majic-ansible-roles Files · roles/common/handlers/main.yml

Files @ 8d272d91d3d2

Branch filter:

Location: majic-ansible-roles/roles/common/handlers/main.yml

8d272d91d3d2 1002 B text/x-yaml Show Annotation Show as Raw Download as Raw

branko

MAR-165: Deploy Diffie-Helman parameters for LDAP server in the ldap_server role:

- Not relevant for Debian Strech because of a bug in the OpenLDAP
version it ships with.
- This should allow use of DHE ciphers with LDAP server.
- Generated DH parameters only help pick one of the parameters from
RFC-7919 (based on the size of generated ones).
- Make the cipher test lists distro-specific due to differences
between supported algorithms in respective GnuTLS versions.

---

- name: Update PAM configuration  # noqa 301
  # [301] Commands should not change things if nothing needs doing
  #   This task is invoked only if user is very specific about requiring to
  #   run the handlers manually as a way to bring the system to consistency
  #   after interrupted runs.
  command: "/usr/sbin/pam-auth-update --package"

- name: Restart SSH
  service:
    name: ssh
    state: restarted

- name: Update CA certificate cache  # noqa 301
  # [301] Commands should not change things if nothing needs doing
  #   This task is invoked only if user is very specific about requiring to
  #   run the handlers manually as a way to bring the system to consistency
  #   after interrupted runs.
  command: "/usr/sbin/update-ca-certificates --fresh"

- name: Restart ferm
  service:
    name: ferm
    state: restarted

- name: Reload systemd
  systemd:
    daemon_reload: true

- name: Restart NTP server
  service:
    name: ntp
    state: restarted
  when: ntp_servers | length > 0