ansible/xoxys.ldap_proxy
1
0
Fork 0
Code Issues Pull Requests Releases Activity

fix tls handling
Some checks failed
continuous-integration/drone/push Build is failing
Details

Browse Source
This commit is contained in:
Robert Kaussow 2019-09-18 21:17:52 +02:00
parent 6885efcd37
commit c9eed87785
4 changed files with 9 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
defaults/main.yml
View File

@ -15,13 +15,7 @@ ldap_proxy_open_ports:
-A INPUT -m state --state NEW -p tcp --dport 389 -j ACCEPT -A INPUT -m state --state NEW -p tcp --dport 389 -j ACCEPT
state: present state: present
# You can deploy your certificates from a file or from content. ldap_proxy_tls_enabled: False
# If you enable ldap_proxy_tls_source_use_content you have to put the content of your cert files into
# ldap_proxy_tls_cert_path and ldap_proxy_tls_cert_path.
ldap_proxy_tls_source_use_content: False
# If you enable ldap_proxy_tls_source_use_files theses variables have to contain the path to your
# certificate files located on the ansible "master" host
ldap_proxy_tls_source_use_files: True
ldap_proxy_tls_cert_source: mycert.pem ldap_proxy_tls_cert_source: mycert.pem
ldap_proxy_tls_key_source: mykey.pem ldap_proxy_tls_key_source: mykey.pem
ldap_proxy_tls_ca_source: ca.pem ldap_proxy_tls_ca_source: ca.pem

6
molecule/ec2-centos-7/tests/test_default.py
View File

@ -14,3 +14,9 @@ def test_ldap_proxy_is_installed(host):
ldap_proxy_client = host.package("openldap-client") ldap_proxy_client = host.package("openldap-client")
assert ldap_proxy_server.is_installed assert ldap_proxy_server.is_installed
assert ldap_proxy_client.is_installed assert ldap_proxy_client.is_installed
def test_ldap_proxy_running_and_enabled(host):
ldap_proxy = host.service("sldapd")
assert ldap_proxy.is_running
assert ldap_proxy.is_enabled

1
tasks/main.yml
View File

@ -1,4 +1,5 @@
--- ---
- include_tasks: setup.yml - include_tasks: setup.yml
- import_tasks: tls.yml - import_tasks: tls.yml
when: ldap_proxy_tls_enabled | bool
- include_tasks: post_tasks.yml - include_tasks: post_tasks.yml

22
tasks/tls.yml
View File

@ -15,7 +15,7 @@
- "{{ ldap_proxy_tls_key_path | dirname }}" - "{{ ldap_proxy_tls_key_path | dirname }}"
- "{{ ldap_proxy_tls_ca_path | dirname }}" - "{{ ldap_proxy_tls_ca_path | dirname }}"
- name: Copy certs and private key (file) - name: Copy certs and private key
copy: copy:
src: "{{ item.src }}" src: "{{ item.src }}"
dest: "{{ item.dest }}" dest: "{{ item.dest }}"
@ -32,25 +32,5 @@
- { src: "{{ ldap_proxy_tls_ca_source }}", dest: '{{ ldap_proxy_tls_ca_path }}', mode: '0640' } - { src: "{{ ldap_proxy_tls_ca_source }}", dest: '{{ ldap_proxy_tls_ca_path }}', mode: '0640' }
loop_control: loop_control:
label: "{{ item.dest }}" label: "{{ item.dest }}"
when: ldap_proxy_tls_source_use_files
- name: Copy certs and private key (content)
copy:
content: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: ldap
group: ldap
mode: "{{ item.mode }}"
selevel: s0
serole: object_r
setype: slapd_cert_t
seuser: system_u
loop:
- { src: "{{ ldap_proxy_tls_key_source }}", dest: '{{ ldap_proxy_tls_key_path }}', mode: '0600' }
- { src: "{{ ldap_proxy_tls_cert_source }}", dest: '{{ ldap_proxy_tls_cert_path }}', mode: '0640' }
- { src: "{{ ldap_proxy_tls_ca_source }}", dest: '{{ ldap_proxy_tls_ca_path }}', mode: '0640' }
loop_control:
label: "{{ item.dest }}"
when: ldap_proxy_tls_source_use_content
become: True become: True
become_user: root become_user: root