postfix: move postfix installation from evolinux-base to postfix role, plus some refactoring
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2696|33|2663|34|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/467//ansiblelint">Evolix » ansible-roles » unstable #467</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details

postfix:
* Move common packages installation in common.yml
* Replace ansible_fqdn by evolinux_fqdn, set postfix_slow_transport_include to false by default (only for packmails and packwebs)
* Remove dependency on evolinux_fqdn var
* Do not overwrite main.cf if it has been modified (except if postfix_force_main_cf)

evolinux-base:
* Move exim4 purge from evolinux-base to postfix role
* Call postfix role call after nagios role (dependency)
This commit is contained in:
William Hirigoyen 2024-01-24 11:42:15 +01:00
parent 554bbaa36f
commit 1f8738fbda
13 changed files with 73 additions and 78 deletions

View File

@ -97,6 +97,9 @@ The **patch** part changes is incremented if multiple releases happen the same m
* dovecot: add missing LDAP conf iterate_filter to exclude disabled accounts in users list (caused « User no longer exists » errors in commands listing users like « doveadm user -u '*' » or « doveadm expunge -u "*" mailbox INBOX savedbefore 7d »).
* dovecot: fix missing default mails
* webapps/roundcube & evoadminmail: make roles more idempotent (were failing when played twice)
* nginx: fix mistake between "check_mode: no" and "when: not ansible_check_mode" (fail in check mode)
* nginx: add "when: not ansible_check_mode" in various tasks to prevent fail in check mode
* postfix: remove dependency on evolinux_fqdn var
* roundcube: set default SMTP port to 25 instead of 587, which failed because of missing SSL conf (local connexion does not need SSL)
### Removed

View File

@ -2,6 +2,5 @@
general_alert_email: "root@localhost"
log2mail_alert_email: Null
dovecot_vmail_uid: 5000
dovecot_vmail_gid: 5000

View File

@ -159,12 +159,10 @@ evolinux_root_disable_ssh: False
# postfix
evolinux_postfix_include: True
evolinux_postfix_packages: True
evolinux_mail_aliases_include: True
evolinux_postfix_users_alias_root: True
evolinux_postfix_mailer_alias_root: True
evolinux_postfix_root_alias: True
evolinux_postfix_purge_exim: True
# logs

View File

@ -34,3 +34,4 @@ else
usage
exit 1
fi

View File

@ -1,36 +1,5 @@
---
- name: Postfix packages are installed
ansible.builtin.apt:
name:
- postfix
- mailgraph
state: present
tags:
- packages
- postfix
when: evolinux_postfix_packages | bool
- name: configure postfix myhostname
ansible.builtin.lineinfile:
dest: /etc/postfix/main.cf
state: present
line: "myhostname = {{ evolinux_fqdn }}"
regexp: '^myhostname'
notify: reload postfix
tags:
- postfix
- name: configure postfix mynetworks
ansible.builtin.lineinfile:
dest: /etc/postfix/main.cf
state: present
line: "mydestination = {{ [evolinux_fqdn, evolinux_internal_fqdn] | unique | join(' ') }} localhost.localdomain localhost localhost.$mydomain"
regexp: '^mydestination'
notify: reload postfix
tags:
- postfix
- name: fetch users list
ansible.builtin.shell:
cmd: "set -o pipefail && getent passwd | cut -d':' -f 1 | grep -v root"
@ -81,18 +50,3 @@
- ansible.builtin.meta: flush_handlers
- name: exim4 is absent
ansible.builtin.apt:
name:
- exim4
- exim4-base
- exim4-config
- exim4-daemon-light
purge: yes
state: absent
tags:
- packages
- postfix
when: evolinux_postfix_purge_exim | bool
- ansible.builtin.meta: flush_handlers

View File

@ -81,9 +81,16 @@
ansible.builtin.import_tasks: root.yml
when: evolinux_root_include | bool
- name: Postfix
ansible.builtin.import_tasks: postfix.yml
- name: Postfix role
ansible.builtin.include_role:
name: evolix/postfix
when: evolinux_postfix_include | bool
tags:
- postfix
- name: Configure /etc/aliases
ansible.builtin.import_tasks: mail_aliases.yml
when: evolinux_mail_aliases_include | bool
- name: Logs management
ansible.builtin.import_tasks: logs.yml
@ -132,6 +139,14 @@
name: evolix/check_free_space
when: evolinux_check_free_space_include | bool
# postfix role must be after nagios-nrpe role
- name: Postfix role
ansible.builtin.include_role:
name: evolix/postfix
when: evolinux_postfix_include | bool
tags:
- postfix
- name: Autosysadmin
ansible.builtin.include_role:
name: 'evolix/autosysadmin'

View File

@ -1,5 +1,7 @@
---
postfix_hostname: "{{ ansible_fqdn }}"
postfix_hostname: "{{ evolinux_hostname }}.{{ evolinux_domain }}"
postfix_force_main_cf: False
postfix_packmail: False
postfix_slow_transport_include: "{{ postfix_packmail }}"
postfix_slow_transport_include: False
postfix_purge_exim: True

View File

@ -1,11 +1,32 @@
---
- name: check if main.cf is default
- name: Postfix packages are installed
ansible.builtin.apt:
name:
- postfix
- mailgraph
state: present
tags:
- postfix
- name: exim4 is absent
ansible.builtin.apt:
name:
- exim4
- exim4-base
- exim4-config
- exim4-daemon-light
purge: yes
state: absent
tags:
- postfix
when: postfix_purge_exim | bool
- name: compute main.cf SHA1 checksum
ansible.builtin.shell:
cmd: 'grep -v -E "^(myhostname|mydestination|mailbox_command)" /etc/postfix/main.cf | md5sum -'
cmd: 'grep -v -E "^(myhostname|mydestination|mailbox_command)" /etc/postfix/main.cf | sha1sum | cut -d " " -f1'
changed_when: False
check_mode: no
register: default_main_cf
register: main_cf_checksum
tags:
- postfix

View File

@ -1,10 +1,8 @@
---
- name: ensure packages are installed
ansible.builtin.apt:
name: postfix
state: present
tags:
- postfix
- name: display checksums of known main.cf files
debug:
var: main_cf_known_checksums
- name: create minimal main.cf
ansible.builtin.template:
@ -15,6 +13,6 @@
mode: "0644"
force: true
notify: restart postfix
when: (postfix_force_main_cf | bool) or (postfix_maincf_md5_jessie in default_main_cf.stdout) or (postfix_maincf_md5_stretch in default_main_cf.stdout)
when: (postfix_force_main_cf | bool) or (main_cf_checksum.stdout in main_cf_known_checksums)
tags:
- postfix

View File

@ -1,8 +1,6 @@
---
- name: "mount /usr in rw"
ansible.builtin.command:
cmd: 'mount -o remount,rw /usr'
changed_when: False
- ansible.builtin.include_role:
name: evolix/remount-usr
tags: postfix
- name: copy spam.sh script

View File

@ -1,11 +1,9 @@
---
- name: ensure packages are installed
- name: Complementary packmail packages are installed
ansible.builtin.apt:
name:
- postfix
- postfix-ldap
- postfix-policyd-spf-python
- mailgraph
state: present
tags:
- postfix
@ -24,6 +22,10 @@
enabled: yes
state: started
- name: display checksums of known main.cf files
debug:
var: main_cf_known_checksums
- name: create packmail main.cf
ansible.builtin.template:
src: packmail_main.cf.j2
@ -33,7 +35,7 @@
mode: "0644"
force: true
notify: restart postfix
when: (postfix_force_main_cf | bool) or (postfix_maincf_md5_jessie in default_main_cf.stdout) or (postfix_maincf_md5_stretch in default_main_cf.stdout)
when: (postfix_force_main_cf | bool) or (main_cf_checksum.stdout in main_cf_known_checksums)
tags:
- postfix

View File

@ -66,7 +66,7 @@ smtpd_banner = $myhostname ESMTP mail server
# Indique le nom d'hote pleinement qualifie ou se trouve postfix [OBLIGATOIRE]
#par defaut, = [retour de la commande Unix hostname]
myhostname = {{ ansible_fqdn }}
myhostname = {{ postfix_hostname }}
# Variable indiquant le domaine dans lequel se trouve la machine
#par defaut, = [partie domain de la variable $myhostname]

View File

@ -1,5 +1,9 @@
---
## MD5 hash of default main.cf filter, obtained with this command :
# grep -v -E "^(myhostname|mydestination|mailbox_command)" /etc/postfix/main.cf | md5sum -
postfix_maincf_md5_jessie: "5450c05d65878e99dad696c7c722e511"
postfix_maincf_md5_stretch: "30022953f1f61f002bfb72e163ecb27e"
# Output of default main.cf:
# grep -v -E "^(myhostname|mydestination|mailbox_command)" /etc/postfix/main.cf | sha1sum | cut -d " " -f1
main_cf_known_checksums:
- 72bd6999f053ea89b359e233cf252616ee6e2fbb # bookworm
- efd078215285ad520addee5b11af869717627b95 # bullseye
- c7d1e008120565927b213be1bf646fddfa949dc6 # buster
- 8b4de47321a9c003bf414a683c0d056b4469b325 # stretch
- f72feb50754830a7d8ae46f28e86d758881bcfc3 # jessie