4a6cb460ca
We have moved over to the rdu mainframe, drop all the bos kvm hosts. Signed-off-by: Kevin Fenzi <kevin@scrye.com>
109 lines
3 KiB
YAML
109 lines
3 KiB
YAML
- name: /etc/postfix/main.cf
|
|
copy: src={{ item }} dest=/etc/postfix/main.cf
|
|
with_first_found:
|
|
- "{{ postfix_maincf }}"
|
|
- "postfix/main.cf/main.cf.{{ ansible_fqdn }}"
|
|
- "postfix/main.cf/main.cf.{{ inventory_hostname }}"
|
|
- "postfix/main.cf/main.cf.{{ host_group }}"
|
|
- "postfix/main.cf/main.cf.{{ postfix_group }}"
|
|
- "postfix/main.cf/main.cf.{{ datacenter }}"
|
|
- "postfix/main.cf/main.cf"
|
|
notify:
|
|
- restart postfix
|
|
tags:
|
|
- postfix
|
|
- config
|
|
- base
|
|
- smtp_auth_relay
|
|
|
|
- name: install /etc/postfix/master.cf file
|
|
copy: src={{ item }} dest=/etc/postfix/master.cf mode=0644
|
|
with_first_found:
|
|
- "postfix/master.cf/master.cf.{{ inventory_hostname }}"
|
|
- "postfix/master.cf/master.cf.{{ host_group }}"
|
|
- "postfix/master.cf/master.cf.{{ postfix_group }}"
|
|
- "postfix/master.cf/master.cf"
|
|
when: inventory_hostname.startswith(('smtp-mm', 'mailman', 'noc02', 'bastion', 'smtp-auth'))
|
|
notify:
|
|
- restart postfix
|
|
tags:
|
|
- postfix
|
|
- config
|
|
- base
|
|
|
|
- name: Deploy sender_access file
|
|
copy: src="{{private}}/files/smtpd/sender_access.{{postfix_group}}" dest="/etc/postfix/sender_access"
|
|
when: postfix_group == "smtp-mm" or postfix_group == "mailman" or postfix_group == "gateway"
|
|
notify:
|
|
- restart postfix
|
|
tags:
|
|
- postfix
|
|
- config
|
|
- base
|
|
|
|
- name: work around s390 privatedevices bug
|
|
ini_file:
|
|
path: /usr/lib/systemd/system/postfix.service
|
|
section: Service
|
|
option: PrivateDevices
|
|
value: false
|
|
notify:
|
|
- reload systemd
|
|
when: inventory_hostname.startswith(('buildvm-s390x'))
|
|
tags:
|
|
- postfix
|
|
- config
|
|
- base
|
|
|
|
- name: enable postfix to start
|
|
service: name=postfix state=started enabled=true
|
|
tags:
|
|
- service
|
|
- base
|
|
|
|
- name: install /etc/postfix/transport file
|
|
copy: src="postfix/{{ postfix_transport_filename }}" dest=/etc/postfix/transport
|
|
when: inventory_hostname.startswith(('smtp-mm','bastion','noc02')) and env != 'staging'
|
|
notify:
|
|
- rebuild postfix transport
|
|
- restart postfix
|
|
tags:
|
|
- postfix
|
|
- base
|
|
- config
|
|
|
|
- name: install /etc/postfix/bysender file
|
|
copy: src="postfix/bysender" dest=/etc/postfix/bysender
|
|
when: inventory_hostname.startswith(('bastion')) and env != 'staging'
|
|
notify:
|
|
- rebuild postfix bysender
|
|
- restart postfix
|
|
tags:
|
|
- postfix
|
|
- base
|
|
- config
|
|
|
|
- name: create /etc/postfix/tls_policy
|
|
copy: src="postfix/tls_policy" dest=/etc/postfix/tls_policy
|
|
when: inventory_hostname.startswith(('bastion','smtp-mm','pagure')) and env != 'staging'
|
|
notify:
|
|
- rebuild postfix tls_policy
|
|
- restart postfix
|
|
tags:
|
|
- postfix
|
|
|
|
# Install gateway tls cert as a pem file.
|
|
# This has: private key, then cert, then intermediate cert
|
|
# This cert is a digicert one, renew it there.
|
|
- name: install /etc/pki/tls/private/gateway-chain.pem
|
|
copy:
|
|
src="{{private}}/files/smtpd/gateway-chain.pem"
|
|
dest=/etc/pki/tls/private/gateway-chain.pem
|
|
owner=root
|
|
group=root
|
|
mode=0600
|
|
when: inventory_hostname.startswith(('bastion','smtp-mm')) and env != 'staging'
|
|
notify:
|
|
- restart postfix
|
|
tags:
|
|
- postfix
|