forked from ISTI-ansible-roles/ansible-roles
32 lines
1.3 KiB
YAML
32 lines
1.3 KiB
YAML
---
|
|
- name: Install a script that fix the letsencrypt certificates for openldap and then reload the service
|
|
copy: src=openldap-letsencrypt-acme.sh dest={{ letsencrypt_acme_services_scripts_dir }}/openldap owner=root group=root mode=4555
|
|
when:
|
|
- openldap_letsencrypt_managed
|
|
- letsencrypt_acme_install
|
|
register: openldap_letsencrypt_hook
|
|
tags: [ 'ldap_server', 'ldap', 'ldap_conf', 'letsencrypt' ]
|
|
|
|
- name: Copy the SSL ldif on the ldap server
|
|
copy: src=olcSSL.ldif dest=/etc/ldap/schema/olcSSL.ldif
|
|
when:
|
|
- openldap_letsencrypt_managed
|
|
- letsencrypt_acme_install
|
|
tags: [ 'ldap_server', 'ldap', 'ldap_conf', 'letsencrypt' ]
|
|
|
|
- name: Run the letsencrypt hook una tantum to create the correct environment
|
|
shell: '{{ letsencrypt_acme_services_scripts_dir }}/openldap'
|
|
when: openldap_letsencrypt_hook is changed
|
|
tags: [ 'ldap_server', 'ldap', 'ldap_conf', 'letsencrypt' ]
|
|
|
|
- name: Enable the openldap ssl configuration
|
|
shell: ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/olcSSL.ldif ; touch /etc/ldap/schema/.olcSSL.ldif.installed
|
|
args:
|
|
creates: /etc/ldap/schema/.olcSSL.ldif.installed
|
|
notify: Restart openldap
|
|
when:
|
|
- openldap_letsencrypt_managed
|
|
- letsencrypt_acme_install
|
|
tags: [ 'ldap_server', 'ldap', 'ldap_conf', 'letsencrypt' ]
|
|
|