majic-ansible-roles Changeset

Changeset - 7d9696a7b5cc

Parent rev.

Child rev.

[Not reviewed]

0 7 0

Branko Majic (branko) - 5 years ago 2021-01-14 23:50:11
branko@majic.rs

MAR-151: Added support for Debian 10 Buster to mail_server role:

- Updated role reference documentaiton.
- Updated role meta information.
- Updated tests.
- Improve handling of configured IP in tests to avoid hard-coding the
value in the relevant test for Postfix configuration file content.

7 files changed with 99 insertions and 7 deletions:

docs/rolereference.rst

roles/mail_server/meta/main.yml

roles/mail_server/molecule/default/group_vars/parameters-optional.yml

roles/mail_server/molecule/default/host_vars/ldap-server.yml

roles/mail_server/molecule/default/molecule.yml

roles/mail_server/molecule/default/prepare.yml

roles/mail_server/molecule/default/tests/test_optional.py

0 comments (0 inline, 0 general)

docs/rolereference.rst

➞

Show inline comments

@@ @@ -1236,12 +1236,13 @@ Parameters @@
 Distribution compatibility
 ~~~~~~~~~~~~~~~~~~~~~~~~~~
 Role is compatible with the following distributions:
 - Debian 9 (Stretch)
 - Debian 10 (Buster)
 Examples
 ~~~~~~~~
 Here is an example configuration for setting-up XMPP server using Prosody:

roles/mail_server/meta/main.yml

➞

Show inline comments

@@ @@ -13,8 +13,8 @@ galaxy_info: @@
   description: Sets-up mail server with SMTP and IMAP services, using LDAP as source of allowed destinations (domains, mail addresses)
   license: BSD
   min_ansible_version: 2.9
   platforms:
     - name: Debian
       versions:
         - 8
         - 9
         - 10

roles/mail_server/molecule/default/group_vars/parameters-optional.yml

➞

Show inline comments

@@ @@ -25,15 +25,20 @@ imap_folder_separator: "." @@
 smtp_rbl:
   - bl.spamcop.net
   - zen.spamhaus.org
 mail_postmaster: "webmaster@parameters-optional"
 smtp_allow_relay_from:
-  - "10.31.127.22"
+  - "{{ release_based_smtp_allow_relay_from[ansible_distribution_release] }}"
 mail_message_size_limit: 20480001
 # Variables dependant on distribution release.
 release_based_smtp_allow_relay_from:
   stretch: "10.31.127.22"
   buster: "10.31.127.20"
 # common
 ca_certificates:
   testca: "{{ lookup('file', 'tests/data/x509/ca/level1.cert.pem') }}"
 # backup_client (backup username should end in -s64 for Stretch).
 enable_backup: true

roles/mail_server/molecule/default/host_vars/ldap-server.yml

➞

Show inline comments

@@ @@ -40,13 +40,13 @@ ldap_client_config: @@
 backup_host_ssh_private_keys:
   rsa: "{{ lookup('file', 'tests/data/ssh/server_rsa') }}"
   ed25519: "{{ lookup('file', 'tests/data/ssh/server_ed25519') }}"
   ecdsa: "{{ lookup('file', 'tests/data/ssh/server_ecdsa') }}"
 backup_clients:
   - server: parameters-optional-j64
     ip: 10.31.127.31
     public_key: "{{ lookup('file', 'tests/data/ssh/parameters-optional.pub') }}"
   - server: parameters-optional-s64
     ip: 10.31.127.33
     public_key: "{{ lookup('file', 'tests/data/ssh/parameters-optional.pub') }}"
   - server: parameters-optional-b64
     ip: 10.31.127.31
     public_key: "{{ lookup('file', 'tests/data/ssh/parameters-optional.pub') }}"

roles/mail_server/molecule/default/molecule.yml

➞

Show inline comments

@@ @@ -77,12 +77,68 @@ platforms: @@
     interfaces:
       - auto_config: true
         ip: 10.31.127.33
         network_name: private_network
         type: static
   - name: client1-buster
     groups:
       - client
       - client-relay-allowed
       - buster
       - smtp-server-requiring-tls
     box: debian/contrib-buster64
     memory: 256
     cpus: 1
     interfaces:
       - auto_config: true
         ip: 10.31.127.20
         network_name: private_network
         type: static
   - name: client2-buster
     groups:
       - client
       - client-relay-forbidden
       - buster
       - smtp-server-refusing-tls
     box: debian/contrib-buster64
     memory: 256
     cpus: 1
     interfaces:
       - auto_config: true
         ip: 10.31.127.21
         network_name: private_network
         type: static
   - name: parameters-mandatory-buster64
     groups:
       - parameters-mandatory
       - buster
     box: debian/contrib-buster64
     memory: 1536
     cpus: 1
     interfaces:
       - auto_config: true
         ip: 10.31.127.30
         network_name: private_network
         type: static
   - name: parameters-optional-buster64
     groups:
       - parameters-optional
       - buster
     box: debian/contrib-buster64
     memory: 1536
     cpus: 1
     interfaces:
       - auto_config: true
         ip: 10.31.127.31
         network_name: private_network
         type: static
 provisioner:
   name: ansible
   playbooks:
     cleanup: cleanup.yml
   config_options:
     defaults:

roles/mail_server/molecule/default/prepare.yml

➞

Show inline comments

@@ @@ -31,12 +31,20 @@ @@
         - name: parameters-mandatory-stretch64_smtp
           fqdn: parameters-mandatory-stretch64
         - name: parameters-optional-stretch64_imap
           fqdn: parameters-optional-stretch64
         - name: parameters-optional-stretch64_smtp
           fqdn: parameters-optional-stretch64
         - name: parameters-mandatory-buster64_imap
           fqdn: parameters-mandatory-buster64
         - name: parameters-mandatory-buster64_smtp
           fqdn: parameters-mandatory-buster64
         - name: parameters-optional-buster64_imap
           fqdn: parameters-optional-buster64
         - name: parameters-optional-buster64_smtp
           fqdn: parameters-optional-buster64
     - name: Set-up link to generated X.509 material
       file:
         src: ".gimmecert"
         dest: "tests/data/x509"
         state: link
@@ @@ -83,12 +91,32 @@ @@
 .31.127.10: "ldap-server backup-server"
 .31.127.22: "client1 smtp-server-requiring-tls"
 .31.127.23: "client2 smtp-server-refusing-tls"
 .31.127.32: "parameters-mandatory parameters-mandatory-stretch64"
 .31.127.33: "parameters-optional parameters-optional-stretch64"
 - hosts: buster
   become: true
   tasks:
     - name: Set-up the hosts file
       lineinfile:
         path: /etc/hosts
         regexp: "^{{ item.key }}"
         line: "{{ item.key }} {{ item.value }}"
         owner: root
         group: root
         mode: 0644
         state: present
       with_dict:
 .31.127.10: "ldap-server backup-server"
 .31.127.20: "client1 smtp-server-requiring-tls"
 .31.127.21: "client2 smtp-server-refusing-tls"
 .31.127.30: "parameters-mandatory parameters-mandatory-buster64"
 .31.127.31: "parameters-optional parameters-optional-buster64"
 - hosts: client
   become: true
   tasks:
     - name: Install SWAKS for testing SMTP capability
       apt:

roles/mail_server/molecule/default/tests/test_optional.py

➞

Show inline comments

@@ @@ -27,13 +27,15 @@ def test_mailname_file_content(host): @@
 def test_postfix_main_cf_file_content(host):
     """
     Tests if the Postfix main configuration file content is correct.
     """
     allow_relay_from_ip = "10.31.127.22"
     host_variables = host.ansible.get_variables()
     allow_relay_from_ip = host_variables["smtp_allow_relay_from"]
     hostname = host.run('hostname').stdout.strip()
     config = host.file('/etc/postfix/main.cf')
     config_lines = config.content_string.split("\n")

0 comments (0 inline, 0 general)