majic-ansible-roles Changeset

Changeset - 23a9ea4219dc

Parent rev.

Child rev.

[Not reviewed]

0 7 1

Branko Majic (branko) - 7 years ago 2017-08-03 12:02:34
branko@majic.rs

MAR-113: Added option for specifying relay port to mail_forwarder:

- Introduced new option "smtp_relay_host_port".
- Updated the test playbook and tests to make sure new functionality works as
expected.
- Update role reference documentation.
- Updated usage instructions.

8 files changed with 68 insertions and 5 deletions:

docs/rolereference.rst

docs/usage.rst

roles/mail_forwarder/defaults/main.yml

roles/mail_forwarder/playbook.yml

roles/mail_forwarder/templates/main.cf.j2

roles/mail_forwarder/tests/test_mandatory.py

roles/mail_forwarder/tests/test_optional.py

roles/mail_forwarder/tests/test_smtp_relay_host_port.py

0 comments (0 inline, 0 general)

docs/rolereference.rst

➞

Show inline comments

@@ @@ -1241,6 +1241,9 @@ Parameters @@
 **smtp_relay_host** (string, optional, ``None``)
   SMTP server via which the mails are sent out for non-local recipients.
 **smtp_relay_host_port** (integer, optional, ``None``)
   Port to use when connecting to the SMTP relay host.
 **smtp_relay_truststore** (string, optional, ``{{ lookup('file', tls_certificate_dir + '/truststore.pem') }}``)
   X.509 certificate chain used for issuing certificate for the SMTP relay
   service. The file will be stored in location
   smtp_relay_host: mail.example.com
   smtp_relay_host_port: 27
   smtp_from_relay_allowed: False
   smtp_relay_truststore: /etc/ssl/certs/example_ca_chain.pem

docs/usage.rst

➞

Show inline comments

@@ @@ -637,7 +637,10 @@ servers relay their mails to the mail server host). @@
 .. note::
    Should you ever need to deploy the forwarder role on a laptop or machine
    behind NAT, make sure to look at ``smtp_from_relay_allowed`` parameter.
    behind NAT, make sure to look at ``smtp_from_relay_allowed`` parameter. In
    case you need to connect to the SMTP relay via non-standard port (for example
    to work-around ISP blocks), have a look at ``smtp_relay_host_port``
    parameter.
 The mail server role looks-up available mail domains, users, and aliases in the
 LDAP directory. This has already been set-up on the server

roles/mail_forwarder/defaults/main.yml

➞

Show inline comments

@@ @@ -4,3 +4,4 @@ local_mail_aliases: {} @@
 smtp_from_relay_allowed: True
 smtp_relay_host: ""
 smtp_relay_truststore: "{{ lookup('file', tls_certificate_dir + '/truststore.pem') }}"
 smtp_relay_host_port: null

roles/mail_forwarder/playbook.yml

➞

Show inline comments

@@ @@ -99,6 +99,10 @@ @@
         name: swaks
         state: installed
     - name: Set-up port forwarding
       command: "iptables -t nat -A PREROUTING -p tcp -m tcp --dport 27 -j REDIRECT --to-ports 25"
       changed_when: False
   handlers:
     - name: Update CA certificate cache
@@ @@ -123,6 +127,7 @@ @@
         root: "root testuser"
       smtp_from_relay_allowed: True
       smtp_relay_host: mail-server
       smtp_relay_host_port: 27
       smtp_relay_truststore: "{{ lookup('file', 'tests/data/x509/ca.cert.pem') }}"
       # common

roles/mail_forwarder/templates/main.cf.j2

➞

Show inline comments

@@ @@ -36,7 +36,7 @@ alias_maps = hash:/etc/aliases @@
 alias_database = hash:/etc/aliases
 myorigin = /etc/mailname
 mydestination = {{ inventory_hostname }}, {{ inventory_hostname_short }}, localhost.localdomain, localhost
 relayhost = {{ smtp_relay_host }}
+relayhost = {{ smtp_relay_host }}{% if smtp_relay_host and smtp_relay_host_port %}:{{ smtp_relay_host_port }}{% endif %}{{ '' }}
 mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
 mailbox_command = procmail -a "$EXTENSION"
 mailbox_size_limit = 0

roles/mail_forwarder/tests/test_mandatory.py

➞

Show inline comments

@@ @@ -61,6 +61,7 @@ def test_direct_mail_sending(Command, File, Sudo): @@
     with Sudo():
         mail_log = File('/var/log/mail.log')
         pattern = "%s: to=<root@domain1>, relay=domain1.*status=sent" % message_id
         # Pattern used to verify the mail was sent directly on default port.
         pattern = "%s: to=<root@domain1>, relay=domain1\[[^]]*\]:25.*status=sent" % message_id
         assert re.search(pattern, mail_log.content) is not None

roles/mail_forwarder/tests/test_optional.py

➞

Show inline comments

@@ @@ -39,7 +39,7 @@ def test_postfix_main_cf_file_content(File): @@
     assert "myhostname = parameters-optional" in config_lines
     assert "mydestination = parameters-optional, parameters-optional, localhost.localdomain, localhost" in config_lines
     assert "relayhost = mail-server" in config_lines
+    assert "relayhost = mail-server:27" in config_lines
     assert "mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128" in config_lines
     assert "smtp_tls_security_level=verify" in config_lines
     assert "smtp_tls_CAfile=/etc/ssl/certs/smtp_relay_truststore.pem" in config_lines
@@ @@ -81,7 +81,9 @@ def test_relay_mail_sending(Command, File, Sudo): @@
     with Sudo():
         mail_log = File('/var/log/mail.log')
         pattern = "%s: to=<root@domain1>, relay=mail-server.*status=sent" % message_id
         # Pattern used to verify the mail was sent over relay on designated
         # port.
         pattern = r"%s: to=<root@domain1>, relay=mail-server\[[^]]*\]:27.*status=sent" % message_id
         assert re.search(pattern, mail_log.content) is not None

roles/mail_forwarder/tests/test_smtp_relay_host_port.py

➞

Show inline comments

@@ new file 100644 @@
 import re
 import time
 import testinfra.utils.ansible_runner
 testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
     '.molecule/ansible_inventory').get_hosts('parameters-no-incoming')
 def test_postfix_main_cf_file_content(File):
     """
     Tests if the Postfix main configuration file content is correct.
     """
     config = File('/etc/postfix/main.cf')
     config_lines = config.content.split("\n")
     assert "myhostname = parameters-no-incoming" in config_lines
     assert "mydestination = parameters-no-incoming, parameters-no-incoming, localhost.localdomain, localhost" in config_lines
     assert "relayhost = mail-server" in config_lines
     assert "mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128" in config_lines
     assert "smtp_tls_security_level=verify" in config_lines
     assert "smtp_tls_CAfile=/etc/ssl/certs/smtp_relay_truststore.pem" in config_lines
     assert "smtp_host_lookup = dns, native" in config_lines
 def test_relay_mail_sending(Command, File, Sudo):
     """
     Tests if mails are sent correctly via relay if relay has been configured.
     """
     send = Command('swaks --suppress-data --to root@domain1 --server localhost')
     assert send.rc == 0
     message_id = re.search('Ok: queued as (.*)', send.stdout).group(1)
     # Wait for a little while for message to be processed.
     time.sleep(5)
     with Sudo():
         mail_log = File('/var/log/mail.log')
         # Pattern used to verify the mail was sent over relay on default port.
         pattern = r"%s: to=<root@domain1>, relay=mail-server\[[^]]*\]:25.*status=sent" % message_id
         assert re.search(pattern, mail_log.content) is not None

0 comments (0 inline, 0 general)