diff options
| author | Micah Anderson <micah@leap.se> | 2014-04-02 12:38:28 -0400 | 
|---|---|---|
| committer | Micah Anderson <micah@leap.se> | 2014-04-02 13:08:17 -0400 | 
| commit | b12c315edef56515321306a692d0f2098f4e8ee0 (patch) | |
| tree | bd6b4bf8ccb25ddfc8243d28845864b80bf228c7 /puppet/modules | |
| parent | a2944e05355caaf39b5563001ea8f4fcabc18266 (diff) | |
Fix for satellite hosts that are unable to contact their relayhost
because the DNS lookup is either impossible (.local domain), or
incorrect (certain openstack/amazon/piston cloud configurations create
this setup when the relayhost is in the same cluster as the satellite).
Fixes #5225
Change-Id: Ifbc201678f2c0e97ee0e12bbf1c7f71d035d45c1
Diffstat (limited to 'puppet/modules')
| -rw-r--r-- | puppet/modules/site_postfix/manifests/satellite.pp | 24 | 
1 files changed, 24 insertions, 0 deletions
| diff --git a/puppet/modules/site_postfix/manifests/satellite.pp b/puppet/modules/site_postfix/manifests/satellite.pp index 7be51b22..f5d5c7b7 100644 --- a/puppet/modules/site_postfix/manifests/satellite.pp +++ b/puppet/modules/site_postfix/manifests/satellite.pp @@ -10,5 +10,29 @@ class site_postfix::satellite {      root_mail_recipient => $root_mail_recipient    } +  # There are special conditions for satellite hosts that will make them not be +  # able to contact their relayhost: +  # +  # 1. they are on openstack/amazon/PC and are on the same cluster as the relay +  # host, the MX lookup for the relay host will use the public IP, which cannot +  # be contacted +  # +  # 2. When a domain is used that is not in DNS, because it is internal, +  # a testing domain, etc. eg. a .local domain cannot be looked up in DNS +  # +  # to resolve this, so the satellite can contact the relayhost, we need to set +  # the http://www.postfix.org/postconf.5.html#smtp_host_lookup to be 'native' +  # which will cause the lookup to use the native naming service +  # (nsswitch.conf), which typically defaults to 'files, dns' allowing the +  # /etc/hosts to be consulted first, then DNS if the entry doesn't exist. +  # +  # NOTE: this will make it not possible to enable DANE support through DNSSEC +  # with http://www.postfix.org/postconf.5.html#smtp_dns_support_level - but +  # this parameter is not available until 2.11. If this ends up being important +  # we could also make this an optional parameter for providers without +  # dns / local domains + +  postfix::config { 'smtp_host_lookup': value => 'native'; } +    include site_postfix::mx::smtp_tls  } | 
