jancubillan / ansible-zimbra-single Goto Github PK
View Code? Open in Web Editor NEWAnsible Role - Single-Server Zimbra
License: MIT License
Ansible Role - Single-Server Zimbra
License: MIT License
Hi,
I'm trying and adapting your project for my needs.
I'm encountering and issue in the phase 2 installer where the jinja template does not take the facts on the zimbra host.
Here's a screenshot of my localconfig :
It seems that the facts are not used when I start the playbook.
Gathering facts alone from my computer that run ansible gave me the correct fqdn :
"ansible_fqdn": "gwenzim.mydomain.com"
I'm not an ansible expert so I might have gone wrong somewhere but I was thinking that the template would autofill with gathered variable since ansible_fqdn is not declared in any file in the role.
Regards
Hi Jan, nice project! I have tested it on a couple of cloud provider and it works smoothly.
While trying on a cloud provider that assign a public IP directly on the NIC, I have noticed that due to this line:
https://github.com/jancubillan/ansible-zimbra-single/blob/master/templates/zimbra_config.txt.j2#L84
inside postfix main.cf file it will set a wide public subnet as permitted networks.
This cause of being an open-relay for any IPs inside that subnet range.
Example:
root@mail:~# cat /opt/zimbra/common/conf/main.cf|grep mynetworks
# The mynetworks parameter specifies the list of "trusted" SMTP
# By default (mynetworks_style = subnet), Postfix "trusts" SMTP
# Specify "mynetworks_style = class" when Postfix should "trust" SMTP
# mynetworks list by hand, as described below.
# Specify "mynetworks_style = host" when Postfix should "trust"
#mynetworks_style = class
mynetworks_style = subnet
smtpd_recipient_restrictions = reject_non_fqdn_recipient, permit_sasl_authenticated, permit_mynetworks, reject_unlisted_recipient, reject_invalid_helo_hostname, reject_non_fqdn_sender, permit
local_header_rewrite_clients = permit_mynetworks,permit_sasl_authenticated
postscreen_access_list = permit_mynetworks
mynetworks = 127.0.0.0/8 [::1]/128 206.81.16.0/20
As a workaround, I have added is_public: True
variable inside the playbook file:
---
- hosts: all
vars:
zimbra_timezone: Europe/Rome
zimbra_fqdn: mail.example.com
zimbra_admin_password: zimbra4ever
is_public: True
roles:
- ansible-zimbra-single
With this conditional check inside zimbra_config.txt.j2
template:
{% if is_public %}
zimbraMtaMyNetworks="127.0.0.0/8 [::1]/128"
{% else %}
zimbraMtaMyNetworks="127.0.0.0/8 [::1]/128 {{ (ansible_default_ipv4.address + '/' + ansible_default_ipv4.netmask) | ansible.netcommon.ipaddr('network/prefix') }}"
{% endif %}
Would be nice to add inside the task a check that verifies if a NIC have a public address assigned
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.