diff options
| author | intrigeri <intrigeri@boum.org> | 2017-01-21 12:05:27 +0000 |
|---|---|---|
| committer | intrigeri <intrigeri@boum.org> | 2017-01-21 12:05:27 +0000 |
| commit | 4fa3f543ed36029f4500c44217bbcf96d744c5f6 (patch) | |
| tree | a252ba35215eb743de5445d50ee8e05ca47d986c | |
| parent | 59fc59053a92c7a32cc3f2d4da62280569902ce2 (diff) | |
| parent | 969076a813b88dafd222c413bf6fbabab837eafb (diff) | |
Merge remote-tracking branch 'shared/master' into bugfix/gitlab-3-resync-sid-template
| -rw-r--r-- | README.md (renamed from README) | 15 | ||||
| -rw-r--r-- | manifests/init.pp | 144 | ||||
| -rw-r--r-- | templates/master.cf.debian-7.erb | 26 | ||||
| -rw-r--r-- | templates/master.cf.debian-8.erb | 22 | ||||
| -rw-r--r-- | templates/master.cf.debian-sid.erb | 22 |
5 files changed, 124 insertions, 105 deletions
@@ -1,4 +1,5 @@ -= Postfix Puppet module +Postfix Puppet module +===================== This module will help install and configure postfix. @@ -11,9 +12,19 @@ This module needs: !! Upgrade Notice (01/2013) !! This module now uses parameterized classes, where it used global variables -before. So please whatch out before pulling, you need to change the +before. So please whatch out before pulling, you need to change the class declarations in your manifest ! +Issues +------ + +- Debian wheezy hosts (or below): If you get this error msg: + + "Could not find template 'postfix/master.cf.debian-.erb' at /ssrv/leap/puppet/modules/postfix/manifests/init.pp:158 on node rew07plain1.rewire.org" + + you need to use the facter package from wheezy-backports instead of the wheezy one. See https://gitlab.com/shared-puppet-modules-group/postfix/merge_requests/6#note_1892207 for more details. + + Deprecation notice ------------------ diff --git a/manifests/init.pp b/manifests/init.pp index f454be9..d298183 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -34,40 +34,58 @@ # } # class postfix( - $smtp_listen = "127.0.0.1", - $root_mail_recipient = "nobody", - $anon_sasl = "no", - $manage_header_checks = "no", - $manage_tls_policy = "no", - $manage_transport_regexp = "no", - $manage_virtual_regexp = "no", + $smtp_listen = '127.0.0.1', + $root_mail_recipient = 'nobody', + $anon_sasl = 'no', + $manage_header_checks = 'no', + $manage_tls_policy = 'no', + $manage_transport_regexp = 'no', + $manage_virtual_regexp = 'no', $tls_fingerprint_digest = 'sha1', - $use_amavisd = "no", - $use_dovecot_lda = "no", - $use_schleuder = "no", - $use_sympa = "no", - $use_firma = "no", - $use_mlmmj = "no", - $use_submission = "no", - $use_smtps = "no", - $mastercf_tail = "", + $use_amavisd = 'no', + $use_dovecot_lda = 'no', + $use_schleuder = 'no', + $use_sympa = 'no', + $use_firma = 'no', + $use_mlmmj = 'no', + $use_submission = 'no', + $use_smtps = 'no', + $mastercf_tail = '', $inet_interfaces = 'all', - $myorigin = $::fqdn + $myorigin = $::fqdn, + $default_alias_maps = true ) { - # selinux labels differ from one distribution to another case $::operatingsystem { - RedHat, CentOS: { + 'RedHat', 'CentOS': { + $master_cf_template = 'postfix/master.cf.redhat5.erb' + + # selinux labels differ from one distribution to another case $::operatingsystemmajrelease { - "4": { $postfix_seltype = "etc_t" } - "5": { $postfix_seltype = "postfix_etc_t" } + '4': { $postfix_seltype = 'etc_t' } + '5': { $postfix_seltype = 'postfix_etc_t' } default: { $postfix_seltype = undef } } + + postfix::config { + 'sendmail_path': value => '/usr/sbin/sendmail.postfix'; + 'newaliases_path': value => '/usr/bin/newaliases.postfix'; + 'mailq_path': value => '/usr/bin/mailq.postfix'; + } + } + + 'Debian': { + $master_cf_template = "postfix/master.cf.debian-${::operatingsystemmajrelease}.erb" + } + + 'Ubuntu': { + $master_cf_template = 'postfix/master.cf.debian-sid.erb' } default: { - $postfix_seltype = undef + $postfix_seltype = undef + $master_cf_template = undef } } @@ -80,7 +98,8 @@ class postfix( if $anon_sasl == 'yes' { include postfix::anonsasl } - if $header_checks == 'yes' { + # this global variable needs to get parameterized as well + if $::header_checks == 'yes' { include postfix::header_checks } if $manage_tls_policy == 'yes' { @@ -98,7 +117,7 @@ class postfix( include postfix::virtual_regexp } - package { ["postfix", "mailx"]: + package { ['postfix', 'mailx']: ensure => installed } @@ -106,82 +125,71 @@ class postfix( Package[mailx] { name => 'bsd-mailx' } } - service { "postfix": + service { 'postfix': ensure => running, - require => Package["postfix"], + require => Package['postfix'], } - file { "/etc/mailname": + file { '/etc/mailname': ensure => present, - content => "${fqdn}\n", + content => "${::fqdn}\n", seltype => $postfix_seltype, } # Aliases - file { "/etc/aliases": - ensure => present, + file { '/etc/aliases': + ensure => present, content => "# file managed by puppet\n", replace => false, seltype => $postfix_seltype, - notify => Exec["newaliases"], + notify => Exec['newaliases'], } # Aliases - exec { "newaliases": - command => "/usr/bin/newaliases", + exec { 'newaliases': + command => '/usr/bin/newaliases', refreshonly => true, - require => Package["postfix"], - subscribe => File["/etc/aliases"], + require => Package['postfix'], + subscribe => File['/etc/aliases'], } # Config files - file { "/etc/postfix/master.cf": + file { '/etc/postfix/master.cf': ensure => present, - owner => "root", - group => "root", - mode => "0644", - content => $::operatingsystem ? { - Redhat => template("postfix/master.cf.redhat5.erb"), - CentOS => template("postfix/master.cf.redhat5.erb"), - Debian => template("postfix/master.cf.debian-${::operatingsystemmajrelease}.erb"), - Ubuntu => template("postfix/master.cf.debian-etch.erb"), - }, + owner => 'root', + group => 'root', + mode => '0644', + content => template($master_cf_template), seltype => $postfix_seltype, - notify => Service["postfix"], - require => Package["postfix"], + notify => Service['postfix'], + require => Package['postfix'], } # Config files - file { "/etc/postfix/main.cf": + file { '/etc/postfix/main.cf': ensure => present, - owner => "root", - group => "root", - mode => "0644", - source => "puppet:///modules/postfix/main.cf", + owner => 'root', + group => 'root', + mode => '0644', + source => 'puppet:///modules/postfix/main.cf', replace => false, seltype => $postfix_seltype, - notify => Service["postfix"], - require => Package["postfix"], + notify => Service['postfix'], + require => Package['postfix'], } # Default configuration parameters - postfix::config { - "myorigin": value => "${myorigin}"; - "alias_maps": value => "hash:/etc/aliases"; - "inet_interfaces": value => "${inet_interfaces}"; - } - - case $::operatingsystem { - RedHat, CentOS: { - postfix::config { - "sendmail_path": value => "/usr/sbin/sendmail.postfix"; - "newaliases_path": value => "/usr/bin/newaliases.postfix"; - "mailq_path": value => "/usr/bin/mailq.postfix"; - } + if $default_alias_maps { + postfix::config { + 'alias_maps': value => 'hash:/etc/aliases'; } } + postfix::config { + 'myorigin': value => $myorigin; + 'inet_interfaces': value => $inet_interfaces; + } - postfix::mailalias {"root": + postfix::mailalias {'root': recipient => $root_mail_recipient, } } diff --git a/templates/master.cf.debian-7.erb b/templates/master.cf.debian-7.erb index cc4bbf0..7b653fb 100644 --- a/templates/master.cf.debian-7.erb +++ b/templates/master.cf.debian-7.erb @@ -8,25 +8,25 @@ # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (100) # ========================================================================== -<% if smtp_listen == 'all' %>smtp inet n - - - - smtpd -<% else %><%= smtp_listen %>:smtp inet n - - - - smtpd<% end %> +<% if @smtp_listen == 'all' %>smtp inet n - - - - smtpd +<% else %><%= @smtp_listen %>:smtp inet n - - - - smtpd<% end %> #smtp inet n - - - 1 postscreen #smtpd pass - - - - - smtpd #dnsblog unix - - - - 0 dnsblog #tlsproxy unix - - - - 0 tlsproxy -<% if use_submission == 'yes' %>submission inet n - - - - smtpd +<% if @use_submission == 'yes' %>submission inet n - - - - smtpd -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o milter_macro_daemon_name=ORIGINATING <% end %> -<% if use_smtps == 'yes' %>smtps inet n - - - - smtpd +<% if @use_smtps == 'yes' %>smtps inet n - - - - smtpd -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o milter_macro_daemon_name=ORIGINATING <% end %> -#628 inet n - - - - qmqpd +#628 inet n - - - - qmqpd pickup fifo n - - 60 1 pickup cleanup unix n - - - 0 cleanup qmgr fifo n - n 300 1 qmgr @@ -114,7 +114,7 @@ mailman unix - n n - - pipe flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${user} -<% if use_amavisd == 'yes' %> +<% if @use_amavisd == 'yes' %> amavis unix - - - - 2 smtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes @@ -133,25 +133,25 @@ amavis unix - - - - 2 smtp -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks -o smtpd_bind_address=127.0.0.1 <% end %> -<% if use_dovecot_lda == 'yes' %> +<% if @use_dovecot_lda == 'yes' %> dovecot unix - n n - - pipe - flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user}@${nexthop} -n -m ${extension} + flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user}@${nexthop} -n -m ${extension} <% end %> -<% if use_schleuder == 'yes' %> +<% if @use_schleuder == 'yes' %> schleuder unix - n n - - pipe flags=DRhu user=schleuder argv=/usr/bin/schleuder ${user} <% end %> -<% if use_sympa == 'yes' %> +<% if @use_sympa == 'yes' %> sympa unix - n n - - pipe flags=R user=sympa argv=/usr/lib/sympa/bin/queue ${recipient} sympabounce unix - n n - - pipe flags=R user=sympa argv=/usr/lib/sympa/bin/bouncequeue ${user} <% end %> -<% if use_mlmmj == 'yes' %> +<% if @use_mlmmj == 'yes' %> mlmmj unix - n n - - pipe flags=DORhu user=mlmmj argv=/usr/bin/mlmmj-recieve -F -L /var/spool/mlmmj/$nexthop/ <%- end -%> -<%- unless mastercf_tail.to_s.empty? then -%> -<%= mastercf_tail %> +<%- unless @mastercf_tail.to_s.empty? then -%> +<%= @mastercf_tail %> <%- end -%> diff --git a/templates/master.cf.debian-8.erb b/templates/master.cf.debian-8.erb index a4c39b7..7b653fb 100644 --- a/templates/master.cf.debian-8.erb +++ b/templates/master.cf.debian-8.erb @@ -8,19 +8,19 @@ # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (100) # ========================================================================== -<% if smtp_listen == 'all' %>smtp inet n - - - - smtpd -<% else %><%= smtp_listen %>:smtp inet n - - - - smtpd<% end %> +<% if @smtp_listen == 'all' %>smtp inet n - - - - smtpd +<% else %><%= @smtp_listen %>:smtp inet n - - - - smtpd<% end %> #smtp inet n - - - 1 postscreen #smtpd pass - - - - - smtpd #dnsblog unix - - - - 0 dnsblog #tlsproxy unix - - - - 0 tlsproxy -<% if use_submission == 'yes' %>submission inet n - - - - smtpd +<% if @use_submission == 'yes' %>submission inet n - - - - smtpd -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o milter_macro_daemon_name=ORIGINATING <% end %> -<% if use_smtps == 'yes' %>smtps inet n - - - - smtpd +<% if @use_smtps == 'yes' %>smtps inet n - - - - smtpd -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject @@ -114,7 +114,7 @@ mailman unix - n n - - pipe flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${user} -<% if use_amavisd == 'yes' %> +<% if @use_amavisd == 'yes' %> amavis unix - - - - 2 smtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes @@ -133,25 +133,25 @@ amavis unix - - - - 2 smtp -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks -o smtpd_bind_address=127.0.0.1 <% end %> -<% if use_dovecot_lda == 'yes' %> +<% if @use_dovecot_lda == 'yes' %> dovecot unix - n n - - pipe flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user}@${nexthop} -n -m ${extension} <% end %> -<% if use_schleuder == 'yes' %> +<% if @use_schleuder == 'yes' %> schleuder unix - n n - - pipe flags=DRhu user=schleuder argv=/usr/bin/schleuder ${user} <% end %> -<% if use_sympa == 'yes' %> +<% if @use_sympa == 'yes' %> sympa unix - n n - - pipe flags=R user=sympa argv=/usr/lib/sympa/bin/queue ${recipient} sympabounce unix - n n - - pipe flags=R user=sympa argv=/usr/lib/sympa/bin/bouncequeue ${user} <% end %> -<% if use_mlmmj == 'yes' %> +<% if @use_mlmmj == 'yes' %> mlmmj unix - n n - - pipe flags=DORhu user=mlmmj argv=/usr/bin/mlmmj-recieve -F -L /var/spool/mlmmj/$nexthop/ <%- end -%> -<%- unless mastercf_tail.to_s.empty? then -%> -<%= mastercf_tail %> +<%- unless @mastercf_tail.to_s.empty? then -%> +<%= @mastercf_tail %> <%- end -%> diff --git a/templates/master.cf.debian-sid.erb b/templates/master.cf.debian-sid.erb index 943581d..397c089 100644 --- a/templates/master.cf.debian-sid.erb +++ b/templates/master.cf.debian-sid.erb @@ -9,13 +9,13 @@ # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (100) # ========================================================================== -<% if smtp_listen == 'all' %>smtp inet n - - - - smtpd -<% else %><%= smtp_listen %>:smtp inet n - - - - smtpd<% end %> +<% if @smtp_listen == 'all' %>smtp inet n - - - - smtpd +<% else %><%= @smtp_listen %>:smtp inet n - - - - smtpd<% end %> #smtp inet n - - - 1 postscreen #smtpd pass - - - - - smtpd #dnsblog unix - - - - 0 dnsblog #tlsproxy unix - - - - 0 tlsproxy -<% if use_submission == 'yes' %>submission inet n - - - - smtpd +<% if @use_submission == 'yes' %>submission inet n - - - - smtpd -o syslog_name=postfix/submission -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes @@ -27,7 +27,7 @@ -o smtpd_relay_restrictions=permit_sasl_authenticated,reject -o milter_macro_daemon_name=ORIGINATING <% end %> -<% if use_smtps == 'yes' %>smtps inet n - - - - smtpd +<% if @use_smtps == 'yes' %>smtps inet n - - - - smtpd -o syslog_name=postfix/smtps -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes @@ -127,7 +127,7 @@ mailman unix - n n - - pipe flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${user} -<% if use_amavisd == 'yes' %> +<% if @use_amavisd == 'yes' %> amavis unix - - - - 2 smtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes @@ -146,25 +146,25 @@ amavis unix - - - - 2 smtp -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks -o smtpd_bind_address=127.0.0.1 <% end %> -<% if use_dovecot_lda == 'yes' %> +<% if @use_dovecot_lda == 'yes' %> dovecot unix - n n - - pipe flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user}@${nexthop} -n -m ${extension} <% end %> -<% if use_schleuder == 'yes' %> +<% if @use_schleuder == 'yes' %> schleuder unix - n n - - pipe flags=DRhu user=schleuder argv=/usr/bin/schleuder ${user} <% end %> -<% if use_sympa == 'yes' %> +<% if @use_sympa == 'yes' %> sympa unix - n n - - pipe flags=R user=sympa argv=/usr/lib/sympa/bin/queue ${recipient} sympabounce unix - n n - - pipe flags=R user=sympa argv=/usr/lib/sympa/bin/bouncequeue ${user} <% end %> -<% if use_mlmmj == 'yes' %> +<% if @use_mlmmj == 'yes' %> mlmmj unix - n n - - pipe flags=DORhu user=mlmmj argv=/usr/bin/mlmmj-recieve -F -L /var/spool/mlmmj/$nexthop/ <%- end -%> -<%- unless mastercf_tail.to_s.empty? then -%> -<%= mastercf_tail %> +<%- unless @mastercf_tail.to_s.empty? then -%> +<%= @mastercf_tail %> <%- end -%> |