Files
@ 8d272d91d3d2
Branch filter:
Location: majic-ansible-roles/roles/database/molecule/default/prepare.yml - annotation
8d272d91d3d2
896 B
text/x-yaml
MAR-165: Deploy Diffie-Helman parameters for LDAP server in the ldap_server role:
- Not relevant for Debian Strech because of a bug in the OpenLDAP
version it ships with.
- This should allow use of DHE ciphers with LDAP server.
- Generated DH parameters only help pick one of the parameters from
RFC-7919 (based on the size of generated ones).
- Make the cipher test lists distro-specific due to differences
between supported algorithms in respective GnuTLS versions.
- Not relevant for Debian Strech because of a bug in the OpenLDAP
version it ships with.
- This should allow use of DHE ciphers with LDAP server.
- Generated DH parameters only help pick one of the parameters from
RFC-7919 (based on the size of generated ones).
- Make the cipher test lists distro-specific due to differences
between supported algorithms in respective GnuTLS versions.
8278ff584984 8278ff584984 8278ff584984 8278ff584984 fdba88395073 8278ff584984 8278ff584984 e75d5d4fba3b fdba88395073 fdba88395073 8278ff584984 8278ff584984 fdba88395073 8278ff584984 8278ff584984 8278ff584984 8278ff584984 fdba88395073 fdba88395073 8278ff584984 fdba88395073 fdba88395073 8278ff584984 8278ff584984 8278ff584984 8278ff584984 8278ff584984 8278ff584984 8278ff584984 8278ff584984 8278ff584984 8278ff584984 | ---
- name: Prepare
hosts: all
gather_facts: false
tasks:
- name: Install python for Ansible
raw: test -e /usr/bin/python3 || (apt -y update && apt install -y python3-minimal)
become: true
changed_when: false
- hosts: all
become: true
tasks:
- name: Update all caches to avoid errors due to missing remote archives
apt:
update_cache: true
changed_when: false
- hosts: backup-server
become: true
roles:
- role: backup_server
backup_host_ssh_private_keys:
rsa: "{{ lookup('file', 'tests/data/ssh/server_rsa') }}"
ed25519: "{{ lookup('file', 'tests/data/ssh/server_ed25519') }}"
ecdsa: "{{ lookup('file', 'tests/data/ssh/server_ecdsa') }}"
backup_clients:
- server: localhost
ip: 127.0.0.1
public_key: "{{ lookup('file', 'tests/data/ssh/parameters-optional.pub') }}"
|