kosmos/postfix-cookbook
8
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[COOK-880] - add client/server roles for search of relayhost

Browse Source
This commit is contained in:
jtimberman 2012-04-17 17:37:11 -06:00
parent 6a04b2ac15
commit 6df811b81a
6 changed files with 191 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

94
README.md
View File

@ -14,7 +14,7 @@ Requirements
* Ubuntu 10.04+ * Ubuntu 10.04+
* Debian 6.0+ * Debian 6.0+
* RHEL/CentOS/Scientific 5.7+, 6.2+ * RHEL/CentOS/Scientific 5.7+, 6.2+
* Amazon Linux (as of 4/9/2012) * Amazon Linux (as of AMIs created after 4/9/2012)
Attributes Attributes
========== ==========
@ -31,6 +31,11 @@ See `attributes/default.rb` for default values.
in `/etc/postfix/main.cf`. in `/etc/postfix/main.cf`.
* `node['postfix']['relayhost']` - corresponds to the relayhost option * `node['postfix']['relayhost']` - corresponds to the relayhost option
in `/etc/postfix/main.cf`. in `/etc/postfix/main.cf`.
* `node['postfix']['relayhost_role']` - name of a role used for search
in the client recipe.
* `node['postfix']['multi_environment_relay']` - set to true if nodes
should not constrain search for the relayhost in their own
environment.
* `node['postfix']['mail_relay_networks']` - corresponds to the * `node['postfix']['mail_relay_networks']` - corresponds to the
mynetworks option in `/etc/postfix/main.cf`. mynetworks option in `/etc/postfix/main.cf`.
* `node['postfix']['smtpd_use_tls']` - set to "yes" to use TLS for * `node['postfix']['smtpd_use_tls']` - set to "yes" to use TLS for
@ -41,8 +46,8 @@ See `attributes/default.rb` for default values.
`smtp_sasl_password_maps` option in `/etc/postfix/main.cf`. `smtp_sasl_password_maps` option in `/etc/postfix/main.cf`.
* `node['postfix']['smtp_sasl_security_options']` - corresponds to the * `node['postfix']['smtp_sasl_security_options']` - corresponds to the
`smtp_sasl_security_options` option in `/etc/postfix/main.cf`. `smtp_sasl_security_options` option in `/etc/postfix/main.cf`.
* `node['postfix']['smtp_tls_cafile']` - corresponds to the `smtp_tls_CAfile` * `node['postfix']['smtp_tls_cafile']` - corresponds to the
option in `/etc/postfix/main.cf`. `smtp_tls_CAfile` option in `/etc/postfix/main.cf`.
* `node['postfix']['smtp_use_tls']` - corresponds to the * `node['postfix']['smtp_use_tls']` - corresponds to the
`smtp_use_tls` option in `/etc/postfix/main.cf`. `smtp_use_tls` option in `/etc/postfix/main.cf`.
* `node['postfix']['smtp_sasl_user_name']` - mapped in the * `node['postfix']['smtp_sasl_user_name']` - mapped in the
@ -64,12 +69,38 @@ configuration files (`/etc/postfix/main.cf` and
`/etc/postfix/master.cf`). See __Usage__ and __Examples__ to see how `/etc/postfix/master.cf`). See __Usage__ and __Examples__ to see how
to affect behavior of this recipe through configuration. to affect behavior of this recipe through configuration.
For a more dynamic approach to discovery for the relayhost, see the
`client` and `server` recipes below.
client
------
Use this recipe to have nodes automatically search for the mail relay
based which node has the `node['postfix']['relayhost']` role. Sets the
`node['postfix']['relayhost']` attribute to the first result from the
search.
Includes the default recipe to install, configure and start postfix.
Does not work with `chef-solo`.
sasl\_auth sasl\_auth
---------- ----------
Sets up the system to authenticate with a remote mail relay using SASL Sets up the system to authenticate with a remote mail relay using SASL
authentication. authentication.
server
------
To use Chef Server search to automatically detect a node that is the
relayhost, use this recipe in a role that will be relayhost. By
default, the role should be "relayhost" but you can change the
attribute `node['postfix']['relayhost_role']` to modify this.
**Note** This recipe will set the `node['postfix']['mail_type']` to
"master" with an override attribute.
aliases aliases
------- -------
@ -91,7 +122,8 @@ the internet, use `recipe[postfix]` and modify the
On systems that should be the MX for a domain, set the attributes On systems that should be the MX for a domain, set the attributes
accordingly and make sure the `node['postfix']['mail_type']` attribute accordingly and make sure the `node['postfix']['mail_type']` attribute
is `master`. is `master`. See __Examples__ for information on how to use
`recipe[postfix::server]` to do this automatically.
If you need to use SASL authentication to send mail through your ISP If you need to use SASL authentication to send mail through your ISP
(such as on a home network), use `recipe[postfix::sasl_auth]` and set (such as on a home network), use `recipe[postfix::sasl_auth]` and set
@ -159,12 +191,64 @@ password, see the following blog post:
* http://jtimberman.github.com/blog/2011/08/06/encrypted-data-bag-for-postfix-sasl-authentication/ * http://jtimberman.github.com/blog/2011/08/06/encrypted-data-bag-for-postfix-sasl-authentication/
**Examples using the client & server recipes**
If you'd like to use the more dynamic search based approach for discovery, use the server and client recipes. First, create a relayhost role.
name "relayhost"
run_list("recipe[postfix::server]")
override_attributes(
"postfix" => {
"mail_relay_networks" => "10.3.3.0/24",
"mydomain" => "example.com",
"myorigin" => "example.com"
}
)
Then, add the `postfix::client` recipe to the run list of your `base` role or equivalent role for postfix clients.
name "base"
run_list("recipe[postfix::client]")
override_attributes(
"postfix" => {
"mail_type" => "client",
"mydomain" => "example.com",
"myorigin" => "example.com"
}
)
If you wish to use a different role name for the relayhost, then also set the attribute in the `base` role. For example, `postfix_master` as the role name:
name "postfix_master"
description "a role for postfix master that isn't relayhost"
run_list("recipe[postfix::server]")
override_attributes(
"postfix" => {
"mail_relay_networks" => "10.3.3.0/24",
"mydomain" => "example.com",
"myorigin" => "example.com"
}
)
The base role would look something like this:
name "base"
run_list("recipe[postfix::client]")
override_attributes(
"postfix" => {
"relayhost_role" => "postfix_master",
"mail_type" => "client",
"mydomain" => "example.com",
"myorigin" => "example.com"
}
)
License and Author License and Author
================== ==================
Author:: Joshua Timberman <joshua@opscode.com> Author:: Joshua Timberman <joshua@opscode.com>
Copyright:: 2009-2011, Opscode, Inc Copyright:: 2009-2012, Opscode, Inc
Licensed under the Apache License, Version 2.0 (the "License"); Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License. you may not use this file except in compliance with the License.

33
attributes/default.rb
View File

@ -15,21 +15,22 @@
# See the License for the specific language governing permissions and # See the License for the specific language governing permissions and
# limitations under the License. # limitations under the License.
default[:postfix][:mail_type] = "client" default['postfix']['mail_type'] = "client"
default[:postfix][:myhostname] = fqdn default['postfix']['myhostname'] = fqdn
default[:postfix][:mydomain] = domain default['postfix']['mydomain'] = domain
default[:postfix][:myorigin] = "$myhostname" default['postfix']['myorigin'] = "$myhostname"
default[:postfix][:relayhost] = "" default['postfix']['relayhost'] = ""
default[:postfix][:mail_relay_networks] = "127.0.0.0/8" default['postfix']['mail_relay_networks'] = "127.0.0.0/8"
default['postfix']['relayhost_role'] = "relayhost"
default['postfix']['multi_environment_relay'] = false
default[:postfix][:smtpd_use_tls] = "yes" default['postfix']['smtpd_use_tls'] = "yes"
default['postfix']['smtp_sasl_auth_enable'] = "no"
default['postfix']['smtp_sasl_password_maps'] = "hash:/etc/postfix/sasl_passwd"
default['postfix']['smtp_sasl_security_options'] = "noanonymous"
default['postfix']['smtp_tls_cafile'] = "/etc/postfix/cacert.pem"
default['postfix']['smtp_use_tls'] = "yes"
default['postfix']['smtp_sasl_user_name'] = ""
default['postfix']['smtp_sasl_passwd'] = ""
default[:postfix][:smtp_sasl_auth_enable] = "no" default['postfix']['aliases'] = {}
default[:postfix][:smtp_sasl_password_maps] = "hash:/etc/postfix/sasl_passwd"
default[:postfix][:smtp_sasl_security_options] = "noanonymous"
default[:postfix][:smtp_tls_cafile] = "/etc/postfix/cacert.pem"
default[:postfix][:smtp_use_tls] = "yes"
default[:postfix][:smtp_sasl_user_name] = ""
default[:postfix][:smtp_sasl_passwd] = ""
default[:postfix][:aliases] = {}

42
recipes/client.rb Normal file
View File

@ -0,0 +1,42 @@
#
# Author:: Joshua Timberman(<joshua@opscode.com>)
# Cookbook Name:: postfix
# Recipe:: client
#
# Copyright 2009-2012, Opscode, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
if Chef::Config[:solo]
Chef::Log.info("#{cookbook_name}::#{recipe_name} is intended for use with Chef Server, use #{cookbook_name}::default with Chef Solo.")
return
end
query = "role:#{node['postfix']['relayhost_role']}"
relayhost = ""
results = []
if node.run_list.roles.include?(node['postfix']['relayhost_role'])
relayhost << node['ipaddress']
elsif node['postfix']['multi_environment_relay']
results = search(:node, query)
relayhost = results.map {|n| n['ipaddress']}.first
else
results = search(:node, "#{query} AND chef_environment:#{node.chef_environment}")
relayhost = results.map {|n| n['ipaddress']}.first
end
node.set['postfix']['relayhost'] = "[#{relayhost}]"
include_recipe "postfix"

2
recipes/default.rb
View File

@ -3,7 +3,7 @@
# Cookbook Name:: postfix # Cookbook Name:: postfix
# Recipe:: default # Recipe:: default
# #
# Copyright 2009, Opscode, Inc. # Copyright 2009-2012, Opscode, Inc.
# #
# Licensed under the Apache License, Version 2.0 (the "License"); # Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License. # you may not use this file except in compliance with the License.

23
recipes/server.rb Normal file
View File

@ -0,0 +1,23 @@
#
# Author:: Joshua Timberman(<joshua@opscode.com>)
# Cookbook Name:: postfix
# Recipe:: server
#
# Copyright 2009-2012, Opscode, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
node.override['postfix']['mail_type'] = 'master'
include_recipe "postfix"

36
templates/default/main.cf.erb
View File

@ -1,38 +1,38 @@
### ###
# Generated by Chef for <%= node[:fqdn] %> # Generated by Chef for <%= node['fqdn'] %>
# Configured as <%= node[:postfix][:mail_type] %> # Configured as <%= node['postfix']['mail_type'] %>
### ###
biff = no biff = no
append_dot_mydomain = no append_dot_mydomain = no
smtpd_use_tls = <%= node[:postfix][:smtpd_use_tls] %> smtpd_use_tls = <%= node['postfix']['smtpd_use_tls'] %>
<% if node[:postfix][:smtpd_use_tls] == "yes" -%> <% if node['postfix']['smtpd_use_tls'] == "yes" -%>
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
<% end -%> <% end -%>
smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
smtp_sasl_auth_enable = <%= node[:postfix][:smtp_sasl_auth_enable] %> smtp_sasl_auth_enable = <%= node['postfix']['smtp_sasl_auth_enable'] %>
<% if node[:postfix][:smtp_sasl_auth_enable] == "yes" -%> <% if node['postfix']['smtp_sasl_auth_enable'] == "yes" -%>
smtp_sasl_password_maps = <%= node[:postfix][:smtp_sasl_password_maps] %> smtp_sasl_password_maps = <%= node['postfix']['smtp_sasl_password_maps'] %>
smtp_sasl_security_options = <%= node[:postfix][:smtp_sasl_security_options] %> smtp_sasl_security_options = <%= node['postfix']['smtp_sasl_security_options'] %>
smtp_tls_CAfile = <%= node[:postfix][:smtp_tls_cafile] %> smtp_tls_CAfile = <%= node['postfix']['smtp_tls_cafile'] %>
smtp_use_tls = <%= node[:postfix][:smtp_use_tls] %> smtp_use_tls = <%= node['postfix']['smtp_use_tls'] %>
<% end -%> <% end -%>
myhostname = <%= node[:postfix][:myhostname] %> myhostname = <%= node['postfix']['myhostname'] %>
mydomain = <%= node[:postfix][:mydomain] %> mydomain = <%= node['postfix']['mydomain'] %>
myorigin = <%= node[:postfix][:myorigin] %> myorigin = <%= node['postfix']['myorigin'] %>
smtpd_banner = $myhostname ESMTP $mail_name smtpd_banner = $myhostname ESMTP $mail_name
alias_maps = hash:/etc/aliases alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases alias_database = hash:/etc/aliases
mydestination = <%= node[:postfix][:myhostname] %>, <%= node[:hostname] %>, localhost.localdomain, localhost mydestination = <%= node['postfix']['myhostname'] %>, <%= node['hostname'] %>, localhost.localdomain, localhost
<% if node[:postfix][:mail_type] == "master" -%> <% if node['postfix']['mail_type'] == "master" -%>
relayhost = relayhost =
mynetworks = <%= node[:postfix][:mail_relay_networks] %> mynetworks = <%= node['postfix']['mail_relay_networks'] %>
inet_interfaces = all inet_interfaces = all
<% else -%> <% else -%>
relayhost = <%= node[:postfix][:relayhost] %> relayhost = <%= node['postfix']['relayhost'] %>
mynetworks = <%= node[:postfix][:mail_relay_networks] %> mynetworks = <%= node['postfix']['mail_relay_networks'] %>
inet_interfaces = loopback-only inet_interfaces = loopback-only
<% end -%> <% end -%>
mailbox_size_limit = 0 mailbox_size_limit = 0