diff options
-rw-r--r-- | README | 25 | ||||
-rw-r--r-- | manifests/hash.pp | 24 | ||||
-rw-r--r-- | manifests/header_checks.pp | 61 | ||||
-rw-r--r-- | manifests/init.pp | 12 | ||||
-rw-r--r-- | manifests/satellite.pp | 2 | ||||
-rw-r--r-- | manifests/tlspolicy.pp | 47 | ||||
-rw-r--r-- | manifests/tlspolicy_snippet.pp | 13 |
7 files changed, 76 insertions, 108 deletions
@@ -4,6 +4,10 @@ This module will help install and configure postfix. A couple of classes will preconfigure postfix for common needs. +This module needs: + +- the concat module: git://labs.riseup.net/shared-concat + Config ------ - set $postfix_use_amavisd="yes" to include postfix::amavis @@ -32,3 +36,24 @@ Config postfix::config { "relay_domains": value => "localhost host.foo.com" } +Deprecation notice +------------------ + +It used to be that one could drop header checks snippets into the +following source directories: + + "puppet:///modules/site-postfix/${fqdn}/header_checks.d" + "puppet:///modules/site-postfix/header_checks.d" + "puppet:///files/etc/postfix/header_checks.d" + "puppet:///modules/postfix/header_checks.d" + +... and TLS policy snippets into those: + + "puppet:///modules/site-postfix/${fqdn}/tls_policy.d" + "puppet:///modules/site-postfix/tls_policy.d" + "puppet:///modules/postfix/tls_policy.d" + +This is not supported anymore. + +Every such snippet much now be configured using the (respectively) +postfix::header_checks_snippet and postfix::tlspolicy_snippet defines. diff --git a/manifests/hash.pp b/manifests/hash.pp index c8bb7c7..6e2012f 100644 --- a/manifests/hash.pp +++ b/manifests/hash.pp @@ -29,23 +29,7 @@ Example usage: */ define postfix::hash ($ensure="present", $source = false) { - - # selinux labels differ from one distribution to another - case $operatingsystem { - - RedHat, CentOS: { - case $lsbmajdistrelease { - "4": { $postfix_seltype = "etc_t" } - "5": { $postfix_seltype = "postfix_etc_t" } - default: { $postfix_seltype = undef } - } - } - - default: { - $postfix_seltype = undef - } - } - + include ::postfix case $source { false: { file {"${name}": @@ -53,7 +37,7 @@ define postfix::hash ($ensure="present", $source = false) { mode => 600, owner => root, group => root, - seltype => $postfix_seltype, + seltype => $postfix::postfix_seltype, require => Package["postfix"], } } @@ -64,7 +48,7 @@ define postfix::hash ($ensure="present", $source = false) { owner => root, group => root, source => $source, - seltype => $postfix_seltype, + seltype => $postfix::postfix_seltype, require => Package["postfix"], } } @@ -74,7 +58,7 @@ define postfix::hash ($ensure="present", $source = false) { ensure => $ensure, mode => 600, require => [File["${name}"], Exec["generate ${name}.db"]], - seltype => $postfix_seltype, + seltype => $postfix::postfix_seltype, } exec {"generate ${name}.db": diff --git a/manifests/header_checks.pp b/manifests/header_checks.pp index 071f6b0..5b0c3c8 100644 --- a/manifests/header_checks.pp +++ b/manifests/header_checks.pp @@ -1,57 +1,32 @@ # # == Class: postfix::header_checks # -# Manages Postfix header_checks by merging snippets shipped: -# - in the module's files/header_checks.d/ or puppet:///files/etc/postfix/header_checks.d -# (the latter takes precedence if present); site-postfix module is supported -# as well, see the source argument of file {"$postfix_header_checks_snippets_dir" -# bellow for details. -# - via postfix::header_checks_snippet defines +# Manages Postfix header_checks by merging snippets configured +# via postfix::header_checks_snippet defines # -# Example usage: -# -# node "toto.example.com" { -# $postfix_manage_header_checks = yes -# include postfix -# } +# Note that this class is useless when used directly. +# The postfix::header_checks_snippet defines takes care of importing +# it anyway. # class postfix::header_checks { - include common::moduledir - module_dir{'postfix/header_checks': } - - $postfix_header_checks_dir = "${common::moduledir::module_dir_path}/postfix/header_checks" - $postfix_header_checks_snippets_dir = "${postfix_header_checks_dir}/header_checks.d" - $postfix_merged_header_checks = "${postfix_header_checks_dir}/merged_header_checks" - - file {"$postfix_header_checks_snippets_dir": - ensure => 'directory', - owner => 'root', - group => '0', - mode => '700', - source => [ - "puppet:///modules/site-postfix/${fqdn}/header_checks.d", - "puppet:///modules/site-postfix/header_checks.d", - "puppet:///files/etc/postfix/header_checks.d", - "puppet:///modules/postfix/header_checks.d", - ], - recurse => true, - purge => false, - } - - concatenated_file { "$postfix_merged_header_checks": - dir => "${postfix_header_checks_snippets_dir}", - require => File["$postfix_header_checks_snippets_dir"], - } - - config_file { '/etc/postfix/header_checks': - source => "$postfix_merged_header_checks", - subscribe => File["$postfix_merged_header_checks"], + concat { '/etc/postfix/header_checks': + owner => root, + group => root, + mode => '0600', } postfix::config { "header_checks": value => 'regexp:/etc/postfix/header_checks', - require => File['/etc/postfix/header_checks'], + require => Concat['/etc/postfix/header_checks'], + } + + # Cleanup previous implementation's internal files + include common::moduledir + file { "${common::moduledir::module_dir_path}/postfix/header_checks": + ensure => absent, + recurse => true, + force => true, } } diff --git a/manifests/init.pp b/manifests/init.pp index 587f30b..5b04a0f 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -18,10 +18,10 @@ class postfix { # selinux labels differ from one distribution to another - case $operatingsystem { + case $::operatingsystem { RedHat, CentOS: { - case $lsbmajdistrelease { + case $::lsbmajdistrelease { "4": { $postfix_seltype = "etc_t" } "5": { $postfix_seltype = "postfix_etc_t" } default: { $postfix_seltype = undef } @@ -99,7 +99,7 @@ class postfix { ensure => installed } - if $operatingsystem == 'debian' { + if $::operatingsystem == 'debian' { Package[mailx] { name => 'bsd-mailx' } } @@ -137,10 +137,10 @@ class postfix { owner => "root", group => "root", mode => "0644", - content => $operatingsystem ? { + content => $::operatingsystem ? { Redhat => template("postfix/master.cf.redhat5.erb"), CentOS => template("postfix/master.cf.redhat5.erb"), - Debian => template("postfix/master.cf.debian-$lsbdistcodename.erb"), + Debian => template("postfix/master.cf.debian-${::lsbdistcodename}.erb"), Ubuntu => template("postfix/master.cf.debian-etch.erb"), }, seltype => $postfix_seltype, @@ -168,7 +168,7 @@ class postfix { "inet_interfaces": value => "${postfix_inet_interfaces}"; } - case $operatingsystem { + case $::operatingsystem { RedHat, CentOS: { postfix::config { "sendmail_path": value => "/usr/sbin/sendmail.postfix"; diff --git a/manifests/satellite.pp b/manifests/satellite.pp index cb92a9f..99904dd 100644 --- a/manifests/satellite.pp +++ b/manifests/satellite.pp @@ -25,7 +25,7 @@ class postfix::satellite { # If $valid_fqdn exists, use it to override $fqdn case $valid_fqdn { - "": { $valid_fqdn = $fqdn } + "": { $valid_fqdn = $::fqdn } default: { $fqdn = "${valid_fqdn}" } } diff --git a/manifests/tlspolicy.pp b/manifests/tlspolicy.pp index 633c380..fb7020d 100644 --- a/manifests/tlspolicy.pp +++ b/manifests/tlspolicy.pp @@ -1,22 +1,15 @@ # # == Class: postfix::tlspolicy # -# Manages Postfix TLS policy by merging policy snippets shipped: -# - in the module's files/tls_policy.d/ or puppet:///files/etc/postfix/tls_policy.d -# (the latter takes precedence if present); site-postfix module is supported -# as well, see the source argument of file {"$postfix_tlspolicy_snippets_dir" -# bellow for details. -# - via postfix::tlspolicy_snippet defines +# Manages Postfix TLS policy by merging policy snippets configured +# via postfix::tlspolicy_snippet defines # # Parameters: # - $postfix_tls_fingerprint_digest (defaults to sha1) # -# Example usage: -# -# node "toto.example.com" { -# $postfix_manage_tls_policy = yes -# include postfix -# } +# Note that this class is useless when used directly. +# The postfix::tlspolicy_snippet defines takes care of importing +# it anyway. # class postfix::tlspolicy { @@ -29,26 +22,13 @@ class postfix::tlspolicy { module_dir{'postfix/tls_policy': } $postfix_tlspolicy_dir = "${common::moduledir::module_dir_path}/postfix/tls_policy" - $postfix_tlspolicy_snippets_dir = "${postfix_tlspolicy_dir}/tls_policy.d" $postfix_merged_tlspolicy = "${postfix_tlspolicy_dir}/merged_tls_policy" - file {"$postfix_tlspolicy_snippets_dir": - ensure => 'directory', - owner => 'root', - group => '0', - mode => '700', - source => [ - "puppet:///modules/site-postfix/${fqdn}/tls_policy.d", - "puppet:///modules/site-postfix/tls_policy.d", - "puppet:///modules/postfix/tls_policy.d", - ], - recurse => true, - purge => false, - } - - concatenated_file { "$postfix_merged_tlspolicy": - dir => "${postfix_tlspolicy_snippets_dir}", - require => File["$postfix_tlspolicy_snippets_dir"], + concat { "$postfix_merged_tlspolicy": + require => File[$postfix_tlspolicy_dir], + owner => root, + group => root, + mode => '0600', } postfix::hash { '/etc/postfix/tls_policy': @@ -68,4 +48,11 @@ class postfix::tlspolicy { ], } + # Cleanup previous implementation's internal files + file { "${postfix_tlspolicy_dir}/tls_policy.d": + ensure => absent, + recurse => true, + force => true, + } + } diff --git a/manifests/tlspolicy_snippet.pp b/manifests/tlspolicy_snippet.pp index 2596dbc..701528b 100644 --- a/manifests/tlspolicy_snippet.pp +++ b/manifests/tlspolicy_snippet.pp @@ -1,7 +1,7 @@ /* == Definition: postfix::tlspolicy_snippet -Adds a TLS policy snippets to /etc/postfix/tls_policy.d/. +Adds a TLS policy snippets to /etc/postfix/tls_policy. See the postfix::tlspolicy class for details. Parameters: @@ -29,19 +29,16 @@ Example usage: define postfix::tlspolicy_snippet ($ensure="present", $value = false) { - include postfix::tlspolicy - if ($value == false) and ($ensure == "present") { fail("The value parameter must be set when using the postfix::tlspolicy_snippet define with ensure=present.") } - file { "${postfix::tlspolicy::postfix_tlspolicy_snippets_dir}/${name}": + include postfix::tlspolicy + + concat::fragment { "postfix_tlspolicy_${name}": ensure => "$ensure", content => "${name} ${value}\n", - mode => 600, - owner => root, - group => 0, - notify => Exec["concat_${postfix::tlspolicy::postfix_merged_tlspolicy}"], + target => "$postfix::tlspolicy::postfix_merged_tlspolicy", } } |