Andrew Bogott has submitted this change and it was merged.
Change subject: Removed many unneeded scope.lookupvar calls.
......................................................................
Removed many unneeded scope.lookupvar calls.
These were treating local variables like globals, adding unnecessary
complexity.
This patch also fixes one type (line 558) which surely concealed a
logic error: some conf files will now contain this line:
> helo_data = lists.wikimedia.org
previously that line would never have been inserted.
I've left references to enable_mediawiki_relay untouched because that
seems to be an obsolete variable; direct references to it cause errors.
I'll resolve this in a future patch.
Change-Id: I0344a26ddee486bbe80d2cd4bf706c903c4108c0
---
M templates/exim/exim4.conf.SMTP_IMAP_MM.erb
1 file changed, 37 insertions(+), 37 deletions(-)
Approvals:
Andrew Bogott: Verified; Looks good to me, approved
Mark Bergsma: Looks good to me, but someone else must approve
jenkins-bot: Verified
diff --git a/templates/exim/exim4.conf.SMTP_IMAP_MM.erb
b/templates/exim/exim4.conf.SMTP_IMAP_MM.erb
index b836f0b..a81ba8b 100644
--- a/templates/exim/exim4.conf.SMTP_IMAP_MM.erb
+++ b/templates/exim/exim4.conf.SMTP_IMAP_MM.erb
@@ -26,7 +26,7 @@
# Main configuration settings #
###############################
-<% if scope.lookupvar('exim::roled::enable_mail_relay') == "primary" then -%>
+<% if enable_mail_relay == "primary" then -%>
# MySQL lookups (OTRS)
hide mysql_servers = db48.pmtpa.wmnet/otrs/exim/<%=
scope.lookupvar('exim::smtp::otrs_mysql_password') %> :
db49.pmtpa.wmnet/otrs/exim/<%=
scope.lookupvar('exim::smtp::otrs_mysql_password') %>
@@ -36,11 +36,11 @@
<% end -%>
domainlist system_domains = @
-domainlist local_domains = <%=
scope.lookupvar('exim::roled::local_domains').join(" : ") %>
-<% if scope.lookupvar('exim::roled::enable_mail_relay') == "secondary" then -%>
+domainlist local_domains = <%= local_domains.join(" : ") %>
+<% if enable_mail_relay == "secondary" then -%>
domainlist secondary_domains = @mx_secondary/ignore=127.0.0.1
<% end -%>
-<%if scope.lookupvar('exim::roled::enable_mail_relay') != "false "%>
+<%if enable_mail_relay != "false "%>
domainlist relay_domains = lsearch;CONFDIR/relay_domains
<% end -%>
@@ -55,12 +55,12 @@
domainlist spamassassin_domains = *
hostlist wikimedia_nets = <; <%=
scope.lookupvar('network::constants::all_networks').join(" ; ") %>
-hostlist relay_from_hosts = <; @[] ; 127.0.0.1 ; ::1 ; <% if
scope.lookupvar('exim::roled::enable_mail_relay') != "false" -%><%=
scope.lookupvar('network::constants::external_networks').join(" ; ") %>;
10.0.0.0/8<% end %>
+hostlist relay_from_hosts = <; @[] ; 127.0.0.1 ; ::1 ; <% if enable_mail_relay
!= "false" -%><%=
scope.lookupvar('network::constants::external_networks').join(" ; ") %>;
10.0.0.0/8<% end %>
# Relay @mx_secondary domains only to these hosts
hostlist primary_mx = <; <%=
scope.lookupvar('exim::constants::primary_mx').join(" ; ") %>
-<% if scope.lookupvar('exim::roled::enable_imap_delivery') == "true" then -%>
+<% if enable_imap_delivery == "true" then -%>
# Interfaces
daemon_smtp_ports = smtp : ssmtp
<% end -%>
@@ -74,7 +74,7 @@
acl_smtp_rcpt = acl_check_rcpt
acl_smtp_data = acl_check_data
-<% if scope.lookupvar('exim::roled::enable_mail_relay') != "false" then -%>
+<% if enable_mail_relay != "false" then -%>
helo_try_verify_hosts = *
<% end -%>
@@ -98,12 +98,12 @@
# Lookups
host_lookup = *
rfc1413_hosts =
-<% if scope.lookupvar('exim::roled::enable_spamassassin') == "true" then -%>
+<% if enable_spamassassin == "true" then -%>
# Content filtering
spamd_address = 127.0.0.1 783
<% end %>
-<% if scope.lookupvar('exim::roled::enable_imap_delivery') == "true" then -%>
+<% if enable_imap_delivery == "true" then -%>
# TLS
tls_certificate = /etc/ssl/certs/wikimedia.org.pem
tls_privatekey = /etc/ssl/private/wikimedia.org.key
@@ -116,7 +116,7 @@
ignore_bounce_errors_after = 0h
# Hold mail for these domains (e.g. for testing/debugging)
-hold_domains = <%= scope.lookupvar('exim::roled::hold_domains').join(" : ") %>
+hold_domains = <%= hold_domains.join(" : ") %>
###############################
# Access Control Lists (ACLs) #
@@ -126,7 +126,7 @@
acl_check_rcpt:
-<% if scope.lookupvar('exim::roled::enable_mail_relay') != "false" then -%>
+<% if enable_mail_relay != "false" then -%>
# If there have been ~4 times as many previous RCPT rejects than
# accepts, drop the connection
@@ -151,7 +151,7 @@
hosts = +relay_from_hosts
control = submission/sender_retain
-<% if scope.lookupvar('exim::roled::enable_mail_submission') == "true" then -%>
+<% if enable_mail_submission == "true" then -%>
# Mail submissions from other hosts must be from SMTP authenticated users
accept authenticated = *
@@ -168,7 +168,7 @@
# Require recipient domain to be local, or a domain we relay for
require message = Relay not permitted
- domains = +local_domains : +relay_domains <% if
scope.lookupvar('exim::roled::enable_mail_relay') == "secondary" then -%>:
+secondary_domains<% end %>
+ domains = +local_domains : +relay_domains <% if
enable_mail_relay == "secondary" then -%>: +secondary_domains<% end %>
# { recipient domain is under our administrative control }
@@ -186,19 +186,19 @@
require verify = recipient
-<% if scope.lookupvar('exim::roled::enable_mail_relay') != "false" then -%>
+<% if enable_mail_relay != "false" then -%>
# If the destination domain is a domain we relay for,
# check if the local part exists at the destination,
# reject if it doesn't.
# Accept if the destination cannot be reached within 30s.
- deny domains = +relay_domains <% if
scope.lookupvar('exim::roled::enable_mail_relay') == "secondary" then -%>:
+secondary_domains<% end %>
+ deny domains = +relay_domains <% if enable_mail_relay == "secondary"
then -%>: +secondary_domains<% end %>
! verify = recipient/callout=10s,maxwait=30s,defer_ok
<% end -%>
# Mail can be safely accepted here, but we may want to do more
# rfc compliance checking and spam filtering.
- <% if scope.lookupvar('exim::roled::enable_mail_relay') != "false" then
-%>
+ <% if enable_mail_relay != "false" then -%>
# Check whether the sender address domain exists
@@ -206,7 +206,7 @@
<% end -%>
accept
-<% if scope.lookupvar('exim::roled::enable_mail_relay') != "false" then -%>
+<% if enable_mail_relay != "false" then -%>
set acl_m2 = ${if
eq{$local_part@$domain}{w...@wikimedia.org}{skip_spamd}{}}
<% end -%>
@@ -222,7 +222,7 @@
accept
acl_check_data:
-<% if ( scope.lookupvar('exim::roled::enable_spamassassin') == "true" ) then
-%>
+<% if ( enable_spamassassin == "true" ) then -%>
# Let's trust local senders (Mailman) to not send out spam
accept hosts = +wikimedia_nets
set acl_m0 = trusted relay
@@ -232,7 +232,7 @@
<% end -%>
accept
-<% if ( scope.lookupvar('exim::roled::enable_spamassassin') == "true" ) then
-%>
+<% if ( enable_spamassassin == "true" ) then -%>
spamassassin:
# Only run through SpamAssassin if requested for this domain and
# the message is not too large (Mailman's default moderation
@@ -262,7 +262,7 @@
begin routers
-<% if scope.lookupvar('exim::roled::enable_mail_relay') == "secondary" then -%>
+<% if enable_mail_relay == "secondary" then -%>
# Route relay domains only if the higher prio MXes are in the allowed list
secondary:
driver = dnslookup
@@ -284,7 +284,7 @@
ignore_target_hosts = <; 0.0.0.0 ; 127.0.0.0/8 ; 10/8 ; 172.16/12 ;
192.168/16
no_verify
<% end %>
-<% if scope.lookupvar('exim::roled::enable_mail_relay') != "false" then -%>
+<% if enable_mail_relay != "false" then -%>
# Route non-local domains (including +relay_domains) via DNS MX and A records
dnslookup:
driver = dnslookup
@@ -306,7 +306,7 @@
allow_defer
forbid_file
-<% if scope.lookupvar('exim::roled::enable_mailman') == "true" then -%>
+<% if enable_mailman == "true" then -%>
# Mailman list handling.
list_aliases:
@@ -322,7 +322,7 @@
include_directory = CONFDIR
<% end -%>
-<% if ( scope.lookupvar('exim::roled::enable_mail_relay') == "primary" ) -%>
+<% if ( enable_mail_relay == "primary" ) -%>
aliases:
driver = redirect
domains = +local_domains
@@ -336,7 +336,7 @@
pipe_transport = address_pipe
<% end -%>
-<% if scope.lookupvar('exim::roled::enable_mailman') == "true" then -%>
+<% if enable_mailman == "true" then -%>
# Test the mailing list address without suffix
# first, as a mailing list like wikifi-admin is a valid list name.
@@ -356,7 +356,7 @@
-subscribe : -unsubscribe
transport = list
<% end -%>
-<% if scope.lookupvar('exim::roled::enable_mail_relay') == "primary" then -%>
+<% if enable_mail_relay == "primary" then -%>
# Use alias files /etc/exim4/aliases/$domain for domains like
# wikimedia.org, wikipedia.org, wiktionary.org etc.
@@ -456,7 +456,7 @@
route_list = * williams.wikimedia.org byname
transport = remote_smtp
<% end %>
-<% if scope.lookupvar('exim::roled::enable_imap_delivery') == "true" then -%>
+<% if enable_imap_delivery == "true" then -%>
# Run a custom user filter, e.g. to sort mail into subfolders
# By default Exim filter CONFDIR/default_user_filter is run,
# which sorts mail classified spam into the Junk folder
@@ -527,7 +527,7 @@
transport = remote_smtp
route_list = * mchenry.wikimedia.org:lists.wikimedia.org
<% end %>
-<% if scope.lookupvar('exim::roled::enable_mail_relay') != "false" then -%>
+<% if enable_mail_relay != "false" then -%>
# Redirect postmaster@$domain if it hasn't been accepted before
postmaster:
@@ -536,9 +536,9 @@
local_parts = postmaster
data = postmaster@$primary_hostname
<% end %>
-<% if scope.lookupvar('exim::roled::enable_mailman') == "true" then -%>
+<% if enable_mailman == "true" then -%>
cannot_route_message = Mailing list $local_part does not exist.
-<% elsif scope.lookupvar('exim::roled::enable_mail_relay') != "false" then -%>
+<% elsif enable_mail_relay != "false" then -%>
cannot_route_message = Address $local_part@$domain does not exist
<% end %>
@@ -553,8 +553,8 @@
remote_smtp:
driver = smtp
hosts_avoid_tls = <; 0.0.0.0/0 ; 0::0/0
- interface = <; <%= scope.lookupvar('exim::roled::outbound_ips').join("
; ") %>
-<% if scope.lookupvar('exim::roled::enable_mailman' == "true" ) -%>
+ interface = <; <%= outbound_ips.join(" ; ") %>
+<% if (enable_mailman == "true" ) -%>
helo_data = lists.wikimedia.org
<% end -%>
@@ -573,7 +573,7 @@
driver = pipe
return_output
-<% if scope.lookupvar('exim::roled::enable_mailman') == "true" then -%>
+<% if enable_mailman == "true" then -%>
# Mailman pipe transport
# Rewrite body headers of old mailing list addresses to new ones
@@ -591,7 +591,7 @@
#headers_rewrite = \N^.*@(mail\.)?wiki[mp]edia\.org$\N "${if
exists{MAILMAN_LISTS_HOME/lists/$local_part/config.pck}{$local_p...@lists.wikimedia.org}fail}"
ct
<% end %>
-<% if scope.lookupvar('exim::roled::enable_imap_delivery') == "true" then -%>
+<% if enable_imap_delivery == "true" then -%>
# Delivery via Dovecot's "deliver" LDA. The advantage over using Exim's
# internal Maildir appendfile transport is that it can immediately update
# Dovecot's internal indexes for better performance.
@@ -647,7 +647,7 @@
reply_transport:
driver = autoreply
<% end %>
-<% if scope.lookupvar('exim::roled::enable_mail_submission') == "true" then -%>
+<% if enable_mail_submission == "true" then -%>
##################
# Authenticators #
##################
@@ -681,7 +681,7 @@
* * senders=w...@wikimedia.org F,1h,15m; G,8
<% end -%>
* * F,2h,15m; G,16h,1h,1.5; F,4d,6h
-<% if ( scope.lookupvar('exim::roled::enable_mail_relay') != "false" ) -%>
+<% if ( enable_mail_relay != "false" ) -%>
#################
# Rewrite rules #
@@ -690,10 +690,10 @@
begin rewrite
<% end %>
-<% if scope.lookupvar('exim::roled::enable_mailman') == "true" then -%>
+<% if enable_mailman == "true" then -%>
\N^.*@(mail\.)?wiki[mp]edia\.org$\N "${if
exists{MAILMAN_LISTS_HOME/lists/$local_part/config.pck}{$local_p...@lists.wikimedia.org}fail}"
ct
<% end %>
-<% if ( scope.lookupvar('exim::roled::enable_mail_relay') != "false" ) -%>
+<% if ( enable_mail_relay != "false" ) -%>
# Rewrite the envelope From for mails from internal servers in *.pmtpa.wmnet,
# as they are usually rejected by sender domain address verification.
*@*.pmtpa.wmnet r...@wikimedia.org F
--
To view, visit https://gerrit.wikimedia.org/r/67881
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I0344a26ddee486bbe80d2cd4bf706c903c4108c0
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Andrew Bogott <abog...@wikimedia.org>
Gerrit-Reviewer: Andrew Bogott <abog...@wikimedia.org>
Gerrit-Reviewer: Mark Bergsma <m...@wikimedia.org>
Gerrit-Reviewer: jenkins-bot
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
