Best practice for editing /etc/postfix/master.cf

I'm trying to add the following to /etc/postfix/master.cf where newlines are significant:

sympa unix - n n - - pipe
flags=R user=sympa argv=/home/sympa/bin/queue ${recipient}
sympabounce unix - n n - - pipe
flags=R user=sympa argv=/home/sympa/bin/bouncequeue ${recipient}

I'm doing this from different roles. My mail role adds dspam configuration, and the Sympa role I'm writing would add the above.

lineinfile isn't easy, because I need to treat each line in the above as a separate play. If I just embed newlines in the play, the first line appears multiple times and the second line only once.

I know there's a task that builds a file from snippet templates. Given that this file is appended to by multiple roles, I don't know that this would work.

Is it possible to do this kind of edit in a single task, rather than one task per line? To give an example of the ugliness I'm doing now to add dspam:

- lineinfile: dest=/etc/postfix/master.cf line="dspam unix - n n - 10 pipe" regexp="dspam\w+unix"
   notify:
     - restart postfix
- lineinfile: dest=/etc/postfix/master.cf line=" flags=Ru user=dspam argv=/usr/bin/dspam --deliver=innocent,spam --user $recipient -i -f $sender -- $recipient" regexp="/usr/bin/dspam"
   notify:
     - restart postfix

Thanks.

If you were using the assemble module you would lay down the vairous pieces in something like a /etc/postfix.d/ directory in your various roles and then call your sendmail role last which would merge the fragments into one big list.

I’d probably be inclined to just use a template, but I’m not entirely clear on the logic you’d want to put in that template.

It might be as simple as

{% if ‘xyz’ in group_names %}
{% endif %}

But it might be more complicated, I don’t know.

I’m not really a fan of using lineinfile unless you have a situation where the end user needs to edit some contents on the box and it’s not truly centrally managed with 100% authority, and in those cases, this can potentially get to be slightly error prone.

Ah, hmm, that makes sense. So my mail role would just write out the master.cf template. Is group_names a list of the roles a host is in, and if so, why the difference in terminology?

Is there any way to just append that to the existing /etc/postfix/master.cf rather than build it entirely from scratch? My worry is that I don't want to maintain an entire file whose content may change from Ubuntu release to release. I just want to append my own configuration which will never be present in said file until I put it there. Not sure how that can be possible, but it'd be great if it were.

Hi,

“group_names” is just a list of host groups, has nothing to do with roles.

One approach I am using in such cases (and would like a feedback on it) is, eg. for network configuration:

• name: create interfaces.d directory
  file: path=/etc/network/interfaces.d owner=root group=root mode=0700 state=directory

• name: create 00_ansible in interfaces.d
  template: src=network/interfaces.d/00_ansible.j2 dest=/etc/network/interfaces.d/00_ansible.j2 owner=root group=root mode=0644
  notify:

• assemble interfaces.d

• reload networking

• name: move 10_initial to interfaces.d
  command: /bin/cp -p /etc/network/interfaces /etc/network/interfaces.d/10_initial creates=/etc/network/interfaces.d/10_initial
  notify:

• assemble interfaces.d

• reload networking

So, first create the snippets directory, than put a disclamer (00_ansible) saying that the file is managed by Ansible with instructions where edits should be made, than copy the original interfaces to 10_initial in case the later doesn’t exist (in case this is the initial deployment). Then everywhere I add any network configuration I just add it to interfaces.d directory and notify assemble and reload commands. The assemble module concatenates all snippets together alphabetically and the disclamer is on top.

Greetings,
gw