From ddfeb485fb847dc6eb0885317ef25d3cf06f17ea 2015-09-26 17:10:22 From: Branko Majic Date: 2015-09-26 17:10:22 Subject: [PATCH] MAR-35: Fixed handling of Ansible-provided facts, making it _much_ simpler along the way as well. --- diff --git a/docs/rolereference.rst b/docs/rolereference.rst index 39bef874059341f4b011161fd366a929855134fb..3c75be2769524cb1708bd25be99f91fb7ca808d8 100644 --- a/docs/rolereference.rst +++ b/docs/rolereference.rst @@ -470,7 +470,7 @@ Parameters by dn="cn=admin,BASEDN" write by * none -**ldap_server_domain** (string, optional, ``hostvars[host]['domain']``) +**ldap_server_domain** (string, optional, ``{{ ansible_domain }}``) Domain that should be used for constructing the base DN of default user LDAP database. This should be a sub-domain dedicated to organisation. The base DN will be constructed by putting all elements of the sub-domain as ``dc`` @@ -486,11 +486,11 @@ Parameters ` for value description and syntax. -**ldap_server_tls_certificate** (string, optional, ``{{ tls_certificate_dir }}/{{ hostvars[host]['fqdn'] }}_ldap.pem``) +**ldap_server_tls_certificate** (string, optional, ``{{ tls_certificate_dir }}/{{ ansible_fqdn }}_ldap.pem``) Path to file on Ansible host that contains the X.509 certificate used for TLS for LDAP service. The file will be copied to directory ``/etc/ssl/certs/``. -**ldap_server_tls_key** (string, optional, ``{{ tls_private_key_dir }}/{{ hostvars[host]['fqdn'] }}_ldap.key``) +**ldap_server_tls_key** (string, optional, ``{{ tls_private_key_dir }}/{{ ansible_fqdn }}_ldap.key``) Path to file on Ansible host that contains the private key used for TLS for LDAP service. The file will be copied to directory ``/etc/ssl/private/``. @@ -591,15 +591,15 @@ Parameters Prosody. Each item is a string with value equal to XMPP user ID (i.e. ``john.doe@example.com``). -**xmpp_tls_key** (string, optional, ``{{ tls_private_key_dir }}/{{ hostvars[host]['fqdn'] }}_xmpp.key``) +**xmpp_tls_key** (string, optional, ``{{ tls_private_key_dir }}/{{ ansible_fqdn }}_xmpp.key``) Path to file on Ansible host that contains the private key used for TLS for XMPP service. The file will be copied to directory ``/etc/ssl/private/``. -**xmpp_tls_certificate** (string, optional, ``{{ tls_certificate_dir }}/{{ hostvars[host]['fqdn'] }}_xmpp.pem``) +**xmpp_tls_certificate** (string, optional, ``{{ tls_certificate_dir }}/{{ ansible_fqdn }}_xmpp.pem``) Path to file on Ansible host that contains the X.509 certificate used for TLS for SMTP service. The file will be copied to directory ``/etc/ssl/certs/``. -**xmpp_domains** (list, optional, ``hostvars[host]['domain']``) +**xmpp_domains** (list, optional, ``{{ ansible_domain }}``) List of domains that are served by this Prosody instance. Each item is a string specifying a domain. @@ -741,21 +741,21 @@ Parameters **mail_user_gid** (integer, optional, ``whatever OS picks``) GID of the user that owns all the mail files. -**imap_tls_certificate** (string, optional, ``{{ tls_certificate_dir }}/{{ hostvars[host]['fqdn'] }}_imap.pem``) +**imap_tls_certificate** (string, optional, ``{{ tls_certificate_dir }}/{{ ansible_fqdn }}_imap.pem``) Path to file on Ansible host that contains the X.509 certificate used for TLS for IMAP and ManageSieve services. The file will be copied to directory ``/etc/ssl/certs/``. -**imap_tls_key** (string, optional, ``{{ tls_private_key_dir }}/{{ hostvars[host]['fqdn'] }}_imap.key``) +**imap_tls_key** (string, optional, ``{{ tls_private_key_dir }}/{{ ansible_fqdn }}_imap.key``) Path to file on Ansible host that contains the private key used for TLS for IMAP and ManageSieve services. The file will be copied to directory ``/etc/ssl/private/``. -**smtp_tls_certificate** (string, optional, ``{{ tls_certificate_dir }}/{{ hostvars[host]['fqdn'] }}_smtp.pem``) +**smtp_tls_certificate** (string, optional, ``{{ tls_certificate_dir }}/{{ ansible_fqdn }}_smtp.pem``) Path to file on Ansible host that contains the X.509 certificate used for TLS for SMTP service. The file will be copied to directory ``/etc/ssl/certs/``. -**smtp_tls_key** (string, optional, ``{{ tls_certificate_dir }}/{{ hostvars[host]['fqdn'] }}_smtp.key``) +**smtp_tls_key** (string, optional, ``{{ tls_certificate_dir }}/{{ ansible_fqdn }}_smtp.key``) Path to file on Ansible host that contains the private key used for TLS for SMTP service. The file will be copied to directory ``/etc/ssl/private/``. @@ -767,7 +767,7 @@ Parameters List of RBLs to use for detecting servers which send out spam. Each item is a string resembling the RBL domain. -**mail_postmaster** (string, optional, ``postmaster@{{ hostvars[host]['domain']}}``) +**mail_postmaster** (string, optional, ``postmaster@{{ ansible_domain}}``) Mail address to use for the postmaster account in Dovecot. **smtp_allow_relay_from** (list, optional, []) @@ -897,11 +897,11 @@ The role implements the following: Parameters ~~~~~~~~~~ -**https_tls_key** (string, optional, ``{{ tls_private_key_dir }}/{{ hostvars[host]['fqdn'] }}_https.key``) +**https_tls_key** (string, optional, ``{{ tls_private_key_dir }}/{{ ansible_fqdn }}_https.key``) Path to file on Ansible host that contains the private key used for TLS for HTTPS service. The file will be copied to directory ``/etc/ssl/private/``. -**https_tls_certificate** (string, optional, ``{{ tls_certificate_dir }}/{{ hostvars[host]['fqdn'] }}_https.pem``) +**https_tls_certificate** (string, optional, ``{{ tls_certificate_dir }}/{{ ansible_fqdn }}_https.pem``) Path to file on Ansible host that contains the X.509 certificate used for TLS for HTTPS service. The file will be copied to directory ``/etc/ssl/certs/``. diff --git a/roles/ldap_server/defaults/main.yml b/roles/ldap_server/defaults/main.yml index 7c13245d4595a2fbeab910b6dad96c5e0d191830..044bfb812dbb5881ad72e0833254fef87f934bd2 100644 --- a/roles/ldap_server/defaults/main.yml +++ b/roles/ldap_server/defaults/main.yml @@ -1,13 +1,13 @@ --- ldap_entries: [] -ldap_server_domain: "{{ hostvars[host]['domain'] }}" +ldap_server_domain: "{{ ansible_domain }}" # Internal value, base DN. ldap_server_int_basedn: "{{ ldap_server_domain | regex_replace('\\.', ',dc=') | regex_replace('^', 'dc=') }}" ldap_server_organization: "Private" ldap_server_log_level: 256 -ldap_server_tls_certificate: "{{ tls_certificate_dir }}/{{ hostvars[host]['fqdn'] }}_ldap.pem" -ldap_server_tls_key: "{{ tls_private_key_dir }}/{{ hostvars[host]['fqdn'] }}_ldap.key" +ldap_server_tls_certificate: "{{ tls_certificate_dir }}/{{ ansible_fqdn }}_ldap.pem" +ldap_server_tls_key: "{{ tls_private_key_dir }}/{{ ansible_fqdn }}_ldap.key" ldap_server_ssf: 128 ldap_permissions: - > diff --git a/roles/mail_server/defaults/main.yml b/roles/mail_server/defaults/main.yml index 6cc11a67b83d83fd2930219dcfa4c63f5ddb1bf8..0eb58f4156dcc830fca83b3a4b5807aab1ce3bc3 100644 --- a/roles/mail_server/defaults/main.yml +++ b/roles/mail_server/defaults/main.yml @@ -2,11 +2,11 @@ mail_ldap_tls_truststore: "/etc/ssl/certs/truststore.pem" mail_user: vmail -imap_tls_certificate: "{{ tls_certificate_dir }}/{{ hostvars[host]['fqdn'] }}_imap.pem" -imap_tls_key: "{{ tls_private_key_dir }}/{{ hostvars[host]['fqdn'] }}_imap.key" -smtp_tls_certificate: "{{ tls_certificate_dir }}/{{ hostvars[host]['fqdn'] }}_smtp.pem" -smtp_tls_key: "{{ tls_certificate_dir }}/{{ hostvars[host]['fqdn'] }}_smtp.key" +imap_tls_certificate: "{{ tls_certificate_dir }}/{{ ansible_fqdn }}_imap.pem" +imap_tls_key: "{{ tls_private_key_dir }}/{{ ansible_fqdn }}_imap.key" +smtp_tls_certificate: "{{ tls_certificate_dir }}/{{ ansible_fqdn }}_smtp.pem" +smtp_tls_key: "{{ tls_certificate_dir }}/{{ ansible_fqdn }}_smtp.key" imap_folder_separator: "/" smtp_rbl: [] -mail_postmaster: "postmaster@{{ hostvars[host]['domain'] }}" +mail_postmaster: "postmaster@{{ ansible_domain }}" smtp_allow_relay_from: [] \ No newline at end of file diff --git a/roles/web_server/defaults/main.yml b/roles/web_server/defaults/main.yml index eaf3e8c7785557f86e780f1d05dae7ffd56127ec..01bc8107b39fd29774d8c807607bedc461f084d0 100644 --- a/roles/web_server/defaults/main.yml +++ b/roles/web_server/defaults/main.yml @@ -1,6 +1,6 @@ --- -https_tls_key: "{{ tls_private_key_dir }}/hostvars[host]['fqdn']_https.key" -https_tls_certificate: "{{ tls_certificate_dir }}/hostvars[host]['fqdn']_https.pem }}" +https_tls_key: "{{ tls_private_key_dir }}/{{ ansible_fqdn }}_https.key" +https_tls_certificate: "{{ tls_certificate_dir }}/{{ ansible_fqdn }}_https.pem }}" web_default_title: "Welcome" web_default_message: "You are attempting to access the web server using a wrong name or an IP address. Please check your URL." diff --git a/roles/xmpp_server/defaults/main.yml b/roles/xmpp_server/defaults/main.yml index 6c7c6407925b96462a40ce72f095dd902e784c54..4d496a8eb1e8d691e0b0d13b4f67ca281aa1ccb4 100644 --- a/roles/xmpp_server/defaults/main.yml +++ b/roles/xmpp_server/defaults/main.yml @@ -1,8 +1,8 @@ --- -xmpp_domains: "{{ hostvars[host]['domain'] }}" +xmpp_domains: "{{ ansible_domain }}" xmpp_ldap_filter: '(mail=$user@$host)' xmpp_ldap_scope: subtree -xmpp_ldap_base: "{{ hostvars[host]['domain'] | regex_replace('\\.', ',dc=') | regex_replace('^', 'dc=') }}" -xmpp_tls_certificate: "{{ tls_certificate_dir }}/{{ hostvars[host]['fqdn'] }}_xmpp.pem" -xmpp_tls_key: "{{ tls_private_key_dir }}/{{ hostvars[host]['fqdn'] }}_xmpp.key" +xmpp_ldap_base: "{{ ansible_domain | regex_replace('\\.', ',dc=') | regex_replace('^', 'dc=') }}" +xmpp_tls_certificate: "{{ tls_certificate_dir }}/{{ ansible_fqdn }}_xmpp.pem" +xmpp_tls_key: "{{ tls_private_key_dir }}/{{ ansible_fqdn }}_xmpp.key"