Add exim config for firehose and storyboard

In order to get puppet out of the business of mucking with exim and
fighting ansible, finish moving the config to ansible.

This introduces a storyboard group that we can use to apply the exim
config across both servers. It also splits the base playbook so that we
can avoid running exim on the backup servers. And we set
purge_apt_sources the same as was set in puppet. We should probably
remove it though, since none of us have any clue why it's here.

Change-Id: I43ee891a9c1beead7f97808208829b01a0a7ced6
This commit is contained in:
Monty Taylor 2018-08-13 14:40:19 -05:00
parent 4cca3f8d2a
commit 0d1f235fce
No known key found for this signature in database
GPG Key ID: 7BAE94BC7141A594
6 changed files with 58 additions and 2 deletions

View File

@ -3,9 +3,12 @@
- users - users
- base-repos - base-repos
# Split into two plays so that the update apt cache handler fires # Run base-server seperately so that the update apt cache handler in base-repos
# before we run base-server # fires before we run base-server
- hosts: "!disabled" - hosts: "!disabled"
roles: roles:
- base-server - base-server
- hosts: "!ci-backup:!disabled"
roles:
- exim - exim

View File

@ -0,0 +1,2 @@
# TODO(mordred) Why is this set?
purge_apt_sources: false

View File

@ -2,3 +2,5 @@ exim_queue_interval: '1m'
exim_queue_run_max: '50' exim_queue_run_max: '50'
exim_smtp_accept_max: '100' exim_smtp_accept_max: '100'
exim_smtp_accept_max_per_host: '10' exim_smtp_accept_max_per_host: '10'
# TODO(mordred) Why is this set?
purge_apt_sources: false

View File

@ -0,0 +1,34 @@
exim_routers:
- storyboard_verp_router: |
driver = dnslookup
# we only consider messages sent in through loopback
condition = ${if or{{eq{$sender_host_address}{127.0.0.1}}\
{eq{$sender_host_address}{::1}}}{yes}{no}}
# we do not do this for traffic going to the local machine
domains = '!+local_domains'
ignore_target_hosts = <; \
0.0.0.0; \
64.94.110.11; \
127.0.0.0/8; \
::1/128; \
fe80::/10; \
fec0::/10; \
ff00::/8
# only the un-VERPed bounce addresses are handled
senders = "*-bounces@*"
transport = storyboard_verp_smtp
- storyboard: |
# Send bounces to /dev/null until storyboard supports them.
driver = redirect
local_parts = storyboard
local_part_suffix_optional = true
local_part_suffix = -bounces : -bounces+*
data = :blackhole:
exim_transports:
- storyboard_verp_smtp: |
driver = smtp
return_path = \
${local_part:$return_path}+$local_part=$domain@${domain:$return_path}
max_rcpt = 1
headers_remove = Errors-To
headers_add = Errors-To: ${return_path}

View File

@ -0,0 +1,14 @@
exim_local_domains: "@:firehose.openstack.org"
exim_routers:
- cyrus: |
driver = accept
domains = +local_domains
local_part_suffix = +*
local_part_suffix_optional
transport = cyrus
exim_transports:
- cyrus: |
driver = lmtp
socket = /var/run/cyrus/socket/lmtp
user = cyrus
batch_max = 35

View File

@ -24,6 +24,7 @@ groups:
review-dev: inventory_hostname|regex_match('review-dev\d+\.openstack\.org') review-dev: inventory_hostname|regex_match('review-dev\d+\.openstack\.org')
review: inventory_hostname|regex_match('review\d+\.openstack\.org') review: inventory_hostname|regex_match('review\d+\.openstack\.org')
status: inventory_hostname.startswith('status') status: inventory_hostname.startswith('status')
storyboard: inventory_hostname.startswith('storyboard')
subunit-worker: inventory_hostname.startswith('subunit-worker') subunit-worker: inventory_hostname.startswith('subunit-worker')
survey: inventory_hostname.startswith('survey') survey: inventory_hostname.startswith('survey')
translate-dev: inventory_hostname|regex_match('translate-dev\d+\.openstack\.org') translate-dev: inventory_hostname|regex_match('translate-dev\d+\.openstack\.org')