aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--README25
-rw-r--r--manifests/hash.pp24
-rw-r--r--manifests/header_checks.pp61
-rw-r--r--manifests/init.pp12
-rw-r--r--manifests/satellite.pp2
-rw-r--r--manifests/tlspolicy.pp47
-rw-r--r--manifests/tlspolicy_snippet.pp13
7 files changed, 76 insertions, 108 deletions
diff --git a/README b/README
index 19771af..b03c4e6 100644
--- a/README
+++ b/README
@@ -4,6 +4,10 @@ This module will help install and configure postfix.
A couple of classes will preconfigure postfix for common needs.
+This module needs:
+
+- the concat module: git://labs.riseup.net/shared-concat
+
Config
------
- set $postfix_use_amavisd="yes" to include postfix::amavis
@@ -32,3 +36,24 @@ Config
postfix::config { "relay_domains": value => "localhost host.foo.com" }
+Deprecation notice
+------------------
+
+It used to be that one could drop header checks snippets into the
+following source directories:
+
+ "puppet:///modules/site-postfix/${fqdn}/header_checks.d"
+ "puppet:///modules/site-postfix/header_checks.d"
+ "puppet:///files/etc/postfix/header_checks.d"
+ "puppet:///modules/postfix/header_checks.d"
+
+... and TLS policy snippets into those:
+
+ "puppet:///modules/site-postfix/${fqdn}/tls_policy.d"
+ "puppet:///modules/site-postfix/tls_policy.d"
+ "puppet:///modules/postfix/tls_policy.d"
+
+This is not supported anymore.
+
+Every such snippet much now be configured using the (respectively)
+postfix::header_checks_snippet and postfix::tlspolicy_snippet defines.
diff --git a/manifests/hash.pp b/manifests/hash.pp
index c8bb7c7..6e2012f 100644
--- a/manifests/hash.pp
+++ b/manifests/hash.pp
@@ -29,23 +29,7 @@ Example usage:
*/
define postfix::hash ($ensure="present", $source = false) {
-
- # selinux labels differ from one distribution to another
- case $operatingsystem {
-
- RedHat, CentOS: {
- case $lsbmajdistrelease {
- "4": { $postfix_seltype = "etc_t" }
- "5": { $postfix_seltype = "postfix_etc_t" }
- default: { $postfix_seltype = undef }
- }
- }
-
- default: {
- $postfix_seltype = undef
- }
- }
-
+ include ::postfix
case $source {
false: {
file {"${name}":
@@ -53,7 +37,7 @@ define postfix::hash ($ensure="present", $source = false) {
mode => 600,
owner => root,
group => root,
- seltype => $postfix_seltype,
+ seltype => $postfix::postfix_seltype,
require => Package["postfix"],
}
}
@@ -64,7 +48,7 @@ define postfix::hash ($ensure="present", $source = false) {
owner => root,
group => root,
source => $source,
- seltype => $postfix_seltype,
+ seltype => $postfix::postfix_seltype,
require => Package["postfix"],
}
}
@@ -74,7 +58,7 @@ define postfix::hash ($ensure="present", $source = false) {
ensure => $ensure,
mode => 600,
require => [File["${name}"], Exec["generate ${name}.db"]],
- seltype => $postfix_seltype,
+ seltype => $postfix::postfix_seltype,
}
exec {"generate ${name}.db":
diff --git a/manifests/header_checks.pp b/manifests/header_checks.pp
index 071f6b0..5b0c3c8 100644
--- a/manifests/header_checks.pp
+++ b/manifests/header_checks.pp
@@ -1,57 +1,32 @@
#
# == Class: postfix::header_checks
#
-# Manages Postfix header_checks by merging snippets shipped:
-# - in the module's files/header_checks.d/ or puppet:///files/etc/postfix/header_checks.d
-# (the latter takes precedence if present); site-postfix module is supported
-# as well, see the source argument of file {"$postfix_header_checks_snippets_dir"
-# bellow for details.
-# - via postfix::header_checks_snippet defines
+# Manages Postfix header_checks by merging snippets configured
+# via postfix::header_checks_snippet defines
#
-# Example usage:
-#
-# node "toto.example.com" {
-# $postfix_manage_header_checks = yes
-# include postfix
-# }
+# Note that this class is useless when used directly.
+# The postfix::header_checks_snippet defines takes care of importing
+# it anyway.
#
class postfix::header_checks {
- include common::moduledir
- module_dir{'postfix/header_checks': }
-
- $postfix_header_checks_dir = "${common::moduledir::module_dir_path}/postfix/header_checks"
- $postfix_header_checks_snippets_dir = "${postfix_header_checks_dir}/header_checks.d"
- $postfix_merged_header_checks = "${postfix_header_checks_dir}/merged_header_checks"
-
- file {"$postfix_header_checks_snippets_dir":
- ensure => 'directory',
- owner => 'root',
- group => '0',
- mode => '700',
- source => [
- "puppet:///modules/site-postfix/${fqdn}/header_checks.d",
- "puppet:///modules/site-postfix/header_checks.d",
- "puppet:///files/etc/postfix/header_checks.d",
- "puppet:///modules/postfix/header_checks.d",
- ],
- recurse => true,
- purge => false,
- }
-
- concatenated_file { "$postfix_merged_header_checks":
- dir => "${postfix_header_checks_snippets_dir}",
- require => File["$postfix_header_checks_snippets_dir"],
- }
-
- config_file { '/etc/postfix/header_checks':
- source => "$postfix_merged_header_checks",
- subscribe => File["$postfix_merged_header_checks"],
+ concat { '/etc/postfix/header_checks':
+ owner => root,
+ group => root,
+ mode => '0600',
}
postfix::config { "header_checks":
value => 'regexp:/etc/postfix/header_checks',
- require => File['/etc/postfix/header_checks'],
+ require => Concat['/etc/postfix/header_checks'],
+ }
+
+ # Cleanup previous implementation's internal files
+ include common::moduledir
+ file { "${common::moduledir::module_dir_path}/postfix/header_checks":
+ ensure => absent,
+ recurse => true,
+ force => true,
}
}
diff --git a/manifests/init.pp b/manifests/init.pp
index 587f30b..5b04a0f 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -18,10 +18,10 @@
class postfix {
# selinux labels differ from one distribution to another
- case $operatingsystem {
+ case $::operatingsystem {
RedHat, CentOS: {
- case $lsbmajdistrelease {
+ case $::lsbmajdistrelease {
"4": { $postfix_seltype = "etc_t" }
"5": { $postfix_seltype = "postfix_etc_t" }
default: { $postfix_seltype = undef }
@@ -99,7 +99,7 @@ class postfix {
ensure => installed
}
- if $operatingsystem == 'debian' {
+ if $::operatingsystem == 'debian' {
Package[mailx] { name => 'bsd-mailx' }
}
@@ -137,10 +137,10 @@ class postfix {
owner => "root",
group => "root",
mode => "0644",
- content => $operatingsystem ? {
+ content => $::operatingsystem ? {
Redhat => template("postfix/master.cf.redhat5.erb"),
CentOS => template("postfix/master.cf.redhat5.erb"),
- Debian => template("postfix/master.cf.debian-$lsbdistcodename.erb"),
+ Debian => template("postfix/master.cf.debian-${::lsbdistcodename}.erb"),
Ubuntu => template("postfix/master.cf.debian-etch.erb"),
},
seltype => $postfix_seltype,
@@ -168,7 +168,7 @@ class postfix {
"inet_interfaces": value => "${postfix_inet_interfaces}";
}
- case $operatingsystem {
+ case $::operatingsystem {
RedHat, CentOS: {
postfix::config {
"sendmail_path": value => "/usr/sbin/sendmail.postfix";
diff --git a/manifests/satellite.pp b/manifests/satellite.pp
index cb92a9f..99904dd 100644
--- a/manifests/satellite.pp
+++ b/manifests/satellite.pp
@@ -25,7 +25,7 @@ class postfix::satellite {
# If $valid_fqdn exists, use it to override $fqdn
case $valid_fqdn {
- "": { $valid_fqdn = $fqdn }
+ "": { $valid_fqdn = $::fqdn }
default: { $fqdn = "${valid_fqdn}" }
}
diff --git a/manifests/tlspolicy.pp b/manifests/tlspolicy.pp
index 633c380..fb7020d 100644
--- a/manifests/tlspolicy.pp
+++ b/manifests/tlspolicy.pp
@@ -1,22 +1,15 @@
#
# == Class: postfix::tlspolicy
#
-# Manages Postfix TLS policy by merging policy snippets shipped:
-# - in the module's files/tls_policy.d/ or puppet:///files/etc/postfix/tls_policy.d
-# (the latter takes precedence if present); site-postfix module is supported
-# as well, see the source argument of file {"$postfix_tlspolicy_snippets_dir"
-# bellow for details.
-# - via postfix::tlspolicy_snippet defines
+# Manages Postfix TLS policy by merging policy snippets configured
+# via postfix::tlspolicy_snippet defines
#
# Parameters:
# - $postfix_tls_fingerprint_digest (defaults to sha1)
#
-# Example usage:
-#
-# node "toto.example.com" {
-# $postfix_manage_tls_policy = yes
-# include postfix
-# }
+# Note that this class is useless when used directly.
+# The postfix::tlspolicy_snippet defines takes care of importing
+# it anyway.
#
class postfix::tlspolicy {
@@ -29,26 +22,13 @@ class postfix::tlspolicy {
module_dir{'postfix/tls_policy': }
$postfix_tlspolicy_dir = "${common::moduledir::module_dir_path}/postfix/tls_policy"
- $postfix_tlspolicy_snippets_dir = "${postfix_tlspolicy_dir}/tls_policy.d"
$postfix_merged_tlspolicy = "${postfix_tlspolicy_dir}/merged_tls_policy"
- file {"$postfix_tlspolicy_snippets_dir":
- ensure => 'directory',
- owner => 'root',
- group => '0',
- mode => '700',
- source => [
- "puppet:///modules/site-postfix/${fqdn}/tls_policy.d",
- "puppet:///modules/site-postfix/tls_policy.d",
- "puppet:///modules/postfix/tls_policy.d",
- ],
- recurse => true,
- purge => false,
- }
-
- concatenated_file { "$postfix_merged_tlspolicy":
- dir => "${postfix_tlspolicy_snippets_dir}",
- require => File["$postfix_tlspolicy_snippets_dir"],
+ concat { "$postfix_merged_tlspolicy":
+ require => File[$postfix_tlspolicy_dir],
+ owner => root,
+ group => root,
+ mode => '0600',
}
postfix::hash { '/etc/postfix/tls_policy':
@@ -68,4 +48,11 @@ class postfix::tlspolicy {
],
}
+ # Cleanup previous implementation's internal files
+ file { "${postfix_tlspolicy_dir}/tls_policy.d":
+ ensure => absent,
+ recurse => true,
+ force => true,
+ }
+
}
diff --git a/manifests/tlspolicy_snippet.pp b/manifests/tlspolicy_snippet.pp
index 2596dbc..701528b 100644
--- a/manifests/tlspolicy_snippet.pp
+++ b/manifests/tlspolicy_snippet.pp
@@ -1,7 +1,7 @@
/*
== Definition: postfix::tlspolicy_snippet
-Adds a TLS policy snippets to /etc/postfix/tls_policy.d/.
+Adds a TLS policy snippets to /etc/postfix/tls_policy.
See the postfix::tlspolicy class for details.
Parameters:
@@ -29,19 +29,16 @@ Example usage:
define postfix::tlspolicy_snippet ($ensure="present", $value = false) {
- include postfix::tlspolicy
-
if ($value == false) and ($ensure == "present") {
fail("The value parameter must be set when using the postfix::tlspolicy_snippet define with ensure=present.")
}
- file { "${postfix::tlspolicy::postfix_tlspolicy_snippets_dir}/${name}":
+ include postfix::tlspolicy
+
+ concat::fragment { "postfix_tlspolicy_${name}":
ensure => "$ensure",
content => "${name} ${value}\n",
- mode => 600,
- owner => root,
- group => 0,
- notify => Exec["concat_${postfix::tlspolicy::postfix_merged_tlspolicy}"],
+ target => "$postfix::tlspolicy::postfix_merged_tlspolicy",
}
}