From 22c06c3ee3c7b827a98962e2e3ac93af84b720b9 Mon Sep 17 00:00:00 2001 From: Ossi Salmi Date: Mon, 29 Jul 2013 17:04:16 +0300 Subject: [PATCH] dovecot: use ssl module for certificate paths --- dovecot/manifests/init.pp | 64 +++++++++++++------------------ dovecot/templates/puppet.conf.erb | 11 +++--- 2 files changed, 32 insertions(+), 43 deletions(-) diff --git a/dovecot/manifests/init.pp b/dovecot/manifests/init.pp index e5022cb..dfab206 100644 --- a/dovecot/manifests/init.pp +++ b/dovecot/manifests/init.pp @@ -39,15 +39,6 @@ class dovecot::server inherits dovecot::common { $dovecot_mailbox_format = "mbox" } - case $operatingsystem { - centos,fedora: { - $dovecot_ssl_dir = "/etc/pki/tls" - } - default: { - fail("Dovecot module not supported in ${operatingsystem}.") - } - } - service { "dovecot": ensure => running, enable => true, @@ -76,8 +67,33 @@ class dovecot::server inherits dovecot::common { require => Package["dovecot"], } + + if ! ($dovecot_ssl_key and $dovecot_ssl_cert) { + fail("Must define \$dovecot_ssl_key and \$dovecot_ssl_cert") + } + + include ssl + + file { "${ssl::private}/dovecot.key": + ensure => present, + source => $dovecot_ssl_key, + mode => "0600", + owner => "root", + group => "root", + notify => Service["dovecot"], + } + + file { "${ssl::certs}/dovecot.crt": + ensure => present, + source => $dovecot_ssl_cert, + mode => "0644", + owner => "root", + group => "root", + notify => Service["dovecot"], + } + if $dovecot_ssl_csr { - file { "$dovecot_ssl_dir/private/dovecot.csr": + file { "${ssl::private}/dovecot.csr": ensure => present, source => $dovecot_ssl_csr, mode => "0640", @@ -88,7 +104,7 @@ class dovecot::server inherits dovecot::common { } if $dovecot_ssl_ca { - file { "$dovecot_ssl_dir/certs/dovecot.ca.crt": + file { "${ssl::certs}/dovecot.ca.crt": ensure => present, source => $dovecot_ssl_ca, mode => "0644", @@ -98,32 +114,6 @@ class dovecot::server inherits dovecot::common { } } - if $dovecot_ssl_cert { - file { "$dovecot_ssl_dir/certs/dovecot.crt": - ensure => present, - source => $dovecot_ssl_cert, - mode => "0644", - owner => "root", - group => "root", - notify => Service["dovecot"], - } - } else { - fail("You need to define an ssl_cert in your node manifest.") - } - - if $dovecot_ssl_key { - file { "$dovecot_ssl_dir/private/dovecot.key": - ensure => present, - source => $dovecot_ssl_key, - mode => "0600", - owner => "root", - group => "root", - notify => Service["dovecot"], - } - } else { - fail("You need to define an ssl_key in your node manifest.") - } - } diff --git a/dovecot/templates/puppet.conf.erb b/dovecot/templates/puppet.conf.erb index 4440b6e..a076b97 100644 --- a/dovecot/templates/puppet.conf.erb +++ b/dovecot/templates/puppet.conf.erb @@ -1,12 +1,11 @@ - -ssl=required -ssl_cert = <<%= @dovecot_ssl_dir %>/certs/dovecot.crt -ssl_key = <<%= @dovecot_ssl_dir %>/private/dovecot.key +ssl = required +ssl_cert = <<%= scope.lookupvar('ssl::certs') %>/dovecot.crt +ssl_key = <<%= scope.lookupvar('ssl::private') %>/dovecot.key <% if @dovecot_ssl_ca -%> -ssl_ca = <<%= @dovecot_ssl_dir %>/certs/dovecot.ca.crt +ssl_ca = <<%= scope.lookupvar('ssl::certs') %>/dovecot.ca.crt <% end -%> - <% if @dovecot_mailbox_format && @dovecot_mailbox_format == "mdbox" -%> + # mdbox settings mdbox_rotate_size = 10M mdbox_rotate_interval = 10d