Files
@ 8d272d91d3d2
Branch filter:
Location: majic-ansible-roles/roles/common/handlers/main.yml - annotation
8d272d91d3d2
1002 B
text/x-yaml
MAR-165: Deploy Diffie-Helman parameters for LDAP server in the ldap_server role:
- Not relevant for Debian Strech because of a bug in the OpenLDAP
version it ships with.
- This should allow use of DHE ciphers with LDAP server.
- Generated DH parameters only help pick one of the parameters from
RFC-7919 (based on the size of generated ones).
- Make the cipher test lists distro-specific due to differences
between supported algorithms in respective GnuTLS versions.
- Not relevant for Debian Strech because of a bug in the OpenLDAP
version it ships with.
- This should allow use of DHE ciphers with LDAP server.
- Generated DH parameters only help pick one of the parameters from
RFC-7919 (based on the size of generated ones).
- Make the cipher test lists distro-specific due to differences
between supported algorithms in respective GnuTLS versions.
626eadba53b7 626eadba53b7 605cdbaf9717 945973223a21 945973223a21 945973223a21 945973223a21 605cdbaf9717 626eadba53b7 626eadba53b7 2d0a09dc0e00 2d0a09dc0e00 2d0a09dc0e00 76ed37089b33 605cdbaf9717 945973223a21 945973223a21 945973223a21 945973223a21 605cdbaf9717 6d38fef46832 941f4f372672 2d0a09dc0e00 2d0a09dc0e00 2d0a09dc0e00 467a66f3ec65 467a66f3ec65 3a02e5b774b2 3a02e5b774b2 5bc6b7fb4cb5 5bc6b7fb4cb5 5bc6b7fb4cb5 5bc6b7fb4cb5 5bc6b7fb4cb5 c254c806349c | ---
- name: Update PAM configuration # noqa 301
# [301] Commands should not change things if nothing needs doing
# This task is invoked only if user is very specific about requiring to
# run the handlers manually as a way to bring the system to consistency
# after interrupted runs.
command: "/usr/sbin/pam-auth-update --package"
- name: Restart SSH
service:
name: ssh
state: restarted
- name: Update CA certificate cache # noqa 301
# [301] Commands should not change things if nothing needs doing
# This task is invoked only if user is very specific about requiring to
# run the handlers manually as a way to bring the system to consistency
# after interrupted runs.
command: "/usr/sbin/update-ca-certificates --fresh"
- name: Restart ferm
service:
name: ferm
state: restarted
- name: Reload systemd
systemd:
daemon_reload: true
- name: Restart NTP server
service:
name: ntp
state: restarted
when: ntp_servers | length > 0
|