debfranca
/
ansible-roles
forked from ISTI-ansible-roles/ansible-roles
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Adapt the postfix role so that it can be used on both debian and RH based distributions.

This commit is contained in:
Andrea Dell'Amico 2019-03-21 19:37:35 +01:00
parent 233b198412
commit 426c10d3f5
4 changed files with 59 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
postfix-relay/defaults/main.yml
View File

@ -1,6 +1,17 @@
--- ---
postfix_enabled: True postfix_enabled: True
postfix_install_packages: True postfix_install_packages: True
postfix_relay_rh_pkgs:
- postfix
- cyrus-sasl-lib
- cyrus-sasl-plain
- cyrus-sasl-md5
postfix_relay_deb_pkgs:
- postfix
- libsasl2-2
# Set it to true when you want configure your machine to send email to a relay # Set it to true when you want configure your machine to send email to a relay
postfix_relay_client: False postfix_relay_client: False
postfix_biff: "no" postfix_biff: "no"
@ -15,6 +26,11 @@ postfix_smtp_tls_security_level: encrypt
postfix_use_sasl_auth: True postfix_use_sasl_auth: True
postfix_smtp_sasl_auth_enable: "yes" postfix_smtp_sasl_auth_enable: "yes"
postfix_smtp_create_relay_user: True postfix_smtp_create_relay_user: True
# Options: noanonymous, noplaintext
postfix_smtp_sasl_security_options: noanonymous
postfix_smtp_sasl_tls_security_options: '{{ postfix_smtp_sasl_security_options }}'
postfix_smtp_sasl_mechanism_filter: plain, login
# Set it in the local rules # Set it in the local rules
#postfix_relay_host: smtp-relay.example.com #postfix_relay_host: smtp-relay.example.com
postfix_relay_port: 587 postfix_relay_port: 587

4
postfix-relay/meta/main.yml
View File

@ -1,3 +1,3 @@
--- ---
dependencies: #dependencies:
- { role: '../../library/roles/nagios', when: nagios_enabled is defined and nagios_enabled } # - { role: '../../library/roles/nagios', when: nagios_enabled is defined and nagios_enabled }

52
postfix-relay/tasks/smtp-common-packages.yml
View File

@ -1,11 +1,16 @@
--- ---
- block: - block:
- name: Install postfix and libsas to do mail relay on deb systems
apt: pkg={{ postfix_relay_deb_pkgs }} state=present update_cache=yes cache_valid_time=1800
when: ansible_distribution_file_variety == "Debian"
- name: Install postfix and libsas to do mail relay - name: Install postfix and libsas to do mail relay on RH systems
action: apt pkg={{ item }} state=present update_cache=yes cache_valid_time=1800 yum: pkg={{ postfix_relay_rh_pkgs }} state=present
with_items: when: ansible_distribution_file_variety == "RedHat"
- postfix
- libsasl2-2 - name: Remove the ssmtp package on RH systems
yum: pkg=ssmtp state=absent
when: ansible_distribution_file_variety == "RedHat"
- name: Write the postfix main configuration file - name: Write the postfix main configuration file
template: src=main.cf.j2 dest=/etc/postfix/main.cf owner=root group=root mode=0444 template: src=main.cf.j2 dest=/etc/postfix/main.cf owner=root group=root mode=0444
@ -15,18 +20,6 @@
template: src=postfix-master.cf.j2 dest=/etc/postfix/master.cf owner=root group=root mode=0444 template: src=postfix-master.cf.j2 dest=/etc/postfix/master.cf owner=root group=root mode=0444
notify: Restart postfix notify: Restart postfix
- name: Install the postfix NRPE nagios check
copy: src={{ item }} dest={{ nagios_plugins_dir }}/{{ item }} owner=root group=nagios mode=0555
with_items: '{{ postfix_nagios_checks }}'
when: postfix_nagios_check
tags: [ 'postfix-relay', 'nagios', 'nrpe' ]
- name: Install the postfix NRPE command configuration
template: src=postfix-nrpe.cfg.j2 dest={{ nrpe_include_dir }}/postfix-nrpe.cfg owner=root group=root mode=0444
notify: Reload NRPE server
when: postfix_nagios_check
tags: [ 'postfix-relay', 'nagios', 'nrpe' ]
- name: Ensure that postfix is started and enabled - name: Ensure that postfix is started and enabled
service: name=postfix state=started enabled=yes service: name=postfix state=started enabled=yes
when: postfix_enabled when: postfix_enabled
@ -39,12 +32,27 @@
tags: postfix-relay tags: postfix-relay
- block: - block:
- name: Install the postfix NRPE nagios check
copy: src={{ item }} dest={{ nagios_plugins_dir }}/{{ item }} owner=root group=nagios mode=0555
with_items: '{{ postfix_nagios_checks }}'
- name: Remove postfix and libsas - name: Install the postfix NRPE command configuration
action: apt pkg={{ item }} state=absent template: src=postfix-nrpe.cfg.j2 dest={{ nrpe_include_dir }}/postfix-nrpe.cfg owner=root group=root mode=0444
with_items: notify: Reload NRPE server
- postfix
- libsasl2-2 when:
- postfix_install_packages
- postfix_nagios_check
tags: [ 'postfix-relay', 'nagios', 'nrpe' ]
- block:
- name: Remove postfix and libsas on deb systems
action: apt pkg={{ postfix_relay_deb_pkgs }} state=absent
when: ansible_distribution_file_variety == "Debian"
- name: Remove postfix and libsas to do mail relay on RH systems
yum: pkg={{ postfix_relay_rh_pkgs }} state=absent
when: ansible_distribution_file_variety == "RedHat"
when: not postfix_install_packages when: not postfix_install_packages
tags: postfix-relay tags: postfix-relay

23
postfix-relay/templates/main.cf.j2
View File

@ -1,8 +1,3 @@
# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname
smtpd_banner = $myhostname ESMTP $mail_name smtpd_banner = $myhostname ESMTP $mail_name
biff = {{ postfix_biff }} biff = {{ postfix_biff }}
@ -45,14 +40,18 @@ smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
myhostname = {{ ansible_fqdn }} myhostname = {{ ansible_fqdn }}
alias_maps = hash:/etc/aliases alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases alias_database = hash:/etc/aliases
myorigin = /etc/mailname {% if domain_name is defined %}
myorigin = {{ domain_name }}
{% else %}
myorigin = {{ ansible_fqdn }}
{% endif %}
mydestination = {{ ansible_fqdn }}, localhost mydestination = {{ ansible_fqdn }}, localhost
{% if postfix_use_relay_host %} {% if postfix_use_relay_host %}
relayhost = {{ postfix_relay_host }}:{{ postfix_relay_port }} relayhost = {{ postfix_relay_host }}:{{ postfix_relay_port }}
{% endif %} {% endif %}
{% if not postfix_relay_server %} {% if not postfix_relay_server %}
mynetworks = 127.0.0.1 mynetworks = 127.0.0.1
inet_interfaces = localhost, ip6-localhost inet_interfaces = localhost
inet_protocols = ipv4 inet_protocols = ipv4
{% endif %} {% endif %}
mailbox_size_limit = 0 mailbox_size_limit = 0
@ -61,15 +60,15 @@ default_destination_concurrency_limit = {{ postfix_default_destination_concurren
{% if postfix_use_sasl_auth %} {% if postfix_use_sasl_auth %}
smtp_sasl_auth_enable= {{ postfix_smtp_sasl_auth_enable }} smtp_sasl_auth_enable= {{ postfix_smtp_sasl_auth_enable }}
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous smtp_sasl_security_options = {{ postfix_smtp_sasl_security_options }}
smtp_sasl_tls_security_options = noanonymous smtp_sasl_tls_security_options = {{ postfix_smtp_sasl_tls_security_options }}
smtp_sasl_mechanism_filter = plain, login smtp_sasl_mechanism_filter = {{ postfix_smtp_sasl_mechanism_filter }}
{% endif %} {% endif %}
{% if postfix_relay_server %} {% if postfix_relay_server %}
smtpd_sasl_path = smtpd smtpd_sasl_path = smtpd
smtpd_sasl_auth_enable = yes smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous smtpd_sasl_security_options = {{ postfix_smtp_sasl_security_options }}
smtpd_sasl_tls_security_options = noanonymous smtpd_sasl_tls_security_options = {{ postfix_smtp_sasl_tls_security_options }}
smtpd_helo_required = yes smtpd_helo_required = yes
mynetworks = {{ postfix_mynetworks }} mynetworks = {{ postfix_mynetworks }}
inet_interfaces = {{ postfix_interfaces }} inet_interfaces = {{ postfix_interfaces }}