thias / puppet-postfix Goto Github PK
View Code? Open in Web Editor NEWPuppet Postfix module
License: Other
Puppet Postfix module
License: Other
The server class should support smtpd_milters and other related configs
While trying to install on a new system from scratch I noticed that Postfix::File[header_checks]
and Postfix::File[body_checks]
attempt to be created before the postfix package is installed or the $postfixdir
exists. For that matter there doesn't appear to be any check to ensure that the postfix directory exists and postfix::server
does not expose as a parameter like postfix::file
does but the call to postfix::file
from within postfix::server
doesn't pass the postfixdir
so it uses the default.
When changing the listening interface, the service should restart
instead of just doing a reload
. Otherwise the changes won't take effect without manual intervention or a restart.
Consider separating config lines that require a restart into a separate file, then when Puppet sees changes to that file it should notify the service to restart.
Since postfix 2.6 it is possible to use master_service_disable to disable services.
Currently postfix::server sets the postfix package to 'installed', I need to be able to set it to latest
Is there a specific module that is expected to be installed for 'clamav => true' to work?
I can't find a module in the forge that has a clamav::smtp class...
Cheers,
Tim
The daemon_directory path has changed with v3, and the module should account for that.
I used the following work-around for Ubuntu Xenial:
if $::operatingsystem == 'Ubuntu' and versioncmp($::operatingsystemrelease,'16.04') >=0 {
class { '::postfix::server':
relayhost => $smarthost,
daemon_directory => '/usr/lib/postfix/sbin',
}
} else {
class { '::postfix::server':
relayhost => $smarthost,
}
}
Thanks,
i.
Any chance for this module to support Ubuntu 16.04?
Hi there,
Would you please consider making an updated release on Puppet Forge?
0.3.3 does not work on CentOS 7 and I suspect this is problematic for many people.
Thanks,
Jonathan
The configuration parameters smtp_bind_address, smtp_bind_address6 and smtp_helo_name can actually only be set using extra_main_parameters. So support for these should be added using the following default values:
smtp_bind_address =
smtp_bind_address6 =
smtp_helo_name = $myhostname
The aliases
file needs to be rebuilt upon refresh using either newaliases
, or postalias
, and not postmap
. I'd submit a pull, but there's a few ways to tackle it, and I don't know which would suit your project.
The version on the forge is 0.3.3, and the Modulefile on github says 0.3.3, but the code is NOT the same. there was an issue with comparing operatingsystemversion with 6 instead of '6' that is fixed on github, but that code isn't what gets pulled in from the forge. Is there a way to fix this? currently, i've repointed my r10k Puppetfile to github directly, but i'd prefer to pull from the forge.
If so, could you mention that no further work is planned? And perhaps you have a recommendation for a module to use instead? RHEL7 is hardly 'new', and the last commit starts commentary for it but then no follow up.
Hi!
This module is popular, and he worked well, but now it has some bugs (caused by its lack of maintenance, see the number of PRs waiting), Do you think, it would be possible to migrate this module to Voxpupuli ?
Thanks in advance!
Hello,
It seems there's a little dependency issue somewhere, at my first run I get these three errors in my foreman logs:
Could not set 'file' on ensure: No such file or directory @ dir_s_rmdir - /etc/postfix/header_checks20160105-7144-1n4vwk8.lock at 44:/etc/puppet/environments/production/modules/postfix/manifests/file.pp
Could not set 'file' on ensure: No such file or directory @ dir_s_rmdir - /etc/postfix/header_checks20160105-7144-1n4vwk8.lock at 44:/etc/puppet/environments/production/modules/postfix/manifests/file.pp Wrapped exception: No such file or directory @ dir_s_rmdir - /etc/postfix/header_checks20160105-7144-1n4vwk8.lock
change from absent to file failed: Could not set 'file' on ensure: No such file or directory @ dir_s_rmdir - /etc/postfix/header_checks20160105-7144-1n4vwk8.lock at 44:/etc/puppet/environments/production/modules/postfix/manifests/file.pp
it seems that your module is trying to make some files changes before installing the postfix package (in charge of creating /etc/postfix).
Thanks in advance,
Best regards, Adam.
Hi,
the smtp_tls_security_level is a seperate config parameter and has not a requirement of sasl
<% if @smtp_sasl_auth -%>
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = <%= @smtp_sasl_password_maps %>
smtp_sasl_security_options = <%= @smtp_sasl_security_options %>
<% if @smtp_sasl_tls -%>
smtp_use_tls = yes
<% end -%>
<% end -%>
<% if @smtp_tls_CAfile -%>
smtp_tls_CAfile = <%= @smtp_tls_CAfile %>
<% end -%>
<% if @smtp_tls_CApath -%>
smtp_tls_CApath = <%= @smtp_tls_CApath %>
<% end -%>
<% if @smtp_tls_security_level -%>
smtp_tls_security_level = <%= @smtp_tls_security_level %>
<% end -%>
Hi,
I'd love to see a new release to fix the postfix::file dependency ordering, if nothing else. Can I ask you to upload?
Cheers,
I need to setup two servers, core postfix is relay with gmail, another one is relay with this core postfix server, problem appear to be duplicate declaration:
2014-11-19T12:30:40.044325+08:00 monitoring puppet-agent[12394]: Could not retrieve catalog from remote server: Error 400 on SERVER: Duplicate declaration: Class[Postfix::Server] is already declared in file /etc/puppet/manifests/nodes/ne0.domain.com.pp:17; cannot redeclare at /etc/puppet/manifests/nodes/monitoring.domain.com.pp:98 on node monitoring.domain.com
ne0:
class { '::postfix::server':
myhostname => $fqdn,
mydomain => 'domain.com',
relayhost => 'monitoring.domain.com:25',
}
monitoring:
class { '::postfix::server':
relayhost => '[smtp.gmail.com]:587',
smtpd_tls_cert_file => '/etc/ssl/certs/ssl-cert-snakeoil.pem',
smtpd_tls_key_file => '/etc/ssl/private/ssl-cert-snakeoil.key',
myhostname => $fqdn,
mydomain => 'domain.com',
}
When setting the strict_variables = true for puppet 4, it results in errors when it comes across an unknown variable, as follows:
Error: Could not retrieve catalog from remote server: Error 400 on SERVER: Evaluation Error: Error while evaluating a Resource Statement, Evaluation Error: Unknown variable: '::postfix::params::postmap'. at /etc/puppetlabs/code/environments/production/modules/postfix/manifests/dbfile.pp:32:17
These config files need to require
Package[postfix]. Otherwise, there is a chance that Puppet could try to create them before the parent directory exists.
/etc/postfix/master.cf
/etc/postfix/main.cf
Trying to use the module as part of a larger class which configures postfix to send outbound email. My wrapper class looks like this:
class client_postfix {
class { '::postfix::server' :
myorigin => 'client.net' ,
}
}
When I try to use this module, the agent reports the following error:
Error: Could not retrieve catalog from remote server: Error 400 on SERVER: Undefined variable "smtp_content_filter" at /etc/puppet/modules/postfix/manifests/server.pp:79 on node sandbox.client.net
Looking at the module itself...
77 # master.cf
78 $smtp_content_filter = [],
79 $smtps_content_filter = $smtp_content_filter,
80 $submission = false,
I've never seen a puppet module use one parameter as the default value for another parameter like this. Is this something which Puppet previously supported, but was removed? (I'm using Puppet 3.6.2 from the Puppetlabs RPMs, on CentOS 6.)
When installing from scratch (apt-get purge postfix) puppet apply fails because /etc/postfix is missing because package is not installed yet.
I added "require => Package['postfix']," to the two file resources in server.pp and then all installed with no problems.
It's nice to be able to set this, but it gets set in the config after the daemon starts and does not schedule a restart. i.e. I end up with the correct setting in the main.cf, but it's still binding to ALL interfaces until I manually reboot it.
Shall I submit a patch or can you fix it?
Thanks!
Hello,
I would like to use your code in production but I see that my lint found some validation issues. There are some ERORS and WARNINGS: Please take a look on the list:
modules/postfix/manifests/server.pp - ERROR: single quoted string containing a variable found on line 50
modules/postfix/manifests/server.pp - ERROR: single quoted string containing a variable found on line 114
modules/postfix/manifests/server.pp - WARNING: ensure found on line but it's not the first attribute on line 181
modules/postfix/manifests/server.pp - WARNING: ensure found on line but it's not the first attribute on line 205
modules/postfix/manifests/server.pp - WARNING: ensure found on line but it's not the first attribute on line 228
Those WARNINGS are minor problem but I have problem with those two ERROR. They are related to some variables which are in the single-quote:
$dovecot_destination = '${recipient}',
and
$postscreen_greet_wait = '${stress?2}${stress:6}s',
Will it be a problem for you to fix it (write in some other way)?
Thank you!
Installing the module, and creating a basic .pp manifest with the example classes copied in and just the bare minimum changed (basically just hostname and domains) results in this error:
Error: Could not find class clamav::smtp for mail.myserver.net on node mail.myservernet
Tested on CentOS 6.4 and Ubuntu 12.10 (although the installation failed later down the line for an unrelated reason, so I guess Ubuntu isn't supported since this is built for RHEL and I wouldn't worry about it)
It seems to me that there is a bug in the current release as it suddenly always configures postgrey in the smtpd_recipient_restrictions
. After having a look at the template for the main.cf
there is only a condition which type of postgrey has to be configured and not a surounding condition if it should be configured at all:
<% if @postgrey_policy_service -%>
check_policy_service <%= @postgrey_policy_service %>,
<% else -%>
check_policy_service unix:postgrey/socket,
<% end -%>
should probably be:
<% if @postgrey -%>
<% if @postgrey_policy_service -%>
check_policy_service <%= @postgrey_policy_service %>,
<% else -%>
check_policy_service unix:postgrey/socket,
<% end -%>
<% end -%>
In dbfile.pp the line "notify => Service["postfix"]," is not necessary; in fact it may be undesirable.
Quote from http://www.postfix.org/DATABASE_README.html:
It would be nice if you can change a database without having to execute "postfix reload", in order to force Postfix to use the new information. Each time you do "postfix reload" Postfix loses a lot of performance.
[ ....]
If you change a local file based database such as DBM or Berkeley DB, there is no need to execute "postfix reload". Postfix uses file locking to avoid read/write access conflicts, and whenever a Postfix daemon process notices that a file has changed it will terminate before handling the next client request, so that a new process can initialize with the new database.
Hi, your params.pp seems to hint at Debian support, yet the README does not?
If ${postfixdir}/${title}.db
is deleted after it has been created, it will never be created again, unless ${postfixdir}/${title}
is refreshed.
There's also another scenario where a .db
won't ever be created. For example:
/etc/postfix/sasl_passwd
and schedules exec /usr/sbin/postmap /etc/postfix/sasl_passwd
/usr/sbin/postmap /etc/postfix/sasl_passwd
and creates sasl_passwd.db
If puppet fails on step 2 above, then the .db
file will never be created.
Exemple of problem:
# cat test.pp
node default {
file { "/tmp/file1":
ensure => present,
content => "test\n",
}
exec { "/tmp/file2":
command => "/bin/cat /tmp/file1 > /tmp/file2",
subscribe => File["/tmp/file1"],
refreshonly => true,
}
}
# puppet apply test.pp
Notice: Compiled catalog for myserver in environment production in 0.61 seconds
Notice: /Stage[main]/Main/Node[default]/File[/tmp/file1]/ensure: created
Notice: /Stage[main]/Main/Node[default]/Exec[/tmp/file2]: Triggered 'refresh' from 1 events
Notice: Finished catalog run in 0.33 seconds
# rm -f file2
# puppet apply test.pp
Notice: Compiled catalog for myserver in environment production in 0.49 seconds
Notice: Finished catalog run in 0.27 seconds
Remove refreshonly => true,
and add creates => "${postfixdir}/${title}.db",
# cat test.pp
node default {
file { "/tmp/file1":
ensure => present,
content => "test\n",
}
exec { "/tmp/file2":
command => "/bin/cat /tmp/file1 > /tmp/file2",
subscribe => File["/tmp/file1"],
creates => "/tmp/file2",
}
}
scenario: Initial puppet run. None of the files exist
Expected result: Both files are created
# puppet apply test.pp
Notice: Compiled catalog for myserver in environment production in 0.53 seconds
Notice: /Stage[main]/Main/Node[default]/File[/tmp/file1]/ensure: created
Notice: /Stage[main]/Main/Node[default]/Exec[/tmp/file2]/returns: executed successfully
Notice: /Stage[main]/Main/Node[default]/Exec[/tmp/file2]: Triggered 'refresh' from 1 events
Notice: Finished catalog run in 0.33 seconds
# ls -l
total 12
-rw-r--r--. 1 root root 5 Apr 4 13:18 file1
-rw-r--r--. 1 root root 5 Apr 4 13:18 file2
-rw-r--r--. 1 lburiola lburiola 250 Apr 4 13:17 test.pp
# cat file1 file2
test
test
scenario: Second puppet run. Both files already exist
Expected result: Nothing happens
# puppet apply test.pp
Notice: Compiled catalog for myserver in environment production in 0.52 seconds
Notice: Finished catalog run in 0.28 seconds
scenario: file1 needs to be modified. file2 already on disk
expected result: file1 is modified. file2 is recreated
# echo foo > file1
# puppet apply test.pp
Notice: Compiled catalog for myserver in environment production in 0.52 seconds
Notice: /Stage[main]/Main/Node[default]/File[/tmp/file1]/content: content changed '{md5}d3b07384d113edec49eaa6238ad5ff00' to '{md5}d8e8fca2dc0f896fd7cb4cb0031ba249'
Notice: /Stage[main]/Main/Node[default]/Exec[/tmp/file2]: Triggered 'refresh' from 1 events
Notice: Finished catalog run in 0.29 seconds
scenario: file1 exists. file2 doesn't exist.
expected result: file2 is created
# rm -f file2
# puppet apply test.pp
Notice: Compiled catalog for myserver in environment production in 0.55 seconds
Notice: /Stage[main]/Main/Node[default]/Exec[/tmp/file2]/returns: executed successfully
Notice: Finished catalog run in 0.30 seconds
Good morning!
I love the module, and it has worked very well for me with a couple slight modification for my environment. I wanted to contribute to the project by letting you know what I tweaked, and seeing if this falls in line with what you've done. Hopefully you would like to add these changes to a future release, as it could help others who have a similar need.
-->
<% @canonical_data.sort.each do |line| -%>
<%= line %>
<% end -%>
So as you can see, it should fall in line with what is already created. This just allows central configuration of the map data, as opposed to manually creating them on each server. In my environment this is required as none of my servers are routeable through to our corporate mail, and DNS is not resolvable. We use maps to mask our sender to a proper address before it hits a relay.
I hope this helps others out!
Thank you for creating this.
if you're using centos minimum, you need these two additional packages to get sasl_auth working
cyrus-sasl-plain
cyrus-sasl-gssapi
Hi!
I see you recently added support for spamd in Debian, and it looks fine. It's exactly what I'm currently trying to use, and rather than grab the download off master, do you have a date for releasing 0.3.3?
Thanks,
Andrew Schwartzmeyer
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.