Files
@ 8d272d91d3d2
Branch filter:
Location: majic-ansible-roles/roles/common/molecule/default/playbook.yml - annotation
8d272d91d3d2
2.0 KiB
text/x-yaml
MAR-165: Deploy Diffie-Helman parameters for LDAP server in the ldap_server role:
- Not relevant for Debian Strech because of a bug in the OpenLDAP
version it ships with.
- This should allow use of DHE ciphers with LDAP server.
- Generated DH parameters only help pick one of the parameters from
RFC-7919 (based on the size of generated ones).
- Make the cipher test lists distro-specific due to differences
between supported algorithms in respective GnuTLS versions.
- Not relevant for Debian Strech because of a bug in the OpenLDAP
version it ships with.
- This should allow use of DHE ciphers with LDAP server.
- Generated DH parameters only help pick one of the parameters from
RFC-7919 (based on the size of generated ones).
- Make the cipher test lists distro-specific due to differences
between supported algorithms in respective GnuTLS versions.
2006d7eebe25 2006d7eebe25 6b8b1d4c9061 6b8b1d4c9061 2006d7eebe25 6b8b1d4c9061 a451a3cf2b41 a451a3cf2b41 a451a3cf2b41 a451a3cf2b41 a451a3cf2b41 a451a3cf2b41 a451a3cf2b41 a451a3cf2b41 a451a3cf2b41 a451a3cf2b41 a451a3cf2b41 a451a3cf2b41 a451a3cf2b41 a451a3cf2b41 a451a3cf2b41 a451a3cf2b41 a451a3cf2b41 a451a3cf2b41 a451a3cf2b41 a451a3cf2b41 a451a3cf2b41 a451a3cf2b41 a451a3cf2b41 a451a3cf2b41 a451a3cf2b41 a451a3cf2b41 a451a3cf2b41 a451a3cf2b41 a451a3cf2b41 a451a3cf2b41 a451a3cf2b41 a451a3cf2b41 a451a3cf2b41 a451a3cf2b41 a451a3cf2b41 a451a3cf2b41 a451a3cf2b41 13816868d19b 13816868d19b 13816868d19b 13816868d19b 13816868d19b 13816868d19b 13816868d19b 13816868d19b 13816868d19b 13816868d19b 13816868d19b 13816868d19b 13816868d19b b4e985d581cf b4e985d581cf b4e985d581cf b4e985d581cf b4e985d581cf b4e985d581cf b4e985d581cf b4e985d581cf b4e985d581cf | ---
- hosts: parameters-mandatory,parameters-optional
become: true
roles:
- common
- hosts: parameters-mandatory,parameters-optional
become: true
tasks:
- name: Set-up directories for testing pip requirements upgrade checks script
file:
path: "{{ item }}"
state: directory
owner: root
group: pipreqcheck
mode: 0750
with_items:
- "/tmp/pip_check_requirements_upgrades"
- "/tmp/pip_check_requirements_upgrades/with_updates"
- "/tmp/pip_check_requirements_upgrades/without_updates"
- "/tmp/pip_check_requirements_upgrades-py3"
- "/tmp/pip_check_requirements_upgrades-py3/with_updates"
- "/tmp/pip_check_requirements_upgrades-py3/without_updates"
- name: Deploy files for testing pip requirements upgrade checks script
copy:
src: "{{ item }}"
dest: "/tmp/{{ item }}"
owner: root
group: pipreqcheck
mode: 0640
directory_mode: 0750
with_items:
- "pip_check_requirements_upgrades/with_updates/requirements.in"
- "pip_check_requirements_upgrades/with_updates/requirements.txt"
- "pip_check_requirements_upgrades/without_updates/requirements.in"
- "pip_check_requirements_upgrades/without_updates/requirements.txt"
- "pip_check_requirements_upgrades-py3/with_updates/requirements.in"
- "pip_check_requirements_upgrades-py3/with_updates/requirements.txt"
- "pip_check_requirements_upgrades-py3/without_updates/requirements.in"
- "pip_check_requirements_upgrades-py3/without_updates/requirements.txt"
- name: Install web server for testing connectivity
apt:
name: nginx
state: present
- name: Deploy firewall configuration file for the web server
copy:
src: ferm_http.conf
dest: /etc/ferm/conf.d/99-http.conf
owner: root
group: root
mode: 0640
notify:
- Restart ferm
handlers:
- name: Restart ferm
service:
name: ferm
state: restarted
|