Differential D694

Allow to update SMTP server certificates
ClosedPublic
Actions

Authored by dereckson on Nov 3 2016, 14:37.

Details

Reviewers

Sandlayth

Maniphest Tasks

T919: Propagate Let's encrypt certificate to mail server

Commits

rOPS4d9fcc57d6fc: Allow to update SMTP server certificates

Summary

The SMTP server certificate is managed by Let's encrypt.
It's renewed by a timer on Dwellers introduced in cd39c567ec4f.

When renewed, it's only available for nginx, but must also be
deployed to the LXC mailserver container to be accessible by Postfix.

There is a work in progress to automate the process: as Let's encrypt
renew code runs in a Docker container without access to the LXC mail
container, we want to check file hashes to copy and restart when needed.

Meanwhile, this change allows manual certificate propagation.

Test Plan

Tested to solve T1038.

Diff Detail

Repository

rOPS Nasqueron Operations

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

dereckson updated this revision to Diff 1743.Nov 3 2016, 14:37

dereckson retitled this revision from to Allow to update SMTP server certificates.

dereckson updated this object.

dereckson edited the test plan for this revision. (Show Details)

dereckson added a reviewer: Sandlayth.

Sandlayth accepted this revision.Nov 3 2016, 17:45

Sandlayth edited edge metadata.

This revision is now accepted and ready to land.Nov 3 2016, 17:45

Closed by commit rOPS4d9fcc57d6fc: Allow to update SMTP server certificates (authored by dereckson, committed by dereckson). · Explain WhyNov 6 2016, 19:13

This revision was automatically updated to reflect the committed changes.

dereckson added a task: T919: Propagate Let's encrypt certificate to mail server.Jan 16 2017, 06:18

Revision Contents
Changeset List

Path

Size

roles/

mailserver/

certificates/

files/

update-smtp-certificates

22 lines

init.sls

12 lines

Diff 1744

View Options

roles/mailserver/certificates/files/update-smtp-certificates