From a28bd05b852c309e70aa8ff0491c12271ddd4461 Mon Sep 17 00:00:00 2001 From: Felipe Zipitria Date: Sun, 7 Jun 2020 09:26:56 -0300 Subject: [PATCH] fix(deps): fixes ordering where postmap requires sane main.cf Moved maps generation to config, and added dependency on main.cf generation. Solves centos8 problems. Signed-off-by: Felipe Zipitria --- docs/README.rst | 2 +- postfix/config.sls | 46 +++++ postfix/init.sls | 45 ----- .../default/controls/postfix_mysql.rb | 9 - test/salt/pillar/default.sls | 6 +- test/salt/pillar/postgrey.sls | 165 ------------------ 6 files changed, 50 insertions(+), 223 deletions(-) delete mode 100644 test/integration/default/controls/postfix_mysql.rb delete mode 100644 test/salt/pillar/postgrey.sls diff --git a/docs/README.rst b/docs/README.rst index b72068d..5c574ea 100644 --- a/docs/README.rst +++ b/docs/README.rst @@ -53,7 +53,7 @@ Installs and starts postfix SMTP server ``postfix.config`` ^^^^^^^^^^^^^^^^^^ -Manages postfix main.cf and optionally the master.cf configuration file +Manages postfix main.cf and optionally the master.cf configuration file. Generates mappings. ``postfix.policyd-spf`` ^^^^^^^^^^^^^^^^^^^^^^^ diff --git a/postfix/config.sls b/postfix/config.sls index d2f92a3..4c35a27 100644 --- a/postfix/config.sls +++ b/postfix/config.sls @@ -101,3 +101,49 @@ postfix_{{ domain }}_ssl_key: - service: postfix {% endfor %} + +# manage various mappings +{% for mapping, data in salt['pillar.get']('postfix:mapping', {}).items() %} + {%- set need_postmap = False %} + {%- set file_path = salt['pillar.get']('postfix:config:' ~ mapping) %} + {%- if file_path.startswith('proxy:') %} + {#- Discard the proxy:-prefix #} + {%- set _, file_type, file_path = file_path.split(':') %} + {%- elif ':' in file_path %} + {%- set file_type, file_path = file_path.split(':') %} + {%- else %} + {%- set file_type = default_database_type %} + {%- endif %} + {%- if not file_path.startswith('/') %} + {%- set file_path = postfix.config_path ~ '/' ~ file_path %} + {%- endif %} + {%- if file_type in ("btree", "cdb", "dbm", "hash", "sdbm") %} + {%- set need_postmap = True %} + {%- endif %} +postfix_{{ mapping }}: + file.managed: + - name: {{ file_path }} + - source: salt://postfix/files/mapping.j2 + - user: root + - group: {{ postfix.root_grp }} + {%- if mapping.endswith('_sasl_password_maps') %} + - mode: 600 + {%- else %} + - mode: 644 + {%- endif %} + - template: jinja + - context: + data: {{ data|json() }} + - require: + - pkg: postfix + - file: {{ postfix.config_path }}/main.cf + {%- if need_postmap %} + cmd.wait: + - name: {{ postfix.xbin_prefix }}/sbin/postmap {{ file_path }} + - cwd: / + - watch: + - file: {{ file_path }} + - watch_in: + - service: postfix + {%- endif %} +{% endfor %} diff --git a/postfix/init.sls b/postfix/init.sls index c178200..c4a0d4b 100644 --- a/postfix/init.sls +++ b/postfix/init.sls @@ -94,48 +94,3 @@ postfix_alias_absent_{{ user }}: {%- endfor %} {% endif %} {% endif %} - -# manage various mappings -{% for mapping, data in salt['pillar.get']('postfix:mapping', {}).items() %} - {%- set need_postmap = False %} - {%- set file_path = salt['pillar.get']('postfix:config:' ~ mapping) %} - {%- if file_path.startswith('proxy:') %} - {#- Discard the proxy:-prefix #} - {%- set _, file_type, file_path = file_path.split(':') %} - {%- elif ':' in file_path %} - {%- set file_type, file_path = file_path.split(':') %} - {%- else %} - {%- set file_type = default_database_type %} - {%- endif %} - {%- if not file_path.startswith('/') %} - {%- set file_path = postfix.config_path ~ '/' ~ file_path %} - {%- endif %} - {%- if file_type in ("btree", "cdb", "dbm", "hash", "sdbm") %} - {%- set need_postmap = True %} - {%- endif %} -postfix_{{ mapping }}: - file.managed: - - name: {{ file_path }} - - source: salt://postfix/files/mapping.j2 - - user: root - - group: {{ postfix.root_grp }} - {%- if mapping.endswith('_sasl_password_maps') %} - - mode: 600 - {%- else %} - - mode: 644 - {%- endif %} - - template: jinja - - context: - data: {{ data|json() }} - - require: - - pkg: postfix - {%- if need_postmap %} - cmd.wait: - - name: {{ postfix.xbin_prefix }}/sbin/postmap {{ file_path }} - - cwd: / - - watch: - - file: {{ file_path }} - - watch_in: - - service: postfix - {%- endif %} -{% endfor %} diff --git a/test/integration/default/controls/postfix_mysql.rb b/test/integration/default/controls/postfix_mysql.rb deleted file mode 100644 index 6ded085..0000000 --- a/test/integration/default/controls/postfix_mysql.rb +++ /dev/null @@ -1,9 +0,0 @@ -# frozen_string_literal: true - -control 'Postfix mysql' do - title 'should be installed' - - describe port(25) do - it { should be_listening } - end -end diff --git a/test/salt/pillar/default.sls b/test/salt/pillar/default.sls index e793b5e..997e736 100644 --- a/test/salt/pillar/default.sls +++ b/test/salt/pillar/default.sls @@ -11,16 +11,16 @@ postfix: smtp: # Limit to no more than 10 smtp processes maxproc: 10 - # Enable oldstyle TLS wrapped SMTP + # Disable oldstyle TLS wrapped SMTP smtps: - enable: true + enable: false # Enable submission service on port 587/tcp with custom options submission: enable: true args: - "-o smtpd_tls_security_level=encrypt" - "-o smtpd_sasl_auth_enable=yes" - - "-o smtpd_client_restrictions: permit_sasl_authenticated,reject" + - "-o smtpd_client_restrictions=permit_sasl_authenticated,reject" tlsproxy: enable: true chroot: true diff --git a/test/salt/pillar/postgrey.sls b/test/salt/pillar/postgrey.sls deleted file mode 100644 index 602be0e..0000000 --- a/test/salt/pillar/postgrey.sls +++ /dev/null @@ -1,165 +0,0 @@ -# -*- coding: utf-8 -*- -# vim: ft=yaml ---- -postfix: - manage_master_config: true - master_config: - # Preferred way of managing services/processes. This allows for finegrained - # control over each service. See postfix/services.yaml for defaults that can - # be overridden. - services: - smtp: - # Limit to no more than 10 smtp processes - maxproc: 10 - # Enable oldstyle TLS wrapped SMTP - smtps: - enable: true - # Enable submission service on port 587/tcp with custom options - submission: - enable: true - args: - - "-o smtpd_tls_security_level=encrypt" - - "-o smtpd_sasl_auth_enable=yes" - - "-o smtpd_client_restrictions: permit_sasl_authenticated,reject" - tlsproxy: - enable: true - chroot: true - - # Backwards compatible definition of dovecot delivery in master.cf - enable_dovecot: false - # Backwards compatible definition of submission listener in master.cf - enable_submission: false - - enable_service: true - reload_service: true - - postgrey: - enabled: true - enable_service: true - location: inet:127.0.0.1:10030 - - config: - smtpd_banner: $myhostname ESMTP $mail_name - smtp_tls_CApath: /etc/ssl/certs - biff: 'no' - append_dot_mydomain: 'no' - readme_directory: 'no' - myhostname: localhost - mydestination: localhost, localhost.localdomain - relayhost: '' - mynetworks: 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 - mailbox_size_limit: 0 - recipient_delimiter: + - # using all has problems in centos with ipv6 - inet_interfaces: 127.0.0.1 - inet_protocols: all - - # Alias - alias_maps: hash:/etc/aliases - # This is the list of files for the newaliases - # cmd to process (see postconf(5) for details). - # Only local hash/btree/dbm files: - alias_database: hash:/etc/aliases - - local_transport: virtual - local_recipient_maps: $virtual_mailbox_maps - transport_maps: hash:/etc/postfix/transport - - # SMTP server - smtpd_tls_session_cache_database: btree:${data_directory}/smtpd_scache - smtpd_use_tls: 'yes' - smtpd_sasl_auth_enable: 'yes' - smtpd_sasl_type: dovecot - smtpd_sasl_path: /var/run/dovecot/auth-client - smtpd_recipient_restrictions: >- - permit_mynetworks, - permit_sasl_authenticated, - reject_unauth_destination - smtpd_relay_restrictions: >- - permit_mynetworks, - permit_sasl_authenticated, - reject_unauth_destination - smtpd_sasl_security_options: noanonymous - smtpd_sasl_tls_security_options: $smtpd_sasl_security_options - smtpd_tls_auth_only: 'yes' - smtpd_sasl_local_domain: $mydomain - smtpd_tls_loglevel: 1 - smtpd_tls_session_cache_timeout: 3600s - - relay_domains: '$mydestination' - - # SMTP server certificate and key (from pillar data) - smtpd_tls_cert_file: /etc/postfix/ssl/server-cert.crt - smtpd_tls_key_file: /etc/postfix/ssl/server-cert.key - - # SMTP client - smtp_tls_session_cache_database: btree:${data_directory}/smtp_scache - smtp_use_tls: 'yes' - smtp_tls_cert_file: /etc/postfix/ssl/example.com-relay-client-cert.crt - smtp_tls_key_file: /etc/postfix/ssl/example.com-relay-client-cert.key - smtp_tls_policy_maps: hash:/etc/postfix/tls_policy - - smtp_sasl_password_maps: hash:/etc/postfix/sasl_passwd - sender_canonical_maps: hash:/etc/postfix/sender_canonical - relay_recipient_maps: hash:/etc/postfix/relay_domains - virtual_alias_maps: hash:/etc/postfix/virtual - - aliases: - # manage single aliases - # this uses the aliases file defined in the minion config, /etc/aliases by default - use_file: false - present: - root: info@example.com - absent: - - root - - certificates: - server-cert: - public_cert: | - -----BEGIN CERTIFICATE----- - (Your primary SSL certificate: smtp.example.com.crt) - -----END CERTIFICATE----- - -----BEGIN CERTIFICATE----- - (Your intermediate certificate: example-ca.crt) - -----END CERTIFICATE----- - -----BEGIN CERTIFICATE----- - (Your root certificate: trusted-root.crt) - -----END CERTIFICATE----- - private_key: | - -----BEGIN RSA PRIVATE KEY----- - (Your Private key) - -----END RSA PRIVATE KEY----- - - example.com-relay-client-cert: - public_cert: | - -----BEGIN CERTIFICATE----- - (Your primary SSL certificate: smtp.example.com.crt) - -----END CERTIFICATE----- - private_key: | - -----BEGIN RSA PRIVATE KEY----- - (Your Private key) - -----END RSA PRIVATE KEY----- - - mapping: - transport_maps: - - example.com: '10.1.1.1' - - smtp_tls_policy_maps: - - example.com: encrypt - - .example.com: encrypt - - smtp_sasl_password_maps: - - smtp.example.com: myaccount:somepassword - - sender_canonical_maps: - - root: servers@example.com - - nagios: alerts@example.com - - relay_recipient_maps: - - example.com: OK - - virtual_alias_maps: - - groupaliasexample: - - someuser_1@example.com - - someuser_2@example.com - - singlealiasexample: someuser_3@example.com