From 6a2caf92a950a0f08610435f24be6f4a6887fe67 Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Tue, 7 Jul 2020 14:25:38 +0200 Subject: [PATCH] dovecot and java-keyring have their own repository now. --- library/roles/dovecot/defaults/main.yml | 19 ----------- library/roles/dovecot/handlers/main.yml | 0 library/roles/dovecot/meta/main.yml | 0 .../roles/dovecot/tasks/dovecot_firewalld.yml | 12 ------- .../dovecot/tasks/dovecot_letsencrypt.yml | 10 ------ library/roles/dovecot/tasks/dovecot_rh.yml | 15 --------- library/roles/dovecot/tasks/main.yml | 8 ----- .../templates/dovecot_letsencrypt_hook.sh.j2 | 5 --- library/roles/dovecot/vars/main.yml | 0 library/roles/java-keyring/defaults/main.yml | 15 --------- library/roles/java-keyring/tasks/main.yml | 32 ------------------- 11 files changed, 116 deletions(-) delete mode 100644 library/roles/dovecot/defaults/main.yml delete mode 100644 library/roles/dovecot/handlers/main.yml delete mode 100644 library/roles/dovecot/meta/main.yml delete mode 100644 library/roles/dovecot/tasks/dovecot_firewalld.yml delete mode 100644 library/roles/dovecot/tasks/dovecot_letsencrypt.yml delete mode 100644 library/roles/dovecot/tasks/dovecot_rh.yml delete mode 100644 library/roles/dovecot/tasks/main.yml delete mode 100644 library/roles/dovecot/templates/dovecot_letsencrypt_hook.sh.j2 delete mode 100644 library/roles/dovecot/vars/main.yml delete mode 100644 library/roles/java-keyring/defaults/main.yml delete mode 100644 library/roles/java-keyring/tasks/main.yml diff --git a/library/roles/dovecot/defaults/main.yml b/library/roles/dovecot/defaults/main.yml deleted file mode 100644 index 9fd290a..0000000 --- a/library/roles/dovecot/defaults/main.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- -dovecot_service_enabled: True -dovecot_rh_pkgs: - - dovecot - - dovecot-pigeonhole - -dovecot_firewalld_services: - - { service: 'pop3', state: 'enabled', zone: '{{ firewalld_default_zone }}' } - - { service: 'pop3s', state: 'enabled', zone: '{{ firewalld_default_zone }}' } - - { service: 'imap', state: 'enabled', zone: '{{ firewalld_default_zone }}' } - - { service: 'imaps', state: 'enabled', zone: '{{ firewalld_default_zone }}' } - -# 24 is LMTP -# 4190 is ManageSieve -dovecot_firewalld_ports: - - { port: 24, protocol: 'tcp', state: 'disabled', zone: '{{ firewalld_default_zone }}' } - - { port: 4190, protocol: 'tcp', state: 'disabled', zone: '{{ firewalld_default_zone }}' } - - diff --git a/library/roles/dovecot/handlers/main.yml b/library/roles/dovecot/handlers/main.yml deleted file mode 100644 index e69de29..0000000 diff --git a/library/roles/dovecot/meta/main.yml b/library/roles/dovecot/meta/main.yml deleted file mode 100644 index e69de29..0000000 diff --git a/library/roles/dovecot/tasks/dovecot_firewalld.yml b/library/roles/dovecot/tasks/dovecot_firewalld.yml deleted file mode 100644 index 1b77cb7..0000000 --- a/library/roles/dovecot/tasks/dovecot_firewalld.yml +++ /dev/null @@ -1,12 +0,0 @@ ---- -- name: Manage the firewalld rules - block: - - name: Manage the dovecot related services - firewalld: service={{ item.service }} zone={{ item.zone }} permanent={{ item.permanent | default(True) }} state={{ item.state }} immediate=True - with_items: '{{ dovecot_firewalld_services }}' - - - name: Manage the dovecot related tcp/udp ports - firewalld: port={{ item.port }}/{{ item.protocol }} zone={{ item.zone }} permanent={{ item.permanent | default(True) }} state={{ item.state }} immediate=True - with_items: '{{ dovecot_firewalld_ports }}' - - tags: [ 'dovecot', 'firewall', 'firewalld', 'iptables', 'iptables_rules' ] diff --git a/library/roles/dovecot/tasks/dovecot_letsencrypt.yml b/library/roles/dovecot/tasks/dovecot_letsencrypt.yml deleted file mode 100644 index d7a2546..0000000 --- a/library/roles/dovecot/tasks/dovecot_letsencrypt.yml +++ /dev/null @@ -1,10 +0,0 @@ ---- -- name: Manage the letsencrypt handler - block: - - name: Create the letsencrypt hooks directory if it is not present - file: dest={{ letsencrypt_acme_services_scripts_dir }} state=directory owner=root group=root mode=0755 - - - name: Install the dovecot letsencrypt hook - template: src=dovecot_letsencrypt_hook.sh.j2 dest={{ letsencrypt_acme_services_scripts_dir }}/dovecot owner=root group=root mode=0750 - - tags: [ 'dovecot', 'imap', 'letsencrypt' ] diff --git a/library/roles/dovecot/tasks/dovecot_rh.yml b/library/roles/dovecot/tasks/dovecot_rh.yml deleted file mode 100644 index 5916b70..0000000 --- a/library/roles/dovecot/tasks/dovecot_rh.yml +++ /dev/null @@ -1,15 +0,0 @@ ---- -- name: Install the dovecot packages and start the service - block: - - name: Install the dovecot packages - yum: pkg={{ dovecot_rh_pkgs }} - - - name: Ensure that the service is started and enabled - service: name=dovecot state=started enabled=yes - when: dovecot_service_enabled | bool - - - name: Stop and disable the dovecot service - service: name=dovecot state=stopped enabled=no - when: not dovecot_service_enabled | bool - - tags: [ 'dovecot', 'imap' ] diff --git a/library/roles/dovecot/tasks/main.yml b/library/roles/dovecot/tasks/main.yml deleted file mode 100644 index d99368f..0000000 --- a/library/roles/dovecot/tasks/main.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -- import_tasks: dovecot_rh.yml - when: ansible_distribution_file_variety == "RedHat" -- import_tasks: dovecot_firewalld.yml - when: firewalld_enabled is defined and firewalld_enabled | bool -- import_tasks: dovecot_letsencrypt.yml - when: letsencrypt_acme_install is defined and letsencrypt_acme_install | bool - diff --git a/library/roles/dovecot/templates/dovecot_letsencrypt_hook.sh.j2 b/library/roles/dovecot/templates/dovecot_letsencrypt_hook.sh.j2 deleted file mode 100644 index 02f0e44..0000000 --- a/library/roles/dovecot/templates/dovecot_letsencrypt_hook.sh.j2 +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/bash - -/bin/systemctl reload dovecot > {{ letsencrypt_acme_sh_log_dir }}/dovecot.log 2>&1 - -exit $? diff --git a/library/roles/dovecot/vars/main.yml b/library/roles/dovecot/vars/main.yml deleted file mode 100644 index e69de29..0000000 diff --git a/library/roles/java-keyring/defaults/main.yml b/library/roles/java-keyring/defaults/main.yml deleted file mode 100644 index 4a38161..0000000 --- a/library/roles/java-keyring/defaults/main.yml +++ /dev/null @@ -1,15 +0,0 @@ ---- -java_keyring_use_default: False -java_default_keyring: '{{ jdk_java_home }}/jre/lib/security/cacerts' -java_keyring_dir: "{{ pki_dir | default('/etc/pki') }}/jdk" -#java_keyring_file: '{{ java_default_keyring }}' -java_keyring_file: '{{ java_keyring_dir }}/java.jks' -java_keytool_bin: '{{ jdk_java_home }}/jre/bin/keytool' - -#java_keyring_certs_list: [] -java_keyring_cert_alias: '{{ ansible_fqdn }}' -# This is the default java password. No need to hide it. -# Change it inside a vault file if you need something good -java_keyring_pwd: changeit -java_keyring_letsencrypt_trusted_ca: identrustdstx3 -java_import_letsencrypt_cert: True diff --git a/library/roles/java-keyring/tasks/main.yml b/library/roles/java-keyring/tasks/main.yml deleted file mode 100644 index f6a03c9..0000000 --- a/library/roles/java-keyring/tasks/main.yml +++ /dev/null @@ -1,32 +0,0 @@ ---- -- block: - - name: Create the PKI directory - file: dest={{ java_keyring_dir }} state=directory owner=root group=root mode=0755 - - when: not java_keyring_use_default - tags: java_keyring - -- block: - - name: Import the certificates - shell: RETVAL= ; {{ java_keytool_bin }} -list -keystore {{ java_keyring_file }} -storepass {{ java_keyring_pwd }} -noprompt | grep {{ item.alias }} ; RETVAL=$? ; if [ $RETVAL -ne 0 ] ; then {{ java_keytool_bin }} -trustcacerts -keystore {{ java_keyring_file }} -storepass {{ java_keyring_pwd }} -noprompt -importcert -alias {{ item.alias }} -file {{ item.certfile }} ; fi - with_items: '{{ java_keyring_certs_list | default([]) }}' - - - name: Import the certificate key - shell: RETVAL= ; {{ java_keytool_bin }} -import -alias NOME -keyalg RSA -keystore {{ java_keyring_file }} -dname "CN={{ ansible_fqdn }}" -keypass {{ java_keyring_pwd }} -storepass {{ java_keyring_pwd }} -file {{ item.keyfile }} - with_items: '{{ java_keyring_certs_list | default([]) }}' - - when: java_keyring_certs_list is defined - tags: java_keyring - -- block: - - name: Import the Letsencrypt intermediate CA cert - shell: RETVAL= ; {{ java_keytool_bin }} -list -keystore {{ java_keyring_file }} -storepass {{ java_keyring_pwd }} -noprompt | grep {{ java_keyring_letsencrypt_trusted_ca }} ; RETVAL=$? ; if [ $RETVAL -ne 0 ] ; then {{ java_keytool_bin }} -trustcacerts -keystore {{ java_keyring_file }} -storepass {{ java_keyring_pwd }} -noprompt -importcert -alias {{ java_keyring_letsencrypt_trusted_ca }} -dname "CN={{ ansible_fqdn }}" -file {{ letsencrypt_acme_certs_dir }}/chain ; fi - - - name: Import the letsencrypt certificate - shell: RETVAL= ; {{ java_keytool_bin }} -list -keystore {{ java_keyring_file }} -storepass {{ java_keyring_pwd }} -noprompt | grep {{ ansible_fqdn }} ; RETVAL=$? ; if [ $RETVAL -ne 0 ] ; then openssl pkcs12 -export -in {{ letsencrypt_acme_certs_dir }}/cert -inkey {{ letsencrypt_acme_certs_dir }}/privkey -CAfile {{ letsencrypt_acme_certs_dir }}/chain -name "{{ ansible_fqdn }}" -out /var/tmp/{{ ansible_fqdn }}.p12 -password pass:{{ java_keyring_pwd }} ; {{ java_keytool_bin }} -importkeystore -srcstorepass {{ java_keyring_pwd }} -deststorepass {{ java_keyring_pwd }} -destkeystore {{ java_keyring_file }} -srckeystore /var/tmp/{{ ansible_fqdn }}.p12 -srcstoretype PKCS12 ; rm -f /var/tmp/{{ ansible_fqdn }}.p12 ; fi - - when: - - java_import_letsencrypt_cert - - letsencrypt_acme_install is defined and letsencrypt_acme_install - tags: java_keyring -