From a73d8136d1001a424b74091ae33ecf5e72fdf8f2 Mon Sep 17 00:00:00 2001 From: nazunalika Date: Sun, 24 Jan 2021 12:00:38 -0700 Subject: [PATCH] add postfix for buildsys --- ansible/playbooks/handlers/main.yml | 8 ++++ .../playbooks/init-rocky-builder-postfix.yml | 36 ++++++++++++++++++ ansible/playbooks/tasks/postfix_relay.yml | 37 +++++++++++++++++++ .../templates/etc/postfix/sasl_passwd.j2 | 1 + 4 files changed, 82 insertions(+) create mode 100644 ansible/playbooks/init-rocky-builder-postfix.yml create mode 100644 ansible/playbooks/tasks/postfix_relay.yml create mode 100644 ansible/playbooks/templates/etc/postfix/sasl_passwd.j2 diff --git a/ansible/playbooks/handlers/main.yml b/ansible/playbooks/handlers/main.yml index ba255cb..83aa26b 100644 --- a/ansible/playbooks/handlers/main.yml +++ b/ansible/playbooks/handlers/main.yml @@ -37,3 +37,11 @@ service: name: noggin state: restarted + +- name: rehash_postfix_sasl + command: "postmap /etc/postfix/sasl_passwd" + +- name: restart_postfix + service: + name: postfix + state: restarted diff --git a/ansible/playbooks/init-rocky-builder-postfix.yml b/ansible/playbooks/init-rocky-builder-postfix.yml new file mode 100644 index 0000000..02157bb --- /dev/null +++ b/ansible/playbooks/init-rocky-builder-postfix.yml @@ -0,0 +1,36 @@ +--- +# Configures postfix on buildsystems +- name: Configure Buildsys Relay + hosts: "buildsys" + become: true + vars_files: + - vars/buildsys.yml + + handers: + - import_tasks: handlers/main.yml + + pre_tasks: + - name: Check if ansible cannot be run here + stat: + path: /etc/no-ansible + register: no_ansible + + - name: Verify if we can run ansible + assert: + that: + - "not no_ansible.stat.exists" + success_msg: "We are not able to run on this node" + fail_msg: "/etc/no-ansible exists - skipping run on this node" + + tasks: + - name: Deploy Postfix Relay + import_tasks: tasks/postfix_relay.yml + + post_tasks: + - name: Touching run file that ansible has ran here + file: + path: /var/log/ansible.run + state: touch + mode: '0644' + owner: root + group: root diff --git a/ansible/playbooks/tasks/postfix_relay.yml b/ansible/playbooks/tasks/postfix_relay.yml new file mode 100644 index 0000000..7cc58cf --- /dev/null +++ b/ansible/playbooks/tasks/postfix_relay.yml @@ -0,0 +1,37 @@ +--- +# Configure relay +- name: Ensure postfix is installed + yum: + name: + - postfix + - cyrus-sasl-plain + state: present + +- name: Add password map + template: + src: etc/postfix/sasl_passwd.j2 + dest: /etc/postfix/sasl_passwd + owner: root + group: root + mode: '0600' + notify: rehash_postfix_sasl + +- name: Add relay information to postfix + blockinfile: + path: /etc/postfix/main.cf + marker: "## ANSIBLE MANAGED ##" + block: | + smtp_tls_note_starttls_offer = yes + relayhost = [{{ smtp_relayhost }}]:587 + smtp_use_tls = yes + smtp_sasl_auth_enable = yes + smtp_sasl_security_options = + smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd + smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt + notify: restart_postfix + +- name: Ensure postfix is running and enabled + service: + name: postfix + state: running + enabled: true diff --git a/ansible/playbooks/templates/etc/postfix/sasl_passwd.j2 b/ansible/playbooks/templates/etc/postfix/sasl_passwd.j2 new file mode 100644 index 0000000..87a6034 --- /dev/null +++ b/ansible/playbooks/templates/etc/postfix/sasl_passwd.j2 @@ -0,0 +1 @@ +[{{ smtp_relayhost }}]:587 {{ smtp_user_name }}:{{ smtp_user_pass }}