From d87a8787908fb1c82901d9611a971c9bed0a3907 Mon Sep 17 00:00:00 2001 From: Micah Date: Tue, 19 Jan 2016 12:01:34 -0500 Subject: Make sure the certs are installed for all smtp tls clients, thus ensuring the satellite hosts are setup properly (#7611) Change-Id: I9dce57c305a6fd6a39596a941174fe1879af5e4f --- puppet/modules/site_postfix/manifests/mx.pp | 7 +++---- puppet/modules/site_postfix/manifests/mx/smtp_tls.pp | 4 ++++ puppet/modules/site_postfix/manifests/mx/smtpd_tls.pp | 2 ++ 3 files changed, 9 insertions(+), 4 deletions(-) (limited to 'puppet/modules/site_postfix') diff --git a/puppet/modules/site_postfix/manifests/mx.pp b/puppet/modules/site_postfix/manifests/mx.pp index d456baf3..cd493807 100644 --- a/puppet/modules/site_postfix/manifests/mx.pp +++ b/puppet/modules/site_postfix/manifests/mx.pp @@ -49,10 +49,9 @@ class site_postfix::mx { value => 'static:42424'; 'virtual_gid_maps': value => 'static:42424'; - 'smtpd_tls_received_header': - value => 'yes'; - # the following is needed for matching user's client cert fingerprints to - # enable relaying (#3634) + # the two following configs are needed for matching user's client cert + # fingerprints to enable relaying (#3634). Satellites do not have + # these configured. 'smtpd_tls_fingerprint_digest': value => 'sha1'; 'relay_clientcerts': diff --git a/puppet/modules/site_postfix/manifests/mx/smtp_tls.pp b/puppet/modules/site_postfix/manifests/mx/smtp_tls.pp index d56f6b54..4eb80dd6 100644 --- a/puppet/modules/site_postfix/manifests/mx/smtp_tls.pp +++ b/puppet/modules/site_postfix/manifests/mx/smtp_tls.pp @@ -2,10 +2,14 @@ class site_postfix::mx::smtp_tls { include site_config::x509::ca include x509::variables + $cert_name = hiera('name') $ca_path = "${x509::variables::local_CAs}/${site_config::params::ca_name}.crt" $cert_path = "${x509::variables::certs}/${site_config::params::cert_name}.crt" $key_path = "${x509::variables::keys}/${site_config::params::cert_name}.key" + include site_config::x509::cert + include site_config::x509::key + # smtp TLS postfix::config { 'smtp_use_tls': value => 'yes'; diff --git a/puppet/modules/site_postfix/manifests/mx/smtpd_tls.pp b/puppet/modules/site_postfix/manifests/mx/smtpd_tls.pp index 0809c75f..9fed3874 100644 --- a/puppet/modules/site_postfix/manifests/mx/smtpd_tls.pp +++ b/puppet/modules/site_postfix/manifests/mx/smtpd_tls.pp @@ -12,6 +12,8 @@ class site_postfix::mx::smtpd_tls { 'smtpd_tls_cert_file': value => $cert_path; 'smtpd_tls_key_file': value => $key_path; 'smtpd_tls_ask_ccert': value => 'yes'; + 'smtpd_tls_received_header': + value => 'yes'; 'smtpd_tls_security_level': value => 'may'; 'smtpd_tls_eecdh_grade': -- cgit v1.2.3