From 77578b93bd98bf0bf9cf69e4fa8da75dcf9c236d Mon Sep 17 00:00:00 2001 From: mh Date: Thu, 16 Feb 2012 16:51:56 +0100 Subject: put classes and defines in the proper place To take advantage of puppet's autoloading feature, which will be mandatory sooner or later. We move all the files in their appropriate place. --- manifests/amavis.pp | 5 + manifests/anonsasl.pp | 18 +++ manifests/classes/postfix-amavis.pp | 5 - manifests/classes/postfix-anonsasl.pp | 18 --- manifests/classes/postfix-header_checks.pp | 57 -------- manifests/classes/postfix-mailman.pp | 36 ----- manifests/classes/postfix-mta.pp | 61 --------- manifests/classes/postfix-satellite.pp | 38 ------ manifests/classes/postfix-tlspolicy.pp | 71 ---------- manifests/classes/postfix.pp | 178 ------------------------ manifests/config.pp | 49 +++++++ manifests/definitions/config.pp | 49 ------- manifests/definitions/hash.pp | 87 ------------ manifests/definitions/header_checks_snippet.pp | 67 --------- manifests/definitions/mailalias.pp | 32 ----- manifests/definitions/tlspolicy_snippet.pp | 47 ------- manifests/definitions/transport.pp | 44 ------ manifests/definitions/virtual.pp | 44 ------ manifests/hash.pp | 87 ++++++++++++ manifests/header_checks.pp | 57 ++++++++ manifests/header_checks_snippet.pp | 67 +++++++++ manifests/init.pp | 180 ++++++++++++++++++++++++- manifests/mailalias.pp | 32 +++++ manifests/mailman.pp | 36 +++++ manifests/mta.pp | 61 +++++++++ manifests/satellite.pp | 38 ++++++ manifests/tlspolicy.pp | 71 ++++++++++ manifests/tlspolicy_snippet.pp | 47 +++++++ manifests/transport.pp | 44 ++++++ manifests/virtual.pp | 44 ++++++ 30 files changed, 834 insertions(+), 836 deletions(-) create mode 100644 manifests/amavis.pp create mode 100644 manifests/anonsasl.pp delete mode 100644 manifests/classes/postfix-amavis.pp delete mode 100644 manifests/classes/postfix-anonsasl.pp delete mode 100644 manifests/classes/postfix-header_checks.pp delete mode 100644 manifests/classes/postfix-mailman.pp delete mode 100644 manifests/classes/postfix-mta.pp delete mode 100644 manifests/classes/postfix-satellite.pp delete mode 100644 manifests/classes/postfix-tlspolicy.pp delete mode 100644 manifests/classes/postfix.pp create mode 100644 manifests/config.pp delete mode 100644 manifests/definitions/config.pp delete mode 100644 manifests/definitions/hash.pp delete mode 100644 manifests/definitions/header_checks_snippet.pp delete mode 100644 manifests/definitions/mailalias.pp delete mode 100644 manifests/definitions/tlspolicy_snippet.pp delete mode 100644 manifests/definitions/transport.pp delete mode 100644 manifests/definitions/virtual.pp create mode 100644 manifests/hash.pp create mode 100644 manifests/header_checks.pp create mode 100644 manifests/header_checks_snippet.pp create mode 100644 manifests/mailalias.pp create mode 100644 manifests/mailman.pp create mode 100644 manifests/mta.pp create mode 100644 manifests/satellite.pp create mode 100644 manifests/tlspolicy.pp create mode 100644 manifests/tlspolicy_snippet.pp create mode 100644 manifests/transport.pp create mode 100644 manifests/virtual.pp diff --git a/manifests/amavis.pp b/manifests/amavis.pp new file mode 100644 index 0000000..b663923 --- /dev/null +++ b/manifests/amavis.pp @@ -0,0 +1,5 @@ +class postfix::amavis { + postfix::config { + "content_filter": value => "amavis:[127.0.0.1]:10024"; + } +} diff --git a/manifests/anonsasl.pp b/manifests/anonsasl.pp new file mode 100644 index 0000000..ca97f19 --- /dev/null +++ b/manifests/anonsasl.pp @@ -0,0 +1,18 @@ +class postfix::anonsasl { + + include postfix::header_checks + + postfix::config { + 'smtpd_sasl_authenticated_header': + value => 'yes'; + } + + postfix::header_checks_snippet { + 'anonsasl': + content => template("postfix/anonsasl_header_checks.erb"), + require => [ + Postfix::Config['smtpd_sasl_authenticated_header'], + ]; + } + +} diff --git a/manifests/classes/postfix-amavis.pp b/manifests/classes/postfix-amavis.pp deleted file mode 100644 index b663923..0000000 --- a/manifests/classes/postfix-amavis.pp +++ /dev/null @@ -1,5 +0,0 @@ -class postfix::amavis { - postfix::config { - "content_filter": value => "amavis:[127.0.0.1]:10024"; - } -} diff --git a/manifests/classes/postfix-anonsasl.pp b/manifests/classes/postfix-anonsasl.pp deleted file mode 100644 index ca97f19..0000000 --- a/manifests/classes/postfix-anonsasl.pp +++ /dev/null @@ -1,18 +0,0 @@ -class postfix::anonsasl { - - include postfix::header_checks - - postfix::config { - 'smtpd_sasl_authenticated_header': - value => 'yes'; - } - - postfix::header_checks_snippet { - 'anonsasl': - content => template("postfix/anonsasl_header_checks.erb"), - require => [ - Postfix::Config['smtpd_sasl_authenticated_header'], - ]; - } - -} diff --git a/manifests/classes/postfix-header_checks.pp b/manifests/classes/postfix-header_checks.pp deleted file mode 100644 index 071f6b0..0000000 --- a/manifests/classes/postfix-header_checks.pp +++ /dev/null @@ -1,57 +0,0 @@ -# -# == Class: postfix::header_checks -# -# Manages Postfix header_checks by merging snippets shipped: -# - in the module's files/header_checks.d/ or puppet:///files/etc/postfix/header_checks.d -# (the latter takes precedence if present); site-postfix module is supported -# as well, see the source argument of file {"$postfix_header_checks_snippets_dir" -# bellow for details. -# - via postfix::header_checks_snippet defines -# -# Example usage: -# -# node "toto.example.com" { -# $postfix_manage_header_checks = yes -# include postfix -# } -# -class postfix::header_checks { - - include common::moduledir - module_dir{'postfix/header_checks': } - - $postfix_header_checks_dir = "${common::moduledir::module_dir_path}/postfix/header_checks" - $postfix_header_checks_snippets_dir = "${postfix_header_checks_dir}/header_checks.d" - $postfix_merged_header_checks = "${postfix_header_checks_dir}/merged_header_checks" - - file {"$postfix_header_checks_snippets_dir": - ensure => 'directory', - owner => 'root', - group => '0', - mode => '700', - source => [ - "puppet:///modules/site-postfix/${fqdn}/header_checks.d", - "puppet:///modules/site-postfix/header_checks.d", - "puppet:///files/etc/postfix/header_checks.d", - "puppet:///modules/postfix/header_checks.d", - ], - recurse => true, - purge => false, - } - - concatenated_file { "$postfix_merged_header_checks": - dir => "${postfix_header_checks_snippets_dir}", - require => File["$postfix_header_checks_snippets_dir"], - } - - config_file { '/etc/postfix/header_checks': - source => "$postfix_merged_header_checks", - subscribe => File["$postfix_merged_header_checks"], - } - - postfix::config { "header_checks": - value => 'regexp:/etc/postfix/header_checks', - require => File['/etc/postfix/header_checks'], - } - -} diff --git a/manifests/classes/postfix-mailman.pp b/manifests/classes/postfix-mailman.pp deleted file mode 100644 index cba0848..0000000 --- a/manifests/classes/postfix-mailman.pp +++ /dev/null @@ -1,36 +0,0 @@ -# -# == Class: postfix::mailman -# -# Configures a basic smtp server, able to work for the mailman mailing-list -# manager. -# -# Parameters: -# - every global variable which works for class "postfix" will work here. -# -# Example usage: -# -# node "toto.example.com" { -# include mailman -# include postfix::mailman -# } -# -class postfix::mailman { - $postfix_smtp_listen = "0.0.0.0" - include postfix - - postfix::config { - "mydestination": value => ""; - "virtual_alias_maps": value => "hash:/etc/postfix/virtual"; - "transport_maps": value => "hash:/etc/postfix/transport"; - "mailman_destination_recipient_limit": value => "1", nonstandard => true; - } - - postfix::hash { "/etc/postfix/virtual": - ensure => present, - } - - postfix::hash { "/etc/postfix/transport": - ensure => present, - } - -} diff --git a/manifests/classes/postfix-mta.pp b/manifests/classes/postfix-mta.pp deleted file mode 100644 index c36c0bc..0000000 --- a/manifests/classes/postfix-mta.pp +++ /dev/null @@ -1,61 +0,0 @@ -# -# == Class: postfix::mta -# -# This class configures a minimal MTA, listening on -# $postfix_smtp_listen (default to localhost) and delivering mail to -# $postfix_mydestination (default to $fqdn). -# -# A valid relay host is required ($postfix_relayhost) for outbound email. -# -# transport & virtual maps get configured and can be populated with -# postfix::transport and postfix::virtual -# -# Parameters: -# - *$postfix_relayhost* -# - *$postfix_mydestination* -# - every global variable which works for class "postfix" will work here. -# -# Example usage: -# -# node "toto.example.com" { -# $postfix_relayhost = "mail.example.com" -# $postfix_smtp_listen = "0.0.0.0" -# $postfix_mydestination = "\$myorigin, myapp.example.com" -# -# include postfix::mta -# -# postfix::transport { "myapp.example.com": -# ensure => present, -# destination => "local:", -# } -# } -# -class postfix::mta { - - #case $postfix_relayhost { - # "": { fail("Required \$postfix_relayhost variable is not defined.") } - #} - - case $postfix_mydestination { - "": { $postfix_mydestination = "\$myorigin" } - } - - include postfix - - postfix::config { - "mydestination": value => $postfix_mydestination; - "mynetworks": value => "127.0.0.0/8"; - "relayhost": value => $postfix_relayhost; - "virtual_alias_maps": value => "hash:/etc/postfix/virtual"; - "transport_maps": value => "hash:/etc/postfix/transport"; - } - - postfix::hash { "/etc/postfix/virtual": - ensure => present, - } - - postfix::hash { "/etc/postfix/transport": - ensure => present, - } - -} diff --git a/manifests/classes/postfix-satellite.pp b/manifests/classes/postfix-satellite.pp deleted file mode 100644 index cb92a9f..0000000 --- a/manifests/classes/postfix-satellite.pp +++ /dev/null @@ -1,38 +0,0 @@ -# -# == Class: postfix::satellite -# -# This class configures all local email (cron, mdadm, etc) to be forwarded -# to $root_mail_recipient, using $postfix_relayhost as a relay. -# -# $valid_fqdn can be set to override $fqdn in the case where the FQDN is -# not recognized as valid by the destination server. -# -# Parameters: -# - *valid_fqdn* -# - every global variable which works for class "postfix" will work here. -# -# Example usage: -# -# node "toto.local.lan" { -# $postfix_relayhost = "mail.example.com" -# $valid_fqdn = "toto.example.com" -# $root_mail_recipient = "the.sysadmin@example.com" -# -# include postfix::satellite -# } -# -class postfix::satellite { - - # If $valid_fqdn exists, use it to override $fqdn - case $valid_fqdn { - "": { $valid_fqdn = $fqdn } - default: { $fqdn = "${valid_fqdn}" } - } - - include postfix::mta - - postfix::virtual {"@${valid_fqdn}": - ensure => present, - destination => "root", - } -} diff --git a/manifests/classes/postfix-tlspolicy.pp b/manifests/classes/postfix-tlspolicy.pp deleted file mode 100644 index 633c380..0000000 --- a/manifests/classes/postfix-tlspolicy.pp +++ /dev/null @@ -1,71 +0,0 @@ -# -# == Class: postfix::tlspolicy -# -# Manages Postfix TLS policy by merging policy snippets shipped: -# - in the module's files/tls_policy.d/ or puppet:///files/etc/postfix/tls_policy.d -# (the latter takes precedence if present); site-postfix module is supported -# as well, see the source argument of file {"$postfix_tlspolicy_snippets_dir" -# bellow for details. -# - via postfix::tlspolicy_snippet defines -# -# Parameters: -# - $postfix_tls_fingerprint_digest (defaults to sha1) -# -# Example usage: -# -# node "toto.example.com" { -# $postfix_manage_tls_policy = yes -# include postfix -# } -# -class postfix::tlspolicy { - - # Default value for parameters - case $postfix_tls_fingerprint_digest { - "": { $postfix_tls_fingerprint_digest = 'sha1' } - } - - include common::moduledir - module_dir{'postfix/tls_policy': } - - $postfix_tlspolicy_dir = "${common::moduledir::module_dir_path}/postfix/tls_policy" - $postfix_tlspolicy_snippets_dir = "${postfix_tlspolicy_dir}/tls_policy.d" - $postfix_merged_tlspolicy = "${postfix_tlspolicy_dir}/merged_tls_policy" - - file {"$postfix_tlspolicy_snippets_dir": - ensure => 'directory', - owner => 'root', - group => '0', - mode => '700', - source => [ - "puppet:///modules/site-postfix/${fqdn}/tls_policy.d", - "puppet:///modules/site-postfix/tls_policy.d", - "puppet:///modules/postfix/tls_policy.d", - ], - recurse => true, - purge => false, - } - - concatenated_file { "$postfix_merged_tlspolicy": - dir => "${postfix_tlspolicy_snippets_dir}", - require => File["$postfix_tlspolicy_snippets_dir"], - } - - postfix::hash { '/etc/postfix/tls_policy': - source => "$postfix_merged_tlspolicy", - subscribe => File["$postfix_merged_tlspolicy"], - } - - postfix::config { - 'smtp_tls_fingerprint_digest': value => "$postfix_tls_fingerprint_digest"; - } - - postfix::config { 'smtp_tls_policy_maps': - value => 'hash:/etc/postfix/tls_policy', - require => [ - Postfix::Hash['/etc/postfix/tls_policy'], - Postfix::Config['smtp_tls_fingerprint_digest'], - ], - } - -} diff --git a/manifests/classes/postfix.pp b/manifests/classes/postfix.pp deleted file mode 100644 index 63a50b9..0000000 --- a/manifests/classes/postfix.pp +++ /dev/null @@ -1,178 +0,0 @@ -# -# == Class: postfix -# -# This class provides a basic setup of postfix with local and remote -# delivery and an SMTP server listening on the loopback interface. -# -# Parameters: -# - *$postfix_smtp_listen*: address on which the smtp service will listen to. defaults to 127.0.0.1 -# - *$root_mail_recipient*: who will recieve root's emails. defaults to "nobody" -# -# Example usage: -# -# node "toto.example.com" { -# $postfix_smtp_listen = "192.168.1.10" -# include postfix -# } -# -class postfix { - - # selinux labels differ from one distribution to another - case $operatingsystem { - - RedHat, CentOS: { - case $lsbmajdistrelease { - "4": { $postfix_seltype = "etc_t" } - "5": { $postfix_seltype = "postfix_etc_t" } - default: { $postfix_seltype = undef } - } - } - - default: { - $postfix_seltype = undef - } - } - - # Default value for various options - case $postfix_smtp_listen { - "": { $postfix_smtp_listen = "127.0.0.1" } - } - case $root_mail_recipient { - "": { $root_mail_recipient = "nobody" } - } - case $postfix_anon_sasl { - "": { $postfix_anon_sasl = "no" } - } - case $postfix_manage_header_checks { - "": { $postfix_manage_header_checks = "no" } - } - case $postfix_manage_tls_policy { - "": { $postfix_manage_tls_policy = "no" } - } - case $postfix_use_amavisd { - "": { $postfix_use_amavisd = "no" } - } - case $postfix_use_dovecot_lda { - "": { $postfix_use_dovecot_lda = "no" } - } - case $postfix_use_schleuder { - "": { $postfix_use_schleuder = "no" } - } - case $postfix_use_sympa { - "": { $postfix_use_sympa = "no" } - } - case $postfix_mastercf_tail { - "": { $postfix_mastercf_tail = "" } - } - case $postfix_inet_interfaces { - "": { $postfix_inet_interfaces = 'all' } - } - case $postfix_myorigin { - "": { $postfix_myorigin = $fqdn } - } - - # Bootstrap moduledir - include common::moduledir - module_dir{'postfix': } - - # Include optional classes - if $postfix_anon_sasl == 'yes' { - include postfix::anonsasl - } - if $postfix_manage_header_checks == 'yes' { - include postfix::header_checks - } - if $postfix_manage_tls_policy == 'yes' { - include postfix::tlspolicy - } - if $postfix_use_amavisd == 'yes' { - include postfix::amavis - } - - package { ["postfix", "mailx"]: - ensure => installed - } - - if $operatingsystem == 'debian' { - Package[mailx] { name => 'bsd-mailx' } - } - - service { "postfix": - ensure => running, - require => Package["postfix"], - } - - file { "/etc/mailname": - ensure => present, - content => "${fqdn}\n", - seltype => $postfix_seltype, - } - - # Aliases - file { "/etc/aliases": - ensure => present, - content => "# file managed by puppet\n", - replace => false, - seltype => $postfix_seltype, - notify => Exec["newaliases"], - } - - # Aliases - exec { "newaliases": - command => "/usr/bin/newaliases", - refreshonly => true, - require => Package["postfix"], - subscribe => File["/etc/aliases"], - } - - # Config files - file { "/etc/postfix/master.cf": - ensure => present, - owner => "root", - group => "root", - mode => "0644", - content => $operatingsystem ? { - Redhat => template("postfix/master.cf.redhat5.erb"), - CentOS => template("postfix/master.cf.redhat5.erb"), - Debian => template("postfix/master.cf.debian-$lsbdistcodename.erb"), - Ubuntu => template("postfix/master.cf.debian-etch.erb"), - }, - seltype => $postfix_seltype, - notify => Service["postfix"], - require => Package["postfix"], - } - - # Config files - file { "/etc/postfix/main.cf": - ensure => present, - owner => "root", - group => "root", - mode => "0644", - source => "puppet:///modules/postfix/main.cf", - replace => false, - seltype => $postfix_seltype, - notify => Service["postfix"], - require => Package["postfix"], - } - - # Default configuration parameters - postfix::config { - "myorigin": value => "${postfix_myorigin}"; - "alias_maps": value => "hash:/etc/aliases"; - "inet_interfaces": value => "${postfix_inet_interfaces}"; - } - - case $operatingsystem { - RedHat, CentOS: { - postfix::config { - "sendmail_path": value => "/usr/sbin/sendmail.postfix"; - "newaliases_path": value => "/usr/bin/newaliases.postfix"; - "mailq_path": value => "/usr/bin/mailq.postfix"; - } - } - } - - postfix::mailalias {"root": - recipient => $root_mail_recipient, - } -} diff --git a/manifests/config.pp b/manifests/config.pp new file mode 100644 index 0000000..8e203a6 --- /dev/null +++ b/manifests/config.pp @@ -0,0 +1,49 @@ +/* +== Definition: postfix::config + +Uses the "postconf" command to add/alter/remove options in postfix main +configuation file (/etc/postfix/main.cf). + +Parameters: +- *name*: name of the parameter. +- *ensure*: present/absent. defaults to present. +- *value*: value of the parameter. +- *nonstandard*: inform postfix::config that this parameter is not recognized + by the "postconf" command. defaults to false. + +Requires: +- Class["postfix"] + +Example usage: + + node "toto.example.com" { + + include postfix + + postfix::config { + "smtp_use_tls" => "yes"; + "smtp_sasl_auth_enable" => "yes"; + "smtp_sasl_password_maps" => "hash:/etc/postfix/my_sasl_passwords"; + "relayhost" => "[mail.example.com]:587"; + } + } + +*/ +define postfix::config ($ensure = present, $value, $nonstandard = false) { + case $ensure { + present: { + exec {"postconf -e ${name}='${value}'": + unless => $nonstandard ? { + false => "test \"x$(postconf -h ${name})\" = 'x${value}'", + true => "test \"x$(egrep '^${name} ' /etc/postfix/main.cf | cut -d= -f2 | cut -d' ' -f2)\" = 'x${value}'", + }, + notify => Service["postfix"], + require => File["/etc/postfix/main.cf"], + } + } + + absent: { + fail "postfix::config ensure => absent: Not implemented" + } + } +} diff --git a/manifests/definitions/config.pp b/manifests/definitions/config.pp deleted file mode 100644 index 8e203a6..0000000 --- a/manifests/definitions/config.pp +++ /dev/null @@ -1,49 +0,0 @@ -/* -== Definition: postfix::config - -Uses the "postconf" command to add/alter/remove options in postfix main -configuation file (/etc/postfix/main.cf). - -Parameters: -- *name*: name of the parameter. -- *ensure*: present/absent. defaults to present. -- *value*: value of the parameter. -- *nonstandard*: inform postfix::config that this parameter is not recognized - by the "postconf" command. defaults to false. - -Requires: -- Class["postfix"] - -Example usage: - - node "toto.example.com" { - - include postfix - - postfix::config { - "smtp_use_tls" => "yes"; - "smtp_sasl_auth_enable" => "yes"; - "smtp_sasl_password_maps" => "hash:/etc/postfix/my_sasl_passwords"; - "relayhost" => "[mail.example.com]:587"; - } - } - -*/ -define postfix::config ($ensure = present, $value, $nonstandard = false) { - case $ensure { - present: { - exec {"postconf -e ${name}='${value}'": - unless => $nonstandard ? { - false => "test \"x$(postconf -h ${name})\" = 'x${value}'", - true => "test \"x$(egrep '^${name} ' /etc/postfix/main.cf | cut -d= -f2 | cut -d' ' -f2)\" = 'x${value}'", - }, - notify => Service["postfix"], - require => File["/etc/postfix/main.cf"], - } - } - - absent: { - fail "postfix::config ensure => absent: Not implemented" - } - } -} diff --git a/manifests/definitions/hash.pp b/manifests/definitions/hash.pp deleted file mode 100644 index c8bb7c7..0000000 --- a/manifests/definitions/hash.pp +++ /dev/null @@ -1,87 +0,0 @@ -/* -== Definition: postfix::hash - -Creates postfix hashed "map" files. It will create "${name}", and then build -"${name}.db" using the "postmap" command. The map file can then be referred to -using postfix::config. - -Parameters: -- *name*: the name of the map file. -- *ensure*: present/absent, defaults to present. -- *source*: file source. - -Requires: -- Class["postfix"] - -Example usage: - - node "toto.example.com" { - - include postfix - - postfix::hash { "/etc/postfix/virtual": - ensure => present, - } - postfix::config { "virtual_alias_maps": - value => "hash:/etc/postfix/virtual" - } - } - -*/ -define postfix::hash ($ensure="present", $source = false) { - - # selinux labels differ from one distribution to another - case $operatingsystem { - - RedHat, CentOS: { - case $lsbmajdistrelease { - "4": { $postfix_seltype = "etc_t" } - "5": { $postfix_seltype = "postfix_etc_t" } - default: { $postfix_seltype = undef } - } - } - - default: { - $postfix_seltype = undef - } - } - - case $source { - false: { - file {"${name}": - ensure => $ensure, - mode => 600, - owner => root, - group => root, - seltype => $postfix_seltype, - require => Package["postfix"], - } - } - default: { - file {"${name}": - ensure => $ensure, - mode => 600, - owner => root, - group => root, - source => $source, - seltype => $postfix_seltype, - require => Package["postfix"], - } - } - } - - file {"${name}.db": - ensure => $ensure, - mode => 600, - require => [File["${name}"], Exec["generate ${name}.db"]], - seltype => $postfix_seltype, - } - - exec {"generate ${name}.db": - command => "postmap ${name}", - #creates => "${name}.db", # this prevents postmap from being run ! - subscribe => File["${name}"], - refreshonly => true, - require => Package["postfix"], - } -} diff --git a/manifests/definitions/header_checks_snippet.pp b/manifests/definitions/header_checks_snippet.pp deleted file mode 100644 index 454d219..0000000 --- a/manifests/definitions/header_checks_snippet.pp +++ /dev/null @@ -1,67 +0,0 @@ -/* -== Definition: postfix::header_checks_snippet - -Adds a header_checks snippets to /etc/postfix/header_checks. -See the postfix::header_checks class for details. - -Parameters: -- *source* or *content*: source or content of the header_checks snippet -- *ensure*: present (default) or absent - -Requires: -- Class["postfix"] - -Example usage: - - node "toto.example.com" { - include postfix - postfix::header_checks { - 'wrong_date': content => 'FIXME'; - 'bla': source => 'puppet:///files/etc/postfix/header_checks.d/bla'; - } - } - -*/ - -define postfix::header_checks_snippet ( - $ensure = "present", - $source = '', - $content = undef -) { - - if $source == '' and $content == undef { - fail("One of \$source or \$content must be specified for postfix::header_checks_snippet ${name}") - } - - if $source != '' and $content != undef { - fail("Only one of \$source or \$content must specified for postfix::header_checks_snippet ${name}") - } - - if ($value == false) and ($ensure == "present") { - fail("The value parameter must be set when using the postfix::header_checks_snippet define with ensure=present.") - } - - include postfix::header_checks - - $snippetfile = "${postfix::header_checks::postfix_header_checks_snippets_dir}/${name}" - - file { "$snippetfile": - ensure => "$ensure", - mode => 600, - owner => root, - group => 0, - notify => Exec["concat_${postfix::header_checks::postfix_merged_header_checks}"], - } - - if $source { - File["$snippetfile"] { - source => $source, - } - } - else { - File["$snippetfile"] { - content => $content, - } - } - -} diff --git a/manifests/definitions/mailalias.pp b/manifests/definitions/mailalias.pp deleted file mode 100644 index cd1af50..0000000 --- a/manifests/definitions/mailalias.pp +++ /dev/null @@ -1,32 +0,0 @@ -/* -== Definition: postfix::mailalias - -Wrapper around Puppet mailalias resource, provides newaliases executable. - -Parameters: -- *name*: the name of the alias. -- *ensure*: present/absent, defaults to present. -- *recipient*: recipient of the alias. - -Requires: -- Class["postfix"] - -Example usage: - - node "toto.example.com" { - - include postfix - - postfix::mailalias { "postmaster": - ensure => present, - recipient => 'foo' - } - -*/ -define postfix::mailalias ($ensure = 'present', $recipient) { - mailalias { "${name}": - ensure => $ensure, - recipient => $recipient, - notify => Exec['newaliases'] - } -} diff --git a/manifests/definitions/tlspolicy_snippet.pp b/manifests/definitions/tlspolicy_snippet.pp deleted file mode 100644 index 2596dbc..0000000 --- a/manifests/definitions/tlspolicy_snippet.pp +++ /dev/null @@ -1,47 +0,0 @@ -/* -== Definition: postfix::tlspolicy_snippet - -Adds a TLS policy snippets to /etc/postfix/tls_policy.d/. -See the postfix::tlspolicy class for details. - -Parameters: -- *name*: name of destination domain Postfix will lookup. See TLS_README. -- *value*: right-hand part of the tls_policy map -- *ensure*: present/absent, defaults to present. - -Requires: -- Class["postfix"] -- Class["postfix::tlspolicy"] - -Example usage: - - node "toto.example.com" { - $postfix_manage_tls_policy = yes - include postfix - postfix::tlspolicy_snippet { - 'example.com': value => 'encrypt'; - '.example.com': value => 'encrypt'; - 'nothing.com': value => 'fingerprint match=2A:FF:F0:EC:52:04:99:45:73:1B:C2:22:7F:FD:31:6B:8F:07:43:29'; - } - } - -*/ - -define postfix::tlspolicy_snippet ($ensure="present", $value = false) { - - include postfix::tlspolicy - - if ($value == false) and ($ensure == "present") { - fail("The value parameter must be set when using the postfix::tlspolicy_snippet define with ensure=present.") - } - - file { "${postfix::tlspolicy::postfix_tlspolicy_snippets_dir}/${name}": - ensure => "$ensure", - content => "${name} ${value}\n", - mode => 600, - owner => root, - group => 0, - notify => Exec["concat_${postfix::tlspolicy::postfix_merged_tlspolicy}"], - } - -} diff --git a/manifests/definitions/transport.pp b/manifests/definitions/transport.pp deleted file mode 100644 index 5ca5554..0000000 --- a/manifests/definitions/transport.pp +++ /dev/null @@ -1,44 +0,0 @@ -/* -== Definition: postfix::transport - -Manages content of the /etc/postfix/transport map. - -Parameters: -- *name*: name of address postfix will lookup. See transport(5). -- *destination*: where the emails will be delivered to. See transport(5). -- *ensure*: present/absent, defaults to present. - -Requires: -- Class["postfix"] -- Postfix::Hash["/etc/postfix/transport"] -- Postfix::Config["transport_maps"] -- common::line (from module common) - -Example usage: - - node "toto.example.com" { - - include postfix - - postfix::hash { "/etc/postfix/transport": - ensure => present, - } - postfix::config { "transport_maps": - value => "hash:/etc/postfix/transport" - } - postfix::transport { "mailman.example.com": - ensure => present, - destination => "mailman", - } - } - -*/ -define postfix::transport ($ensure="present", $destination) { - line {"${name} ${destination}": - ensure => $ensure, - file => "/etc/postfix/transport", - line => "${name} ${destination}", - notify => Exec["generate /etc/postfix/transport.db"], - require => Package["postfix"], - } -} diff --git a/manifests/definitions/virtual.pp b/manifests/definitions/virtual.pp deleted file mode 100644 index 8fcd53a..0000000 --- a/manifests/definitions/virtual.pp +++ /dev/null @@ -1,44 +0,0 @@ -/* -== Definition: postfix::virtual - -Manages content of the /etc/postfix/virtual map. - -Parameters: -- *name*: name of address postfix will lookup. See virtual(8). -- *destination*: where the emails will be delivered to. See virtual(8). -- *ensure*: present/absent, defaults to present. - -Requires: -- Class["postfix"] -- Postfix::Hash["/etc/postfix/virtual"] -- Postfix::Config["virtual_alias_maps"] -- common::line (from module common) - -Example usage: - - node "toto.example.com" { - - include postfix - - postfix::hash { "/etc/postfix/virtual": - ensure => present, - } - postfix::config { "virtual_alias_maps": - value => "hash:/etc/postfix/virtual" - } - postfix::virtual { "user@example.com": - ensure => present, - destination => "root", - } - } - -*/ -define postfix::virtual ($ensure="present", $destination) { - line {"${name} ${destination}": - ensure => $ensure, - file => "/etc/postfix/virtual", - line => "${name} ${destination}", - notify => Exec["generate /etc/postfix/virtual.db"], - require => Package["postfix"], - } -} diff --git a/manifests/hash.pp b/manifests/hash.pp new file mode 100644 index 0000000..c8bb7c7 --- /dev/null +++ b/manifests/hash.pp @@ -0,0 +1,87 @@ +/* +== Definition: postfix::hash + +Creates postfix hashed "map" files. It will create "${name}", and then build +"${name}.db" using the "postmap" command. The map file can then be referred to +using postfix::config. + +Parameters: +- *name*: the name of the map file. +- *ensure*: present/absent, defaults to present. +- *source*: file source. + +Requires: +- Class["postfix"] + +Example usage: + + node "toto.example.com" { + + include postfix + + postfix::hash { "/etc/postfix/virtual": + ensure => present, + } + postfix::config { "virtual_alias_maps": + value => "hash:/etc/postfix/virtual" + } + } + +*/ +define postfix::hash ($ensure="present", $source = false) { + + # selinux labels differ from one distribution to another + case $operatingsystem { + + RedHat, CentOS: { + case $lsbmajdistrelease { + "4": { $postfix_seltype = "etc_t" } + "5": { $postfix_seltype = "postfix_etc_t" } + default: { $postfix_seltype = undef } + } + } + + default: { + $postfix_seltype = undef + } + } + + case $source { + false: { + file {"${name}": + ensure => $ensure, + mode => 600, + owner => root, + group => root, + seltype => $postfix_seltype, + require => Package["postfix"], + } + } + default: { + file {"${name}": + ensure => $ensure, + mode => 600, + owner => root, + group => root, + source => $source, + seltype => $postfix_seltype, + require => Package["postfix"], + } + } + } + + file {"${name}.db": + ensure => $ensure, + mode => 600, + require => [File["${name}"], Exec["generate ${name}.db"]], + seltype => $postfix_seltype, + } + + exec {"generate ${name}.db": + command => "postmap ${name}", + #creates => "${name}.db", # this prevents postmap from being run ! + subscribe => File["${name}"], + refreshonly => true, + require => Package["postfix"], + } +} diff --git a/manifests/header_checks.pp b/manifests/header_checks.pp new file mode 100644 index 0000000..071f6b0 --- /dev/null +++ b/manifests/header_checks.pp @@ -0,0 +1,57 @@ +# +# == Class: postfix::header_checks +# +# Manages Postfix header_checks by merging snippets shipped: +# - in the module's files/header_checks.d/ or puppet:///files/etc/postfix/header_checks.d +# (the latter takes precedence if present); site-postfix module is supported +# as well, see the source argument of file {"$postfix_header_checks_snippets_dir" +# bellow for details. +# - via postfix::header_checks_snippet defines +# +# Example usage: +# +# node "toto.example.com" { +# $postfix_manage_header_checks = yes +# include postfix +# } +# +class postfix::header_checks { + + include common::moduledir + module_dir{'postfix/header_checks': } + + $postfix_header_checks_dir = "${common::moduledir::module_dir_path}/postfix/header_checks" + $postfix_header_checks_snippets_dir = "${postfix_header_checks_dir}/header_checks.d" + $postfix_merged_header_checks = "${postfix_header_checks_dir}/merged_header_checks" + + file {"$postfix_header_checks_snippets_dir": + ensure => 'directory', + owner => 'root', + group => '0', + mode => '700', + source => [ + "puppet:///modules/site-postfix/${fqdn}/header_checks.d", + "puppet:///modules/site-postfix/header_checks.d", + "puppet:///files/etc/postfix/header_checks.d", + "puppet:///modules/postfix/header_checks.d", + ], + recurse => true, + purge => false, + } + + concatenated_file { "$postfix_merged_header_checks": + dir => "${postfix_header_checks_snippets_dir}", + require => File["$postfix_header_checks_snippets_dir"], + } + + config_file { '/etc/postfix/header_checks': + source => "$postfix_merged_header_checks", + subscribe => File["$postfix_merged_header_checks"], + } + + postfix::config { "header_checks": + value => 'regexp:/etc/postfix/header_checks', + require => File['/etc/postfix/header_checks'], + } + +} diff --git a/manifests/header_checks_snippet.pp b/manifests/header_checks_snippet.pp new file mode 100644 index 0000000..454d219 --- /dev/null +++ b/manifests/header_checks_snippet.pp @@ -0,0 +1,67 @@ +/* +== Definition: postfix::header_checks_snippet + +Adds a header_checks snippets to /etc/postfix/header_checks. +See the postfix::header_checks class for details. + +Parameters: +- *source* or *content*: source or content of the header_checks snippet +- *ensure*: present (default) or absent + +Requires: +- Class["postfix"] + +Example usage: + + node "toto.example.com" { + include postfix + postfix::header_checks { + 'wrong_date': content => 'FIXME'; + 'bla': source => 'puppet:///files/etc/postfix/header_checks.d/bla'; + } + } + +*/ + +define postfix::header_checks_snippet ( + $ensure = "present", + $source = '', + $content = undef +) { + + if $source == '' and $content == undef { + fail("One of \$source or \$content must be specified for postfix::header_checks_snippet ${name}") + } + + if $source != '' and $content != undef { + fail("Only one of \$source or \$content must specified for postfix::header_checks_snippet ${name}") + } + + if ($value == false) and ($ensure == "present") { + fail("The value parameter must be set when using the postfix::header_checks_snippet define with ensure=present.") + } + + include postfix::header_checks + + $snippetfile = "${postfix::header_checks::postfix_header_checks_snippets_dir}/${name}" + + file { "$snippetfile": + ensure => "$ensure", + mode => 600, + owner => root, + group => 0, + notify => Exec["concat_${postfix::header_checks::postfix_merged_header_checks}"], + } + + if $source { + File["$snippetfile"] { + source => $source, + } + } + else { + File["$snippetfile"] { + content => $content, + } + } + +} diff --git a/manifests/init.pp b/manifests/init.pp index 6cc1969..63a50b9 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -1,2 +1,178 @@ -import "classes/*.pp" -import "definitions/*.pp" +# +# == Class: postfix +# +# This class provides a basic setup of postfix with local and remote +# delivery and an SMTP server listening on the loopback interface. +# +# Parameters: +# - *$postfix_smtp_listen*: address on which the smtp service will listen to. defaults to 127.0.0.1 +# - *$root_mail_recipient*: who will recieve root's emails. defaults to "nobody" +# +# Example usage: +# +# node "toto.example.com" { +# $postfix_smtp_listen = "192.168.1.10" +# include postfix +# } +# +class postfix { + + # selinux labels differ from one distribution to another + case $operatingsystem { + + RedHat, CentOS: { + case $lsbmajdistrelease { + "4": { $postfix_seltype = "etc_t" } + "5": { $postfix_seltype = "postfix_etc_t" } + default: { $postfix_seltype = undef } + } + } + + default: { + $postfix_seltype = undef + } + } + + # Default value for various options + case $postfix_smtp_listen { + "": { $postfix_smtp_listen = "127.0.0.1" } + } + case $root_mail_recipient { + "": { $root_mail_recipient = "nobody" } + } + case $postfix_anon_sasl { + "": { $postfix_anon_sasl = "no" } + } + case $postfix_manage_header_checks { + "": { $postfix_manage_header_checks = "no" } + } + case $postfix_manage_tls_policy { + "": { $postfix_manage_tls_policy = "no" } + } + case $postfix_use_amavisd { + "": { $postfix_use_amavisd = "no" } + } + case $postfix_use_dovecot_lda { + "": { $postfix_use_dovecot_lda = "no" } + } + case $postfix_use_schleuder { + "": { $postfix_use_schleuder = "no" } + } + case $postfix_use_sympa { + "": { $postfix_use_sympa = "no" } + } + case $postfix_mastercf_tail { + "": { $postfix_mastercf_tail = "" } + } + case $postfix_inet_interfaces { + "": { $postfix_inet_interfaces = 'all' } + } + case $postfix_myorigin { + "": { $postfix_myorigin = $fqdn } + } + + # Bootstrap moduledir + include common::moduledir + module_dir{'postfix': } + + # Include optional classes + if $postfix_anon_sasl == 'yes' { + include postfix::anonsasl + } + if $postfix_manage_header_checks == 'yes' { + include postfix::header_checks + } + if $postfix_manage_tls_policy == 'yes' { + include postfix::tlspolicy + } + if $postfix_use_amavisd == 'yes' { + include postfix::amavis + } + + package { ["postfix", "mailx"]: + ensure => installed + } + + if $operatingsystem == 'debian' { + Package[mailx] { name => 'bsd-mailx' } + } + + service { "postfix": + ensure => running, + require => Package["postfix"], + } + + file { "/etc/mailname": + ensure => present, + content => "${fqdn}\n", + seltype => $postfix_seltype, + } + + # Aliases + file { "/etc/aliases": + ensure => present, + content => "# file managed by puppet\n", + replace => false, + seltype => $postfix_seltype, + notify => Exec["newaliases"], + } + + # Aliases + exec { "newaliases": + command => "/usr/bin/newaliases", + refreshonly => true, + require => Package["postfix"], + subscribe => File["/etc/aliases"], + } + + # Config files + file { "/etc/postfix/master.cf": + ensure => present, + owner => "root", + group => "root", + mode => "0644", + content => $operatingsystem ? { + Redhat => template("postfix/master.cf.redhat5.erb"), + CentOS => template("postfix/master.cf.redhat5.erb"), + Debian => template("postfix/master.cf.debian-$lsbdistcodename.erb"), + Ubuntu => template("postfix/master.cf.debian-etch.erb"), + }, + seltype => $postfix_seltype, + notify => Service["postfix"], + require => Package["postfix"], + } + + # Config files + file { "/etc/postfix/main.cf": + ensure => present, + owner => "root", + group => "root", + mode => "0644", + source => "puppet:///modules/postfix/main.cf", + replace => false, + seltype => $postfix_seltype, + notify => Service["postfix"], + require => Package["postfix"], + } + + # Default configuration parameters + postfix::config { + "myorigin": value => "${postfix_myorigin}"; + "alias_maps": value => "hash:/etc/aliases"; + "inet_interfaces": value => "${postfix_inet_interfaces}"; + } + + case $operatingsystem { + RedHat, CentOS: { + postfix::config { + "sendmail_path": value => "/usr/sbin/sendmail.postfix"; + "newaliases_path": value => "/usr/bin/newaliases.postfix"; + "mailq_path": value => "/usr/bin/mailq.postfix"; + } + } + } + + postfix::mailalias {"root": + recipient => $root_mail_recipient, + } +} diff --git a/manifests/mailalias.pp b/manifests/mailalias.pp new file mode 100644 index 0000000..cd1af50 --- /dev/null +++ b/manifests/mailalias.pp @@ -0,0 +1,32 @@ +/* +== Definition: postfix::mailalias + +Wrapper around Puppet mailalias resource, provides newaliases executable. + +Parameters: +- *name*: the name of the alias. +- *ensure*: present/absent, defaults to present. +- *recipient*: recipient of the alias. + +Requires: +- Class["postfix"] + +Example usage: + + node "toto.example.com" { + + include postfix + + postfix::mailalias { "postmaster": + ensure => present, + recipient => 'foo' + } + +*/ +define postfix::mailalias ($ensure = 'present', $recipient) { + mailalias { "${name}": + ensure => $ensure, + recipient => $recipient, + notify => Exec['newaliases'] + } +} diff --git a/manifests/mailman.pp b/manifests/mailman.pp new file mode 100644 index 0000000..cba0848 --- /dev/null +++ b/manifests/mailman.pp @@ -0,0 +1,36 @@ +# +# == Class: postfix::mailman +# +# Configures a basic smtp server, able to work for the mailman mailing-list +# manager. +# +# Parameters: +# - every global variable which works for class "postfix" will work here. +# +# Example usage: +# +# node "toto.example.com" { +# include mailman +# include postfix::mailman +# } +# +class postfix::mailman { + $postfix_smtp_listen = "0.0.0.0" + include postfix + + postfix::config { + "mydestination": value => ""; + "virtual_alias_maps": value => "hash:/etc/postfix/virtual"; + "transport_maps": value => "hash:/etc/postfix/transport"; + "mailman_destination_recipient_limit": value => "1", nonstandard => true; + } + + postfix::hash { "/etc/postfix/virtual": + ensure => present, + } + + postfix::hash { "/etc/postfix/transport": + ensure => present, + } + +} diff --git a/manifests/mta.pp b/manifests/mta.pp new file mode 100644 index 0000000..c36c0bc --- /dev/null +++ b/manifests/mta.pp @@ -0,0 +1,61 @@ +# +# == Class: postfix::mta +# +# This class configures a minimal MTA, listening on +# $postfix_smtp_listen (default to localhost) and delivering mail to +# $postfix_mydestination (default to $fqdn). +# +# A valid relay host is required ($postfix_relayhost) for outbound email. +# +# transport & virtual maps get configured and can be populated with +# postfix::transport and postfix::virtual +# +# Parameters: +# - *$postfix_relayhost* +# - *$postfix_mydestination* +# - every global variable which works for class "postfix" will work here. +# +# Example usage: +# +# node "toto.example.com" { +# $postfix_relayhost = "mail.example.com" +# $postfix_smtp_listen = "0.0.0.0" +# $postfix_mydestination = "\$myorigin, myapp.example.com" +# +# include postfix::mta +# +# postfix::transport { "myapp.example.com": +# ensure => present, +# destination => "local:", +# } +# } +# +class postfix::mta { + + #case $postfix_relayhost { + # "": { fail("Required \$postfix_relayhost variable is not defined.") } + #} + + case $postfix_mydestination { + "": { $postfix_mydestination = "\$myorigin" } + } + + include postfix + + postfix::config { + "mydestination": value => $postfix_mydestination; + "mynetworks": value => "127.0.0.0/8"; + "relayhost": value => $postfix_relayhost; + "virtual_alias_maps": value => "hash:/etc/postfix/virtual"; + "transport_maps": value => "hash:/etc/postfix/transport"; + } + + postfix::hash { "/etc/postfix/virtual": + ensure => present, + } + + postfix::hash { "/etc/postfix/transport": + ensure => present, + } + +} diff --git a/manifests/satellite.pp b/manifests/satellite.pp new file mode 100644 index 0000000..cb92a9f --- /dev/null +++ b/manifests/satellite.pp @@ -0,0 +1,38 @@ +# +# == Class: postfix::satellite +# +# This class configures all local email (cron, mdadm, etc) to be forwarded +# to $root_mail_recipient, using $postfix_relayhost as a relay. +# +# $valid_fqdn can be set to override $fqdn in the case where the FQDN is +# not recognized as valid by the destination server. +# +# Parameters: +# - *valid_fqdn* +# - every global variable which works for class "postfix" will work here. +# +# Example usage: +# +# node "toto.local.lan" { +# $postfix_relayhost = "mail.example.com" +# $valid_fqdn = "toto.example.com" +# $root_mail_recipient = "the.sysadmin@example.com" +# +# include postfix::satellite +# } +# +class postfix::satellite { + + # If $valid_fqdn exists, use it to override $fqdn + case $valid_fqdn { + "": { $valid_fqdn = $fqdn } + default: { $fqdn = "${valid_fqdn}" } + } + + include postfix::mta + + postfix::virtual {"@${valid_fqdn}": + ensure => present, + destination => "root", + } +} diff --git a/manifests/tlspolicy.pp b/manifests/tlspolicy.pp new file mode 100644 index 0000000..633c380 --- /dev/null +++ b/manifests/tlspolicy.pp @@ -0,0 +1,71 @@ +# +# == Class: postfix::tlspolicy +# +# Manages Postfix TLS policy by merging policy snippets shipped: +# - in the module's files/tls_policy.d/ or puppet:///files/etc/postfix/tls_policy.d +# (the latter takes precedence if present); site-postfix module is supported +# as well, see the source argument of file {"$postfix_tlspolicy_snippets_dir" +# bellow for details. +# - via postfix::tlspolicy_snippet defines +# +# Parameters: +# - $postfix_tls_fingerprint_digest (defaults to sha1) +# +# Example usage: +# +# node "toto.example.com" { +# $postfix_manage_tls_policy = yes +# include postfix +# } +# +class postfix::tlspolicy { + + # Default value for parameters + case $postfix_tls_fingerprint_digest { + "": { $postfix_tls_fingerprint_digest = 'sha1' } + } + + include common::moduledir + module_dir{'postfix/tls_policy': } + + $postfix_tlspolicy_dir = "${common::moduledir::module_dir_path}/postfix/tls_policy" + $postfix_tlspolicy_snippets_dir = "${postfix_tlspolicy_dir}/tls_policy.d" + $postfix_merged_tlspolicy = "${postfix_tlspolicy_dir}/merged_tls_policy" + + file {"$postfix_tlspolicy_snippets_dir": + ensure => 'directory', + owner => 'root', + group => '0', + mode => '700', + source => [ + "puppet:///modules/site-postfix/${fqdn}/tls_policy.d", + "puppet:///modules/site-postfix/tls_policy.d", + "puppet:///modules/postfix/tls_policy.d", + ], + recurse => true, + purge => false, + } + + concatenated_file { "$postfix_merged_tlspolicy": + dir => "${postfix_tlspolicy_snippets_dir}", + require => File["$postfix_tlspolicy_snippets_dir"], + } + + postfix::hash { '/etc/postfix/tls_policy': + source => "$postfix_merged_tlspolicy", + subscribe => File["$postfix_merged_tlspolicy"], + } + + postfix::config { + 'smtp_tls_fingerprint_digest': value => "$postfix_tls_fingerprint_digest"; + } + + postfix::config { 'smtp_tls_policy_maps': + value => 'hash:/etc/postfix/tls_policy', + require => [ + Postfix::Hash['/etc/postfix/tls_policy'], + Postfix::Config['smtp_tls_fingerprint_digest'], + ], + } + +} diff --git a/manifests/tlspolicy_snippet.pp b/manifests/tlspolicy_snippet.pp new file mode 100644 index 0000000..2596dbc --- /dev/null +++ b/manifests/tlspolicy_snippet.pp @@ -0,0 +1,47 @@ +/* +== Definition: postfix::tlspolicy_snippet + +Adds a TLS policy snippets to /etc/postfix/tls_policy.d/. +See the postfix::tlspolicy class for details. + +Parameters: +- *name*: name of destination domain Postfix will lookup. See TLS_README. +- *value*: right-hand part of the tls_policy map +- *ensure*: present/absent, defaults to present. + +Requires: +- Class["postfix"] +- Class["postfix::tlspolicy"] + +Example usage: + + node "toto.example.com" { + $postfix_manage_tls_policy = yes + include postfix + postfix::tlspolicy_snippet { + 'example.com': value => 'encrypt'; + '.example.com': value => 'encrypt'; + 'nothing.com': value => 'fingerprint match=2A:FF:F0:EC:52:04:99:45:73:1B:C2:22:7F:FD:31:6B:8F:07:43:29'; + } + } + +*/ + +define postfix::tlspolicy_snippet ($ensure="present", $value = false) { + + include postfix::tlspolicy + + if ($value == false) and ($ensure == "present") { + fail("The value parameter must be set when using the postfix::tlspolicy_snippet define with ensure=present.") + } + + file { "${postfix::tlspolicy::postfix_tlspolicy_snippets_dir}/${name}": + ensure => "$ensure", + content => "${name} ${value}\n", + mode => 600, + owner => root, + group => 0, + notify => Exec["concat_${postfix::tlspolicy::postfix_merged_tlspolicy}"], + } + +} diff --git a/manifests/transport.pp b/manifests/transport.pp new file mode 100644 index 0000000..5ca5554 --- /dev/null +++ b/manifests/transport.pp @@ -0,0 +1,44 @@ +/* +== Definition: postfix::transport + +Manages content of the /etc/postfix/transport map. + +Parameters: +- *name*: name of address postfix will lookup. See transport(5). +- *destination*: where the emails will be delivered to. See transport(5). +- *ensure*: present/absent, defaults to present. + +Requires: +- Class["postfix"] +- Postfix::Hash["/etc/postfix/transport"] +- Postfix::Config["transport_maps"] +- common::line (from module common) + +Example usage: + + node "toto.example.com" { + + include postfix + + postfix::hash { "/etc/postfix/transport": + ensure => present, + } + postfix::config { "transport_maps": + value => "hash:/etc/postfix/transport" + } + postfix::transport { "mailman.example.com": + ensure => present, + destination => "mailman", + } + } + +*/ +define postfix::transport ($ensure="present", $destination) { + line {"${name} ${destination}": + ensure => $ensure, + file => "/etc/postfix/transport", + line => "${name} ${destination}", + notify => Exec["generate /etc/postfix/transport.db"], + require => Package["postfix"], + } +} diff --git a/manifests/virtual.pp b/manifests/virtual.pp new file mode 100644 index 0000000..8fcd53a --- /dev/null +++ b/manifests/virtual.pp @@ -0,0 +1,44 @@ +/* +== Definition: postfix::virtual + +Manages content of the /etc/postfix/virtual map. + +Parameters: +- *name*: name of address postfix will lookup. See virtual(8). +- *destination*: where the emails will be delivered to. See virtual(8). +- *ensure*: present/absent, defaults to present. + +Requires: +- Class["postfix"] +- Postfix::Hash["/etc/postfix/virtual"] +- Postfix::Config["virtual_alias_maps"] +- common::line (from module common) + +Example usage: + + node "toto.example.com" { + + include postfix + + postfix::hash { "/etc/postfix/virtual": + ensure => present, + } + postfix::config { "virtual_alias_maps": + value => "hash:/etc/postfix/virtual" + } + postfix::virtual { "user@example.com": + ensure => present, + destination => "root", + } + } + +*/ +define postfix::virtual ($ensure="present", $destination) { + line {"${name} ${destination}": + ensure => $ensure, + file => "/etc/postfix/virtual", + line => "${name} ${destination}", + notify => Exec["generate /etc/postfix/virtual.db"], + require => Package["postfix"], + } +} -- cgit v1.2.3 From 2c86670a9233ee62d16b16730218994a1fe7eb9b Mon Sep 17 00:00:00 2001 From: mh Date: Thu, 16 Feb 2012 16:58:09 +0100 Subject: Use proper variable scope Facts should be addressed with $::fqdn and so on. --- manifests/hash.pp | 24 ++++-------------------- manifests/init.pp | 12 ++++++------ manifests/satellite.pp | 2 +- 3 files changed, 11 insertions(+), 27 deletions(-) diff --git a/manifests/hash.pp b/manifests/hash.pp index c8bb7c7..6e2012f 100644 --- a/manifests/hash.pp +++ b/manifests/hash.pp @@ -29,23 +29,7 @@ Example usage: */ define postfix::hash ($ensure="present", $source = false) { - - # selinux labels differ from one distribution to another - case $operatingsystem { - - RedHat, CentOS: { - case $lsbmajdistrelease { - "4": { $postfix_seltype = "etc_t" } - "5": { $postfix_seltype = "postfix_etc_t" } - default: { $postfix_seltype = undef } - } - } - - default: { - $postfix_seltype = undef - } - } - + include ::postfix case $source { false: { file {"${name}": @@ -53,7 +37,7 @@ define postfix::hash ($ensure="present", $source = false) { mode => 600, owner => root, group => root, - seltype => $postfix_seltype, + seltype => $postfix::postfix_seltype, require => Package["postfix"], } } @@ -64,7 +48,7 @@ define postfix::hash ($ensure="present", $source = false) { owner => root, group => root, source => $source, - seltype => $postfix_seltype, + seltype => $postfix::postfix_seltype, require => Package["postfix"], } } @@ -74,7 +58,7 @@ define postfix::hash ($ensure="present", $source = false) { ensure => $ensure, mode => 600, require => [File["${name}"], Exec["generate ${name}.db"]], - seltype => $postfix_seltype, + seltype => $postfix::postfix_seltype, } exec {"generate ${name}.db": diff --git a/manifests/init.pp b/manifests/init.pp index 63a50b9..6d16efc 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -18,10 +18,10 @@ class postfix { # selinux labels differ from one distribution to another - case $operatingsystem { + case $::operatingsystem { RedHat, CentOS: { - case $lsbmajdistrelease { + case $::lsbmajdistrelease { "4": { $postfix_seltype = "etc_t" } "5": { $postfix_seltype = "postfix_etc_t" } default: { $postfix_seltype = undef } @@ -93,7 +93,7 @@ class postfix { ensure => installed } - if $operatingsystem == 'debian' { + if $::operatingsystem == 'debian' { Package[mailx] { name => 'bsd-mailx' } } @@ -131,10 +131,10 @@ class postfix { owner => "root", group => "root", mode => "0644", - content => $operatingsystem ? { + content => $::operatingsystem ? { Redhat => template("postfix/master.cf.redhat5.erb"), CentOS => template("postfix/master.cf.redhat5.erb"), - Debian => template("postfix/master.cf.debian-$lsbdistcodename.erb"), + Debian => template("postfix/master.cf.debian-${::lsbdistcodename}.erb"), Ubuntu => template("postfix/master.cf.debian-etch.erb"), }, seltype => $postfix_seltype, @@ -162,7 +162,7 @@ class postfix { "inet_interfaces": value => "${postfix_inet_interfaces}"; } - case $operatingsystem { + case $::operatingsystem { RedHat, CentOS: { postfix::config { "sendmail_path": value => "/usr/sbin/sendmail.postfix"; diff --git a/manifests/satellite.pp b/manifests/satellite.pp index cb92a9f..99904dd 100644 --- a/manifests/satellite.pp +++ b/manifests/satellite.pp @@ -25,7 +25,7 @@ class postfix::satellite { # If $valid_fqdn exists, use it to override $fqdn case $valid_fqdn { - "": { $valid_fqdn = $fqdn } + "": { $valid_fqdn = $::fqdn } default: { $fqdn = "${valid_fqdn}" } } -- cgit v1.2.3 From 985ec1fe0aee848b3d45e9f8accf6ff156b3af25 Mon Sep 17 00:00:00 2001 From: intrigeri Date: Sun, 30 Dec 2012 15:43:06 +0100 Subject: Use the concat module instead of the concatenated_file defined (Closes: #4074) --- README | 25 ++++++++++++++++ manifests/header_checks.pp | 61 +++++++++++--------------------------- manifests/header_checks_snippet.pp | 15 ++++------ manifests/tlspolicy.pp | 47 +++++++++++------------------ manifests/tlspolicy_snippet.pp | 7 ++--- 5 files changed, 68 insertions(+), 87 deletions(-) diff --git a/README b/README index 1e32a45..b085c06 100644 --- a/README +++ b/README @@ -4,6 +4,10 @@ This module will help install and configure postfix. A couple of classes will preconfigure postfix for common needs. +This module needs: + +- the concat module: git://labs.riseup.net/shared-concat + Config ------ - set $postfix_use_amavisd="yes" to include postfix::amavis @@ -28,3 +32,24 @@ Config postfix::config { "relay_domains": value => "localhost host.foo.com" } +Deprecation notice +------------------ + +It used to be that one could drop header checks snippets into the +following source directories: + + "puppet:///modules/site-postfix/${fqdn}/header_checks.d" + "puppet:///modules/site-postfix/header_checks.d" + "puppet:///files/etc/postfix/header_checks.d" + "puppet:///modules/postfix/header_checks.d" + +... and TLS policy snippets into those: + + "puppet:///modules/site-postfix/${fqdn}/tls_policy.d" + "puppet:///modules/site-postfix/tls_policy.d" + "puppet:///modules/postfix/tls_policy.d" + +This is not supported anymore. + +Every such snippet much now be configured using the (respectively) +postfix::header_checks_snippet and postfix::tlspolicy_snippet defines. diff --git a/manifests/header_checks.pp b/manifests/header_checks.pp index 071f6b0..5b0c3c8 100644 --- a/manifests/header_checks.pp +++ b/manifests/header_checks.pp @@ -1,57 +1,32 @@ # # == Class: postfix::header_checks # -# Manages Postfix header_checks by merging snippets shipped: -# - in the module's files/header_checks.d/ or puppet:///files/etc/postfix/header_checks.d -# (the latter takes precedence if present); site-postfix module is supported -# as well, see the source argument of file {"$postfix_header_checks_snippets_dir" -# bellow for details. -# - via postfix::header_checks_snippet defines +# Manages Postfix header_checks by merging snippets configured +# via postfix::header_checks_snippet defines # -# Example usage: -# -# node "toto.example.com" { -# $postfix_manage_header_checks = yes -# include postfix -# } +# Note that this class is useless when used directly. +# The postfix::header_checks_snippet defines takes care of importing +# it anyway. # class postfix::header_checks { - include common::moduledir - module_dir{'postfix/header_checks': } - - $postfix_header_checks_dir = "${common::moduledir::module_dir_path}/postfix/header_checks" - $postfix_header_checks_snippets_dir = "${postfix_header_checks_dir}/header_checks.d" - $postfix_merged_header_checks = "${postfix_header_checks_dir}/merged_header_checks" - - file {"$postfix_header_checks_snippets_dir": - ensure => 'directory', - owner => 'root', - group => '0', - mode => '700', - source => [ - "puppet:///modules/site-postfix/${fqdn}/header_checks.d", - "puppet:///modules/site-postfix/header_checks.d", - "puppet:///files/etc/postfix/header_checks.d", - "puppet:///modules/postfix/header_checks.d", - ], - recurse => true, - purge => false, - } - - concatenated_file { "$postfix_merged_header_checks": - dir => "${postfix_header_checks_snippets_dir}", - require => File["$postfix_header_checks_snippets_dir"], - } - - config_file { '/etc/postfix/header_checks': - source => "$postfix_merged_header_checks", - subscribe => File["$postfix_merged_header_checks"], + concat { '/etc/postfix/header_checks': + owner => root, + group => root, + mode => '0600', } postfix::config { "header_checks": value => 'regexp:/etc/postfix/header_checks', - require => File['/etc/postfix/header_checks'], + require => Concat['/etc/postfix/header_checks'], + } + + # Cleanup previous implementation's internal files + include common::moduledir + file { "${common::moduledir::module_dir_path}/postfix/header_checks": + ensure => absent, + recurse => true, + force => true, } } diff --git a/manifests/header_checks_snippet.pp b/manifests/header_checks_snippet.pp index 454d219..6ffdad8 100644 --- a/manifests/header_checks_snippet.pp +++ b/manifests/header_checks_snippet.pp @@ -43,23 +43,20 @@ define postfix::header_checks_snippet ( include postfix::header_checks - $snippetfile = "${postfix::header_checks::postfix_header_checks_snippets_dir}/${name}" - - file { "$snippetfile": + $fragment = "postfix_header_checks_${name}" + + concat::fragment { "$fragment": ensure => "$ensure", - mode => 600, - owner => root, - group => 0, - notify => Exec["concat_${postfix::header_checks::postfix_merged_header_checks}"], + target => '/etc/postfix/header_checks', } if $source { - File["$snippetfile"] { + Concat::Fragment["$fragment"] { source => $source, } } else { - File["$snippetfile"] { + Concat::Fragment["$fragment"] { content => $content, } } diff --git a/manifests/tlspolicy.pp b/manifests/tlspolicy.pp index 633c380..fb7020d 100644 --- a/manifests/tlspolicy.pp +++ b/manifests/tlspolicy.pp @@ -1,22 +1,15 @@ # # == Class: postfix::tlspolicy # -# Manages Postfix TLS policy by merging policy snippets shipped: -# - in the module's files/tls_policy.d/ or puppet:///files/etc/postfix/tls_policy.d -# (the latter takes precedence if present); site-postfix module is supported -# as well, see the source argument of file {"$postfix_tlspolicy_snippets_dir" -# bellow for details. -# - via postfix::tlspolicy_snippet defines +# Manages Postfix TLS policy by merging policy snippets configured +# via postfix::tlspolicy_snippet defines # # Parameters: # - $postfix_tls_fingerprint_digest (defaults to sha1) # -# Example usage: -# -# node "toto.example.com" { -# $postfix_manage_tls_policy = yes -# include postfix -# } +# Note that this class is useless when used directly. +# The postfix::tlspolicy_snippet defines takes care of importing +# it anyway. # class postfix::tlspolicy { @@ -29,26 +22,13 @@ class postfix::tlspolicy { module_dir{'postfix/tls_policy': } $postfix_tlspolicy_dir = "${common::moduledir::module_dir_path}/postfix/tls_policy" - $postfix_tlspolicy_snippets_dir = "${postfix_tlspolicy_dir}/tls_policy.d" $postfix_merged_tlspolicy = "${postfix_tlspolicy_dir}/merged_tls_policy" - file {"$postfix_tlspolicy_snippets_dir": - ensure => 'directory', - owner => 'root', - group => '0', - mode => '700', - source => [ - "puppet:///modules/site-postfix/${fqdn}/tls_policy.d", - "puppet:///modules/site-postfix/tls_policy.d", - "puppet:///modules/postfix/tls_policy.d", - ], - recurse => true, - purge => false, - } - - concatenated_file { "$postfix_merged_tlspolicy": - dir => "${postfix_tlspolicy_snippets_dir}", - require => File["$postfix_tlspolicy_snippets_dir"], + concat { "$postfix_merged_tlspolicy": + require => File[$postfix_tlspolicy_dir], + owner => root, + group => root, + mode => '0600', } postfix::hash { '/etc/postfix/tls_policy': @@ -68,4 +48,11 @@ class postfix::tlspolicy { ], } + # Cleanup previous implementation's internal files + file { "${postfix_tlspolicy_dir}/tls_policy.d": + ensure => absent, + recurse => true, + force => true, + } + } diff --git a/manifests/tlspolicy_snippet.pp b/manifests/tlspolicy_snippet.pp index 2596dbc..8f1c376 100644 --- a/manifests/tlspolicy_snippet.pp +++ b/manifests/tlspolicy_snippet.pp @@ -35,13 +35,10 @@ define postfix::tlspolicy_snippet ($ensure="present", $value = false) { fail("The value parameter must be set when using the postfix::tlspolicy_snippet define with ensure=present.") } - file { "${postfix::tlspolicy::postfix_tlspolicy_snippets_dir}/${name}": + concat::fragment { "postfix_tlspolicy_${name}": ensure => "$ensure", content => "${name} ${value}\n", - mode => 600, - owner => root, - group => 0, - notify => Exec["concat_${postfix::tlspolicy::postfix_merged_tlspolicy}"], + target => "$postfix::tlspolicy::postfix_merged_tlspolicy", } } -- cgit v1.2.3 From fa6c3e659d07d9943514fa3857d3f5daeb170834 Mon Sep 17 00:00:00 2001 From: intrigeri Date: Sun, 30 Dec 2012 15:44:10 +0100 Subject: Fix wrong define and directory name in documentation. --- manifests/header_checks_snippet.pp | 2 +- manifests/tlspolicy_snippet.pp | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/manifests/header_checks_snippet.pp b/manifests/header_checks_snippet.pp index 6ffdad8..630ed2f 100644 --- a/manifests/header_checks_snippet.pp +++ b/manifests/header_checks_snippet.pp @@ -15,7 +15,7 @@ Example usage: node "toto.example.com" { include postfix - postfix::header_checks { + postfix::header_checks_snippet { 'wrong_date': content => 'FIXME'; 'bla': source => 'puppet:///files/etc/postfix/header_checks.d/bla'; } diff --git a/manifests/tlspolicy_snippet.pp b/manifests/tlspolicy_snippet.pp index 8f1c376..64c3e5e 100644 --- a/manifests/tlspolicy_snippet.pp +++ b/manifests/tlspolicy_snippet.pp @@ -1,7 +1,7 @@ /* == Definition: postfix::tlspolicy_snippet -Adds a TLS policy snippets to /etc/postfix/tls_policy.d/. +Adds a TLS policy snippets to /etc/postfix/tls_policy. See the postfix::tlspolicy class for details. Parameters: -- cgit v1.2.3 From da8b03fcb0c51ff7b2305d8f80b678afc0830d67 Mon Sep 17 00:00:00 2001 From: intrigeri Date: Sun, 30 Dec 2012 15:45:05 +0100 Subject: Remove useless copy/pasted check. This define has no $value parameter, so this check does not make any sense. --- manifests/header_checks_snippet.pp | 4 ---- 1 file changed, 4 deletions(-) diff --git a/manifests/header_checks_snippet.pp b/manifests/header_checks_snippet.pp index 630ed2f..91d7501 100644 --- a/manifests/header_checks_snippet.pp +++ b/manifests/header_checks_snippet.pp @@ -37,10 +37,6 @@ define postfix::header_checks_snippet ( fail("Only one of \$source or \$content must specified for postfix::header_checks_snippet ${name}") } - if ($value == false) and ($ensure == "present") { - fail("The value parameter must be set when using the postfix::header_checks_snippet define with ensure=present.") - } - include postfix::header_checks $fragment = "postfix_header_checks_${name}" -- cgit v1.2.3 From 881a59ac62684028a7f4cb358e3592efc3ae99a9 Mon Sep 17 00:00:00 2001 From: intrigeri Date: Sun, 30 Dec 2012 15:45:45 +0100 Subject: Move external class inclusion after sanity checks. --- manifests/tlspolicy_snippet.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifests/tlspolicy_snippet.pp b/manifests/tlspolicy_snippet.pp index 64c3e5e..701528b 100644 --- a/manifests/tlspolicy_snippet.pp +++ b/manifests/tlspolicy_snippet.pp @@ -29,12 +29,12 @@ Example usage: define postfix::tlspolicy_snippet ($ensure="present", $value = false) { - include postfix::tlspolicy - if ($value == false) and ($ensure == "present") { fail("The value parameter must be set when using the postfix::tlspolicy_snippet define with ensure=present.") } + include postfix::tlspolicy + concat::fragment { "postfix_tlspolicy_${name}": ensure => "$ensure", content => "${name} ${value}\n", -- cgit v1.2.3