From 23200e1ae9a87ffc1154fd152a442a8971681714 2017-08-09 08:57:16 From: Branko Majic Date: 2017-08-09 08:57:16 Subject: [PATCH] MAR-114: Updated task syntax for mail roles: - Updated mail_server and mail_forwarder roles. - Added and removed quoting where it makes sense. - Switched to using expanded syntax (instead of one-liners). - Updated ordering of arguments in task definitions. --- diff --git a/roles/mail_forwarder/handlers/main.yml b/roles/mail_forwarder/handlers/main.yml index 051af789d205f97be5b425d26ad604b25aad1e3f..2870cdccd4aa0847577af939b632a4ab41daacd7 100644 --- a/roles/mail_forwarder/handlers/main.yml +++ b/roles/mail_forwarder/handlers/main.yml @@ -1,7 +1,7 @@ --- - name: Rebuild mail aliases - command: /usr/bin/newaliases + command: "/usr/bin/newaliases" tags: # [ANSIBLE0012] Commands should not change things if nothing needs doing # This task is invoked only if user is very specific about requiring to @@ -10,4 +10,6 @@ - skip_ansible_lint - name: Restart Postfix - service: name="postfix" state="restarted" + service: + name: postfix + state: restarted diff --git a/roles/mail_forwarder/tasks/main.yml b/roles/mail_forwarder/tasks/main.yml index 0cea8e381c948dc3ace75ade8bae1dec2d152cc4..2b397b9df02ced774c01fab71b1f40f51bf5301a 100644 --- a/roles/mail_forwarder/tasks/main.yml +++ b/roles/mail_forwarder/tasks/main.yml @@ -1,7 +1,9 @@ --- - name: Install Postfix - apt: name="postfix" state=installed + apt: + name: postfix + state: installed - name: Install procmail apt: @@ -9,7 +11,10 @@ state: installed - name: Purge Exim configuration - apt: name="exim4*" state=absent purge=yes + apt: + name: "exim4*" + state: absent + purge: yes - name: Deploy the SMTP relay TLS truststore copy: @@ -20,13 +25,22 @@ mode: 0644 - name: Configure visible mail name of the system - copy: content="{{ inventory_hostname }}\n" dest="/etc/mailname" - owner=root group=root mode=0644 + copy: + content: "{{ inventory_hostname }}" + dest: "/etc/mailname" + owner: root + group: root + mode: 0644 notify: - Restart Postfix - name: Deploy Postfix main configuration - template: src="main.cf.j2" dest="/etc/postfix/main.cf" + template: + src: "main.cf.j2" + dest: "/etc/postfix/main.cf" + owner: root + group: root + mode: 0644 notify: - Restart Postfix @@ -41,21 +55,29 @@ - Rebuild mail aliases - name: Enable Postfix service on boot (workaround for systemctl broken handling of SysV) - command: rcconf -on postfix + command: "rcconf -on postfix" register: result changed_when: result.stderr == "" - name: Enable postfix service - service: name=postfix state=started + service: + name: postfix + state: started - name: Deploy firewall configuration for mail forwader - template: src="ferm_mail.conf.j2" dest="/etc/ferm/conf.d/20-mail.conf" - owner=root group=root mode=0640 + template: + src: "ferm_mail.conf.j2" + dest: "/etc/ferm/conf.d/20-mail.conf" + owner: root + group: root + mode: 0640 notify: - Restart ferm - name: Install SWAKS - apt: name="swaks" state=installed + apt: + name: swaks + state: installed - name: Explicitly run all handlers include: ../handlers/main.yml diff --git a/roles/mail_server/handlers/main.yml b/roles/mail_server/handlers/main.yml index 7208ecefa542076afb1bd46ff23628cf62b32d90..a45739bba39494e6c8f91518e76012f51753a6af 100644 --- a/roles/mail_server/handlers/main.yml +++ b/roles/mail_server/handlers/main.yml @@ -1,13 +1,19 @@ --- - name: Restart Postfix - service: name="postfix" state=restarted + service: + name: postfix + state: restarted - name: Restart Dovecot - service: name="dovecot" state=restarted + service: + name: dovecot + state: restarted - name: Restart ClamAV Milter - service: name="clamav-milter" state=restarted + service: + name: clamav-milter + state: restarted - name: Rebuild mail aliases command: /usr/bin/newaliases diff --git a/roles/mail_server/tasks/main.yml b/roles/mail_server/tasks/main.yml index c94c58edf38a500121c08b41a66c13e49632bb2d..f23f2149baa9cef78830ca32a568a3f744868d07 100644 --- a/roles/mail_server/tasks/main.yml +++ b/roles/mail_server/tasks/main.yml @@ -1,10 +1,14 @@ --- - name: Install rsync - apt: name="rsync" state=installed + apt: + name: rsync + state: installed - name: Install Dovecot packages - apt: name="{{ item }}" state=installed + apt: + name: "{{ item }}" + state: installed with_items: - dovecot-imapd - dovecot-ldap @@ -12,19 +16,30 @@ - dovecot-managesieved - name: Install Postfix packages - apt: name="{{ item }}" state=installed + apt: + name: "{{ item }}" + state: installed with_items: - postfix - postfix-ldap - name: Purge Exim configuration - apt: name="exim4*" state=absent purge=yes + apt: + name: "exim4*" + state: absent + purge: yes - name: Allow Postfix user to traverse the directory with TLS private keys - user: name=postfix append=yes groups=ssl-cert + user: + name: postfix + append: yes + groups: ssl-cert - name: Allow Dovecot user to traverse the directory with TLS private keys - user: name=dovecot append=yes groups=ssl-cert + user: + name: dovecot + append: yes + groups: ssl-cert - name: Deploy SMTP TLS private key copy: @@ -67,53 +82,92 @@ - Restart Dovecot - name: Deploy configuration files for checking certificate validity via cron - copy: content="/etc/ssl/certs/{{ ansible_fqdn }}_{{ item }}.pem" dest="/etc/check_certificate/{{ ansible_fqdn }}_{{ item }}.conf" - owner=root group=root mode=0644 + copy: + content: "/etc/ssl/certs/{{ ansible_fqdn }}_{{ item }}.pem" + dest: "/etc/check_certificate/{{ ansible_fqdn }}_{{ item }}.conf" + owner: root + group: root + mode: 0644 with_items: - smtp - imap - name: Install SWAKS - apt: name="swaks" state=installed + apt: + name: swaks + state: installed - name: Install milter packages - apt: name=clamav-milter state=installed + apt: + name: clamav-milter + state: installed - name: Configure ClamAV Milter - copy: dest="/etc/clamav/clamav-milter.conf" src="clamav-milter.conf" - mode=0644 owner=root group=root + copy: + dest: "/etc/clamav/clamav-milter.conf" + src: "clamav-milter.conf" + mode: 0644 + owner: root + group: root notify: - Restart ClamAV Milter - name: Set-up privileges for directories within Postfix chroot - file: dest="{{ item }}" mode=0755 state=directory owner=root group=root + file: + dest: "{{ item }}" + mode: 0755 + state: directory + owner: root + group: root with_items: - /var/spool/postfix/var - /var/spool/postfix/var/run - name: Set-up privileges for directories within Postfix chroot - file: dest="{{ item }}" mode=0755 state=directory owner=clamav group=clamav + file: + dest: "{{ item }}" + state: directory + owner: clamav + group: clamav + mode: 0755 with_items: - /var/spool/postfix/var/run/clamav - name: Deploy the LDAP TLS truststore in default location - copy: content="{{ mail_ldap_tls_truststore }}" dest="/etc/ssl/certs/mail_ldap_tls_truststore.pem" - owner=root group=root mode=0644 + copy: + content: "{{ mail_ldap_tls_truststore }}" + dest: "/etc/ssl/certs/mail_ldap_tls_truststore.pem" + owner: root + group: root + mode: 0644 - name: Deploy the LDAP TLS truststore in Postfix chroot - copy: content="{{ mail_ldap_tls_truststore }}" dest="/var/spool/postfix/etc/ssl/certs/mail_ldap_tls_truststore.pem" - owner=root group=root mode=0644 + copy: + content: "{{ mail_ldap_tls_truststore }}" + dest: "/var/spool/postfix/etc/ssl/certs/mail_ldap_tls_truststore.pem" + owner: root + group: root + mode: 0644 notify: - Restart Postfix - name: Configure visible mail name of the system - copy: content="{{ inventory_hostname }}\n" dest="/etc/mailname" - owner=root group=root mode=0644 + copy: + content: "{{ inventory_hostname }}" + dest: "/etc/mailname" + owner: root + group: root + mode: 0644 notify: - Restart Postfix - name: Deploy Postfix configurations files for LDAP look-ups - template: src="{{ item }}.cf.j2" dest="/etc/postfix/{{ item }}.cf" owner=root group=postfix mode=0640 + template: + src: "{{ item }}.cf.j2" + dest: "/etc/postfix/{{ item }}.cf" + owner: root + group: postfix + mode: 0640 with_items: - ldap-virtual-alias-maps - ldap-virtual-mailbox-domains @@ -142,74 +196,111 @@ - Rebuild mail aliases - name: Create mail owner group - group: name="{{ mail_user }}" gid="{{ mail_user_gid | default(omit) }}" state=present + group: + name: "{{ mail_user }}" + gid: "{{ mail_user_gid | default(omit) }}" + state: present - name: Create mail owner user - user: name="{{ mail_user }}" uid="{{ mail_user_uid | default(omit) }}" group="{{ mail_user }}" - home="/var/{{ mail_user }}" state=present + user: + name: "{{ mail_user }}" + uid: "{{ mail_user_uid | default(omit) }}" + group: "{{ mail_user }}" + home: "/var/{{ mail_user }}" + state: present - name: Disable Dovecot system authentication - lineinfile: dest="/etc/dovecot/conf.d/10-auth.conf" line="!include auth-system.conf.ext" state=absent + lineinfile: + dest: "/etc/dovecot/conf.d/10-auth.conf" + line: "!include auth-system.conf.ext" + state: absent notify: - Restart Dovecot - name: Deploy Dovecot configuration file with overrides - template: src="99-local.conf.j2" dest="/etc/dovecot/conf.d/99-local.conf" owner=root group=root mode=0644 + template: + src: "99-local.conf.j2" + dest: "/etc/dovecot/conf.d/99-local.conf" + owner: root + group: root + mode: 0644 notify: - Restart Dovecot - name: Deploy Dovecot configuration file for LDAP look-ups - template: src="dovecot-ldap.conf.ext.j2" dest="/etc/dovecot/dovecot-ldap.conf.ext" owner=root group=root mode=0600 + template: + src: "dovecot-ldap.conf.ext.j2" + dest: "/etc/dovecot/dovecot-ldap.conf.ext" + owner: root + group: root + mode: 0600 notify: - Restart Dovecot - name: Deploy Postifx master process configuration - template: src="master.cf.j2" dest="/etc/postfix/master.cf" - owner=root group=root mode=0644 + template: + src: "master.cf.j2" + dest: "/etc/postfix/master.cf" + owner: root + group: root + mode: 0644 notify: - Restart Postfix - name: Enable services on boot (workaround for systemctl broken handling of SysV) command: "rcconf -on {{ item }}" - register: result - changed_when: result.stderr == "" with_items: - clamav-daemon - clamav-freshclam - clamav-milter - postfix - dovecot + register: result + changed_when: result.stderr == "" - name: Enable ClamAV database update service (freshclam) - service: name=clamav-freshclam state=started + service: + name: clamav-freshclam + state: started - name: Check availability of ClamAV database files stat: path="{{ item }}" - register: clamav_db_files with_items: - /var/lib/clamav/bytecode.cld - /var/lib/clamav/daily.cld - /var/lib/clamav/main.cld + register: clamav_db_files - name: Wait for ClamAV database to be available (up to 10 minutes) - wait_for: path="{{ item.item | replace('.cld', '.cvd') }}" timeout=600 - with_items: "{{ clamav_db_files.results }}" when: not item.stat.exists + with_items: "{{ clamav_db_files.results }}" + wait_for: path="{{ item.item | replace('.cld', '.cvd') }}" timeout=600 - name: Enable ClamAV daemon and milter services - service: name="{{ item }}" state=started + service: + name: "{{ item }}" + state: started with_items: - clamav-daemon - clamav-milter - name: Enable Postfix service - service: name=postfix state=started + service: + name: postfix + state: started - name: Enable Dovecot service - service: name=dovecot state=started + service: + name: dovecot + state: started - name: Deploy firewall configuration for mail server - copy: src="ferm_mail.conf" dest="/etc/ferm/conf.d/20-mail.conf" owner=root group=root mode=0640 + copy: + src: "ferm_mail.conf" + dest: "/etc/ferm/conf.d/20-mail.conf" + owner: root + group: root + mode: 0640 notify: - Restart ferm