aligning roles with our conventions, major changes in opendkim-add.sh

CHANGELOG.md

@@ -22,6 +22,7 @@ The **patch** part changes incrementally at each release.
 * tomcat: better tomcat version management
 * webapps/evoadmin-web: add dbadmin.sh to sudoers file
 * evomaintenance: embed version 0.5.0
+* opendkim : aligning roles with our conventions, major changes in opendkim-add.sh
 
 
 ### Fixed

opendkim/files/opendkim-add.sh

@@ -1,52 +1,37 @@
 #!/bin/sh
 
-
-dpkg -l |grep -e 'opendkim-tools' -e 'opendkim' -q
-
-if [ "$?" -ne 0 ]; then 
-    echo "Require opendkim-tools and opendkim"
-    exit 1
-fi
-
 if [ "$#" -ne 1 ]; then
     echo "Usage : $0 example.com" >&2
     exit 1
 fi
 
+servername="$(cat /etc/hostname)"
 domain="$(echo "$1"|xargs)"
 
-mkdir -pm 0750 "/etc/opendkim/keys/${domain}"
-chown opendkim:opendkim "/etc/opendkim/keys/${domain}"
-
-if [ ! -f "/etc/opendkim/keys/${domain}/default.private" ]; then
-    cd "/etc/opendkim/keys/${domain}"
+if [ ! -f "/etc/ssl/private/dkim-${servername}.private" ]; then
     echo "Generate DKIM keys ..."
-    sudo -u opendkim opendkim-genkey -r -d "${domain}"
-    chmod 640 /etc/opendkim/keys/${domain}/*
-fi
-
-grep -q "${domain}" /etc/opendkim/TrustedHosts
-if [ "$?" -ne 0 ]; then
-    echo "Add ${domain} to TrustedHosts ..."
-    echo "${domain}" >> /etc/opendkim/TrustedHosts
+    opendkim-genkey -D /etc/ssl/private/ -r -d "${domain}" -s "dkim-${servername}"
+    chown opendkim:opendkim "/etc/ssl/private/dkim-${servername}.private"
+    chmod 640 "/etc/ssl/private/dkim-${servername}.private"
+    mv "/etc/ssl/private/dkim-${servername}.txt" "/etc/ssl/certs/"
 fi
 
 grep -q "${domain}" /etc/opendkim/KeyTable
 if [ "$?" -ne 0 ]; then
     echo "Add ${domain} to KeyTable ..."
-    echo "default._domainkey.${domain} ${domain}:default:/etc/opendkim/keys/${domain}/default.private" >> /etc/opendkim/KeyTable
+    echo "dkim-${servername}._domainkey.${domain} ${domain}:dkim-${servername}:/etc/ssl/private/dkim-${servername}.private" >> /etc/opendkim/KeyTable
 fi
 
 grep -q "${domain}" /etc/opendkim/SigningTable
 if [ "$?" -ne 0 ]; then
     echo "Add ${domain} to SigningTable ..."
-    echo "*@${domain} default._domainkey.${domain}" >> /etc/opendkim/SigningTable
+    echo "*@${domain} dkim-${servername}._domainkey.${domain}" >> /etc/opendkim/SigningTable
 fi
 
 systemctl reload opendkim
 if [ "$?" -eq 0 ]; then
     echo "OpenDKIM successfully reloaded"
-    echo "Public key is in : /etc/opendkim/keys/${domain}/default.txt"
+    echo "Public key is in : /etc/ssl/certs/dkim-${servername}.txt"
     exit 0
 else
     echo "An error has occurred while opendkim reload, please FIX configuration !" >&2

opendkim/files/opendkim.conf

@@ -5,7 +5,6 @@ OversignHeaders         From
 TrustAnchorFile         /usr/share/dns/root.key
 Selector                default
 Canonicalization        relaxed/relaxed
-ExternalIgnoreList      refile:/etc/opendkim/TrustedHosts
 InternalHosts           refile:/etc/opendkim/TrustedHosts
 KeyTable                refile:/etc/opendkim/KeyTable
 LogResults              Yes

opendkim/tasks/main.yml

@@ -6,19 +6,16 @@
   with_items:
   - opendkim
   - opendkim-tools
+  - ssl-cert
   tags:
   - opendkim
 
-- name: create keys directory
-  file:
-    name: "{{ item }}"
-    state: directory
-    owner: opendkim
-    group: opendkim
-    mode: "0750"
-  with_items:
-  - '/etc/opendkim'
-  - '/etc/opendkim/keys'
+- name: Add user opendkim in ssl-cert group
+  user:
+    name: opendkim
+    groups: ssl-cert
+    state: present
+    append: yes
   tags:
   - opendkim