Closed Bug 1008697 Opened 11 years ago Closed 11 years ago

Need a motd or profile.d banner on zmmta machines warning that the core postfix programs aren't to be used

Categories

(Infrastructure & Operations Graveyard :: Infrastructure: Zimbra, task)

Product:
Infrastructure & Operations Graveyard
Component:
Infrastructure: Zimbra
Platform:
x86_64
Linux
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: justdave, Assigned: bhourigan)

Details

We should put a motd or profile.d banner on the zmmta machines warning that the core postfix programs aren't to be used, and pointing at the ones that are part of zimbra instead, so that oncall doesn't try to mess with the wrong instance of postfix when things are alerting.
Can't the core postfix programs just be replaced with links to the right ones in puppet?
many of the postfix utilities need to be run as the zimbra user and not as root, also.
Changing the links is probably a good idea. We could probably remove postfix if there were links to the right binaries so cronmail would work. Except that I think various other RHEL packages depend on a mail server being present and probably don't know that Zimbra is one...
[root@zmmta1.stage.mail.corp.phx1 ~]# rpm -e postfix error: Failed dependencies: /usr/bin/mailq is needed by (installed) nagios-plugins-mailq-1.4.16-10.el6.x86_64 /usr/sbin/sendmail is needed by (installed) cronie-1.4.4-12.el6.x86_64 /usr/sbin/sendmail is needed by (installed) redhat-lsb-core-4.0-7.el6.x86_64 So we need /usr/bin/mailq and /usr/sbin/sendmail to be provided *by an RPM* on the system in order to remove postfix. It should be relatively simple to build an rpm that conflicts with postfix and does nothing but provide these as symlinks to the zimbra equivalents
Actually, if we make it so it obsoletes postfix instead of conflicting with it, then yum will automatically remove postfix as it's installed instead of us having to temporarily break all of the dependencies to do it.
/usr/bin/mailq and /usr/sbin/sendmail are already managed by RHEL's alternatives system. So we don't even need to conflict, just provide alternative entries for them and it can be installed at the same time (and then remove postfix and the symlinks will automatically re-route to the remaining provider)
[root@zmmta1.stage.mail.corp.phx1 ~]# alternatives --display mta mta - status is auto. link currently points to /usr/sbin/sendmail.postfix /usr/sbin/sendmail.postfix - priority 30 slave mta-pam: /etc/pam.d/smtp.postfix slave mta-mailq: /usr/bin/mailq.postfix slave mta-newaliases: /usr/bin/newaliases.postfix slave mta-rmail: /usr/bin/rmail.postfix slave mta-sendmail: /usr/lib/sendmail.postfix slave mta-mailqman: /usr/share/man/man1/mailq.postfix.1.gz slave mta-newaliasesman: /usr/share/man/man1/newaliases.postfix.1.gz slave mta-aliasesman: /usr/share/man/man5/aliases.postfix.5.gz slave mta-sendmailman: /usr/share/man/man1/sendmail.postfix.1.gz Current `best' version is /usr/sbin/sendmail.postfix.
The decision for this is to not set alternatives but to actually just create a motd for this.
Shipped a profile.d warning in r88052, added some logic to prevent duplicate warnings in r88053. $ ssh -A -l bhourigan zmmta1.mail.corp.phx1.mozilla.com Last login: Tue May 27 20:17:43 2014 from 10.22.248.158 WARNING: Core postfix programs are not to be used. Please use the tools shipped with Zimbra. Please see bug 1008697 for more information. Please let me know if the message needs to include any additional information
Assignee: infra → bhourigan
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Product: Infrastructure & Operations → Infrastructure & Operations Graveyard
You need to log in before you can comment on or make changes to this bug.