mariadb.yml aktualisiert

mariadb.yml

@@ -61,25 +61,32 @@
         marker: "# {mark} ANSIBLE MANAGED BLOCK"
         block: |
           cd /home/docker/mariadb.{{inventory_hostname}}
-
+          
           [ -d ssl ] && rm -r ssl
           mkdir ssl
           cd ssl
           
-          openssl genrsa 4096 > ca-key.pem
-          openssl req -new -x509 -nodes -days 109500 -key ca-key.pem -subj "/C=MD/ST=mariadb/L=mariadb/O=DB/CN=mariadb.{{inventory_hostname}}" > ca-cert.pem
-
-          openssl req -newkey rsa:4096 -days 109500 -nodes -keyout server-key-pkcs8.pem  -subj "/C=MD/ST=mariadb/L=mariadb/O=DB/CN=mariadb.{{inventory_hostname}}" > server-req.pem
-          openssl rsa -in server-key-pkcs8.pem -out server-key.pem
-          openssl x509 -req -in server-req.pem -days 109500 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > server-cert.pem
-
-          openssl req -newkey rsa:4096 -days 109500 -nodes -keyout client-key-pkcs8.pem -subj "/C=MD/ST=mariadb/L=mariadb/O=DB/CN=mariadb.{{inventory_hostname}}" > client-req.pem
-          openssl rsa -in client-key-pkcs8.pem -out client-key.pem
-          openssl x509 -req -in client-req.pem -days 109500 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > client-cert.pem
-
+          # take letsencrypt-certs from traefik
+          cat /home/docker/traefik/letsencrypt/acme.json  | jq -r ".letsencrypt.Certificates[] | select(.domain.main==\"mail.{{inventory_hostname}}\") | .key" | base64 -d >/home/docker/mailcow-dockerized/data/assets/ssl/server-key.pem
+          cat /home/docker/traefik/letsencrypt/acme.json  | jq -r ".letsencrypt.Certifcates[] | select(.domain.main==\"mail.{{inventory_hostname}}\") | .certificate" | base64 -d >/home/docker/mailcow-dockerized/data/assets/ssl/server-cert.pem
+          docker restart $(docker ps -qaf name=postfix-mailcow)
+          docker restart $(docker ps -qaf name=dovecot-mailcow)          
+          
           chmod 400 *.pem
-          chown 999 *.pem
-
+          chown 999 *.pem   
+          #openssl genrsa 4096 > ca-key.pem
+          #openssl req -new -x509 -nodes -days 109500 -key ca-key.pem -subj "/C=MD/ST=mariadb/L=mariadb/O=DB/CN=mariadb.{{inventory_hostname}}" > ca-cert.pem
+          #
+          #openssl req -newkey rsa:4096 -days 109500 -nodes -keyout server-key-pkcs8.pem  -subj "/C=MD/ST=mariadb/L=mariadb/O=DB/CN=mariadb.{{inventory_hostname}}" > server-req.pem
+          #openssl rsa -in server-key-pkcs8.pem -out server-key.pem
+          #openssl x509 -req -in server-req.pem -days 109500 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > server-cert.pem
+          #
+          #openssl req -newkey rsa:4096 -days 109500 -nodes -keyout client-key-pkcs8.pem -subj "/C=MD/ST=mariadb/L=mariadb/O=DB/CN=mariadb.{{inventory_hostname}}" > client-req.pem
+          #openssl rsa -in client-key-pkcs8.pem -out client-key.pem
+          #openssl x509 -req -in client-req.pem -days 109500 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > client-cert.pem
+          #
+          #chmod 400 *.pem
+          #chown 999 *.pem
         backup: yes
         validate: /bin/bash -n %s
 
@@ -106,7 +113,7 @@
         block: |
           [mariadbd]
           ssl=1
-          ssl-ca=/etc/mysql/ca-cert.pem
+          #ssl-ca=/etc/mysql/ca-cert.pem
           ssl-cert=/etc/mysql/server-cert.pem
           ssl-key=/etc/mysql/server-key.pem
         backup: yes
@@ -125,11 +132,11 @@
           // Use SSL for connection
           $cfg['Servers'][$i]['ssl'] = true;
           // Client secret key
-          $cfg['Servers'][$i]['ssl_key'] = '/etc/phpmyadmin/client-key.pem';
+          //$cfg['Servers'][$i]['ssl_key'] = '/etc/phpmyadmin/client-key.pem';
           // Client certificate
-          $cfg['Servers'][$i]['ssl_cert'] = '/etc/phpmyadmin/client-cert.pem';
+          //$cfg['Servers'][$i]['ssl_cert'] = '/etc/phpmyadmin/client-cert.pem';
           // Server certification authority
-          $cfg['Servers'][$i]['ssl_ca'] = '/etc/phpmyadmin/ca-cert.pem';
+          //$cfg['Servers'][$i]['ssl_ca'] = '/etc/phpmyadmin/ca-cert.pem';
           // Disable SSL verification
           //$cfg['Servers'][$i]['ssl_verify'] = false;
         backup: yes
@@ -158,7 +165,7 @@
                 - /etc/localtime:/etc/localtime:ro
                 - /home/docker/_defaults/mariadb/99-server.cnf:/etc/mysql/mariadb.conf.d/99-server.cnf:ro
                 - ./ssl.cnf:/etc/mysql/mariadb.conf.d/99-ssl.cnf:ro
-                - ./ssl/ca-cert.pem:/etc/mysql/ca-cert.pem:ro
+                #- ./ssl/ca-cert.pem:/etc/mysql/ca-cert.pem:ro
                 - ./ssl/server-cert.pem:/etc/mysql/server-cert.pem:ro
                 - ./ssl/server-key.pem:/etc/mysql/server-key.pem:ro
               env_file:
@@ -177,9 +184,9 @@
               volumes:
                 - /etc/localtime:/etc/localtime:ro
                 - ./phpmyadmin-config.user.inc.php:/etc/phpmyadmin/config.user.inc.php:ro
-                - ./ssl/ca-cert.pem:/etc/phpmyadmin/ca-cert.pem:ro
-                - ./ssl/client-cert.pem:/etc/phpmyadmin/client-cert.pem:ro
-                - ./ssl/client-key.pem:/etc/phpmyadmin/client-key.pem:ro
+                #- ./ssl/ca-cert.pem:/etc/phpmyadmin/ca-cert.pem:ro
+                #- ./ssl/client-cert.pem:/etc/phpmyadmin/client-cert.pem:ro
+                #- ./ssl/client-key.pem:/etc/phpmyadmin/client-key.pem:ro
               networks:
                 - mariadb.{{inventory_hostname}}--network
                 - traefik