When standing up a new greenfield environment, one of the first services you typically end up needing is an internal mail relay. We use Office 365, so we wanted to our mail relay to send mail through it. To do that I used Puppet along with a Puppet module from jlambert121, which you can find here. Note, I also used the Firewalld puppet module from crayfishx to manage my firewall ports on RHEL 7, which you can find here.

Once I had the puppet module installed, I was able to use the following puppet manifest.

#=============================================================================
#filename        :postfix_relay.pp
#description     :This is the base puppet manifest for a postfix mail relay for EMS
#author          :Eric Sarakaitis
#date            :9/29/16
#==============================================================================

class profiles::postfix_relay {

#open the firewall ports
firewalld_service { 'Allow smtp from the external zone':
  ensure  => 'present',
  service => 'smtp',
  zone    => 'external'
}

firewalld_port {
  #open port 25 TCP for SMTP
  'Open port 25 TCP in the public zone':
  ensure   => present,
  zone     => 'public',
  port     => 25,
  protocol => 'tcp'
}

#install and configure postfix
class { 'postfix':
  smtp_relay      => true,
  relay_networks  => '172.16.209.0/24, 172.16.208.0/24, 192.168.1.0/24',
  relay_host => '[smtp.office365.com]',
  relay_username => 'relay@domain.com',
  relay_password => 'Passw0rd',
  relay_port => '587',
}

#closing frenchie
}

On our OCP Winterfell nodes, in CentOS 6; the 10GB Mellanox NIC’s show up as eth0 and eht1, where the 1GB management interface shows up as eth2. We are also using Brocade 10GB top-of-rack switches. So configuring LLDP was necessary for the servers to advertise themselves to the upstream switches. To do this, we use the LLDPAD package available  in the @base CentOS repo.

The next step is to create a Puppet module/mainfest to:

  1. Install the LLDPAD RPM from YUM.
  2. Start the LLDPAD service
  3. Ensure that the LLDPAD service is set to autostart at boot
  4. Configure eth0 and eth1 to broadcast their LLDP status to the upstream switches
  5. Ensure that it only runs once, not every time puppet agent runs

More »