Files
@ 8d272d91d3d2
Branch filter:
Location: majic-ansible-roles/testsite/group_vars/backup.yml - annotation
8d272d91d3d2
1.4 KiB
text/x-yaml
MAR-165: Deploy Diffie-Helman parameters for LDAP server in the ldap_server role:
- Not relevant for Debian Strech because of a bug in the OpenLDAP
version it ships with.
- This should allow use of DHE ciphers with LDAP server.
- Generated DH parameters only help pick one of the parameters from
RFC-7919 (based on the size of generated ones).
- Make the cipher test lists distro-specific due to differences
between supported algorithms in respective GnuTLS versions.
- Not relevant for Debian Strech because of a bug in the OpenLDAP
version it ships with.
- This should allow use of DHE ciphers with LDAP server.
- Generated DH parameters only help pick one of the parameters from
RFC-7919 (based on the size of generated ones).
- Make the cipher test lists distro-specific due to differences
between supported algorithms in respective GnuTLS versions.
500658358454 500658358454 500658358454 500658358454 500658358454 500658358454 500658358454 b56ccd5a92ee 500658358454 500658358454 3686169e9565 3686169e9565 a45dcc06530a 3686169e9565 3686169e9565 a45dcc06530a 881a85f08e22 881a85f08e22 881a85f08e22 dbc3381e1ff3 dbc3381e1ff3 dbc3381e1ff3 c161524058d5 c161524058d5 c161524058d5 24c957d877de 24c957d877de 24c957d877de 500658358454 500658358454 500658358454 500658358454 500658358454 | ---
local_mail_aliases:
root: "root john.doe@{{ testsite_domain }}"
smtp_relay_host: mail.{{ testsite_domain }}
smtp_relay_truststore: "{{ lookup('file', inventory_dir + '/tls/ca.pem') }}"
backup_clients:
- server: web.{{ testsite_domain }}
public_key: "{{ lookup('file', inventory_dir + '/ssh/web.' + testsite_domain + '.pub') }}"
ip: 10.32.64.18
- server: mail.{{ testsite_domain }}
public_key: "{{ lookup('file', inventory_dir + '/ssh/mail.' + testsite_domain + '.pub') }}"
ip: 10.32.64.15
- server: ldap.{{ testsite_domain }}
public_key: "{{ lookup('file', inventory_dir + '/ssh/ldap.' + testsite_domain + '.pub') }}"
ip: 10.32.64.12
- server: xmpp.{{ testsite_domain }}
public_key: "{{ lookup('file', inventory_dir + '/ssh/xmpp.' + testsite_domain + '.pub') }}"
ip: 10.32.64.16
- server: backup.{{ testsite_domain }}
public_key: "{{ lookup('file', inventory_dir + '/ssh/backup.' + testsite_domain + '.pub') }}"
ip: 127.0.0.1
- server: ws01.{{ testsite_domain }}
public_key: "{{ lookup('file', inventory_dir + '/ssh/ws01.' + testsite_domain + '.pub') }}"
ip: 10.32.64.22
backup_host_ssh_private_keys:
rsa: "{{ lookup('file', inventory_dir + '/ssh/backup_server_rsa_key') }}"
ed25519: "{{ lookup('file', inventory_dir + '/ssh/backup_server_ed25519_key') }}"
ecdsa: "{{ lookup('file', inventory_dir + '/ssh/backup_server_ecdsa_key') }}"
|