majic-ansible-roles Changeset

Changeset - 23200e1ae9a8

Parent rev.

Child rev.

[Not reviewed]

0 4 0

Branko Majic (branko) - 7 years ago 2017-08-09 08:57:16
branko@majic.rs

MAR-114: Updated task syntax for mail roles:

- Updated mail_server and mail_forwarder roles.
- Added and removed quoting where it makes sense.
- Switched to using expanded syntax (instead of one-liners).
- Updated ordering of arguments in task definitions.

4 files changed with 175 insertions and 54 deletions:

roles/mail_forwarder/handlers/main.yml

roles/mail_forwarder/tasks/main.yml

roles/mail_server/handlers/main.yml

roles/mail_server/tasks/main.yml

130

0 comments (0 inline, 0 general)

roles/mail_forwarder/handlers/main.yml

➞

Show inline comments

 ---
 - name: Rebuild mail aliases
   command: /usr/bin/newaliases
+  command: "/usr/bin/newaliases"
   tags:
     # [ANSIBLE0012] Commands should not change things if nothing needs doing
     #   This task is invoked only if user is very specific about requiring to
@@ @@ -10,4 +10,6 @@ @@
     - skip_ansible_lint
 - name: Restart Postfix
   service: name="postfix" state="restarted"
   service:
     name: postfix
     state: restarted

roles/mail_forwarder/tasks/main.yml

➞

Show inline comments

 ---
 - name: Install Postfix
   apt: name="postfix" state=installed
   apt:
     name: postfix
     state: installed
 - name: Install procmail
   apt:
@@ @@ -9,7 +11,10 @@ @@
     state: installed
 - name: Purge Exim configuration
   apt: name="exim4*" state=absent purge=yes
   apt:
     name: "exim4*"
     state: absent
     purge: yes
 - name: Deploy the SMTP relay TLS truststore
   copy:
@@ @@ -20,13 +25,22 @@ @@
     mode: 0644
 - name: Configure visible mail name of the system
   copy: content="{{ inventory_hostname }}\n" dest="/etc/mailname"
         owner=root group=root mode=0644
   copy:
     content: "{{ inventory_hostname }}"
     dest: "/etc/mailname"
     owner: root
     group: root
     mode: 0644
   notify:
     - Restart Postfix
 - name: Deploy Postfix main configuration
   template: src="main.cf.j2" dest="/etc/postfix/main.cf"
   template:
     src: "main.cf.j2"
     dest: "/etc/postfix/main.cf"
     owner: root
     group: root
     mode: 0644
   notify:
     - Restart Postfix
@@ @@ -41,21 +55,29 @@ @@
     - Rebuild mail aliases
 - name: Enable Postfix service on boot (workaround for systemctl broken handling of SysV)
   command: rcconf -on postfix
+  command: "rcconf -on postfix"
   register: result
   changed_when: result.stderr == ""
 - name: Enable postfix service
   service: name=postfix state=started
   service:
     name: postfix
     state: started
 - name: Deploy firewall configuration for mail forwader
   template: src="ferm_mail.conf.j2" dest="/etc/ferm/conf.d/20-mail.conf"
             owner=root group=root mode=0640
   template:
     src: "ferm_mail.conf.j2"
     dest: "/etc/ferm/conf.d/20-mail.conf"
     owner: root
     group: root
     mode: 0640
   notify:
     - Restart ferm
 - name: Install SWAKS
   apt: name="swaks" state=installed
   apt:
     name: swaks
     state: installed
 - name: Explicitly run all handlers
   include: ../handlers/main.yml

roles/mail_server/handlers/main.yml

➞

Show inline comments

 ---
 - name: Restart Postfix
   service: name="postfix" state=restarted
   service:
     name: postfix
     state: restarted
 - name: Restart Dovecot
   service: name="dovecot" state=restarted
   service:
     name: dovecot
     state: restarted
 - name: Restart ClamAV Milter
   service: name="clamav-milter" state=restarted
   service:
     name: clamav-milter
     state: restarted
 - name: Rebuild mail aliases
   command: /usr/bin/newaliases

roles/mail_server/tasks/main.yml

➞

Show inline comments

 ---
 - name: Install rsync
   apt: name="rsync" state=installed
   apt:
     name: rsync
     state: installed
 - name: Install Dovecot packages
   apt: name="{{ item }}" state=installed
   apt:
     name: "{{ item }}"
     state: installed
   with_items:
     - dovecot-imapd
     - dovecot-ldap
@@ @@ -12,19 +16,30 @@ @@
     - dovecot-managesieved
 - name: Install Postfix packages
   apt: name="{{ item }}" state=installed
   apt:
     name: "{{ item }}"
     state: installed
   with_items:
     - postfix
     - postfix-ldap
 - name: Purge Exim configuration
   apt: name="exim4*" state=absent purge=yes
   apt:
     name: "exim4*"
     state: absent
     purge: yes
 - name: Allow Postfix user to traverse the directory with TLS private keys
   user: name=postfix append=yes groups=ssl-cert
   user:
     name: postfix
     append: yes
     groups: ssl-cert
 - name: Allow Dovecot user to traverse the directory with TLS private keys
   user: name=dovecot append=yes groups=ssl-cert
   user:
     name: dovecot
     append: yes
     groups: ssl-cert
 - name: Deploy SMTP TLS private key
   copy:
@@ @@ -67,53 +82,92 @@ @@
     - Restart Dovecot
 - name: Deploy configuration files for checking certificate validity via cron
   copy: content="/etc/ssl/certs/{{ ansible_fqdn }}_{{ item }}.pem" dest="/etc/check_certificate/{{ ansible_fqdn }}_{{ item }}.conf"
         owner=root group=root mode=0644
   copy:
     content: "/etc/ssl/certs/{{ ansible_fqdn }}_{{ item }}.pem"
     dest: "/etc/check_certificate/{{ ansible_fqdn }}_{{ item }}.conf"
     owner: root
     group: root
     mode: 0644
   with_items:
     - smtp
     - imap
 - name: Install SWAKS
   apt: name="swaks" state=installed
   apt:
     name: swaks
     state: installed
 - name: Install milter packages
   apt: name=clamav-milter state=installed
   apt:
     name: clamav-milter
     state: installed
 - name: Configure ClamAV Milter
   copy: dest="/etc/clamav/clamav-milter.conf" src="clamav-milter.conf"
         mode=0644 owner=root group=root
   copy:
     dest: "/etc/clamav/clamav-milter.conf"
     src: "clamav-milter.conf"
     mode: 0644
     owner: root
     group: root
   notify:
     - Restart ClamAV Milter
 - name: Set-up privileges for directories within Postfix chroot
   file: dest="{{ item }}" mode=0755 state=directory owner=root group=root
   file:
     dest: "{{ item }}"
     mode: 0755
     state: directory
     owner: root
     group: root
   with_items:
     - /var/spool/postfix/var
     - /var/spool/postfix/var/run
 - name: Set-up privileges for directories within Postfix chroot
   file: dest="{{ item }}" mode=0755 state=directory owner=clamav group=clamav
   file:
     dest: "{{ item }}"
     state: directory
     owner: clamav
     group: clamav
     mode: 0755
   with_items:
     - /var/spool/postfix/var/run/clamav
 - name: Deploy the LDAP TLS truststore in default location
   copy: content="{{ mail_ldap_tls_truststore }}" dest="/etc/ssl/certs/mail_ldap_tls_truststore.pem"
         owner=root group=root mode=0644
   copy:
     content: "{{ mail_ldap_tls_truststore }}"
     dest: "/etc/ssl/certs/mail_ldap_tls_truststore.pem"
     owner: root
     group: root
     mode: 0644
 - name: Deploy the LDAP TLS truststore in Postfix chroot
   copy: content="{{ mail_ldap_tls_truststore }}" dest="/var/spool/postfix/etc/ssl/certs/mail_ldap_tls_truststore.pem"
         owner=root group=root mode=0644
   copy:
     content: "{{ mail_ldap_tls_truststore }}"
     dest: "/var/spool/postfix/etc/ssl/certs/mail_ldap_tls_truststore.pem"
     owner: root
     group: root
     mode: 0644
   notify:
     - Restart Postfix
 - name: Configure visible mail name of the system
   copy: content="{{ inventory_hostname }}\n" dest="/etc/mailname"
         owner=root group=root mode=0644
   copy:
     content: "{{ inventory_hostname }}"
     dest: "/etc/mailname"
     owner: root
     group: root
     mode: 0644
   notify:
     - Restart Postfix
 - name: Deploy Postfix configurations files for LDAP look-ups
   template: src="{{ item }}.cf.j2" dest="/etc/postfix/{{ item }}.cf" owner=root group=postfix mode=0640
   template:
     src: "{{ item }}.cf.j2"
     dest: "/etc/postfix/{{ item }}.cf"
     owner: root
     group: postfix
     mode: 0640
   with_items:
     - ldap-virtual-alias-maps
     - ldap-virtual-mailbox-domains
@@ @@ -142,74 +196,111 @@ @@
     - Rebuild mail aliases
 - name: Create mail owner group
   group: name="{{ mail_user }}" gid="{{ mail_user_gid | default(omit) }}" state=present
   group:
     name: "{{ mail_user }}"
     gid: "{{ mail_user_gid | default(omit) }}"
     state: present
 - name: Create mail owner user
   user: name="{{ mail_user }}" uid="{{ mail_user_uid | default(omit) }}" group="{{ mail_user }}"
         home="/var/{{ mail_user }}" state=present
   user:
     name: "{{ mail_user }}"
     uid: "{{ mail_user_uid | default(omit) }}"
     group: "{{ mail_user }}"
     home: "/var/{{ mail_user }}"
     state: present
 - name: Disable Dovecot system authentication
   lineinfile: dest="/etc/dovecot/conf.d/10-auth.conf" line="!include auth-system.conf.ext" state=absent
   lineinfile:
     dest: "/etc/dovecot/conf.d/10-auth.conf"
     line: "!include auth-system.conf.ext"
     state: absent
   notify:
     - Restart Dovecot
 - name: Deploy Dovecot configuration file with overrides
   template: src="99-local.conf.j2" dest="/etc/dovecot/conf.d/99-local.conf" owner=root group=root mode=0644
   template:
     src: "99-local.conf.j2"
     dest: "/etc/dovecot/conf.d/99-local.conf"
     owner: root
     group: root
     mode: 0644
   notify:
     - Restart Dovecot
 - name: Deploy Dovecot configuration file for LDAP look-ups
   template: src="dovecot-ldap.conf.ext.j2" dest="/etc/dovecot/dovecot-ldap.conf.ext" owner=root group=root mode=0600
   template:
     src: "dovecot-ldap.conf.ext.j2"
     dest: "/etc/dovecot/dovecot-ldap.conf.ext"
     owner: root
     group: root
     mode: 0600
   notify:
     - Restart Dovecot
 - name: Deploy Postifx master process configuration
   template: src="master.cf.j2" dest="/etc/postfix/master.cf"
             owner=root group=root mode=0644
   template:
     src: "master.cf.j2"
     dest: "/etc/postfix/master.cf"
     owner: root
     group: root
     mode: 0644
   notify:
     - Restart Postfix
 - name: Enable services on boot (workaround for systemctl broken handling of SysV)
   command: "rcconf -on {{ item }}"
   register: result
   changed_when: result.stderr == ""
   with_items:
     - clamav-daemon
     - clamav-freshclam
     - clamav-milter
     - postfix
     - dovecot
   register: result
   changed_when: result.stderr == ""
 - name: Enable ClamAV database update service (freshclam)
   service: name=clamav-freshclam state=started
   service:
     name: clamav-freshclam
     state: started
 - name: Check availability of ClamAV database files
   stat: path="{{ item }}"
   register: clamav_db_files
   with_items:
     - /var/lib/clamav/bytecode.cld
     - /var/lib/clamav/daily.cld
     - /var/lib/clamav/main.cld
   register: clamav_db_files
 - name: Wait for ClamAV database to be available (up to 10 minutes)
   wait_for: path="{{ item.item | replace('.cld', '.cvd') }}" timeout=600
   with_items: "{{ clamav_db_files.results }}"
   when: not item.stat.exists
   with_items: "{{ clamav_db_files.results }}"
   wait_for: path="{{ item.item | replace('.cld', '.cvd') }}" timeout=600
 - name: Enable ClamAV daemon and milter services
   service: name="{{ item }}" state=started
   service:
     name: "{{ item }}"
     state: started
   with_items:
     - clamav-daemon
     - clamav-milter
 - name: Enable Postfix service
   service: name=postfix state=started
   service:
     name: postfix
     state: started
 - name: Enable Dovecot service
   service: name=dovecot state=started
   service:
     name: dovecot
     state: started
 - name: Deploy firewall configuration for mail server
   copy: src="ferm_mail.conf" dest="/etc/ferm/conf.d/20-mail.conf" owner=root group=root mode=0640
   copy:
     src: "ferm_mail.conf"
     dest: "/etc/ferm/conf.d/20-mail.conf"
     owner: root
     group: root
     mode: 0640
   notify:
     - Restart ferm

0 comments (0 inline, 0 general)