--- - name: Set-up fixtures hosts: localhost connection: local gather_facts: false tasks: - name: Initialise CA hierarchy command: "gimmecert init" args: creates: ".gimmecert/ca/level1.cert.pem" chdir: "tests/data/" - name: Generate server private keys and certificates command: args: chdir: "tests/data/" creates: ".gimmecert/server/{{ item.name }}.cert.pem" argv: - "gimmecert" - "server" - "{{ item.name }}" - "{{ item.fqdn }}" with_items: - name: mail-server_smtp fqdn: mail-server - name: Set-up link to generated X.509 material file: src: ".gimmecert" dest: "tests/data/x509" state: link - name: Prepare hosts: all gather_facts: false tasks: - name: Install python for Ansible raw: test -e /usr/bin/python3 || (apt -y update && apt install -y python3-minimal) become: true changed_when: false - hosts: all become: true tasks: - name: Update all caches to avoid errors due to missing remote archives apt: update_cache: true changed_when: false - hosts: all become: true tasks: - name: Set-up the hosts file lineinfile: path: /etc/hosts regexp: "^{{ item.key }}" line: "{{ item.key }} {{ item.value }}" owner: root group: root mode: 0644 state: present with_dict: 10.31.127.10: "mail-server domain1" 10.31.127.11: "client1" 10.31.127.30: "parameters-mandatory-stretch64" 10.31.127.31: "parameters-optional-stretch64" 10.31.127.32: "parameters-no-incoming-stretch64" 10.31.127.20: "parameters-mandatory-buster64" 10.31.127.21: "parameters-optional-buster64" 10.31.127.22: "parameters-no-incoming-buster64" - name: Install tools for testing apt: name: gnutls-bin state: present - hosts: clients become: true tasks: - name: Install SWAKS for testing SMTP capability apt: name: swaks state: present - name: Install tool for testing TCP connectivity apt: name: hping3 state: present - name: Deploy CA certificate copy: src: tests/data/x509/ca/level1.cert.pem dest: /usr/local/share/ca-certificates/testca.crt owner: root group: root mode: 0644 notify: - Update CA certificate cache handlers: - name: Update CA certificate cache command: /usr/sbin/update-ca-certificates --fresh - hosts: mail-servers become: true tasks: - name: Deploy CA certificate copy: src: tests/data/x509/ca/level1.cert.pem dest: /usr/local/share/ca-certificates/testca.crt owner: root group: root mode: 0644 notify: - Update CA certificate cache - name: Deploy SMTP private key and certificate copy: src: "tests/data/x509/server/{{ item }}" dest: "/etc/ssl/{{ item }}" owner: root group: root mode: 0600 with_items: - mail-server_smtp.cert.pem - mail-server_smtp.key.pem - name: Install Postfix apt: name: "postfix" state: present - name: Purge Exim configuration apt: name: "exim4*" state: absent purge: true - name: Deploy Postfix configuration copy: src: tests/data/main.cf dest: /etc/postfix/main.cf owner: root group: root mode: 0644 notify: - Restart Postfix - name: Install tool for testing TCP connectivity apt: name: hping3 state: present - name: Install SWAKS for testing SMTP capability apt: name: swaks state: present - name: Set-up port forwarding command: "iptables -t nat -A PREROUTING -p tcp -m tcp --dport 27 -j REDIRECT --to-ports 25" changed_when: false handlers: - name: Update CA certificate cache command: /usr/sbin/update-ca-certificates --fresh - name: Restart Postfix service: name: postfix state: restarted - hosts: parameters-optional become: true tasks: - name: Create additional group for testing local aliases group: name: testuser - name: Create additional user for testing local aliases user: name: testuser group: testuser