Version information
This version is compatible with:
- Puppet Enterprise 2019.8.x, 2019.7.x, 2019.5.x, 2019.4.x, 2019.3.x, 2019.2.x, 2019.1.x, 2019.0.x, 2018.1.x, 2017.3.x, 2017.2.x, 2017.1.x, 2016.4.x
- Puppet >= 4.9.0 < 7.0.0
- FreeBSD , , , , , ,
Start using this module
Add this module to your Puppetfile:
mod 'oxc-dovecot', '3.1.0'
Learn more about managing modules with a PuppetfileDocumentation
dovecot
Table of Contents
- Description
- Setup and Usage - The basics of getting started with dovecot
- Reference - An under-the-hood peek at what the module is doing and how
- Limitations - OS compatibility, etc.
- Development - Guide for contributing to the module
Description
This module installs and manages the dovecot imap server and its plugins, and provides resources and functions to configure the dovecot system. It does, however, not configure any of those systems beyond the upstream defaults.
This module is intended to work with Puppet 5 and 6, tested dovceot and OS versions are listed below. Patches to support other setups are welcome.
Setup and Usage
What this module affects
By default, this package...
- installs the dovecot package
- recursively purges all dovecot config
Configuration options
While on a puppet-managed host, splitting the config into multiple conf.d files provides not much advantage, this module supports managing both the dovecot.conf file and several conf.d files.
The dovecot class takes two parameters, $config for dovecot.conf entries and $configs for conf.d file entries:
class { 'dovecot':
plugins => ['imap', 'lmtp'],
config => {
protocols => 'imap lmtp',
listen => '*, ::',
},
configs => {
'10-auth' => {
passdb => {
driver => 'passwd-file',
args => 'username_format=%u /etc/dovecot/virtual_accounts_passwd',
},
},
'10-logging' => {
log_path => 'syslog',
},
}
}
This can be conveniently used from hiera:
dovecot::plugins:
- imap
- lmtp
- sieve
dovecot::config:
protocols: imap sieve lmtp
hostname: "%{::fqdn}"
dovecot::configs:
'10-auth':
disable_plaintext_auth: yes
passdb:
driver: passwd-file
args: scheme=CRYPT username_format=%u /etc/dovecot/virtual_accounts_passwd
'10-master':
default_process_limit: 200
default_client_limit: 2000
service lmtp:
unix_listener /var/spool/postfix/private/dovecot-lmtp:
user: postfix
group: postfix
mode: '0600'
'10-ssl':
ssl: yes
ssl_cert: '</etc/dovecot/ssl/dovecot.crt'
ssl_key: '</etc/dovecot/ssl/dovecot.key'
For advanced use-cases you can also use the provided dovecot::create_config_resources
and
dovecot::create_config_file_resources
functions, that are used to handle the $config and
$configs parameters.
If you want to use the dovecot::config resource directly, the easiest way is to put both the file (optional) and the hierachical config key into the resource title:
dovecot::config {
'protocols': value => 'imap lmtp';
'listen':
value => '*, ::',
comment => 'Listen on all interfaces',
;
'10-auth:passdb.driver': value => 'passwd-file';
'10-auth:passdb.args': value => 'username_format=%u /etc/dovecot/virtual_accounts_passwd'
}
But you can also specify them separately:
dovecot::config { 'dovecot passdb driver':
file => '10-auth',
sections => ['passdb'],
key => 'driver',
value => 'passwd-file',
}
By default all regular config files are created with mode 0644, but this can be changed by
creating the dovecot::configfile
instance manually and specifying the $mode
param, or
by setting the global dovecot::configs_mode
parameter/hiera key.
External config files
In some cases, dovecot requires an external config file to be passed as a config value. This is especially the case for SQL- and LDAP-based userdbs.
These external config files are using a similar syntax, but are parsed by a different parser (and at a different point of time), as explained in the Dovecot wiki.
This module supports such external config files using the dovecot::extconfigfile
type, or
the dovecot::extconfigs
parameter/hiera key:
dovecot::configs:
'10-auth':
passdb:
driver: sql
args: /etc/dovecot/dovecot-sql.conf.ext
dovecot::extconfigs:
'dovecot-sql.conf.ext':
driver: pgsql
connect: host=sql.example.com dbname=virtual user=virtual password=blarg
default_pass_scheme: SHA256-CRYPT
password_query: "SELECT email as user, password FROM virtual_users WHERE email='%u';"
Since external config files often contain sensitive information like database passwords, they
are set to mode 0600 by default. This can be changed using the type's $mode
parameter, or
the global dovecot::extconfigs_mode
parameter/hiera key.
If you need to specify additional content in the file, like dict maps, you can use the
extended notation that takes an entries
and an additional_content
key:
dovecot::extconfigs:
'dovecot-dict-sql.conf.ext':
entries:
connect: host=localhost dbname=mails user=sqluser password=sqlpass
additional_content: |+
map {
pattern = shared/shared-boxes/user/$to/$from
table = user_shares
value_field = dummy
fields {
from_user = $from
to_user = $to
}
}
NOTE: These external config files are usually stored in /etc/dovecot
. Unfortunately,
the example-config delivered with Dovecot also contains .conf.ext
files in conf.d/
, which
are !included from 10-auth.conf
. Please note that these are not external config files as
explained here, they are included and parsed by the normal config parser. The example config
splits them out to provide multiple options the user can easily choose one from. In a
puppet-based setup, this should not be necessary, and is thus currently not supported by this
module. Please provide a valid use-case as a bug report, if you have one.
Poolmon configuration
For multi-server setups it is possible to enable built-in support for Poolmon:
dovecot::poolmon_manage: true
dovecot::poolmon_version: '0.6'
dovecot::poolmon_config:
scan_interval: 30
check_timeout: 5
log_debug: false
logfile: 'syslog'
check_port:
- 110
- 143
check_ssl:
- 993
socket: '/var/run/dovecot/director-admin'
lockfile: '/var/run/poolmon.pid'
NOTE: $dovecot::poolmon_config
uses "hash" merge behavior during lookup
(see Merge behavior below).
Reference
See the reference generated by puppet strings on https://oxc.github.io/puppet-dovecot/
Limitations
Compatibility
OS Versions tested:
- CentOS 7
- FreeBSD 11
- Ubuntu 14.04, 16.04
dovecot versions tested:
- 2.2.10
- 2.2.22
- 2.2.36
Feel free to let me know if it correctly works on a different OS/setup, or submit patches if it doesn't.
Merge behavior
Although this module defaults to "deep" merge behavior for lookups, there's one notable exception.
The poolmon configuration $dovecot::poolmon_config
utilizes the "hash" merge behavior. This way
it is possible to replace default values when necessary, i.e. the check_port
item.
Development
You're welcome to submit patches and issues to the issue tracker on Github.
Changelog
All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog and this project adheres to Semantic Versioning.
Unreleased
3.1.0 - 2020-09-12
This release now uses PDK and increases dependency compatibility.
Changed
- Increased compatible stdlib dependency versions in metadata (#25)
- Convert to PDK
3.0.0 - 2020-04-07
This release modifies the behaviour of purge_unmanaged
parameter to include
files in "conf.d" and "private" directories.
While in theory this is a breaking change (hence the version increase), it
should rarely have any real effects. In any case, be advised that unmanaged
files in conf.d and private directories will be purged if you have
purge_unmanaged
enabled (which it is by default).
Changed
purge_unmanaged
now also purges "conf.d" and "private" directories (#22)
2.3.0 - 2020-04-07
This release solely changes documentation and metadata.
Changed
- Increased compatible dependency versions in metadata (#23)
2.2.0 - 2020-03-20
This release adds support for additional content in extconfig files.
Added
- Add support for additional content in extconfig files (#19)
2.1.0 - 2019-03-23
This release solely changes documentation and metadata.
Changed
2.0.0 - 2019-02-04
This release includes one breaking change, the switch to "hash" merge behaviour
for $dovecot::poolmon_config
. This will most likely not affect your
configuration, but in theory it might, so this is released as a new major
version in conformance with SemVer.
Changed
$dovecot::poolmon_config
now uses "hash" merge behaviour (#13).
1.2.0 - 2018-12-10
This release mainly fixes and improves poolmon service management
Added
- Manage /etc/dovecot/private directory (if enabled, default on Debian-based systems), to prevent log noise and service notifies after package updates
- Add SysVinit support for poolmon service (#12)
Fixes
- Fix poolmon systemd service generation (#12)
1.1.0 - 2018-06-02
This release adds support for managing external config files
Added
- Support for external config files as required for some userdb/passdb drivers (#6)
- Make config files mode configurable
Fixes
- Fixed
dovecot::create_config_file_resources()
not respecting$include_in_main_config
(#8)
1.0.1 - 2018-01-28
This release only contains minor non-functional and documentation changes
Fixes
- Fix links in this changelog
- Lint fixes
1.0.0 - 2018-01-28
First stable release, now requires Puppet 4.9
Added
- Support support for other operating systems (RedHat, Debian and FreeBSD)
- New parameters for service configuration (
$service_enable
,$service_ensure
,$service_name
to customize the service name,$package_ensure
to allow 'latest' or a specific version number) - Add poolmon support
Changed
- Minium required puppet version is now 4.9 for Hiera 5 support
- Module structure has been completely rewritten, uses standard module layout now
- Rename parameter
$packages_install
to$package_manage
- Lots of lint/style changes
Fixed
require
on service would fail if$package_manage
wasfalse
0.1.0 - 2017-07-31
Initial release
Dependencies
- puppetlabs/stdlib (>= 3.0.0 < 7.0.0)
- puppetlabs/concat (>= 3.0.0 < 7.0.0)
- puppet/archive (>= 2.0.0 < 5.0.0)
Copyright 2017 Bernhard Frauendienst Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.