From 24c957d877deb2c97034fdd67881d876970f697b 2017-04-09 17:56:30
From: Branko Majic <branko@majic.rs>
Date: 2017-04-09 17:56:30
Subject: [PATCH] MAR-96: Fixed indentation for code listing in testsite documentation for generating the SSH keys. Added an extra "workstation" machine to test site meant to be used for testing Debian 9 Stretch compatibility. Moved testing of "extra_backup_patterns" into the new workstation machine.

---

diff --git a/docs/testsite.rst b/docs/testsite.rst
index f4d91f877a027d84e1aac1432d7531d238b28e8d..910589006b2e86aee3747331364b1dbeb1ffad9b 100644
--- a/docs/testsite.rst
+++ b/docs/testsite.rst
@@ -117,16 +117,17 @@ In order to deploy the test site, the following steps would normally be taken:
 
   .. code-block:: shell
 
-    mkdir ssh
-    ssh-keygen -f ssh/backup_server_dsa_key -N '' -t dsa
-    ssh-keygen -f ssh/backup_server_rsa_key -N '' -t rsa
-    ssh-keygen -f ssh/backup_server_ed25519_key -N '' -t ed25519
-    ssh-keygen -f ssh/backup_server_ecdsa_key -N '' -t ecdsa
-    ssh-keygen -f ssh/mail.example.com -N ''
-    ssh-keygen -f ssh/ldap.example.com -N ''
-    ssh-keygen -f ssh/xmpp.example.com -N ''
-    ssh-keygen -f ssh/web.example.com -N ''
-    ssh-keygen -f ssh/backup.example.com -N ''
+     mkdir ssh
+     ssh-keygen -f ssh/backup_server_dsa_key -N '' -t dsa
+     ssh-keygen -f ssh/backup_server_rsa_key -N '' -t rsa
+     ssh-keygen -f ssh/backup_server_ed25519_key -N '' -t ed25519
+     ssh-keygen -f ssh/backup_server_ecdsa_key -N '' -t ecdsa
+     ssh-keygen -f ssh/mail.example.com -N ''
+     ssh-keygen -f ssh/ldap.example.com -N ''
+     ssh-keygen -f ssh/xmpp.example.com -N ''
+     ssh-keygen -f ssh/web.example.com -N ''
+     ssh-keygen -f ssh/backup.example.com -N ''
+     ssh-keygen -f ssh/ws01.example.com -N ''
 
 7. Set-up a local GnuPG keyring that will contain the necessary encryption and
    signing keys for the backup clients::
@@ -163,6 +164,12 @@ In order to deploy the test site, the following steps would normally be taken:
      Name-Real:backup.example.com
      Expire-Date:0
      %commit
+
+     Key-Type:RSA
+     Key-Length:1024
+     Name-Real:ws01.example.com
+     Expire-Date:0
+     %commit
      EOF
 
 8. Generate the preseed files:
@@ -171,7 +178,10 @@ In order to deploy the test site, the following steps would normally be taken:
 
      ansible-playbook playbooks/preseed.yml
 
-9. Install all servers using the generated preseed files.
+9. Install all servers using the generated preseed files. All servers except
+   ``ws01.example.com`` are supposed to be running *Debian 8 Jessie*. The server
+   ``ws01.example.com`` is meant to run *Debian 9 Stretch* (althogh, Debian
+   Jessie should function as well).
 
 10. Add the SSH host fingerprints to your ``known_hosts`` file (don't forget to
     remove old entries if you are redoing the process). You can easily obtain all
@@ -180,7 +190,7 @@ In order to deploy the test site, the following steps would normally be taken:
 
     .. code-block:: shell
 
-      ssh-keyscan -t ed25519 mail.example.com ldap.example.com xmpp.example.com web.example.com backup.example.com $(resolveip -s mail.example.com) $(resolveip -s ldap.example.com) $(resolveip -s xmpp.example.com) $(resolveip -s web.example.com) $(resolveip -s backup.example.com)
+      ssh-keyscan -t ed25519 mail.example.com ldap.example.com xmpp.example.com web.example.com backup.example.com ws01.example.com $(resolveip -s mail.example.com) $(resolveip -s ldap.example.com) $(resolveip -s xmpp.example.com) $(resolveip -s web.example.com) $(resolveip -s backup.example.com) $(resolveip -s ws01.example.com)
 
 11. Invoke the ``bootstrap.yml`` playbook in order to set-up some basic
     environment for Ansible runs on all servers:
diff --git a/testsite/group_vars/backup.yml b/testsite/group_vars/backup.yml
index b122d7e5728ecb5ab1c0d281603e5a469f98171e..dc9d2eea12b8e6c3f1bfe482c3293d0354dbe1e6 100644
--- a/testsite/group_vars/backup.yml
+++ b/testsite/group_vars/backup.yml
@@ -23,6 +23,9 @@ backup_clients:
   - server: backup.{{ testsite_domain }}
     public_key: "{{ lookup('file', inventory_dir + '/ssh/backup.' + testsite_domain + '.pub') }}"
     ip: 127.0.0.1
+  - server: ws01.{{ testsite_domain }}
+    public_key: "{{ lookup('file', inventory_dir + '/ssh/ws01.' + testsite_domain + '.pub') }}"
+    ip: 10.32.64.22
 
 backup_host_ssh_private_keys:
   dsa: "{{ lookup('file', inventory_dir + '/ssh/backup_server_dsa_key') }}"
diff --git a/testsite/group_vars/mail.yml b/testsite/group_vars/mail.yml
index eb7a6cb760dd74295e3dfe66840c58bf3066c9db..d21511765ffb3bfa4d9c438e4e14cc685fdb37a4 100644
--- a/testsite/group_vars/mail.yml
+++ b/testsite/group_vars/mail.yml
@@ -28,6 +28,7 @@ smtp_allow_relay_from:
   - ldap.{{ testsite_domain }}
   - xmpp.{{ testsite_domain }}
   - web.{{ testsite_domain }}
+  - ws01.{{ testsite_domain }}
 
 imap_max_user_connections_per_ip: 50
 
@@ -36,6 +37,3 @@ mail_server_tls_protocols:
   - TLSv1.1
 
 mail_server_tls_ciphers: "DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA:!aNULL:!MD5:!EXPORT"
-
-extra_backup_patterns:
-  - "/root"
\ No newline at end of file
diff --git a/testsite/group_vars/workstation.yml b/testsite/group_vars/workstation.yml
new file mode 100644
index 0000000000000000000000000000000000000000..4bfdd8041c66c326f37dab4169982da27bb0a149
--- /dev/null
+++ b/testsite/group_vars/workstation.yml
@@ -0,0 +1,12 @@
+---
+
+local_mail_aliases:
+  root: "root john.doe@{{ testsite_domain }}"
+
+smtp_relay_host: mail.{{ testsite_domain }}
+
+smtp_relay_truststore: "{{ lookup('file', inventory_dir + '/tls/ca.pem') }}"
+
+extra_backup_patterns:
+  - "/root"
+  - "/home/admin"
\ No newline at end of file
diff --git a/testsite/hosts b/testsite/hosts
index 3e76a6334fe0e824ba4c5ec096ffd7c885a11502..99934676601227f0a10f31adbf60ec0f101ab166 100644
--- a/testsite/hosts
+++ b/testsite/hosts
@@ -16,9 +16,13 @@ web.example.com
 [backup]
 backup.example.com
 
+[workstation]
+ws01.example.com
+
 [testsite:children]
 ldap
 xmpp
 mail
 web
-backup
\ No newline at end of file
+backup
+workstation
\ No newline at end of file
diff --git a/testsite/playbooks/site.yml b/testsite/playbooks/site.yml
index 5f9a49da276af2b9a88c60f95bda8a084c29a17c..8ad3faa7c94f79bec88a00764fde7f22aefe9922 100644
--- a/testsite/playbooks/site.yml
+++ b/testsite/playbooks/site.yml
@@ -5,4 +5,5 @@
 - include: xmpp.yml
 - include: mail.yml
 - include: web.yml
-- include: backup.yml
\ No newline at end of file
+- include: backup.yml
+- include: ws.yml
\ No newline at end of file
diff --git a/testsite/playbooks/ws.yml b/testsite/playbooks/ws.yml
new file mode 100644
index 0000000000000000000000000000000000000000..9fb6c0899fbd2ecde9a40894f04872c37e482971
--- /dev/null
+++ b/testsite/playbooks/ws.yml
@@ -0,0 +1,8 @@
+---
+
+- hosts: workstation
+  remote_user: ansible
+  become: yes
+  roles:
+    - common
+    - mail_forwarder