summaryrefslogtreecommitdiff
path: root/puppet
diff options
context:
space:
mode:
authorMicah <micah@leap.se>2016-01-19 12:01:34 -0500
committerMicah <micah@leap.se>2016-01-21 10:46:49 -0500
commitd87a8787908fb1c82901d9611a971c9bed0a3907 (patch)
treec082b17099b1bafbbb2644814eed82c8f5a17658 /puppet
parent0deb88f11e548b7b6bb03fce4b0b2483f80a8d98 (diff)
Make sure the certs are installed for all smtp tls clients, thus
ensuring the satellite hosts are setup properly (#7611) Change-Id: I9dce57c305a6fd6a39596a941174fe1879af5e4f
Diffstat (limited to 'puppet')
-rw-r--r--puppet/modules/site_postfix/manifests/mx.pp7
-rw-r--r--puppet/modules/site_postfix/manifests/mx/smtp_tls.pp4
-rw-r--r--puppet/modules/site_postfix/manifests/mx/smtpd_tls.pp2
3 files changed, 9 insertions, 4 deletions
diff --git a/puppet/modules/site_postfix/manifests/mx.pp b/puppet/modules/site_postfix/manifests/mx.pp
index d456baf3..cd493807 100644
--- a/puppet/modules/site_postfix/manifests/mx.pp
+++ b/puppet/modules/site_postfix/manifests/mx.pp
@@ -49,10 +49,9 @@ class site_postfix::mx {
value => 'static:42424';
'virtual_gid_maps':
value => 'static:42424';
- 'smtpd_tls_received_header':
- value => 'yes';
- # the following is needed for matching user's client cert fingerprints to
- # enable relaying (#3634)
+ # the two following configs are needed for matching user's client cert
+ # fingerprints to enable relaying (#3634). Satellites do not have
+ # these configured.
'smtpd_tls_fingerprint_digest':
value => 'sha1';
'relay_clientcerts':
diff --git a/puppet/modules/site_postfix/manifests/mx/smtp_tls.pp b/puppet/modules/site_postfix/manifests/mx/smtp_tls.pp
index d56f6b54..4eb80dd6 100644
--- a/puppet/modules/site_postfix/manifests/mx/smtp_tls.pp
+++ b/puppet/modules/site_postfix/manifests/mx/smtp_tls.pp
@@ -2,10 +2,14 @@ class site_postfix::mx::smtp_tls {
include site_config::x509::ca
include x509::variables
+ $cert_name = hiera('name')
$ca_path = "${x509::variables::local_CAs}/${site_config::params::ca_name}.crt"
$cert_path = "${x509::variables::certs}/${site_config::params::cert_name}.crt"
$key_path = "${x509::variables::keys}/${site_config::params::cert_name}.key"
+ include site_config::x509::cert
+ include site_config::x509::key
+
# smtp TLS
postfix::config {
'smtp_use_tls': value => 'yes';
diff --git a/puppet/modules/site_postfix/manifests/mx/smtpd_tls.pp b/puppet/modules/site_postfix/manifests/mx/smtpd_tls.pp
index 0809c75f..9fed3874 100644
--- a/puppet/modules/site_postfix/manifests/mx/smtpd_tls.pp
+++ b/puppet/modules/site_postfix/manifests/mx/smtpd_tls.pp
@@ -12,6 +12,8 @@ class site_postfix::mx::smtpd_tls {
'smtpd_tls_cert_file': value => $cert_path;
'smtpd_tls_key_file': value => $key_path;
'smtpd_tls_ask_ccert': value => 'yes';
+ 'smtpd_tls_received_header':
+ value => 'yes';
'smtpd_tls_security_level':
value => 'may';
'smtpd_tls_eecdh_grade':