From 80172de8a301c3befa26ac25c5e858f070bb2040 Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 10 Oct 2013 18:09:32 +0200 Subject: provide global.provider.contacts.default on every node, no need to add in services/mx.json again --- provider_base/common.json | 1 + provider_base/services/mx.json | 3 --- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/provider_base/common.json b/provider_base/common.json index 2313bd8b..7ccb5005 100644 --- a/provider_base/common.json +++ b/provider_base/common.json @@ -3,6 +3,7 @@ "environment": null, "services": [], "tags": [], + "contacts": "= global.provider.contacts.default", "domain": { "full_suffix": "= global.provider.domain", "internal_suffix": "= global.provider.domain_internal", diff --git a/provider_base/services/mx.json b/provider_base/services/mx.json index f999dd23..7b0aa57b 100644 --- a/provider_base/services/mx.json +++ b/provider_base/services/mx.json @@ -1,7 +1,4 @@ { - "mx": { - "contact": "= global.provider.contacts.default" - }, "stunnel": { "couch_client": "= stunnel_client(nodes_like_me[:services => :couchdb], global.services[:couchdb].couch.port)" }, -- cgit v1.2.3 From b22a3524c99f9205c8078d5542718e3625e68244 Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 10 Oct 2013 18:14:24 +0200 Subject: fix site_postfix::mx::reserved_aliases class name and package array --- puppet/modules/site_postfix/manifests/mx/reserved_aliases.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/puppet/modules/site_postfix/manifests/mx/reserved_aliases.pp b/puppet/modules/site_postfix/manifests/mx/reserved_aliases.pp index 6df53355..aea66f78 100644 --- a/puppet/modules/site_postfix/manifests/mx/reserved_aliases.pp +++ b/puppet/modules/site_postfix/manifests/mx/reserved_aliases.pp @@ -1,11 +1,11 @@ -class site_postfix::reserved_aliases { +class site_postfix::mx::reserved_aliases { postfix::mailalias { [ 'postmaster', 'hostmaster', 'domainadmin', 'certmaster', 'ssladmin', 'arin-admin', 'administrator', 'webmaster', 'www-data', 'www', 'nobody', 'sys', 'postgresql', 'mysql', 'bin', 'cron', 'lp', 'games', 'maildrop', 'abuse', 'noc', 'security', 'usenet', 'news', 'uucp', - 'ftp': + 'ftp' ]: ensure => present, recipient => 'root' } -- cgit v1.2.3 From 2a291df14f20a3e3ac1eeebbaf50c79feb2012ed Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 10 Oct 2013 18:15:56 +0200 Subject: contacts is now a top-level hiera variable --- puppet/modules/site_postfix/manifests/mx.pp | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/puppet/modules/site_postfix/manifests/mx.pp b/puppet/modules/site_postfix/manifests/mx.pp index a043c277..08d57a24 100644 --- a/puppet/modules/site_postfix/manifests/mx.pp +++ b/puppet/modules/site_postfix/manifests/mx.pp @@ -3,10 +3,9 @@ class site_postfix::mx { $domain_hash = hiera ('domain') $domain = $domain_hash['full_suffix'] $host_domain = $domain_hash['full'] - $mx_hash = hiera('mx') $cert_name = hiera('name') - $root_mail_recipient = $mx_hash['contact'] + $root_mail_recipient = hiera ('contacts') $postfix_smtp_listen = 'all' include site_config::x509::cert -- cgit v1.2.3 From 1d080ba042d9ce55c4eaad6d35f7fffefccdbbca Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 10 Oct 2013 18:30:44 +0200 Subject: added mail.smarthost variable to hiera --- provider_base/common.json | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/provider_base/common.json b/provider_base/common.json index 7ccb5005..5be0dd70 100644 --- a/provider_base/common.json +++ b/provider_base/common.json @@ -36,5 +36,8 @@ }, "name": "common", "location": null, - "enabled": true + "enabled": true, + "mail": { + "smarthost": "= nodes_like_me[:services => :mx].exclude(self).field('domain.full')" + } } -- cgit v1.2.3 From 04e270616db7d486eeacb298aed173731c9a2fe2 Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 10 Oct 2013 18:49:36 +0200 Subject: deploy postfix satellites on all nodes (Bug #1683) --- puppet/modules/site_config/manifests/default.pp | 4 ++++ puppet/modules/site_postfix/manifests/satellite.pp | 11 +++++++++++ 2 files changed, 15 insertions(+) create mode 100644 puppet/modules/site_postfix/manifests/satellite.pp diff --git a/puppet/modules/site_config/manifests/default.pp b/puppet/modules/site_config/manifests/default.pp index d3bb241f..a645cb1a 100644 --- a/puppet/modules/site_config/manifests/default.pp +++ b/puppet/modules/site_config/manifests/default.pp @@ -71,4 +71,8 @@ class site_config::default { include site_squid_deb_proxy::client } + if $::services !~ /\bmx\b/ { + include site_postfix::satellite + } + } diff --git a/puppet/modules/site_postfix/manifests/satellite.pp b/puppet/modules/site_postfix/manifests/satellite.pp new file mode 100644 index 00000000..de20b667 --- /dev/null +++ b/puppet/modules/site_postfix/manifests/satellite.pp @@ -0,0 +1,11 @@ +class site_postfix::satellite { + + $root_mail_recipient = hiera ('contacts') + $mail = hiera ('mail') + $relayhost = $mail['smarthost'] + + class { '::postfix::satellite': + relayhost => $relayhost, + root_mail_recipient => $root_mail_recipient + } +} -- cgit v1.2.3 From 2a4ae58cc5e3f6e4a1e09ef6a9f15ade1e2c59fa Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 10 Oct 2013 18:53:13 +0200 Subject: move site_config::checks to site_config::mx::checks --- puppet/modules/site_postfix/manifests/checks.pp | 41 ---------------------- puppet/modules/site_postfix/manifests/mx.pp | 2 +- puppet/modules/site_postfix/manifests/mx/checks.pp | 41 ++++++++++++++++++++++ 3 files changed, 42 insertions(+), 42 deletions(-) delete mode 100644 puppet/modules/site_postfix/manifests/checks.pp create mode 100644 puppet/modules/site_postfix/manifests/mx/checks.pp diff --git a/puppet/modules/site_postfix/manifests/checks.pp b/puppet/modules/site_postfix/manifests/checks.pp deleted file mode 100644 index 31399d32..00000000 --- a/puppet/modules/site_postfix/manifests/checks.pp +++ /dev/null @@ -1,41 +0,0 @@ -class site_postfix::checks { - - file { - '/etc/postfix/checks': - ensure => directory, - mode => '0755', - owner => root, - group => postfix, - require => Package['postfix']; - - '/etc/postfix/checks/helo_checks': - content => template('site_postfix/checks/helo_access.erb'), - mode => '0644', - owner => root, - group => root; - } - - exec { - '/usr/sbin/postmap /etc/postfix/checks/helo_checks': - refreshonly => true, - subscribe => File['/etc/postfix/checks/helo_checks']; - } - - # Anonymize the user's home IP from the email headers (Feature #3866) - package { 'postfix-pcre': ensure => installed } - - file { '/etc/postfix/checks/received_anon': - source => 'puppet:///modules/site_postfix/checks/received_anon', - mode => '0644', - owner => root, - group => root, - notify => Service['postfix'] - } - - postfix::config { - 'header_checks': - value => 'pcre:/etc/postfix/checks/received_anon', - require => File['/etc/postfix/checks/received_anon']; - } - -} diff --git a/puppet/modules/site_postfix/manifests/mx.pp b/puppet/modules/site_postfix/manifests/mx.pp index 08d57a24..474ed03d 100644 --- a/puppet/modules/site_postfix/manifests/mx.pp +++ b/puppet/modules/site_postfix/manifests/mx.pp @@ -31,7 +31,7 @@ class site_postfix::mx { } include site_postfix::mx::smtpd_checks - include site_postfix::checks + include site_postfix::mx::checks include site_postfix::mx::tls include site_postfix::mx::reserved_aliases diff --git a/puppet/modules/site_postfix/manifests/mx/checks.pp b/puppet/modules/site_postfix/manifests/mx/checks.pp new file mode 100644 index 00000000..31399d32 --- /dev/null +++ b/puppet/modules/site_postfix/manifests/mx/checks.pp @@ -0,0 +1,41 @@ +class site_postfix::checks { + + file { + '/etc/postfix/checks': + ensure => directory, + mode => '0755', + owner => root, + group => postfix, + require => Package['postfix']; + + '/etc/postfix/checks/helo_checks': + content => template('site_postfix/checks/helo_access.erb'), + mode => '0644', + owner => root, + group => root; + } + + exec { + '/usr/sbin/postmap /etc/postfix/checks/helo_checks': + refreshonly => true, + subscribe => File['/etc/postfix/checks/helo_checks']; + } + + # Anonymize the user's home IP from the email headers (Feature #3866) + package { 'postfix-pcre': ensure => installed } + + file { '/etc/postfix/checks/received_anon': + source => 'puppet:///modules/site_postfix/checks/received_anon', + mode => '0644', + owner => root, + group => root, + notify => Service['postfix'] + } + + postfix::config { + 'header_checks': + value => 'pcre:/etc/postfix/checks/received_anon', + require => File['/etc/postfix/checks/received_anon']; + } + +} -- cgit v1.2.3