Changeset - 75810ce2ad3d
Parent rev.
Child rev.
[Not reviewed]
0 4 0
Branko Majic (branko) - 4 years ago 2020-05-06 14:29:56
branko@majic.rs
MAR-152: Drop a couple of references to Debian 8 Jessie from multiple roles:

- Mark workaround as TODO entry (so maybe it can get fixed at some
point.
- Drop SSH known hosts entries in tests for backup_server role.
- Fix some erroneous comments in tests for mail_server
role (references to Debian 8 Jessie).
- Drop reference to Debian 8 Jessie from the preseed file template.
4 files changed with 3 insertions and 20 deletions:
roles/backup_client/handlers/main.yml
2
3
roles/backup_server/molecule/default/tests/data/ssh/known_hosts
10
roles/mail_server/molecule/default/tests/test_mandatory.py
6
roles/preseed/templates/preseed.cfg.j2
1
1
0 comments (0 inline, 0 general)
roles/backup_client/handlers/main.yml
Show inline comments
 
---
 

			




	
	
	
		
 
# Can't use file module, since one of the files (GnuPG socket)

			




	
	
	
		
 
# seems to disappear in middle of operation). This is change between

			




	
	
	
		
 
# Jessie and Stretch.

			




	
	
	
		
 
# @TODO: Can't use file module, since one of the files (GnuPG socket)

			




	
	
	
		
 
#        seems to disappear in middle of operation).

			




	
	
	
		
 
- name: Remove current keyring

			




	
	
	
		
 
  command: "rm -rf /etc/duply/main/gnupg"

			




	
	
	
		
 
  args:

			




        

    


    
    

    

        

                

                    roles/backup_server/molecule/default/tests/data/ssh/known_hosts
                

                

                  
                      
                        

                      

                      
                        
                  

                  
                      
                  
                      
                  
                      
                  
                      
                  
                  
                

                

                    Show inline comments
                    
                

        

        

            



	
	
	
		
 
# Jessie.

			




	
	
	
		
 
[10.31.127.10]:2222 ssh-dss AAAAB3NzaC1kc3MAAACBALf+gfHQnAMOR4N/IjCZlniejPcAkdB6/E8YwiG26aKeRo3x2Q2budFWqJMtbtfcz0++hVAO2LvYYk2uVMe2WoVwWSZGQA4fcGUrs5B4CHTpOl/lHuu3GixNshCz+8ueQDqs/NYp/BdUcU4yIxvUII6+3hB/bkRz8LpczYJKJqVlAAAAFQD6yuMkAdrYcViFtbTciGEytGtBvwAAAIBFUdmJVFPPQd8NynBAkk+eKMUQFR2CcYgD1w/BfT0UP85hL/mYX1Eaiy+U3ylN6g8+RNalQX0IymIYMisXSRPF1gElVpbuCF9VV49c03q/9LfRogV1tRpZeEz9JK5xbBviEnI+kKP8o1ivmIjAVln72lnKdH+t4njma5CBpG9zJQAAAIAYAG/Udg4i/2q8Iemqs5TuP48ge1CxQcyFw4vVl2zr85MPZ24rBf+ZPGy1CsEBpJqHQ5agftMYR9CRcxlqAP44JpIPcSq1NsL59HnXDsdCe/IJjO4JmL1HL+VIcWkXgj0MxGds8hck+HC5lX7jGAKjZBea8ksBZD/Ma2WvYKXpgg==

			




	
	
	
		
 
[10.31.127.10]:2222 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC2SqbwZNanhTMM8wL1iGtNOR7nYbXcCQNbU65crXN43W1tz4GXoyluHEEXs0we7jmZZyow19X89Ve5w8ODL42KRDtNXoN8wjoLwZ1l7iGsrN1oUXJP7i6i9lH/0F+fudFB3Tm53ieBr0MEMdxAQBpk+MCi64G0iuvZeE0sKG5JfSky82ZZ26m5EchORJuiiKObB17EsUGl091S8eiLXIIiQQvg4d9933oAqNCLe0uxbNfJcbMJAdr+m9rYxyVoPXweUm1beb/6/vZQzAf0HL5+Ic/mbLu3z4httCh0dIlCqjRe/8llqF21psIlN8D8hZkzY6WEo7/v9wHAGFTFFFlJ

			




	
	
	
		
 
[10.31.127.10]:2222 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLaZb8xcw5PbzQ8Jo8xygcUaI6ziGLs+ZqsAqJSOIou9iN0zSKO9a4ujbeMgIbfZZPB5UWcv1CxNekTZ4tkrAaM=

			




	
	
	
		
 
[10.31.127.10]:2222 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQzNj16lZ3ucIJvwnFYzR/vZT3SuWiIVPNOhK5JGlq6

			




	
	
	
		
 
[10.31.127.11]:2222 ssh-dss AAAAB3NzaC1kc3MAAACBALf+gfHQnAMOR4N/IjCZlniejPcAkdB6/E8YwiG26aKeRo3x2Q2budFWqJMtbtfcz0++hVAO2LvYYk2uVMe2WoVwWSZGQA4fcGUrs5B4CHTpOl/lHuu3GixNshCz+8ueQDqs/NYp/BdUcU4yIxvUII6+3hB/bkRz8LpczYJKJqVlAAAAFQD6yuMkAdrYcViFtbTciGEytGtBvwAAAIBFUdmJVFPPQd8NynBAkk+eKMUQFR2CcYgD1w/BfT0UP85hL/mYX1Eaiy+U3ylN6g8+RNalQX0IymIYMisXSRPF1gElVpbuCF9VV49c03q/9LfRogV1tRpZeEz9JK5xbBviEnI+kKP8o1ivmIjAVln72lnKdH+t4njma5CBpG9zJQAAAIAYAG/Udg4i/2q8Iemqs5TuP48ge1CxQcyFw4vVl2zr85MPZ24rBf+ZPGy1CsEBpJqHQ5agftMYR9CRcxlqAP44JpIPcSq1NsL59HnXDsdCe/IJjO4JmL1HL+VIcWkXgj0MxGds8hck+HC5lX7jGAKjZBea8ksBZD/Ma2WvYKXpgg==

			




	
	
	
		
 
[10.31.127.11]:2222 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC2SqbwZNanhTMM8wL1iGtNOR7nYbXcCQNbU65crXN43W1tz4GXoyluHEEXs0we7jmZZyow19X89Ve5w8ODL42KRDtNXoN8wjoLwZ1l7iGsrN1oUXJP7i6i9lH/0F+fudFB3Tm53ieBr0MEMdxAQBpk+MCi64G0iuvZeE0sKG5JfSky82ZZ26m5EchORJuiiKObB17EsUGl091S8eiLXIIiQQvg4d9933oAqNCLe0uxbNfJcbMJAdr+m9rYxyVoPXweUm1beb/6/vZQzAf0HL5+Ic/mbLu3z4httCh0dIlCqjRe/8llqF21psIlN8D8hZkzY6WEo7/v9wHAGFTFFFlJ

			




	
	
	
		
 
[10.31.127.11]:2222 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLaZb8xcw5PbzQ8Jo8xygcUaI6ziGLs+ZqsAqJSOIou9iN0zSKO9a4ujbeMgIbfZZPB5UWcv1CxNekTZ4tkrAaM=

			




	
	
	
		
 
[10.31.127.11]:2222 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQzNj16lZ3ucIJvwnFYzR/vZT3SuWiIVPNOhK5JGlq6

			




	
	
	
		
 

			




	
	
	
		
 
# Stretch

			




	
	
	
		
 
[10.31.127.20]:2222 ssh-dss AAAAB3NzaC1kc3MAAACBALf+gfHQnAMOR4N/IjCZlniejPcAkdB6/E8YwiG26aKeRo3x2Q2budFWqJMtbtfcz0++hVAO2LvYYk2uVMe2WoVwWSZGQA4fcGUrs5B4CHTpOl/lHuu3GixNshCz+8ueQDqs/NYp/BdUcU4yIxvUII6+3hB/bkRz8LpczYJKJqVlAAAAFQD6yuMkAdrYcViFtbTciGEytGtBvwAAAIBFUdmJVFPPQd8NynBAkk+eKMUQFR2CcYgD1w/BfT0UP85hL/mYX1Eaiy+U3ylN6g8+RNalQX0IymIYMisXSRPF1gElVpbuCF9VV49c03q/9LfRogV1tRpZeEz9JK5xbBviEnI+kKP8o1ivmIjAVln72lnKdH+t4njma5CBpG9zJQAAAIAYAG/Udg4i/2q8Iemqs5TuP48ge1CxQcyFw4vVl2zr85MPZ24rBf+ZPGy1CsEBpJqHQ5agftMYR9CRcxlqAP44JpIPcSq1NsL59HnXDsdCe/IJjO4JmL1HL+VIcWkXgj0MxGds8hck+HC5lX7jGAKjZBea8ksBZD/Ma2WvYKXpgg==

			




	
	
	
		
 
[10.31.127.20]:2222 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC2SqbwZNanhTMM8wL1iGtNOR7nYbXcCQNbU65crXN43W1tz4GXoyluHEEXs0we7jmZZyow19X89Ve5w8ODL42KRDtNXoN8wjoLwZ1l7iGsrN1oUXJP7i6i9lH/0F+fudFB3Tm53ieBr0MEMdxAQBpk+MCi64G0iuvZeE0sKG5JfSky82ZZ26m5EchORJuiiKObB17EsUGl091S8eiLXIIiQQvg4d9933oAqNCLe0uxbNfJcbMJAdr+m9rYxyVoPXweUm1beb/6/vZQzAf0HL5+Ic/mbLu3z4httCh0dIlCqjRe/8llqF21psIlN8D8hZkzY6WEo7/v9wHAGFTFFFlJ

			




        

    


    
    

    

        

                

                    roles/mail_server/molecule/default/tests/test_mandatory.py
                

                

                  
                      
                        

                      

                      
                        
                  

                  
                      
                  
                      
                  
                      
                  
                      
                  
                  
                

                

                    Show inline comments
                    
                

        

        

            



	
	
		
 
@@ -161,14 +161,10 @@ def test_imap_tls_configuration(host):

			




	
	
	
		
 
    # Test TLS protocol versions.

			




	
	
	
		
 
    starttls_old_tls_versions_disabled = host.run("echo 'a0001 LOGOUT' | openssl s_client -quiet -starttls imap -no_tls1_2 -connect parameters-mandatory:143")

			




	
	
	
		
 
    assert starttls_old_tls_versions_disabled.rc != 0

			




	
	
	
		
 
    # First error message from OpenSSL in Debian 8 Jessie, second from

			




	
	
	
		
 
    # OpenSSL in Debian 9 Stretch.

			




	
	
	
		
 
    assert "write:errno=104" in starttls_old_tls_versions_disabled.stderr or 'SSL alert number 70' in starttls_old_tls_versions_disabled.stderr

			




	
	
	
		
 

			




	
	
	
		
 
    tls_old_tls_versions_disabled = host.run("echo 'a0001 LOGOUT' | openssl s_client -quiet -no_tls1_2 -connect parameters-mandatory:993")

			




	
	
	
		
 
    assert tls_old_tls_versions_disabled.rc != 0

			




	
	
	
		
 
    # First error message from OpenSSL in Debian 8 Jessie, second from

			




	
	
	
		
 
    # OpenSSL in Debian 9 Stretch.

			




	
	
	
		
 
    assert "write:errno=104" in tls_old_tls_versions_disabled.stderr or 'SSL alert number 70' in tls_old_tls_versions_disabled.stderr

			




	
	
	
		
 

			




	
	
	
		
 
    # Test at least one strong TLS cipher.

			




	
	
		
 
@@ -242,8 +238,6 @@ def test_postfix_tls_configuration(host):

			




	
	
	
		
 

			




	
	
	
		
 
    starttls = host.run("echo 'QUIT' | openssl s_client -quiet -starttls smtp -no_tls1_2 -connect parameters-mandatory:587")

			




	
	
	
		
 
    assert starttls.rc != 0

			




	
	
	
		
 
    # First error message from OpenSSL in Debian 8 Jessie, second from

			




	
	
	
		
 
    # OpenSSL in Debian 9 Stretch.

			




	
	
	
		
 
    assert 'write:errno=104' in starttls.stderr or 'SSL alert number 70' in starttls.stderr

			




	
	
	
		
 

			




	
	
	
		
 
    # Test ciphers for default port (less restrictive).

			




        

    


    
    

    

        

                

                    roles/preseed/templates/preseed.cfg.j2
                

                

                  
                      
                        

                      

                      
                        
                  

                  
                      
                  
                      
                  
                      
                  
                      
                  
                  
                

                

                    Show inline comments
                    
                

        

        

            



	
	
	
		
 
{% set overrides = preseed_server_overrides[item] | default({}) %}

			




	
	
	
		
 
{% set network_auto = overrides["network_auto"] | default(preseed_network_auto) %}

			




	
	
	
		
 
#

			




	
	
	
		
 
# Pressed configuration file for Debian Jessie/Stretch installation for server {{ item }}.

			




	
	
	
		
 
# Pressed configuration file for Debian Stretch installation for server {{ item }}.

			




	
	
	
		
 
#

			




	
	
	
		
 

			




	
	
	
		
 

			




        

    



    


    



    



      

      





    
    0 comments (0 inline, 0 general)
    





    


  

  







  


    




    








    
        
    
    
        This site is powered by
            Kallithea 0.7.0,
        which is
        © 2010–2023 by various authors & licensed under GPLv3.