Permalink
Browse files

[COOK-3328] Refactor main.cf template and attributes

Signed-off-by: Seth Vargo <sethvargo@gmail.com>
  • Loading branch information...
1 parent 3d18ce0 commit 0108248ac4bf430334a9863694e55498d8751614 Eric G. Wolfe committed with sethvargo Aug 24, 2013
View
@@ -1,3 +1,12 @@
+## v3.?.?:
+
+- [COOK-3328]: Refactor main.cf template and attributes for greater flexibility.
+
+**Breaking changes**:
+
+- Attributes are namespaced as `node['postfix']`, `node['postfix']['main']`,
+ and `node['postfix']['master']`.
+
## v2.1.6:
### Bug
View
181 README.md
@@ -23,79 +23,63 @@ Attributes
See `attributes/default.rb` for default values.
+
+## Generic cookbook attributes
+
* `node['postfix']['mail_type']` - Sets the kind of mail
configuration. `master` will set up a server (relayhost).
-* `node['postfix']['myhostname']` - corresponds to the myhostname
- option in `/etc/postfix/main.cf`.
-* `node['postfix']['mydomain']` - corresponds to the mydomain option
- in `/etc/postfix/main.cf`.
-* `node['postfix']['myorigin']` - corresponds to the myorigin option
- in `/etc/postfix/main.cf`.
-* `node['postfix']['relayhost']` - corresponds to the relayhost option
- in `/etc/postfix/main.cf`.
* `node['postfix']['relayhost_role']` - name of a role used for search
in the client recipe.
* `node['postfix']['multi_environment_relay']` - set to true if nodes
should not constrain search for the relayhost in their own
environment.
-* `node['postfix']['inet_interfaces']` - if set, corresponds to the
- inet_interfaces option in `/etc/postfix/main.cf`. nil by default,
- which will result in 'all' for master `mail_type` and
- 'loopback-only' for non-master (anything else) `mail_type`.
-* `node['postfix']['mail_relay_networks']` - corresponds to the
- mynetworks option in `/etc/postfix/main.cf`.
-* `node['postfix']['smtpd_use_tls']` - set to "yes" to use TLS for
- SMTPD, which will use the snakeoil certs.
-* `node['postfix']['smtp_sasl_auth_enable']` - set to "yes" to enable
- SASL authentication for SMTP.
-* `node['postfix']['smtp_sasl_password_maps']` - corresponds to the
- `smtp_sasl_password_maps` option in `/etc/postfix/main.cf`.
-* `node['postfix']['smtp_sasl_security_options']` - corresponds to the
- `smtp_sasl_security_options` option in `/etc/postfix/main.cf`.
-* `node['postfix']['smtp_tls_cafile']` - corresponds to the
- `smtp_tls_CAfile` option in `/etc/postfix/main.cf`.
-* `node['postfix']['smtp_use_tls']` - corresponds to the
- `smtp_use_tls` option in `/etc/postfix/main.cf`.
-* `node['postfix']['smtp_sasl_user_name']` - mapped in the
- `sasl_passwd` file as the user to authenticate as.
-* `node['postfix']['smtp_sasl_passwd']` - mapped in the `sasl_passwd`
- file as the password to use.
+* `node['postfix']['use_procmail']` - set to true if nodes should use
+ procmail as the delivery agent.
* `node['postfix']['aliases']` - hash of aliases to create with
`recipe[postfix::aliases]`, see below under __Recipes__ for more
information.
-* `node['postfix']['use_procmail']` - set to true if nodes should use
- procmail as the delivery agent (mailbox_command).
-* `node['postfix']['milter_default_action']` - corresponds to the
- `milter_default_action` option in `/etc/postfix/main.cf`.
-* `node['postfix']['milter_protocol']` - corresponds to the
- `milter_protocol` option in `/etc/postfix/main.cf`.
-* `node['postfix']['smtpd_milters']` - corresponds to the
- `smtpd_milters` option in `/etc/postfix/main.cf`.
-* `node['postfix']['non_smtpd_milters']` - corresponds to the
- `non_smtpd_milters` option in `/etc/postfix/main.cf`.
-* `node['postfix']['inet_interfaces']` - interfaces to listen to, all
- or loopback-only
-* `node['postfix']['sender_canonical_classes']` - controls what
- addresses are subject to `sender_canonical_maps` address mapping,
- specify one or more of: `envelope_sender`, `header_sender` - defaults to
- nil
-* `node['postfix']['recipient_canonical_classes']` - controls what
- addresses are subject to `recipient_canonical_maps` address mapping,
- specify one or more of: `envelope_recipient`, `header_recipient` -
- defaults to nil
-* `node['postfix']['canonical_classes']` - controls what addresses are
- subject to `canonical_maps` address mapping, specify one or more of:
- `envelope_sender`, `envelope_recipient`, `header_sender`,
- `header_recipient` - defaults to nil
-* `node['postfix']['sender_canonical_maps']` - optional address
- mapping lookup tables for envelope and header sender addresses, eg.
- `hash:/etc/postfix/sender_canonical` - defaults to nil
-* `node['postfix']['recipient_canonical_maps']` - optional address
- mapping lookup tables for envelope and header recipient addresses,
- eg. `hash:/etc/postfix/recipient_canonical` - defaults to nil
-* `node['postfix']['canonical_maps']` - optional address mapping
- lookup tables for message headers and envelopes, eg.
- `hash:/etc/postfix/canonical` - defaults to nil
+* `node['postfix']['main_template_source']` - Cookbook source for main.cf template. Default 'postfix'
+* `node['postfix']['master_template_source']` - Cookbook source for master.cf template. Default 'postfix'
+
+## main.cf and sasl\_passwd template attributes
+
+The main.cf template has been simplified to include any attributes in the `node['postfix']['main']`
+data structure. The following attributes are still included with this cookbook
+to maintain some semblance of backwards compatibility.
+
+This change in namespace to `node['postfix']['main']` should allow for greater flexibility,
+given the large number of configuration variables for the postfix daemon. All of these cookbook
+attributes correspond to the option of the same name in `/etc/postfix/main.cf`.
+
+* `node['postfix']['main']['biff']` - (yes/no); default no
+* `node['postfix']['main']['append_dot_mydomain']` - (yes/no); default no
+* `node['postfix']['main']['myhostname']` - defaults to fqdn from Ohai
+* `node['postfix']['main']['mydomain']` - defaults to domain from Ohai
+* `node['postfix']['main']['myorigin']` - defaults to $myhostname
+* `node['postfix']['main']['mynetworks']` - default is `127.0.0.0/8`
+* `node['postfix']['main']['inet_interfaces']` - set to `loopback-only`, or `all` for server recipe
+* `node['postfix']['main']['alias_maps']` - set to `hash:/etc/aliases`
+* `node['postfix']['main']['mailbox_size_limit']` - set to `0` (disabled)
+* `node['postfix']['main']['recipient_delimiter']` - set to `+`
+* `node['postfix']['main']['mydestination']` - default fqdn, hostname, localhost.localdomain, localhost
+* `node['postfix']['main']['smtpd_use_tls']` - (yes/no); default yes. See conditional cert/key attributes.
+ - `node['postfix']['main']['smtpd_tls_cert_file']` - conditional attribute, set to full path of server's x509 certificate.
+ - `node['postfix']['main']['smtpd_tls_key_file']` - conditional attribute, set to full path of server's private key
+ - `node['postfix']['main']['smtpd_tls_CAfile']` - set to platform specific CA bundle
+ - `node['postfix']['main']['smtpd_tls_session_cache_database']` - set to `btree:${data_directory}/smtpd_scache`
+* `node['postfix']['main']['smtp_use_tls']` - (yes/no); default yes. See following conditional attributes.
+ - `node['postfix']['main']['smtp_tls_CAfile']` - set to platform specific CA bundle
+ - `node['postfix']['main']['smtp_tls_session_cache_database']` - set to `btree:${data_directory}/smtpd_scache`
+* `node['postfix']['main']['smtp_sasl_auth_enable']` - (yes/no); default no. If enabled, see following conditional attributes.
+ - `node['postfix']['main']['smtp_sasl_password_maps']` - Set to `hash:/etc/postfix/sasl_passwd` template file
+ - `node['postfix']['main']['smtp_sasl_security_options']` - Set to noanonymous
+ - `node['postfix']['main']['relayhost']` - Set to empty string
+ - `node['postfix']['sasl']['smtp_sasl_user_name']` - SASL user to authenticate as. Default empty
+ - `node['postfix']['sasl']['smtp_sasl_passwd']` - SASL password to use. Default empty.
+
+## master.cf template attributes
+
+* `node['postfix']['master']['submission'] - Whether to use submission (TCP 587) daemon. (true/false); default false
Recipes
=======
@@ -115,7 +99,7 @@ client
------
Use this recipe to have nodes automatically search for the mail relay
-based which node has the `node['postfix']['relayhost']` role. Sets the
+based which node has the `node['postfix']['relayhost_role']` role. Sets the
`node['postfix']['relayhost']` attribute to the first result from the
search.
@@ -168,7 +152,7 @@ is `master`. See __Examples__ for information on how to use
`recipe[postfix::server]` to do this automatically.
If you need to use SASL authentication to send mail through your ISP
-(such as on a home network), use `recipe[postfix::sasl_auth]` and set
+(such as on a home network), use `postfix::sasl_auth` and set
the appropriate attributes.
For each of these implementations, see __Examples__ for role usage.
@@ -185,26 +169,30 @@ The `base` role is applied to all nodes in the environment.
name "base"
run_list("recipe[postfix]")
override_attributes(
+ "mail_type" => "client",
"postfix" => {
- "mail_type" => "client",
- "mydomain" => "example.com",
- "myorigin" => "example.com",
- "relayhost" => "[smtp.example.com]",
- "smtp_use_tls" => "no"
+ "main" => {
+ "mydomain" => "example.com",
+ "myorigin" => "example.com",
+ "relayhost" => "[smtp.example.com]",
+ "smtp_use_tls" => "no"
+ }
}
)
The `relayhost` role is applied to the nodes that are relayhosts.
Often this is 2 systems using a CNAME of `smtp.example.com`.
name "relayhost"
- run_list("recipe[postfix]")
+ run_list("recipe[postfix::server]")
override_attributes(
"postfix" => {
- "mail_relay_networks" => "10.3.3.0/24",
"mail_type" => "master",
- "mydomain" => "example.com",
- "myorigin" => "example.com"
+ "main" => {
+ "mynetworks" => [ "10.3.3.0/24", "127.0.0.0/8" ],
+ "inet-interfaces" => "all",
+ "mydomain" => "example.com",
+ "myorigin" => "example.com"
}
)
@@ -217,14 +205,17 @@ access to SMTP.
run_list("recipe[postfix], recipe[postfix::sasl_auth]")
override_attributes(
"postfix" => {
- "mail_relay_networks" => "10.3.3.0/24",
"mail_type" => "master",
- "mydomain" => "example.com",
- "myorigin" => "example.com",
- "relayhost" => "[smtp.comcast.net]:587",
- "smtp_sasl_auth_enable" => "yes",
- "smtp_sasl_passwd" => "your_password",
- "smtp_sasl_user_name" => "your_username"
+ "main" => {
+ "mynetworks" => "10.3.3.0/24",
+ "mail_type" => "master",
+ "mydomain" => "example.com",
+ "myorigin" => "example.com",
+ "relayhost" => "[smtp.comcast.net]:587",
+ "smtp_sasl_auth_enable" => "yes",
+ "smtp_sasl_passwd" => "your_password",
+ "smtp_sasl_user_name" => "your_username"
+ }
}
)
@@ -241,9 +232,11 @@ If you'd like to use the more dynamic search based approach for discovery, use t
run_list("recipe[postfix::server]")
override_attributes(
"postfix" => {
- "mail_relay_networks" => "10.3.3.0/24",
- "mydomain" => "example.com",
- "myorigin" => "example.com"
+ "main" => {
+ "mynetworks" => "10.3.3.0/24",
+ "mydomain" => "example.com",
+ "myorigin" => "example.com"
+ }
}
)
@@ -254,8 +247,10 @@ Then, add the `postfix::client` recipe to the run list of your `base` role or eq
override_attributes(
"postfix" => {
"mail_type" => "client",
- "mydomain" => "example.com",
- "myorigin" => "example.com"
+ "main" => {
+ "mydomain" => "example.com",
+ "myorigin" => "example.com"
+ }
}
)
@@ -266,9 +261,11 @@ If you wish to use a different role name for the relayhost, then also set the at
run_list("recipe[postfix::server]")
override_attributes(
"postfix" => {
- "mail_relay_networks" => "10.3.3.0/24",
- "mydomain" => "example.com",
- "myorigin" => "example.com"
+ "main" => {
+ "mynetworks" => "10.3.3.0/24",
+ "mydomain" => "example.com",
+ "myorigin" => "example.com"
+ }
}
)
@@ -280,8 +277,10 @@ The base role would look something like this:
"postfix" => {
"relayhost_role" => "postfix_master",
"mail_type" => "client",
- "mydomain" => "example.com",
- "myorigin" => "example.com"
+ "main" => {
+ "mydomain" => "example.com",
+ "myorigin" => "example.com"
+ }
}
)
View
@@ -15,37 +15,75 @@
# See the License for the specific language governing permissions and
# limitations under the License.
+# Generic cookbook attributes
default['postfix']['mail_type'] = "client"
-default['postfix']['myhostname'] = node['fqdn']
-default['postfix']['mydomain'] = node['domain']
-default['postfix']['myorigin'] = "$myhostname"
-default['postfix']['relayhost'] = ""
-default['postfix']['mail_relay_networks'] = "127.0.0.0/8"
-default['postfix']['relayhost_role'] = "relayhost"
+default['postfix']['relayhost_role'] = "relayhost"
default['postfix']['multi_environment_relay'] = false
-default['postfix']['inet_interfaces'] = nil
+default['postfix']['use_procmail'] = false
+default['postfix']['aliases'] = {}
+default['postfix']['main_template_source'] = "postfix"
+default['postfix']['master_template_source'] = "postfix"
-default['postfix']['smtpd_use_tls'] = "yes"
-default['postfix']['smtp_sasl_auth_enable'] = "no"
-default['postfix']['smtp_sasl_password_maps'] = "hash:/etc/postfix/sasl_passwd"
-default['postfix']['smtp_sasl_security_options'] = "noanonymous"
-default['postfix']['smtp_tls_cafile'] = "/etc/postfix/cacert.pem"
-default['postfix']['smtp_use_tls'] = "yes"
-default['postfix']['smtp_sasl_user_name'] = ""
-default['postfix']['smtp_sasl_passwd'] = ""
+# Non-default main.cf attributes
+default['postfix']['main']['biff'] = "no"
+default['postfix']['main']['append_dot_mydomain'] = "no"
+default['postfix']['main']['myhostname'] = node['fqdn']
+default['postfix']['main']['mydomain'] = node['domain']
+default['postfix']['main']['myorigin'] = "$myhostname"
+default['postfix']['main']['mydestination'] = [ node['postfix']['main']['myhostname'], node['hostname'], "localhost.localdomain", "localhost" ]
+default['postfix']['main']['smtpd_use_tls'] = "yes"
+default['postfix']['main']['smtp_use_tls'] = "yes"
+default['postfix']['main']['alias_maps'] = [ "hash:/etc/aliases" ]
+default['postfix']['main']['mailbox_size_limit'] = 0
+default['postfix']['main']['recipient_delimiter'] = "+"
+default['postfix']['main']['smtp_sasl_auth_enable'] = "no"
+default['postfix']['main']['mynetworks'] = "127.0.0.0/8"
+default['postfix']['main']['inet_interfaces'] = "loopback-only"
-default['postfix']['use_procmail'] = false
+# Conditional attributes
+case node['platform_family']
+when "rhel"
+ cafile = "/etc/pki/tls/cert.pem"
+else
+ cafile = "/etc/postfix/cacert.pem"
+end
-default['postfix']['milter_default_action'] = "tempfail"
-default['postfix']['milter_protocol'] = "6"
-default['postfix']['smtpd_milters'] = ""
-default['postfix']['non_smtpd_milters'] = ""
+if node['postfix']['use_procmail']
+ default['postfix']['main']['mailbox_command'] = '/usr/bin/procmail -a "$EXTENSION"'
+end
-default['postfix']['aliases'] = {}
+if node['postfix']['main']['smtpd_use_tls'] == "yes"
+ default['postfix']['main']['smtpd_tls_cert_file'] = "/etc/ssl/certs/ssl-cert-snakeoil.pem"
+ default['postfix']['main']['smtpd_tls_key_file'] = "/etc/ssl/private/ssl-cert-snakeoil.key"
+ default['postfix']['main']['smtpd_tls_CAfile'] = cafile
+ default['postfix']['main']['smtpd_tls_session_cache_database'] = "btree:${data_directory}/smtpd_scache"
+end
+
+if node['postfix']['main']['smtp_use_tls'] == "yes"
+ default['postfix']['main']['smtp_tls_CAfile'] = cafile
+ default['postfix']['main']['smtp_tls_session_cache_database'] = "btree:${data_directory}/smtp_scache"
+end
+
+if node['postfix']['main']['smtp_sasl_auth_enable'] == "yes"
+ default['postfix']['main']['smtp_sasl_password_maps'] = "hash:/etc/postfix/sasl_passwd"
+ default['postfix']['main']['smtp_sasl_security_options'] = "noanonymous"
+ default['postfix']['sasl']['smtp_sasl_user_name'] = ""
+ default['postfix']['sasl']['smtp_sasl_passwd'] = ""
+ default['postfix']['main']['relayhost'] = ""
+end
+
+# Default main.cf attributes according to `postconf -d`
+#default['postfix']['main']['relayhost'] = ""
+#default['postfix']['main']['milter_default_action'] = "tempfail"
+#default['postfix']['main']['milter_protocol'] = "6"
+#default['postfix']['main']['smtpd_milters'] = ""
+#default['postfix']['main']['non_smtpd_milters'] = ""
+#default['postfix']['main']['sender_canonical_classes'] = nil
+#default['postfix']['main']['recipient_canonical_classes'] = nil
+#default['postfix']['main']['canonical_classes'] = nil
+#default['postfix']['main']['sender_canonical_maps'] = nil
+#default['postfix']['main']['recipient_canonical_maps'] = nil
+#default['postfix']['main']['canonical_maps'] = nil
-default['postfix']['sender_canonical_classes'] = nil
-default['postfix']['recipient_canonical_classes'] = nil
-default['postfix']['canonical_classes'] = nil
-default['postfix']['sender_canonical_maps'] = nil
-default['postfix']['recipient_canonical_maps'] = nil
-default['postfix']['canonical_maps'] = nil
+# Master.cf attributes
+default['postfix']['master']['submission'] = false
Oops, something went wrong.

0 comments on commit 0108248

Please sign in to comment.