fix tls handling

2019-09-18 21:17:52 +02:00 · 2019-09-18 21:17:52 +02:00 · c9eed87785
commit c9eed87785
parent 6885efcd37
4 changed files with 9 additions and 28 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -15,13 +15,7 @@ ldap_proxy_open_ports:
      -A INPUT -m state --state NEW -p tcp --dport 389 -j ACCEPT
    state: present

-# You can deploy your certificates from a file or from content.
-# If you enable ldap_proxy_tls_source_use_content you have to put the content of your cert files into
-# ldap_proxy_tls_cert_path and ldap_proxy_tls_cert_path.
-ldap_proxy_tls_source_use_content: False
-# If you enable ldap_proxy_tls_source_use_files theses variables have to contain the path to your
-# certificate files located on the ansible "master" host
-ldap_proxy_tls_source_use_files: True
+ldap_proxy_tls_enabled: False
 ldap_proxy_tls_cert_source: mycert.pem
 ldap_proxy_tls_key_source: mykey.pem
 ldap_proxy_tls_ca_source: ca.pem
--- a/molecule/ec2-centos-7/tests/test_default.py
+++ b/molecule/ec2-centos-7/tests/test_default.py
@ -14,3 +14,9 @@ def test_ldap_proxy_is_installed(host):
    ldap_proxy_client = host.package("openldap-client")
    assert ldap_proxy_server.is_installed
    assert ldap_proxy_client.is_installed
+
+
+def test_ldap_proxy_running_and_enabled(host):
+    ldap_proxy = host.service("sldapd")
+    assert ldap_proxy.is_running
+    assert ldap_proxy.is_enabled
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -1,4 +1,5 @@
 ---
 - include_tasks: setup.yml
 - import_tasks: tls.yml
+  when: ldap_proxy_tls_enabled | bool
 - include_tasks: post_tasks.yml
--- a/tasks/tls.yml
+++ b/tasks/tls.yml
@ -15,7 +15,7 @@
        - "{{ ldap_proxy_tls_key_path | dirname }}"
        - "{{ ldap_proxy_tls_ca_path | dirname }}"

-    - name: Copy certs and private key (file)
+    - name: Copy certs and private key
      copy:
        src: "{{ item.src }}"
        dest: "{{ item.dest }}"
@ -32,25 +32,5 @@
        - { src: "{{ ldap_proxy_tls_ca_source }}", dest: '{{ ldap_proxy_tls_ca_path }}', mode: '0640' }
      loop_control:
        label: "{{ item.dest }}"
-      when: ldap_proxy_tls_source_use_files
-
-    - name: Copy certs and private key (content)
-      copy:
-        content: "{{ item.src }}"
-        dest: "{{ item.dest }}"
-        owner: ldap
-        group: ldap
-        mode: "{{ item.mode }}"
-        selevel: s0
-        serole: object_r
-        setype: slapd_cert_t
-        seuser: system_u
-      loop:
-        - { src: "{{ ldap_proxy_tls_key_source }}", dest: '{{ ldap_proxy_tls_key_path }}', mode: '0600' }
-        - { src: "{{ ldap_proxy_tls_cert_source }}", dest: '{{ ldap_proxy_tls_cert_path }}', mode: '0640' }
-        - { src: "{{ ldap_proxy_tls_ca_source }}", dest: '{{ ldap_proxy_tls_ca_path }}', mode: '0640' }
-      loop_control:
-        label: "{{ item.dest }}"
-      when: ldap_proxy_tls_source_use_content
  become: True
  become_user: root