Page MenuHomeDevCentral

Allow to update SMTP server certificates
ClosedPublic

Authored by dereckson on Nov 3 2016, 14:37.
Tags
None
Referenced Files
F3744504: D694.diff
Fri, Nov 15, 06:23
Unknown Object (File)
Tue, Nov 12, 23:33
Unknown Object (File)
Wed, Nov 6, 20:55
Unknown Object (File)
Fri, Nov 1, 06:59
Unknown Object (File)
Thu, Oct 31, 03:46
Unknown Object (File)
Sat, Oct 26, 21:10
Unknown Object (File)
Sun, Oct 20, 15:15
Unknown Object (File)
Oct 9 2024, 20:04
Subscribers
None

Details

Summary

The SMTP server certificate is managed by Let's encrypt.
It's renewed by a timer on Dwellers introduced in cd39c567ec4f.

When renewed, it's only available for nginx, but must also be
deployed to the LXC mailserver container to be accessible by Postfix.

There is a work in progress to automate the process: as Let's encrypt
renew code runs in a Docker container without access to the LXC mail
container, we want to check file hashes to copy and restart when needed.

Meanwhile, this change allows manual certificate propagation.

Test Plan

Tested to solve T1038.

Diff Detail

Repository
rOPS Nasqueron Operations
Lint
No Lint Coverage
Unit
No Test Coverage
Branch
mailserver (branched from master)
Build Status
Buildable 1052
Build 1267: arc lint + arc unit

Event Timeline

dereckson retitled this revision from to Allow to update SMTP server certificates.
dereckson updated this object.
dereckson edited the test plan for this revision. (Show Details)
dereckson added a reviewer: Sandlayth.
Sandlayth edited edge metadata.
This revision is now accepted and ready to land.Nov 3 2016, 17:45
This revision was automatically updated to reflect the committed changes.