From 46d3f100d3d6da6d42627aa7d312371c298308eb 2024-02-10 20:59:30
From: Branko Majic <branko@majic.rs>
Date: 2024-02-10 20:59:30
Subject: [PATCH] MAR-191: Drop support for Debian 10 Buster from the mail_server role.

---

diff --git a/docs/rolereference.rst b/docs/rolereference.rst
index 1a2fb49f78c8cd7d8f1d2358faf69c41dd9cb69c..1f8bcf1167de4710a14945545ff895b30b2deb71 100644
--- a/docs/rolereference.rst
+++ b/docs/rolereference.rst
@@ -1261,7 +1261,6 @@ Distribution compatibility
 
 Role is compatible with the following distributions:
 
-- Debian 10 (Buster)
 - Debian 11 (Bullseye)
 
 
diff --git a/roles/mail_server/meta/main.yml b/roles/mail_server/meta/main.yml
index 1f53ad8c06111752a6541249f679b57fc565b15c..3a808145d86f3114c4cb22cc42d1e1e02831d7a5 100644
--- a/roles/mail_server/meta/main.yml
+++ b/roles/mail_server/meta/main.yml
@@ -16,5 +16,4 @@ galaxy_info:
   platforms:
     - name: Debian
       versions:
-        - 10
         - 11
diff --git a/roles/mail_server/molecule/default/group_vars/parameters-optional.yml b/roles/mail_server/molecule/default/group_vars/parameters-optional.yml
index 3f94dca6e0a718e9cdc47a94387e915e496d806a..debfa2481db1e838bdad7c44f5d712c8d64d042e 100644
--- a/roles/mail_server/molecule/default/group_vars/parameters-optional.yml
+++ b/roles/mail_server/molecule/default/group_vars/parameters-optional.yml
@@ -36,7 +36,6 @@ mail_server_smtp_additional_configuration: |
 
 # Variables dependant on distribution release.
 release_based_smtp_allow_relay_from:
-  buster: "192.168.56.21"
   bullseye: "192.168.56.41"
 
 # common
diff --git a/roles/mail_server/molecule/default/host_vars/ldap-server.yml b/roles/mail_server/molecule/default/host_vars/ldap-server.yml
index 61affd87f11d66acc4a88ce9574ccd7f99071709..3e24e9c959626e6b52cd2dcc816ddf4e6c467c6f 100644
--- a/roles/mail_server/molecule/default/host_vars/ldap-server.yml
+++ b/roles/mail_server/molecule/default/host_vars/ldap-server.yml
@@ -43,10 +43,6 @@ backup_host_ssh_private_keys:
   ecdsa: "{{ lookup('file', 'tests/data/ssh/server_ecdsa') }}"
 backup_clients:
 
-  - server: param-optional-buster
-    ip: 192.168.56.32
-    public_key: "{{ lookup('file', 'tests/data/ssh/parameters-optional.pub') }}"
-
   - server: param-optional-bullseye
     ip: 192.168.56.52
     public_key: "{{ lookup('file', 'tests/data/ssh/parameters-optional.pub') }}"
diff --git a/roles/mail_server/molecule/default/molecule.yml b/roles/mail_server/molecule/default/molecule.yml
index 00c7dfe1e4971fed2c31fd265d0c38dbd530e7e7..e0645d4a568b0cbd6838f67648a84a72461030c1 100644
--- a/roles/mail_server/molecule/default/molecule.yml
+++ b/roles/mail_server/molecule/default/molecule.yml
@@ -50,74 +50,6 @@ platforms:
         type: static
 
 
-  # Debian 10 Buster
-  # ================
-
-  - name: client1-buster
-    groups:
-      - client
-      - client-relay-allowed
-      - buster
-      - smtp-server-requiring-tls
-    box: debian/contrib-buster64
-    memory: 256
-    cpus: 1
-    provider_raw_config_args:
-      - "customize ['modifyvm', :id, '--paravirtprovider', 'minimal']"
-    interfaces:
-      - auto_config: true
-        ip: 192.168.56.21
-        network_name: private_network
-        type: static
-
-  - name: client2-buster
-    groups:
-      - client
-      - client-relay-forbidden
-      - buster
-      - smtp-server-refusing-tls
-    box: debian/contrib-buster64
-    memory: 256
-    cpus: 1
-    provider_raw_config_args:
-      - "customize ['modifyvm', :id, '--paravirtprovider', 'minimal']"
-    interfaces:
-      - auto_config: true
-        ip: 192.168.56.22
-        network_name: private_network
-        type: static
-
-  - name: parameters-mandatory-buster
-    groups:
-      - parameters-mandatory
-      - buster
-    box: debian/contrib-buster64
-    memory: 2048
-    cpus: 1
-    provider_raw_config_args:
-      - "customize ['modifyvm', :id, '--paravirtprovider', 'minimal']"
-    interfaces:
-      - auto_config: true
-        ip: 192.168.56.31
-        network_name: private_network
-        type: static
-
-  - name: parameters-optional-buster
-    groups:
-      - parameters-optional
-      - buster
-    box: debian/contrib-buster64
-    memory: 2048
-    cpus: 1
-    provider_raw_config_args:
-      - "customize ['modifyvm', :id, '--paravirtprovider', 'minimal']"
-    interfaces:
-      - auto_config: true
-        ip: 192.168.56.32
-        network_name: private_network
-        type: static
-
-
   # Debian 11 Bullseye
   # ================
 
diff --git a/roles/mail_server/molecule/default/prepare.yml b/roles/mail_server/molecule/default/prepare.yml
index ca521eaf18d2eeb2c96df3b6dac7ec89155d7c57..51f28bdf518207435a35dc6c5655b3a2b7f748fc 100644
--- a/roles/mail_server/molecule/default/prepare.yml
+++ b/roles/mail_server/molecule/default/prepare.yml
@@ -29,15 +29,6 @@
         - name: ldap-server_ldap
           fqdn: ldap-server
 
-        - name: parameters-mandatory-buster_imap
-          fqdn: parameters-mandatory-buster
-        - name: parameters-mandatory-buster_smtp
-          fqdn: parameters-mandatory-buster
-        - name: parameters-optional-buster_imap
-          fqdn: parameters-optional-buster
-        - name: parameters-optional-buster_smtp
-          fqdn: parameters-optional-buster
-
         - name: parameters-mandatory-bullseye_imap
           fqdn: parameters-mandatory-bullseye
         - name: parameters-mandatory-bullseye_smtp
@@ -182,28 +173,6 @@
         name: nginx
         state: restarted
 
-- hosts: buster
-  become: true
-  tasks:
-
-    - name: Set-up the hosts file
-      lineinfile:
-        path: /etc/hosts
-        regexp: "^{{ item.key }}"
-        line: "{{ item.key }} {{ item.value }}"
-        owner: root
-        group: root
-        mode: 0644
-        state: present
-      with_dict:
-        # Force mail servers to use local ClamAV database mirror.
-        192.168.56.11: "db.local.clamav.net database.clamav.net"
-        192.168.56.12: "ldap-server backup-server"
-        192.168.56.21: "client1 smtp-server-requiring-tls"
-        192.168.56.22: "client2 smtp-server-refusing-tls"
-        192.168.56.31: "parameters-mandatory parameters-mandatory-buster"
-        192.168.56.32: "parameters-optional parameters-optional-buster"
-
 - hosts: bullseye
   become: true
   tasks:
diff --git a/roles/mail_server/molecule/default/tests/test_default.py b/roles/mail_server/molecule/default/tests/test_default.py
index e9cba75f2a1afb978ef69fd8314d6f93cf678f30..97169b411ccc2774362fb837d685f32a83e3eaa0 100644
--- a/roles/mail_server/molecule/default/tests/test_default.py
+++ b/roles/mail_server/molecule/default/tests/test_default.py
@@ -619,67 +619,6 @@ def test_smtp_default_port_tls_version_and_ciphers(host):
     expected_tls_versions = ["TLSv1.0", "TLSv1.1", "TLSv1.2"]
 
     expected_tls_ciphers = {
-        "buster": [
-            'TLS_DHE_RSA_WITH_AES_128_CBC_SHA',
-            'TLS_DHE_RSA_WITH_AES_128_CBC_SHA256',
-            'TLS_DHE_RSA_WITH_AES_128_CCM',
-            'TLS_DHE_RSA_WITH_AES_128_CCM_8',
-            'TLS_DHE_RSA_WITH_AES_128_GCM_SHA256',
-            'TLS_DHE_RSA_WITH_AES_256_CBC_SHA',
-            'TLS_DHE_RSA_WITH_AES_256_CBC_SHA256',
-            'TLS_DHE_RSA_WITH_AES_256_CCM',
-            'TLS_DHE_RSA_WITH_AES_256_CCM_8',
-            'TLS_DHE_RSA_WITH_AES_256_GCM_SHA384',
-            'TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256',
-            'TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384',
-            'TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA',
-            'TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256',
-            'TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA',
-            'TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256',
-            'TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256',
-            'TLS_DHE_RSA_WITH_SEED_CBC_SHA',
-            'TLS_DH_anon_WITH_AES_128_CBC_SHA',
-            'TLS_DH_anon_WITH_AES_128_CBC_SHA256',
-            'TLS_DH_anon_WITH_AES_128_GCM_SHA256',
-            'TLS_DH_anon_WITH_AES_256_CBC_SHA',
-            'TLS_DH_anon_WITH_AES_256_CBC_SHA256',
-            'TLS_DH_anon_WITH_AES_256_GCM_SHA384',
-            'TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA',
-            'TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256',
-            'TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA',
-            'TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256',
-            'TLS_DH_anon_WITH_SEED_CBC_SHA',
-            'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA',
-            'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256',
-            'TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256',
-            'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA',
-            'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384',
-            'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384',
-            'TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256',
-            'TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384',
-            'TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256',
-            'TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384',
-            'TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256',
-            'TLS_ECDH_anon_WITH_AES_128_CBC_SHA',
-            'TLS_ECDH_anon_WITH_AES_256_CBC_SHA',
-            'TLS_RSA_WITH_AES_128_CBC_SHA',
-            'TLS_RSA_WITH_AES_128_CBC_SHA256',
-            'TLS_RSA_WITH_AES_128_CCM',
-            'TLS_RSA_WITH_AES_128_CCM_8',
-            'TLS_RSA_WITH_AES_128_GCM_SHA256',
-            'TLS_RSA_WITH_AES_256_CBC_SHA',
-            'TLS_RSA_WITH_AES_256_CBC_SHA256',
-            'TLS_RSA_WITH_AES_256_CCM',
-            'TLS_RSA_WITH_AES_256_CCM_8',
-            'TLS_RSA_WITH_AES_256_GCM_SHA384',
-            'TLS_RSA_WITH_ARIA_128_GCM_SHA256',
-            'TLS_RSA_WITH_ARIA_256_GCM_SHA384',
-            'TLS_RSA_WITH_CAMELLIA_128_CBC_SHA',
-            'TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256',
-            'TLS_RSA_WITH_CAMELLIA_256_CBC_SHA',
-            'TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256',
-            'TLS_RSA_WITH_SEED_CBC_SHA',
-        ],
         "bullseye": [
             'TLS_DHE_RSA_WITH_AES_128_CBC_SHA',
             'TLS_DHE_RSA_WITH_AES_128_CBC_SHA256',