From 6ed6f3ef190ee312064735c2514502ae4fefb135 Mon Sep 17 00:00:00 2001 From: Stephen Gran Date: Wed, 25 Apr 2012 08:03:52 +0100 Subject: [PATCH] This is better expressed as a dependency Signed-off-by: Stephen Gran --- modules/debian-org/lib/facter/mta.rb | 15 --------------- modules/exim/manifests/init.pp | 6 +++++- modules/exim/templates/eximconf.erb | 10 +--------- 3 files changed, 6 insertions(+), 25 deletions(-) diff --git a/modules/debian-org/lib/facter/mta.rb b/modules/debian-org/lib/facter/mta.rb index 9b612609f..5d2242a61 100644 --- a/modules/debian-org/lib/facter/mta.rb +++ b/modules/debian-org/lib/facter/mta.rb @@ -7,18 +7,3 @@ Facter.add("mta") do mta end end - -Facter.add("exim_ssl_certs") do - certs = FileTest.exist?("/etc/exim4/ssl/") && - FileTest.exist?("/etc/exim4/ssl/ca.crl") && - FileTest.exist?("/etc/exim4/ssl/thishost.crt") && - FileTest.exist?("/etc/exim4/ssl/ca.crt") && - FileTest.exist?("/etc/exim4/ssl/thishost.key") - setcode do - if certs - true - else - '' - end - end -end diff --git a/modules/exim/manifests/init.pp b/modules/exim/manifests/init.pp index 5b0295618..6b83cf876 100644 --- a/modules/exim/manifests/init.pp +++ b/modules/exim/manifests/init.pp @@ -12,7 +12,10 @@ class exim { service { 'exim4': ensure => running, - require => File['/etc/exim4/exim4.conf'], + require => [ + File['/etc/exim4/exim4.conf'], + Package['exim4'], + ] } file { '/etc/exim4/': @@ -43,6 +46,7 @@ class exim { } file { '/etc/exim4/exim4.conf': content => template('exim/eximconf.erb'), + require => File['/etc/exim4/ssl/thishost.crt'], notify => Service['exim4'], } file { '/etc/mailname': diff --git a/modules/exim/templates/eximconf.erb b/modules/exim/templates/eximconf.erb index 4676daddc..d508eb06e 100644 --- a/modules/exim/templates/eximconf.erb +++ b/modules/exim/templates/eximconf.erb @@ -129,14 +129,12 @@ hostlist reservedaddrs = <%= scope.lookupvar('site::nodeinfo')['reservedaddrs'] domainlist mailhubdomains = lsearch;/etc/exim4/manualroute <%- end -%> -<%- if has_variable?("exim_ssl_certs") && exim_ssl_certs == "true" -%> tls_certificate = /etc/exim4/ssl/thishost.crt tls_privatekey = /etc/exim4/ssl/thishost.key tls_try_verify_hosts = * tls_verify_certificates = /etc/exim4/ssl/ca.crt tls_crl = /etc/exim4/ssl/ca.crl -<%- end -%> # The setting below causes Exim to do a reverse DNS lookup on all incoming # IP calls, in order to get the true host name. If you feel this is too # expensive, you can specify the networks for which a lookup is done, or @@ -230,9 +228,7 @@ admin_groups = adm remote_sort_domains = *.debian.org:*.debian.net pipelining_advertise_hosts = !* -<%- if has_variable?("exim_ssl_certs") && exim_ssl_certs == "true" -%> tls_advertise_hosts = * -<%- end -%> smtp_enforce_sync = true log_selector = +tls_cipher +tls_peerdn +queue_time +deliver_time +smtp_connection +smtp_incomplete_transaction +smtp_confirmation @@ -1566,10 +1562,8 @@ remote_smtp: driver = smtp connect_timeout = 1m delay_after_cutoff = false -<%- if has_variable?("exim_ssl_certs") && exim_ssl_certs == "true" -%> tls_certificate = /etc/exim4/ssl/thishost.crt tls_privatekey = /etc/exim4/ssl/thishost.key -<%- end -%> <%= out = "" @@ -1581,13 +1575,11 @@ remote_smtp_smarthost: delay_after_cutoff = false port = ' out += scope.lookupvar('site::nodeinfo')['smarthost_port'].to_s + "\n" - if has_variable?("exim_ssl_certs") && exim_ssl_certs == "true" - out += ' tls_tempfail_tryclear = false + out += ' tls_tempfail_tryclear = false hosts_require_tls = ' + scope.lookupvar('site::nodeinfo')['smarthost'] + ' tls_certificate = /etc/exim4/ssl/thishost.crt tls_privatekey = /etc/exim4/ssl/thishost.key ' - end end out %> -- 2.20.1