aligning roles with our conventions, major changes in opendkim-add.sh

This commit is contained in:
Eric Morino 2019-03-27 11:01:11 +01:00
parent 66381ae454
commit 36515c9c89
4 changed files with 17 additions and 35 deletions

View file

@ -22,6 +22,7 @@ The **patch** part changes incrementally at each release.
* tomcat: better tomcat version management
* webapps/evoadmin-web: add dbadmin.sh to sudoers file
* evomaintenance: embed version 0.5.0
* opendkim : aligning roles with our conventions, major changes in opendkim-add.sh
### Fixed

View file

@ -1,52 +1,37 @@
#!/bin/sh
dpkg -l |grep -e 'opendkim-tools' -e 'opendkim' -q
if [ "$?" -ne 0 ]; then
echo "Require opendkim-tools and opendkim"
exit 1
fi
if [ "$#" -ne 1 ]; then
echo "Usage : $0 example.com" >&2
exit 1
fi
servername="$(cat /etc/hostname)"
domain="$(echo "$1"|xargs)"
mkdir -pm 0750 "/etc/opendkim/keys/${domain}"
chown opendkim:opendkim "/etc/opendkim/keys/${domain}"
if [ ! -f "/etc/opendkim/keys/${domain}/default.private" ]; then
cd "/etc/opendkim/keys/${domain}"
if [ ! -f "/etc/ssl/private/dkim-${servername}.private" ]; then
echo "Generate DKIM keys ..."
sudo -u opendkim opendkim-genkey -r -d "${domain}"
chmod 640 /etc/opendkim/keys/${domain}/*
fi
grep -q "${domain}" /etc/opendkim/TrustedHosts
if [ "$?" -ne 0 ]; then
echo "Add ${domain} to TrustedHosts ..."
echo "${domain}" >> /etc/opendkim/TrustedHosts
opendkim-genkey -D /etc/ssl/private/ -r -d "${domain}" -s "dkim-${servername}"
chown opendkim:opendkim "/etc/ssl/private/dkim-${servername}.private"
chmod 640 "/etc/ssl/private/dkim-${servername}.private"
mv "/etc/ssl/private/dkim-${servername}.txt" "/etc/ssl/certs/"
fi
grep -q "${domain}" /etc/opendkim/KeyTable
if [ "$?" -ne 0 ]; then
echo "Add ${domain} to KeyTable ..."
echo "default._domainkey.${domain} ${domain}:default:/etc/opendkim/keys/${domain}/default.private" >> /etc/opendkim/KeyTable
echo "dkim-${servername}._domainkey.${domain} ${domain}:dkim-${servername}:/etc/ssl/private/dkim-${servername}.private" >> /etc/opendkim/KeyTable
fi
grep -q "${domain}" /etc/opendkim/SigningTable
if [ "$?" -ne 0 ]; then
echo "Add ${domain} to SigningTable ..."
echo "*@${domain} default._domainkey.${domain}" >> /etc/opendkim/SigningTable
echo "*@${domain} dkim-${servername}._domainkey.${domain}" >> /etc/opendkim/SigningTable
fi
systemctl reload opendkim
if [ "$?" -eq 0 ]; then
echo "OpenDKIM successfully reloaded"
echo "Public key is in : /etc/opendkim/keys/${domain}/default.txt"
echo "Public key is in : /etc/ssl/certs/dkim-${servername}.txt"
exit 0
else
echo "An error has occurred while opendkim reload, please FIX configuration !" >&2

View file

@ -5,7 +5,6 @@ OversignHeaders From
TrustAnchorFile /usr/share/dns/root.key
Selector default
Canonicalization relaxed/relaxed
ExternalIgnoreList refile:/etc/opendkim/TrustedHosts
InternalHosts refile:/etc/opendkim/TrustedHosts
KeyTable refile:/etc/opendkim/KeyTable
LogResults Yes

View file

@ -6,19 +6,16 @@
with_items:
- opendkim
- opendkim-tools
- ssl-cert
tags:
- opendkim
- name: create keys directory
file:
name: "{{ item }}"
state: directory
owner: opendkim
group: opendkim
mode: "0750"
with_items:
- '/etc/opendkim'
- '/etc/opendkim/keys'
- name: Add user opendkim in ssl-cert group
user:
name: opendkim
groups: ssl-cert
state: present
append: yes
tags:
- opendkim