Adapt the postfix role so that it can be used on both debian and RH based distributions.

2019-03-21 19:37:35 +01:00 · 2019-03-21 19:37:35 +01:00 · 426c10d3f5
parent 233b198412
commit 426c10d3f5
4 changed files with 59 additions and 36 deletions
--- a/postfix-relay/defaults/main.yml
+++ b/postfix-relay/defaults/main.yml
@ -1,6 +1,17 @@
 ---
 postfix_enabled: True
 postfix_install_packages: True
+
+postfix_relay_rh_pkgs:
+  - postfix
+  - cyrus-sasl-lib
+  - cyrus-sasl-plain
+  - cyrus-sasl-md5
+
+postfix_relay_deb_pkgs:
+  - postfix
+  - libsasl2-2
+
 # Set it to true when you want configure your machine to send email to a relay
 postfix_relay_client: False
 postfix_biff: "no"
@ -15,6 +26,11 @@ postfix_smtp_tls_security_level: encrypt
 postfix_use_sasl_auth: True
 postfix_smtp_sasl_auth_enable: "yes"
 postfix_smtp_create_relay_user: True
+# Options: noanonymous, noplaintext
+postfix_smtp_sasl_security_options: noanonymous
+postfix_smtp_sasl_tls_security_options: '{{ postfix_smtp_sasl_security_options }}'
+postfix_smtp_sasl_mechanism_filter: plain, login
+
 # Set it in the local rules
 #postfix_relay_host: smtp-relay.example.com
 postfix_relay_port: 587
--- a/postfix-relay/meta/main.yml
+++ b/postfix-relay/meta/main.yml
@ -1,3 +1,3 @@
 ---
-dependencies:
-  - { role: '../../library/roles/nagios', when: nagios_enabled is defined and nagios_enabled }
+#dependencies:
+#  - { role: '../../library/roles/nagios', when: nagios_enabled is defined and nagios_enabled }
--- a/postfix-relay/tasks/smtp-common-packages.yml
+++ b/postfix-relay/tasks/smtp-common-packages.yml
@ -1,11 +1,16 @@
 ---
 - block:
+    - name: Install postfix and libsas to do mail relay on deb systems
+      apt: pkg={{ postfix_relay_deb_pkgs }} state=present update_cache=yes cache_valid_time=1800
+      when: ansible_distribution_file_variety == "Debian"

-    - name: Install postfix and libsas to do mail relay
-      action: apt pkg={{ item }} state=present update_cache=yes cache_valid_time=1800
-      with_items:
-        - postfix
-        - libsasl2-2
+    - name: Install postfix and libsas to do mail relay on RH systems
+      yum: pkg={{ postfix_relay_rh_pkgs }} state=present
+      when: ansible_distribution_file_variety == "RedHat"
+
+    - name: Remove the ssmtp package on RH systems
+      yum: pkg=ssmtp state=absent
+      when: ansible_distribution_file_variety == "RedHat"

    - name: Write the postfix main configuration file
      template: src=main.cf.j2 dest=/etc/postfix/main.cf owner=root group=root mode=0444
@ -15,18 +20,6 @@
      template: src=postfix-master.cf.j2 dest=/etc/postfix/master.cf owner=root group=root mode=0444
      notify: Restart postfix

-    - name: Install the postfix NRPE nagios check
-      copy: src={{ item }} dest={{ nagios_plugins_dir }}/{{ item }}  owner=root group=nagios mode=0555
-      with_items: '{{ postfix_nagios_checks }}'
-      when: postfix_nagios_check
-      tags: [ 'postfix-relay', 'nagios', 'nrpe' ]
-
-    - name: Install the postfix NRPE command configuration
-      template: src=postfix-nrpe.cfg.j2 dest={{ nrpe_include_dir }}/postfix-nrpe.cfg  owner=root group=root mode=0444
-      notify: Reload NRPE server
-      when: postfix_nagios_check
-      tags: [ 'postfix-relay', 'nagios', 'nrpe' ]
-
    - name: Ensure that postfix is started and enabled
      service: name=postfix state=started enabled=yes
      when: postfix_enabled
@ -39,12 +32,27 @@
  tags: postfix-relay 

 - block:
+    - name: Install the postfix NRPE nagios check
+      copy: src={{ item }} dest={{ nagios_plugins_dir }}/{{ item }}  owner=root group=nagios mode=0555
+      with_items: '{{ postfix_nagios_checks }}'

-    - name: Remove postfix and libsas
-      action: apt pkg={{ item }} state=absent
-      with_items:
-        - postfix
-        - libsasl2-2
+    - name: Install the postfix NRPE command configuration
+      template: src=postfix-nrpe.cfg.j2 dest={{ nrpe_include_dir }}/postfix-nrpe.cfg  owner=root group=root mode=0444
+      notify: Reload NRPE server
+
+  when:
+    - postfix_install_packages
+    - postfix_nagios_check
+  tags: [ 'postfix-relay', 'nagios', 'nrpe' ]
+
+- block:
+    - name: Remove postfix and libsas on deb systems
+      action: apt pkg={{ postfix_relay_deb_pkgs }} state=absent
+      when: ansible_distribution_file_variety == "Debian"
+
+    - name: Remove postfix and libsas to do mail relay on RH systems
+      yum: pkg={{ postfix_relay_rh_pkgs }} state=absent
+      when: ansible_distribution_file_variety == "RedHat"

  when: not postfix_install_packages
  tags: postfix-relay 
--- a/postfix-relay/templates/main.cf.j2
+++ b/postfix-relay/templates/main.cf.j2
@ -1,8 +1,3 @@
-# Debian specific:  Specifying a file name will cause the first
-# line of that file to be used as the name.  The Debian default
-# is /etc/mailname.
-#myorigin = /etc/mailname
-
 smtpd_banner = $myhostname ESMTP $mail_name
 biff = {{ postfix_biff }}

@ -45,14 +40,18 @@ smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
 myhostname = {{ ansible_fqdn }}
 alias_maps = hash:/etc/aliases
 alias_database = hash:/etc/aliases
-myorigin = /etc/mailname
+{% if domain_name is defined %}
+myorigin = {{ domain_name }}
+{% else %}
+myorigin = {{ ansible_fqdn }}
+{% endif %}
 mydestination = {{ ansible_fqdn }}, localhost
 {% if postfix_use_relay_host %}
 relayhost = {{ postfix_relay_host }}:{{ postfix_relay_port }}
 {% endif %}
 {% if not postfix_relay_server %}
 mynetworks = 127.0.0.1
-inet_interfaces = localhost, ip6-localhost
+inet_interfaces = localhost
 inet_protocols = ipv4
 {% endif %}
 mailbox_size_limit = 0
@ -61,15 +60,15 @@ default_destination_concurrency_limit = {{ postfix_default_destination_concurren
 {% if postfix_use_sasl_auth %}
 smtp_sasl_auth_enable= {{ postfix_smtp_sasl_auth_enable }}
 smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
-smtp_sasl_security_options = noanonymous
-smtp_sasl_tls_security_options = noanonymous
-smtp_sasl_mechanism_filter = plain, login
+smtp_sasl_security_options = {{ postfix_smtp_sasl_security_options }}
+smtp_sasl_tls_security_options = {{ postfix_smtp_sasl_tls_security_options }}
+smtp_sasl_mechanism_filter = {{ postfix_smtp_sasl_mechanism_filter }}
 {% endif %}
 {% if postfix_relay_server %}
 smtpd_sasl_path = smtpd
 smtpd_sasl_auth_enable = yes
-smtpd_sasl_security_options = noanonymous
-smtpd_sasl_tls_security_options = noanonymous
+smtpd_sasl_security_options = {{ postfix_smtp_sasl_security_options }}
+smtpd_sasl_tls_security_options = {{ postfix_smtp_sasl_tls_security_options }}
 smtpd_helo_required = yes
 mynetworks = {{ postfix_mynetworks }}
 inet_interfaces = {{ postfix_interfaces }}