From 6780736eb30bedd3feb17479ea0a712a38e120b4 Mon Sep 17 00:00:00 2001 From: Stephen Smoogen Date: Tue, 27 Sep 2016 01:46:38 +0000 Subject: [PATCH 2/2] lets try another go at patching --- roles/base/files/postfix/main.cf/main.cf.gateway | 13 ++++++------- roles/base/tasks/postfix.yml | 24 ++++++++++-------------- 2 files changed, 16 insertions(+), 21 deletions(-) diff --git a/roles/base/files/postfix/main.cf/main.cf.gateway b/roles/base/files/postfix/main.cf/main.cf.gateway index 7a8832a..1ef8dc9 100644 --- a/roles/base/files/postfix/main.cf/main.cf.gateway +++ b/roles/base/files/postfix/main.cf/main.cf.gateway @@ -710,16 +710,15 @@ message_size_limit = 20971520 smtpd_use_tls = yes smtpd_tls_security_level = may smtpd_tls_auth_only = yes -smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3 +smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3 smtpd_tls_mandatory_ciphers = high smtpd_tls_mandatory_exclude_ciphers = aNULL, MD5, RC4 -smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3 tls_ssl_options = no_ticket, no_compression smtpd_tls_loglevel = 1 -smtpd_tls_cert_file = /etc/pki/tls/certs/bastion.fedoraproject.org.csr -smtpd_tls_key_file = /etc/pki/tls/private/bastion.fedoraproject.org.key -smtpd_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt +smtpd_tls_cert_file = /etc/pki/tls/certs/gateway.csr +smtpd_tls_key_file = /etc/pki/tls/private/gateway.key +smtpd_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt smtpd_tls_session_cache_timeout = 3600s smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache smtpd_tls_received_header = yes @@ -739,6 +738,6 @@ smtp_tls_mandatory_protocols = !SSLv2,!SSLv3 smtp_tls_mandatory_ciphers = high smtp_tls_mandatory_exclude_ciphers= aNULL, MD5, RC4 smtp_tls_loglevel = 1 -smtp_tls_cert_file = /etc/pki/tls/certs/bastion.fedoraproject.org.csr -smtp_tls_key_file = /etc/pki/tls/private/bastion.fedoraproject.org.key +smtp_tls_cert_file = /etc/pki/tls/certs/gateway.csr +smtp_tls_key_file = /etc/pki/tls/private/gateway.key smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt diff --git a/roles/base/tasks/postfix.yml b/roles/base/tasks/postfix.yml index 9db1fa7..4b09963 100644 --- a/roles/base/tasks/postfix.yml +++ b/roles/base/tasks/postfix.yml @@ -48,31 +48,27 @@ - config -- name: install /etc/pki/tls/certs/{{name}}.csr - copy: > - src={{item}} - dest=/etc/pki/tls/certs/{{item | basename}} +- name: install /etc/pki/tls/certs/gateway.csr + when: inventory_hostname.startswith(('bastion')) + copy: + src="{{private}}/files/smtpd/gateway.crt" + dest=/etc/pki/tls/certs/ owner=root group=root mode=0644 - with_first_found: - - "{{private}}/files/httpd/{{cert}}.cert" - - "{{private}}/files/httpd/{{name}}.cert" notify: - restart postfix tags: - postfix -- name: Copy {{name}}.key - copy: > - src={{item}} - dest=/etc/pki/tls/private/{{item | basename}} +- name: Copy gateway.key + when: inventory_hostname.startswith(('bastion')) + copy: + src="{{private}}/files/smtpd/gateway.key" + dest=/etc/pki/tls/private/ owner=root group=root mode=0600 - with_first_found: - - "{{private}}/files/httpd/{{key}}.key" - - "{{private}}/files/httpd/{{name}}.key" notify: - restart postfix tags: -- 1.8.3.1