Files
@ 8d272d91d3d2
Branch filter:
Location: majic-ansible-roles/roles/backup_client/handlers/main.yml - annotation
8d272d91d3d2
1.2 KiB
text/x-yaml
MAR-165: Deploy Diffie-Helman parameters for LDAP server in the ldap_server role:
- Not relevant for Debian Strech because of a bug in the OpenLDAP
version it ships with.
- This should allow use of DHE ciphers with LDAP server.
- Generated DH parameters only help pick one of the parameters from
RFC-7919 (based on the size of generated ones).
- Make the cipher test lists distro-specific due to differences
between supported algorithms in respective GnuTLS versions.
- Not relevant for Debian Strech because of a bug in the OpenLDAP
version it ships with.
- This should allow use of DHE ciphers with LDAP server.
- Generated DH parameters only help pick one of the parameters from
RFC-7919 (based on the size of generated ones).
- Make the cipher test lists distro-specific due to differences
between supported algorithms in respective GnuTLS versions.
a45dcc06530a a45dcc06530a 75810ce2ad3d 75810ce2ad3d 605cdbaf9717 945973223a21 945973223a21 945973223a21 945973223a21 605cdbaf9717 0848aea59392 0848aea59392 0848aea59392 0848aea59392 0848aea59392 0848aea59392 0848aea59392 0848aea59392 0848aea59392 0848aea59392 a45dcc06530a 605cdbaf9717 945973223a21 945973223a21 945973223a21 945973223a21 605cdbaf9717 d61d01c00362 d61d01c00362 364c0adf308e 1ac4be13293b | ---
# @TODO: Can't use file module, since one of the files (GnuPG socket)
# seems to disappear in middle of operation).
- name: Remove current keyring # noqa 301
# [301] Commands should not change things if nothing needs doing
# This task is invoked only if user is very specific about requiring to
# run the handlers manually as a way to bring the system to consistency
# after interrupted runs.
command: "rm -rf /etc/duply/main/gnupg"
args:
warn: false
- name: Create keyring directory
file:
path: "/etc/duply/main/gnupg"
state: directory
owner: root
group: root
mode: 0700
- name: Import private keys # noqa 301
# [301] Commands should not change things if nothing needs doing
# This task is invoked only if user is very specific about requiring to
# run the handlers manually as a way to bring the system to consistency
# after interrupted runs.
command: "gpg --no-tty --homedir /etc/duply/main/gnupg --import /etc/duply/main/private_keys.asc"
- name: Import public keys
command: "gpg --no-tty --homedir /etc/duply/main/gnupg --import /etc/duply/main/public_keys.asc"
when: backup_additional_encryption_keys | length > 0
|