Replace postmap_macro by generic handling of map files

Merge existing handling of postfix lookup table/map files into a single
template. Mappings are read from pillar in `postfix:mapping`.
Configuration is written to the file pointed to by the relevant
directive in `postfix:config`. A single target file is supported at the
moment. The file is postmap'ed if needed.

The pillar accepts a dict or an OrderedDict.
This commit is contained in:
Gilles Dartiguelongue 2016-04-08 17:50:52 +02:00
parent 1442318df1
commit 62ab827c34
7 changed files with 78 additions and 92 deletions

View File

@ -5,22 +5,6 @@ postfix:
enable_service: True
virtual:
groupaliasexample:
- someuser_1@example.com
- someuser_2@example.com
singlealiasexample: 'someuser_3@example.com'
relay_domains:
example.com: 'OK'
sasl_passwd:
smtp.example.com: 'somepassword'
sender_canonical:
root: 'servers@example.com'
nagios: 'alerts@example.com'
postgrey:
enabled: True
enable_service: True
@ -62,6 +46,14 @@ postfix:
smtp_tls_cert_file: /etc/postfix/ssl/example.com-relay-client-cert.crt
smtp_tls_key_file: /etc/postfix/ssl/example.com-relay-client-cert.key
smtp_sasl_password_maps: hash:/etc/postfix/sasl_passwd
sender_canonical_maps: hash:/etc/postfix/sender_canonical
relay_recipient_maps: hash:/etc/postfix/relay_domains
virtual_alias_maps: hash:/etc/postfix/virtual
certificates:
server-cert:
public_cert: |
@ -88,3 +80,20 @@ postfix:
-----BEGIN RSA PRIVATE KEY-----
(Your Private key)
-----END RSA PRIVATE KEY-----
mapping:
smtp_sasl_password_maps:
- smtp.example.com: myaccount:somepassword
sender_canonical_maps:
- root: servers@example.com
- nagios: alerts@example.com
relay_recipient_maps:
- example.com: OK
virtual_alias_maps:
- groupaliasexample:
- someuser_1@example.com
- someuser_2@example.com
- singlealiasexample: someuser_3@example.com

19
postfix/files/mapping.j2 Normal file
View File

@ -0,0 +1,19 @@
# Managed by config management
{% if data is mapping -%}
{% for key, value in data.iteritems() -%}
{# Some settings, like virtual_alias_maps can take multiple values. Handle this case. -#}
{% if value is iterable and value is not string -%}
{% for item in value -%}
{{ key }} {{ item }}
{% endfor -%}
{% else -%}
{{ key }} {{ value }}
{% endif -%}
{% endfor -%}
{% else -%}
{# Some settings need order, handle OrderedDict -#}
{% for item in data -%}
{{ item.keys()[0] }} {{ item.values()[0] }}
{% endfor -%}
{% endif -%}

View File

@ -12,25 +12,6 @@ postfix:
- watch:
- pkg: postfix
{%- macro postmap_file(filename, mode=644) %}
{%- set file_path = '/etc/postfix/' ~ filename %}
postmap_{{ filename }}:
file.managed:
- name: {{ file_path }}
- source: salt://postfix/{{ filename }}
- user: root
- group: root
- mode: {{ mode }}
- template: jinja
- require:
- pkg: postfix
cmd.wait:
- name: /usr/sbin/postmap {{ file_path }}
- cwd: /
- watch:
- file: {{ file_path }}
{%- endmacro %}
# manage /etc/aliases if data found in pillar
{% if 'aliases' in pillar.get('postfix', '') %}
{{ postfix.aliases_file }}:
@ -51,22 +32,37 @@ run-newaliases:
- file: {{ postfix.aliases_file }}
{% endif %}
# manage /etc/postfix/virtual if data found in pillar
{% if 'virtual' in pillar.get('postfix', '') %}
{{ postmap_file('virtual') }}
{% endif %}
# manage /etc/postfix/relay_domains if data found in pillar
{% if 'relay_domains' in pillar.get('postfix', '') %}
{{ postmap_file('relay_domains') }}
{% endif %}
# manage /etc/postfix/sasl_passwd if data found in pillar
{% if 'sasl_passwd' in pillar.get('postfix', '') %}
{{ postmap_file('sasl_passwd', 600) }}
{% endif %}
# manage /etc/postfix/sender_canonical if data found in pillar
{% if 'sender_canonical' in pillar.get('postfix', '') %}
{{ postmap_file('sender_canonical') }}
{% endif %}
# manage various mappings
{% for mapping, data in salt['pillar.get']('postfix:mapping', {}).items() %}
{%- set need_postmap = False %}
{%- set file_path = salt['pillar.get']('postfix:config:' ~ mapping) %}
{%- if ':' in file_path %}
{%- set file_path = file_path.split(':')[1] %}
{%- set need_postmap = True %}
{%- endif %}
postfix_{{ mapping }}:
file.managed:
- name: {{ file_path }}
- source: salt://postfix/files/mapping.j2
- user: root
- group: root
{%- if mapping == 'smtp_sasl_password_maps' %}
- mode: 600
{%- else %}
- mode: 644
{%- endif %}
- template: jinja
- context:
data: {{ data|json() }}
- require:
- pkg: postfix
{%- if need_postmap %}
cmd.wait:
- name: /usr/sbin/postmap {{ file_path }}
- cwd: /
- watch:
- file: {{ file_path }}
- watch_in:
- service: postfix
{%- endif %}
{% endfor %}

View File

@ -1,7 +0,0 @@
# Managed by config management
{% set canonical = salt['pillar.get']('postfix:relay_domains',{}) -%}
{% if canonical is iterable -%}
{% for key,value in salt['pillar.get']('postfix:relay_domains',{}).iteritems() -%}
{{ key }} {{ value }}
{% endfor %}
{% endif %}

View File

@ -1,7 +0,0 @@
# Managed by config management
{% set canonical = salt['pillar.get']('postfix:sasl_passwd',{}) -%}
{% if canonical is iterable -%}
{% for key,value in salt['pillar.get']('postfix:sasl_passwd',{}).iteritems() -%}
{{ key }} {{ value }}
{% endfor %}
{% endif %}

View File

@ -1,7 +0,0 @@
# Managed by config management
{% set canonical = salt['pillar.get']('postfix:sender_canonical',{}) -%}
{% if canonical is iterable -%}
{% for key,value in salt['pillar.get']('postfix:sender_canonical',{}).iteritems() -%}
{{ key }} {{ value }}
{% endfor %}
{% endif %}

View File

@ -1,17 +0,0 @@
# Managed by config management
{% set virtual = salt['pillar.get']('postfix:virtual',{}) -%}
{# to have virtual file emptied, just set an empty key 'virtual' -#}
{% if virtual is iterable -%}
{% for key, value in virtual.iteritems() -%}
{# Mutiple values available for single key in virtual alias maps - ie for dist groups -#}
{# We test if list was provided as value, and iterate if so -#}
{% if value is iterable and value is not string -%}
{% for item in value -%}
{{key }} {{ item }}
{% endfor -%}
{% else -%}
{# ..otherwise expect it to be just a string for the value -#}
{{ key }} {{ value }}
{% endif -%}
{% endfor -%}
{% endif -%}