tmakinen/puppet
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Refactored sendmail::server.

Browse source
This commit is contained in:
Timo Mkinen 2012-05-10 09:02:15 +03:00
parent 28682778ac
commit ec7c903536
4 changed files with 228 additions and 37 deletions
Download patch file Download diff file Expand all files Collapse all files

203
sendmail/manifests/init.pp
View file

@ -112,24 +112,65 @@ class sendmail::client::msa inherits sendmail::client {
# Configure Sendmail server.
#
# $sendmail_domain:
# $mail_domain:
# SMTP domain name.
#
# $sendmail_auth_mech:
# List of authentication mechanisms to use. Defaults to PLAIN and LOGIN.
#
# $sendmail_ssl_key:
#
# $sendmail_ssl_cert:
#
class sendmail::server inherits sendmail::common {
include procmail
if !$sendmail_auth_mech {
$sendmail_auth_mech = [ "PLAIN", "LOGIN", ]
}
$ssl_key = basename($sendmail_ssl_key)
$ssl_cert = basename($sendmail_ssl_cert)
if $sendmail_ssl_chain {
$ssl_chain = basename($sendmail_ssl_chain)
}
case $operatingsystem {
centos,redhat: {
$sendmail_ostype = "linux"
$group = "root"
"centos","fedora": {
File["/etc/sysconfig/sendmail"] {
content => "DAEMON=yes\nQUEUE=1h\n",
}
} ubuntu: {
fail("Operating system not supported.")
} openbsd: {
$sendmail_ostype = "openbsd"
$group = "wheel"
}
default: {
fail("sendmail::server not supported in '${::operatingsystem}'")
}
}
file { "/etc/pki/tls/private/${ssl_key}":
ensure => present,
source => $sendmail_ssl_key,
mode => "0600",
owner => "root",
group => "root",
notify => Service["sendmail"],
}
file { "/etc/pki/tls/certs/${ssl_cert}":
ensure => present,
source => $sendmail_ssl_cert,
mode => "0644",
owner => "root",
group => "root",
notify => Service["sendmail"],
}
if $ssl_chain {
file { "/etc/pki/tls/certs/${ssl_chain}":
ensure => present,
source => $sendmail_ssl_chain,
mode => "0644",
owner => "root",
group => "root",
notify => Service["sendmail"],
}
}
@ -140,47 +181,151 @@ class sendmail::server inherits sendmail::common {
},
content => template("sendmail/sendmail.mc.erb"),
owner => "root",
group => $group,
group => "root",
mode => "0644",
notify => Exec["make sendmail.cf"],
}
file { "/etc/aliases":
ensure => present,
notify => Exec["newaliases"],
owner => "root",
group => $group,
mode => "0644",
}
exec { "make sendmail.cf":
path => "/bin:/usr/bin:/sbin:/usr/sbin",
path => "/bin:/usr/bin:/sbin:/usr/sbin:/etc/mail",
cwd => $operatingsystem ? {
openbsd => "/usr/share/sendmail/cf",
default => "/etc/mail",
"openbsd" => "/usr/share/sendmail/cf",
default => "/etc/mail",
},
require => $operatingsystem ? {
openbsd => undef,
default => Package["sendmail"],
"openbsd" => undef,
default => Package["sendmail"],
},
refreshonly => true,
}
file { "/etc/mail/sendmail.cf":
ensure => present,
owner => "root",
group => $group,
mode => "0644",
owner => "root",
group => "root",
source => $operatingsystem ? {
openbsd => "/usr/share/sendmail/cf/sendmail.cf",
default => undef,
"openbsd" => "/usr/share/sendmail/cf/sendmail.cf",
default => undef,
},
require => Exec["make sendmail.cf"],
notify => Service["sendmail"],
}
file { "/etc/mail/certs":
ensure => directory,
mode => "0755",
owner => "root",
group => "root",
}
exec { "populate-etc-mail-certs":
path => "/bin:/usr/bin:/sbin:/usr/sbin",
command => "csplit /etc/pki/tls/certs/ca-bundle.crt '/BEGIN/' '{*}' ; sh -c 'for i in x* ; do name=`openssl x509 -hash -noout -in \$i`.0 ; openssl x509 -hash -in \$i -out \$name ; done' && rm -f x* .0",
cwd => "/etc/mail/certs",
onlyif => "find /etc/mail/certs ! -newer /etc/pki/tls/certs/ca-bundle.crt | egrep '.*' || [ -z \"`ls /etc/mail/certs`\" ]",
require => File["/etc/mail/certs"],
before => Service["sendmail"],
}
file { "/etc/aliases":
ensure => present,
name => $operatingsystem ? {
"openbsd" => "/etc/mail/aliases",
default => "/etc/aliases",
},
source => [
"puppet:///files/mail/aliases",
"puppet:///modules/sendmail/aliases",
],
mode => "0644",
owner => "root",
group => "root",
notify => Exec["newaliases"],
}
exec { "newaliases":
path => "/bin:/usr/bin:/sbin:/usr/sbin",
refreshonly => true,
}
file { "/etc/mail/access":
ensure => present,
source => [
"puppet:///files/mail/access",
"puppet:///modules/sendmail/empty",
],
mode => "0644",
owner => "root",
group => "root",
notify => Exec["make access.db"],
}
exec { "make access.db":
path => "/bin:/usr/bin:/sbin:/usr/sbin",
command => "makemap hash /etc/mail/access < /etc/mail/access",
refreshonly => true,
notify => Service["sendmail"],
}
file { "/etc/mail/genericstable":
ensure => present,
source => [
"puppet:///files/mail/genericstable",
"puppet:///modules/sendmail/empty",
],
mode => "0644",
owner => "root",
group => "root",
notify => Exec["make genericstable.db"],
}
exec { "make genericstable.db":
path => "/bin:/usr/bin:/sbin:/usr/sbin",
command => "makemap hash /etc/mail/genericstable < /etc/mail/genericstable",
refreshonly => true,
notify => Service["sendmail"],
}
file { "/etc/mail/mailertable":
ensure => present,
source => [
"puppet:///files/mail/mailertable",
"puppet:///modules/sendmail/empty",
],
mode => "0644",
owner => "root",
group => "root",
notify => Exec["make mailertable.db"],
}
exec { "make mailertable.db":
path => "/bin:/usr/bin:/sbin:/usr/sbin",
command => "makemap hash /etc/mail/mailertable < /etc/mail/mailertable",
refreshonly => true,
notify => Service["sendmail"],
}
file { "/etc/mail/virtusertable":
ensure => present,
source => [
"puppet:///files/mail/virtusertable",
"puppet:///modules/sendmail/empty",
],
mode => "0644",
owner => "root",
group => "root",
notify => Exec["make virtusertable.db"],
}
exec { "make virtusertable.db":
path => "/bin:/usr/bin:/sbin:/usr/sbin",
command => "makemap hash /etc/mail/virtusertable < /etc/mail/virtusertable",
refreshonly => true,
notify => Service["sendmail"],
}
file { "/etc/mail/local-host-names":
ensure => present,
source => [
"puppet:///files/mail/local-host-names",
"puppet:///modules/sendmail/local-host-names",
],
mode => "0644",
owner => "root",
group => "root",
}
}