From 36515c9c894822d9f76d691c5a85ba1caaaf825c Mon Sep 17 00:00:00 2001 From: Eric Morino Date: Wed, 27 Mar 2019 11:01:11 +0100 Subject: [PATCH] aligning roles with our conventions, major changes in opendkim-add.sh --- CHANGELOG.md | 1 + opendkim/files/opendkim-add.sh | 33 +++++++++------------------------ opendkim/files/opendkim.conf | 1 - opendkim/tasks/main.yml | 17 +++++++---------- 4 files changed, 17 insertions(+), 35 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index f7231f04..60bcb989 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -22,6 +22,7 @@ The **patch** part changes incrementally at each release. * tomcat: better tomcat version management * webapps/evoadmin-web: add dbadmin.sh to sudoers file * evomaintenance: embed version 0.5.0 +* opendkim : aligning roles with our conventions, major changes in opendkim-add.sh ### Fixed diff --git a/opendkim/files/opendkim-add.sh b/opendkim/files/opendkim-add.sh index fa663a59..4e11f8cc 100644 --- a/opendkim/files/opendkim-add.sh +++ b/opendkim/files/opendkim-add.sh @@ -1,52 +1,37 @@ #!/bin/sh - -dpkg -l |grep -e 'opendkim-tools' -e 'opendkim' -q - -if [ "$?" -ne 0 ]; then - echo "Require opendkim-tools and opendkim" - exit 1 -fi - if [ "$#" -ne 1 ]; then echo "Usage : $0 example.com" >&2 exit 1 fi +servername="$(cat /etc/hostname)" domain="$(echo "$1"|xargs)" -mkdir -pm 0750 "/etc/opendkim/keys/${domain}" -chown opendkim:opendkim "/etc/opendkim/keys/${domain}" - -if [ ! -f "/etc/opendkim/keys/${domain}/default.private" ]; then - cd "/etc/opendkim/keys/${domain}" +if [ ! -f "/etc/ssl/private/dkim-${servername}.private" ]; then echo "Generate DKIM keys ..." - sudo -u opendkim opendkim-genkey -r -d "${domain}" - chmod 640 /etc/opendkim/keys/${domain}/* -fi - -grep -q "${domain}" /etc/opendkim/TrustedHosts -if [ "$?" -ne 0 ]; then - echo "Add ${domain} to TrustedHosts ..." - echo "${domain}" >> /etc/opendkim/TrustedHosts + opendkim-genkey -D /etc/ssl/private/ -r -d "${domain}" -s "dkim-${servername}" + chown opendkim:opendkim "/etc/ssl/private/dkim-${servername}.private" + chmod 640 "/etc/ssl/private/dkim-${servername}.private" + mv "/etc/ssl/private/dkim-${servername}.txt" "/etc/ssl/certs/" fi grep -q "${domain}" /etc/opendkim/KeyTable if [ "$?" -ne 0 ]; then echo "Add ${domain} to KeyTable ..." - echo "default._domainkey.${domain} ${domain}:default:/etc/opendkim/keys/${domain}/default.private" >> /etc/opendkim/KeyTable + echo "dkim-${servername}._domainkey.${domain} ${domain}:dkim-${servername}:/etc/ssl/private/dkim-${servername}.private" >> /etc/opendkim/KeyTable fi grep -q "${domain}" /etc/opendkim/SigningTable if [ "$?" -ne 0 ]; then echo "Add ${domain} to SigningTable ..." - echo "*@${domain} default._domainkey.${domain}" >> /etc/opendkim/SigningTable + echo "*@${domain} dkim-${servername}._domainkey.${domain}" >> /etc/opendkim/SigningTable fi systemctl reload opendkim if [ "$?" -eq 0 ]; then echo "OpenDKIM successfully reloaded" - echo "Public key is in : /etc/opendkim/keys/${domain}/default.txt" + echo "Public key is in : /etc/ssl/certs/dkim-${servername}.txt" exit 0 else echo "An error has occurred while opendkim reload, please FIX configuration !" >&2 diff --git a/opendkim/files/opendkim.conf b/opendkim/files/opendkim.conf index c8c4d385..37536b93 100644 --- a/opendkim/files/opendkim.conf +++ b/opendkim/files/opendkim.conf @@ -5,7 +5,6 @@ OversignHeaders From TrustAnchorFile /usr/share/dns/root.key Selector default Canonicalization relaxed/relaxed -ExternalIgnoreList refile:/etc/opendkim/TrustedHosts InternalHosts refile:/etc/opendkim/TrustedHosts KeyTable refile:/etc/opendkim/KeyTable LogResults Yes diff --git a/opendkim/tasks/main.yml b/opendkim/tasks/main.yml index 7196ef46..36bb1c5b 100644 --- a/opendkim/tasks/main.yml +++ b/opendkim/tasks/main.yml @@ -6,19 +6,16 @@ with_items: - opendkim - opendkim-tools + - ssl-cert tags: - opendkim -- name: create keys directory - file: - name: "{{ item }}" - state: directory - owner: opendkim - group: opendkim - mode: "0750" - with_items: - - '/etc/opendkim' - - '/etc/opendkim/keys' +- name: Add user opendkim in ssl-cert group + user: + name: opendkim + groups: ssl-cert + state: present + append: yes tags: - opendkim