blob: 05fd5f873cb5ffed5e9969e9f37eb8f339bb7bc2 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
|
---
- name: Install SASL dependencies
package:
name:
- sasl2-bin
- libsasl2-modules
state: present
tags:
- role::sasl
- name: Create SASL authentication daemon user
user:
name: sasl
group: sasl
system: true
tags:
- role::sasl
- name: Create service override directory
file:
path: /etc/systemd/system/saslauthd.service.d
state: directory
owner: root
group: root
mode: "0755"
tags:
- role::sasl
- name: Copy service user configuration for SASL authentication daemon
copy:
src: user.conf
dest: /etc/systemd/system/saslauthd.service.d/user.conf
mode: "0640"
owner: root
group: root
tags:
- role::sasl
notify:
- Restart SASL
register: sasl_systemd_override
- name: Update SASL authentication daemon preferences
lineinfile:
path: /etc/default/saslauthd
regexp: '^{{ item[''key''] }}="'
line: '{{ item["key"] }}="{{ item["value"] }}"'
mode: "0644"
owner: root
group: root
loop:
- key: START
value: "yes"
- key: MECHANISMS
value: ldap
# Postfix runs in a CHROOT so we need to create the SASLAUTHD socket there
# to allow Postfix to communicate with it.
- key: OPTIONS
value: "-c -m {{ sasl_mux_path }}"
tags:
- role::sasl
notify:
- Restart SASL
# The sysvinit script checks for a dpkg-statoverride when first starting. If
# one exists, it uses it, if none exists, ti creates the directory with
# ownership u=root g=sasl m=710. With these two tasks, we check whether there's
# a default override already specified (presumably from package installation)
# and only set it if it's distinct, ensuring idempotency.
- name: Check current overrides for runtime directory
command: dpkg-statoverride --list "{{ sasl_mux_path }}"
changed_when: false
register: sasl_statoverride_list
tags:
- role::sasl
- name: Ask dpkg to create runtime directory as sasl user
command: "dpkg-statoverride --update --force-statoverride-add --add {{ statoverride_line }}"
changed_when: true
tags:
- role::sasl
when:
# Only if necessary.
- sasl_statoverride_list.stdout_lines
- sasl_statoverride_list.stdout_lines[0] != statoverride_line
vars:
statoverride_line: "sasl sasl 710 {{ sasl_mux_path }}"
- name: Copy SASL LDAP configuration
template:
src: saslauthd.conf.j2
dest: /etc/saslauthd.conf
mode: "0640"
owner: root
group: sasl
tags:
- role::sasl
notify:
- Reload SASL
# BEGIN temporary tasks. Can be removed after initial deploy.
- name: Remove Postfix from SASL group
command: "gpasswd -d postfix sasl"
register: command_result
changed_when: "not 'is not a member of' in command_result.stderr"
failed_when: false
tags:
- role::sasl
- name: Remove Postfix SASL configuration
file:
path: /etc/postfix/sasl/smtpd.conf
state: absent
tags:
- role::sasl
notify:
- Reload postfix
# END temporary tasks. Can be removed after initial deploy.
- name: Enable and start SASL authentication daemon
systemd_service:
name: saslauthd
state: started
enabled: true
daemon_reload: "{{ sasl_systemd_override is changed }}"
tags:
- role::sasl
|
