From a4a134815cccb83f82a8c32957adcfac9fdb95d0 Mon Sep 17 00:00:00 2001
From: Monty Taylor <mordred@inaugust.com>
Date: Wed, 8 Aug 2018 11:24:08 -0500
Subject: [PATCH] Add exim role to base playbook

We want email to work.

Add a default value so that integration tests work - and update the
template so that if the value in the alias mapping is empty we don't
write out a half-formed alias.

Enable the epel repo on CentOS nodes in base-repos. This is done in
install_puppet.sh, but install_puppet.sh doesn't get run on ansible-only
nodes.

Change-Id: I68ad9f66c3b8672d9642c7764e50adac9cafdaf9
---
 playbooks/base.yaml                          |  3 +++
 playbooks/roles/base-repos/tasks/CentOS.yaml | 21 ++++++++++++++++++++
 playbooks/roles/exim/tasks/RedHat.yaml       |  5 +++++
 playbooks/roles/exim/tasks/default.yaml      |  4 ++++
 playbooks/roles/exim/tasks/main.yaml         |  5 -----
 playbooks/roles/exim/templates/aliases.j2    |  2 ++
 6 files changed, 35 insertions(+), 5 deletions(-)
 create mode 100644 playbooks/roles/base-repos/tasks/CentOS.yaml
 create mode 100644 playbooks/roles/exim/tasks/default.yaml

diff --git a/playbooks/base.yaml b/playbooks/base.yaml
index e0509bd169..e0c31760b1 100644
--- a/playbooks/base.yaml
+++ b/playbooks/base.yaml
@@ -8,3 +8,6 @@
 - hosts: "!disabled"
   roles:
     - base-server
+    - role: exim
+      aliases:
+        root: "{{ ','.join(sysadmins|default([])) }}"
diff --git a/playbooks/roles/base-repos/tasks/CentOS.yaml b/playbooks/roles/base-repos/tasks/CentOS.yaml
new file mode 100644
index 0000000000..47e11ccc52
--- /dev/null
+++ b/playbooks/roles/base-repos/tasks/CentOS.yaml
@@ -0,0 +1,21 @@
+- name: Install epel-release
+  yum:
+    name: epel-release
+
+# there is a bug (rhbz#1261747) where systemd can fail to enable
+# services due to selinux errors after upgrade.  A work-around is
+# to install the latest version of selinux and systemd here and
+# restart the daemon for good measure after it is upgraded.
+- name: Install latest selinux-policy and systemd
+  yum:
+    name: "{{ item }}"
+    state: latest
+  loop:
+    - selinux-policy
+    - systemd
+  register: systemd_updated
+
+- name: Restart systemd
+  systemd:
+    daemon_reload: yes
+  when: systemd_updated|changed
diff --git a/playbooks/roles/exim/tasks/RedHat.yaml b/playbooks/roles/exim/tasks/RedHat.yaml
index a025a2696a..8a1f2e065f 100644
--- a/playbooks/roles/exim/tasks/RedHat.yaml
+++ b/playbooks/roles/exim/tasks/RedHat.yaml
@@ -3,3 +3,8 @@
     name: postfix
     enabled: false
     state: stopped
+
+- name: Install exim
+  yum:
+    name: "{{ package }}"
+    enablerepo: epel
diff --git a/playbooks/roles/exim/tasks/default.yaml b/playbooks/roles/exim/tasks/default.yaml
new file mode 100644
index 0000000000..aaeb9f5325
--- /dev/null
+++ b/playbooks/roles/exim/tasks/default.yaml
@@ -0,0 +1,4 @@
+- name: Install Exim
+  package:
+    state: present
+    name: '{{ package }}'
diff --git a/playbooks/roles/exim/tasks/main.yaml b/playbooks/roles/exim/tasks/main.yaml
index db49c9b43f..e49f6f24e5 100644
--- a/playbooks/roles/exim/tasks/main.yaml
+++ b/playbooks/roles/exim/tasks/main.yaml
@@ -14,11 +14,6 @@
       skip: true
   loop: "{{ query('first_found', params) }}"
 
-- name: Install Exim
-  package:
-    state: present
-    name: '{{ package }}'
-
 - name: Write Exim defaults file
   template:
     src: "{{ sysdefault_template }}"
diff --git a/playbooks/roles/exim/templates/aliases.j2 b/playbooks/roles/exim/templates/aliases.j2
index 51cafd24a5..74185de265 100644
--- a/playbooks/roles/exim/templates/aliases.j2
+++ b/playbooks/roles/exim/templates/aliases.j2
@@ -13,5 +13,7 @@ noc: root
 security: root
 
 {% for k, v in aliases|dictsort %}
+{% if v %}
 {{ k }}: {{ v }}
+{% endif %}
 {% endfor %}