Skip to content
Snippets Groups Projects
Commit 8027dc0f authored by František Dvořák's avatar František Dvořák
Browse files

Better site-specific mail delivery configuration

parent 95217cca
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
README.md
+ 6
7
View file @ 8027dc0f
......@@ -26,12 +26,11 @@ Note: example commands to create secrets for "eosc-dev":
vault kv put -mount secrets $prefix/FEDCLOUD_DYNAMIC_DNS $HOST1=$SECRET1 $HOST2=$SECRET2
vault kv put -mount secrets $prefix/deployment-hub checkin_host=... client_id=... client_secret=...
## Sites
## Inventory parameters
### CESNET Central
Used parameters in ansible recipes:
Kubernetes cluster for the "central" components - Jupyter Hub, image repository, ...
### CESNET MCC
Example site. Kubernetes cluster for worker nodes with Jupyter Enterprise Gateway.
* *mail\_fromdomain*: hostname in from header
* *mail_local*: disable e-mail (only local delivery)
* *site\_name*: site identifier
* *vault\_mount\_point:*: path to secrets in the Vault
common/playbooks/k8s.yaml
+ 25
13
View file @ 8027dc0f
......@@ -50,24 +50,34 @@
mode: 0644
- name: Mails settings
vars:
main_global:
# disable everything except TLSv1.2
smtpd_tls_mandatory_protocols: "!SSLv2, !SSLv3, !TLSv1, !TLSv1.1"
smtpd_tls_protocols: "!SSLv2, !SSLv3, !TLSv1, !TLSv1.1"
smtp_tls_mandatory_protocols: "!SSLv2, !SSLv3, !TLSv1, !TLSv1.1"
smtp_tls_protocols: "!SSLv2, !SSLv3, !TLSv1, !TLSv1.1"
fromdomain: "{{ lookup('dig', groups['fip'][0] + '/PTR') | regex_replace('\\.$', '') }}"
fip_hostname: "{{ lookup('dig', groups['fip'][0] + '/PTR') | regex_replace('\\.$', '') }}"
block:
- name: Site-specific postfix settings
- name: Global postfix settings
set_fact:
main:
# disable everything except TLSv1.2
smtpd_tls_mandatory_protocols: "!SSLv2, !SSLv3, !TLSv1, !TLSv1.1"
smtpd_tls_protocols: "!SSLv2, !SSLv3, !TLSv1, !TLSv1.1"
smtp_tls_mandatory_protocols: "!SSLv2, !SSLv3, !TLSv1, !TLSv1.1"
smtp_tls_protocols: "!SSLv2, !SSLv3, !TLSv1, !TLSv1.1"
- name: Site-specific postfix settings (CESNET)
vars:
main_cesnet:
myhostname: "{{ fromdomain }}"
myhostname: "{{ fip_hostname }}"
relayhost: relay.muni.cz
inet_protocols: ipv4
when: site_name == "cesnet" or site_name == "cesnet-mcc"
set_fact:
main: '{{ main | combine(main_cesnet) }}'
when: site_name == "cesnet-testing" or site_name == "cesnet-mcc"
- name: Site-specific postfix settings - mail_fromdomain
set_fact:
main: '{{ main | combine({ "myhostname": mail_fromdomain }) }}'
when: mail_fromdomain is defined
- name: Site-specific postfix settings - default_transport
set_fact:
main: '{{ main | combine({ "default_transport": "error: This server sends mail only locally." }) }}'
when: mail_local | default(false) | bool
- name: Setup postfix
vars:
main: "{{ main_global | combine(main_cesnet | default({})) }}"
lineinfile:
regexp: '^{{ item.key }}\s*=\s*.*'
line: "{{ item.key }} = {{ item.value }}"
......@@ -75,11 +85,13 @@
loop: "{{ main | dict2items }}"
notify: Reload postfix
- name: Setup mailutils
vars:
fromdomain: "{{ mail_fromdomain | default(fip_hostname) }}"
template:
src: templates/etc/mailutils.conf
dest: /etc/mailutils.conf
mode: 0644
when: site_name == "cesnet" or site_name == "cesnet-mcc"
when: (site_name == "cesnet-testing" or site_name == "cesnet-mcc" or mail_fromdomain is defined) and not (mail_local | default(false))
- name: Site touch
file:
path: "/EOSC-{{ site_name | upper }}"
......
staging1/inventory/99-all.yaml
+ 1
0
View file @ 8027dc0f
......@@ -12,6 +12,7 @@ all:
ansible_user: egi
ansible_ssh_common_args: '-o ProxyCommand="ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -W %h:%p -q egi@{{ groups["fip"][0] }}" -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null'
mail_local: true
site_name: psnc-staging
vault_mount_point: secrets/users/e1662e20-e34b-468c-b0ce-d899bc878364@egi.eu/eosc-staging
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment