Files
@ 5ea45eee5187
Branch filter:
Location: majic-ansible-roles/roles/mail_forwarder/playbook.yml
5ea45eee5187
3.8 KiB
text/x-yaml
MAR-124: Updated mail_forwarder test_tls_enforced_towards_relay_mail_server to be a bit robust against race condition.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 | ---
- hosts: all
tasks:
- name: Update all caches to avoid errors due to missing remote archives
apt:
update_cache: yes
changed_when: False
- hosts: all
tasks:
- name: Set-up /etc/hosts entries
lineinfile:
dest: /etc/hosts
line: "{{ item.key }} {{ item.value }}"
with_dict:
10.31.127.10: "mail-server domain1"
10.31.127.20: "client1"
10.31.127.30: "parameters-mandatory"
10.31.127.31: "parameters-optional"
10.31.127.32: "parameters-no-incoming"
- hosts: client1
tasks:
- name: Install SWAKS for testing SMTP capability
apt:
name: swaks
state: installed
- name: Install tool for testing TCP connectivity
apt:
name: hping3
state: installed
- name: Deploy CA certificate
copy:
src: tests/data/x509/ca.cert.pem
dest: /usr/local/share/ca-certificates/testca.crt
owner: root
group: root
mode: 0644
notify:
- Update CA certificate cache
handlers:
- name: Update CA certificate cache
command: /usr/sbin/update-ca-certificates --fresh
- hosts: mail-server
tasks:
- name: Deploy CA certificate
copy:
src: tests/data/x509/ca.cert.pem
dest: /usr/local/share/ca-certificates/testca.crt
owner: root
group: root
mode: 0644
notify:
- Update CA certificate cache
- name: Deploy SMTP private key and certificate
copy:
src: "tests/data/x509/{{ item }}"
dest: "/etc/ssl/{{ item }}"
owner: root
group: root
mode: 0600
with_items:
- mail-server_smtp.cert.pem
- mail-server_smtp.key.pem
- name: Install Postfix
apt: name="postfix" state=installed
- name: Purge Exim configuration
apt: name="exim4*" state=absent purge=yes
- name: Deploy Postfix configuration
copy:
src: tests/data/main.cf
dest: /etc/postfix/main.cf
owner: root
group: root
mode: 0644
notify:
- Restart Postfix
- name: Install tool for testing TCP connectivity
apt:
name: hping3
state: installed
- name: Install SWAKS for testing SMTP capability
apt:
name: swaks
state: installed
- name: Set-up port forwarding
command: "iptables -t nat -A PREROUTING -p tcp -m tcp --dport 27 -j REDIRECT --to-ports 25"
changed_when: False
handlers:
- name: Update CA certificate cache
command: /usr/sbin/update-ca-certificates --fresh
- name: Restart Postfix
service:
name: postfix
state: restarted
- hosts: parameters-mandatory
roles:
- role: mail_forwarder
# Global common parameters.
tls_certificate_dir: tests/data/x509/
- hosts: parameters-optional
roles:
- role: mail_forwarder
local_mail_aliases:
root: "root testuser"
smtp_from_relay_allowed: True
smtp_relay_host: mail-server
smtp_relay_host_port: 27
smtp_relay_truststore: "{{ lookup('file', 'tests/data/x509/ca.cert.pem') }}"
# common
ca_certificates:
testca: "{{ lookup('file', 'tests/data/x509/ca.cert.pem') }}"
- hosts: parameters-no-incoming
roles:
- role: mail_forwarder
smtp_relay_host: mail-server
smtp_from_relay_allowed: False
smtp_relay_truststore: "{{ lookup('file', 'tests/data/x509/ca.cert.pem') }}"
# common
ca_certificates:
testca: "{{ lookup('file', 'tests/data/x509/ca.cert.pem') }}"
- hosts: parameters-optional
tasks:
- name: Create additional group for testing local aliases
group:
name: testuser
- name: Create additional user for testing local aliases
user:
name: testuser
group: testuser
|