Initial Chef repository

cookbooks/postfix/recipes/_attributes.rb

@@ -0,0 +1,60 @@
+# encoding: utf-8
+# Copyright:: Copyright 2012-2014, Chef Software, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+if node['postfix']['use_procmail']
+  node.default['postfix']['main']['mailbox_command'] = '/usr/bin/procmail -a "$EXTENSION"'
+end
+
+if node['postfix']['main']['smtpd_use_tls'] == 'yes'
+  node.default['postfix']['main']['smtpd_tls_cert_file'] = '/etc/ssl/certs/ssl-cert-snakeoil.pem'
+  node.default['postfix']['main']['smtpd_tls_key_file'] = '/etc/ssl/private/ssl-cert-snakeoil.key'
+  node.default['postfix']['main']['smtpd_tls_CAfile'] = node['postfix']['cafile']
+  node.default['postfix']['main']['smtpd_tls_session_cache_database'] = 'btree:${data_directory}/smtpd_scache'
+end
+
+if node['postfix']['main']['smtp_use_tls'] == 'yes'
+  node.default['postfix']['main']['smtp_tls_CAfile'] = node['postfix']['cafile']
+  node.default['postfix']['main']['smtp_tls_session_cache_database'] = 'btree:${data_directory}/smtp_scache'
+end
+
+if node['postfix']['main']['smtp_sasl_auth_enable'] == 'yes'
+  node.default['postfix']['sasl_password_file'] = "#{node['postfix']['conf_dir']}/sasl_passwd"
+  node.default['postfix']['main']['smtp_sasl_password_maps'] = "hash:#{node['postfix']['sasl_password_file']}"
+  node.default['postfix']['main']['smtp_sasl_security_options'] = 'noanonymous'
+  node.default['postfix']['sasl']['smtp_sasl_user_name'] = ''
+  node.default['postfix']['sasl']['smtp_sasl_passwd']    = ''
+  node.default['postfix']['main']['relayhost'] = ''
+end
+
+if node['postfix']['use_alias_maps']
+   node.default['postfix']['main']['alias_maps'] = ["hash:#{node['postfix']['aliases_db']}"]
+end
+
+if node['postfix']['use_transport_maps']
+   node.default['postfix']['main']['transport_maps'] = ["hash:#{node['postfix']['transport_db']}"]
+end
+
+if node['postfix']['use_access_maps']
+   node.default['postfix']['main']['access_maps'] = ["hash:#{node['postfix']['access_db']}"]
+end
+
+if node['postfix']['use_virtual_aliases']
+  node.default['postfix']['main']['virtual_alias_maps'] = ["#{node['postfix']['virtual_alias_db_type']}:#{node['postfix']['virtual_alias_db']}"]
+end
+
+if node['postfix']['use_virtual_aliases_domains']
+  node.default['postfix']['main']['virtual_alias_domains'] = ["#{node['postfix']['virtual_alias_domains_db_type']}:#{node['postfix']['virtual_alias_domains_db']}"]
+end

cookbooks/postfix/recipes/_common.rb

@@ -0,0 +1,128 @@
+# encoding: utf-8
+# Author:: Joshua Timberman(<joshua@getchef.com>)
+# Cookbook Name:: common
+# Recipe:: default
+#
+# Copyright 2009-2014, Chef Software, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+include_recipe 'postfix::_attributes'
+
+package 'postfix'
+
+package 'procmail' if node['postfix']['use_procmail']
+
+case node['platform_family']
+when 'rhel', 'fedora'
+  service 'sendmail' do
+    action :nothing
+  end
+
+  execute 'switch_mailer_to_postfix' do
+    command '/usr/sbin/alternatives --set mta /usr/sbin/sendmail.postfix'
+    notifies :stop, 'service[sendmail]'
+    notifies :start, 'service[postfix]'
+    not_if '/usr/bin/test /etc/alternatives/mta -ef /usr/sbin/sendmail.postfix'
+  end
+when 'omnios'
+  manifest_path = ::File.join(Chef::Config[:file_cache_path], 'manifest-postfix.xml')
+
+  # we need to manage the postfix group and user
+  # and then subscribe to the package install because it creates a
+  # postdrop group and adds postfix user to it.
+  group 'postfix' do
+    append true
+  end
+
+  user 'postfix' do
+    uid node['postfix']['uid']
+    gid 'postfix'
+    home '/var/spool/postfix'
+    subscribes :manage, 'package[postfix]'
+    notifies :run, 'execute[/opt/omni/sbin/postfix set-permissions]', :immediately
+  end
+
+  # we don't guard this because if the user creation was successful (or happened out of band), then this won't get executed when the action is :nothing.
+  execute '/opt/omni/sbin/postfix set-permissions'
+
+  template manifest_path  do
+    source 'manifest-postfix.xml.erb'
+    owner 'root'
+    group node['root_group']
+    mode '0644'
+    notifies :run, 'execute[load postfix manifest]', :immediately
+  end
+
+  execute 'load postfix manifest' do
+    action :nothing
+    command "svccfg import #{manifest_path}"
+    notifies :restart, 'service[postfix]'
+  end
+end
+
+execute 'update-postfix-sender_canonical' do
+  command "postmap #{node['postfix']['conf_dir']}/sender_canonical"
+  action :nothing
+end
+
+unless node['postfix']['sender_canonical_map_entries'].empty?
+  template "#{node['postfix']['conf_dir']}/sender_canonical" do
+    owner 'root'
+    group node['root_group']
+    mode '0644'
+    notifies :run, 'execute[update-postfix-sender_canonical]'
+    notifies :reload, 'service[postfix]'
+  end
+
+  unless node['postfix']['main'].key?('sender_canonical_maps')
+    node.set['postfix']['main']['sender_canonical_maps'] = "hash:#{node['postfix']['conf_dir']}/sender_canonical"
+  end
+end
+
+execute 'update-postfix-smtp_generic' do
+  command "postmap #{node['postfix']['conf_dir']}/smtp_generic"
+  action :nothing
+end
+
+unless node['postfix']['smtp_generic_map_entries'].empty?
+  template "#{node['postfix']['conf_dir']}/smtp_generic" do
+    owner 'root'
+    group node['root_group']
+    mode  '0644'
+    notifies :run, 'execute[update-postfix-smtp_generic]'
+    notifies :reload, 'service[postfix]'
+  end
+
+  unless node['postfix']['main'].key?('smtp_generic_maps')
+    node.set['postfix']['main']['smtp_generic_maps'] = "hash:#{node['postfix']['conf_dir']}/smtp_generic"
+  end
+end
+
+%w{main master}.each do |cfg|
+  template "#{node['postfix']['conf_dir']}/#{cfg}.cf" do
+    source "#{cfg}.cf.erb"
+    owner 'root'
+    group node['root_group']
+    mode '0644'
+    notifies :restart, 'service[postfix]'
+    variables(settings: node['postfix'][cfg])
+    cookbook node['postfix']["#{cfg}_template_source"]
+  end
+end
+
+service 'postfix' do
+  supports status: true, restart: true, reload: true
+  action :enable
+end

cookbooks/postfix/recipes/access.rb

@@ -0,0 +1,28 @@
+# encoding: utf-8
+# Copyright:: Copyright (c) 2012, Opscode, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+include_recipe 'postfix::_common'
+
+execute 'update-postfix-access' do
+  command "postmap #{node['postfix']['access_db']}"
+  environment PATH: "#{ENV['PATH']}:/opt/omni/bin:/opt/omni/sbin" if platform_family?('omnios')
+  action :nothing
+end
+
+template node['postfix']['access_db'] do
+  source 'access.erb'
+  notifies :run, 'execute[update-postfix-access]'
+end

cookbooks/postfix/recipes/aliases.rb

@@ -0,0 +1,30 @@
+# encoding: utf-8
+# Copyright:: Copyright 2012-2014, Chef Software, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+include_recipe 'postfix::_common'
+
+execute 'update-postfix-aliases' do
+  command 'newaliases'
+  environment PATH: "#{ENV['PATH']}:/opt/omni/bin:/opt/omni/sbin" if platform_family?('omnios')
+  # On FreeBSD, /usr/sbin/newaliases is the sendmail command, and it's in the path before postfix's /usr/local/bin/newaliases
+  environment ({ 'PATH' => "/usr/local/bin:#{ENV['PATH']}" }) if platform_family?('freebsd')
+  action :nothing
+end
+
+template node['postfix']['aliases_db'] do
+  source 'aliases.erb'
+  notifies :run, 'execute[update-postfix-aliases]'
+end

cookbooks/postfix/recipes/client.rb

@@ -0,0 +1,42 @@
+# encoding: utf-8
+# Author:: Joshua Timberman(<joshua@getchef.com>)
+# Cookbook Name:: postfix
+# Recipe:: client
+#
+# Copyright 2009-2014, Chef Software, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+if Chef::Config[:solo]
+  Chef::Log.info("#{cookbook_name}::#{recipe_name} is intended for use with Chef Server, use #{cookbook_name}::default with Chef Solo.")
+  return
+end
+
+query = "role:#{node['postfix']['relayhost_role']}"
+relayhost = ''
+# results = []
+
+if node.run_list.roles.include?(node['postfix']['relayhost_role'])
+  relayhost << node['ipaddress']
+elsif node['postfix']['multi_environment_relay']
+  results = search(:node, query)
+  relayhost = results.map { |n| n['ipaddress'] }.first
+else
+  results = search(:node, "#{query} AND chef_environment:#{node.chef_environment}")
+  relayhost = results.map { |n| n['ipaddress'] }.first
+end
+
+node.set['postfix']['main']['relayhost'] = "[#{relayhost}]"
+
+include_recipe 'postfix'

cookbooks/postfix/recipes/default.rb

@@ -0,0 +1,45 @@
+# encoding: utf-8
+# Author:: Joshua Timberman(<joshua@getchef.com>)
+# Cookbook Name:: postfix
+# Recipe:: default
+#
+# Copyright 2009-2014, Chef Software, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+include_recipe 'postfix::_common'
+
+if node['postfix']['main']['smtp_sasl_auth_enable'] == 'yes'
+  include_recipe 'postfix::sasl_auth'
+end
+
+if node['postfix']['use_alias_maps']
+  include_recipe 'postfix::aliases'
+end
+
+if node['postfix']['use_transport_maps']
+  include_recipe 'postfix::transports'
+end
+
+if node['postfix']['use_access_maps']
+  include_recipe 'postfix::access'
+end
+
+if node['postfix']['use_virtual_aliases']
+  include_recipe 'postfix::virtual_aliases'
+end
+
+if node['postfix']['use_virtual_aliases_domains']
+  include_recipe 'postfix::virtual_aliases_domains'
+end

cookbooks/postfix/recipes/sasl_auth.rb

@@ -0,0 +1,59 @@
+# encoding: utf-8
+#
+# Author:: Joshua Timberman(<joshua@getchef.com>)
+# Cookbook Name:: postfix
+# Recipe:: sasl_auth
+#
+# Copyright 2009-2014, Chef Software, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+include_recipe 'postfix::_common'
+
+sasl_pkgs = []
+
+# We use case instead of value_for_platform_family because we need
+# version specifics for RHEL.
+case node['platform_family']
+when 'debian'
+  sasl_pkgs = %w(libsasl2-2 libsasl2-modules ca-certificates)
+when 'rhel'
+  if node['platform_version'].to_i < 6
+    sasl_pkgs = %w(cyrus-sasl cyrus-sasl-plain openssl)
+  else
+    sasl_pkgs = %w(cyrus-sasl cyrus-sasl-plain ca-certificates)
+  end
+when 'fedora'
+  sasl_pkgs = %w(cyrus-sasl cyrus-sasl-plain ca-certificates)
+end
+
+sasl_pkgs.each do |pkg|
+  package pkg
+end
+
+execute 'postmap-sasl_passwd' do
+  command "postmap #{node['postfix']['sasl_password_file']}"
+  environment 'PATH' => "#{ENV['PATH']}:/opt/omni/bin:/opt/omni/sbin" if platform_family?('omnios')
+  action :nothing
+end
+
+template node['postfix']['sasl_password_file'] do
+  source 'sasl_passwd.erb'
+  owner 'root'
+  group node['root_group']
+  mode 0400
+  notifies :run, 'execute[postmap-sasl_passwd]', :immediately
+  notifies :restart, 'service[postfix]'
+  variables(settings: node['postfix']['sasl'])
+end

cookbooks/postfix/recipes/server.rb

@@ -0,0 +1,25 @@
+# encoding: utf-8
+#
+# Author:: Joshua Timberman(<joshua@getchef.com>)
+# Cookbook Name:: postfix
+# Recipe:: server
+#
+# Copyright 2009-2014, Chef Software, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+node.override['postfix']['mail_type'] = 'master'
+node.override['postfix']['main']['inet_interfaces'] = 'all'
+
+include_recipe 'postfix'

cookbooks/postfix/recipes/transports.rb

@@ -0,0 +1,28 @@
+# encoding: utf-8
+# Copyright:: Copyright (c) 2012, Opscode, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+include_recipe 'postfix::_common'
+
+execute 'update-postfix-transport' do
+  command "postmap #{node['postfix']['transport_db']}"
+  environment PATH: "#{ENV['PATH']}:/opt/omni/bin:/opt/omni/sbin" if platform_family?('omnios')
+  action :nothing
+end
+
+template node['postfix']['transport_db'] do
+  source 'transport.erb'
+  notifies :run, 'execute[update-postfix-transport]'
+end

cookbooks/postfix/recipes/virtual_aliases.rb

@@ -0,0 +1,29 @@
+# encoding: utf-8
+# Copyright:: Copyright (c) 2012, Opscode, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+include_recipe 'postfix::_common'
+
+execute 'update-postfix-virtual-alias' do
+  command "postmap #{node['postfix']['virtual_alias_db']}"
+  environment PATH: "#{ENV['PATH']}:/opt/omni/bin:/opt/omni/sbin" if platform_family?('omnios')
+  action :nothing
+end
+
+template node['postfix']['virtual_alias_db'] do
+  source 'virtual_aliases.erb'
+  notifies :run, 'execute[update-postfix-virtual-alias]'
+  notifies :restart, 'service[postfix]'
+end

cookbooks/postfix/recipes/virtual_aliases_domains.rb

@@ -0,0 +1,29 @@
+# encoding: utf-8
+# Copyright:: Copyright (c) 2012, Opscode, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+include_recipe 'postfix::_common'
+
+execute 'update-postfix-virtual-alias-domains' do
+  command "postmap #{node['postfix']['virtual_alias_domains_db']}"
+  environment PATH: "#{ENV['PATH']}:/opt/omni/bin:/opt/omni/sbin" if platform_family?('omnios')
+  action :nothing
+end
+
+template node['postfix']['virtual_alias_domains_db'] do
+  source 'virtual_aliases_domains.erb'
+  notifies :run, 'execute[update-postfix-virtual-alias-domains]'
+  notifies :restart, 'service[postfix]'
+end