diff options
| author | Guilhem Moulin <guilhem@fripost.org> | 2014-07-04 00:37:40 +0200 |
|---|---|---|
| committer | Guilhem Moulin <guilhem@fripost.org> | 2015-06-07 02:52:24 +0200 |
| commit | 58e65628313da8990f1e5cb26bfe4e10e128034e (patch) | |
| tree | 1ca5321944c66304b6afad7acf9dbc37d8f0b4f5 | |
| parent | 535741b9caaa7b1480d3a6e8290769b1e2e0a55e (diff) | |
Reload Postfix upon configuration change, but don't restart it.
(Unless a new instance is created, or the master.cf change is modified.)
Changing some variables, such as inet_protocols, require a full restart,
but most of the time it's overkill.
| -rw-r--r-- | roles/IMAP/handlers/main.yml | 3 | ||||
| -rw-r--r-- | roles/IMAP/tasks/mda.yml | 8 | ||||
| -rw-r--r-- | roles/MSA/handlers/main.yml | 3 | ||||
| -rw-r--r-- | roles/MSA/tasks/main.yml | 8 | ||||
| -rw-r--r-- | roles/MX/handlers/main.yml | 3 | ||||
| -rw-r--r-- | roles/MX/tasks/main.yml | 8 | ||||
| -rw-r--r-- | roles/common/handlers/main.yml | 1 | ||||
| -rw-r--r-- | roles/common/tasks/mail.yml | 6 | ||||
| -rw-r--r-- | roles/lists/handlers/main.yml | 3 | ||||
| -rw-r--r-- | roles/lists/tasks/mail.yml | 8 | ||||
| -rw-r--r-- | roles/out/handlers/main.yml | 3 | ||||
| -rw-r--r-- | roles/out/tasks/main.yml | 8 | ||||
| -rw-r--r-- | roles/webmail/handlers/main.yml | 3 | ||||
| -rw-r--r-- | roles/webmail/tasks/mail.yml | 8 |
14 files changed, 21 insertions, 52 deletions
diff --git a/roles/IMAP/handlers/main.yml b/roles/IMAP/handlers/main.yml index c14468a..46cf1fb 100644 --- a/roles/IMAP/handlers/main.yml +++ b/roles/IMAP/handlers/main.yml @@ -1,27 +1,24 @@ --- - name: Restart Dovecot service: name=dovecot state=restarted -- name: Restart Postfix - service: name=postfix state=restarted - - name: Reload Postfix service: name=postfix state=reloaded - name: Compile Spamassassin rules sudo_user: debian-spamd # it might take a while... command: /usr/bin/sa-compile --quiet chdir=/var/lib/spamassassin/ - name: Restart Amavis service: name=amavis state=restarted - name: Copy SQL tables for spamassassin copy: src=tmp/spamassassin.sql dest=/tmp/spamassassin.sql owner=root group=root mode=0600 - name: Create SQL tables for spamassassin # see https://svn.apache.org/repos/asf/spamassassin/trunk/sql/ diff --git a/roles/IMAP/tasks/mda.yml b/roles/IMAP/tasks/mda.yml index a914f17..2d63f0e 100644 --- a/roles/IMAP/tasks/mda.yml +++ b/roles/IMAP/tasks/mda.yml @@ -1,34 +1,33 @@ - name: Install Postfix apt: pkg={{ item }} with_items: - postfix - postfix-ldap - name: Configure Postfix template: src=etc/postfix/main.cf.j2 dest=/etc/postfix-{{ postfix_instance[inst].name }}/main.cf owner=root group=root mode=0644 - register: r notify: - - Restart Postfix + - Reload Postfix - name: Create directory /etc/postfix-.../virtual file: path=/etc/postfix-{{ postfix_instance[inst].name }}/virtual state=directory owner=root group=root mode=0755 - name: Copy lookup tables copy: src=etc/postfix/virtual/{{ item }} dest=/etc/postfix-{{ postfix_instance[inst].name }}/virtual/{{ item }} owner=root group=root mode=0644 with_items: - mailbox_domains.cf - mailbox.cf - transport_content_filter.cf - name: Copy recipient canonical # no need to reload upon change, as cleanup(8) is short-running copy: src=etc/postfix/recipient_canonical.pcre @@ -38,25 +37,24 @@ - name: Build the Postfix relay clientcerts map sudo: False # smtpd_tls_fingerprint_digest MUST be sha256! local_action: shell openssl x509 -in certs/postfix/{{ item }}.pem -noout -fingerprint -sha256 | sed -nr 's/^.*=(.*)/\1 {{ item }}/p' with_items: groups.MX | difference([inventory_hostname]) | sort register: relay_clientcerts changed_when: False - name: Copy the Postfix relay clientcerts map template: src=etc/postfix/relay_clientcerts.j2 dest=/etc/postfix-{{ postfix_instance[inst].name }}/relay_clientcerts owner=root group=root mode=0644 - name: Compile the Postfix relay clientcerts map postmap: cmd=postmap src=/etc/postfix-{{ postfix_instance[inst].name }}/relay_clientcerts db=cdb owner=root group=root mode=0644 +- meta: flush_handlers + - name: Start Postfix service: name=postfix state=started - when: not r.changed - -- meta: flush_handlers diff --git a/roles/MSA/handlers/main.yml b/roles/MSA/handlers/main.yml index c27834e..99a5db2 100644 --- a/roles/MSA/handlers/main.yml +++ b/roles/MSA/handlers/main.yml @@ -1,6 +1,3 @@ --- -- name: Restart Postfix - service: name=postfix state=restarted - - name: Reload Postfix service: name=postfix state=reloaded diff --git a/roles/MSA/tasks/main.yml b/roles/MSA/tasks/main.yml index 30473a6..c7424d8 100644 --- a/roles/MSA/tasks/main.yml +++ b/roles/MSA/tasks/main.yml @@ -1,27 +1,25 @@ - name: Install Postfix apt: pkg={{ item }} with_items: - postfix - postfix-pcre - name: Configure Postfix template: src=etc/postfix/main.cf.j2 dest=/etc/postfix-{{ postfix_instance[inst].name }}/main.cf owner=root group=root mode=0644 - register: r notify: - - Restart Postfix + - Reload Postfix - name: Copy the Regex to anonymize senders # no need to reload upon change, as cleanup(8) is short-running copy: src=etc/postfix/anonymize_sender.pcre dest=/etc/postfix-{{ postfix_instance[inst].name }}/anonymize_sender.pcre owner=root group=root mode=0644 +- meta: flush_handlers + - name: Start Postfix service: name=postfix state=started - when: not r.changed - -- meta: flush_handlers diff --git a/roles/MX/handlers/main.yml b/roles/MX/handlers/main.yml index 21c736a..0482a49 100644 --- a/roles/MX/handlers/main.yml +++ b/roles/MX/handlers/main.yml @@ -1,9 +1,6 @@ --- - name: Restart Postgrey service: name=postgrey state=restarted -- name: Restart Postfix - service: name=postfix state=restarted - - name: Reload Postfix service: name=postfix state=reloaded diff --git a/roles/MX/tasks/main.yml b/roles/MX/tasks/main.yml index accca14..a372cf4 100644 --- a/roles/MX/tasks/main.yml +++ b/roles/MX/tasks/main.yml @@ -13,63 +13,61 @@ lineinfile: dest=/etc/default/postgrey regexp='^POSTGREY_OPTS=' line='POSTGREY_OPTS="--privacy --unix=/var/spool/postfix-{{ postfix_instance[inst].name }}/private/postgrey"' owner=root group=root mode=0644 register: r notify: - Restart Postgrey - name: Start Postgrey service: name=postgrey state=started when: not r.changed - meta: flush_handlers - name: Configure Postfix template: src=etc/postfix/main.cf.j2 dest=/etc/postfix-{{ postfix_instance[inst].name }}/main.cf owner=root group=root mode=0644 - register: r notify: - - Restart Postfix + - Reload Postfix - name: Create directory /etc/postfix-.../virtual file: path=/etc/postfix-{{ postfix_instance[inst].name }}/virtual state=directory owner=root group=root mode=0755 - name: Copy lookup tables template: src=etc/postfix/virtual/{{ item }}.j2 dest=/etc/postfix-{{ postfix_instance[inst].name }}/virtual/{{ item }} owner=root group=root mode=0644 with_items: - mailbox_domains.cf # no need to reload upon change, as cleanup(8) is short-running - reserved_alias.pcre - alias.cf - mailbox.cf - list.cf - alias_domains.cf - catchall.cf - transport - name: Compile the Reserved Transport Maps postmap: instance={{ postfix_instance[inst].name }} src=/etc/postfix-{{ postfix_instance[inst].name }}/virtual/transport db=cdb owner=root group=root mode=0644 - name: Copy reserved-alias.pl copy: src=usr/local/sbin/reserved-alias.pl dest=/usr/local/sbin/reserved-alias.pl owner=root group=root mode=0755 +- meta: flush_handlers + - name: Start Postfix service: name=postfix state=started - when: not r.changed - -- meta: flush_handlers diff --git a/roles/common/handlers/main.yml b/roles/common/handlers/main.yml index d20f7b6..13712fe 100644 --- a/roles/common/handlers/main.yml +++ b/roles/common/handlers/main.yml @@ -12,26 +12,25 @@ service: name=samhain state=reloaded - name: Update rkhunter's data file command: /usr/bin/rkhunter --propupd - name: Restart fail2ban service: name=fail2ban state=restarted - name: Reload networking # /etc/init.d/networking doesn't answer the status command; but since # it should be "up" whenever ansible has access to the machine, we use # pattern=init as a dummy assumption. service: name=networking pattern=init state=reloaded - name: Restart rsyslog service: name=rsyslog state=restarted - name: Restart ntp service: name=ntp state=restarted -# TODO: should be in a separate file, since it's used by other roles - name: Restart Postfix service: name=postfix state=restarted - name: Reload Postfix service: name=postfix state=reloaded diff --git a/roles/common/tasks/mail.yml b/roles/common/tasks/mail.yml index 3b2a41f..cbec8cf 100644 --- a/roles/common/tasks/mail.yml +++ b/roles/common/tasks/mail.yml @@ -15,51 +15,51 @@ - Restart Postfix - name: Link the dynamic maps & master.cf of each children to the master's # main.cf is specialized to each dedicated role, though file: src=../postfix/{{ item.1 }} dest=/etc/postfix-{{ postfix_instance[item.0].name }}/{{ item.1 }} owner=root group=root state=link force=yes register: r2 with_nested: - postfix_instance.keys() | intersect(group_names) | list - [ 'dynamicmaps.cf', 'master.cf' ] notify: - Restart Postfix - name: Configure Postfix (1) copy: src=etc/postfix/master.cf dest=/etc/postfix/master.cf owner=root group=root mode=0644 + register: r3 notify: - - Reload Postfix + - Restart Postfix - name: Configure Postfix (2) template: src=etc/postfix/main.cf.j2 dest=/etc/postfix/main.cf owner=root group=root mode=0644 - register: r3 notify: - - Restart Postfix + - Reload Postfix - name: Create directory /etc/postfix/ssl file: path=/etc/postfix/ssl state=directory owner=root group=root mode=0755 tags: - genkey - name: Generate a private key and a X.509 certificate for Postfix command: genkeypair.sh x509 --pubkey=/etc/postfix/ssl/{{ ansible_fqdn }}.pem --privkey=/etc/postfix/ssl/{{ ansible_fqdn }}.key --dns={{ ansible_fqdn }} -t ecdsa -b secp384r1 -h sha512 register: r4 changed_when: r4.rc == 0 failed_when: r4.rc > 1 tags: - genkey diff --git a/roles/lists/handlers/main.yml b/roles/lists/handlers/main.yml index 308f708..76084e4 100644 --- a/roles/lists/handlers/main.yml +++ b/roles/lists/handlers/main.yml @@ -1,9 +1,6 @@ --- -- name: Restart Postfix - service: name=postfix state=restarted - - name: Reload Postfix service: name=postfix state=reloaded - name: Restart Nginx service: name=nginx state=restarted diff --git a/roles/lists/tasks/mail.yml b/roles/lists/tasks/mail.yml index eb2fcc4..a08ff5c 100644 --- a/roles/lists/tasks/mail.yml +++ b/roles/lists/tasks/mail.yml @@ -1,35 +1,33 @@ - name: Install Postfix apt: pkg={{ item }} with_items: - postfix - postfix-ldap - name: Configure Postfix template: src=etc/postfix/main.cf.j2 dest=/etc/postfix-{{ postfix_instance[inst].name }}/main.cf owner=root group=root mode=0644 - register: r notify: - - Restart Postfix + - Reload Postfix - name: Create directory /etc/postfix-.../virtual file: path=/etc/postfix-{{ postfix_instance[inst].name }}/virtual state=directory owner=root group=root mode=0755 - name: Copy lookup tables copy: src=etc/postfix/virtual/{{ item }} dest=/etc/postfix-{{ postfix_instance[inst].name }}/virtual/{{ item }} owner=root group=root mode=0644 with_items: - mailbox_domains.cf - transport_list.cf +- meta: flush_handlers + - name: Start Postfix service: name=postfix state=started - when: not r.changed - -- meta: flush_handlers diff --git a/roles/out/handlers/main.yml b/roles/out/handlers/main.yml index 21c736a..0482a49 100644 --- a/roles/out/handlers/main.yml +++ b/roles/out/handlers/main.yml @@ -1,9 +1,6 @@ --- - name: Restart Postgrey service: name=postgrey state=restarted -- name: Restart Postfix - service: name=postfix state=restarted - - name: Reload Postfix service: name=postfix state=reloaded diff --git a/roles/out/tasks/main.yml b/roles/out/tasks/main.yml index 69d9ead..68f438f 100644 --- a/roles/out/tasks/main.yml +++ b/roles/out/tasks/main.yml @@ -1,36 +1,34 @@ - name: Install Postfix apt: pkg=postfix - name: Configure Postfix template: src=etc/postfix/main.cf.j2 dest=/etc/postfix-{{ postfix_instance[inst].name }}/main.cf owner=root group=root mode=0644 - register: r notify: - - Restart Postfix + - Reload Postfix - name: Build the Postfix relay clientcerts map sudo: False # smtpd_tls_fingerprint_digest MUST be sha256! local_action: shell openssl x509 -in certs/postfix/{{ item }}.pem -noout -fingerprint -sha256 | sed -nr 's/^.*=(.*)/\1 {{ item }}/p' with_items: groups.all | difference([inventory_hostname]) | sort register: relay_clientcerts changed_when: False - name: Copy the Postfix relay clientcerts map template: src=etc/postfix/relay_clientcerts.j2 dest=/etc/postfix-{{ postfix_instance[inst].name }}/relay_clientcerts owner=root group=root mode=0644 - name: Compile the Postfix relay clientcerts map postmap: cmd=postmap src=/etc/postfix-{{ postfix_instance[inst].name }}/relay_clientcerts db=cdb owner=root group=root mode=0644 +- meta: flush_handlers + - name: Start Postfix service: name=postfix state=started - when: not r.changed - -- meta: flush_handlers diff --git a/roles/webmail/handlers/main.yml b/roles/webmail/handlers/main.yml index 308f708..76084e4 100644 --- a/roles/webmail/handlers/main.yml +++ b/roles/webmail/handlers/main.yml @@ -1,9 +1,6 @@ --- -- name: Restart Postfix - service: name=postfix state=restarted - - name: Reload Postfix service: name=postfix state=reloaded - name: Restart Nginx service: name=nginx state=restarted diff --git a/roles/webmail/tasks/mail.yml b/roles/webmail/tasks/mail.yml index 4bf4363..e2dea38 100644 --- a/roles/webmail/tasks/mail.yml +++ b/roles/webmail/tasks/mail.yml @@ -1,17 +1,15 @@ - name: Install Postfix apt: pkg=postfix - name: Configure Postfix template: src=etc/postfix/main.cf.j2 dest=/etc/postfix-{{ postfix_instance[inst].name }}/main.cf owner=root group=root mode=0644 - register: r notify: - - Restart Postfix + - Reload Postfix + +- meta: flush_handlers - name: Start Postfix service: name=postfix state=started - when: not r.changed - -- meta: flush_handlers |