majic-ansible-roles Changeset

Changeset - 284ed92d40bb

Parent rev.

Child rev.

[Not reviewed]

0 5 0

Branko Majic (branko) - 9 years ago 2015-04-25 17:02:58
branko@majic.rs

MAR-10: Fixed truststore filename in docs for test site. Install the ssl-cert package explicitly, and allow server processes to access their keys by adding them to group ssl-cert instead.

5 files changed with 17 insertions and 5 deletions:

docs/testsite.rst

roles/common/tasks/main.yml

roles/ldap_server/tasks/main.yml

roles/mail_server/tasks/main.yml

roles/prosody/tasks/main.yml

0 comments (0 inline, 0 general)

docs/testsite.rst

➞

Show inline comments

 . Create ``PEM`` truststore file which contains all CA certificates that form
    CA chain for the issued end entity certificates from previous step at
-   location ``testsite/tls/example_ca_chain.crt``. It is very important to
+   location ``testsite/tls/example_ca_chain.pem``. It is very important to
    include the CA chain used for LDAP server.
 . Generate the preseed files:

roles/common/tasks/main.yml

➞

Show inline comments

@@ @@ -13,6 +13,9 @@ @@
 - name: Install sudo
   apt: name=sudo state=present
 - name: Install ssl-cert package
   apt: name=ssl-cert state=present
 - name: Install common packages
   apt: name="{{ item }}" state="present"
   with_items: common_packages
@@ @@ -47,11 +50,8 @@ @@
   notify:
     - Restart SSH
 - name: Allow users to traverse directories to TLS private key files
   file: path=/etc/ssl/private/ mode=o+x
 - name: Deploy CA certificates
   copy: src="{{ item }}" dest="/etc/ssl/certs/{{ item | basename }}" mode=644 owner=root group=root
   with_items: ca_certificates
   notify:
     - Update CA certificate cache
@@ \ No newline at end of file @@
     - Update CA certificate cache

roles/ldap_server/tasks/main.yml

➞

Show inline comments

@@ @@ -9,6 +9,9 @@ @@
 - name: Install slapd
   apt: name=slapd state=installed
 - name: Allow OpenLDAP user to traverse the directory with TLS private keys
   user: name=openldap append=yes groups=ssl-cert
 - name: Install Python LDAP bindings
   apt: name=python-ldap state=installed

roles/mail_server/tasks/main.yml

➞

Show inline comments

@@ @@ -22,6 +22,12 @@ @@
   notify:
     - Purge Exim configuration
 - name: Allow Postfix user to traverse the directory with TLS private keys
   user: name=postfix append=yes groups=ssl-cert
 - name: Allow Dovecot user to traverse the directory with TLS private keys
   user: name=dovecot append=yes groups=ssl-cert
 - name: Deploy SMTP TLS private key
   copy: dest="/etc/ssl/private/{{ smtp_tls_key | basename }}" src="{{ smtp_tls_key }}"
         mode=640 owner=root group=root

roles/prosody/tasks/main.yml

➞

Show inline comments

@@ @@ -17,6 +17,9 @@ @@
 - name: Install Prosody
   apt: name=prosody state=installed
 - name: Allow Prosody user to traverse the directory with TLS private keys
   user: name=prosody append=yes groups=ssl-cert
 - name: Deploy XMPP TLS private key
   copy: dest="/etc/ssl/private/{{ prosody_tls_key | basename }}" src="{{ prosody_tls_key }}"
         mode=640 owner=root group=prosody

0 comments (0 inline, 0 general)