majic-ansible-roles Changeset

Changeset - c95f61f32b67

Parent rev.

Child rev.

[Not reviewed]

0 8 0

Branko Majic (branko) - 3 years ago 2020-12-03 20:39:42
branko@majic.rs

MAR-174: Enable Message Carbons (XEP-0280) and Message Archive Management (XEP-0313) via xmpp_server role:

- Updated release notes.
- Updated role reference documentation.
- Enable the two modules via Prosody configuration file, and set the
archive expiration configuration option for Prosody.
- Updated tests.

8 files changed with 28 insertions and 1 deletions:

docs/releasenotes.rst

docs/rolereference.rst

roles/xmpp_server/defaults/main.yml

roles/xmpp_server/molecule/default/group_vars/parameters-optional.yml

roles/xmpp_server/molecule/default/tests/test_default.py

roles/xmpp_server/molecule/default/tests/test_mandatory.py

roles/xmpp_server/molecule/default/tests/test_optional.py

roles/xmpp_server/templates/prosody.cfg.lua.j2

0 comments (0 inline, 0 general)

docs/releasenotes.rst

➞

Show inline comments

@@ @@ -159,6 +159,13 @@ upgrade to Python 3.x, dropping support for Python 2.7. @@
   * Server now supports blocking users via `XEP-0191: Blocking Command
     <https://xmpp.org/extensions/xep-0191.html>`_.
   * Server now supports `XEP-0280: Message Carbons
     <http://xmpp.org/extensions/xep-0280.html>`_, letting multiple
     online XMPP clients receive/store the same message.
   * Server now supports `XEP-0313: Message Archive Management
     <https://xmpp.org/extensions/xep-0313.html>`_, storing copies of
     received messages server-side. Message expiration is configurable
     via parameter ``xmpp_server_archive_expiration``.
   * XMPP server certificate is checked on daily basis using the
     ``prosodyctl check certs`` command. This helps catch issues where
     issued certificate does not include all the necessary subject

docs/rolereference.rst

➞

Show inline comments

@@ @@ -853,7 +853,8 @@ The role implements the following: @@
 Prosody is configured as follows:
 * Modules enabled: roster, saslauth, tls, dialback, posix, private, vcard,
   version, uptime, time, ping, pep, register, admin_adhoc, announce, legacyauth.
   version, uptime, time, ping, pep, register, admin_adhoc, announce,
   legacyauth, carbons, mam.
 * Self-registration is not allowed.
 * TLS is configured. Legacy TLS is available on port 5223.
 * Client-to-server communication requires encryption (TLS).
@@ @@ -941,6 +942,14 @@ Parameters @@
   only the default version is getting properly tested. Prosody
   versions lower than ``0.10.x`` are not supported.
 **xmpp_server_archive_expiration** (string, optional, ``never``)
   Expiration period for messages stored server-side using `XEP-0313:
   Message Archive Management
   <https://xmpp.org/extensions/xep-0313.html>`_. The value should be
   compatible with `Prosody mod_mam
   <https://prosody.im/doc/modules/mod_mam>`_ configuration option
   ``archive_expires_after``.
 **xmpp_server_tls_ciphers** (string, optional ``DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305:!aNULL:!MD5:!EXPORT``)
   TLS ciphers to enable on the XMPP server. This should be an
   OpenSSL-compatible cipher specification. Value should be compatible

roles/xmpp_server/defaults/main.yml

➞

Show inline comments

@@ @@ -2,6 +2,7 @@ @@
 enable_backup: false
 xmpp_prosody_package: "prosody-0.11"
 xmpp_server_archive_expiration: "never"
 xmpp_server_tls_protocol: "tlsv1_2+"
 xmpp_server_tls_ciphers: "\
 DHE-RSA-AES128-GCM-SHA256:\

roles/xmpp_server/molecule/default/group_vars/parameters-optional.yml

➞

Show inline comments

@@ @@ -10,6 +10,7 @@ xmpp_ldap_base_dn: dc=local @@
 xmpp_ldap_password: prosodypassword
 xmpp_ldap_server: ldap-server
 xmpp_prosody_package: prosody-0.10
 xmpp_server_archive_expiration: "1w"
 xmpp_tls_certificate: "{{ lookup('file', 'tests/data/x509/server/{{ inventory_hostname }}_xmpp.cert.pem') }}"
 xmpp_tls_key: "{{ lookup('file', 'tests/data/x509/server/{{ inventory_hostname }}_xmpp.key.pem') }}"
 xmpp_server_tls_protocol: "tlsv1+"

roles/xmpp_server/molecule/default/tests/test_default.py

➞

Show inline comments

@@ @@ -293,9 +293,11 @@ def test_enabled_modules(host): @@
         "admin_adhoc",
         "announce",
         "blocklist",
         "carbons",
         "dialback",
         "disco",
         "legacyauth",
         "mam",
         "pep",
         "ping",
         "posix",

roles/xmpp_server/molecule/default/tests/test_mandatory.py

➞

Show inline comments

@@ @@ -30,6 +30,7 @@ def test_prosody_configuration_file_content(host): @@
         assert "ldap_password = \"prosodypassword\"" in config.content_string
         assert "ldap_filter = \"(&(mail=$user@$host)(memberOf=cn=xmpp,ou=groups,dc=local))\"" in config.content_string
         assert "ldap_base = \"ou=people,dc=local\"" in config.content_string
         assert "archive_expires_after = \"never\"" in config.content_string
         assert """VirtualHost "domain1"
 Component "conference.domain1" "muc"

roles/xmpp_server/molecule/default/tests/test_optional.py

➞

Show inline comments

@@ @@ -30,6 +30,7 @@ def test_prosody_configuration_file_content(host): @@
         assert "ldap_password = \"prosodypassword\"" in config.content_string
         assert "ldap_filter = \"(&(mail=$user@$host)(memberOf=cn=xmpp,ou=groups,dc=local))\"" in config.content_string
         assert "ldap_base = \"ou=people,dc=local\"" in config.content_string
         assert "archive_expires_after = \"1w\"" in config.content_string
         assert """VirtualHost "domain2"
 Component "conference.domain2" "muc"

roles/xmpp_server/templates/prosody.cfg.lua.j2

➞

Show inline comments

@@ @@ -19,6 +19,7 @@ modules_enabled = { @@
     "private"; -- Private XML storage (for room bookmarks, etc.)
     "blocklist"; -- Allow users to block communications with other users
     "vcard"; -- Allow users to set vCards
     "carbons"; -- Keep multiple clients in sync
   -- Nice to have
     "version"; -- Replies to server version requests
@@ @@ -27,6 +28,7 @@ modules_enabled = { @@
     "ping"; -- Replies to XMPP pings with pongs
     "pep"; -- Enables users to publish their mood, activity, playing music and more
     "register"; -- Allow users to register on this server using a client and change passwords
     "mam"; -- Store messages in an archive and allow users to access it
   -- Admin interfaces
     "admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands
@@ @@ -83,6 +85,9 @@ ldap_scope = "onelevel" @@
 ldap_tls = true
 ldap_base = "ou=people,{{ xmpp_ldap_base_dn }}"
 -- Message Archives (mod_mam) configuration.
 archive_expires_after = "{{ xmpp_server_archive_expiration }}"
 -- Storage backend.
 storage = "internal"

0 comments (0 inline, 0 general)