majic-ansible-roles Files · roles/backup

Files @ 8d272d91d3d2

Branch filter:

Location: majic-ansible-roles/roles/backup_client/handlers/main.yml

8d272d91d3d2 1.2 KiB text/x-yaml Show Annotation Show as Raw Download as Raw

branko

MAR-165: Deploy Diffie-Helman parameters for LDAP server in the ldap_server role:

- Not relevant for Debian Strech because of a bug in the OpenLDAP
version it ships with.
- This should allow use of DHE ciphers with LDAP server.
- Generated DH parameters only help pick one of the parameters from
RFC-7919 (based on the size of generated ones).
- Make the cipher test lists distro-specific due to differences
between supported algorithms in respective GnuTLS versions.

---

# @TODO: Can't use file module, since one of the files (GnuPG socket)
#        seems to disappear in middle of operation).
- name: Remove current keyring  # noqa 301
  # [301] Commands should not change things if nothing needs doing
  #   This task is invoked only if user is very specific about requiring to
  #   run the handlers manually as a way to bring the system to consistency
  #   after interrupted runs.
  command: "rm -rf /etc/duply/main/gnupg"
  args:
    warn: false

- name: Create keyring directory
  file:
    path: "/etc/duply/main/gnupg"
    state: directory
    owner: root
    group: root
    mode: 0700

- name: Import private keys  # noqa 301
  # [301] Commands should not change things if nothing needs doing
  #   This task is invoked only if user is very specific about requiring to
  #   run the handlers manually as a way to bring the system to consistency
  #   after interrupted runs.
  command: "gpg --no-tty --homedir /etc/duply/main/gnupg --import /etc/duply/main/private_keys.asc"

- name: Import public keys
  command: "gpg --no-tty --homedir /etc/duply/main/gnupg --import /etc/duply/main/public_keys.asc"
  when: backup_additional_encryption_keys | length > 0