---

local_mail_aliases: {}

smtp_relay_host: ""

smtp_relay_truststore: "{{ lookup('file', tls_certificate_dir + '/truststore.pem') }}"

smtp_relay_host_port: null

---

- name: Create

  hosts: localhost

  connection: local

  no_log: "{{ not lookup('env', 'MOLECULE_DEBUG') | bool }}"

  vars:

    molecule_file: "{{ lookup('env', 'MOLECULE_FILE') }}"

    molecule_instance_config: "{{ lookup('env', 'MOLECULE_INSTANCE_CONFIG') }}"

    molecule_yml: "{{ lookup('file', molecule_file) | molecule_from_yaml }}"

  tasks:

---

- name: Destroy

  hosts: localhost

  connection: local

  no_log: "{{ not lookup('env', 'MOLECULE_DEBUG') | bool }}"

  vars:

    molecule_file: "{{ lookup('env', 'MOLECULE_FILE') }}"

    molecule_instance_config: "{{ lookup('env',' MOLECULE_INSTANCE_CONFIG') }}"

    molecule_yml: "{{ lookup('file', molecule_file) | molecule_from_yaml }}"

  tasks:

  name: vagrant

  provider:

    name: virtualbox

lint:

  name: yamllint

platforms:

  - name: mail-server

    groups:

      - mail-servers

---

  roles:

---

- name: Prepare

  hosts: all

  tasks:

    - name: Install python for Ansible

      raw: test -e /usr/bin/python || (apt -y update && apt install -y python-minimal)

- hosts: all

  tasks:

    - name: Update all caches to avoid errors due to missing remote archives

      apt:

- hosts: all

  tasks:

    - name: Set-up the hosts file

      lineinfile:

        path: /etc/hosts

        regexp: "^{{ item.key }}"

        10.31.127.22: "parameters-no-incoming-jessie64"

        10.31.127.30: "parameters-mandatory-stretch64"

        10.31.127.31: "parameters-optional-stretch64"

        10.31.127.32: "parameters-no-incoming-stretch64"

- hosts: clients

  tasks:

    - name: Install SWAKS for testing SMTP capability

      apt:

        name: swaks

    - name: Install tool for testing TCP connectivity

      apt:

        name: hping3

    - name: Deploy CA certificate

      copy:

        src: tests/data/x509/ca.cert.pem

        dest: /usr/local/share/ca-certificates/testca.crt

        owner: root

  handlers:

    - name: Update CA certificate cache

      command: /usr/sbin/update-ca-certificates --fresh

- hosts: mail-servers

  tasks:

    - name: Deploy CA certificate

      copy:

        src: tests/data/x509/ca.cert.pem

        dest: /usr/local/share/ca-certificates/testca.crt

        mode: 0600

      with_items:

        - mail-server_smtp.cert.pem

        - mail-server_smtp.key.pem

    - name: Install Postfix

    - name: Purge Exim configuration

    - name: Deploy Postfix configuration

      copy:

        src: tests/data/main.cf

        dest: /etc/postfix/main.cf

        owner: root

      notify:

        - Restart Postfix

    - name: Install tool for testing TCP connectivity

      apt:

        name: hping3

    - name: Install SWAKS for testing SMTP capability

      apt:

        name: swaks

    - name: Set-up port forwarding

      command: "iptables -t nat -A PREROUTING -p tcp -m tcp --dport 27 -j REDIRECT --to-ports 25"

  handlers:

    - name: Update CA certificate cache

      command: /usr/sbin/update-ca-certificates --fresh

    - name: Restart Postfix

      service:

        name: postfix

        state: restarted

- hosts: parameters-optional

  tasks:

    - name: Create additional group for testing local aliases

      group:

        name: testuser

import testinfra.utils.ansible_runner

testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(

def test_connectivity_from_client(host):

    """

    Tests connectivity towards mail forwarder servers from client

    (non-relay). Connectivity should fail for both.

import testinfra.utils.ansible_runner

testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(

def test_connectivity_from_relay(host):

    """

    Tests connectivity towards mail forwarder servers from relay. Connection

    towards parameters-mandatory should fail.

import testinfra.utils.ansible_runner

testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(

def test_installed_packages(host):

    """

    Tests if the necessary packages have been installed.

    """

import re

import time

import testinfra.utils.ansible_runner

testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(

def test_smtp_relay_truststore_file(host):

    """

    Tests if SMTP relay truststore has correct content.

    """

import re

import time

import testinfra.utils.ansible_runner

testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(

def test_smtp_relay_truststore_file(host):

    """

    Tests if SMTP relay truststore has correct content.

    """

import re

import time

import testinfra.utils.ansible_runner

testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(

def test_postfix_main_cf_file_content(host):

    """

    Tests if the Postfix main configuration file content is correct.

    """

---

- name: Install Postfix

  apt:

    name: postfix

- name: Install procmail

  apt:

    name: procmail

- name: Purge Exim configuration

  apt:

    name: "exim4*"

    state: absent

- name: Deploy the SMTP relay TLS truststore

  copy:

    content: "{{ smtp_relay_truststore }}"

    dest: "/etc/ssl/certs/smtp_relay_truststore.pem"

    owner: root

  notify:

    - Restart ferm

- name: Install SWAKS

  apt:

    name: swaks

- name: Explicitly run all handlers

  include: ../handlers/main.yml

  when: "handlers | default(False) | bool() == True"

  tags:

    - handlers