Merge pull request #26 from EvaSDK/keys-in-pillar

Manage certificates from pillars
This commit is contained in:
puneet kandhari 2015-09-03 06:07:17 -05:00
commit 31879915e2
2 changed files with 65 additions and 11 deletions

View file

@ -27,20 +27,9 @@ postfix:
config:
smtpd_banner: $myhostname ESMTP $mail_name
biff: 'no'
append_dot_mydomain: 'no'
readme_directory: 'no'
smtpd_tls_cert_file: /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file: /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls: 'yes'
smtpd_tls_session_cache_database: btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database: btree:${data_directory}/smtp_scache
myhostname: localhost
alias_maps: hash:/etc/aliases
alias_database: hash:/etc/aliases
mydestination: localhost, localhost.localdomain
relayhost:
mynetworks: 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
@ -48,3 +37,47 @@ postfix:
recipient_delimiter: +
inet_interfaces: all
# Alias
alias_maps: hash:/etc/aliases
alias_database: hash:/etc/aliases
# SMTP server
smtpd_tls_session_cache_database: btree:${data_directory}/smtpd_scache
smtpd_use_tls: 'yes'
# SMTP server certificate and key (from pillar data)
smtpd_tls_cert_file: /etc/postfix/ssl/server-cert.crt
smtpd_tls_key_file: /etc/postfix/ssl/server-cert.key
# SMTP client
smtp_tls_session_cache_database: btree:${data_directory}/smtp_scache
smtp_use_tls: 'yes'
smtp_tls_cert_file: /etc/postfix/ssl/example.com-relay-client-cert.crt
smtp_tls_key_file: /etc/postfix/ssl/example.com-relay-client-cert.key
certificates:
server-cert:
public_cert: |
-----BEGIN CERTIFICATE-----
(Your primary SSL certificate: smtp.example.com.crt)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(Your intermediate certificate: example-ca.crt)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(Your root certificate: trusted-root.crt)
-----END CERTIFICATE-----
private_key: |
-----BEGIN RSA PRIVATE KEY-----
(Your Private key)
-----END RSA PRIVATE KEY-----
example.com-relay-client-cert:
public_cert: |
-----BEGIN CERTIFICATE-----
(Your primary SSL certificate: smtp.example.com.crt)
-----END CERTIFICATE-----
private_key: |
-----BEGIN RSA PRIVATE KEY-----
(Your Private key)
-----END RSA PRIVATE KEY-----

View file

@ -33,3 +33,24 @@ include:
- service: postfix
- template: jinja
{% endif %}
{%- for domain in salt['pillar.get']('postfix:certificates', {}).keys() %}
postfix_{{ domain }}_ssl_certificate:
file.managed:
- name: /etc/postfix/ssl/{{ domain }}.crt
- makedirs: True
- contents_pillar: postfix:certificates:{{ domain }}:public_cert
- watch_in:
- service: postfix
postfix_{{ domain }}_ssl_key:
file.managed:
- name: /etc/postfix/ssl/{{ domain }}.key
- mode: 600
- makedirs: True
- contents_pillar: postfix:certificates:{{ domain }}:private_key
- watch_in:
- service: postfix
{% endfor %}