fripost-ansible - Fripost ansible scripts

	Commit message (Collapse)	Author	Age	Files
*	Perform the alias resolution and address validation solely on the MX:es.	Guilhem Moulin	2015-06-07	1
\| \| \| \| \|	We can therefore spare some lookups on the MDA, and use static:all instead.
*	Replace IPSec tunnels by app-level ephemeral TLS sessions.	Guilhem Moulin	2015-06-07	1
\| \| \| \| \|	For some reason giraff doesn't like IPSec. App-level TLS sessions are less efficient, but thanks to ansible it still scales well.
*	Assume a DNS entry for each role.	Guilhem Moulin	2015-06-07	1
\| \| \| \| \| \|	E.g., ldap.fripost.org, ntp.fripost.org, etc. (Ideally the DNS zone would be provisioned by ansible, too.) It's a bit unclear how to index the subdomains (mx{1,2,3}, etc), though.
*	Decongestion potential bottlenecks on trivial_rewrite(8).	Guilhem Moulin	2015-06-07	1
	Which might be caused by slow LDAP lookups in transport_maps. Instead, we alias each addresses for which we want a custom transport to a dedicated "dummy" domain, and use a static (CDB) transport_maps to map said domains to their transport; the receiver can then use canonical(8) to restore the original envelope recipient. Since the alias resolution is performed by cleanup(8), which can run in parallel with other instances, it should decongestion bottlenecks under heavy loads. So far only the MX:es have been decongestioned. The list manager and the MDA should be treated as well.