Changeset - fb163acf23e7
Parent rev.
Child rev.
[Not reviewed]
0 3 0
Branko Majic (branko) - 9 years ago 2015-08-31 23:13:19
branko@majic.rs
MAR-19: Fixed handling off TLS private keys and certificates. Added some common parameters for defining where the TLS private keys and certificates reside.
3 files changed with 30 insertions and 6 deletions:
docs/rolereference.rst
26
4
roles/ldap_server/defaults/main.yml
2
2
roles/xmpp_server/defaults/main.yml
2
0 comments (0 inline, 0 general)
docs/rolereference.rst
Show inline comments
 
@@ -2,6 +2,28 @@ Role Reference
 
==============
 

			




	
	
	
		
 

			




	
	
	
		
 
Common parameters

			




	
	
	
		
 
-----------------

			




	
	
	
		
 

			




	
	
	
		
 
A number of common parameters are used by all of the roles during

			




	
	
	
		
 
deployment. This section lists such parameters.

			




	
	
	
		
 

			




	
	
	
		
 
**tls_private_key_dir** (string, optional, ``tls/``)

			




	
	
	
		
 
  Path to directory on Ansible host that contains the private keys used by

			




	
	
	
		
 
  services deployed by various roles. When TLS key path is not explicitly

			




	
	
	
		
 
  defined in a role, this is the directory where the TLS key will be looked-up

			




	
	
	
		
 
  during Ansible run. Expected filename pattern is ``FQDN_SERVICE.key`` (for

			




	
	
	
		
 
  example, ``mail.example.com_smtp.key`` or ``xmpp.example.com_xmpp.key``).

			




	
	
	
		
 

			




	
	
	
		
 
**tls_certificate_dir** (string, mandatory if ``ldap_server_tls_certificate`` is not defined)

			




	
	
	
		
 
  Path to directory on Ansible host that contains the X.509 certificate files

			




	
	
	
		
 
  used by services deployed by various roles. When X.509 certificate path is not

			




	
	
	
		
 
  explicitly defined in a role, this is the directory where the X.509

			




	
	
	
		
 
  certificate will be looked-up during Ansible run. Expected filename pattern is

			




	
	
	
		
 
  ``FQDN_SERVICE.pem`` (for example, ``mail.example.com_smtp.pem`` or

			




	
	
	
		
 
  ``xmpp.example.com_xmpp.pem``).

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
Preseed

			




	
	
	
		
 
-------

			




	
	
	
		
 

			




	
	
		
 
@@ -464,11 +486,11 @@ Parameters

			




	
	
	
		
 
  <http://www.openldap.org/doc/admin24/slapdconf2.html#cn=config>` for value

			




	
	
	
		
 
  description and syntax.

			




	
	
	
		
 

			




	
	
	
		
 
**ldap_server_tls_certificate** (string, optional, ``/etc/ssl/certs/FQDN_ldap.pem``)

			




	
	
	
		
 
**ldap_server_tls_certificate** (string, optional, ``{{ tls_certificate_dir }}/FQDN_ldap.pem``)

			




	
	
	
		
 
  Path to file on Ansible host that contains the X.509 certificate used for TLS

			




	
	
	
		
 
  for LDAP service. The file will be copied to directory ``/etc/ssl/certs/``.

			




	
	
	
		
 

			




	
	
	
		
 
**ldap_server_tls_key** (string, optional, ``/etc/ssl/private/FQDN_ldap.key``)

			




	
	
	
		
 
**ldap_server_tls_key** (string, optional, ``{{ tls_private_key_dir }}/FQDN_ldap.key``)

			




	
	
	
		
 
  Path to file on Ansible host that contains the private key used for TLS for

			




	
	
	
		
 
  LDAP service. The file will be copied to directory ``/etc/ssl/private/``.

			




	
	
	
		
 

			




	
	
		
 
@@ -569,11 +591,11 @@ Parameters

			




	
	
	
		
 
  Prosody. Each item is a string with value equal to XMPP user ID

			




	
	
	
		
 
  (i.e. ``john.doe@example.com``).

			




	
	
	
		
 

			




	
	
	
		
 
**xmpp_tls_key** (string, mandatory)

			




	
	
	
		
 
**xmpp_tls_key** (string, optional, ``{{ tls_private_key_dir }}/FQDN_xmpp.key``)

			




	
	
	
		
 
  Path to file on Ansible host that contains the private key used for TLS for

			




	
	
	
		
 
  XMPP service. The file will be copied to directory ``/etc/ssl/private/``.

			




	
	
	
		
 

			




	
	
	
		
 
**xmpp_tls_certificate** (string, mandatory)

			




	
	
	
		
 
**xmpp_tls_certificate** (string, optional, ``{{ tls_certificate_dir }}/FQDN_xmpp.pem``)

			




	
	
	
		
 
  Path to file on Ansible host that contains the X.509 certificate used for TLS

			




	
	
	
		
 
  for SMTP service. The file will be copied to directory ``/etc/ssl/certs/``.

			




	
	
	
		
 

			




        

    


    
    

    

        

                

                    roles/ldap_server/defaults/main.yml
                

                

                  
                      
                        

                      

                      
                        
                  

                  
                      
                  
                      
                  
                      
                  
                      
                  
                  
                

                

                    Show inline comments
                    
                

        

        

            



	
	
		
 
@@ -6,8 +6,8 @@ ldap_server_domain: "{{ ansible_facts[host]['domain'] }}"

			




	
	
	
		
 
ldap_server_int_basedn: "{{ ldap_server_domain | regex_replace('\\.', ',dc=') | regex_replace('^', 'dc=') }}"

			




	
	
	
		
 
ldap_server_organization: "Private"

			




	
	
	
		
 
ldap_server_log_level: 256

			




	
	
	
		
 
ldap_server_tls_certificate: "/etc/ssl/certs/{{ ansible_facts[host]['fqdn'] }}_ldap.pem"

			




	
	
	
		
 
ldap_server_tls_key: "/etc/ssl/private/{{ ansible_facts[host]['fqdn'] }}_ldap.key"

			




	
	
	
		
 
ldap_server_tls_certificate: "{{ tls_certificate_dir }}/{{ ansible_facts[host]['fqdn'] }}_ldap.pem"

			




	
	
	
		
 
ldap_server_tls_key: "{{ tls_private_key_dir }}/{{ ansible_facts[host]['fqdn'] }}_ldap.key"

			




	
	
	
		
 
ldap_server_ssf: 128

			




	
	
	
		
 
ldap_permissions:

			




	
	
	
		
 
  - >

			




        

    


    
    

    

        

                

                    roles/xmpp_server/defaults/main.yml
                

                

                  
                      
                        

                      

                      
                        
                  

                  
                      
                  
                      
                  
                      
                  
                      
                  
                  
                

                

                    Show inline comments
                    
                

        

        

            



	
	
		
 
@@ -4,3 +4,5 @@ xmpp_domains: "{{ ansible_facts[host]['domain'] }}"

			




	
	
	
		
 
xmpp_ldap_filter: '(mail=$user@$host)'

			




	
	
	
		
 
xmpp_ldap_scope: subtree

			




	
	
	
		
 
xmpp_ldap_base: "{{ ansible_facts[host]['domain'] | regex_replace('\\.', ',dc=') | regex_replace('^', 'dc=') }}"

			




	
	
	
		
 
xmpp_tls_certificate: "{{ tls_certificate_dir }}/{{ ansible_facts[host]['fqdn'] }}_xmpp.pem"

			




	
	
	
		
 
xmpp_tls_key: "{{ tls_private_key_dir }}/{{ ansible_facts[host]['fqdn'] }}_xmpp.key"

			




        

    



    


    



    



      

      





    
    0 comments (0 inline, 0 general)
    





    


  

  







  


    




    








    
        
    
    
        This site is powered by
            Kallithea 0.7.0,
        which is
        © 2010–2023 by various authors & licensed under GPLv3.