coren has submitted this change and it was merged. Change subject: Create toolserver_legacy module ......................................................................
Create toolserver_legacy module This is used for relic.toolserver_legacy.eqiad.wmflabs Also fixes relay issues that were squished by the new default mail configuration. Bug: T114102 Change-Id: I7e02223191a31a0c39f5d63824fc7d8ecd1c3652 --- R modules/toolserver_legacy/files/index.html R modules/toolserver_legacy/files/notfound.html R modules/toolserver_legacy/manifests/init.pp A modules/toolserver_legacy/templates/exim4.conf.erb R modules/toolserver_legacy/templates/www.toolserver.org.erb 5 files changed, 80 insertions(+), 8 deletions(-) Approvals: coren: Looks good to me, approved jenkins-bot: Verified diff --git a/files/misc/relic/index.html b/modules/toolserver_legacy/files/index.html similarity index 100% rename from files/misc/relic/index.html rename to modules/toolserver_legacy/files/index.html diff --git a/files/misc/relic/notfound.html b/modules/toolserver_legacy/files/notfound.html similarity index 100% rename from files/misc/relic/notfound.html rename to modules/toolserver_legacy/files/notfound.html diff --git a/manifests/role/relic.pp b/modules/toolserver_legacy/manifests/init.pp similarity index 68% rename from manifests/role/relic.pp rename to modules/toolserver_legacy/manifests/init.pp index 76db34e..8f259e2 100644 --- a/manifests/role/relic.pp +++ b/modules/toolserver_legacy/manifests/init.pp @@ -1,28 +1,28 @@ -# Class: role::relic +# Class: toolserver_legacy # # This class installs the parts needed for the Toolserver legacy # "relic" server to provide redirection and mail aliases intended -# to server the 'toolserver.org' domain. +# to serve the 'toolserver.org' domain. # -class role::relic { +class toolserver_legacy { include ::apache include ::apache::mod::rewrite $ssl_settings = ssl_ciphersuite('apache-2.2', 'compat') - system::role { 'relic': description => 'Toolserver legacy server' } + system::role { 'toolserver_legacy': description => 'Toolserver legacy server' } sslcert::certificate { 'toolserver.org': skip_private => true } apache::site { 'www.toolserver.org': - content => template('apache/sites/www.toolserver.org.erb'), + content => template('toolserver_legacy/www.toolserver.org.erb'), require => Sslcert::Certificate['toolserver.org'], } class { 'exim4': queuerunner => 'separate', - config => template("mail/exim4.minimal.${::realm}.erb"), + config => template('toolserver_legacy/exim4.conf.erb'), } file { '/var/www/html': @@ -37,7 +37,7 @@ owner => 'root', group => 'root', mode => '0444', - source => 'puppet:///files/misc/relic/index.html', + source => 'puppet:///modules/toolserver_legacy/index.html', require => File['/var/www/html'], } @@ -46,7 +46,7 @@ owner => 'root', group => 'root', mode => '0444', - source => 'puppet:///files/misc/relic/notfound.html', + source => 'puppet:///modules/toolserver_legacy/notfound.html', require => File['/var/www/html'], } } diff --git a/modules/toolserver_legacy/templates/exim4.conf.erb b/modules/toolserver_legacy/templates/exim4.conf.erb new file mode 100644 index 0000000..03e99e1 --- /dev/null +++ b/modules/toolserver_legacy/templates/exim4.conf.erb @@ -0,0 +1,72 @@ +# Exim 4 configuration file for Wikimedia servers +# Written on 2010-02-08 by Mark Bergsma <m...@wikimedia.org> +# Modified 2015-09-29 by Marc Pelletier <m...@wikimedia.org> + +# Main configuration options +# This version to be used as relay-only for a file of aliases +# (intended to use for legacy mail domains) + +check_spool_space = 50M +remote_max_parallel = 10 +primary_hostname = toolserver.org +domainlist local_domains = toolserver.org + +acl_smtp_rcpt = acl_check_rcpt + +# Allow the -f cli option to work +untrusted_set_sender = * +local_from_check = false + +# No frozen messages please +ignore_bounce_errors_after = 0h + +# Logging +log_selector = +address_rewrite +all_parents +delivery_size +deliver_time +incoming_interface +incoming_port +smtp_confirmation +smtp_protocol_error +smtp_syntax_error +message_logs = false + +# Simple acl that simply blindly allows mail to the local_domains + +begin acl + +acl_check_rcpt: + require message = relay not permitted + domains = +local_domains + + require verify = recipient + + accept + +begin routers + +# Redirect using the alias file if it exists, blackhole otherwise + +system_aliases: + driver = redirect + domains = @ + data = ${lookup{$local_part}lsearch{/etc/toolserver.aliases}{$value}{:blackhole:}} + qualify_domain = wmflabs.org + allow_fail + allow_defer + forbid_file + +# Send all mail via a set of mail relays ("smart hosts") + +smart_route: + driver = manualroute + transport = remote_smtp + route_list = * <%= @mail_smarthost.join(':') %> + + +begin transports + +# Generic remote SMTP transport + +remote_smtp: + driver = smtp + hosts_avoid_tls = <; 0.0.0.0/0 ; 0::0/0 + + +begin retry + +* * F,2h,5m; F,1d,15m + diff --git a/templates/apache/sites/www.toolserver.org.erb b/modules/toolserver_legacy/templates/www.toolserver.org.erb similarity index 100% rename from templates/apache/sites/www.toolserver.org.erb rename to modules/toolserver_legacy/templates/www.toolserver.org.erb -- To view, visit https://gerrit.wikimedia.org/r/242288 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I7e02223191a31a0c39f5d63824fc7d8ecd1c3652 Gerrit-PatchSet: 2 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: coren <mpellet...@wikimedia.org> Gerrit-Reviewer: Yuvipanda <yuvipa...@wikimedia.org> Gerrit-Reviewer: coren <mpellet...@wikimedia.org> Gerrit-Reviewer: jenkins-bot <> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits