coren has submitted this change and it was merged.
Change subject: Create toolserver_legacy module
......................................................................
Create toolserver_legacy module
This is used for relic.toolserver_legacy.eqiad.wmflabs
Also fixes relay issues that were squished by the new default
mail configuration.
Bug: T114102
Change-Id: I7e02223191a31a0c39f5d63824fc7d8ecd1c3652
---
R modules/toolserver_legacy/files/index.html
R modules/toolserver_legacy/files/notfound.html
R modules/toolserver_legacy/manifests/init.pp
A modules/toolserver_legacy/templates/exim4.conf.erb
R modules/toolserver_legacy/templates/www.toolserver.org.erb
5 files changed, 80 insertions(+), 8 deletions(-)
Approvals:
coren: Looks good to me, approved
jenkins-bot: Verified
diff --git a/files/misc/relic/index.html
b/modules/toolserver_legacy/files/index.html
similarity index 100%
rename from files/misc/relic/index.html
rename to modules/toolserver_legacy/files/index.html
diff --git a/files/misc/relic/notfound.html
b/modules/toolserver_legacy/files/notfound.html
similarity index 100%
rename from files/misc/relic/notfound.html
rename to modules/toolserver_legacy/files/notfound.html
diff --git a/manifests/role/relic.pp
b/modules/toolserver_legacy/manifests/init.pp
similarity index 68%
rename from manifests/role/relic.pp
rename to modules/toolserver_legacy/manifests/init.pp
index 76db34e..8f259e2 100644
--- a/manifests/role/relic.pp
+++ b/modules/toolserver_legacy/manifests/init.pp
@@ -1,28 +1,28 @@
-# Class: role::relic
+# Class: toolserver_legacy
#
# This class installs the parts needed for the Toolserver legacy
# "relic" server to provide redirection and mail aliases intended
-# to server the 'toolserver.org' domain.
+# to serve the 'toolserver.org' domain.
#
-class role::relic {
+class toolserver_legacy {
include ::apache
include ::apache::mod::rewrite
$ssl_settings = ssl_ciphersuite('apache-2.2', 'compat')
- system::role { 'relic': description => 'Toolserver legacy server' }
+ system::role { 'toolserver_legacy': description => 'Toolserver legacy
server' }
sslcert::certificate { 'toolserver.org': skip_private => true }
apache::site { 'www.toolserver.org':
- content => template('apache/sites/www.toolserver.org.erb'),
+ content => template('toolserver_legacy/www.toolserver.org.erb'),
require => Sslcert::Certificate['toolserver.org'],
}
class { 'exim4':
queuerunner => 'separate',
- config => template("mail/exim4.minimal.${::realm}.erb"),
+ config => template('toolserver_legacy/exim4.conf.erb'),
}
file { '/var/www/html':
@@ -37,7 +37,7 @@
owner => 'root',
group => 'root',
mode => '0444',
- source => 'puppet:///files/misc/relic/index.html',
+ source => 'puppet:///modules/toolserver_legacy/index.html',
require => File['/var/www/html'],
}
@@ -46,7 +46,7 @@
owner => 'root',
group => 'root',
mode => '0444',
- source => 'puppet:///files/misc/relic/notfound.html',
+ source => 'puppet:///modules/toolserver_legacy/notfound.html',
require => File['/var/www/html'],
}
}
diff --git a/modules/toolserver_legacy/templates/exim4.conf.erb
b/modules/toolserver_legacy/templates/exim4.conf.erb
new file mode 100644
index 0000000..03e99e1
--- /dev/null
+++ b/modules/toolserver_legacy/templates/exim4.conf.erb
@@ -0,0 +1,72 @@
+# Exim 4 configuration file for Wikimedia servers
+# Written on 2010-02-08 by Mark Bergsma <m...@wikimedia.org>
+# Modified 2015-09-29 by Marc Pelletier <m...@wikimedia.org>
+
+# Main configuration options
+# This version to be used as relay-only for a file of aliases
+# (intended to use for legacy mail domains)
+
+check_spool_space = 50M
+remote_max_parallel = 10
+primary_hostname = toolserver.org
+domainlist local_domains = toolserver.org
+
+acl_smtp_rcpt = acl_check_rcpt
+
+# Allow the -f cli option to work
+untrusted_set_sender = *
+local_from_check = false
+
+# No frozen messages please
+ignore_bounce_errors_after = 0h
+
+# Logging
+log_selector = +address_rewrite +all_parents +delivery_size +deliver_time
+incoming_interface +incoming_port +smtp_confirmation +smtp_protocol_error
+smtp_syntax_error
+message_logs = false
+
+# Simple acl that simply blindly allows mail to the local_domains
+
+begin acl
+
+acl_check_rcpt:
+ require message = relay not permitted
+ domains = +local_domains
+
+ require verify = recipient
+
+ accept
+
+begin routers
+
+# Redirect using the alias file if it exists, blackhole otherwise
+
+system_aliases:
+ driver = redirect
+ domains = @
+ data =
${lookup{$local_part}lsearch{/etc/toolserver.aliases}{$value}{:blackhole:}}
+ qualify_domain = wmflabs.org
+ allow_fail
+ allow_defer
+ forbid_file
+
+# Send all mail via a set of mail relays ("smart hosts")
+
+smart_route:
+ driver = manualroute
+ transport = remote_smtp
+ route_list = * <%= @mail_smarthost.join(':') %>
+
+
+begin transports
+
+# Generic remote SMTP transport
+
+remote_smtp:
+ driver = smtp
+ hosts_avoid_tls = <; 0.0.0.0/0 ; 0::0/0
+
+
+begin retry
+
+* * F,2h,5m; F,1d,15m
+
diff --git a/templates/apache/sites/www.toolserver.org.erb
b/modules/toolserver_legacy/templates/www.toolserver.org.erb
similarity index 100%
rename from templates/apache/sites/www.toolserver.org.erb
rename to modules/toolserver_legacy/templates/www.toolserver.org.erb
--
To view, visit https://gerrit.wikimedia.org/r/242288
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I7e02223191a31a0c39f5d63824fc7d8ecd1c3652
Gerrit-PatchSet: 2
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: coren <mpellet...@wikimedia.org>
Gerrit-Reviewer: Yuvipanda <yuvipa...@wikimedia.org>
Gerrit-Reviewer: coren <mpellet...@wikimedia.org>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
