Rewriting playbook for multiserver purpose

Author: lucascbeyeler

.travis.yml

@@ -0,0 +1,35 @@
+---
+language: python
+python: "2.7"
+
+# Use the new container infrastructure
+sudo: true
+
+# This playbook need to run on Ubuntu 14.04 or later
+dist: trust
+
+# Install ansible
+addons:
+  apt:
+    packages:
+    - python-pip
+
+install:
+  # Install ansible
+  - pip install ansible
+
+  # Check ansible version
+  - ansible --version
+
+  # Create ansible.cfg with correct roles_path
+  - printf '[defaults]\nroles_path=../' >ansible.cfg
+
+  # Install ansible-commons
+  - ansible-galaxy install lucascbeyeler.baseline
+
+script:
+  # Basic role syntax check
+  - ansible-playbook tests/test.yml -i tests/inventory --syntax-check
+
+notifications:
+  webhooks: https://galaxy.ansible.com/api/v1/notifications/

LICENSE

@@ -0,0 +1,93 @@
+Ansible-Zimbra
+=========
+
+Ansible role to install and configure Zimbra Collaboration Open Source Edition in a monoserver environment
+
+[![Build Status](https://travis-ci.org/lucascbeyeler/ansible-zimbra.svg?branch=master)](https://travis-ci.org/lucascbeyeler/ansible-zimbra)
+[![Zimbra Version](https://img.shields.io/badge/Zimbra-8.7.11-blue.svg)](https://www.zimbra.com/downloads/zimbra-collaboration-open-source/)
+
+Requirements
+------------
+
+* [Ansible](https://github.com/ansible/ansible) 2.2.0 or superior. Less than this and you will have problems running Zimbra's Playbook. See ansible-modules-core Bug #4202
+
+* Configure de file /etc/ansible/ansible.cfg (create if don't exist) and set this options - not required if you using key and the ssh user is "root" already:
+```
+[defaults]
+host_key_checking=False
+stdout_callback=skippy
+
+[ssh_connection]
+pipelining=True
+```
+
+Install
+--------------
+ansible-zimbra is already in Ansible Galaxy, so the only thing you need to install this script in your machine is just use ansible-galaxy command:
+
+```
+ansible-galaxy install lucascbeyeler.ansible-zimbra
+```
+
+Update
+--------------
+When a new version of ansible-zimbra is released, you will need to run the install process again, but with the "-f" or "--force" parameter.
+
+```
+ansible-galaxy install -f lucascbeyeler.ansible-zimbra
+```
+
+Features
+--------------
+
+* Configuring SpamAssassin, Pyzor and Razor;
+* Configure a logo for your server - **WARNING**: [Read this article for more details about the logo](https://blog.zimbra.com/2015/09/change-login-app-logo-open-source-network-edition/);
+* Enable PolicyD service and web admin;
+* Proxy Admin;
+* HTTP to HTTPS redirect;
+* LMTP Host Lookup in Native mode;
+* Chat and ownCloud plugin;
+
+
+Role Variables
+--------------
+
+* **hostname:** set the hostname of your server **WITHOUT** the domain;
+* **domain:** set the domain for the server and the primary domain for your Zimbra server;
+* **zmpasswd:** set the password used for every single service in your Zimbra server, like the admin account and the LDAPServer - **WARNING:** do not put special characters in the password during the install;
+* **zmnetwork:** set the network the Zimbra server is;
+* **zmlogologin:** Inform the path for your logo (Login Screen) - don't inform and no image will be applied;
+* **zmlogoapp:** Inform the path for your logo (Application Screen) - don't inform and no image will be applied;
+* **timezone:** inform the timezone the playbook should set in your server;
+
+Dependencies
+------------
+
+To run this playbook, you will need to run [lucascbeyeler.commons](https://github.com/lucascbeyeler/ansible-commons) too. We do not cover any kind of server preparation, like upgrade the system or change the hostname (even put the hostname in /etc/hosts is made by commons). The motive is because all my playbooks will need some kind of preparation before executed, so to not including the same code in every single project, I made a different playbook that will do everything that is considered "common" in each one of my playbooks.
+
+Example Playbook
+----------------
+```
+    - hosts: zimbra
+      become: yes
+      become_method: sudo
+      roles:
+         - role: lucascbeyeler.ansible-zimbra
+           hostname: warudo
+           domain: hollowbastion.com
+           timezone: America/Sao_Paulo
+           zmpasswd: 123change
+           zmnetwork: 192.168.122.0/24
+           zmlogologin: /tmp/login.png
+           zmlogoapp: /tmp/app.png
+```
+
+License
+-------
+
+GNU GENERAL PUBLIC LICENSE
+
+Author Information
+------------------
+
+https://github.com/lucascbeyeler

README.md

@@ -0,0 +1,25 @@
+<?php
+
+# mysql:host=xx;dbname=yyy
+#
+# pgsql:host=xx;dbname=yyy
+#
+# sqlite:////full/unix/path/to/file.db?mode=0666
+#
+#$DB_DSN="sqlite:////tmp/cluebringer.sqlite";
+#$DB_DSN="mysql:host=localhost;dbname=cluebringer";
+$DB_DSN="sqlite:/opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb";
+$DB_USER="root";
+#$DB_PASS="";
+$DB_TABLE_PREFIX="";
+
+
+#
+# THE BELOW SECTION IS UNSUPPORTED AND MEANT FOR THE ORIGINAL SPONSOR OF V2
+#
+
+#$DB_POSTFIX_DSN="mysql:host=localhost;dbname=postfix";
+#$DB_POSTFIX_USER="root";
+#$DB_POSTFIX_PASS="";
+
+?>

files/config.php

@@ -0,0 +1,63 @@
+# Pyzor's Config - Change only if you know what are you doing
+use_pyzor 1
+pyzor_path /usr/bin/pyzor
+pyzor_timeout 20
+
+# Razor's Config - Change only if you know what are you doing
+use_razor2 1
+
+#SpamAssassin's Scores - Change THIS file and not salocal.cf
+
+score ALL_TRUSTED -4.000
+score DATE_IN_PAST_12_24 2.000
+score DCC_CHECK 2.500
+score DNS_FROM_AHBL_RHSBL 0
+score FORGED_OUTLOOK_HTML 1.500
+score HEADER_FROM_DIFFERENT_DOMAINS 2.000
+score HTML_FONT_LOW_CONTRAST 2.000
+score HTML_IMAGE_RATIO_02 2.000
+score HTML_IMAGE_RATIO_04 1.700
+score HTML_IMAGE_RATIO_06 1.400
+score HTML_IMAGE_RATIO_08 0.500
+score HTML_MESSAGE 0.400
+score HTML_MIME_NO_HTML_TAG 1.000
+score MIME_HTML_ONLY 2.000
+score PYZOR_CHECK 3.250
+score RAZOR2_CHECK 3.250
+score RCVD_IN_BRBL_LASTEXT 3.500
+score RCVD_IN_PBL 0.905
+score RCVD_IN_RP_CERTIFIED -2.500
+score RCVD_IN_RP_SAFE -1.500
+score RDNS_NONE 0.000
+score REMOTE_IMAGE 2.500
+score SPAMCOP_BL 3.500
+score SPF_FAIL 10.000
+score SPF_HELO_FAIL 10.000
+score SPF_PASS -0.900
+score SUBJ_ALL_CAPS 2.000
+score SUBJ_ILLEGAL_CHARS 2.500
+score T_AXB_XM_SENTBY 2.000
+score T_FSL_HELO_NON_FQDN_2 0.800
+score T_HEADER_FROM_DIFFERENT_DOMAINS 2.000
+score T_HTML_ATTACH 1.000
+score T_HTML_ATTACH 2.000
+score T_LONG_HEADER_LINE_80 0.500
+score T_NOT_A_PERSON 0.500
+score T_OBFU_HTML_ATTACH 1.000
+score T_REMOTE_IMAGE 2.500
+score UPPERCASE_50_75 0.700
+score URIBL_BLACK 4.250
+score URIBL_DBL_REDIR 1.500
+score URIBL_DBL_SPAM 5.000
+score URIBL_JP_SURB 5.000
+score URIBL_JP_SURBL 5.000
+score URIBL_WS_SURBL 5.000
+score SUBJ_ALL_CAPS 1.000
+score LOTS_OF_MONEY 0.700
+score T_HK_MUCHMONEY 0.700
+score T_KHOP_FOREIGN_CLICK 0.700
+score T_SHORTENED_URL_HREF 0.400
+score T_URL_SHORTENER 0.400
+score BAD_ENC_HEADER 0.400
+score T_UNKNOWN_ORIGIN 0.700
+score RP_MATCHES_RCVD -0.000

files/sauser.cf

@@ -0,0 +1,21 @@
+galaxy_info:
+  author: Lucas Costa Beyeler
+  description: Ansible role to install and configure Zimbra Collaboration Open Source Edition
+  company: Beyeler
+  license: GPLv3
+  min_ansible_version: 2.3
+  github_branch: master
+  platforms:
+  - name: Ubuntu
+    versions:
+    - trusty
+    - xenial
+  - name: EL
+    versions:
+    - 6
+    - 7
+  galaxy_tags:
+    - zimbra
+    - community
+dependencies:
+  - { role: lucascbeyeler.baseline }

meta/main.yml

@@ -1,29 +1,4 @@
 ---
-#
-# Configuring Zimbra OSE
-################################################################################
-- name: Configuring Zimbra OSE's services for use
-  command: ./zmsetup.pl -c /tmp/zcs/installZimbraScript
-  args:
-    chdir: /opt/zimbra/libexec/
-
-- name: Setting LMTP Host Lookup from DNS to Native
-  command: ./zmprov mcf zimbraMtaLmtpHostLookup native
-  args:
-    chdir: /opt/zimbra/bin/
-
-- name: Enabling Zimbra's admin tthrough Proxy Server
-  command: ./zmproxyconfig -e -w -C -H {{ hostname }}.{{ domain }}
-  args:
-    chdir: /opt/zimbra/libexec/
-  become: yes
-  become_user: zimbra
-
-- name: Enabling HTTP to HTTPS redirect
-  command: ./zmprov ms {{ hostname }}.{{ domain }} zimbraReverseProxyMailMode redirect
-  args:
-    chdir: /opt/zimbra/bin/
-
 #
 # Configuring SpamAssassin
 ################################################################################

tasks/configure.yml

@@ -0,0 +1,8 @@
+---
+#
+# Configuring Zimbra OSE
+################################################################################
+- name: Configuring Zimbra OSE's services for use
+  command: ./zmsetup.pl -c /tmp/zcs/installZimbraScript
+  args:
+    chdir: /opt/zimbra/libexec/

tasks/configure/all.yml

@@ -0,0 +1,15 @@
+---
+#
+# Configuring Zimbra OSE
+################################################################################
+- name: Enabling Zimbra's admin through Proxy Server
+  command: ./zmproxyconfig -e -w -C -H {{ hostname }}.{{ domain }}
+  args:
+    chdir: /opt/zimbra/libexec/
+  become: yes
+  become_user: zimbra
+
+- name: Enabling HTTP to HTTPS redirect
+  command: ./zmprov ms {{ hostname }}.{{ domain }} zimbraReverseProxyMailMode redirect
+  args:
+    chdir: /opt/zimbra/bin/

tasks/configure/mailbox.yml

@@ -0,0 +1,8 @@
+---
+#
+# Configuring Zimbra OSE
+################################################################################
+- name: Setting LMTP Host Lookup from DNS to Native
+  command: ./zmprov mcf zimbraMtaLmtpHostLookup native
+  args:
+    chdir: /opt/zimbra/bin/