From 5ca80e638abb6735f554028b6d1b30f72acedac5 Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Thu, 19 Dec 2019 11:15:41 +0100 Subject: [PATCH] Force a postfix restart after a configuration change without waiting for the handlers to kick in. Add 'compatibility_level=2' on Ubuntu 18.04. --- .../tasks/smtp-common-packages.yml | 26 +++++++++++++------ .../roles/postfix-relay/templates/main.cf.j2 | 9 ++++++- 2 files changed, 26 insertions(+), 9 deletions(-) diff --git a/library/roles/postfix-relay/tasks/smtp-common-packages.yml b/library/roles/postfix-relay/tasks/smtp-common-packages.yml index f5b186cf..17cfb103 100644 --- a/library/roles/postfix-relay/tasks/smtp-common-packages.yml +++ b/library/roles/postfix-relay/tasks/smtp-common-packages.yml @@ -14,21 +14,31 @@ - name: Write the postfix main configuration file template: src=main.cf.j2 dest=/etc/postfix/main.cf owner=root group=root mode=0444 - notify: Restart postfix + register: postfix_main_restart_needed - name: Activate the submission port on the postfix master file template: src=postfix-master.cf.j2 dest=/etc/postfix/master.cf owner=root group=root mode=0444 - notify: Restart postfix + register: postfix_master_restart_needed + when: postfix_install_packages | bool + tags: postfix-relay + +- block: - name: Ensure that postfix is started and enabled service: name=postfix state=started enabled=yes - when: postfix_enabled + when: postfix_enabled | bool - name: Ensure that postfix is stopped and disabled service: name=postfix state=stopped enabled=no - when: not postfix_enabled + when: not postfix_enabled | bool - when: postfix_install_packages + - name: Restart postfix + service: name=postfix state=restarted + when: ( postfix_main_restart_needed is changed ) or ( postfix_master_restart_needed is changed ) + + when: + - postfix_install_packages | bool + - postfix_enabled | bool tags: postfix-relay - block: @@ -41,8 +51,8 @@ notify: Reload NRPE server when: - - postfix_install_packages - - postfix_nagios_check + - postfix_install_packages | bool + - postfix_nagios_check | bool tags: [ 'postfix-relay', 'nagios', 'nrpe' ] - block: @@ -54,5 +64,5 @@ yum: pkg={{ postfix_relay_rh_pkgs }} state=absent when: ansible_distribution_file_variety == "RedHat" - when: not postfix_install_packages + when: not postfix_install_packages | bool tags: postfix-relay diff --git a/library/roles/postfix-relay/templates/main.cf.j2 b/library/roles/postfix-relay/templates/main.cf.j2 index 1f254efc..9e7a09b9 100644 --- a/library/roles/postfix-relay/templates/main.cf.j2 +++ b/library/roles/postfix-relay/templates/main.cf.j2 @@ -63,10 +63,12 @@ smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd smtp_sasl_security_options = {{ postfix_smtp_sasl_security_options }} smtp_sasl_tls_security_options = {{ postfix_smtp_sasl_tls_security_options }} smtp_sasl_mechanism_filter = {{ postfix_smtp_sasl_mechanism_filter }} -{% if ansible_distribution_major_version >= '18' %} +{% if ansible_distribution_file_variety == "Debian" %} +{% if ansible_distribution_version is version_compare('18.04', '>=') %} smtpd_relay_restrictions = permit_mynetworks, defer_unauth_destination {% endif %} {% endif %} +{% endif %} {% if postfix_relay_server %} smtpd_sasl_path = smtpd smtpd_sasl_auth_enable = yes @@ -92,3 +94,8 @@ smtpd_sender_restrictions = reject_unknown_sender_domain # authenticated clients may specify any destination domain. smtpd_relay_restrictions = permit_sasl_authenticated, reject {% endif %} +{% if ansible_distribution_file_variety == "Debian" %} +{% if ansible_distribution_version is version_compare('18.04', '>=') %} +compatibility_level=2 +{% endif %} +{% endif %}