majic-ansible-roles Changeset

Changeset - 7d6c2d8f03bf

Parent rev.

Child rev.

[Not reviewed]

0 2 0

Branko Majic (branko) - 9 years ago 2015-03-08 11:20:31
branko@majic.rs

MAR-1: Make sure Python LDAP bindings are installed a bit earlier. Configure TLS if certificate file and private key are available.

2 files changed with 20 insertions and 3 deletions:

roles/ldap_server/handlers/main.yml

roles/ldap_server/tasks/main.yml

0 comments (0 inline, 0 general)

roles/ldap_server/handlers/main.yml

➞

Show inline comments

 ---
 - name: Restart rsyslog
   service: name=rsyslog state=restarted
@@ \ No newline at end of file @@
   service: name=rsyslog state=restarted
 - name: Restart slapd
   service: name=slapd state=restarted
@@ \ No newline at end of file @@

roles/ldap_server/tasks/main.yml

➞

Show inline comments

@@ @@ -6,12 +6,15 @@ @@
 - name: Set organisation for slapd
   debconf: name=slapd question=slapd/organization vtype=string value="{{ ldap_server_config.organization }}"
 - name: Install slapd
   apt: name=slapd state=installed
 - name: Install Python LDAP bindings
   apt: name=python-ldap state=installed
 - name: Enable slapd service
   service: name=slapd enabled=yes state=started
 - name: Deploy system logger configuration file for slapd
   copy: src=slapd_rsyslog.conf dest=/etc/rsyslog.d/slapd.conf owner=root group=root mode=0644
   notify:
@@ @@ -20,14 +23,25 @@ @@
 - name: Deploy configuration file for log rotation of slapd logs
   copy: src=slapd_logrotate dest=/etc/logrotate.d/slapd owner=root group=root mode=0644
 - name: Change log level for slapd
   ldap_entry: dn=cn=config state=replaceattributes olcLogLevel="{{ ldap_server_config.log_level }}"
 - name: Install Python LDAP bindings
   apt: name=python-ldap state=installed
 - name: Check if TLS private key is available
   stat: path="{{ ldap_server_config.tls_key }}"
   register: tls_key
 - name: Check if TLS certificate is available
   stat: path="{{ ldap_server_config.tls_key }}"
   register: tls_certificate
 - name: Configure TLS for slapd
   ldap_entry: dn=cn=config state=replaceattributes olcTLSCertificateFile="{{ ldap_server_config.tls_certificate }}" olcTLSCertificateKeyFile="{{ ldap_server_config.tls_key }}"
   when: tls_key.stat.exists and tls_certificate.stat.exists
   notify:
     - Restart slapd
 - name: Apply database permissions
   ldap_permissions:
     filter: "{{ item.filter }}"
     rules: "{{ item.rules }}"
   with_items: ldap_permissions

0 comments (0 inline, 0 general)