Add postfix relayhost class

Puppetfile

@@ -20,6 +20,7 @@ mod 'puppet-fail2ban', '3.3.0'
 mod 'puppet-healthcheck', '1.0.1'
 mod 'puppet-logrotate', '5.0.0'
 mod 'puppet-nodejs', '8.1.0'
+mod 'puppet-postfix', '2.0.0'
 mod 'puppet-prometheus', '10.2.0'
 mod 'puppet-selinux', '3.2.0'
 mod 'puppet-squid', '3.0.0'

data/common.yaml

@@ -88,6 +88,7 @@ profile::reverse_proxy::mokey_subdomain: mokey
 prometheus::storage_retention: '48h'
 prometheus::storage_retention_size: '5GB'
 
+profile::base::domain_name: "%{alias('terraform.data.domain_name')}"
 profile::base::sudoer_username: "%{alias('terraform.data.sudoer_username')}"
 profile::base::public_keys: "%{alias('terraform.data.public_keys')}"
 
@@ -108,6 +109,10 @@ profile::freeipa::client::server_ip: "%{alias('terraform.tag_ip.mgmt.0')}"
 profile::consul::client::server_ip: "%{alias('terraform.tag_ip.puppet.0')}"
 profile::nfs::client::server_ip: "%{alias('terraform.tag_ip.nfs.0')}"
 
+profile::mail::relayhost::origin: "%{alias('terraform.data.domain_name')}"
+profile::mail::sender::origin: "%{alias('terraform.data.domain_name')}"
+profile::mail::sender::relayhost_ip: "%{alias('terraform.tag_ip.public.0')}"
+
 profile::nfs::server::devices: "%{alias('terraform.volumes.nfs')}"
 
 profile::reverse_proxy::domain_name: "%{alias('terraform.data.domain_name')}"

manifests/site.pp

@@ -63,4 +63,11 @@
   if 'mfa' in $instance_tags {
     include profile::mfa
   }
+
+  if 'public' in $instance_tags {
+    include profile::mail::relayhost
+  } else {
+    include profile::mail::sender
+  }
+
 }

site/profile/manifests/base.pp

@@ -1,4 +1,5 @@
 class profile::base (
+  String $domain_name,
   Array[String] $public_keys,
   String $sudoer_username = 'centos',
   Optional[String] $admin_email = undef,
@@ -27,12 +28,12 @@
   }
 
   if $admin_email {
-    include profile::mail::server
     file { '/opt/puppetlabs/bin/postrun':
       ensure  => present,
       mode    => '0700',
       content => epp('profile/base/postrun', {
-        'email' => $admin_email,
+        'email'  => $admin_email,
+        'domain' => $domain_name,
       }),
     }
   }

site/profile/manifests/mail.pp

@@ -1,9 +1,42 @@
-class profile::mail::server {
-  ensure_packages(['postfix'], { ensure => 'present'})
+class profile::mail::sender(
+  String $relayhost_ip,
+  String $origin,
+) {
+  class { 'postfix':
+    inet_protocols => 'ipv4',
+    relayhost      => $relayhost_ip,
+    myorigin       => $origin,
+    satellite      => true,
+    manage_mailx   => false,
+  }
+
+  postfix::config { 'authorized_submit_users':
+    ensure => present,
+    value  => 'root, slurm',
+  }
+}
+
+class profile::mail::relayhost(
+  String $origin,
+) {
+
+  $cidr = profile::getcidr()
+  $interface = split($::interfaces, ',')[0]
+  $ipaddress = $::networking['interfaces'][$interface]['ip']
+
+  class { 'postfix':
+    inet_interfaces => "127.0.0.1, ${ipaddress}",
+    inet_protocols  => 'ipv4',
+    mynetworks      => "127.0.0.0/8, ${cidr}",
+    myorigin        => $origin,
+    mta             => true,
+    relayhost       => 'direct',
+    smtp_listen     => 'all',
+    manage_mailx    => false,
+  }
 
-  service { 'postfix':
-    ensure  => running,
-    enable  => true,
-    require => Package['postfix'],
+  postfix::config { 'authorized_submit_users':
+    ensure => present,
+    value  => 'root, slurm',
   }
 }

site/profile/manifests/slurm.pp

@@ -308,7 +308,6 @@
 # Slurm controller class. This where slurmctld is ran.
 class profile::slurm::controller {
   contain profile::slurm::base
-  include profile::mail::server
 
   file { '/usr/sbin/slurm_mail':
     ensure => 'present',

site/profile/templates/base/postrun.epp

@@ -10,7 +10,7 @@ if [[ $actions -lt 2 ]] && [[ ! -z "$email" ]]; then
   lines=($(journalctl -u puppet | grep -n -E 'Starting Puppet client|Applied catalog in' | cut -f 1 -d : | tail -n 2))
   cat << EOF | /usr/sbin/sendmail $email
 To: $email
-From: puppet@$(hostname -f)
+From: $(hostname -s)-puppet-noreply@<%= $domain %>
 Subject: $(hostname -f) is online
 $(journalctl -u puppet | sed -n "${lines[0]},${lines[1]}p")
 EOF