diff --git a/docs/rolereference.rst b/docs/rolereference.rst index 8fb593525d6515ae58a4d122623cbe369a593535..93630c1e0dde242c1258747ca74bd08caed8e52c 100644 --- a/docs/rolereference.rst +++ b/docs/rolereference.rst @@ -524,10 +524,10 @@ Here is an example configuration for setting-up LDAP server: sn: Doe -Prosody -------- +XMPP Server +----------- -The ``prosody`` role can be used for setting-up Prosody, an XMPP server, on +The ``xmpp_server`` role can be used for setting-up Prosody, an XMPP server, on destination machine. The role implements the following: @@ -557,50 +557,50 @@ Prosody is configured as follows: Parameters ~~~~~~~~~~ -**prosody_administrators** (list, mandatory) +**xmpp_administrators** (list, mandatory) List of Prosody users that should be granted administrator privileges over Prosody. Each item is a string with value equal to XMPP user ID (i.e. ``john.doe@example.com``). -**prosody_tls_key** (string, mandatory) +**xmpp_tls_key** (string, mandatory) Path to file on Ansible host that contains the private key used for TLS for XMPP service. The file will be copied to directory ``/etc/ssl/private/``. -**prosody_tls_certificate** (string, mandatory) +**xmpp_tls_certificate** (string, mandatory) Path to file on Ansible host that contains the X.509 certificate used for TLS for SMTP service. The file will be copied to directory ``/etc/ssl/certs/``. -**prosody_domains** (list, mandatory) +**xmpp_domains** (list, mandatory) List of domains that are served by this Prosody instance. Each item is a string specifying a domain. -**prosody_ldap_server** (string, mandatory) +**xmpp_ldap_server** (string, mandatory) Fully qualified domain name, hostname, or IP address of the LDAP server used for user authentication and listing. -**prosody_ldap_bind_dn** (string, mandatory) +**xmpp_ldap_bind_dn** (string, mandatory) Distinguished name of LDAP user used for authenticating to the LDAP server. This user is used for looking-up the users available on the server. Users themselves authenticate via their own account. -**prosody_ldap_password** (string, mandatory) +**xmpp_ldap_password** (string, mandatory) Password used for authenticating to the LDAP server. -**prosody_ldap_filter** (string, mandatory) +**xmpp_ldap_filter** (string, mandatory) LDAP filter used for obtaining a list of users available on the Prosody server. Two special strings can be used for specifying the user and domain, ``$user``, and ``$host`` within. These will be replaced with real values in the filter every time a user is looked-up. -**prosody_ldap_scope** (string, mandatory) +**xmpp_ldap_scope** (string, mandatory) Scope for performing the LDAP search for obtaining a list of users available on the Prosody server. -**prosody_ldap_tls** (boolean, mandatory) +**xmpp_ldap_tls** (boolean, mandatory) Specifies whether to use STARTTLS extension when connecting to the LDAP server or not. -**prosody_ldap_base** (string, mandatory) +**xmpp_ldap_base** (string, mandatory) Base DN under which the lists of users available on the Prosody should be looked-up. @@ -614,23 +614,23 @@ Here is an example configuration for setting-up XMPP server using Prosody: --- - prosody_administrators: + xmpp_administrators: - john.doe@example.com # These are default key and certificate that generated during Prosody # installation. - prosody_tls_key: /etc/prosody/certs/localhost.key - prosody_tls_certificate: /etc/prosody/certs/localhost.crt - prosody_domains: + xmpp_tls_key: /etc/prosody/certs/localhost.key + xmpp_tls_certificate: /etc/prosody/certs/localhost.crt + xmpp_domains: - example.com - prosody_ldap_server: ldap.example.com - prosody_ldap_bind_dn: cn=xmpp,ou=services,dc=example,dc=com - prosody_ldap_password: xmpp + xmpp_ldap_server: ldap.example.com + xmpp_ldap_bind_dn: cn=xmpp,ou=services,dc=example,dc=com + xmpp_ldap_password: xmpp # This would require that the memberof overlay is available on LDAP server # side. - prosody_ldap_filter: '(&(memberOf=cn=xmpp,ou=groups,dc=example,dc=com)(mail=$user@$host))' - prosody_ldap_scope: "onelevel" - prosody_ldap_tls: "true" - prosody_ldap_base: "ou=people,dc=example,dc=com" + xmpp_ldap_filter: '(&(memberOf=cn=xmpp,ou=groups,dc=example,dc=com)(mail=$user@$host))' + xmpp_ldap_scope: "onelevel" + xmpp_ldap_tls: "true" + xmpp_ldap_base: "ou=people,dc=example,dc=com" Mail Server diff --git a/roles/prosody/files/ferm_xmpp.conf b/roles/xmpp_server/files/ferm_xmpp.conf similarity index 100% rename from roles/prosody/files/ferm_xmpp.conf rename to roles/xmpp_server/files/ferm_xmpp.conf diff --git a/roles/prosody/files/prosody-debian-packages.gpg b/roles/xmpp_server/files/prosody-debian-packages.gpg similarity index 100% rename from roles/prosody/files/prosody-debian-packages.gpg rename to roles/xmpp_server/files/prosody-debian-packages.gpg diff --git a/roles/prosody/handlers/main.yml b/roles/xmpp_server/handlers/main.yml similarity index 100% rename from roles/prosody/handlers/main.yml rename to roles/xmpp_server/handlers/main.yml diff --git a/roles/prosody/tasks/main.yml b/roles/xmpp_server/tasks/main.yml similarity index 89% rename from roles/prosody/tasks/main.yml rename to roles/xmpp_server/tasks/main.yml index 088dacdfb1f4e5a0dc83b976c5b7477a0a04db45..4fe0e973f8d2faac606cba96e7fe2fe50e0a0176 100644 --- a/roles/prosody/tasks/main.yml +++ b/roles/xmpp_server/tasks/main.yml @@ -24,13 +24,13 @@ user: name=prosody append=yes groups=ssl-cert - name: Deploy XMPP TLS private key - copy: dest="/etc/ssl/private/{{ prosody_tls_key | basename }}" src="{{ prosody_tls_key }}" + copy: dest="/etc/ssl/private/{{ xmpp_tls_key | basename }}" src="{{ xmpp_tls_key }}" mode=640 owner=root group=prosody notify: - Restart Prosody - name: Deploy XMPP TLS certificate - copy: dest="/etc/ssl/certs/{{ prosody_tls_certificate | basename }}" src="{{ prosody_tls_certificate }}" + copy: dest="/etc/ssl/certs/{{ xmpp_tls_certificate | basename }}" src="{{ xmpp_tls_certificate }}" mode=644 owner=root group=root notify: - Restart Prosody diff --git a/roles/prosody/templates/prosody.cfg.lua.j2 b/roles/xmpp_server/templates/prosody.cfg.lua.j2 similarity index 82% rename from roles/prosody/templates/prosody.cfg.lua.j2 rename to roles/xmpp_server/templates/prosody.cfg.lua.j2 index 71ff87b64761292895a95365be6dabdb73787644..75789744a6ea5e4983d51c5f2960a9c91ce22a53 100644 --- a/roles/prosody/templates/prosody.cfg.lua.j2 +++ b/roles/xmpp_server/templates/prosody.cfg.lua.j2 @@ -2,7 +2,7 @@ plugin_paths = { "/usr/local/lib/prosody/modules/" } -- List of server administrators. -admins = { {% for admin in prosody_administrators %}"{{ admin }}", {% endfor %} } +admins = { {% for admin in xmpp_administrators %}"{{ admin }}", {% endfor %} } -- List of modules to load on startup. modules_enabled = { @@ -42,8 +42,8 @@ allow_registration = false; -- These are the SSL/TLS-related settings. If you don't want -- to use SSL/TLS, you may comment or remove this ssl = { - key = "/etc/ssl/private/{{ prosody_tls_key | basename }}"; - certificate = "/etc/ssl/certs/{{ prosody_tls_certificate | basename }}"; + key = "/etc/ssl/private/{{ xmpp_tls_key | basename }}"; + certificate = "/etc/ssl/certs/{{ xmpp_tls_certificate | basename }}"; } -- Ports on which to have direct TLS/SSL. @@ -60,13 +60,13 @@ pidfile = "/var/run/prosody/prosody.pid" -- Authentication backend. authentication = "ldap" -ldap_server = "{{ prosody_ldap_server }}" -ldap_rootdn = "{{ prosody_ldap_bind_dn }}" -ldap_password = "{{ prosody_ldap_password }}" -ldap_filter = "{{ prosody_ldap_filter }}" -ldap_scope = "{{ prosody_ldap_scope }}" -ldap_tls = {{ prosody_ldap_tls }} -ldap_base = "{{ prosody_ldap_base }}" +ldap_server = "{{ xmpp_ldap_server }}" +ldap_rootdn = "{{ xmpp_ldap_bind_dn }}" +ldap_password = "{{ xmpp_ldap_password }}" +ldap_filter = "{{ xmpp_ldap_filter }}" +ldap_scope = "{{ xmpp_ldap_scope }}" +ldap_tls = {{ xmpp_ldap_tls }} +ldap_base = "{{ xmpp_ldap_base }}" -- Storage backend. storage = "internal" @@ -80,7 +80,7 @@ log = { -- Domains which should be handled by Prosody, with dedicated MUC and file -- proxying components. -{% for domain in prosody_domains -%} +{% for domain in xmpp_domains -%} VirtualHost "{{ domain }}" Component "conference.{{ domain }}" "muc" restrict_room_creation = "local" diff --git a/testsite/group_vars/xmpp.yml b/testsite/group_vars/xmpp.yml index 139f30977db7bd7271464af4c9df3539b1b8eb22..cbb87bc66511704a3c82f53be9c9d7ec853fb99d 100644 --- a/testsite/group_vars/xmpp.yml +++ b/testsite/group_vars/xmpp.yml @@ -21,26 +21,26 @@ smtp_relay_host: mail.{{ testsite_domain }} smtp_relay_truststore: /etc/ssl/certs/ca.pem -prosody_administrators: +xmpp_administrators: - john.doe@{{ testsite_domain }} -prosody_tls_key: "{{ inventory_dir }}/tls/xmpp.{{ testsite_domain }}_xmpp.key" +xmpp_tls_key: "{{ inventory_dir }}/tls/xmpp.{{ testsite_domain }}_xmpp.key" -prosody_tls_certificate: "{{ inventory_dir }}/tls/xmpp.{{ testsite_domain }}_xmpp.pem" +xmpp_tls_certificate: "{{ inventory_dir }}/tls/xmpp.{{ testsite_domain }}_xmpp.pem" -prosody_domains: +xmpp_domains: - "{{ testsite_domain }}" -prosody_ldap_server: ldap.{{ testsite_domain }} +xmpp_ldap_server: ldap.{{ testsite_domain }} -prosody_ldap_bind_dn: cn=xmpp,ou=services,{{ testsite_ldap_base }} +xmpp_ldap_bind_dn: cn=xmpp,ou=services,{{ testsite_ldap_base }} -prosody_ldap_password: xmpp +xmpp_ldap_password: xmpp -prosody_ldap_filter: '(&(memberOf=cn=xmpp,ou=groups,{{ testsite_ldap_base }})(mail=$user@$host))' +xmpp_ldap_filter: '(&(memberOf=cn=xmpp,ou=groups,{{ testsite_ldap_base }})(mail=$user@$host))' -prosody_ldap_scope: "onelevel" +xmpp_ldap_scope: "onelevel" -prosody_ldap_tls: "true" +xmpp_ldap_tls: "true" -prosody_ldap_base: "ou=people,{{ testsite_ldap_base }}" +xmpp_ldap_base: "ou=people,{{ testsite_ldap_base }}" diff --git a/testsite/playbooks/xmpp.yml b/testsite/playbooks/xmpp.yml index 59bce9facad60d887760189bb737e082ee501f4b..65a939bf21ef7ac98b4aaf5cc1af0d4b60a933b1 100644 --- a/testsite/playbooks/xmpp.yml +++ b/testsite/playbooks/xmpp.yml @@ -7,4 +7,4 @@ - common - ldap_client - mail_forwarder - - prosody + - xmpp_server