[technique] Bascule des MX tetaneutral.net sur VM redondees avec puppet

Laurent GUERBY laurent at guerby.net
Lun 3 Sep 18:57:56 CEST 2012


Bonsoir,

Nous basculons ce soir les MX et le roundcube du domaine tetaneutral.net
de OVH vers notre infrastructure VM Toulouse + VM Lyon entierement
gérée par puppet.

Voila a quoi ressemble le fichier de configuration puppet
du MX primaire et secondaire qui contiennent tous
les parametrages "utilisateur" :

guerby at pc2:~/work/tetaneutral.net/git/puppetmaster$ cat manifests/nodes/mx1.tetaneutral.net.pp 
node "mx1.tetaneutral.net" {
	class { 'ttnn::server': }
	class { 'backup::client':
		mysql_root_password => $ttnn_mysql_root_password[$fqdn][0],
		paths               => [ "/home/vmail" ],
	}
	class { 'authorized_keys': users => ["h1", "sileht", "guerby", "fab"], }

	class {'ttnn_mail_master': 
		domains => [ "tetaneutral.net", "tetaneutral.org", "tetaneutral.info" ], 
		accounts            => 	[ 
			"xxx1 at tetaneutral.info",
			"xxx2 at tetaneutral.info",
			"xxx3 at tetaneutral.net",
		],
		passwords => $ttnn_mail_password,
	}

	class { 'sexymotd': }
}

guerby at pc2:~/work/tetaneutral.net/git/puppetmaster/manifests/nodes$ cat tetaneutral.grenode.net.pp 
node "tetaneutral.grenode.net" {
	class { 'ttnn::server': }
	class { 'backup::client': }
	class { 'authorized_keys': users => ["h1", "sileht", "guerby", "fab"], }

	class { 'ttnn_mail_relay': domains      =>  ["tetaneutral.net", "tetaneutral.org", "tetaneutral.info"], }

	class { 'ttnn_secondary_ns': primary_ns => '91.224.148.10'}

	class { 'sexymotd': }
}


Sous le capot les classes puppet utilisées :

guerby at pc2:~/work/tetaneutral.net/git/puppetmaster/manifests/classes$ cat ttn_mail_master.pp 
class ttnn_mail_master ($domains = [], $accounts = [], $passwords = {} ) {

	class { 'mysql::server':
		config_hash => {
			root_password => $ttnn_mysql_root_password[$fqdn][0],
			old_root_password => $ttnn_mysql_root_password[$fqdn][1],
		},
	}

	class { 'apache':}
	class { 'mailserver::params':
		accounts                 => $accounts,
		passwords                 => $passwords,
		domains                  => $domains,
		aliases_content          => template("$fqdn/aliases"),
		sender_access_content    => template("$fqdn/sender_access"),
		recipient_access_content => template("$fqdn/recipient_access"),
		ssl_cert_source          => "puppet:///ssl/$fqdn.pem",
		ssl_key_source           => "puppet:///ssl/$fqdn.key",
	}
	class { 'mailserver::spamassassin': }
	class { 'mailserver::rbl': }
	class { 'mailserver::greylisting': }
	class { 'mailserver::dovecot':}
	#	class { 'mailserver::spf': }
	class { 'mailserver::roundcube': session_key => $roundcube_session_key[$fqdn] }
	class { 'mailserver::postfix': }


guerby at pc2:~/work/tetaneutral.net/git/puppetmaster/manifests/classes$ cat ttnn_mail_relay.pp 

class ttnn_mail_relay(
	$domains = [],
){
	class { 'mailserver::params':
		domains => $domains,
	}
	class { 'mailserver::spamassassin': }
	class { 'mailserver::rbl': }
	class { 'mailserver::greylisting': }
	#class { 'mailserver::spf': }
	class { 'mailserver::relay': }
	class { 'mailserver::postfix': }
}

Les détails de chaque configuration sont bien sur dans les sous classes
mais l'interface de haut niveau permet de deployer facilement une
infrastructure redondée et migrable "en un clic" entre hebergeurs.

Merci a Mehdi et Fabien pour le travail :).

Laurent






Plus d'informations sur la liste de diffusion technique