diff --git a/roles/mail_server/molecule/default/prepare.yml b/roles/mail_server/molecule/default/prepare.yml index 51f28bdf518207435a35dc6c5655b3a2b7f748fc..ef47bf6dae35eb45fcf6e05fb1e3ce0236c61c2c 100644 --- a/roles/mail_server/molecule/default/prepare.yml +++ b/roles/mail_server/molecule/default/prepare.yml @@ -38,6 +38,15 @@ - name: parameters-optional-bullseye_smtp fqdn: parameters-optional-bullseye + - name: parameters-mandatory-bookworm_imap + fqdn: parameters-mandatory-bookworm + - name: parameters-mandatory-bookworm_smtp + fqdn: parameters-mandatory-bookworm + - name: parameters-optional-bookworm_imap + fqdn: parameters-optional-bookworm + - name: parameters-optional-bookworm_smtp + fqdn: parameters-optional-bookworm + - name: Set-up link to generated X.509 material file: src: ".gimmecert" @@ -195,24 +204,95 @@ 192.168.56.51: "parameters-mandatory parameters-mandatory-bullseye" 192.168.56.52: "parameters-optional parameters-optional-bullseye" +- hosts: bookworm + become: true + tasks: + + - name: Enable TLSv1.0+ in global OpenSSL configuration file in order to be able to test the web_server_tls_protocols parameter + blockinfile: + path: "/etc/ssl/openssl.cnf" + block: | + [openssl_init] + ssl_conf = ssl_sect + + [ssl_sect] + system_default = system_default_sect + + [system_default_sect] + MinProtocol = TLSv1.1 + CipherString = DEFAULT@SECLEVEL=0 + owner: root + group: root + mode: 0644 + state: present + + - name: Set-up the hosts file + lineinfile: + path: /etc/hosts + regexp: "^{{ item.key }}" + line: "{{ item.key }} {{ item.value }}" + owner: root + group: root + mode: 0644 + state: present + with_dict: + # Force mail servers to use local ClamAV database mirror. + 192.168.56.11: "db.local.clamav.net database.clamav.net" + 192.168.56.12: "ldap-server backup-server" + 192.168.56.21: "client1 smtp-server-requiring-tls" + 192.168.56.22: "client2 smtp-server-refusing-tls" + 192.168.56.31: "parameters-mandatory parameters-mandatory-bookworm" + 192.168.56.32: "parameters-optional parameters-optional-bookworm" + - hosts: client become: true tasks: - - name: Install SWAKS for testing SMTP capability + - name: Install tool for testing SMTP capability apt: name: swaks state: present - - name: Install pip - apt: - name: python3-pip - state: present + - name: Install tool for testing IMAP + block: - - name: Install IMAP CLI tool - pip: - name: Imap-CLI==0.7 - state: present + - name: Install required system packages + apt: + name: python3-venv + state: present + + - name: Set-up dedicated Python virtual environment for running the tool + command: "python3 -m venv /opt/imap-cli" + args: + creates: /opt/imap-cli/bin/python + + - name: Install IMAP CLI + pip: + name: + - Imap-CLI==0.7 + - six + state: present + virtualenv: /opt/imap-cli + + - name: Set-up symlinks for running the tool + file: + src: "/opt/imap-cli/bin/{{ item }}" + dest: "/usr/local/bin/{{ item }}" + owner: root + group: root + state: link + with_items: + - imapcli + - imap-cli-flag + - imap-cli-delete + - imap-cli-copy + - imap-api + - imap-shell + - imap-notify + - imap-cli-status + - imap-cli-search + - imap-cli-read + - imap-cli-list - name: Install tool for testing SIEVE apt: