majic-ansible-roles Changeset

Changeset - 5c5d8636f699

Parent rev.

Child rev.

[Not reviewed]

0 10 4

Branko Majic (branko) - 6 years ago 2018-08-03 14:43:26
branko@majic.rs

MAR-132: Added support for Debian 9 (Stretch) to mail_server role:

- Updated Molecule configuration to include set-up of additional
instances for testing.
- Updated configuration for test instances.
- Use separate clients in testing of Jessie/Stretch instances.
- Duplicate private keys/certificates for testing of mandatory
parameters on Debian 9.
- Refactored testing of mail deliveries (via swaks) to use
test-generated message ID - improves reliability and solves some
incompatibilities between swaks version in Jessie and Stretch.
- Updated tests for TLS testing to take into account newer OpenSSL
error/output messages. A bit of an ugly hack at the moment, but
beats duplicating tests for now.

14 files changed with 449 insertions and 21 deletions:

docs/rolereference.rst

roles/mail_server/molecule/default/group_vars/parameters-optional.yml

roles/mail_server/molecule/default/host_vars/ldap-server.yml

roles/mail_server/molecule/default/molecule.yml

roles/mail_server/molecule/default/prepare.yml

roles/mail_server/molecule/default/tests/data/x509/parameters-mandatory-stretch64_imap.key

134

roles/mail_server/molecule/default/tests/data/x509/parameters-mandatory-stretch64_imap.pem

roles/mail_server/molecule/default/tests/data/x509/parameters-mandatory-stretch64_smtp.key

134

roles/mail_server/molecule/default/tests/data/x509/parameters-mandatory-stretch64_smtp.pem

roles/mail_server/molecule/default/tests/test_client1.py

roles/mail_server/molecule/default/tests/test_client2.py

roles/mail_server/molecule/default/tests/test_default.py

roles/mail_server/molecule/default/tests/test_mandatory.py

roles/mail_server/molecule/default/tests/test_optional.py

0 comments (0 inline, 0 general)

docs/rolereference.rst

➞

Show inline comments

@@ @@ -1167,6 +1167,7 @@ Distribution compatibility @@
 Role is compatible with the following distributions:
 - Debian 8 (Jessie)
 - Debian 9 (Stretch)
 Examples

roles/mail_server/molecule/default/group_vars/parameters-optional.yml

➞

Show inline comments

@@ @@ -28,15 +28,15 @@ smtp_rbl: @@
 mail_postmaster: "webmaster@parameters-optional"
 smtp_allow_relay_from:
   - 10.31.127.20
+  - "{% if ansible_distribution_release == 'jessie' %}10.31.127.20{% elif ansible_distribution_release == 'stretch' %}10.31.127.22{% endif %}"
 # common
 ca_certificates:
   testca: "{{ lookup('file', 'tests/data/x509/ca.cert.pem') }}"
 # backup_client
+# backup_client (backup username should end in -j64/-s64 for Jessie/Stretch.
 enable_backup: true
-backup_client_username: bak-parameters-optional-j64
+backup_client_username: "bak-parameters-optional-{{ ansible_distribution_release[0] }}64"
 backup_encryption_key: "{{ lookup('file', 'tests/data/gnupg/parameters-optional.asc') }}"
 backup_server: ldap-server
 backup_server_host_ssh_public_keys:

roles/mail_server/molecule/default/host_vars/ldap-server.yml

➞

Show inline comments

@@ @@ -43,6 +43,11 @@ backup_host_ssh_private_keys: @@
   ed25519: "{{ lookup('file', 'tests/data/ssh/server_ed25519') }}"
   ecdsa: "{{ lookup('file', 'tests/data/ssh/server_ecdsa') }}"
 backup_clients:
   - server: parameters-optional-j64
     ip: 10.31.127.31
     public_key: "{{ lookup('file', 'tests/data/ssh/parameters-optional.pub') }}"
   - server: parameters-optional-s64
     ip: 10.31.127.33
     public_key: "{{ lookup('file', 'tests/data/ssh/parameters-optional.pub') }}"

roles/mail_server/molecule/default/molecule.yml

➞

Show inline comments

@@ @@ -24,9 +24,11 @@ platforms: @@
         network_name: private_network
         type: static
   - name: client1
+  - name: client1-jessie
     groups:
       - client
       - client-relay-allowed
       - jessie
     box: debian/contrib-jessie64
     memory: 256
     cpus: 1
@@ @@ -36,9 +38,11 @@ platforms: @@
         network_name: private_network
         type: static
   - name: client2
+  - name: client2-jessie
     groups:
       - client
       - client-relay-forbidden
       - jessie
     box: debian/contrib-jessie64
     memory: 256
     cpus: 1
@@ @@ -48,9 +52,38 @@ platforms: @@
         network_name: private_network
         type: static
   - name: client1-stretch
     groups:
       - client
       - client-relay-allowed
       - stretch
     box: debian/contrib-stretch64
     memory: 256
     cpus: 1
     interfaces:
       - auto_config: true
         ip: 10.31.127.22
         network_name: private_network
         type: static
   - name: client2-stretch
     groups:
       - client
       - client-relay-forbidden
       - stretch
     box: debian/contrib-stretch64
     memory: 256
     cpus: 1
     interfaces:
       - auto_config: true
         ip: 10.31.127.23
         network_name: private_network
         type: static
   - name: parameters-mandatory-jessie64
     groups:
       - parameters-mandatory
       - jessie
     box: debian/contrib-jessie64
     memory: 512
     cpus: 1
@@ @@ -63,6 +96,7 @@ platforms: @@
   - name: parameters-optional-jessie64
     groups:
       - parameters-optional
       - jessie
     box: debian/contrib-jessie64
     memory: 512
     cpus: 1
@@ @@ -72,6 +106,32 @@ platforms: @@
         network_name: private_network
         type: static
   - name: parameters-mandatory-stretch64
     groups:
       - parameters-mandatory
       - stretch
     box: debian/contrib-stretch64
     memory: 512
     cpus: 1
     interfaces:
       - auto_config: true
         ip: 10.31.127.32
         network_name: private_network
         type: static
   - name: parameters-optional-stretch64
     groups:
       - parameters-optional
       - stretch
     box: debian/contrib-stretch64
     memory: 512
     cpus: 1
     interfaces:
       - auto_config: true
         ip: 10.31.127.33
         network_name: private_network
         type: static
 provisioner:
   name: ansible
   config_options:

roles/mail_server/molecule/default/prepare.yml

➞

Show inline comments

@@ @@ -18,7 +18,7 @@ @@
         update_cache: true
       changed_when: false
-- hosts: all
+- hosts: jessie
   become: true
   tasks:
@@ @@ -38,6 +38,26 @@ @@
 .31.127.30: "parameters-mandatory parameters-mandatory-jessie64"
 .31.127.31: "parameters-optional parameters-optional-jessie64"
 - hosts: stretch
   become: true
   tasks:
     - name: Set-up the hosts file
       lineinfile:
         path: /etc/hosts
         regexp: "^{{ item.key }}"
         line: "{{ item.key }} {{ item.value }}"
         owner: root
         group: root
         mode: 0644
         state: present
       with_dict:
 .31.127.10: "ldap-server backup-server"
 .31.127.22: "client1"
 .31.127.23: "client2"
 .31.127.32: "parameters-mandatory parameters-mandatory-jessie64"
 .31.127.33: "parameters-optional parameters-optional-jessie64"
 - hosts: client
   become: true
   tasks:

roles/mail_server/molecule/default/tests/data/x509/parameters-mandatory-stretch64_imap.key

➞

Show inline comments

@@ new file 100644 @@
 Public Key Info:
 	Public Key Algorithm: RSA
 	Key Security Level: Medium (2048 bits)
 modulus:
 :c9:b2:e9:11:95:49:3d:14:3b:05:69:94:fd:a0:41
 :4e:9c:c9:d9:a1:09:50:4d:cc:06:32:ca:c9:f7:a3
 	f5:67:54:f9:1d:8e:a1:50:a2:5e:7c:a2:e4:71:db:d3
 :ab:cf:7f:21:5c:54:af:5e:b1:f6:47:4b:b8:e6:43
 :b1:32:84:a8:af:ea:2b:86:0b:a4:15:7c:8e:56:43
 	e8:12:5e:b8:a7:b5:12:42:dc:e0:c6:9c:ff:30:ec:bf
 	e7:79:ae:6f:57:d0:8b:9c:ac:fc:55:a6:9e:d6:f2:e3
 	ca:31:fd:eb:7e:36:ac:9a:f0:88:7a:0c:bf:2c:3a:4e
 	de:1d:27:ba:e8:8f:54:69:f0:34:3d:6b:3d:6e:fe:ba
 :bf:e0:1d:d4:7b:7b:6f:1f:b5:5d:27:24:15:7f:aa
 a:b6:ce:4a:4a:02:a5:df:c4:c8:4d:48:fc:be:48:07
 d:28:f3:ca:16:c8:0e:dc:ea:34:9a:a1:ed:db:e0:9a
 	f9:4b:4e:10:7d:82:a6:39:62:fb:44:ea:88:1f:cb:d7
 :2a:5f:57:f2:9b:67:07:6a:60:eb:7b:5d:08:4c:a2
 :ec:d2:b9:b9:73:7f:4b:1b:db:5f:9c:17:6c:7b:fb
 :8d:cf:d7:0c:b4:b5:03:45:ab:fb:de:73:37:94:96
 :
 public exponent:
 :00:01:
 private exponent:
 :c9:01:e9:59:0e:ce:93:df:d7:19:62:99:db:4f:02
 b:bb:a5:a0:49:87:d7:ec:0c:77:d2:68:7f:ff:bc:1b
 d:9f:14:df:75:e9:6b:f1:dc:8c:40:49:4a:ac:6f:eb
 :3b:84:7f:e7:97:8c:81:76:5b:15:50:fe:2c:c1:90
 :34:23:b8:bc:1e:da:36:d2:d5:69:13:f0:12:2f:e9
 	e9:da:c4:db:ad:9b:05:5f:2d:d4:00:ec:1b:cd:ff:2d
 	b8:5b:e4:73:b7:3c:45:f3:1a:3f:5e:3c:24:5b:3d:61
 :fe:4f:b9:b2:c9:7e:78:f4:66:3d:4c:4a:a1:3d:da
 :0d:ae:cb:cf:44:af:0b:54:64:80:9b:2e:c2:cf:88
 	eb:91:a4:b4:2e:83:cd:6d:2b:81:2f:da:f2:21:eb:e2
 d:7f:a5:ce:88:20:01:c5:e4:62:e0:05:ac:ce:dc:61
 :bf:a1:c5:32:9b:03:c7:b0:d4:0c:60:0e:f7:7e:47
 :18:0a:ed:e5:73:3a:89:a0:31:b1:80:3d:c5:1c:16
 :d9:22:9a:a9:e0:f9:ec:0a:0b:ba:24:8f:55:f0:9d
 :5c:c0:e5:60:83:a8:6d:7b:78:28:08:e7:69:57:32
 	ec:23:f6:96:34:5e:b2:96:37:26:ed:e9:bd:48:b5:b1
 prime1:
 :ec:85:af:6d:40:e2:12:29:f4:df:3a:74:43:95:8d
 :fe:29:0f:ed:f2:e0:e0:f1:76:2d:f2:6f:23:d5:cc
 	b7:04:48:d6:0a:51:7d:22:77:be:e2:8e:25:a3:0e:89
 :6c:bf:b3:a1:e8:5f:9a:03:55:94:d5:e9:88:c2:cb
 	bb:6e:ec:f3:cd:62:23:a1:92:5c:ff:a6:9d:a5:74:46
 	d7:18:04:11:49:50:09:f0:63:cb:e3:61:fa:7e:e9:57
 :4e:a3:da:4e:7c:bc:37:61:a2:ba:8d:5c:8c:e6:2b
 	dd:32:19:86:5f:c3:fc:67:dd:e4:f1:5b:57:32:d8:62
 d:
 prime2:
 :da:4f:16:1c:0e:be:4b:3b:90:68:fe:b5:76:59:77
 :9a:b2:c9:02:5e:1e:f2:d6:95:87:92:16:ad:85:2c
 c:89:63:ef:5f:ab:14:17:b1:1c:d6:fe:66:0d:1f:34
 f:04:87:35:e2:27:ae:b8:1d:a2:0a:aa:a7:f0:5f:4b
 	cb:98:fd:21:ea:1c:b5:8c:df:11:fa:8e:99:e6:7a:c9
 	f3:51:c6:a9:e5:15:fb:80:16:d3:10:92:0d:03:52:66
 	f6:83:02:d5:1b:1e:67:e2:23:69:db:0b:44:d6:92:2f
 	db:bc:ab:af:21:54:df:09:8d:ff:be:8a:ab:8d:29:14
 f:
 coefficient:
 :9b:e2:8e:52:9e:7e:59:69:e5:81:55:bb:56:27:6e
 	a0:dd:10:91:0c:9a:6a:a9:a8:08:73:b7:53:55:cc:61
 :03:4a:b7:de:38:75:f5:33:7f:51:5f:4d:59:bd:6d
 :5a:a5:a8:76:7f:c4:ad:25:ca:c1:78:dc:c3:6f:7e
 :1d:3d:fb:bd:6d:13:e5:a4:9a:65:77:ff:78:86:1d
 :92:61:5e:38:1f:dd:95:8b:22:51:eb:83:08:a7:bf
 	a8:d7:45:f5:c9:57:2d:67:d7:02:32:1d:12:0d:8c:7c
 f:f9:aa:15:9d:e3:68:9a:a9:61:e4:ca:b1:74:a5:d3
 :
 exp1:
 :0a:73:37:cc:19:07:c3:6e:bd:92:3e:2a:c5:0f:9b
 :26:aa:8c:6f:4e:8c:29:fa:df:84:0a:e0:97:2c:3e
 f:11:72:86:b3:eb:2e:37:53:8f:7b:44:2e:d5:3d:f3
 	b5:ec:6b:33:c6:8e:58:c0:05:e6:70:3f:b4:d1:ea:b0
 	e6:a1:49:41:bb:24:17:98:ec:2b:b6:a4:f0:12:ad:54
 	a4:08:d0:cd:ad:e8:a1:0e:31:02:b1:4f:8e:b9:e6:40
 	fc:08:59:71:60:2e:13:c6:9c:fa:ee:fa:d3:a2:5c:a8
 	c1:07:50:75:46:c7:64:23:d1:f3:1d:9f:31:b4:68:dd
 exp2:
 :68:26:9f:fe:28:79:f7:09:28:3b:dd:e8:ab:9a:87
 	dc:26:02:d8:fe:9c:b1:e2:cc:73:36:6a:10:a3:19:bc
 	e5:36:9f:3d:b2:de:54:29:d9:70:07:5d:f4:7a:6a:8f
 :1a:71:6b:c0:7e:34:f9:6b:21:be:b2:7b:d9:5b:ac
 b:ac:27:0b:d3:cc:81:db:e4:3f:ff:77:bb:aa:86:16
 f:4b:d0:89:81:39:74:49:c9:f7:af:ed:ad:26:b5:a3
 	a6:b2:82:f2:94:81:a5:46:8a:1b:b6:98:8d:fc:6d:7d
 :0e:b3:c1:5f:c9:62:e9:2a:64:53:6b:dd:a2:81:29
 Public Key PIN:
 	pin-sha256:2PjOFPCxYKICX+oXYybOdi+6YKWqBAMLezAmMVSPnxw=
 Public Key ID:
 	sha256:d8f8ce14f0b160a2025fea176326ce762fba60a5aa04030b7b302631548f9f1c
 	sha1:850f1172168d7a3d0922a40231a59333b7c67417
 -----BEGIN RSA PRIVATE KEY-----
 MIIEowIBAAKCAQEAybLpEZVJPRQ7BWmU/aBBgE6cydmhCVBNzAYyysn3o/VnVPkd
 jqFQol58ouRx29MHq89/IVxUr16x9kdLuOZDd7EyhKiv6iuGC6QVfI5WQ+gSXrin
 tRJC3ODGnP8w7L/nea5vV9CLnKz8Vaae1vLjyjH96342rJrwiHoMvyw6Tt4dJ7ro
 j1Rp8DQ9az1u/rolv+Ad1Ht7bx+1XSckFX+qirbOSkoCpd/EyE1I/L5IBw0o88oW
 yA7c6jSaoe3b4Jr5S04QfYKmOWL7ROqIH8vXBSpfV/KbZwdqYOt7XQhMomjs0rm5
 c39LG9tfnBdse/uEjc/XDLS1A0Wr+95zN5SWUwIDAQABAoIBADfJAelZDs6T39cZ
 YpnbTwJ7u6WgSYfX7Ax30mh//7wbTZ8U33Xpa/HcjEBJSqxv63k7hH/nl4yBdlsV
 UP4swZBDNCO4vB7aNtLVaRPwEi/p6drE262bBV8t1ADsG83/Lbhb5HO3PEXzGj9e
 PCRbPWFY/k+5ssl+ePRmPUxKoT3adw2uy89ErwtUZICbLsLPiOuRpLQug81tK4Ev
 vIh6+Kdf6XOiCABxeRi4AWsztxhcL+hxTKbA8ew1AxgDvd+R4YYCu3lczqJoDGx
 gD3FHBZ32SKaqeD57AoLuiSPVfCdJ1zA5WCDqG17eCgI52lXMuwj9pY0XrKWNybt
 b1ItbECgYEA7IWvbUDiEin03zp0Q5WNBv4pD+3y4ODxdi3ybyPVzLcESNYKUX0i
 d77ijiWjDolnbL+zoehfmgNVlNXpiMLLu27s881iI6GSXP+mnaV0RtcYBBFJUAnw
 Y8vjYfp+6VdlTqPaTny8N2Giuo1cjOYr3TIZhl/D/Gfd5PFbVzLYYo0CgYEA2k8W
 HA6+SzuQaP61dll3hpqyyQJeHvLWlYeSFq2FLHyJY+9fqxQXsRzW/mYNHzRfBIc1
 ieuuB2iCqqn8F9Ly5j9IeoctYzfEfqOmeZ6yfNRxqnlFfuAFtMQkg0DUmb2gwLV
 Gx5n4iNp2wtE1pIv27yrryFU3wmN/76Kq40pFF8CgYBlCnM3zBkHw269kj4qxQ+b
 JiaqjG9OjCn634QK4JcsPh8Rcoaz6y43U497RC7VPfO17Gszxo5YwAXmcD+00eqw
 qFJQbskF5jsK7ak8BKtVKQI0M2t6KEOMQKxT4655kD8CFlxYC4Txpz67vrTolyo
 wQdQdUbHZCPR8x2fMbRo3QKBgFhoJp/+KHn3CSg73eirmofcJgLY/pyx4sxzNmoQ
 oxm85TafPbLeVCnZcAdd9HpqjwAacWvAfjT5ayG+snvZW6x7rCcL08yB2+Q//3e7
 qoYWD0vQiYE5dEnJ96/trSa1o6aygvKUgaVGihu2mI38bX0jDrPBX8li6SpkU2vd
 ooEpAoGBAJvijlKefllp5YFVu1YnbqDdEJEMmmqpqAhzt1NVzGF5A0q33jh19TN/
 UV9NWb1tUVqlqHZ/xK0lysF43MNvflMdPfu9bRPlpJpld/94hh1xkmFeOB/dlYsi
 UeuDCKe/qNdF9clXLWfXAjIdEg2MfH/5qhWd42iaqWHkyrF0pdNQ
 -----END RSA PRIVATE KEY-----

roles/mail_server/molecule/default/tests/data/x509/parameters-mandatory-stretch64_imap.pem

➞

Show inline comments

@@ new file 100644 @@
 -----BEGIN CERTIFICATE-----
 MIIELTCCApWgAwIBAgIMWVJZ2QR+xX2Hq+DLMA0GCSqGSIb3DQEBCwUAMEgxIjAg
 BgNVBAMTGUV4YW1wbGUgSW5jLiBUZXN0IFNpdGUgQ0ExFTATBgNVBAoTDEV4YW1w
 bGUgSW5jLjELMAkGA1UEBhMCU0UwHhcNMTcwNjI3MTMxMjU3WhcNMjcwNjI1MTMx
 MjU3WjBGMSAwHgYDVQQDExdFeGFtcGUgSW5jLiBJTUFQIFNlcnZlcjEVMBMGA1UE
 ChMMRXhhbXBsZSBJbmMuMQswCQYDVQQGEwJTRTCCASIwDQYJKoZIhvcNAQEBBQAD
 ggEPADCCAQoCggEBAMmy6RGVST0UOwVplP2gQYBOnMnZoQlQTcwGMsrJ96P1Z1T5
 HY6hUKJefKLkcdvTB6vPfyFcVK9esfZHS7jmQ3exMoSor+orhgukFXyOVkPoEl64
 p7USQtzgxpz/MOy/53mub1fQi5ys/FWmntby48ox/et+Nqya8Ih6DL8sOk7eHSe6
 I9UafA0PWs9bv66Jb/gHdR7e28ftV0nJBV/qoq2zkpKAqXfxMhNSPy+SAcNKPPK
 FsgO3Oo0mqHt2+Ca+UtOEH2Cpjli+0TqiB/L1wUqX1fym2cHamDre10ITKJo7NK5
 uXN/SxvbX5wXbHv7hI3P1wy0tQNFq/veczeUllMCAwEAAaOBmDCBlTAMBgNVHRMB
 Af8EAjAAMB8GA1UdEQQYMBaCFHBhcmFtZXRlcnMtbWFuZGF0b3J5MBMGA1UdJQQM
 MAoGCCsGAQUFBwMBMA8GA1UdDwEB/wQFAwMHoAAwHQYDVR0OBBYEFIUPEXIWjXo9
 CSKkAjGlkzO3xnQXMB8GA1UdIwQYMBaAFDdr25McaX6STGvfc4X4hJZZgU9rMA0G
 CSqGSIb3DQEBCwUAA4IBgQBbtodQhsPdOeTc0iV/4rbo6C52Z/NjR/0HBogBzQZ5
 MWph9Pm5FQWr3bgka73p7IWdPl4IvOs+7OvrszTKVmyLJUWqWB9RIpNrYFDLqbM
 fP6Nn9AFsVgI0DVchih4lIUJ+BhZ42woWL4UlwtZTEsohrH2k22B0SbWxJQSIA+I
 MRD3vW5+LdaME7OJTXSeZl0tLvecUIQTNbOK2nWOT4ByVToJ+Gj0bOzfvn5qwhZh
 cgteNZy8+6Bh+V8m8VIC3Q7wzRt4OF9NT14S950iNJEgMpT3/k4IBLuO6OxPiKyi
 e4Uj3/Zog/Y0hGU7/PkhsZYrc/kAlInys57oDFxgbkw9U9a3RpV8/NH8M2NqxMp2
 qJoGqy5DN99XWUxdk4y7yGJ870932OWH9nxCARxH3dIdMPeIQjZTSgciRuXt8Sta
 iDCNTZpWRftTFeYcK/BXsF10JuqXARr13RC6DGVyfjCHY41kyezCgqSLcygZ1LS6
 GllzMGF/zwIyrnMWZf6VKvs=
 -----END CERTIFICATE-----

roles/mail_server/molecule/default/tests/data/x509/parameters-mandatory-stretch64_smtp.key

➞

Show inline comments

@@ new file 100644 @@
 Public Key Info:
 	Public Key Algorithm: RSA
 	Key Security Level: Medium (2048 bits)
 modulus:
 :f3:b2:cd:f1:1a:b4:bd:77:0c:98:9f:ec:f3:60:b3
 	c5:39:04:d9:e2:56:53:2c:b9:9b:52:e9:e8:5f:d9:e9
 	ec:99:a4:35:29:11:53:c8:1d:cb:93:1a:63:12:c9:02
 	b5:4d:d3:ad:bd:49:e7:d3:68:50:0e:51:2b:02:15:27
 :9c:e6:e2:f1:1e:d7:59:ce:4e:9a:51:f2:a2:88:06
 a:a4:bc:24:6d:7d:ea:02:c3:06:a7:8b:a6:5a:5b:ed
 a:73:98:a1:84:ea:4a:a5:e9:8a:87:8e:df:13:f3:47
 d:fa:35:47:af:a0:c7:6d:22:81:74:3b:0a:cf:55:3c
 :cb:9d:fe:b1:06:a4:75:8d:1c:21:1a:b2:d4:a0:0b
 	c9:91:13:82:c1:8a:32:b9:6c:1a:01:8d:92:c4:54:76
 f:1e:c5:49:fa:b1:a9:00:52:9e:cc:97:65:8a:f1:08
 c:f6:e8:09:ec:ab:82:ff:47:d0:0c:3a:5f:89:69:16
 f:59:aa:99:83:6a:79:b5:55:42:f1:92:97:ee:75:21
 :5a:f5:69:09:b9:dc:08:2e:2c:13:99:4a:7c:4d:b3
 	c6:46:8d:a7:8e:47:2b:76:91:dc:c3:5a:0b:15:a8:b5
 :e8:c3:82:a7:a3:5a:5a:02:2a:4c:d3:6a:b1:2b:ff
 f:
 public exponent:
 :00:01:
 private exponent:
 :35:d2:c6:d1:54:39:c9:4a:c7:5d:e3:f9:aa:c8:fa
 	b9:63:ba:b3:00:60:6c:dc:1a:b0:b4:bb:0c:dc:a2:87
 d:37:d5:88:a5:81:6d:41:6a:9e:7b:05:74:75:1a:4f
 d:5e:d7:18:4a:7e:6a:e0:01:57:bd:a8:c8:9d:9e:bc
 :1b:83:55:09:22:25:26:d7:a0:86:d1:5f:64:07:6a
 	f0:bb:8f:50:18:4d:6d:c0:1b:ac:29:73:69:19:e7:21
 e:3e:92:90:46:f4:08:4c:b3:49:e9:1d:71:57:13:37
 :b7:e0:6d:60:c8:fa:ae:ae:25:b7:9d:d1:3d:d1:f0
 :55:eb:be:e7:dc:46:d1:04:bf:13:d0:f8:70:b2:1d
 	f8:88:24:18:38:d0:ff:82:32:74:fe:27:f0:45:af:43
 :5d:ad:46:97:1e:48:c3:fd:1e:e5:d7:76:4e:a7:df
 e:09:23:f2:54:6f:64:c8:e6:8c:17:39:e3:25:f1:df
 	b6:36:63:2c:4f:62:7b:33:33:a1:38:85:c7:ea:14:74
 :34:2a:b0:51:32:00:8b:ce:d6:e4:77:23:51:80:2b
 :ac:0c:36:ca:8e:c9:a0:e3:88:fb:84:6a:6b:57:8c
 :a8:ab:51:16:4e:12:98:03:f3:86:64:f7:0c:e3:81
 prime1:
 :fa:f1:60:8e:3d:77:ed:3c:72:96:3c:67:97:43:aa
 	d6:08:c2:98:20:1a:74:0d:b7:fa:2a:79:45:0c:d5:d5
 a:3d:88:18:07:f4:47:91:04:dd:76:08:bd:a1:2d:78
 :67:56:6b:bf:be:d6:23:4b:39:e9:9f:8d:16:f4:33
 c:cf:d2:98:fa:7c:17:b9:e2:f1:2a:9d:6f:1f:cc:84
 :5a:9f:07:cd:4f:61:09:9f:07:dd:1a:24:15:97:46
 	df:f7:3e:5b:ef:0b:52:84:c7:ef:93:b1:9d:67:a2:1d
 :a5:5c:4b:22:4c:dc:59:82:ad:94:ad:e7:5e:26:d1
 :
 prime2:
 :f8:9c:0d:95:28:e5:80:2d:ac:c5:02:32:46:43:21
 :bf:55:bc:4c:1f:43:80:d5:6d:6e:35:d5:25:d4:1a
 	a1:d2:76:1e:ba:2c:1b:6d:0c:25:05:ff:78:55:34:06
 d:81:2f:26:75:13:5f:f7:fa:a4:45:e4:28:82:fa:f1
 	c6:03:49:66:06:1f:a0:57:1b:7b:96:4c:cf:be:81:ff
 	a3:dd:dc:7d:0a:55:8d:3a:42:55:47:f1:0e:5a:d5:dd
 :a3:58:01:e3:dd:e2:cf:55:b9:0a:5c:11:7f:5c:51
 :60:9e:a5:4f:68:7b:72:c2:b1:b3:03:bd:9a:bf:0c
 	e9:
 coefficient:
 :df:3c:f9:81:f3:d4:89:ba:df:6f:fa:e5:25:7d:83
 a:27:ef:2b:0d:fc:b4:e1:bc:7b:5b:05:d0:4b:75:21
 	cd:00:27:b9:50:b7:25:bc:01:4e:fc:a7:6a:98:ce:26
 	d8:92:7e:53:d7:90:5a:8f:62:78:cb:be:89:a9:76:23
 :0e:0d:e9:2a:8e:27:29:34:6f:a2:64:80:17:7f:4d
 :14:dc:b2:3e:95:63:9f:4b:cd:2e:14:cd:3c:27:35
 a:6d:99:6c:a0:dc:96:b3:f1:57:1e:5c:a8:73:db:28
 	d5:70:b9:dd:a3:d6:05:4b:0d:35:7c:32:ae:7e:fb:cb
 exp1:
 :cb:eb:2a:13:6c:4f:f0:30:96:cd:0e:f8:ff:2a:b5
 	c0:88:0d:d9:a0:fc:de:21:e7:c7:1a:8c:c1:57:d4:cb
 	f2:2e:5e:51:68:e5:50:e2:bf:99:57:39:73:1f:6e:db
 	bf:da:c9:97:75:91:96:61:c7:d7:9f:c9:4f:d5:bf:4b
 :b7:b0:e3:2f:69:77:be:4e:74:bb:b4:83:80:cb:a9
 :74:22:97:2c:77:bc:db:1c:a8:3f:3b:e6:e6:c4:af
 b:80:56:e4:4e:34:5d:32:19:66:ce:16:1f:5a:ff:99
 	d8:46:9f:e1:4e:56:37:19:65:df:b8:5a:39:11:81:69
 	b1:
 exp2:
 :c3:e0:90:83:19:79:d9:88:23:3c:06:02:fe:81:1d
 	f7:dc:0c:fd:13:2c:fe:ce:9f:5a:5d:1f:65:15:2d:0c
 	de:bb:27:fe:05:c9:82:c2:64:73:37:4a:95:d0:eb:f0
 	cd:c5:1f:15:39:e1:4e:17:e0:0f:56:51:f1:e9:61:36
 	e5:40:e9:af:cc:db:56:45:cb:8d:90:5a:6c:c4:39:40
 	e6:27:83:f5:b1:12:be:f7:4c:14:4d:5e:8c:64:dd:64
 a:3b:2c:b8:30:85:3e:93:05:83:89:ba:08:bf:44:49
 e:54:4a:2b:0d:69:d0:fa:16:94:53:eb:7a:94:56:3b
 :
 Public Key PIN:
 	pin-sha256:gfLZ7dVQSW86xMfus3BBtQV9vf0+orcm9y+BsrMxO9g=
 Public Key ID:
 	sha256:81f2d9edd550496f3ac4c7eeb37041b5057dbdfd3ea2b726f72f81b2b3313bd8
 	sha1:e2bead99a4613745068474053fa53e9d0bc5f97b
 -----BEGIN RSA PRIVATE KEY-----
 MIIEpAIBAAKCAQEA87LN8Rq0vXcMmJ/s82CzxTkE2eJWUyy5m1Lp6F/Z6eyZpDUp
 EVPIHcuTGmMSyQK1TdOtvUnn02hQDlErAhUnlpzm4vEe11nOTppR8qKIBmqkvCRt
 feoCwwani6ZaW+0ac5ihhOpKpemKh47fE/NHXfo1R6+gx20igXQ7Cs9VPJnLnf6x
 BqR1jRwhGrLUoAvJkROCwYoyuWwaAY2SxFR2Xx7FSfqxqQBSnsyXZYrxCEz26Ans
 q4L/R9AMOl+JaRY/WaqZg2p5tVVC8ZKX7nUhSFr1aQm53AguLBOZSnxNs8ZGjaeO
 Ryt2kdzDWgsVqLVh6MOCp6NaWgIqTNNqsSv/DwIDAQABAoIBABU10sbRVDnJSsdd
 /mqyPq5Y7qzAGBs3BqwtLsM3KKHfTfViKWBbUFqnnsFdHUaTz1e1xhKfmrgAVe9
 qMidnrx1G4NVCSIlJteghtFfZAdq8LuPUBhNbcAbrClzaRnnIQ4+kpBG9AhMs0np
 HXFXEzcSt+BtYMj6rq4lt53RPdHwRVXrvufcRtEEvxPQ+HCyHfiIJBg40P+CMnT+
 J/BFr0OWXa1Glx5Iw/0e5dd2TqffXgkj8lRvZMjmjBc54yXx37Y2YyxPYnszM6E4
 hcfqFHQBNCqwUTIAi87W5HcjUYArkawMNsqOyaDjiPuEamtXjFmoq1EWThKYA/OG
 ZPcM44ECgYEA+vFgjj137Txyljxnl0Oq1gjCmCAadA23+ip5RQzV1Qo9iBgH9EeR
 BN12CL2hLXhSZ1Zrv77WI0s56Z+NFvQzTM/SmPp8F7ni8Sqdbx/MhHdanwfNT2EJ
 nwfdGiQVl0bf9z5b7wtShMfvk7GdZ6IdQ6VcSyJM3FmCrZSt514m0TcCgYEA+JwN
 lSjlgC2sxQIyRkMhdb9VvEwfQ4DVbW411SXUGqHSdh66LBttDCUF/3hVNAaNgS8m
 dRNf9/qkReQogvrxxgNJZgYfoFcbe5ZMz76B/6Pd3H0KVY06QlVH8Q5a1d1po1gB
 iz1W5ClwRf1xRZmCepU9oe3LCsbMDvZq/DOkCgYEAy+sqE2xP8DCWzQ74/yq1
 wIgN2aD83iHnxxqMwVfUy/IuXlFo5VDiv5lXOXMfbtu/2smXdZGWYcfXn8lP1b9L
 kLew4y9pd75OdLu0g4DLqTl0Ipcsd7zbHKg/O+bmxK+LgFbkTjRdMhlmzhYfWv+Z
 Eaf4U5WNxll37haORGBabECgYEAw+CQgxl52YgjPAYC/oEd99wM/RMs/s6fWl0f
 ZRUtDN67J/4FyYLCZHM3SpXQ6/DNxR8VOeFOF+APVlHx6WE25UDpr8zbVkXLjZBa
 bMQ5QOYng/WxEr73TBRNXoxk3WRaOyy4MIU+kwWDiboIv0RJjlRKKw1p0PoWlFPr
 epRWOyECgYAZ3zz5gfPUibrfb/rlJX2DCifvKw38tOG8e1sF0Et1Ic0AJ7lQtyW8
 AU78p2qYzibYkn5T15Baj2J4y76JqXYjdg4N6SqOJyk0b6JkgBd/TXMU3LI+lWOf
 S80uFM08JzWKbZlsoNyWs/FXHlyoc9so1XC53aPWBUsNNXwyrn77yw==
 -----END RSA PRIVATE KEY-----

roles/mail_server/molecule/default/tests/data/x509/parameters-mandatory-stretch64_smtp.pem

➞

Show inline comments

@@ new file 100644 @@
 -----BEGIN CERTIFICATE-----
 MIIELTCCApWgAwIBAgIMWVJZ1zrNkvcjfectMA0GCSqGSIb3DQEBCwUAMEgxIjAg
 BgNVBAMTGUV4YW1wbGUgSW5jLiBUZXN0IFNpdGUgQ0ExFTATBgNVBAoTDEV4YW1w
 bGUgSW5jLjELMAkGA1UEBhMCU0UwHhcNMTcwNjI3MTMxMjU1WhcNMjcwNjI1MTMx
 MjU1WjBGMSAwHgYDVQQDExdFeGFtcGUgSW5jLiBTTVRQIFNlcnZlcjEVMBMGA1UE
 ChMMRXhhbXBsZSBJbmMuMQswCQYDVQQGEwJTRTCCASIwDQYJKoZIhvcNAQEBBQAD
 ggEPADCCAQoCggEBAPOyzfEatL13DJif7PNgs8U5BNniVlMsuZtS6ehf2ensmaQ1
 KRFTyB3LkxpjEskCtU3Trb1J59NoUA5RKwIVJ5ac5uLxHtdZzk6aUfKiiAZqpLwk
 bX3qAsMGp4umWlvtGnOYoYTqSqXpioeO3xPzR136NUevoMdtIoF0OwrPVTyZy53+
 sQakdY0cIRqy1KALyZETgsGKMrlsGgGNksRUdl8exUn6sakAUp7Ml2WK8QhM9ugJ
 KuC/0fQDDpfiWkWP1mqmYNqebVVQvGSl+51IUha9WkJudwILiwTmUp8TbPGRo2n
 jkcrdpHcw1oLFai1YejDgqejWloCKkzTarEr/w8CAwEAAaOBmDCBlTAMBgNVHRMB
 Af8EAjAAMB8GA1UdEQQYMBaCFHBhcmFtZXRlcnMtbWFuZGF0b3J5MBMGA1UdJQQM
 MAoGCCsGAQUFBwMBMA8GA1UdDwEB/wQFAwMHoAAwHQYDVR0OBBYEFOK+rZmkYTdF
 BoR0BT+lPp0Lxfl7MB8GA1UdIwQYMBaAFDdr25McaX6STGvfc4X4hJZZgU9rMA0G
 CSqGSIb3DQEBCwUAA4IBgQCV78R7LBQ8skMcNNTFUk5L9mkkExOVuhMrEQz99fj3
 TvUz1F1ZwIF1hRopELnA5lO3DfcgouisZ6wSi7NsP+LnSP3v36F/3fvVUE/afCJ5
 +IbRqfgxS4nnAQi0tqPkrs5afy8CTcArwCCrew4QAGaDdpQsE08hyVgxxOVtg2Eq
 E0aU7iwE2VwdUFgEDdlbG+R09FelFVrMR9R8mzfxCX8cwqgtnZMer8dBLmvdT9jN
 WoGGJvAE7EAbTwiSD6vNfZzUJXhL6YRR2XCRLR2uWMi8r0FfAt+Kkia7HlbxRksX
 wS+YYHTPckBESbx/Im9MChYmP87i8osJGsqZ6sLuYXYE+IcOC92zg8QZup+YZEWc
 nXfxqaoPmFz7YcOybBloy9PYgeQ4KUn9bgtuXZd1dcSA+7yY887uN3HkNRm2z/m/
 pd7sgKvuEZopKQpDHlfdn5mqG+eB1ZLV2ui9nbfDR6gCU/ZfQ4Bka0Nx+hiQsao
 rIEU5chalXQbXpErjilCtqQ=
 -----END CERTIFICATE-----

roles/mail_server/molecule/default/tests/test_client1.py

➞

Show inline comments

@@ @@ -4,7 +4,7 @@ import testinfra.utils.ansible_runner @@
 testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
-    os.environ['MOLECULE_INVENTORY_FILE']).get_hosts(['client1'])
+    os.environ['MOLECULE_INVENTORY_FILE']).get_hosts(['client-relay-allowed'])
 def test_open_relay(host):

roles/mail_server/molecule/default/tests/test_client2.py

➞

Show inline comments

@@ @@ -5,7 +5,7 @@ import testinfra.utils.ansible_runner @@
 testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
-    os.environ['MOLECULE_INVENTORY_FILE']).get_hosts(['client2'])
+    os.environ['MOLECULE_INVENTORY_FILE']).get_hosts(['client-relay-forbidden'])
 def test_open_relay(host):

roles/mail_server/molecule/default/tests/test_default.py

➞

Show inline comments

 import os
 import re
 import uuid
 import testinfra.utils.ansible_runner
@@ @@ -233,14 +234,15 @@ def test_postfix_delivery_to_dovecot(host): @@
     hostname = host.run('hostname').stdout
     message_id = str(uuid.uuid4())
     # Virtual account.
     send = host.run('swaks --suppress-data --to john.doe@domain1 --server %s' % hostname)
+    send = host.run('swaks --header %s --suppress-data --to john.doe@domain1 --server %s', "Message-Id: <%s>" % message_id, hostname)
     assert send.rc == 0
     message_id = re.search('Ok: queued as (.*)', send.stdout).group(1)
     with host.sudo():
         mail_log = host.file('/var/log/mail.log')
-        pattern = "dovecot: lda\(john.doe@domain1\): msgid=<[^.]*.%s@[^>]*>: saved mail to INBOX" % message_id
         pattern = "dovecot: lda\(john.doe@domain1\): msgid=<%s>: saved mail to INBOX" % message_id
         assert re.search(pattern, mail_log.content) is not None

roles/mail_server/molecule/default/tests/test_mandatory.py

➞

Show inline comments

@@ @@ -161,11 +161,15 @@ def test_imap_tls_configuration(host): @@
     # Test TLS protocol versions.
     starttls_old_tls_versions_disabled = host.run("echo 'a0001 LOGOUT' | openssl s_client -quiet -starttls imap -no_tls1_2 -connect parameters-mandatory:143")
     assert starttls_old_tls_versions_disabled.rc != 0
     assert "write:errno=104" in starttls_old_tls_versions_disabled.stderr
     # First error message from OpenSSL in Debian 8 Jessie, second from
     # OpenSSL in Debian 9 Stretch.
     assert "write:errno=104" in starttls_old_tls_versions_disabled.stderr or 'SSL alert number 70' in starttls_old_tls_versions_disabled.stderr
     tls_old_tls_versions_disabled = host.run("echo 'a0001 LOGOUT' | openssl s_client -quiet -no_tls1_2 -connect parameters-mandatory:993")
     assert tls_old_tls_versions_disabled.rc != 0
     assert "write:errno=104" in tls_old_tls_versions_disabled.stderr
     # First error message from OpenSSL in Debian 8 Jessie, second from
     # OpenSSL in Debian 9 Stretch.
     assert "write:errno=104" in tls_old_tls_versions_disabled.stderr or 'SSL alert number 70' in tls_old_tls_versions_disabled.stderr
     # Test at least one strong TLS cipher.
     starttls_cipher = host.run("echo 'a0001 LOGOUT' | openssl s_client -starttls imap -cipher ECDHE-RSA-AES128-SHA256 -connect parameters-mandatory:143")
@@ @@ -238,7 +242,9 @@ def test_postfix_tls_configuration(host): @@
     starttls = host.run("echo 'QUIT' | openssl s_client -quiet -starttls smtp -no_tls1_2 -connect parameters-mandatory:587")
     assert starttls.rc != 0
     assert 'write:errno=104' in starttls.stderr
     # First error message from OpenSSL in Debian 8 Jessie, second from
     # OpenSSL in Debian 9 Stretch.
     assert 'write:errno=104' in starttls.stderr or 'SSL alert number 70' in starttls.stderr
     # Test ciphers for default port (less restrictive).
     starttls_cipher = host.run("echo 'QUIT' | openssl s_client -starttls smtp -cipher ECDHE-RSA-AES128-SHA256 -connect parameters-mandatory:25")

roles/mail_server/molecule/default/tests/test_optional.py

➞

Show inline comments

 import os
 import re
 import uuid
 import testinfra.utils.ansible_runner
@@ @@ -85,6 +86,14 @@ def test_postfix_main_cf_file_content(host): @@
     Tests if the Postfix main configuration file content is correct.
     """
     # Ugly hack, but not sure how to make it work otherwise. IP
     # address of client1 (jessie/stretch variant).
     distribution_release = host.ansible("setup")["ansible_facts"]["ansible_distribution_release"]
     if distribution_release == "jessie":
         allow_relay_from_ip = "10.31.127.20"
     elif distribution_release == "stretch":
         allow_relay_from_ip = "10.31.127.22"
     hostname = host.run('hostname').stdout
     config = host.file('/etc/postfix/main.cf')
@@ @@ -92,7 +101,7 @@ def test_postfix_main_cf_file_content(host): @@
     assert "myhostname = %s" % hostname in config_lines
     assert "mydestination = %s, %s, localhost.localdomain, localhost" % (hostname, hostname) in config_lines
-    assert "mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 10.31.127.20" in config_lines
+    assert "mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 %s" % allow_relay_from_ip in config_lines
     assert "smtpd_tls_cert_file = /etc/ssl/certs/%s_smtp.pem" % hostname in config_lines
     assert "smtpd_tls_key_file = /etc/ssl/private/%s_smtp.key" % hostname in config_lines
     assert "  reject_rbl bl.spamcop.net" in config_lines
@@ @@ -105,13 +114,14 @@ def test_local_aliases(host): @@
     Tests if local aliases are configured correctly.
     """
     send = host.run('swaks --suppress-data --to root@localhost')
     message_id = str(uuid.uuid4())
     send = host.run('swaks --header %s --suppress-data --to root@localhost', "Message-Id: <%s>" % message_id)
     assert send.rc == 0
     message_id = re.search('Ok: queued as (.*)', send.stdout).group(1)
     with host.sudo():
         mail_log = host.file('/var/log/mail.log')
-        pattern = "dovecot: lda\(john.doe@domain1\): msgid=<[^.]*.%s@[^>]*>: saved mail to INBOX" % message_id
         pattern = "dovecot: lda\(john.doe@domain1\): msgid=<%s>: saved mail to INBOX" % message_id
         assert re.search(pattern, mail_log.content) is not None
@@ @@ -186,11 +196,15 @@ def test_imap_tls_configuration(host): @@
     starttls = host.run("echo 'a0001 LOGOUT' | openssl s_client -quiet -starttls imap -no_tls1_1 -no_tls1_2 -connect parameters-optional:143")
     assert starttls.rc != 0
     assert "write:errno=104" in starttls.stderr
     # First error message from OpenSSL in Debian 8 Jessie, second from
     # OpenSSL in Debian 9 Stretch.
     assert "write:errno=104" in starttls.stderr or 'SSL alert number 70' in starttls.stderr
     tls = host.run("echo 'a0001 LOGOUT' | openssl s_client -quiet -no_tls1_1 -no_tls1_2 -connect parameters-optional:993")
     assert tls.rc != 0
     assert "write:errno=104" in tls.stderr
     # First error message from OpenSSL in Debian 8 Jessie, second from
     # OpenSSL in Debian 9 Stretch.
     assert "write:errno=104" in tls.stderr or 'SSL alert number 70' in tls.stderr
     # Test at least one strong TLS cipher.
     starttls_cipher = host.run("echo 'a0001 LOGOUT' | openssl s_client -starttls imap -cipher ECDHE-RSA-AES128-SHA256 -connect parameters-optional:143")
@@ @@ -266,7 +280,9 @@ def test_postfix_tls_configuration(host): @@
     starttls = host.run("echo 'QUIT' | openssl s_client -quiet -starttls smtp -no_tls1_1 -no_tls1_2 -connect parameters-optional:587")
     assert starttls.rc != 0
     assert 'write:errno=104' in starttls.stderr
     # First error message from OpenSSL in Debian 8 Jessie, second from
     # OpenSSL in Debian 9 Stretch.
     assert 'write:errno=104' in starttls.stderr or 'SSL alert number 70' in starttls.stderr
     # Test ciphers for default port (less restrictive).
     starttls_cipher = host.run("echo 'QUIT' | openssl s_client -starttls smtp -cipher ECDHE-RSA-AES128-SHA256 -connect parameters-optional:25")

0 comments (0 inline, 0 general)