Files @ 770551dc8c6f
Branch filter:

Location: majic-ansible-roles/roles/mail_forwarder/molecule/default/prepare.yml

770551dc8c6f 3.5 KiB text/x-yaml Show Annotation Show as Raw Download as Raw
branko
MAR-148: Improve the SSH connectivity tests in backup_server role to be more reliable:

- Introduce a session-level fixture for setting permissions for client
SSH private keys (fixes errors related to SSH requesting tighter
permissions).
- Add assertions for the tests that verify the backup clients cannot
connect to the regular SSH server in case the SSH private keys do
not have correct permissions (just in case).
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
---

- name: Prepare
  hosts: all
  gather_facts: false
  tasks:
    - name: Install python for Ansible
      raw: test -e /usr/bin/python || (apt -y update && apt install -y python-minimal)
      become: true
      changed_when: false

- hosts: all
  become: true
  tasks:

    - name: Update all caches to avoid errors due to missing remote archives
      apt:
        update_cache: true
      changed_when: false

- hosts: all
  become: true
  tasks:

    - name: Set-up the hosts file
      lineinfile:
        path: /etc/hosts
        regexp: "^{{ item.key }}"
        line: "{{ item.key }} {{ item.value }}"
        owner: root
        group: root
        mode: 0644
        state: present
      with_dict:
        10.31.127.10: "mail-server domain1"
        10.31.127.11: "client1"
        10.31.127.20: "parameters-mandatory-jessie64"
        10.31.127.21: "parameters-optional-jessie64"
        10.31.127.22: "parameters-no-incoming-jessie64"
        10.31.127.30: "parameters-mandatory-stretch64"
        10.31.127.31: "parameters-optional-stretch64"
        10.31.127.32: "parameters-no-incoming-stretch64"

- hosts: clients
  become: true
  tasks:

    - name: Install SWAKS for testing SMTP capability
      apt:
        name: swaks
        state: present

    - name: Install tool for testing TCP connectivity
      apt:
        name: hping3
        state: present

    - name: Deploy CA certificate
      copy:
        src: tests/data/x509/ca.cert.pem
        dest: /usr/local/share/ca-certificates/testca.crt
        owner: root
        group: root
        mode: 0644
      notify:
        - Update CA certificate cache

  handlers:

    - name: Update CA certificate cache
      command: /usr/sbin/update-ca-certificates --fresh

- hosts: mail-servers
  become: true
  tasks:

    - name: Deploy CA certificate
      copy:
        src: tests/data/x509/ca.cert.pem
        dest: /usr/local/share/ca-certificates/testca.crt
        owner: root
        group: root
        mode: 0644
      notify:
        - Update CA certificate cache

    - name: Deploy SMTP private key and certificate
      copy:
        src: "tests/data/x509/{{ item }}"
        dest: "/etc/ssl/{{ item }}"
        owner: root
        group: root
        mode: 0600
      with_items:
        - mail-server_smtp.cert.pem
        - mail-server_smtp.key.pem

    - name: Install Postfix
      apt:
        name: "postfix"
        state: present

    - name: Purge Exim configuration
      apt:
        name: "exim4*"
        state: absent
        purge: true

    - name: Deploy Postfix configuration
      copy:
        src: tests/data/main.cf
        dest: /etc/postfix/main.cf
        owner: root
        group: root
        mode: 0644
      notify:
        - Restart Postfix

    - name: Install tool for testing TCP connectivity
      apt:
        name: hping3
        state: present

    - name: Install SWAKS for testing SMTP capability
      apt:
        name: swaks
        state: present

    - name: Set-up port forwarding
      command: "iptables -t nat -A PREROUTING -p tcp -m tcp --dport 27 -j REDIRECT --to-ports 25"
      changed_when: false

  handlers:

    - name: Update CA certificate cache
      command: /usr/sbin/update-ca-certificates --fresh

    - name: Restart Postfix
      service:
        name: postfix
        state: restarted

- hosts: parameters-optional
  become: true
  tasks:

    - name: Create additional group for testing local aliases
      group:
        name: testuser

    - name: Create additional user for testing local aliases
      user:
        name: testuser
        group: testuser
This site is powered by Kallithea 0.7.0, which is © 2010–2024 by various authors & licensed under GPLv3.