majic-ansible-roles Changeset

Changeset - e838bcb94a9e

Parent rev.

Child rev.

[Not reviewed]

0 7 1

Branko Majic (branko) - 9 years ago 2015-08-31 23:31:06
branko@majic.rs

MAR-19: Simplified the mail server parameters by making a bunch of them optional.

8 files changed with 42 insertions and 30 deletions:

docs/rolereference.rst

roles/mail_server/defaults/main.yml

roles/mail_server/tasks/main.yml

roles/mail_server/templates/dovecot-ldap.conf.ext.j2

roles/mail_server/templates/ldap-virtual-alias-maps.cf.j2

roles/mail_server/templates/ldap-virtual-mailbox-domains.cf.j2

roles/mail_server/templates/ldap-virtual-mailbox-maps.cf.j2

testsite/group_vars/mail.yml

0 comments (0 inline, 0 general)

docs/rolereference.rst

➞

Show inline comments

@@ @@ -718,13 +718,13 @@ Parameters @@
   LDAP URL that should be used for connecting to the LDAP server for doing
   domain/user look-ups.
-**mail_ldap_tls_truststore** (string, mandatory)
+**mail_ldap_tls_truststore** (string, optional, ``/etc/ssl/certs/truststore.pem``)
   Path to TLS truststore used for verifying the LDAP certificate. Should be in
   PEM format.
 **mail_ldap_root_dn** (string, mandatory)
   Root DN in LDAP under where the entries (domains, users, aliases) can be
   found.
 **mail_service_ldap_base_dn** (string, mandatory)
   Base DN in LDAP for the mail services under which the entries (domains, users,
   aliases) can be found.
 **mail_ldap_postfix_password** (string, mandatory)
   Password for authenticating the Postfix LDAP user.
@@ @@ -732,45 +732,45 @@ Parameters @@
 **mail_ldap_dovecot_password** (string, mandatory)
   Password for authenticating the Dovecot LDAP user.
-**mail_user** (string, mandatory)
+**mail_user** (string, optional, ``vmail``)
   Name of the user that owns all the mail files.
-**mail_user_uid** (integer, mandatory)
+**mail_user_uid** (integer, optional, ``whatever OS picks``)
   UID of the user that owns all the mail files.
-**mail_user_gid** (integer, mandatory)
+**mail_user_gid** (integer, optional, ``whatever OS picks``)
   GID of the user that owns all the mail files.
-**imap_tls_certificate** (string, mandatory)
+**imap_tls_certificate** (string, optional, ``{{ tls_certificate_dir }}/FQDN_imap.pem``)
   Path to file on Ansible host that contains the X.509 certificate used for TLS
   for IMAP and ManageSieve services. The file will be copied to directory
   ``/etc/ssl/certs/``.
-**imap_tls_key** (string, mandatory)
+**imap_tls_key** (string, optional, ``{{ tls_private_key_dir }}/FQDN_imap.key``)
   Path to file on Ansible host that contains the private key used for TLS for
   IMAP and ManageSieve services. The file will be copied to directory
   ``/etc/ssl/private/``.
-**smtp_tls_certificate** (string, mandatory)
+**smtp_tls_certificate** (string, optional, ``{{ tls_certificate_dir }}/FQDN_smtp.pem``)
   Path to file on Ansible host that contains the X.509 certificate used for TLS
   for SMTP service. The file will be copied to directory ``/etc/ssl/certs/``.
-**smtp_tls_key** (string, mandatory)
+**smtp_tls_key** (string, optional, ``{{ tls_certificate_dir }}/FQDN_smtp.key``)
   Path to file on Ansible host that contains the private key used for TLS for
   SMTP service. The file will be copied to directory ``/etc/ssl/private/``.
-**imap_folder_separator** (string, mandatory)
+**imap_folder_separator** (string, optional, ``/``)
   Character used for separating the IMAP folders when clients are requesting
   listing from the server. Usually either slash(``/``) or dot(``.``).
-**smtp_rbl** (list, mandatory)
+**smtp_rbl** (list, optional, ``[]``)
   List of RBLs to use for detecting servers which send out spam. Each item is a
   string resembling the RBL domain.
-**mail_postmaster** (string, mandatory)
+**mail_postmaster** (string, optional, ``postmaster@{{ ansible_facts[host]['domain']}}``)
   Mail address to use for the postmaster account in Dovecot.
-**smtp_allow_relay_from** (list, mandatory)
+**smtp_allow_relay_from** (list, optional, [])
   List of networks from which mail relaying is allowed even without
   authentication. Each item in the list is a string defining a network. The
   format must be compatible with Postfix ``mynetworks`` setting (for example:

roles/mail_server/defaults/main.yml

➞

Show inline comments

@@ new file 100644 @@
 ---
 mail_ldap_tls_truststore: "/etc/ssl/certs/truststore.pem"
 mail_user: vmail
 imap_tls_certificate: "{{ tls_certificate_dir }}/{{ ansible_facts[host]['fqdn'] }}_imap.pem"
 imap_tls_key: "{{ tls_private_key_dir }}/{{ ansible_facts[host]['fqdn'] }}_imap.key"
 smtp_tls_certificate: "{{ tls_certificate_dir }}/{{ ansible_facts[host]['fqdn'] }}_smtp.pem"
 smtp_tls_key: "{{ tls_certificate_dir }}/{{ ansible_facts[host]['fqdn'] }}_smtp.key"
 imap_folder_separator: "/"
 smtp_rbl: []
 mail_postmaster: "postmaster@{{ ansible_facts[host]['domain'] }}"
 smtp_allow_relay_from: []
@@ \ No newline at end of file @@

roles/mail_server/tasks/main.yml

➞

Show inline comments

@@ @@ -92,10 +92,10 @@ @@
     - Restart Postfix
 - name: Create mail owner group
   group: name="{{ mail_user }}" gid="{{ mail_user_gid }}" state=present
+  group: name="{{ mail_user }}" gid="{{ mail_user_gid | default(omit) }}" state=present
 - name: Create mail owner user
   user: name="{{ mail_user }}" uid="{{ mail_user_uid }}" group="{{ mail_user }}"
+  user: name="{{ mail_user }}" uid="{{ mail_user_uid | default(omit) }}" group="{{ mail_user }}"
         home="/var/{{ mail_user }}" state=present
 - name: Disable Dovecot system authentication

roles/mail_server/templates/dovecot-ldap.conf.ext.j2

➞

Show inline comments

 uris = {{ mail_ldap_url }}
-dn = cn=dovecot,ou=services,{{ mail_ldap_root_dn }}
+dn = cn=dovecot,ou=services,{{ mail_service_ldap_base_dn }}
 dnpass = {{ mail_ldap_dovecot_password }}
 tls = yes
 tls_ca_cert_file = {{ mail_ldap_tls_truststore }}
 tls_require_cert = demand
 auth_bind = yes
-base = ou=people,{{ mail_ldap_root_dn }}
+base = ou=people,{{ mail_service_ldap_base_dn }}
 scope = onelevel
-user_filter = (&(objectClass=inetOrgPerson)(mail=%u)(memberOf=cn=mail,ou=groups,{{ mail_ldap_root_dn }}))
+user_filter = (&(objectClass=inetOrgPerson)(mail=%u)(memberOf=cn=mail,ou=groups,{{ mail_service_ldap_base_dn }}))
 pass_attrs = mail=user,userPassword=password
-pass_filter = (&(objectClass=inetOrgPerson)(mail=%u)(memberOf=cn=mail,ou=groups,{{ mail_ldap_root_dn }}))
+pass_filter = (&(objectClass=inetOrgPerson)(mail=%u)(memberOf=cn=mail,ou=groups,{{ mail_service_ldap_base_dn }}))
 iterate_attrs = mail=user
-iterate_filter = (memberOf=cn=mail,ou=groups,{{ mail_ldap_root_dn }})
+iterate_filter = (memberOf=cn=mail,ou=groups,{{ mail_service_ldap_base_dn }})
 default_pass_scheme = SSHA
 user_attrs =

roles/mail_server/templates/ldap-virtual-alias-maps.cf.j2

➞

Show inline comments

@@ @@ -4,12 +4,12 @@ start_tls = yes @@
 tls_require_cert = yes
 tls_ca_cert_file = {{ mail_ldap_tls_truststore }}
 bind = yes
-bind_dn = cn=postfix,ou=services,{{ mail_ldap_root_dn }}
+bind_dn = cn=postfix,ou=services,{{ mail_service_ldap_base_dn }}
 bind_pw = {{ mail_ldap_postfix_password }}
 version = 3
 # Query settings.
-search_base = ou=aliases,ou=mail,ou=services,{{ mail_ldap_root_dn }}
+search_base = ou=aliases,ou=mail,ou=services,{{ mail_service_ldap_base_dn }}
 scope = one
 query_filter = cn=%s
 result_attribute = rfc822MailMember

roles/mail_server/templates/ldap-virtual-mailbox-domains.cf.j2

➞

Show inline comments

@@ @@ -4,12 +4,12 @@ start_tls = yes @@
 tls_require_cert = yes
 tls_ca_cert_file = {{ mail_ldap_tls_truststore }}
 bind = yes
-bind_dn = cn=postfix,ou=services,{{ mail_ldap_root_dn }}
+bind_dn = cn=postfix,ou=services,{{ mail_service_ldap_base_dn }}
 bind_pw = {{ mail_ldap_postfix_password }}
 version = 3
 # Query settings.
-search_base = ou=domains,ou=mail,ou=services,{{ mail_ldap_root_dn }}
+search_base = ou=domains,ou=mail,ou=services,{{ mail_service_ldap_base_dn }}
 scope = one
 query_filter = dc=%s
 result_attribute = dc

roles/mail_server/templates/ldap-virtual-mailbox-maps.cf.j2

➞

Show inline comments

@@ @@ -4,12 +4,12 @@ start_tls = yes @@
 tls_require_cert = yes
 tls_ca_cert_file = {{ mail_ldap_tls_truststore }}
 bind = yes
-bind_dn = cn=postfix,ou=services,{{ mail_ldap_root_dn }}
+bind_dn = cn=postfix,ou=services,{{ mail_service_ldap_base_dn }}
 bind_pw = {{ mail_ldap_postfix_password }}
 version = 3
 # Query settings
-search_base = ou=people,{{ mail_ldap_root_dn }}
+search_base = ou=people,{{ mail_service_ldap_base_dn }}
 scope = one
-query_filter = (&(mail=%s)(memberOf=cn=mail,ou=groups,{{mail_ldap_root_dn}}))
+query_filter = (&(mail=%s)(memberOf=cn=mail,ou=groups,{{mail_service_ldap_base_dn}}))
 result_attribute = mail

testsite/group_vars/mail.yml

➞

Show inline comments

@@ @@ -13,7 +13,7 @@ ldap_client_config: @@
 mail_ldap_url: ldap://ldap.{{ testsite_domain }}/
 mail_ldap_tls_truststore: /etc/ssl/certs/ca.pem
-mail_ldap_root_dn: "{{ testsite_ldap_base }}"
+mail_service_ldap_base_dn: "{{ testsite_ldap_base }}"
 mail_ldap_postfix_password: postfix
 mail_ldap_dovecot_password: dovecot

0 comments (0 inline, 0 general)