majic-ansible-roles Changeset

Changeset - 4c0b2aa9cb69

Parent rev.

Child rev.

[Not reviewed]

4 5 0

Branko Majic (branko) - 4 years ago 2020-05-05 23:09:52
branko@majic.rs

MAR-152: Drop support for Debian 8 Jessie from the mail_server role.

9 files changed with 9 insertions and 414 deletions:

docs/rolereference.rst

roles/mail_server/molecule/default/group_vars/parameters-optional.yml

roles/mail_server/molecule/default/molecule.yml

roles/mail_server/molecule/default/prepare.yml

roles/mail_server/molecule/default/tests/data/x509/parameters-mandatory-jessie64_imap.key

134

roles/mail_server/molecule/default/tests/data/x509/parameters-mandatory-jessie64_imap.pem

roles/mail_server/molecule/default/tests/data/x509/parameters-mandatory-jessie64_smtp.key

134

roles/mail_server/molecule/default/tests/data/x509/parameters-mandatory-jessie64_smtp.pem

roles/mail_server/molecule/default/tests/test_optional.py

0 comments (0 inline, 0 general)

docs/rolereference.rst

➞

Show inline comments

@@ @@ -1196,7 +1196,6 @@ Distribution compatibility @@
 Role is compatible with the following distributions:
 - Debian 8 (Jessie)
 - Debian 9 (Stretch)

roles/mail_server/molecule/default/group_vars/parameters-optional.yml

➞

Show inline comments

@@ @@ -28,13 +28,13 @@ smtp_rbl: @@
 mail_postmaster: "webmaster@parameters-optional"
 smtp_allow_relay_from:
-  - "{% if ansible_distribution_release == 'jessie' %}10.31.127.20{% elif ansible_distribution_release == 'stretch' %}10.31.127.22{% endif %}"
   - "10.31.127.22"
 # common
 ca_certificates:
   testca: "{{ lookup('file', 'tests/data/x509/ca.cert.pem') }}"
-# backup_client (backup username should end in -j64/-s64 for Jessie/Stretch.
+# backup_client (backup username should end in -s64 for Stretch).
 enable_backup: true
 backup_client_username: "bak-parameters-optional-{{ ansible_distribution_release[0] }}64"
 backup_encryption_key: "{{ lookup('file', 'tests/data/gnupg/parameters-optional.asc') }}"

roles/mail_server/molecule/default/molecule.yml

➞

Show inline comments

@@ @@ -15,7 +15,7 @@ lint: @@
 platforms:
   - name: ldap-server
-    box: debian/contrib-jessie64
+    box: debian/contrib-stretch64
     memory: 256
     cpus: 1
     interfaces:
@@ @@ -24,34 +24,6 @@ platforms: @@
         network_name: private_network
         type: static
   - name: client1-jessie
     groups:
       - client
       - client-relay-allowed
       - jessie
     box: debian/contrib-jessie64
     memory: 256
     cpus: 1
     interfaces:
       - auto_config: true
         ip: 10.31.127.20
         network_name: private_network
         type: static
   - name: client2-jessie
     groups:
       - client
       - client-relay-forbidden
       - jessie
     box: debian/contrib-jessie64
     memory: 256
     cpus: 1
     interfaces:
       - auto_config: true
         ip: 10.31.127.21
         network_name: private_network
         type: static
   - name: client1-stretch
     groups:
       - client
@@ @@ -80,32 +52,6 @@ platforms: @@
         network_name: private_network
         type: static
   - name: parameters-mandatory-jessie64
     groups:
       - parameters-mandatory
       - jessie
     box: debian/contrib-jessie64
     memory: 1024
     cpus: 1
     interfaces:
       - auto_config: true
         ip: 10.31.127.30
         network_name: private_network
         type: static
   - name: parameters-optional-jessie64
     groups:
       - parameters-optional
       - jessie
     box: debian/contrib-jessie64
     memory: 1024
     cpus: 1
     interfaces:
       - auto_config: true
         ip: 10.31.127.31
         network_name: private_network
         type: static
   - name: parameters-mandatory-stretch64
     groups:
       - parameters-mandatory

roles/mail_server/molecule/default/prepare.yml

➞

Show inline comments

@@ @@ -18,26 +18,6 @@ @@
         update_cache: true
       changed_when: false
 - hosts: jessie
   become: true
   tasks:
     - name: Set-up the hosts file
       lineinfile:
         path: /etc/hosts
         regexp: "^{{ item.key }}"
         line: "{{ item.key }} {{ item.value }}"
         owner: root
         group: root
         mode: 0644
         state: present
       with_dict:
 .31.127.10: "ldap-server backup-server"
 .31.127.20: "client1"
 .31.127.21: "client2"
 .31.127.30: "parameters-mandatory parameters-mandatory-jessie64"
 .31.127.31: "parameters-optional parameters-optional-jessie64"
 - hosts: stretch
   become: true
   tasks:
@@ @@ -55,8 +35,8 @@ @@
 .31.127.10: "ldap-server backup-server"
 .31.127.22: "client1"
 .31.127.23: "client2"
 .31.127.32: "parameters-mandatory parameters-mandatory-jessie64"
 .31.127.33: "parameters-optional parameters-optional-jessie64"
 .31.127.32: "parameters-mandatory parameters-mandatory-stretch64"
 .31.127.33: "parameters-optional parameters-optional-stretch64"
 - hosts: client
   become: true

roles/mail_server/molecule/default/tests/data/x509/parameters-mandatory-jessie64_imap.key

➞

Show inline comments

deleted file

roles/mail_server/molecule/default/tests/data/x509/parameters-mandatory-jessie64_imap.pem

➞

Show inline comments

deleted file

roles/mail_server/molecule/default/tests/data/x509/parameters-mandatory-jessie64_smtp.key

➞

Show inline comments

deleted file

roles/mail_server/molecule/default/tests/data/x509/parameters-mandatory-jessie64_smtp.pem

➞

Show inline comments

deleted file

roles/mail_server/molecule/default/tests/test_optional.py

➞

Show inline comments

@@ @@ -87,13 +87,7 @@ def test_postfix_main_cf_file_content(host): @@
     Tests if the Postfix main configuration file content is correct.
     """
     # Ugly hack, but not sure how to make it work otherwise. IP
     # address of client1 (jessie/stretch variant).
     distribution_release = host.ansible("setup")["ansible_facts"]["ansible_distribution_release"]
     if distribution_release == "jessie":
         allow_relay_from_ip = "10.31.127.20"
     elif distribution_release == "stretch":
         allow_relay_from_ip = "10.31.127.22"
     allow_relay_from_ip = "10.31.127.22"
     hostname = host.run('hostname').stdout.strip()
@@ @@ -198,15 +192,11 @@ def test_imap_tls_configuration(host): @@
     starttls = host.run("echo 'a0001 LOGOUT' | openssl s_client -quiet -starttls imap -no_tls1_1 -no_tls1_2 -connect parameters-optional:143")
     assert starttls.rc != 0
     # First error message from OpenSSL in Debian 8 Jessie, second from
     # OpenSSL in Debian 9 Stretch.
     assert "write:errno=104" in starttls.stderr or 'SSL alert number 70' in starttls.stderr
     assert 'SSL alert number 70' in starttls.stderr
     tls = host.run("echo 'a0001 LOGOUT' | openssl s_client -quiet -no_tls1_1 -no_tls1_2 -connect parameters-optional:993")
     assert tls.rc != 0
     # First error message from OpenSSL in Debian 8 Jessie, second from
     # OpenSSL in Debian 9 Stretch.
     assert "write:errno=104" in tls.stderr or 'SSL alert number 70' in tls.stderr
     assert 'SSL alert number 70' in tls.stderr
     # Test at least one strong TLS cipher.
     starttls_cipher = host.run("echo 'a0001 LOGOUT' | openssl s_client -starttls imap -cipher ECDHE-RSA-AES128-SHA256 -connect parameters-optional:143")
@@ @@ -282,9 +272,7 @@ def test_postfix_tls_configuration(host): @@
     starttls = host.run("echo 'QUIT' | openssl s_client -quiet -starttls smtp -no_tls1_1 -no_tls1_2 -connect parameters-optional:587")
     assert starttls.rc != 0
     # First error message from OpenSSL in Debian 8 Jessie, second from
     # OpenSSL in Debian 9 Stretch.
     assert 'write:errno=104' in starttls.stderr or 'SSL alert number 70' in starttls.stderr
     assert 'SSL alert number 70' in starttls.stderr
     # Test ciphers for default port (less restrictive).
     starttls_cipher = host.run("echo 'QUIT' | openssl s_client -starttls smtp -cipher ECDHE-RSA-AES128-SHA256 -connect parameters-optional:25")

0 comments (0 inline, 0 general)