forked from ISTI-ansible-roles/ansible-roles
Merge pull request 'dovecot and java-keyring have their own repository now.' (#222) from adellam/ansible-roles:master into master
This commit is contained in:
commit
cdebca11a7
|
@ -1,19 +0,0 @@
|
||||||
---
|
|
||||||
dovecot_service_enabled: True
|
|
||||||
dovecot_rh_pkgs:
|
|
||||||
- dovecot
|
|
||||||
- dovecot-pigeonhole
|
|
||||||
|
|
||||||
dovecot_firewalld_services:
|
|
||||||
- { service: 'pop3', state: 'enabled', zone: '{{ firewalld_default_zone }}' }
|
|
||||||
- { service: 'pop3s', state: 'enabled', zone: '{{ firewalld_default_zone }}' }
|
|
||||||
- { service: 'imap', state: 'enabled', zone: '{{ firewalld_default_zone }}' }
|
|
||||||
- { service: 'imaps', state: 'enabled', zone: '{{ firewalld_default_zone }}' }
|
|
||||||
|
|
||||||
# 24 is LMTP
|
|
||||||
# 4190 is ManageSieve
|
|
||||||
dovecot_firewalld_ports:
|
|
||||||
- { port: 24, protocol: 'tcp', state: 'disabled', zone: '{{ firewalld_default_zone }}' }
|
|
||||||
- { port: 4190, protocol: 'tcp', state: 'disabled', zone: '{{ firewalld_default_zone }}' }
|
|
||||||
|
|
||||||
|
|
|
@ -1,12 +0,0 @@
|
||||||
---
|
|
||||||
- name: Manage the firewalld rules
|
|
||||||
block:
|
|
||||||
- name: Manage the dovecot related services
|
|
||||||
firewalld: service={{ item.service }} zone={{ item.zone }} permanent={{ item.permanent | default(True) }} state={{ item.state }} immediate=True
|
|
||||||
with_items: '{{ dovecot_firewalld_services }}'
|
|
||||||
|
|
||||||
- name: Manage the dovecot related tcp/udp ports
|
|
||||||
firewalld: port={{ item.port }}/{{ item.protocol }} zone={{ item.zone }} permanent={{ item.permanent | default(True) }} state={{ item.state }} immediate=True
|
|
||||||
with_items: '{{ dovecot_firewalld_ports }}'
|
|
||||||
|
|
||||||
tags: [ 'dovecot', 'firewall', 'firewalld', 'iptables', 'iptables_rules' ]
|
|
|
@ -1,10 +0,0 @@
|
||||||
---
|
|
||||||
- name: Manage the letsencrypt handler
|
|
||||||
block:
|
|
||||||
- name: Create the letsencrypt hooks directory if it is not present
|
|
||||||
file: dest={{ letsencrypt_acme_services_scripts_dir }} state=directory owner=root group=root mode=0755
|
|
||||||
|
|
||||||
- name: Install the dovecot letsencrypt hook
|
|
||||||
template: src=dovecot_letsencrypt_hook.sh.j2 dest={{ letsencrypt_acme_services_scripts_dir }}/dovecot owner=root group=root mode=0750
|
|
||||||
|
|
||||||
tags: [ 'dovecot', 'imap', 'letsencrypt' ]
|
|
|
@ -1,15 +0,0 @@
|
||||||
---
|
|
||||||
- name: Install the dovecot packages and start the service
|
|
||||||
block:
|
|
||||||
- name: Install the dovecot packages
|
|
||||||
yum: pkg={{ dovecot_rh_pkgs }}
|
|
||||||
|
|
||||||
- name: Ensure that the service is started and enabled
|
|
||||||
service: name=dovecot state=started enabled=yes
|
|
||||||
when: dovecot_service_enabled | bool
|
|
||||||
|
|
||||||
- name: Stop and disable the dovecot service
|
|
||||||
service: name=dovecot state=stopped enabled=no
|
|
||||||
when: not dovecot_service_enabled | bool
|
|
||||||
|
|
||||||
tags: [ 'dovecot', 'imap' ]
|
|
|
@ -1,8 +0,0 @@
|
||||||
---
|
|
||||||
- import_tasks: dovecot_rh.yml
|
|
||||||
when: ansible_distribution_file_variety == "RedHat"
|
|
||||||
- import_tasks: dovecot_firewalld.yml
|
|
||||||
when: firewalld_enabled is defined and firewalld_enabled | bool
|
|
||||||
- import_tasks: dovecot_letsencrypt.yml
|
|
||||||
when: letsencrypt_acme_install is defined and letsencrypt_acme_install | bool
|
|
||||||
|
|
|
@ -1,5 +0,0 @@
|
||||||
#!/bin/bash
|
|
||||||
|
|
||||||
/bin/systemctl reload dovecot > {{ letsencrypt_acme_sh_log_dir }}/dovecot.log 2>&1
|
|
||||||
|
|
||||||
exit $?
|
|
|
@ -1,15 +0,0 @@
|
||||||
---
|
|
||||||
java_keyring_use_default: False
|
|
||||||
java_default_keyring: '{{ jdk_java_home }}/jre/lib/security/cacerts'
|
|
||||||
java_keyring_dir: "{{ pki_dir | default('/etc/pki') }}/jdk"
|
|
||||||
#java_keyring_file: '{{ java_default_keyring }}'
|
|
||||||
java_keyring_file: '{{ java_keyring_dir }}/java.jks'
|
|
||||||
java_keytool_bin: '{{ jdk_java_home }}/jre/bin/keytool'
|
|
||||||
|
|
||||||
#java_keyring_certs_list: []
|
|
||||||
java_keyring_cert_alias: '{{ ansible_fqdn }}'
|
|
||||||
# This is the default java password. No need to hide it.
|
|
||||||
# Change it inside a vault file if you need something good
|
|
||||||
java_keyring_pwd: changeit
|
|
||||||
java_keyring_letsencrypt_trusted_ca: identrustdstx3
|
|
||||||
java_import_letsencrypt_cert: True
|
|
|
@ -1,32 +0,0 @@
|
||||||
---
|
|
||||||
- block:
|
|
||||||
- name: Create the PKI directory
|
|
||||||
file: dest={{ java_keyring_dir }} state=directory owner=root group=root mode=0755
|
|
||||||
|
|
||||||
when: not java_keyring_use_default
|
|
||||||
tags: java_keyring
|
|
||||||
|
|
||||||
- block:
|
|
||||||
- name: Import the certificates
|
|
||||||
shell: RETVAL= ; {{ java_keytool_bin }} -list -keystore {{ java_keyring_file }} -storepass {{ java_keyring_pwd }} -noprompt | grep {{ item.alias }} ; RETVAL=$? ; if [ $RETVAL -ne 0 ] ; then {{ java_keytool_bin }} -trustcacerts -keystore {{ java_keyring_file }} -storepass {{ java_keyring_pwd }} -noprompt -importcert -alias {{ item.alias }} -file {{ item.certfile }} ; fi
|
|
||||||
with_items: '{{ java_keyring_certs_list | default([]) }}'
|
|
||||||
|
|
||||||
- name: Import the certificate key
|
|
||||||
shell: RETVAL= ; {{ java_keytool_bin }} -import -alias NOME -keyalg RSA -keystore {{ java_keyring_file }} -dname "CN={{ ansible_fqdn }}" -keypass {{ java_keyring_pwd }} -storepass {{ java_keyring_pwd }} -file {{ item.keyfile }}
|
|
||||||
with_items: '{{ java_keyring_certs_list | default([]) }}'
|
|
||||||
|
|
||||||
when: java_keyring_certs_list is defined
|
|
||||||
tags: java_keyring
|
|
||||||
|
|
||||||
- block:
|
|
||||||
- name: Import the Letsencrypt intermediate CA cert
|
|
||||||
shell: RETVAL= ; {{ java_keytool_bin }} -list -keystore {{ java_keyring_file }} -storepass {{ java_keyring_pwd }} -noprompt | grep {{ java_keyring_letsencrypt_trusted_ca }} ; RETVAL=$? ; if [ $RETVAL -ne 0 ] ; then {{ java_keytool_bin }} -trustcacerts -keystore {{ java_keyring_file }} -storepass {{ java_keyring_pwd }} -noprompt -importcert -alias {{ java_keyring_letsencrypt_trusted_ca }} -dname "CN={{ ansible_fqdn }}" -file {{ letsencrypt_acme_certs_dir }}/chain ; fi
|
|
||||||
|
|
||||||
- name: Import the letsencrypt certificate
|
|
||||||
shell: RETVAL= ; {{ java_keytool_bin }} -list -keystore {{ java_keyring_file }} -storepass {{ java_keyring_pwd }} -noprompt | grep {{ ansible_fqdn }} ; RETVAL=$? ; if [ $RETVAL -ne 0 ] ; then openssl pkcs12 -export -in {{ letsencrypt_acme_certs_dir }}/cert -inkey {{ letsencrypt_acme_certs_dir }}/privkey -CAfile {{ letsencrypt_acme_certs_dir }}/chain -name "{{ ansible_fqdn }}" -out /var/tmp/{{ ansible_fqdn }}.p12 -password pass:{{ java_keyring_pwd }} ; {{ java_keytool_bin }} -importkeystore -srcstorepass {{ java_keyring_pwd }} -deststorepass {{ java_keyring_pwd }} -destkeystore {{ java_keyring_file }} -srckeystore /var/tmp/{{ ansible_fqdn }}.p12 -srcstoretype PKCS12 ; rm -f /var/tmp/{{ ansible_fqdn }}.p12 ; fi
|
|
||||||
|
|
||||||
when:
|
|
||||||
- java_import_letsencrypt_cert
|
|
||||||
- letsencrypt_acme_install is defined and letsencrypt_acme_install
|
|
||||||
tags: java_keyring
|
|
||||||
|
|
Loading…
Reference in New Issue