From d53d413806a1077e303fa08801a98ffa31e48dd1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?F=C3=A9lix-Antoine=20Fortin?= Date: Mon, 27 Sep 2021 13:29:00 -0400 Subject: [PATCH] Add postfix relayhost class --- Puppetfile | 1 + data/common.yaml | 5 +++ manifests/site.pp | 7 ++++ site/profile/manifests/base.pp | 5 +-- site/profile/manifests/mail.pp | 45 +++++++++++++++++++++---- site/profile/manifests/slurm.pp | 1 - site/profile/templates/base/postrun.epp | 2 +- 7 files changed, 56 insertions(+), 10 deletions(-) diff --git a/Puppetfile b/Puppetfile index 35d795176..de71fc977 100644 --- a/Puppetfile +++ b/Puppetfile @@ -20,6 +20,7 @@ mod 'puppet-fail2ban', '3.3.0' mod 'puppet-healthcheck', '1.0.1' mod 'puppet-logrotate', '5.0.0' mod 'puppet-nodejs', '8.1.0' +mod 'puppet-postfix', '2.0.0' mod 'puppet-prometheus', '10.2.0' mod 'puppet-selinux', '3.2.0' mod 'puppet-squid', '3.0.0' diff --git a/data/common.yaml b/data/common.yaml index 6ec5280f6..f1db28b8d 100644 --- a/data/common.yaml +++ b/data/common.yaml @@ -88,6 +88,7 @@ profile::reverse_proxy::mokey_subdomain: mokey prometheus::storage_retention: '48h' prometheus::storage_retention_size: '5GB' +profile::base::domain_name: "%{alias('terraform.data.domain_name')}" profile::base::sudoer_username: "%{alias('terraform.data.sudoer_username')}" profile::base::public_keys: "%{alias('terraform.data.public_keys')}" @@ -108,6 +109,10 @@ profile::freeipa::client::server_ip: "%{alias('terraform.tag_ip.mgmt.0')}" profile::consul::client::server_ip: "%{alias('terraform.tag_ip.puppet.0')}" profile::nfs::client::server_ip: "%{alias('terraform.tag_ip.nfs.0')}" +profile::mail::relayhost::origin: "%{alias('terraform.data.domain_name')}" +profile::mail::sender::origin: "%{alias('terraform.data.domain_name')}" +profile::mail::sender::relayhost_ip: "%{alias('terraform.tag_ip.public.0')}" + profile::nfs::server::devices: "%{alias('terraform.volumes.nfs')}" profile::reverse_proxy::domain_name: "%{alias('terraform.data.domain_name')}" diff --git a/manifests/site.pp b/manifests/site.pp index 81f72d52e..3376c9405 100644 --- a/manifests/site.pp +++ b/manifests/site.pp @@ -63,4 +63,11 @@ if 'mfa' in $instance_tags { include profile::mfa } + + if 'public' in $instance_tags { + include profile::mail::relayhost + } else { + include profile::mail::sender + } + } diff --git a/site/profile/manifests/base.pp b/site/profile/manifests/base.pp index 691c8aa31..b6554e376 100644 --- a/site/profile/manifests/base.pp +++ b/site/profile/manifests/base.pp @@ -1,4 +1,5 @@ class profile::base ( + String $domain_name, Array[String] $public_keys, String $sudoer_username = 'centos', Optional[String] $admin_email = undef, @@ -27,12 +28,12 @@ } if $admin_email { - include profile::mail::server file { '/opt/puppetlabs/bin/postrun': ensure => present, mode => '0700', content => epp('profile/base/postrun', { - 'email' => $admin_email, + 'email' => $admin_email, + 'domain' => $domain_name, }), } } diff --git a/site/profile/manifests/mail.pp b/site/profile/manifests/mail.pp index 81527db11..084277c67 100644 --- a/site/profile/manifests/mail.pp +++ b/site/profile/manifests/mail.pp @@ -1,9 +1,42 @@ -class profile::mail::server { - ensure_packages(['postfix'], { ensure => 'present'}) +class profile::mail::sender( + String $relayhost_ip, + String $origin, +) { + class { 'postfix': + inet_protocols => 'ipv4', + relayhost => $relayhost_ip, + myorigin => $origin, + satellite => true, + manage_mailx => false, + } + + postfix::config { 'authorized_submit_users': + ensure => present, + value => 'root, slurm', + } +} + +class profile::mail::relayhost( + String $origin, +) { + + $cidr = profile::getcidr() + $interface = split($::interfaces, ',')[0] + $ipaddress = $::networking['interfaces'][$interface]['ip'] + + class { 'postfix': + inet_interfaces => "127.0.0.1, ${ipaddress}", + inet_protocols => 'ipv4', + mynetworks => "127.0.0.0/8, ${cidr}", + myorigin => $origin, + mta => true, + relayhost => 'direct', + smtp_listen => 'all', + manage_mailx => false, + } - service { 'postfix': - ensure => running, - enable => true, - require => Package['postfix'], + postfix::config { 'authorized_submit_users': + ensure => present, + value => 'root, slurm', } } diff --git a/site/profile/manifests/slurm.pp b/site/profile/manifests/slurm.pp index 24fe9cd3c..62af6803f 100644 --- a/site/profile/manifests/slurm.pp +++ b/site/profile/manifests/slurm.pp @@ -308,7 +308,6 @@ # Slurm controller class. This where slurmctld is ran. class profile::slurm::controller { contain profile::slurm::base - include profile::mail::server file { '/usr/sbin/slurm_mail': ensure => 'present', diff --git a/site/profile/templates/base/postrun.epp b/site/profile/templates/base/postrun.epp index fc6749949..dc30e6712 100644 --- a/site/profile/templates/base/postrun.epp +++ b/site/profile/templates/base/postrun.epp @@ -10,7 +10,7 @@ if [[ $actions -lt 2 ]] && [[ ! -z "$email" ]]; then lines=($(journalctl -u puppet | grep -n -E 'Starting Puppet client|Applied catalog in' | cut -f 1 -d : | tail -n 2)) cat << EOF | /usr/sbin/sendmail $email To: $email -From: puppet@$(hostname -f) +From: $(hostname -s)-puppet-noreply@<%= $domain %> Subject: $(hostname -f) is online $(journalctl -u puppet | sed -n "${lines[0]},${lines[1]}p") EOF