Changeset - 66b36215b603
[Not reviewed]
0 3 0
Branko Majic (branko) - 9 years ago 2015-04-07 22:49:39
branko@majic.rs
MAR-3: Added instructions for setting-up TLS keys and certs on the XMPP server in test site. Added LDAP client role to the XMPP server in test site. Updated path to TLS key/cert for XMPP server in test site.
3 files changed with 29 insertions and 2 deletions:
0 comments (0 inline, 0 general)
docs/testsite.rst
Show inline comments
 
@@ -78,5 +78,17 @@ system:
 
  644*), respectively. After that, re-run the ``site.yml`` playbook in order to
 
  re-configure OpenLDAP server to use it.
 

	
 
* On ``xmpp.example.com``:
 

	
 
  * Create TLS private key for XMPP in location
 
    ``/etc/ssl/private/xmpp.example.com.pem`` (*root:prosody, 640*).
 
  * Create TLS certificate for XMPP in location
 
    ``/etc/ssl/certs/xmpp.example.com.pem`` (*root:root, 644*).
 
  * Install a truststore that contains the CA certifciate which has issued the
 
    LDAP certificate in location ``/etc/ssl/certs/truststore.pem`` (*root:root,
 
    644*).
 
  * After all files are in place, re-run the ``site.yml`` playbook in order to
 
    restart necessary services etc.
 

	
 
For more details on how the playbooks and configuration have been implemented,
 
feel free to browse the test site files (in directory ``testsite``).
testsite/group_vars/xmpp.yml
Show inline comments
 
---
 

	
 
ldap_client_config:
 
  - comment: Set the base DN
 
    option: BASE
 
    value: dc=example,dc=com
 
  - comment: Set the default URI
 
    option: URI
 
    value: ldapi:///
 
  - comment: Set the default bind DN
 
    option: BINDDN
 
    value: cn=admin,dc=example,dc=com
 
  - comment: Set the LDAP TLS truststore
 
    option: TLS_CACERT
 
    value: /etc/ssl/certs/truststore.pem
 

	
 
prosody_administrators:
 
  - john.doe@example.com
 

	
 
prosody_tls_key: /etc/prosody/certs/localhost.key
 
prosody_tls_key: /etc/ssl/private/xmpp.example.com.pem
 

	
 
prosody_tls_certificate: /etc/prosody/certs/localhost.crt
 
prosody_tls_certificate: /etc/ssl/certs/xmpp.example.com.pem
 

	
 
prosody_domains:
 
  - example.com
testsite/playbooks/xmpp.yml
Show inline comments
 
@@ -5,4 +5,5 @@
 
  sudo: yes
 
  roles:
 
    - common
 
    - ldap_client
 
    - prosody
0 comments (0 inline, 0 general)