diff options
-rw-r--r-- | README | 25 | ||||
-rw-r--r-- | manifests/header_checks.pp | 61 | ||||
-rw-r--r-- | manifests/header_checks_snippet.pp | 15 | ||||
-rw-r--r-- | manifests/tlspolicy.pp | 47 | ||||
-rw-r--r-- | manifests/tlspolicy_snippet.pp | 7 |
5 files changed, 68 insertions, 87 deletions
@@ -4,6 +4,10 @@ This module will help install and configure postfix. A couple of classes will preconfigure postfix for common needs. +This module needs: + +- the concat module: git://labs.riseup.net/shared-concat + Config ------ - set $postfix_use_amavisd="yes" to include postfix::amavis @@ -28,3 +32,24 @@ Config postfix::config { "relay_domains": value => "localhost host.foo.com" } +Deprecation notice +------------------ + +It used to be that one could drop header checks snippets into the +following source directories: + + "puppet:///modules/site-postfix/${fqdn}/header_checks.d" + "puppet:///modules/site-postfix/header_checks.d" + "puppet:///files/etc/postfix/header_checks.d" + "puppet:///modules/postfix/header_checks.d" + +... and TLS policy snippets into those: + + "puppet:///modules/site-postfix/${fqdn}/tls_policy.d" + "puppet:///modules/site-postfix/tls_policy.d" + "puppet:///modules/postfix/tls_policy.d" + +This is not supported anymore. + +Every such snippet much now be configured using the (respectively) +postfix::header_checks_snippet and postfix::tlspolicy_snippet defines. diff --git a/manifests/header_checks.pp b/manifests/header_checks.pp index 071f6b0..5b0c3c8 100644 --- a/manifests/header_checks.pp +++ b/manifests/header_checks.pp @@ -1,57 +1,32 @@ # # == Class: postfix::header_checks # -# Manages Postfix header_checks by merging snippets shipped: -# - in the module's files/header_checks.d/ or puppet:///files/etc/postfix/header_checks.d -# (the latter takes precedence if present); site-postfix module is supported -# as well, see the source argument of file {"$postfix_header_checks_snippets_dir" -# bellow for details. -# - via postfix::header_checks_snippet defines +# Manages Postfix header_checks by merging snippets configured +# via postfix::header_checks_snippet defines # -# Example usage: -# -# node "toto.example.com" { -# $postfix_manage_header_checks = yes -# include postfix -# } +# Note that this class is useless when used directly. +# The postfix::header_checks_snippet defines takes care of importing +# it anyway. # class postfix::header_checks { - include common::moduledir - module_dir{'postfix/header_checks': } - - $postfix_header_checks_dir = "${common::moduledir::module_dir_path}/postfix/header_checks" - $postfix_header_checks_snippets_dir = "${postfix_header_checks_dir}/header_checks.d" - $postfix_merged_header_checks = "${postfix_header_checks_dir}/merged_header_checks" - - file {"$postfix_header_checks_snippets_dir": - ensure => 'directory', - owner => 'root', - group => '0', - mode => '700', - source => [ - "puppet:///modules/site-postfix/${fqdn}/header_checks.d", - "puppet:///modules/site-postfix/header_checks.d", - "puppet:///files/etc/postfix/header_checks.d", - "puppet:///modules/postfix/header_checks.d", - ], - recurse => true, - purge => false, - } - - concatenated_file { "$postfix_merged_header_checks": - dir => "${postfix_header_checks_snippets_dir}", - require => File["$postfix_header_checks_snippets_dir"], - } - - config_file { '/etc/postfix/header_checks': - source => "$postfix_merged_header_checks", - subscribe => File["$postfix_merged_header_checks"], + concat { '/etc/postfix/header_checks': + owner => root, + group => root, + mode => '0600', } postfix::config { "header_checks": value => 'regexp:/etc/postfix/header_checks', - require => File['/etc/postfix/header_checks'], + require => Concat['/etc/postfix/header_checks'], + } + + # Cleanup previous implementation's internal files + include common::moduledir + file { "${common::moduledir::module_dir_path}/postfix/header_checks": + ensure => absent, + recurse => true, + force => true, } } diff --git a/manifests/header_checks_snippet.pp b/manifests/header_checks_snippet.pp index 454d219..6ffdad8 100644 --- a/manifests/header_checks_snippet.pp +++ b/manifests/header_checks_snippet.pp @@ -43,23 +43,20 @@ define postfix::header_checks_snippet ( include postfix::header_checks - $snippetfile = "${postfix::header_checks::postfix_header_checks_snippets_dir}/${name}" - - file { "$snippetfile": + $fragment = "postfix_header_checks_${name}" + + concat::fragment { "$fragment": ensure => "$ensure", - mode => 600, - owner => root, - group => 0, - notify => Exec["concat_${postfix::header_checks::postfix_merged_header_checks}"], + target => '/etc/postfix/header_checks', } if $source { - File["$snippetfile"] { + Concat::Fragment["$fragment"] { source => $source, } } else { - File["$snippetfile"] { + Concat::Fragment["$fragment"] { content => $content, } } diff --git a/manifests/tlspolicy.pp b/manifests/tlspolicy.pp index 633c380..fb7020d 100644 --- a/manifests/tlspolicy.pp +++ b/manifests/tlspolicy.pp @@ -1,22 +1,15 @@ # # == Class: postfix::tlspolicy # -# Manages Postfix TLS policy by merging policy snippets shipped: -# - in the module's files/tls_policy.d/ or puppet:///files/etc/postfix/tls_policy.d -# (the latter takes precedence if present); site-postfix module is supported -# as well, see the source argument of file {"$postfix_tlspolicy_snippets_dir" -# bellow for details. -# - via postfix::tlspolicy_snippet defines +# Manages Postfix TLS policy by merging policy snippets configured +# via postfix::tlspolicy_snippet defines # # Parameters: # - $postfix_tls_fingerprint_digest (defaults to sha1) # -# Example usage: -# -# node "toto.example.com" { -# $postfix_manage_tls_policy = yes -# include postfix -# } +# Note that this class is useless when used directly. +# The postfix::tlspolicy_snippet defines takes care of importing +# it anyway. # class postfix::tlspolicy { @@ -29,26 +22,13 @@ class postfix::tlspolicy { module_dir{'postfix/tls_policy': } $postfix_tlspolicy_dir = "${common::moduledir::module_dir_path}/postfix/tls_policy" - $postfix_tlspolicy_snippets_dir = "${postfix_tlspolicy_dir}/tls_policy.d" $postfix_merged_tlspolicy = "${postfix_tlspolicy_dir}/merged_tls_policy" - file {"$postfix_tlspolicy_snippets_dir": - ensure => 'directory', - owner => 'root', - group => '0', - mode => '700', - source => [ - "puppet:///modules/site-postfix/${fqdn}/tls_policy.d", - "puppet:///modules/site-postfix/tls_policy.d", - "puppet:///modules/postfix/tls_policy.d", - ], - recurse => true, - purge => false, - } - - concatenated_file { "$postfix_merged_tlspolicy": - dir => "${postfix_tlspolicy_snippets_dir}", - require => File["$postfix_tlspolicy_snippets_dir"], + concat { "$postfix_merged_tlspolicy": + require => File[$postfix_tlspolicy_dir], + owner => root, + group => root, + mode => '0600', } postfix::hash { '/etc/postfix/tls_policy': @@ -68,4 +48,11 @@ class postfix::tlspolicy { ], } + # Cleanup previous implementation's internal files + file { "${postfix_tlspolicy_dir}/tls_policy.d": + ensure => absent, + recurse => true, + force => true, + } + } diff --git a/manifests/tlspolicy_snippet.pp b/manifests/tlspolicy_snippet.pp index 2596dbc..8f1c376 100644 --- a/manifests/tlspolicy_snippet.pp +++ b/manifests/tlspolicy_snippet.pp @@ -35,13 +35,10 @@ define postfix::tlspolicy_snippet ($ensure="present", $value = false) { fail("The value parameter must be set when using the postfix::tlspolicy_snippet define with ensure=present.") } - file { "${postfix::tlspolicy::postfix_tlspolicy_snippets_dir}/${name}": + concat::fragment { "postfix_tlspolicy_${name}": ensure => "$ensure", content => "${name} ${value}\n", - mode => 600, - owner => root, - group => 0, - notify => Exec["concat_${postfix::tlspolicy::postfix_merged_tlspolicy}"], + target => "$postfix::tlspolicy::postfix_merged_tlspolicy", } } |