|
@@ -38,6 +38,21 @@
|
|
|
- domain3
|
|
|
- proxy.domain3
|
|
|
- conference.domain3
|
|
|
- name: parameters-mandatory-bookworm_xmpp
|
|
|
fqdn:
|
|
|
- parameters-mandatory
|
|
|
- domain1
|
|
|
- proxy.domain1
|
|
|
- conference.domain1
|
|
|
- name: parameters-optional-bookworm_xmpp
|
|
|
fqdn:
|
|
|
- parameters-optional
|
|
|
- domain2
|
|
|
- proxy.domain2
|
|
|
- conference.domain2
|
|
|
- domain3
|
|
|
- proxy.domain3
|
|
|
- conference.domain3
|
|
|
|
|
|
- name: Set-up link to generated X.509 material
|
|
|
file:
|
|
@@ -105,6 +120,43 @@
|
|
|
192.168.56.51: "parameters-mandatory domain1 proxy.domain1 conference.domain1"
|
|
|
192.168.56.52: "parameters-optional domain2 proxy.domain2 conference.domain2 domain3 proxy.domain3 conference.domain3"
|
|
|
|
|
|
- hosts: bookworm
|
|
|
become: true
|
|
|
tasks:
|
|
|
|
|
|
- name: Enable TLSv1.0+ in global OpenSSL configuration file in order to be able to test the web_server_tls_protocols parameter
|
|
|
blockinfile:
|
|
|
path: "/etc/ssl/openssl.cnf"
|
|
|
block: |
|
|
|
[openssl_init]
|
|
|
ssl_conf = ssl_sect
|
|
|
|
|
|
[ssl_sect]
|
|
|
system_default = system_default_sect
|
|
|
|
|
|
[system_default_sect]
|
|
|
MinProtocol = TLSv1.1
|
|
|
CipherString = DEFAULT@SECLEVEL=0
|
|
|
owner: root
|
|
|
group: root
|
|
|
mode: 0644
|
|
|
state: present
|
|
|
|
|
|
- name: Set-up the hosts file
|
|
|
lineinfile:
|
|
|
path: /etc/hosts
|
|
|
regexp: "^{{ item.key }}"
|
|
|
line: "{{ item.key }} {{ item.value }}"
|
|
|
owner: root
|
|
|
group: root
|
|
|
mode: 0644
|
|
|
state: present
|
|
|
with_dict:
|
|
|
192.168.56.11: "ldap-server backup-server"
|
|
|
192.168.56.21: "client-bookworm"
|
|
|
192.168.56.31: "parameters-mandatory domain1 proxy.domain1 conference.domain1"
|
|
|
192.168.56.32: "parameters-optional domain2 proxy.domain2 conference.domain2 domain3 proxy.domain3 conference.domain3"
|
|
|
|
|
|
- hosts: clients
|
|
|
become: true
|
|
|
tasks:
|