majic-ansible-roles Changeset

Changeset - b0c92677ba93

Parent rev.

Child rev.

[Not reviewed]

0 13 3

Branko Majic (branko) - 6 years ago 2018-05-31 21:59:19
branko@majic.rs

MAR-129: Updated mail_server role for new Molecule and Ansible:

- Moved variables from test playbooks into group/host vars.
- Fixed linting errors.
- Reference custom top-level linting configuration file in tests.
- Fixed deprecation errors reported by Ansible.
- Updated how the hosts on which the tests should be run are
referenced.

16 files changed with 227 insertions and 206 deletions:

roles/mail_server/defaults/main.yml

roles/mail_server/molecule/default/create.yml

roles/mail_server/molecule/default/destroy.yml

roles/mail_server/molecule/default/group_vars/parameters-mandatory.yml

roles/mail_server/molecule/default/group_vars/parameters-optional.yml

roles/mail_server/molecule/default/host_vars/ldap-server.yml

114

roles/mail_server/molecule/default/molecule.yml

roles/mail_server/molecule/default/playbook.yml

roles/mail_server/molecule/default/prepare.yml

125

roles/mail_server/molecule/default/tests/test_backup.py

roles/mail_server/molecule/default/tests/test_client1.py

roles/mail_server/molecule/default/tests/test_client2.py

roles/mail_server/molecule/default/tests/test_default.py

roles/mail_server/molecule/default/tests/test_mandatory.py

roles/mail_server/molecule/default/tests/test_optional.py

roles/mail_server/tasks/main.yml

0 comments (0 inline, 0 general)

roles/mail_server/defaults/main.yml

➞

Show inline comments

 ---
-enable_backup: False
+enable_backup: false
 mail_ldap_tls_truststore: "{{ lookup('file', tls_certificate_dir + '/truststore.pem') }}"
 mail_user: vmail
 imap_tls_certificate: "{{ lookup('file', tls_certificate_dir + '/' + ansible_fqdn + '_imap.pem') }}"
@@ @@ -15,4 +15,6 @@ local_mail_aliases: {} @@
 imap_max_user_connections_per_ip: 10
 mail_server_tls_protocols:
   - "TLSv1.2"
 mail_server_tls_ciphers: "DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:!aNULL:!MD5:!EXPORT"
 mail_server_tls_ciphers: "DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-GCM-SHA384:\
 DHE-RSA-AES256-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-GCM-SHA384:\
 ECDHE-RSA-AES256-SHA384:!aNULL:!MD5:!EXPORT"

roles/mail_server/molecule/default/create.yml

➞

Show inline comments

@@ @@ -2,7 +2,7 @@ @@
 - name: Create
   hosts: localhost
   connection: local
-  gather_facts: False
+  gather_facts: false
   no_log: "{{ not lookup('env', 'MOLECULE_DEBUG') | bool }}"
   vars:
     molecule_file: "{{ lookup('env', 'MOLECULE_FILE') }}"

roles/mail_server/molecule/default/destroy.yml

➞

Show inline comments

@@ @@ -3,7 +3,7 @@ @@
 - name: Destroy
   hosts: localhost
   connection: local
-  gather_facts: False
+  gather_facts: false
   no_log: "{{ not lookup('env', 'MOLECULE_DEBUG') | bool }}"
   vars:
     molecule_file: "{{ lookup('env', 'MOLECULE_FILE') }}"

roles/mail_server/molecule/default/group_vars/parameters-mandatory.yml

➞

Show inline comments

@@ new file 100644 @@
 ---
 mail_ldap_base_dn: dc=local
 mail_ldap_url: ldap://ldap-server/
 mail_ldap_postfix_password: postfixpassword
 mail_ldap_dovecot_password: dovecotpassword
 # Common parameters (general, not role).
 tls_certificate_dir: tests/data/x509/
 tls_private_key_dir: tests/data/x509/
 # common
 ca_certificates:
   testca: "{{ lookup('file', 'tests/data/x509/ca.cert.pem') }}"

roles/mail_server/molecule/default/group_vars/parameters-optional.yml

➞

Show inline comments

@@ new file 100644 @@
 ---
 mail_ldap_base_dn: dc=local
 mail_ldap_url: ldap://ldap-server/
 mail_ldap_tls_truststore: "{{ lookup('file', 'tests/data/x509/ca.cert.pem') }}"
 mail_ldap_postfix_password: postfixpassword
 mail_ldap_dovecot_password: dovecotpassword
 mail_server_tls_protocols:
   - TLSv1.2
   - TLSv1.1
 mail_server_tls_ciphers: "DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-GCM-SHA384:\
 DHE-RSA-AES256-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-GCM-SHA384:\
 ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:!aNULL:!MD5:!EXPORT"
 mail_user: virtmail
 mail_user_uid: 5000
 mail_user_gid: 5000
 imap_max_user_connections_per_ip: 2
 imap_tls_certificate: "{{ lookup('file', 'tests/data/x509/parameters-optional_imap.cert.pem') }}"
 imap_tls_key: "{{ lookup('file', 'tests/data/x509/parameters-optional_imap.key.pem') }}"
 local_mail_aliases:
   root: "john.doe@domain1"
 smtp_tls_certificate: "{{ lookup('file', 'tests/data/x509/parameters-optional_smtp.cert.pem') }}"
 smtp_tls_key: "{{ lookup('file', 'tests/data/x509/parameters-optional_smtp.key.pem') }}"
 imap_folder_separator: "."
 smtp_rbl:
   - bl.spamcop.net
   - zen.spamhaus.org
 mail_postmaster: "webmaster@parameters-optional"
 smtp_allow_relay_from:
   - 10.31.127.20
 # common
 ca_certificates:
   testca: "{{ lookup('file', 'tests/data/x509/ca.cert.pem') }}"
 # backup_client
 enable_backup: true
 backup_client_username: bak-parameters-optional-j64
 backup_encryption_key: "{{ lookup('file', 'tests/data/gnupg/parameters-optional.asc') }}"
 backup_server: ldap-server
 backup_server_host_ssh_public_keys:
   - "{{ lookup('file', 'tests/data/ssh/server_dsa.pub') }}"
   - "{{ lookup('file', 'tests/data/ssh/server_rsa.pub') }}"
   - "{{ lookup('file', 'tests/data/ssh/server_ed25519.pub') }}"
   - "{{ lookup('file', 'tests/data/ssh/server_ecdsa.pub') }}"
 backup_ssh_key: "{{ lookup('file', 'tests/data/ssh/parameters-optional' ) }}"

roles/mail_server/molecule/default/host_vars/ldap-server.yml

➞

Show inline comments

@@ new file 100644 @@
 ---
 # ldap_server role
 ldap_admin_password: admin
 ldap_entries:
   # Users
   - dn: uid=john,ou=people,dc=local
     attributes:
       objectClass:
         - inetOrgPerson
         - simpleSecurityObject
       userPassword: johnpassword
       uid: john
       cn: John Doe
       sn: Doe
       mail: john.doe@domain1
   - dn: uid=jane,ou=people,dc=local
     attributes:
       objectClass:
         - inetOrgPerson
         - simpleSecurityObject
       userPassword: janepassword
       uid: jane
       cn: Jane Doe
       sn: Doe
       mail: jane.doe@domain2
   - dn: uid=nomail,ou=people,dc=local
     attributes:
       objectClass:
         - inetOrgPerson
         - simpleSecurityObject
       userPassword: nomailpassword
       uid: nomail
       cn: No Mail
       sn: Mail
       mail: nomail@domain1
   # Groups
   - dn: "cn=mail,ou=groups,dc=local"
     state: append
     attributes:
       uniqueMember:
         - uid=john,ou=people,dc=local
         - uid=jane,ou=people,dc=local
   # Domains
   - dn: dc=domain1,ou=domains,ou=mail,ou=services,dc=local
     attributes:
       objectClass: dNSDomain
       dc: domain1
   - dn: dc=domain2,ou=domains,ou=mail,ou=services,dc=local
     attributes:
       objectClass: dNSDomain
       dc: domain2
   # Aliases
   - dn: cn=postmaster@domain1,ou=aliases,ou=mail,ou=services,dc=local
     attributes:
       objectClass: nisMailAlias
       cn: postmaster@domain1
       rfc822MailMember: john.doe@domain1
   - dn: cn=webmaster@domain2,ou=aliases,ou=mail,ou=services,dc=local
     attributes:
       objectClass: nisMailAlias
       cn: webmaster@domain2
       rfc822MailMember: jane.doe@domain2
 ldap_server_consumers:
   - name: postfix
     password: postfixpassword
   - name: dovecot
     password: dovecotpassword
     state: present
 ldap_server_domain: "local"
 ldap_server_groups:
   - name: mail
 ldap_server_organization: "Example"
 ldap_server_tls_certificate: "{{ lookup('file', 'tests/data/x509/ldap-server_ldap.cert.pem') }}"
 ldap_server_tls_key: "{{ lookup('file', 'tests/data/x509/ldap-server_ldap.key.pem') }}"
 # common
 ca_certificates:
   testca: "{{ lookup('file', 'tests/data/x509/ca.cert.pem') }}"
 # ldap_client
 ldap_client_config:
   - comment: CA truststore
     option: TLS_CACERT
     value: /etc/ssl/certs/testca.cert.pem
   - comment: Ensure TLS is enforced
     option: TLS_REQCERT
     value: demand
   - comment: Base DN
     option: BASE
     value: dc=local
   - comment: URI
     option: URI
     value: ldapi:///
 # backup_server role
 backup_host_ssh_private_keys:
   dsa: "{{ lookup('file', 'tests/data/ssh/server_dsa') }}"
   rsa: "{{ lookup('file', 'tests/data/ssh/server_rsa') }}"
   ed25519: "{{ lookup('file', 'tests/data/ssh/server_ed25519') }}"
   ecdsa: "{{ lookup('file', 'tests/data/ssh/server_ecdsa') }}"
 backup_clients:
   - server: parameters-optional-j64
     ip: 10.31.127.31
     public_key: "{{ lookup('file', 'tests/data/ssh/parameters-optional.pub') }}"

roles/mail_server/molecule/default/molecule.yml

➞

Show inline comments

@@ @@ -9,6 +9,8 @@ driver: @@
 lint:
   name: yamllint
   options:
     config-file: ../../.yamllint.yml
 platforms:

roles/mail_server/molecule/default/playbook.yml

➞

Show inline comments

 ---
 - hosts: parameters-mandatory
   become: yes
 - hosts: parameters-mandatory,parameters-optional
   become: true
   roles:
     - role: mail_server
       mail_ldap_base_dn: dc=local
       mail_ldap_url: ldap://ldap-server/
       mail_ldap_postfix_password: postfixpassword
       mail_ldap_dovecot_password: dovecotpassword
       # Common parameters (general, not role).
       tls_certificate_dir: tests/data/x509/
       tls_private_key_dir: tests/data/x509/
       # common
       ca_certificates:
         testca: "{{ lookup('file', 'tests/data/x509/ca.cert.pem') }}"
 - hosts: parameters-optional
   become: yes
   roles:
     - role: mail_server
       mail_ldap_base_dn: dc=local
       mail_ldap_url: ldap://ldap-server/
       mail_ldap_tls_truststore: "{{ lookup('file', 'tests/data/x509/ca.cert.pem') }}"
       mail_ldap_postfix_password: postfixpassword
       mail_ldap_dovecot_password: dovecotpassword
       mail_server_tls_protocols:
         - TLSv1.2
         - TLSv1.1
       mail_server_tls_ciphers: "DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:!aNULL:!MD5:!EXPORT"
       mail_user: virtmail
       mail_user_uid: 5000
       mail_user_gid: 5000
       imap_max_user_connections_per_ip: 2
       imap_tls_certificate: "{{ lookup('file', 'tests/data/x509/parameters-optional_imap.cert.pem') }}"
       imap_tls_key: "{{ lookup('file', 'tests/data/x509/parameters-optional_imap.key.pem') }}"
       local_mail_aliases:
         root: "john.doe@domain1"
       smtp_tls_certificate: "{{ lookup('file', 'tests/data/x509/parameters-optional_smtp.cert.pem') }}"
       smtp_tls_key: "{{ lookup('file', 'tests/data/x509/parameters-optional_smtp.key.pem') }}"
       imap_folder_separator: "."
       smtp_rbl:
         - bl.spamcop.net
         - zen.spamhaus.org
       mail_postmaster: "webmaster@parameters-optional"
       smtp_allow_relay_from:
         - 10.31.127.20
       # common
       ca_certificates:
         testca: "{{ lookup('file', 'tests/data/x509/ca.cert.pem') }}"
       # backup_client
       enable_backup: yes
       backup_client_username: bak-parameters-optional-j64
       backup_encryption_key: "{{ lookup('file', 'tests/data/gnupg/parameters-optional.asc') }}"
       backup_server: ldap-server
       backup_server_host_ssh_public_keys:
         - "{{ lookup('file', 'tests/data/ssh/server_dsa.pub') }}"
         - "{{ lookup('file', 'tests/data/ssh/server_rsa.pub') }}"
         - "{{ lookup('file', 'tests/data/ssh/server_ed25519.pub') }}"
         - "{{ lookup('file', 'tests/data/ssh/server_ecdsa.pub') }}"
       backup_ssh_key: "{{ lookup('file', 'tests/data/ssh/parameters-optional' ) }}"
     - mail_server

roles/mail_server/molecule/default/prepare.yml

➞

Show inline comments

@@ @@ -2,24 +2,24 @@ @@
 - name: Prepare
   hosts: all
-  gather_facts: False
+  gather_facts: false
   tasks:
     - name: Install python for Ansible
       raw: test -e /usr/bin/python || (apt -y update && apt install -y python-minimal)
       become: True
       changed_when: False
       become: true
       changed_when: false
 - hosts: all
-  become: yes
+  become: true
   tasks:
     - name: Update all caches to avoid errors due to missing remote archives
       apt:
         update_cache: yes
       changed_when: False
         update_cache: true
       changed_when: false
 - hosts: all
-  become: yes
+  become: true
   tasks:
     - name: Set-up the hosts file
@@ @@ -39,18 +39,18 @@ @@
 .31.127.31: "parameters-optional parameters-optional-jessie64"
 - hosts: client
-  become: yes
+  become: true
   tasks:
     - name: Install SWAKS for testing SMTP capability
       apt:
         name: swaks
-        state: installed
+        state: present
     - name: Install pip
       apt:
         name: python-pip
-        state: installed
+        state: present
     - name: Install IMAP CLI tool
       pip:
@@ @@ -60,12 +60,12 @@ @@
     - name: Install tool for testing SIEVE
       apt:
         name: sieve-connect
-        state: installed
+        state: present
     - name: Install tool for testing TCP connectivity
       apt:
         name: hping3
-        state: installed
+        state: present
     - name: Deploy IMAP CLI configuration
       copy:
@@ @@ -96,117 +96,7 @@ @@
       command: /usr/sbin/update-ca-certificates --fresh
 - hosts: ldap-server
-  become: yes
+  become: true
   roles:
     - role: ldap_server
       ldap_admin_password: admin
       ldap_entries:
         # Users
         - dn: uid=john,ou=people,dc=local
           attributes:
             objectClass:
               - inetOrgPerson
               - simpleSecurityObject
             userPassword: johnpassword
             uid: john
             cn: John Doe
             sn: Doe
             mail: john.doe@domain1
         - dn: uid=jane,ou=people,dc=local
           attributes:
             objectClass:
               - inetOrgPerson
               - simpleSecurityObject
             userPassword: janepassword
             uid: jane
             cn: Jane Doe
             sn: Doe
             mail: jane.doe@domain2
         - dn: uid=nomail,ou=people,dc=local
           attributes:
             objectClass:
               - inetOrgPerson
               - simpleSecurityObject
             userPassword: nomailpassword
             uid: nomail
             cn: No Mail
             sn: Mail
             mail: nomail@domain1
         # Groups
         - dn: "cn=mail,ou=groups,dc=local"
           state: append
           attributes:
             uniqueMember:
               - uid=john,ou=people,dc=local
               - uid=jane,ou=people,dc=local
         # Domains
         - dn: dc=domain1,ou=domains,ou=mail,ou=services,dc=local
           attributes:
             objectClass: dNSDomain
             dc: domain1
         - dn: dc=domain2,ou=domains,ou=mail,ou=services,dc=local
           attributes:
             objectClass: dNSDomain
             dc: domain2
         # Aliases
         - dn: cn=postmaster@domain1,ou=aliases,ou=mail,ou=services,dc=local
           attributes:
             objectClass: nisMailAlias
             cn: postmaster@domain1
             rfc822MailMember: john.doe@domain1
         - dn: cn=webmaster@domain2,ou=aliases,ou=mail,ou=services,dc=local
           attributes:
             objectClass: nisMailAlias
             cn: webmaster@domain2
             rfc822MailMember: jane.doe@domain2
       ldap_server_consumers:
         - name: postfix
           password: postfixpassword
         - name: dovecot
           password: dovecotpassword
           state: present
       ldap_server_domain: "local"
       ldap_server_groups:
         - name: mail
       ldap_server_organization: "Example"
       ldap_server_tls_certificate: "{{ lookup('file', 'tests/data/x509/ldap-server_ldap.cert.pem') }}"
       ldap_server_tls_key: "{{ lookup('file', 'tests/data/x509/ldap-server_ldap.key.pem') }}"
       # common
       ca_certificates:
         testca: "{{ lookup('file', 'tests/data/x509/ca.cert.pem') }}"
       # ldap_client
       ldap_client_config:
         - comment: CA truststore
           option: TLS_CACERT
           value: /etc/ssl/certs/testca.cert.pem
         - comment: Ensure TLS is enforced
           option: TLS_REQCERT
           value: demand
         - comment: Base DN
           option: BASE
           value: dc=local
         - comment: URI
           option: URI
           value: ldapi:///
     - role: backup_server
       backup_host_ssh_private_keys:
         dsa: "{{ lookup('file', 'tests/data/ssh/server_dsa') }}"
         rsa: "{{ lookup('file', 'tests/data/ssh/server_rsa') }}"
         ed25519: "{{ lookup('file', 'tests/data/ssh/server_ed25519') }}"
         ecdsa: "{{ lookup('file', 'tests/data/ssh/server_ecdsa') }}"
       backup_clients:
         - server: parameters-optional-j64
           ip: 10.31.127.31
           public_key: "{{ lookup('file', 'tests/data/ssh/parameters-optional.pub') }}"
     - ldap_server
     - backup_server

roles/mail_server/molecule/default/tests/test_backup.py

➞

Show inline comments

 import os
 import testinfra.utils.ansible_runner
 testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
-    '.molecule/ansible_inventory.yml').get_hosts('parameters-optional')
+    os.environ['MOLECULE_INVENTORY_FILE']).get_hosts(['parameters-optional'])
 def test_backup(host):

roles/mail_server/molecule/default/tests/test_client1.py

➞

Show inline comments

 import os
 import testinfra.utils.ansible_runner
 testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
-    '.molecule/ansible_inventory.yml').get_hosts('client1')
+    os.environ['MOLECULE_INVENTORY_FILE']).get_hosts(['client1'])
 def test_open_relay(host):

roles/mail_server/molecule/default/tests/test_client2.py

➞

Show inline comments

 import os
 import re
 import testinfra.utils.ansible_runner
 testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
-    '.molecule/ansible_inventory.yml').get_hosts('client2')
+    os.environ['MOLECULE_INVENTORY_FILE']).get_hosts(['client2'])
 def test_open_relay(host):

roles/mail_server/molecule/default/tests/test_default.py

➞

Show inline comments

 import os
 import re
 import testinfra.utils.ansible_runner
 testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
-    '.molecule/ansible_inventory.yml').get_hosts(['parameters-mandatory', 'parameters-optional'])
+    os.environ['MOLECULE_INVENTORY_FILE']).get_hosts(['parameters-mandatory', 'parameters-optional'])
 def test_installed_packages(host):

roles/mail_server/molecule/default/tests/test_mandatory.py

➞

Show inline comments

 import os
 import testinfra.utils.ansible_runner
 testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
-    '.molecule/ansible_inventory.yml').get_hosts('parameters-mandatory')
+    os.environ['MOLECULE_INVENTORY_FILE']).get_hosts(['parameters-mandatory'])
 def test_smtp_tls_files(host):

roles/mail_server/molecule/default/tests/test_optional.py

➞

Show inline comments

 import os
 import re
 import testinfra.utils.ansible_runner
 testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
-    '.molecule/ansible_inventory.yml').get_hosts('parameters-optional')
+    os.environ['MOLECULE_INVENTORY_FILE']).get_hosts(['parameters-optional'])
 def test_smtp_tls_files(host):

roles/mail_server/tasks/main.yml

➞

Show inline comments

@@ @@ -3,12 +3,12 @@ @@
 - name: Install rsync
   apt:
     name: rsync
-    state: installed
+    state: present
 - name: Install Dovecot packages
   apt:
     name: "{{ item }}"
-    state: installed
+    state: present
   with_items:
     - dovecot-imapd
     - dovecot-ldap
@@ @@ -18,7 +18,7 @@ @@
 - name: Install Postfix packages
   apt:
     name: "{{ item }}"
-    state: installed
+    state: present
   with_items:
     - postfix
     - postfix-ldap
@@ @@ -27,18 +27,18 @@ @@
   apt:
     name: "exim4*"
     state: absent
-    purge: yes
+    purge: true
 - name: Allow Postfix user to traverse the directory with TLS private keys
   user:
     name: postfix
-    append: yes
+    append: true
     groups: ssl-cert
 - name: Allow Dovecot user to traverse the directory with TLS private keys
   user:
     name: dovecot
-    append: yes
+    append: true
     groups: ssl-cert
 - name: Deploy SMTP TLS private key
@@ @@ -95,12 +95,12 @@ @@
 - name: Install SWAKS
   apt:
     name: swaks
-    state: installed
+    state: present
 - name: Install milter packages
   apt:
     name: clamav-milter
-    state: installed
+    state: present
 - name: Configure ClamAV Milter
   copy:

0 comments (0 inline, 0 general)