@ -244,9 +244,7 @@ def test_postfix_delivery_to_dovecot(host): with host.sudo(): mail_log = host.file('/var/log/mail.log') - # The (<\d+><.+?>)? pattern is for difference between Debian - # Stretch and Debian Buster log format. - pattern = r"dovecot: lda\(john.doe@domain1\)(<\d+><.+?>)?: msgid=<%s>: saved mail to INBOX" % message_id + pattern = r"dovecot: lda\(john.doe@domain1\)<\d+><.+?>: msgid=<%s>: saved mail to INBOX" % message_id assert re.search(pattern, mail_log.content_string) is not None @@ -621,61 +619,6 @@ def test_smtp_default_port_tls_version_and_ciphers(host): expected_tls_versions = ["TLSv1.0", "TLSv1.1", "TLSv1.2"] expected_tls_ciphers = { - "stretch": [ - "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", - "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256", - "TLS_DHE_RSA_WITH_AES_128_CCM", - "TLS_DHE_RSA_WITH_AES_128_CCM_8", - "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", - "TLS_DHE_RSA_WITH_AES_256_CBC_SHA", - "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256", - "TLS_DHE_RSA_WITH_AES_256_CCM", - "TLS_DHE_RSA_WITH_AES_256_CCM_8", - "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384", - "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA", - "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256", - "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA", - "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256", - "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256", - "TLS_DHE_RSA_WITH_SEED_CBC_SHA", - "TLS_DH_anon_WITH_AES_128_CBC_SHA", - "TLS_DH_anon_WITH_AES_128_CBC_SHA256", - "TLS_DH_anon_WITH_AES_128_GCM_SHA256", - "TLS_DH_anon_WITH_AES_256_CBC_SHA", - "TLS_DH_anon_WITH_AES_256_CBC_SHA256", - "TLS_DH_anon_WITH_AES_256_GCM_SHA384", - "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA", - "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256", - "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA", - "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256", - "TLS_DH_anon_WITH_SEED_CBC_SHA", - "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", - "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", - "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", - "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", - "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", - "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", - "TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256", - "TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384", - "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256", - "TLS_ECDH_anon_WITH_AES_128_CBC_SHA", - "TLS_ECDH_anon_WITH_AES_256_CBC_SHA", - "TLS_RSA_WITH_AES_128_CBC_SHA", - "TLS_RSA_WITH_AES_128_CBC_SHA256", - "TLS_RSA_WITH_AES_128_CCM", - "TLS_RSA_WITH_AES_128_CCM_8", - "TLS_RSA_WITH_AES_128_GCM_SHA256", - "TLS_RSA_WITH_AES_256_CBC_SHA", - "TLS_RSA_WITH_AES_256_CBC_SHA256", - "TLS_RSA_WITH_AES_256_CCM", - "TLS_RSA_WITH_AES_256_CCM_8", - "TLS_RSA_WITH_AES_256_GCM_SHA384", - "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA", - "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256", - "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA", - "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256", - "TLS_RSA_WITH_SEED_CBC_SHA", - ], "buster": [ 'TLS_DHE_RSA_WITH_AES_128_CBC_SHA', 'TLS_DHE_RSA_WITH_AES_128_CBC_SHA256', diff --git a/roles/mail_server/molecule/default/tests/test_optional.py b/roles/mail_server/molecule/default/tests/test_optional.py index a3b8d10902109e0631c39744287bdb999402e50c..a0cb6768fcedbf1bf4b9334610dd5a6da4b41838 100644 --- a/roles/mail_server/molecule/default/tests/test_optional.py +++ b/roles/mail_server/molecule/default/tests/test_optional.py @@ -62,9 +62,7 @@ def test_local_aliases(host): with host.sudo(): mail_log = host.file('/var/log/mail.log') - # The (<\d+><.+?>)? pattern is for difference between Debian - # Stretch and Debian Buster log format. - pattern = r"dovecot: lda\(john.doe@domain1\)(<\d+><.+?>)?: msgid=<%s>: saved mail to INBOX" % message_id + pattern = r"dovecot: lda\(john.doe@domain1\)<\d+><.+?>: msgid=<%s>: saved mail to INBOX" % message_id assert re.search(pattern, mail_log.content_string) is not None diff --git a/roles/mail_server/templates/99-local.conf.j2 b/roles/mail_server/templates/99-local.conf.j2 index c5239bce6f8aae8a7d7fd5e8f023120f8ef0314b..0f91c09f199b9c05dfb8ef7c30cfc6efe1553431 100644 --- a/roles/mail_server/templates/99-local.conf.j2 +++ b/roles/mail_server/templates/99-local.conf.j2 @@ -31,13 +31,7 @@ service auth { # TLS configuration. ssl_cert =