Mercurial > repos > other > Puppet

changeset 381:a4867ea13d84

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Restart Dovecot/Postfix after LetsEncrypt renewal The dummy command notifies the service, which causes it to restart. The command only runs when a known "created at service start" file (auth pipe or the master socket) is older than the certificate used. We need `readlink` because the file might be a symlink.
author IBBoard <dev@ibboard.co.uk>
date Fri, 19 Nov 2021 19:57:35 +0000
parents 21686c6a9ac4
children 308b4149bee5
files modules/dovecot/manifests/init.pp modules/postfix/manifests/init.pp
diffstat 2 files changed, 10 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/modules/dovecot/manifests/init.pp	Sat Oct 16 15:43:04 2021 +0100
+++ b/modules/dovecot/manifests/init.pp	Fri Nov 19 19:57:35 2021 +0000
@@ -62,6 +62,11 @@
 		enable => true,
 		subscribe => Package['dovecot'],
 	}
+	exec { 'Dovecot/LetsEncrypt sync restart trigger':
+		command => "/usr/bin/true",
+		unless => "[ /run/dovecot/master -nt $(readlink -e /etc/pki/dovecot/certs/${imapserver}.crt) ]",
+		notify => Service['dovecot'],
+	}
 	firewall { '102 allow IMAPS':
 		destination => $imapserver_ip,
 		dport => 993,
--- a/modules/postfix/manifests/init.pp	Sat Oct 16 15:43:04 2021 +0100
+++ b/modules/postfix/manifests/init.pp	Fri Nov 19 19:57:35 2021 +0000
@@ -29,6 +29,11 @@
     enable    => true,
     subscribe => Package['postfix'],
   }
+  exec { 'Postfix/LetsEncrypt sync restart trigger':
+    command => "/usr/bin/true",
+    unless => "[ /var/spool/postfix/private/auth -nt $(readlink -e /etc/pki/custom/$mailserver.crt) ]",
+    notify => Service['postfix'],
+  }
   firewall { '101 allow SMTP':
     destination => $mailserver_ip,
     dport => [25, 465, 587],