forked from ISTI-ansible-roles/ansible-roles
Fix the letsencrypt hook for openldap
This commit is contained in:
parent
3cab0247bb
commit
7b0578c7d8
|
@ -4,19 +4,25 @@
|
||||||
when:
|
when:
|
||||||
- openldap_letsencrypt_managed
|
- openldap_letsencrypt_managed
|
||||||
- letsencrypt_acme_install
|
- letsencrypt_acme_install
|
||||||
|
register: openldap_letsencrypt_hook
|
||||||
tags: [ 'ldap_server', 'ldap', 'ldap_conf', 'letsencrypt' ]
|
tags: [ 'ldap_server', 'ldap', 'ldap_conf', 'letsencrypt' ]
|
||||||
|
|
||||||
- name: Copy the SSL ldif on the ldap server
|
- name: Copy the SSL ldif on the ldap server
|
||||||
copy: src=olcSSL.ldif dest=/etc/ldap/olcSSL.ldif
|
copy: src=olcSSL.ldif dest=/etc/ldap/schema/olcSSL.ldif
|
||||||
when:
|
when:
|
||||||
- openldap_letsencrypt_managed
|
- openldap_letsencrypt_managed
|
||||||
- letsencrypt_acme_install
|
- letsencrypt_acme_install
|
||||||
tags: [ 'ldap_server', 'ldap', 'ldap_conf', 'letsencrypt' ]
|
tags: [ 'ldap_server', 'ldap', 'ldap_conf', 'letsencrypt' ]
|
||||||
|
|
||||||
|
- name: Run the letsencrypt hook una tantum to create the correct environment
|
||||||
|
shell: '{{ letsencrypt_acme_services_scripts_dir }}/openldap'
|
||||||
|
when: openldap_letsencrypt_hook is changed
|
||||||
|
tags: [ 'ldap_server', 'ldap', 'ldap_conf', 'letsencrypt' ]
|
||||||
|
|
||||||
- name: Enable the openldap ssl configuration
|
- name: Enable the openldap ssl configuration
|
||||||
shell: ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f /etc/ldap/olcSSL.ldif ; touch /etc/ldap/.olcSSL.ldif.installed
|
shell: ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/olcSSL.ldif ; touch /etc/ldap/schema/.olcSSL.ldif.installed
|
||||||
args:
|
args:
|
||||||
creates: /etc/ldap/.olcSSL.ldif.installed
|
creates: /etc/ldap/schema/.olcSSL.ldif.installed
|
||||||
notify: Restart openldap
|
notify: Restart openldap
|
||||||
when:
|
when:
|
||||||
- openldap_letsencrypt_managed
|
- openldap_letsencrypt_managed
|
||||||
|
|
|
@ -1,7 +1,13 @@
|
||||||
---
|
---
|
||||||
- name: Install the apparmor additional configuration if we are going to use letsencrypt
|
- name: Install the apparmor additional configuration if we are going to use letsencrypt
|
||||||
copy: src=usr.sbin.slapd.apparmor dest=/etc/apparmor.d/local/usr.sbin.slapd force=yes
|
copy: src=usr.sbin.slapd.apparmor dest=/etc/apparmor.d/local/usr.sbin.slapd force=yes
|
||||||
|
register: slapd_apparmour
|
||||||
when: openldap_letsencrypt_managed
|
when: openldap_letsencrypt_managed
|
||||||
|
tags: [ 'ldap_server', 'ldap', 'ldap_conf' ]
|
||||||
|
|
||||||
|
- name: Restart apparmor
|
||||||
|
service: name=apparmor state=restarted
|
||||||
|
tags: [ 'ldap_server', 'ldap', 'ldap_conf' ]
|
||||||
|
|
||||||
- name: Create a basic configuration via debconf
|
- name: Create a basic configuration via debconf
|
||||||
debconf: name=slapd question='{{ item.question }}' value='{{ item.value }}' vtype='{{ item.vtype }}'
|
debconf: name=slapd question='{{ item.question }}' value='{{ item.value }}' vtype='{{ item.vtype }}'
|
||||||
|
|
Loading…
Reference in New Issue