diff options
author | Micah <micah@leap.se> | 2016-01-19 12:01:34 -0500 |
---|---|---|
committer | Micah <micah@leap.se> | 2016-01-21 10:46:49 -0500 |
commit | d87a8787908fb1c82901d9611a971c9bed0a3907 (patch) | |
tree | c082b17099b1bafbbb2644814eed82c8f5a17658 /puppet/modules | |
parent | 0deb88f11e548b7b6bb03fce4b0b2483f80a8d98 (diff) |
Make sure the certs are installed for all smtp tls clients, thus
ensuring the satellite hosts are setup properly (#7611)
Change-Id: I9dce57c305a6fd6a39596a941174fe1879af5e4f
Diffstat (limited to 'puppet/modules')
-rw-r--r-- | puppet/modules/site_postfix/manifests/mx.pp | 7 | ||||
-rw-r--r-- | puppet/modules/site_postfix/manifests/mx/smtp_tls.pp | 4 | ||||
-rw-r--r-- | puppet/modules/site_postfix/manifests/mx/smtpd_tls.pp | 2 |
3 files changed, 9 insertions, 4 deletions
diff --git a/puppet/modules/site_postfix/manifests/mx.pp b/puppet/modules/site_postfix/manifests/mx.pp index d456baf3..cd493807 100644 --- a/puppet/modules/site_postfix/manifests/mx.pp +++ b/puppet/modules/site_postfix/manifests/mx.pp @@ -49,10 +49,9 @@ class site_postfix::mx { value => 'static:42424'; 'virtual_gid_maps': value => 'static:42424'; - 'smtpd_tls_received_header': - value => 'yes'; - # the following is needed for matching user's client cert fingerprints to - # enable relaying (#3634) + # the two following configs are needed for matching user's client cert + # fingerprints to enable relaying (#3634). Satellites do not have + # these configured. 'smtpd_tls_fingerprint_digest': value => 'sha1'; 'relay_clientcerts': diff --git a/puppet/modules/site_postfix/manifests/mx/smtp_tls.pp b/puppet/modules/site_postfix/manifests/mx/smtp_tls.pp index d56f6b54..4eb80dd6 100644 --- a/puppet/modules/site_postfix/manifests/mx/smtp_tls.pp +++ b/puppet/modules/site_postfix/manifests/mx/smtp_tls.pp @@ -2,10 +2,14 @@ class site_postfix::mx::smtp_tls { include site_config::x509::ca include x509::variables + $cert_name = hiera('name') $ca_path = "${x509::variables::local_CAs}/${site_config::params::ca_name}.crt" $cert_path = "${x509::variables::certs}/${site_config::params::cert_name}.crt" $key_path = "${x509::variables::keys}/${site_config::params::cert_name}.key" + include site_config::x509::cert + include site_config::x509::key + # smtp TLS postfix::config { 'smtp_use_tls': value => 'yes'; diff --git a/puppet/modules/site_postfix/manifests/mx/smtpd_tls.pp b/puppet/modules/site_postfix/manifests/mx/smtpd_tls.pp index 0809c75f..9fed3874 100644 --- a/puppet/modules/site_postfix/manifests/mx/smtpd_tls.pp +++ b/puppet/modules/site_postfix/manifests/mx/smtpd_tls.pp @@ -12,6 +12,8 @@ class site_postfix::mx::smtpd_tls { 'smtpd_tls_cert_file': value => $cert_path; 'smtpd_tls_key_file': value => $key_path; 'smtpd_tls_ask_ccert': value => 'yes'; + 'smtpd_tls_received_header': + value => 'yes'; 'smtpd_tls_security_level': value => 'may'; 'smtpd_tls_eecdh_grade': |