--- - name: Prepare hosts: all gather_facts: False tasks: - name: Install python for Ansible raw: test -e /usr/bin/python || (apt -y update && apt install -y python-minimal) become: True changed_when: False - hosts: all become: yes tasks: - name: Update all caches to avoid errors due to missing remote archives apt: update_cache: yes changed_when: False - hosts: all become: yes tasks: - name: Set-up the hosts file lineinfile: path: /etc/hosts regexp: "^{{ item.key }}" line: "{{ item.key }} {{ item.value }}" owner: root group: root mode: 0644 state: present with_dict: 10.31.127.10: "ldap-server backup-server" 10.31.127.20: "client1" 10.31.127.21: "client2" 10.31.127.30: "parameters-mandatory parameters-mandatory-jessie64" 10.31.127.31: "parameters-optional parameters-optional-jessie64" - hosts: client become: yes tasks: - name: Install SWAKS for testing SMTP capability apt: name: swaks state: installed - name: Install pip apt: name: python-pip state: installed - name: Install IMAP CLI tool pip: name: Imap-CLI==0.6 state: present - name: Install tool for testing SIEVE apt: name: sieve-connect state: installed - name: Install tool for testing TCP connectivity apt: name: hping3 state: installed - name: Deploy IMAP CLI configuration copy: src: "tests/data/{{ item }}" dest: "/home/vagrant/{{ item }}" owner: vagrant group: vagrant mode: 0600 with_items: - imapcli-parameters-mandatory-john_doe.conf - imapcli-parameters-mandatory-jane_doe.conf - imapcli-parameters-optional-john_doe.conf - imapcli-parameters-optional-jane_doe.conf - name: Deploy CA certificate copy: src: tests/data/x509/ca.cert.pem dest: /usr/local/share/ca-certificates/testca.crt owner: root group: root mode: 0644 notify: - Update CA certificate cache handlers: - name: Update CA certificate cache command: /usr/sbin/update-ca-certificates --fresh - hosts: ldap-server become: yes roles: - role: ldap_server ldap_admin_password: admin ldap_entries: # Users - dn: uid=john,ou=people,dc=local attributes: objectClass: - inetOrgPerson - simpleSecurityObject userPassword: johnpassword uid: john cn: John Doe sn: Doe mail: john.doe@domain1 - dn: uid=jane,ou=people,dc=local attributes: objectClass: - inetOrgPerson - simpleSecurityObject userPassword: janepassword uid: jane cn: Jane Doe sn: Doe mail: jane.doe@domain2 - dn: uid=nomail,ou=people,dc=local attributes: objectClass: - inetOrgPerson - simpleSecurityObject userPassword: nomailpassword uid: nomail cn: No Mail sn: Mail mail: nomail@domain1 # Groups - dn: "cn=mail,ou=groups,dc=local" state: append attributes: uniqueMember: - uid=john,ou=people,dc=local - uid=jane,ou=people,dc=local # Domains - dn: dc=domain1,ou=domains,ou=mail,ou=services,dc=local attributes: objectClass: dNSDomain dc: domain1 - dn: dc=domain2,ou=domains,ou=mail,ou=services,dc=local attributes: objectClass: dNSDomain dc: domain2 # Aliases - dn: cn=postmaster@domain1,ou=aliases,ou=mail,ou=services,dc=local attributes: objectClass: nisMailAlias cn: postmaster@domain1 rfc822MailMember: john.doe@domain1 - dn: cn=webmaster@domain2,ou=aliases,ou=mail,ou=services,dc=local attributes: objectClass: nisMailAlias cn: webmaster@domain2 rfc822MailMember: jane.doe@domain2 ldap_server_consumers: - name: postfix password: postfixpassword - name: dovecot password: dovecotpassword state: present ldap_server_domain: "local" ldap_server_groups: - name: mail ldap_server_organization: "Example" ldap_server_tls_certificate: "{{ lookup('file', 'tests/data/x509/ldap-server_ldap.cert.pem') }}" ldap_server_tls_key: "{{ lookup('file', 'tests/data/x509/ldap-server_ldap.key.pem') }}" # common ca_certificates: testca: "{{ lookup('file', 'tests/data/x509/ca.cert.pem') }}" # ldap_client ldap_client_config: - comment: CA truststore option: TLS_CACERT value: /etc/ssl/certs/testca.cert.pem - comment: Ensure TLS is enforced option: TLS_REQCERT value: demand - comment: Base DN option: BASE value: dc=local - comment: URI option: URI value: ldapi:/// - role: backup_server backup_host_ssh_private_keys: dsa: "{{ lookup('file', 'tests/data/ssh/server_dsa') }}" rsa: "{{ lookup('file', 'tests/data/ssh/server_rsa') }}" ed25519: "{{ lookup('file', 'tests/data/ssh/server_ed25519') }}" ecdsa: "{{ lookup('file', 'tests/data/ssh/server_ecdsa') }}" backup_clients: - server: parameters-optional-j64 ip: 10.31.127.31 public_key: "{{ lookup('file', 'tests/data/ssh/parameters-optional.pub') }}"