opuppet/module-postfix
5
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Merge branch 'master' of ssh://labs.riseup.net/shared-postfix

Browse source 
Conflicts:
	manifests/definitions/header_checks_snippet.pp
	manifests/header_checks.pp
	manifests/header_checks_snippet.pp
	manifests/init.pp
	manifests/tlspolicy.pp
	manifests/virtual_regexp_snippet.pp
This commit is contained in:
Silvio Rhatto 2013-01-21 18:25:46 -02:00
commit 7cc8c05c57
7 changed files with 76 additions and 108 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

25
README
View file

@ -4,6 +4,10 @@ This module will help install and configure postfix.
A couple of classes will preconfigure postfix for common needs. A couple of classes will preconfigure postfix for common needs.
This module needs:
- the concat module: git://labs.riseup.net/shared-concat
Config Config
------ ------
- set $postfix_use_amavisd="yes" to include postfix::amavis - set $postfix_use_amavisd="yes" to include postfix::amavis
@ -32,3 +36,24 @@ Config
postfix::config { "relay_domains": value => "localhost host.foo.com" } postfix::config { "relay_domains": value => "localhost host.foo.com" }
Deprecation notice
------------------
It used to be that one could drop header checks snippets into the
following source directories:
"puppet:///modules/site-postfix/${fqdn}/header_checks.d"
"puppet:///modules/site-postfix/header_checks.d"
"puppet:///files/etc/postfix/header_checks.d"
"puppet:///modules/postfix/header_checks.d"
... and TLS policy snippets into those:
"puppet:///modules/site-postfix/${fqdn}/tls_policy.d"
"puppet:///modules/site-postfix/tls_policy.d"
"puppet:///modules/postfix/tls_policy.d"
This is not supported anymore.
Every such snippet much now be configured using the (respectively)
postfix::header_checks_snippet and postfix::tlspolicy_snippet defines.

24
manifests/hash.pp
View file

@ -29,23 +29,7 @@ Example usage:
*/ */
define postfix::hash ($ensure="present", $source = false) { define postfix::hash ($ensure="present", $source = false) {
include ::postfix
# selinux labels differ from one distribution to another
case $operatingsystem {
RedHat, CentOS: {
case $lsbmajdistrelease {
"4": { $postfix_seltype = "etc_t" }
"5": { $postfix_seltype = "postfix_etc_t" }
default: { $postfix_seltype = undef }
}
}
default: {
$postfix_seltype = undef
}
}
case $source { case $source {
false: { false: {
file {"${name}": file {"${name}":
@ -53,7 +37,7 @@ define postfix::hash ($ensure="present", $source = false) {
mode => 600, mode => 600,
owner => root, owner => root,
group => root, group => root,
seltype => $postfix_seltype, seltype => $postfix::postfix_seltype,
require => Package["postfix"], require => Package["postfix"],
} }
} }
@ -64,7 +48,7 @@ define postfix::hash ($ensure="present", $source = false) {
owner => root, owner => root,
group => root, group => root,
source => $source, source => $source,
seltype => $postfix_seltype, seltype => $postfix::postfix_seltype,
require => Package["postfix"], require => Package["postfix"],
} }
} }
@ -74,7 +58,7 @@ define postfix::hash ($ensure="present", $source = false) {
ensure => $ensure, ensure => $ensure,
mode => 600, mode => 600,
require => [File["${name}"], Exec["generate ${name}.db"]], require => [File["${name}"], Exec["generate ${name}.db"]],
seltype => $postfix_seltype, seltype => $postfix::postfix_seltype,
} }
exec {"generate ${name}.db": exec {"generate ${name}.db":

61
manifests/header_checks.pp
View file

@ -1,57 +1,32 @@
# #
# == Class: postfix::header_checks # == Class: postfix::header_checks
# #
# Manages Postfix header_checks by merging snippets shipped: # Manages Postfix header_checks by merging snippets configured
# - in the module's files/header_checks.d/ or puppet:///files/etc/postfix/header_checks.d # via postfix::header_checks_snippet defines
# (the latter takes precedence if present); site-postfix module is supported
# as well, see the source argument of file {"$postfix_header_checks_snippets_dir"
# bellow for details.
# - via postfix::header_checks_snippet defines
# #
# Example usage: # Note that this class is useless when used directly.
# # The postfix::header_checks_snippet defines takes care of importing
# node "toto.example.com" { # it anyway.
# $postfix_manage_header_checks = yes
# include postfix
# }
# #
class postfix::header_checks { class postfix::header_checks {
include common::moduledir concat { '/etc/postfix/header_checks':
module_dir{'postfix/header_checks': } owner => root,
group => root,
$postfix_header_checks_dir = "${common::moduledir::module_dir_path}/postfix/header_checks" mode => '0600',
$postfix_header_checks_snippets_dir = "${postfix_header_checks_dir}/header_checks.d"
$postfix_merged_header_checks = "${postfix_header_checks_dir}/merged_header_checks"
file {"$postfix_header_checks_snippets_dir":
ensure => 'directory',
owner => 'root',
group => '0',
mode => '700',
source => [
"puppet:///modules/site-postfix/${fqdn}/header_checks.d",
"puppet:///modules/site-postfix/header_checks.d",
"puppet:///files/etc/postfix/header_checks.d",
"puppet:///modules/postfix/header_checks.d",
],
recurse => true,
purge => false,
}
concatenated_file { "$postfix_merged_header_checks":
dir => "${postfix_header_checks_snippets_dir}",
require => File["$postfix_header_checks_snippets_dir"],
}
config_file { '/etc/postfix/header_checks':
source => "$postfix_merged_header_checks",
subscribe => File["$postfix_merged_header_checks"],
} }
postfix::config { "header_checks": postfix::config { "header_checks":
value => 'regexp:/etc/postfix/header_checks', value => 'regexp:/etc/postfix/header_checks',
require => File['/etc/postfix/header_checks'], require => Concat['/etc/postfix/header_checks'],
}
# Cleanup previous implementation's internal files
include common::moduledir
file { "${common::moduledir::module_dir_path}/postfix/header_checks":
ensure => absent,
recurse => true,
force => true,
} }
} }

12
manifests/init.pp
View file

@ -18,10 +18,10 @@
class postfix { class postfix {
# selinux labels differ from one distribution to another # selinux labels differ from one distribution to another
case $operatingsystem { case $::operatingsystem {
RedHat, CentOS: { RedHat, CentOS: {
case $lsbmajdistrelease { case $::lsbmajdistrelease {
"4": { $postfix_seltype = "etc_t" } "4": { $postfix_seltype = "etc_t" }
"5": { $postfix_seltype = "postfix_etc_t" } "5": { $postfix_seltype = "postfix_etc_t" }
default: { $postfix_seltype = undef } default: { $postfix_seltype = undef }
@ -99,7 +99,7 @@ class postfix {
ensure => installed ensure => installed
} }
if $operatingsystem == 'debian' { if $::operatingsystem == 'debian' {
Package[mailx] { name => 'bsd-mailx' } Package[mailx] { name => 'bsd-mailx' }
} }
@ -137,10 +137,10 @@ class postfix {
owner => "root", owner => "root",
group => "root", group => "root",
mode => "0644", mode => "0644",
content => $operatingsystem ? { content => $::operatingsystem ? {
Redhat => template("postfix/master.cf.redhat5.erb"), Redhat => template("postfix/master.cf.redhat5.erb"),
CentOS => template("postfix/master.cf.redhat5.erb"), CentOS => template("postfix/master.cf.redhat5.erb"),
Debian => template("postfix/master.cf.debian-$lsbdistcodename.erb"), Debian => template("postfix/master.cf.debian-${::lsbdistcodename}.erb"),
Ubuntu => template("postfix/master.cf.debian-etch.erb"), Ubuntu => template("postfix/master.cf.debian-etch.erb"),
}, },
seltype => $postfix_seltype, seltype => $postfix_seltype,
@ -168,7 +168,7 @@ class postfix {
"inet_interfaces": value => "${postfix_inet_interfaces}"; "inet_interfaces": value => "${postfix_inet_interfaces}";
} }
case $operatingsystem { case $::operatingsystem {
RedHat, CentOS: { RedHat, CentOS: {
postfix::config { postfix::config {
"sendmail_path": value => "/usr/sbin/sendmail.postfix"; "sendmail_path": value => "/usr/sbin/sendmail.postfix";

2
manifests/satellite.pp
View file

@ -25,7 +25,7 @@ class postfix::satellite {
# If $valid_fqdn exists, use it to override $fqdn # If $valid_fqdn exists, use it to override $fqdn
case $valid_fqdn { case $valid_fqdn {
"": { $valid_fqdn = $fqdn } "": { $valid_fqdn = $::fqdn }
default: { $fqdn = "${valid_fqdn}" } default: { $fqdn = "${valid_fqdn}" }
} }

47
manifests/tlspolicy.pp
View file

@ -1,22 +1,15 @@
# #
# == Class: postfix::tlspolicy # == Class: postfix::tlspolicy
# #
# Manages Postfix TLS policy by merging policy snippets shipped: # Manages Postfix TLS policy by merging policy snippets configured
# - in the module's files/tls_policy.d/ or puppet:///files/etc/postfix/tls_policy.d # via postfix::tlspolicy_snippet defines
# (the latter takes precedence if present); site-postfix module is supported
# as well, see the source argument of file {"$postfix_tlspolicy_snippets_dir"
# bellow for details.
# - via postfix::tlspolicy_snippet defines
# #
# Parameters: # Parameters:
# - $postfix_tls_fingerprint_digest (defaults to sha1) # - $postfix_tls_fingerprint_digest (defaults to sha1)
# #
# Example usage: # Note that this class is useless when used directly.
# # The postfix::tlspolicy_snippet defines takes care of importing
# node "toto.example.com" { # it anyway.
# $postfix_manage_tls_policy = yes
# include postfix
# }
# #
class postfix::tlspolicy { class postfix::tlspolicy {
@ -29,26 +22,13 @@ class postfix::tlspolicy {
module_dir{'postfix/tls_policy': } module_dir{'postfix/tls_policy': }
$postfix_tlspolicy_dir = "${common::moduledir::module_dir_path}/postfix/tls_policy" $postfix_tlspolicy_dir = "${common::moduledir::module_dir_path}/postfix/tls_policy"
$postfix_tlspolicy_snippets_dir = "${postfix_tlspolicy_dir}/tls_policy.d"
$postfix_merged_tlspolicy = "${postfix_tlspolicy_dir}/merged_tls_policy" $postfix_merged_tlspolicy = "${postfix_tlspolicy_dir}/merged_tls_policy"
file {"$postfix_tlspolicy_snippets_dir": concat { "$postfix_merged_tlspolicy":
ensure => 'directory', require => File[$postfix_tlspolicy_dir],
owner => 'root', owner => root,
group => '0', group => root,
mode => '700', mode => '0600',
source => [
"puppet:///modules/site-postfix/${fqdn}/tls_policy.d",
"puppet:///modules/site-postfix/tls_policy.d",
"puppet:///modules/postfix/tls_policy.d",
],
recurse => true,
purge => false,
}
concatenated_file { "$postfix_merged_tlspolicy":
dir => "${postfix_tlspolicy_snippets_dir}",
require => File["$postfix_tlspolicy_snippets_dir"],
} }
postfix::hash { '/etc/postfix/tls_policy': postfix::hash { '/etc/postfix/tls_policy':
@ -68,4 +48,11 @@ class postfix::tlspolicy {
], ],
} }
# Cleanup previous implementation's internal files
file { "${postfix_tlspolicy_dir}/tls_policy.d":
ensure => absent,
recurse => true,
force => true,
}
} }

13
manifests/tlspolicy_snippet.pp
View file

@ -1,7 +1,7 @@
/* /*
== Definition: postfix::tlspolicy_snippet == Definition: postfix::tlspolicy_snippet
Adds a TLS policy snippets to /etc/postfix/tls_policy.d/. Adds a TLS policy snippets to /etc/postfix/tls_policy.
See the postfix::tlspolicy class for details. See the postfix::tlspolicy class for details.
Parameters: Parameters:
@ -29,19 +29,16 @@ Example usage:
define postfix::tlspolicy_snippet ($ensure="present", $value = false) { define postfix::tlspolicy_snippet ($ensure="present", $value = false) {
include postfix::tlspolicy
if ($value == false) and ($ensure == "present") { if ($value == false) and ($ensure == "present") {
fail("The value parameter must be set when using the postfix::tlspolicy_snippet define with ensure=present.") fail("The value parameter must be set when using the postfix::tlspolicy_snippet define with ensure=present.")
} }
file { "${postfix::tlspolicy::postfix_tlspolicy_snippets_dir}/${name}": include postfix::tlspolicy
concat::fragment { "postfix_tlspolicy_${name}":
ensure => "$ensure", ensure => "$ensure",
content => "${name} ${value}\n", content => "${name} ${value}\n",
mode => 600, target => "$postfix::tlspolicy::postfix_merged_tlspolicy",
owner => root,
group => 0,
notify => Exec["concat_${postfix::tlspolicy::postfix_merged_tlspolicy}"],
} }
} }