majic-ansible-roles Changeset

Changeset - 66b36215b603

Parent rev.

Child rev.

[Not reviewed]

0 3 0

Branko Majic (branko) - 9 years ago 2015-04-07 22:49:39
branko@majic.rs

MAR-3: Added instructions for setting-up TLS keys and certs on the XMPP server in test site. Added LDAP client role to the XMPP server in test site. Updated path to TLS key/cert for XMPP server in test site.

3 files changed with 29 insertions and 2 deletions:

docs/testsite.rst

testsite/group_vars/xmpp.yml

testsite/playbooks/xmpp.yml

0 comments (0 inline, 0 general)

docs/testsite.rst

➞

Show inline comments

@@ @@ -78,5 +78,17 @@ system: @@
 *), respectively. After that, re-run the ``site.yml`` playbook in order to
   re-configure OpenLDAP server to use it.
 * On ``xmpp.example.com``:
   * Create TLS private key for XMPP in location
     ``/etc/ssl/private/xmpp.example.com.pem`` (*root:prosody, 640*).
   * Create TLS certificate for XMPP in location
     ``/etc/ssl/certs/xmpp.example.com.pem`` (*root:root, 644*).
   * Install a truststore that contains the CA certifciate which has issued the
     LDAP certificate in location ``/etc/ssl/certs/truststore.pem`` (*root:root,
 *).
   * After all files are in place, re-run the ``site.yml`` playbook in order to
     restart necessary services etc.
 For more details on how the playbooks and configuration have been implemented,
 feel free to browse the test site files (in directory ``testsite``).

testsite/group_vars/xmpp.yml

➞

Show inline comments

 ---
 ldap_client_config:
   - comment: Set the base DN
     option: BASE
     value: dc=example,dc=com
   - comment: Set the default URI
     option: URI
     value: ldapi:///
   - comment: Set the default bind DN
     option: BINDDN
     value: cn=admin,dc=example,dc=com
   - comment: Set the LDAP TLS truststore
     option: TLS_CACERT
     value: /etc/ssl/certs/truststore.pem
 prosody_administrators:
   - john.doe@example.com
-prosody_tls_key: /etc/prosody/certs/localhost.key
+prosody_tls_key: /etc/ssl/private/xmpp.example.com.pem
-prosody_tls_certificate: /etc/prosody/certs/localhost.crt
+prosody_tls_certificate: /etc/ssl/certs/xmpp.example.com.pem
 prosody_domains:
   - example.com

testsite/playbooks/xmpp.yml

➞

Show inline comments

@@ @@ -5,4 +5,5 @@ @@
   sudo: yes
   roles:
     - common
     - ldap_client
     - prosody

0 comments (0 inline, 0 general)