From 1b50bc1cc817c186e2b2a9e8450d621473020a7d 2015-04-07 23:01:59 From: Branko Majic Date: 2015-04-07 23:01:59 Subject: [PATCH] MAR-4: Simplified role parameters (make them all one-dimensional, don't use dictionaries). --- diff --git a/roles/mail_server/tasks/main.yml b/roles/mail_server/tasks/main.yml index d47897db4cbe28285880a72689e349ea825972cd..7efb456fe8b002740011f53f7caed735199e7a5d 100644 --- a/roles/mail_server/tasks/main.yml +++ b/roles/mail_server/tasks/main.yml @@ -57,11 +57,11 @@ - Restart Postfix - name: Create mail owner group - group: name="{{ mail_user.name }}" gid="{{ mail_user.gid }}" state=present + group: name="{{ mail_user }}" gid="{{ mail_user_gid }}" state=present - name: Create mail owner user - user: name="{{ mail_user.name }}" uid="{{ mail_user.uid }}" group="{{ mail_user.name }}" - home="/var/{{ mail_user.name }}" state=present + user: name="{{ mail_user }}" uid="{{ mail_user_uid }}" group="{{ mail_user }}" + home="/var/{{ mail_user }}" state=present - name: Disable Dovecot system authentication lineinfile: dest="/etc/dovecot/conf.d/10-auth.conf" line="!include auth-system.conf.ext" state=absent @@ -81,7 +81,7 @@ - name: Configure Postfix for Dovecot delivery lineinfile: dest=/etc/postfix/master.cf state=present regexp="dovecot" - line="dovecot unix - n n - - pipe flags=DRhu user={{ mail_user.name }}:{{ mail_user.name }} argv=/usr/lib/dovecot/dovecot-lda -f ${sender} -d ${recipient}" + line="dovecot unix - n n - - pipe flags=DRhu user={{ mail_user }}:{{ mail_user }} argv=/usr/lib/dovecot/dovecot-lda -f ${sender} -d ${recipient}" notify: - Restart Postfix diff --git a/roles/mail_server/templates/99-local.conf.j2 b/roles/mail_server/templates/99-local.conf.j2 index 75ef828636a04aec9e7293e2ce2b8506f5f25754..24a87460b40049b5eea0bb1ecd041c3282c90309 100644 --- a/roles/mail_server/templates/99-local.conf.j2 +++ b/roles/mail_server/templates/99-local.conf.j2 @@ -9,11 +9,11 @@ passdb { userdb { driver = ldap args = /etc/dovecot/dovecot-ldap.conf.ext - default_fields = uid={{ mail_user.name }} gid={{ mail_user.name }} home=/var/{{ mail_user.name}}/%d/%n + default_fields = uid={{ mail_user }} gid={{ mail_user }} home=/var/{{ mail_user}}/%d/%n } # Mail storage configuration. -mail_location = maildir:/var/{{ mail_user.name}}/%d/%n/Maildir +mail_location = maildir:/var/{{ mail_user}}/%d/%n/Maildir namespace inbox { inbox = yes separator = {{ imap_folder_separator }} diff --git a/roles/mail_server/templates/dovecot-ldap.conf.ext.j2 b/roles/mail_server/templates/dovecot-ldap.conf.ext.j2 index a92a75f1b9382ffe8b65a0a2501a75cb4ec2a816..bfb29acdaeb1292a354ad74e7c805e4ac899fa38 100644 --- a/roles/mail_server/templates/dovecot-ldap.conf.ext.j2 +++ b/roles/mail_server/templates/dovecot-ldap.conf.ext.j2 @@ -1,16 +1,16 @@ -uris = {{ mail_ldap.url }} -dn = cn=dovecot,ou=services,{{ mail_ldap.root_dn }} -dnpass = {{ mail_ldap.dovecot_password }} +uris = {{ mail_ldap_url }} +dn = cn=dovecot,ou=services,{{ mail_ldap_root_dn }} +dnpass = {{ mail_ldap_dovecot_password }} tls = yes -tls_ca_cert_file = {{ mail_ldap.tls_truststore }} +tls_ca_cert_file = {{ mail_ldap_tls_truststore }} tls_require_cert = demand auth_bind = yes -base = ou=people,{{ mail_ldap.root_dn }} +base = ou=people,{{ mail_ldap_root_dn }} scope = onelevel -user_filter = (&(objectClass=inetOrgPerson)(mail=%u)(memberOf=cn=mail,ou=groups,{{ mail_ldap.root_dn }})) +user_filter = (&(objectClass=inetOrgPerson)(mail=%u)(memberOf=cn=mail,ou=groups,{{ mail_ldap_root_dn }})) pass_attrs = mail=user,userPassword=password -pass_filter = (&(objectClass=inetOrgPerson)(mail=%u)(memberOf=cn=mail,ou=groups,{{ mail_ldap.root_dn }})) +pass_filter = (&(objectClass=inetOrgPerson)(mail=%u)(memberOf=cn=mail,ou=groups,{{ mail_ldap_root_dn }})) iterate_attrs = mail=user -iterate_filter = (memberOf=cn=mail,ou=groups,{{ mail_ldap.root_dn }}) +iterate_filter = (memberOf=cn=mail,ou=groups,{{ mail_ldap_root_dn }}) default_pass_scheme = SSHA user_attrs = diff --git a/roles/mail_server/templates/ldap-virtual-alias-maps.cf.j2 b/roles/mail_server/templates/ldap-virtual-alias-maps.cf.j2 index d6469337f696da45507071f35ac1b0d9c19234a4..f025bd070696a9a88b69bcc62fbfda40981ba029 100644 --- a/roles/mail_server/templates/ldap-virtual-alias-maps.cf.j2 +++ b/roles/mail_server/templates/ldap-virtual-alias-maps.cf.j2 @@ -1,15 +1,15 @@ # Connection settings. -server_host = {{ mail_ldap.url }} +server_host = {{ mail_ldap_url }} start_tls = yes tls_require_cert = yes -tls_ca_cert_file = {{ mail_ldap.tls_truststore }} +tls_ca_cert_file = {{ mail_ldap_tls_truststore }} bind = yes -bind_dn = cn=postfix,ou=services,{{ mail_ldap.root_dn }} -bind_pw = {{ mail_ldap.postfix_password }} +bind_dn = cn=postfix,ou=services,{{ mail_ldap_root_dn }} +bind_pw = {{ mail_ldap_postfix_password }} version = 3 # Query settings. -search_base = ou=aliases,ou=mail,ou=services,{{ mail_ldap.root_dn }} +search_base = ou=aliases,ou=mail,ou=services,{{ mail_ldap_root_dn }} scope = one query_filter = cn=%s result_attribute = rfc822MailMember diff --git a/roles/mail_server/templates/ldap-virtual-mailbox-domains.cf.j2 b/roles/mail_server/templates/ldap-virtual-mailbox-domains.cf.j2 index 7e24f1278065d7e51ff62a03e6a9e42545155ccd..b83547d396134def2258c26c7fa8a8ee592abc97 100644 --- a/roles/mail_server/templates/ldap-virtual-mailbox-domains.cf.j2 +++ b/roles/mail_server/templates/ldap-virtual-mailbox-domains.cf.j2 @@ -1,15 +1,15 @@ # Connection settings. -server_host = {{ mail_ldap.url }} +server_host = {{ mail_ldap_url }} start_tls = yes tls_require_cert = yes -tls_ca_cert_file = {{ mail_ldap.tls_truststore }} +tls_ca_cert_file = {{ mail_ldap_tls_truststore }} bind = yes -bind_dn = cn=postfix,ou=services,{{ mail_ldap.root_dn }} -bind_pw = {{ mail_ldap.postfix_password }} +bind_dn = cn=postfix,ou=services,{{ mail_ldap_root_dn }} +bind_pw = {{ mail_ldap_postfix_password }} version = 3 # Query settings. -search_base = ou=domains,ou=mail,ou=services,{{ mail_ldap.root_dn }} +search_base = ou=domains,ou=mail,ou=services,{{ mail_ldap_root_dn }} scope = one query_filter = dc=%s result_attribute = dc diff --git a/roles/mail_server/templates/ldap-virtual-mailbox-maps.cf.j2 b/roles/mail_server/templates/ldap-virtual-mailbox-maps.cf.j2 index ececb56d985aa6db8de0a8fe6c0211f2ac0f1ed1..971ae2bbfec821cf7740918c100ba522408ed9f4 100644 --- a/roles/mail_server/templates/ldap-virtual-mailbox-maps.cf.j2 +++ b/roles/mail_server/templates/ldap-virtual-mailbox-maps.cf.j2 @@ -1,15 +1,15 @@ # Connection settings. -server_host = {{ mail_ldap.url }} +server_host = {{ mail_ldap_url }} start_tls = yes tls_require_cert = yes -tls_ca_cert_file = {{ mail_ldap.tls_truststore }} +tls_ca_cert_file = {{ mail_ldap_tls_truststore }} bind = yes -bind_dn = cn=postfix,ou=services,{{ mail_ldap.root_dn }} -bind_pw = {{ mail_ldap.postfix_password }} +bind_dn = cn=postfix,ou=services,{{ mail_ldap_root_dn }} +bind_pw = {{ mail_ldap_postfix_password }} version = 3 # Query settings -search_base = ou=people,{{ mail_ldap.root_dn }} +search_base = ou=people,{{ mail_ldap_root_dn }} scope = one -query_filter = (&(mail=%s)(memberOf=cn=mail,ou=groups,{{mail_ldap.root_dn}})) +query_filter = (&(mail=%s)(memberOf=cn=mail,ou=groups,{{mail_ldap_root_dn}})) result_attribute = mail diff --git a/testsite/group_vars/mail.yml b/testsite/group_vars/mail.yml index 1149d155049e8ccfede8d3e0fcafcecd6d89ac94..e4e48d6cdd642aabd6f51fe26337db4cc01f3595 100644 --- a/testsite/group_vars/mail.yml +++ b/testsite/group_vars/mail.yml @@ -11,17 +11,15 @@ ldap_client_config: option: TLS_CACERT value: /etc/ssl/certs/truststore.pem -mail_ldap: - url: ldap://ldap.example.com/ - tls_truststore: /etc/ssl/certs/truststore.pem - root_dn: dc=example,dc=com - postfix_password: postfix - dovecot_password: dovecot +mail_ldap_url: ldap://ldap.example.com/ +mail_ldap_tls_truststore: /etc/ssl/certs/truststore.pem +mail_ldap_root_dn: dc=example,dc=com +mail_ldap_postfix_password: postfix +mail_ldap_dovecot_password: dovecot -mail_user: - name: vmail - uid: 5000 - gid: 5000 +mail_user: vmail +mail_user_uid: 5000 +mail_user_gid: 5000 imap_tls_certificate: /etc/ssl/certs/mail.example.com_imap.pem imap_tls_key: /etc/ssl/private/mail.example.com_imap.key