infrastructure/ansible
1
0
Fork 0
Code Pull requests 7 Activity Actions
ansible/0002-lets-try-another-go-at-patching.patch
Stephen Smoogen 379340b456 and put in the items kevin asked for.
2016-09-27 03:00:03 +00:00

93 lines
3.3 KiB
Diff
Raw Blame History

From 6780736eb30bedd3feb17479ea0a712a38e120b4 Mon Sep 17 00:00:00 2001
From: Stephen Smoogen <smooge@redhat.com>
Date: Tue, 27 Sep 2016 01:46:38 +0000
Subject: [PATCH 2/2] lets try another go at patching
---
roles/base/files/postfix/main.cf/main.cf.gateway | 13 ++++++-------
roles/base/tasks/postfix.yml | 24 ++++++++++--------------
2 files changed, 16 insertions(+), 21 deletions(-)
diff --git a/roles/base/files/postfix/main.cf/main.cf.gateway b/roles/base/files/postfix/main.cf/main.cf.gateway
index 7a8832a..1ef8dc9 100644
--- a/roles/base/files/postfix/main.cf/main.cf.gateway
+++ b/roles/base/files/postfix/main.cf/main.cf.gateway
@@ -710,16 +710,15 @@ message_size_limit = 20971520
smtpd_use_tls = yes
smtpd_tls_security_level = may
smtpd_tls_auth_only = yes
-smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3
+smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
smtpd_tls_mandatory_ciphers = high
smtpd_tls_mandatory_exclude_ciphers = aNULL, MD5, RC4
-smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
tls_ssl_options = no_ticket, no_compression
smtpd_tls_loglevel = 1
-smtpd_tls_cert_file = /etc/pki/tls/certs/bastion.fedoraproject.org.csr
-smtpd_tls_key_file = /etc/pki/tls/private/bastion.fedoraproject.org.key
-smtpd_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt
+smtpd_tls_cert_file = /etc/pki/tls/certs/gateway.csr
+smtpd_tls_key_file = /etc/pki/tls/private/gateway.key
+smtpd_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt
smtpd_tls_session_cache_timeout = 3600s
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
smtpd_tls_received_header = yes
@@ -739,6 +738,6 @@ smtp_tls_mandatory_protocols = !SSLv2,!SSLv3
smtp_tls_mandatory_ciphers = high
smtp_tls_mandatory_exclude_ciphers= aNULL, MD5, RC4
smtp_tls_loglevel = 1
-smtp_tls_cert_file = /etc/pki/tls/certs/bastion.fedoraproject.org.csr
-smtp_tls_key_file = /etc/pki/tls/private/bastion.fedoraproject.org.key
+smtp_tls_cert_file = /etc/pki/tls/certs/gateway.csr
+smtp_tls_key_file = /etc/pki/tls/private/gateway.key
smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt
diff --git a/roles/base/tasks/postfix.yml b/roles/base/tasks/postfix.yml
index 9db1fa7..4b09963 100644
--- a/roles/base/tasks/postfix.yml
+++ b/roles/base/tasks/postfix.yml
@@ -48,31 +48,27 @@
- config
-- name: install /etc/pki/tls/certs/{{name}}.csr
- copy: >
- src={{item}}
- dest=/etc/pki/tls/certs/{{item | basename}}
+- name: install /etc/pki/tls/certs/gateway.csr
+ when: inventory_hostname.startswith(('bastion'))
+ copy:
+ src="{{private}}/files/smtpd/gateway.crt"
+ dest=/etc/pki/tls/certs/
owner=root
group=root
mode=0644
- with_first_found:
- - "{{private}}/files/httpd/{{cert}}.cert"
- - "{{private}}/files/httpd/{{name}}.cert"
notify:
- restart postfix
tags:
- postfix
-- name: Copy {{name}}.key
- copy: >
- src={{item}}
- dest=/etc/pki/tls/private/{{item | basename}}
+- name: Copy gateway.key
+ when: inventory_hostname.startswith(('bastion'))
+ copy:
+ src="{{private}}/files/smtpd/gateway.key"
+ dest=/etc/pki/tls/private/
owner=root
group=root
mode=0600
- with_first_found:
- - "{{private}}/files/httpd/{{key}}.key"
- - "{{private}}/files/httpd/{{name}}.key"
notify:
- restart postfix
tags:
--
1.8.3.1
View git blame Copy permalink