When standing up a new greenfield environment, one of the first services you typically end up needing is an internal mail relay. We use Office 365, so we wanted to our mail relay to send mail through it. To do that I used Puppet along with a Puppet module from jlambert121, which you can find here. Note, I also used the Firewalld puppet module from crayfishx to manage my firewall ports on RHEL 7, which you can find here.

Once I had the puppet module installed, I was able to use the following puppet manifest.

#=============================================================================
#filename        :postfix_relay.pp
#description     :This is the base puppet manifest for a postfix mail relay for EMS
#author          :Eric Sarakaitis
#date            :9/29/16
#==============================================================================

class profiles::postfix_relay {

#open the firewall ports
firewalld_service { 'Allow smtp from the external zone':
  ensure  => 'present',
  service => 'smtp',
  zone    => 'external'
}

firewalld_port {
  #open port 25 TCP for SMTP
  'Open port 25 TCP in the public zone':
  ensure   => present,
  zone     => 'public',
  port     => 25,
  protocol => 'tcp'
}

#install and configure postfix
class { 'postfix':
  smtp_relay      => true,
  relay_networks  => '172.16.209.0/24, 172.16.208.0/24, 192.168.1.0/24',
  relay_host => '[smtp.office365.com]',
  relay_username => 'relay@domain.com',
  relay_password => 'Passw0rd',
  relay_port => '587',
}

#closing frenchie
}

Under IPA Server > ID Views > Default Trust View, add the LDAP user you want to override with POSIX settings.

Select User

Then add the SSH public key to the user:

3

This document is dependent on the following assumptions:

  • NetBIOS names of the IPA domain and AD domain must be different.
    • In addtion, NetBIOS names of the IPA server and AD DC server must be different.
  • Encoredev.local is the AD domain
    • encoredev1.encoredev.local will host this domain and associated DNS
  • Linux.local is the IPA domain
    • ipa1.linux.local will host this domain and associated DNS records
  • The /etc/hosts file is configured
  • The servers hostname is configured correctly
  • The server┬áhas firewalld disabled or the appropriate firewall ports have been opened.
  • NS1/NS2 = 172.16.40.2/172.16.40.3
  • DEVNS1/DEVNS2 = 172.16.104.2/172.16.105.3
  • Windows Domain = encoredev.local
  • IPA domain = linux.local
  • Active Directory Linux Admins Group = LinuxAdmins
  • NFS Server = nfs.linux.local
    • nfs.linux.local has been added as an IPA Client

More »