Chef config for postfix – in progress

1. You have to install chef-dk on your workstation
2. You have to get a hosted chef account, or install chef-server on premise.
3. You got to init your chef workstation with private key and validation key (or use starter kit)
4. You got to setup your node with an account with “sudo” ability
4. You got to “knife bootstrap” your node
5. You got to init your chef-repo
6. Edit the following files
7. Berk install your dependencies
8. Berk upload your cookbook
9. Remote “chef-client” your node
10 . REPL – Enjoy!

The following is in attribute/default.rb

# main.cf
default['postfix']['mail_type'] = 'master'
default['postfix']['main']['myhostname'] = 'mail.devopers.com'
default['postfix']['main']['mydomain'] = 'devopers.com'
default['postfix']['main']['mydestination'] = ''
default['postfix']['main']['inet_interfaces'] = 'all'
default['postfix']['main']['smtpd_use_tls'] = 'no'

# AWS SES
default['postfix']['main']['smtp_sasl_auth_enable'] = 'yes'
# if smtp_sasl_auth_enable is 'yes' the following 3 attr will be blank and should be override
override['postfix']['main']['relayhost'] = '[email-smtp.us-west-2.amazonaws.com]:25'
override['postfix']['sasl']['smtp_sasl_user_name'] = '<test>'
override['postfix']['sasl']['smtp_sasl_passwd'] = '<test>'
default['postfix']['main']['smtp_sasl_security_options'] = 'noanonymous'
default['postfix']['main']['smtp_use_tls'] = 'yes'
default['postfix']['main']['smtp_tls_security_level'] = 'encrypt'
default['postfix']['main']['smtp_tls_note_starttls_offer'] = 'yes'

The following is recipe/postfix.rb

# Comment smtp_fallback_relay in master.cf in order to avoid mx loopback
master_config = "/etc/postfix/master.cf"
smtp_fallback_relay = /(^\s+-o smtp_fallback_relay=.*$)/

ruby_block "master.cf: Comment smtp_relay_fallback" do
  block do
    sed = Chef::Util::FileEdit.new(master_config)
    sed.search_file_replace(smtp_fallback_relay, '#\1')
    sed.write_file
  end
  only_if { ::File.readlines(master_config).grep(smtp_fallback_relay).any? }
end

# reload postfix
service 'postfix' do
  action :reload
end

The following is recipe/default.rb

include_recipe 'postfix'
include_recipe 'postfix::sasl_auth'
include_recipe 'yc_postfix::postfix'

#chef #ruby #configuration-management #automation #config

Advertisements