aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--README25
-rw-r--r--manifests/header_checks.pp61
-rw-r--r--manifests/header_checks_snippet.pp15
-rw-r--r--manifests/tlspolicy.pp47
-rw-r--r--manifests/tlspolicy_snippet.pp7
5 files changed, 68 insertions, 87 deletions
diff --git a/README b/README
index 1e32a45..b085c06 100644
--- a/README
+++ b/README
@@ -4,6 +4,10 @@ This module will help install and configure postfix.
A couple of classes will preconfigure postfix for common needs.
+This module needs:
+
+- the concat module: git://labs.riseup.net/shared-concat
+
Config
------
- set $postfix_use_amavisd="yes" to include postfix::amavis
@@ -28,3 +32,24 @@ Config
postfix::config { "relay_domains": value => "localhost host.foo.com" }
+Deprecation notice
+------------------
+
+It used to be that one could drop header checks snippets into the
+following source directories:
+
+ "puppet:///modules/site-postfix/${fqdn}/header_checks.d"
+ "puppet:///modules/site-postfix/header_checks.d"
+ "puppet:///files/etc/postfix/header_checks.d"
+ "puppet:///modules/postfix/header_checks.d"
+
+... and TLS policy snippets into those:
+
+ "puppet:///modules/site-postfix/${fqdn}/tls_policy.d"
+ "puppet:///modules/site-postfix/tls_policy.d"
+ "puppet:///modules/postfix/tls_policy.d"
+
+This is not supported anymore.
+
+Every such snippet much now be configured using the (respectively)
+postfix::header_checks_snippet and postfix::tlspolicy_snippet defines.
diff --git a/manifests/header_checks.pp b/manifests/header_checks.pp
index 071f6b0..5b0c3c8 100644
--- a/manifests/header_checks.pp
+++ b/manifests/header_checks.pp
@@ -1,57 +1,32 @@
#
# == Class: postfix::header_checks
#
-# Manages Postfix header_checks by merging snippets shipped:
-# - in the module's files/header_checks.d/ or puppet:///files/etc/postfix/header_checks.d
-# (the latter takes precedence if present); site-postfix module is supported
-# as well, see the source argument of file {"$postfix_header_checks_snippets_dir"
-# bellow for details.
-# - via postfix::header_checks_snippet defines
+# Manages Postfix header_checks by merging snippets configured
+# via postfix::header_checks_snippet defines
#
-# Example usage:
-#
-# node "toto.example.com" {
-# $postfix_manage_header_checks = yes
-# include postfix
-# }
+# Note that this class is useless when used directly.
+# The postfix::header_checks_snippet defines takes care of importing
+# it anyway.
#
class postfix::header_checks {
- include common::moduledir
- module_dir{'postfix/header_checks': }
-
- $postfix_header_checks_dir = "${common::moduledir::module_dir_path}/postfix/header_checks"
- $postfix_header_checks_snippets_dir = "${postfix_header_checks_dir}/header_checks.d"
- $postfix_merged_header_checks = "${postfix_header_checks_dir}/merged_header_checks"
-
- file {"$postfix_header_checks_snippets_dir":
- ensure => 'directory',
- owner => 'root',
- group => '0',
- mode => '700',
- source => [
- "puppet:///modules/site-postfix/${fqdn}/header_checks.d",
- "puppet:///modules/site-postfix/header_checks.d",
- "puppet:///files/etc/postfix/header_checks.d",
- "puppet:///modules/postfix/header_checks.d",
- ],
- recurse => true,
- purge => false,
- }
-
- concatenated_file { "$postfix_merged_header_checks":
- dir => "${postfix_header_checks_snippets_dir}",
- require => File["$postfix_header_checks_snippets_dir"],
- }
-
- config_file { '/etc/postfix/header_checks':
- source => "$postfix_merged_header_checks",
- subscribe => File["$postfix_merged_header_checks"],
+ concat { '/etc/postfix/header_checks':
+ owner => root,
+ group => root,
+ mode => '0600',
}
postfix::config { "header_checks":
value => 'regexp:/etc/postfix/header_checks',
- require => File['/etc/postfix/header_checks'],
+ require => Concat['/etc/postfix/header_checks'],
+ }
+
+ # Cleanup previous implementation's internal files
+ include common::moduledir
+ file { "${common::moduledir::module_dir_path}/postfix/header_checks":
+ ensure => absent,
+ recurse => true,
+ force => true,
}
}
diff --git a/manifests/header_checks_snippet.pp b/manifests/header_checks_snippet.pp
index 454d219..6ffdad8 100644
--- a/manifests/header_checks_snippet.pp
+++ b/manifests/header_checks_snippet.pp
@@ -43,23 +43,20 @@ define postfix::header_checks_snippet (
include postfix::header_checks
- $snippetfile = "${postfix::header_checks::postfix_header_checks_snippets_dir}/${name}"
-
- file { "$snippetfile":
+ $fragment = "postfix_header_checks_${name}"
+
+ concat::fragment { "$fragment":
ensure => "$ensure",
- mode => 600,
- owner => root,
- group => 0,
- notify => Exec["concat_${postfix::header_checks::postfix_merged_header_checks}"],
+ target => '/etc/postfix/header_checks',
}
if $source {
- File["$snippetfile"] {
+ Concat::Fragment["$fragment"] {
source => $source,
}
}
else {
- File["$snippetfile"] {
+ Concat::Fragment["$fragment"] {
content => $content,
}
}
diff --git a/manifests/tlspolicy.pp b/manifests/tlspolicy.pp
index 633c380..fb7020d 100644
--- a/manifests/tlspolicy.pp
+++ b/manifests/tlspolicy.pp
@@ -1,22 +1,15 @@
#
# == Class: postfix::tlspolicy
#
-# Manages Postfix TLS policy by merging policy snippets shipped:
-# - in the module's files/tls_policy.d/ or puppet:///files/etc/postfix/tls_policy.d
-# (the latter takes precedence if present); site-postfix module is supported
-# as well, see the source argument of file {"$postfix_tlspolicy_snippets_dir"
-# bellow for details.
-# - via postfix::tlspolicy_snippet defines
+# Manages Postfix TLS policy by merging policy snippets configured
+# via postfix::tlspolicy_snippet defines
#
# Parameters:
# - $postfix_tls_fingerprint_digest (defaults to sha1)
#
-# Example usage:
-#
-# node "toto.example.com" {
-# $postfix_manage_tls_policy = yes
-# include postfix
-# }
+# Note that this class is useless when used directly.
+# The postfix::tlspolicy_snippet defines takes care of importing
+# it anyway.
#
class postfix::tlspolicy {
@@ -29,26 +22,13 @@ class postfix::tlspolicy {
module_dir{'postfix/tls_policy': }
$postfix_tlspolicy_dir = "${common::moduledir::module_dir_path}/postfix/tls_policy"
- $postfix_tlspolicy_snippets_dir = "${postfix_tlspolicy_dir}/tls_policy.d"
$postfix_merged_tlspolicy = "${postfix_tlspolicy_dir}/merged_tls_policy"
- file {"$postfix_tlspolicy_snippets_dir":
- ensure => 'directory',
- owner => 'root',
- group => '0',
- mode => '700',
- source => [
- "puppet:///modules/site-postfix/${fqdn}/tls_policy.d",
- "puppet:///modules/site-postfix/tls_policy.d",
- "puppet:///modules/postfix/tls_policy.d",
- ],
- recurse => true,
- purge => false,
- }
-
- concatenated_file { "$postfix_merged_tlspolicy":
- dir => "${postfix_tlspolicy_snippets_dir}",
- require => File["$postfix_tlspolicy_snippets_dir"],
+ concat { "$postfix_merged_tlspolicy":
+ require => File[$postfix_tlspolicy_dir],
+ owner => root,
+ group => root,
+ mode => '0600',
}
postfix::hash { '/etc/postfix/tls_policy':
@@ -68,4 +48,11 @@ class postfix::tlspolicy {
],
}
+ # Cleanup previous implementation's internal files
+ file { "${postfix_tlspolicy_dir}/tls_policy.d":
+ ensure => absent,
+ recurse => true,
+ force => true,
+ }
+
}
diff --git a/manifests/tlspolicy_snippet.pp b/manifests/tlspolicy_snippet.pp
index 2596dbc..8f1c376 100644
--- a/manifests/tlspolicy_snippet.pp
+++ b/manifests/tlspolicy_snippet.pp
@@ -35,13 +35,10 @@ define postfix::tlspolicy_snippet ($ensure="present", $value = false) {
fail("The value parameter must be set when using the postfix::tlspolicy_snippet define with ensure=present.")
}
- file { "${postfix::tlspolicy::postfix_tlspolicy_snippets_dir}/${name}":
+ concat::fragment { "postfix_tlspolicy_${name}":
ensure => "$ensure",
content => "${name} ${value}\n",
- mode => 600,
- owner => root,
- group => 0,
- notify => Exec["concat_${postfix::tlspolicy::postfix_merged_tlspolicy}"],
+ target => "$postfix::tlspolicy::postfix_merged_tlspolicy",
}
}