Files
@ 8d272d91d3d2
Branch filter:
Location: majic-ansible-roles/roles/xmpp_server/molecule/default/group_vars/parameters-optional.yml - annotation
8d272d91d3d2
1.4 KiB
text/x-yaml
MAR-165: Deploy Diffie-Helman parameters for LDAP server in the ldap_server role:
- Not relevant for Debian Strech because of a bug in the OpenLDAP
version it ships with.
- This should allow use of DHE ciphers with LDAP server.
- Generated DH parameters only help pick one of the parameters from
RFC-7919 (based on the size of generated ones).
- Make the cipher test lists distro-specific due to differences
between supported algorithms in respective GnuTLS versions.
- Not relevant for Debian Strech because of a bug in the OpenLDAP
version it ships with.
- This should allow use of DHE ciphers with LDAP server.
- Generated DH parameters only help pick one of the parameters from
RFC-7919 (based on the size of generated ones).
- Make the cipher test lists distro-specific due to differences
between supported algorithms in respective GnuTLS versions.
2ada86e90026 2ada86e90026 2ada86e90026 2ada86e90026 2ada86e90026 2ada86e90026 2ada86e90026 2ada86e90026 2ada86e90026 2ada86e90026 2ada86e90026 52c4a4001c46 c95f61f32b67 87f4f8572370 87f4f8572370 52c4a4001c46 52c4a4001c46 52c4a4001c46 52c4a4001c46 2ada86e90026 2ada86e90026 2ada86e90026 87f4f8572370 2ada86e90026 2ada86e90026 2ada86e90026 ceb51ff23ae3 2ada86e90026 2ada86e90026 2ada86e90026 2ada86e90026 2ada86e90026 2ada86e90026 2ada86e90026 | ---
xmpp_administrators:
- jane.doe@domain2
- mick.doe@domain3
xmpp_domains:
- domain2
- domain3
xmpp_ldap_base_dn: dc=local
xmpp_ldap_password: prosodypassword
xmpp_ldap_server: ldap-server
xmpp_prosody_package: prosody-0.10
xmpp_server_archive_expiration: "1w"
xmpp_tls_certificate: "{{ lookup('file', 'tests/data/x509/server/{{ inventory_hostname }}_xmpp.cert.pem') }}"
xmpp_tls_key: "{{ lookup('file', 'tests/data/x509/server/{{ inventory_hostname }}_xmpp.key.pem') }}"
xmpp_server_tls_protocol: "tlsv1+"
xmpp_server_tls_ciphers: "DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-GCM-SHA384:\
DHE-RSA-AES256-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-GCM-SHA384:\
ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:!aNULL:!MD5:!EXPORT"
# common
ca_certificates:
testca: "{{ lookup('file', 'tests/data/x509/ca/level1.cert.pem') }}"
# backup_client
enable_backup: true
backup_client_username: "bak-parameters-optional-{{ ansible_distribution_release }}"
backup_encryption_key: "{{ lookup('file', 'tests/data/gnupg/parameters-optional.asc') }}"
backup_server: backup-server
backup_server_host_ssh_public_keys:
- "{{ lookup('file', 'tests/data/ssh/server_rsa.pub') }}"
- "{{ lookup('file', 'tests/data/ssh/server_ed25519.pub') }}"
- "{{ lookup('file', 'tests/data/ssh/server_ecdsa.pub') }}"
backup_ssh_key: "{{ lookup('file', 'tests/data/ssh/parameters-optional' ) }}"
|