From 46d3f100d3d6da6d42627aa7d312371c298308eb 2024-02-10 20:59:30 From: Branko Majic Date: 2024-02-10 20:59:30 Subject: [PATCH] MAR-191: Drop support for Debian 10 Buster from the mail_server role. --- diff --git a/docs/rolereference.rst b/docs/rolereference.rst index 1a2fb49f78c8cd7d8f1d2358faf69c41dd9cb69c..1f8bcf1167de4710a14945545ff895b30b2deb71 100644 --- a/docs/rolereference.rst +++ b/docs/rolereference.rst @@ -1261,7 +1261,6 @@ Distribution compatibility Role is compatible with the following distributions: -- Debian 10 (Buster) - Debian 11 (Bullseye) diff --git a/roles/mail_server/meta/main.yml b/roles/mail_server/meta/main.yml index 1f53ad8c06111752a6541249f679b57fc565b15c..3a808145d86f3114c4cb22cc42d1e1e02831d7a5 100644 --- a/roles/mail_server/meta/main.yml +++ b/roles/mail_server/meta/main.yml @@ -16,5 +16,4 @@ galaxy_info: platforms: - name: Debian versions: - - 10 - 11 diff --git a/roles/mail_server/molecule/default/group_vars/parameters-optional.yml b/roles/mail_server/molecule/default/group_vars/parameters-optional.yml index 3f94dca6e0a718e9cdc47a94387e915e496d806a..debfa2481db1e838bdad7c44f5d712c8d64d042e 100644 --- a/roles/mail_server/molecule/default/group_vars/parameters-optional.yml +++ b/roles/mail_server/molecule/default/group_vars/parameters-optional.yml @@ -36,7 +36,6 @@ mail_server_smtp_additional_configuration: | # Variables dependant on distribution release. release_based_smtp_allow_relay_from: - buster: "192.168.56.21" bullseye: "192.168.56.41" # common diff --git a/roles/mail_server/molecule/default/host_vars/ldap-server.yml b/roles/mail_server/molecule/default/host_vars/ldap-server.yml index 61affd87f11d66acc4a88ce9574ccd7f99071709..3e24e9c959626e6b52cd2dcc816ddf4e6c467c6f 100644 --- a/roles/mail_server/molecule/default/host_vars/ldap-server.yml +++ b/roles/mail_server/molecule/default/host_vars/ldap-server.yml @@ -43,10 +43,6 @@ backup_host_ssh_private_keys: ecdsa: "{{ lookup('file', 'tests/data/ssh/server_ecdsa') }}" backup_clients: - - server: param-optional-buster - ip: 192.168.56.32 - public_key: "{{ lookup('file', 'tests/data/ssh/parameters-optional.pub') }}" - - server: param-optional-bullseye ip: 192.168.56.52 public_key: "{{ lookup('file', 'tests/data/ssh/parameters-optional.pub') }}" diff --git a/roles/mail_server/molecule/default/molecule.yml b/roles/mail_server/molecule/default/molecule.yml index 00c7dfe1e4971fed2c31fd265d0c38dbd530e7e7..e0645d4a568b0cbd6838f67648a84a72461030c1 100644 --- a/roles/mail_server/molecule/default/molecule.yml +++ b/roles/mail_server/molecule/default/molecule.yml @@ -50,74 +50,6 @@ platforms: type: static - # Debian 10 Buster - # ================ - - - name: client1-buster - groups: - - client - - client-relay-allowed - - buster - - smtp-server-requiring-tls - box: debian/contrib-buster64 - memory: 256 - cpus: 1 - provider_raw_config_args: - - "customize ['modifyvm', :id, '--paravirtprovider', 'minimal']" - interfaces: - - auto_config: true - ip: 192.168.56.21 - network_name: private_network - type: static - - - name: client2-buster - groups: - - client - - client-relay-forbidden - - buster - - smtp-server-refusing-tls - box: debian/contrib-buster64 - memory: 256 - cpus: 1 - provider_raw_config_args: - - "customize ['modifyvm', :id, '--paravirtprovider', 'minimal']" - interfaces: - - auto_config: true - ip: 192.168.56.22 - network_name: private_network - type: static - - - name: parameters-mandatory-buster - groups: - - parameters-mandatory - - buster - box: debian/contrib-buster64 - memory: 2048 - cpus: 1 - provider_raw_config_args: - - "customize ['modifyvm', :id, '--paravirtprovider', 'minimal']" - interfaces: - - auto_config: true - ip: 192.168.56.31 - network_name: private_network - type: static - - - name: parameters-optional-buster - groups: - - parameters-optional - - buster - box: debian/contrib-buster64 - memory: 2048 - cpus: 1 - provider_raw_config_args: - - "customize ['modifyvm', :id, '--paravirtprovider', 'minimal']" - interfaces: - - auto_config: true - ip: 192.168.56.32 - network_name: private_network - type: static - - # Debian 11 Bullseye # ================ diff --git a/roles/mail_server/molecule/default/prepare.yml b/roles/mail_server/molecule/default/prepare.yml index ca521eaf18d2eeb2c96df3b6dac7ec89155d7c57..51f28bdf518207435a35dc6c5655b3a2b7f748fc 100644 --- a/roles/mail_server/molecule/default/prepare.yml +++ b/roles/mail_server/molecule/default/prepare.yml @@ -29,15 +29,6 @@ - name: ldap-server_ldap fqdn: ldap-server - - name: parameters-mandatory-buster_imap - fqdn: parameters-mandatory-buster - - name: parameters-mandatory-buster_smtp - fqdn: parameters-mandatory-buster - - name: parameters-optional-buster_imap - fqdn: parameters-optional-buster - - name: parameters-optional-buster_smtp - fqdn: parameters-optional-buster - - name: parameters-mandatory-bullseye_imap fqdn: parameters-mandatory-bullseye - name: parameters-mandatory-bullseye_smtp @@ -182,28 +173,6 @@ name: nginx state: restarted -- hosts: buster - become: true - tasks: - - - name: Set-up the hosts file - lineinfile: - path: /etc/hosts - regexp: "^{{ item.key }}" - line: "{{ item.key }} {{ item.value }}" - owner: root - group: root - mode: 0644 - state: present - with_dict: - # Force mail servers to use local ClamAV database mirror. - 192.168.56.11: "db.local.clamav.net database.clamav.net" - 192.168.56.12: "ldap-server backup-server" - 192.168.56.21: "client1 smtp-server-requiring-tls" - 192.168.56.22: "client2 smtp-server-refusing-tls" - 192.168.56.31: "parameters-mandatory parameters-mandatory-buster" - 192.168.56.32: "parameters-optional parameters-optional-buster" - - hosts: bullseye become: true tasks: diff --git a/roles/mail_server/molecule/default/tests/test_default.py b/roles/mail_server/molecule/default/tests/test_default.py index e9cba75f2a1afb978ef69fd8314d6f93cf678f30..97169b411ccc2774362fb837d685f32a83e3eaa0 100644 --- a/roles/mail_server/molecule/default/tests/test_default.py +++ b/roles/mail_server/molecule/default/tests/test_default.py @@ -619,67 +619,6 @@ def test_smtp_default_port_tls_version_and_ciphers(host): expected_tls_versions = ["TLSv1.0", "TLSv1.1", "TLSv1.2"] expected_tls_ciphers = { - "buster": [ - 'TLS_DHE_RSA_WITH_AES_128_CBC_SHA', - 'TLS_DHE_RSA_WITH_AES_128_CBC_SHA256', - 'TLS_DHE_RSA_WITH_AES_128_CCM', - 'TLS_DHE_RSA_WITH_AES_128_CCM_8', - 'TLS_DHE_RSA_WITH_AES_128_GCM_SHA256', - 'TLS_DHE_RSA_WITH_AES_256_CBC_SHA', - 'TLS_DHE_RSA_WITH_AES_256_CBC_SHA256', - 'TLS_DHE_RSA_WITH_AES_256_CCM', - 'TLS_DHE_RSA_WITH_AES_256_CCM_8', - 'TLS_DHE_RSA_WITH_AES_256_GCM_SHA384', - 'TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256', - 'TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384', - 'TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA', - 'TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256', - 'TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA', - 'TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256', - 'TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256', - 'TLS_DHE_RSA_WITH_SEED_CBC_SHA', - 'TLS_DH_anon_WITH_AES_128_CBC_SHA', - 'TLS_DH_anon_WITH_AES_128_CBC_SHA256', - 'TLS_DH_anon_WITH_AES_128_GCM_SHA256', - 'TLS_DH_anon_WITH_AES_256_CBC_SHA', - 'TLS_DH_anon_WITH_AES_256_CBC_SHA256', - 'TLS_DH_anon_WITH_AES_256_GCM_SHA384', - 'TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA', - 'TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256', - 'TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA', - 'TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256', - 'TLS_DH_anon_WITH_SEED_CBC_SHA', - 'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA', - 'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256', - 'TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256', - 'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA', - 'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384', - 'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384', - 'TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256', - 'TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384', - 'TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256', - 'TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384', - 'TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256', - 'TLS_ECDH_anon_WITH_AES_128_CBC_SHA', - 'TLS_ECDH_anon_WITH_AES_256_CBC_SHA', - 'TLS_RSA_WITH_AES_128_CBC_SHA', - 'TLS_RSA_WITH_AES_128_CBC_SHA256', - 'TLS_RSA_WITH_AES_128_CCM', - 'TLS_RSA_WITH_AES_128_CCM_8', - 'TLS_RSA_WITH_AES_128_GCM_SHA256', - 'TLS_RSA_WITH_AES_256_CBC_SHA', - 'TLS_RSA_WITH_AES_256_CBC_SHA256', - 'TLS_RSA_WITH_AES_256_CCM', - 'TLS_RSA_WITH_AES_256_CCM_8', - 'TLS_RSA_WITH_AES_256_GCM_SHA384', - 'TLS_RSA_WITH_ARIA_128_GCM_SHA256', - 'TLS_RSA_WITH_ARIA_256_GCM_SHA384', - 'TLS_RSA_WITH_CAMELLIA_128_CBC_SHA', - 'TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256', - 'TLS_RSA_WITH_CAMELLIA_256_CBC_SHA', - 'TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256', - 'TLS_RSA_WITH_SEED_CBC_SHA', - ], "bullseye": [ 'TLS_DHE_RSA_WITH_AES_128_CBC_SHA', 'TLS_DHE_RSA_WITH_AES_128_CBC_SHA256',