| ansible/configs/ansible-provisioner/post_software.yml | ●●●●● patch | view | raw | blame | history | |
| ansible/roles/opentlc-integration/defaults/main.yml | ●●●●● patch | view | raw | blame | history | |
| ansible/roles/opentlc-integration/handlers/main.yml | ●●●●● patch | view | raw | blame | history | |
| ansible/roles/opentlc-integration/tasks/main.yml | ●●●●● patch | view | raw | blame | history | |
| ansible/roles/opentlc-integration/tasks/smtp.yml | ●●●●● patch | view | raw | blame | history |
ansible/configs/ansible-provisioner/post_software.yml
@@ -17,16 +17,20 @@ hosts: provisioners become: yes gather_facts: False roles: - role: "{{ ANSIBLE_REPO_PATH }}/roles/opentlc-integration" when: install_opentlc_integration no_log: yes vars_files: - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/mgr_users.yml" - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_vars.yml" - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_secret_vars.yml" tags: [ env-specific, cf_integration ] tasks: - name: Import opentlc-integration role import_role: name: "{{ ANSIBLE_REPO_PATH }}/roles/opentlc-integration" when: install_opentlc_integration|bool vars: install_opentlc_smtp: true no_log: yes - name: Install vim yum: name: vim ansible/roles/opentlc-integration/defaults/main.yml
@@ -1 +1,2 @@ --- install_opentlc_smtp: false ansible/roles/opentlc-integration/handlers/main.yml
@@ -1,2 +1,7 @@ --- # handlers file for bastion - name: restart_postfix service: name: postfix state: restarted ansible/roles/opentlc-integration/tasks/main.yml
@@ -5,6 +5,11 @@ - import_tasks: users.yml - import_tasks: git_repos.yml - import_tasks: at.yml - import_tasks: smtp.yml when: install_opentlc_smtp|bool tags: - postfix - smtp - name: Create ~/bin file: ansible/roles/opentlc-integration/tasks/smtp.yml
New file @@ -0,0 +1,33 @@ --- - name: install postfix package: name: postfix - name: Request and get certs args: creates: /etc/pki/tls/certs/smtp-{{inventory_hostname}}.crt command: >- ipa-getcert request -f /etc/pki/tls/certs/smtp-{{inventory_hostname}}.crt -k /etc/pki/tls/private/smtp-{{inventory_hostname}}.key -g 2048 -K smtp/{{inventory_hostname}} -I {{inventory_hostname}}_SMTP_CERT - name: Create configuration for postfix copy: content: | # Client SSL configuration. Outbound only. #smtp_tls_loglevel = 2 smtp_tls_security_level = encrypt smtp_tls_mandatory_ciphers = high smtp_tls_ciphers = $smtp_tls_mandatory_ciphers smtp_tls_mandatory_protocols = !SSLv2:!SSLv3 smtp_tls_protocols = $smtp_tls_mandatory_protocols smtp_tls_CAfile = /etc/ipa/ca.crt smtp_tls_cert_file = /etc/pki/tls/certs/smtp-{{inventory_hostname}}.crt smtp_tls_key_file = /etc/pki/tls/private/smtp-{{inventory_hostname}}.key # Relay host relayhost = mx00.opentlc.com:19587 smtp_fallback_relay = mx01.opentlc.com:19587 dest: /etc/postfix/main.cf notify: restart_postfix
