Configure a datacenter mail relay through Office 365 based on Postfix using Puppet

When standing up a new greenfield environment, one of the first services you typically end up needing is an internal mail relay. We use Office 365, so we wanted to our mail relay to send mail through it. To do that I used Puppet along with a Puppet module from jlambert121, which you can find here. Note, I also used the Firewalld puppet module from crayfishx to manage my firewall ports on RHEL 7, which you can find here.

Once I had the puppet module installed, I was able to use the following puppet manifest.

#=============================================================================
#filename :postfix_relay.pp
#description :This is the base puppet manifest for a postfix mail relay for EMS
#author :Eric Sarakaitis
#date :9/29/16
#==============================================================================

class profiles::postfix_relay {

#open the firewall ports
firewalld_service { 'Allow smtp from the external zone':
ensure => 'present',
service => 'smtp',
zone => 'external'
}

firewalld_port {
#open port 25 TCP for SMTP
'Open port 25 TCP in the public zone':
ensure => present,
zone => 'public',
port => 25,
protocol => 'tcp'
}

#install and configure postfix
class { 'postfix':
smtp_relay => true,
relay_networks => '172.16.209.0/24, 172.16.208.0/24, 192.168.1.0/24',
relay_host => '[smtp.office365.com]',
relay_username => 'relay@domain.com',
relay_password => 'Passw0rd',
relay_port => '587',
}

#closing frenchie
}

Installing IPA on RHEL 7 and utilizing an Active Directory Trust

This document is dependent on the following assumptions:

  • NetBIOS names of the IPA domain and AD domain must be different.
    • In addtion, NetBIOS names of the IPA server and AD DC server must be different.
  • Encoredev.local is the AD domain
    • encoredev1.encoredev.local will host this domain and associated DNS
  • Linux.local is the IPA domain
    • ipa1.linux.local will host this domain and associated DNS records
  • The /etc/hosts file is configured
  • The servers hostname is configured correctly
  • The server┬áhas firewalld disabled or the appropriate firewall ports have been opened.
  • NS1/NS2 = 172.16.40.2/172.16.40.3
  • DEVNS1/DEVNS2 = 172.16.104.2/172.16.105.3
  • Windows Domain = encoredev.local
  • IPA domain = linux.local
  • Active Directory Linux Admins Group = LinuxAdmins
  • NFS Server = nfs.linux.local
    • nfs.linux.local has been added as an IPA Client

Continue reading “Installing IPA on RHEL 7 and utilizing an Active Directory Trust”