majic-ansible-roles Changeset

Changeset - 81d6b5ac9240

Parent rev.

Child rev.

[Not reviewed]

0 3 0

Branko Majic (branko) - 9 years ago 2015-04-07 23:02:11
branko@majic.rs

MAR-4: Added example configuration for the mail server role. Updated name for the TLS key files. Added steps that need to be done after mail server has been set-up (for TLS keys mainly).

3 files changed with 40 insertions and 2 deletions:

docs/rolereference.rst

docs/testsite.rst

testsite/group_vars/mail.yml

0 comments (0 inline, 0 general)

docs/rolereference.rst

➞

Show inline comments

@@ @@ -691,3 +691,33 @@ Parameters @@
 **mail_postmaster** (string, mandatory)
   Mail address to use for the postmaster account in Dovecot.
 Examples
 ~~~~~~~~
 Here is an example configuration for setting-up XMPP server using Prosody:
 .. code-block:: yaml
   ---
   mail_ldap_url: ldap://ldap.example.com/
   mail_ldap_tls_truststore: /etc/ssl/certs/truststore.pem
   mail_ldap_root_dn: dc=example,dc=com
   mail_ldap_postfix_password: postfix
   mail_ldap_dovecot_password: dovecot
   mail_user: vmail
   mail_user_uid: 5000
   mail_user_gid: 5000
   imap_tls_certificate: /etc/ssl/certs/mail.example.com_imap.pem
   imap_tls_key: /etc/ssl/private/mail.example.com_imap.pem
   smtp_tls_certificate: /etc/ssl/certs/mail.example.com_smtp.pem
   smtp_tls_key: /etc/ssl/private/mail.example.com_smtp.pem
   imap_folder_separator: /
   smtp_rbl:
     - bl.spamcop.net
     - zen.spamhaus.org
   mail_postmaster: postmaster@example.com

docs/testsite.rst

➞

Show inline comments

@@ @@ -90,5 +90,13 @@ system: @@
   * After all files are in place, re-run the ``site.yml`` playbook in order to
     restart necessary services etc.
 * On ``mail.example.com``, you should manually install the TLS private key and
   certificate in locations ``/etc/ssl/private/mail.example.com.pem``
   (*root:ldap, 640*) and ``/etc/ssl/certs/mail.example.com.pem`` (*root:root,
 *), respectively. You should also install a truststore that contains the CA
   certifciate which has issued the LDAP certificate in location
   ``/etc/ssl/certs/truststore.pem`` (*root:root, 644*). After that, restart the
   servics ``dovecot`` and ``postfix``.
 For more details on how the playbooks and configuration have been implemented,
 feel free to browse the test site files (in directory ``testsite``).

testsite/group_vars/mail.yml

➞

Show inline comments

@@ @@ -22,9 +22,9 @@ mail_user_uid: 5000 @@
 mail_user_gid: 5000
 imap_tls_certificate: /etc/ssl/certs/mail.example.com_imap.pem
-imap_tls_key: /etc/ssl/private/mail.example.com_imap.key
+imap_tls_key: /etc/ssl/private/mail.example.com_imap.pem
 smtp_tls_certificate: /etc/ssl/certs/mail.example.com_smtp.pem
-smtp_tls_key: /etc/ssl/private/mail.example.com_smtp.key
+smtp_tls_key: /etc/ssl/private/mail.example.com_smtp.pem
 imap_folder_separator: /
 smtp_rbl:
   - bl.spamcop.net

0 comments (0 inline, 0 general)