diff --git a/README.md b/README.md
index a6dc0b4de19440aed9e27b313ef1984ee902cb33..fa97a0cb6c61e898d5bfdb446577d3ecbceb3471 100644
--- a/README.md
+++ b/README.md
@@ -26,12 +26,11 @@ Note: example commands to create secrets for "eosc-dev":
vault kv put -mount secrets $prefix/FEDCLOUD_DYNAMIC_DNS $HOST1=$SECRET1 $HOST2=$SECRET2
vault kv put -mount secrets $prefix/deployment-hub checkin_host=... client_id=... client_secret=...
-## Sites
+## Inventory parameters
-### CESNET Central
+Used parameters in ansible recipes:
-Kubernetes cluster for the "central" components - Jupyter Hub, image repository, ...
-
-### CESNET MCC
-
-Example site. Kubernetes cluster for worker nodes with Jupyter Enterprise Gateway.
+* *mail\_fromdomain*: hostname in from header
+* *mail_local*: disable e-mail (only local delivery)
+* *site\_name*: site identifier
+* *vault\_mount\_point:*: path to secrets in the Vault
diff --git a/common/playbooks/k8s.yaml b/common/playbooks/k8s.yaml
index 9ca0808041e8d289fabeaaf3abb5baf536af391b..ef46de4ae5d902b5e6eae0e387c1b988a9415e60 100644
--- a/common/playbooks/k8s.yaml
+++ b/common/playbooks/k8s.yaml
@@ -50,24 +50,34 @@
mode: 0644
- name: Mails settings
vars:
- main_global:
- # disable everything except TLSv1.2
- smtpd_tls_mandatory_protocols: "!SSLv2, !SSLv3, !TLSv1, !TLSv1.1"
- smtpd_tls_protocols: "!SSLv2, !SSLv3, !TLSv1, !TLSv1.1"
- smtp_tls_mandatory_protocols: "!SSLv2, !SSLv3, !TLSv1, !TLSv1.1"
- smtp_tls_protocols: "!SSLv2, !SSLv3, !TLSv1, !TLSv1.1"
- fromdomain: "{{ lookup('dig', groups['fip'][0] + '/PTR') | regex_replace('\\.$', '') }}"
+ fip_hostname: "{{ lookup('dig', groups['fip'][0] + '/PTR') | regex_replace('\\.$', '') }}"
block:
- - name: Site-specific postfix settings
+ - name: Global postfix settings
set_fact:
+ main:
+ # disable everything except TLSv1.2
+ smtpd_tls_mandatory_protocols: "!SSLv2, !SSLv3, !TLSv1, !TLSv1.1"
+ smtpd_tls_protocols: "!SSLv2, !SSLv3, !TLSv1, !TLSv1.1"
+ smtp_tls_mandatory_protocols: "!SSLv2, !SSLv3, !TLSv1, !TLSv1.1"
+ smtp_tls_protocols: "!SSLv2, !SSLv3, !TLSv1, !TLSv1.1"
+ - name: Site-specific postfix settings (CESNET)
+ vars:
main_cesnet:
- myhostname: "{{ fromdomain }}"
+ myhostname: "{{ fip_hostname }}"
relayhost: relay.muni.cz
inet_protocols: ipv4
- when: site_name == "cesnet" or site_name == "cesnet-mcc"
+ set_fact:
+ main: '{{ main | combine(main_cesnet) }}'
+ when: site_name == "cesnet-testing" or site_name == "cesnet-mcc"
+ - name: Site-specific postfix settings - mail_fromdomain
+ set_fact:
+ main: '{{ main | combine({ "myhostname": mail_fromdomain }) }}'
+ when: mail_fromdomain is defined
+ - name: Site-specific postfix settings - default_transport
+ set_fact:
+ main: '{{ main | combine({ "default_transport": "error: This server sends mail only locally." }) }}'
+ when: mail_local | default(false) | bool
- name: Setup postfix
- vars:
- main: "{{ main_global | combine(main_cesnet | default({})) }}"
lineinfile:
regexp: '^{{ item.key }}\s*=\s*.*'
line: "{{ item.key }} = {{ item.value }}"
@@ -75,11 +85,13 @@
loop: "{{ main | dict2items }}"
notify: Reload postfix
- name: Setup mailutils
+ vars:
+ fromdomain: "{{ mail_fromdomain | default(fip_hostname) }}"
template:
src: templates/etc/mailutils.conf
dest: /etc/mailutils.conf
mode: 0644
- when: site_name == "cesnet" or site_name == "cesnet-mcc"
+ when: (site_name == "cesnet-testing" or site_name == "cesnet-mcc" or mail_fromdomain is defined) and not (mail_local | default(false))
- name: Site touch
file:
path: "/EOSC-{{ site_name | upper }}"
diff --git a/staging1/inventory/99-all.yaml b/staging1/inventory/99-all.yaml
index 835c93c3294d9c108bceb782525e16840bdd6b08..68641bac5963a2f66f5cbd3da8296dd2e61f5652 100644
--- a/staging1/inventory/99-all.yaml
+++ b/staging1/inventory/99-all.yaml
@@ -12,6 +12,7 @@ all:
ansible_user: egi
ansible_ssh_common_args: '-o ProxyCommand="ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -W %h:%p -q egi@{{ groups["fip"][0] }}" -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null'
+ mail_local: true
site_name: psnc-staging
vault_mount_point: secrets/users/e1662e20-e34b-468c-b0ce-d899bc878364@egi.eu/eosc-staging