From 27f1031363d0201f2a4e8196d95f656f307dfdba Mon Sep 17 00:00:00 2001
From: CVL-GitHub <jupiter.hu@monash.edu>
Date: Fri, 28 Aug 2015 14:01:36 +1000
Subject: [PATCH] Change ldap cert / key source name and move to build var file

---
 roles/ldapserver/tasks/main.yml  | 10 +++++-----
 roles/ldapserver/vars/CentOS.yml |  2 +-
 roles/ldapserver/vars/Debian.yml |  2 +-
 roles/ldapserver/vars/main.yml   | 11 +++--------
 vars/defaults.yml                |  3 ---
 vars/main.yml                    |  5 +++++
 6 files changed, 15 insertions(+), 18 deletions(-)
 delete mode 100644 vars/defaults.yml
 create mode 100644 vars/main.yml

diff --git a/roles/ldapserver/tasks/main.yml b/roles/ldapserver/tasks/main.yml
index 36251d50..6c5539aa 100644
--- a/roles/ldapserver/tasks/main.yml
+++ b/roles/ldapserver/tasks/main.yml
@@ -70,19 +70,19 @@
   sudo: true
 
 - name: make ldap private dir
-  file: path={{ ldapKeyDest | dirname }} state=directory owner={{ ldapuser }} group={{ ldapgroup }}
+  file: path={{ ldapKeyDest | dirname }} state=directory owner={{ ldapuser }} group={{ ldapgroup }} mode=700
   sudo: true
 
 - name: copy cert
-  copy: src="files/{{ ldapCertSrc }}" dest="{{ ldapCertDest }}"
+  copy: src="files/{{ ldapCert }}" dest="{{ ldapCertDest }}"
   sudo: true
 
 - name: copy cacert
-  copy: src="files/{{ ldapCAChainSrc }}" dest="{{ ldapCAChainDest }}"
+  copy: src="files/{{ ldapCAChain }}" dest="{{ ldapCAChainDest }}"
   sudo: true
 
 - name: copy key
-  copy: src="files/{{ ldapKeySrc }}" dest="{{ ldapKeyDest }}" mode=600 owner={{ ldapuser }} group={{ ldapgroup }}
+  copy: src="files/{{ ldapKey }}" dest="{{ ldapKeyDest }}" mode=600 owner={{ ldapuser }} group={{ ldapgroup }} 
   sudo: true
 
 - name: enable ssl centos
@@ -111,7 +111,7 @@
   when: tlsConfigured|failed
 
 - name: Initialise cosine and ppolicy
-  shell: ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/{{ ldapDir }}/schema/{{ item }}.ldif -D cn=config
+  shell: ldapadd -Y EXTERNAL -H ldapi:/// -f {{ ldapDir }}/schema/{{ item }}.ldif -D cn=config
   with_items:
    - ppolicy
    - cosine
diff --git a/roles/ldapserver/vars/CentOS.yml b/roles/ldapserver/vars/CentOS.yml
index d8f1c966..e1d68d89 100644
--- a/roles/ldapserver/vars/CentOS.yml
+++ b/roles/ldapserver/vars/CentOS.yml
@@ -1,4 +1,4 @@
 ---
-  ldapDir: "openldap"
+  ldapDir: "/etc/openldap"
   module_path: "/usr/lib64/openldap/"
   
diff --git a/roles/ldapserver/vars/Debian.yml b/roles/ldapserver/vars/Debian.yml
index a7d28315..c10225e0 100644
--- a/roles/ldapserver/vars/Debian.yml
+++ b/roles/ldapserver/vars/Debian.yml
@@ -1,3 +1,3 @@
 ---
-  ldapDir: "ldap"
+  ldapDir: "/etc/ldap"
   module_path: "/usr/lib/ldap"
diff --git a/roles/ldapserver/vars/main.yml b/roles/ldapserver/vars/main.yml
index c6921d3d..23bde66d 100644
--- a/roles/ldapserver/vars/main.yml
+++ b/roles/ldapserver/vars/main.yml
@@ -1,9 +1,4 @@
 ---
-ldapCertDest: "/etc/{{ ldapDir }}/ssl/certs/hpcldap0.erc.monash.edu.au.cert.pem"
-ldapKeyDest: "/etc/{{ ldapDir }}/ssl/private/hpcldao0.erc.monash.edu.au.key.pem"
-ldapCAChainDest: "/etc/{{ ldapDir }}/ssl/certs/MeRC_HPC_CaChain.cert.pem"
-
-ldapKeySrc: "hpcldap0.erc.monash.edu.au.key.pem"
-ldapCertSrc: "hpcldap0.erc.monash.edu.au.cert.pem"                         
-ldapCAChainSrc: "MeRC_HPC_CA_Chain.cert.pem"
-
+ldapCertDest: "{{ ldapDir }}/ssl/certs/hpcldap0.erc.monash.edu.au.cert.pem"
+ldapKeyDest: "{{ ldapDir }}/ssl/private/hpcldao0.erc.monash.edu.au.key.pem"
+ldapCAChainDest: "{{ ldapDir }}/ssl/certs/MeRC_HPC_CaChain.cert.pem"
diff --git a/vars/defaults.yml b/vars/defaults.yml
deleted file mode 100644
index 064e7585..00000000
--- a/vars/defaults.yml
+++ /dev/null
@@ -1,3 +0,0 @@
----
-packager: yum 
-apache: httpd 
diff --git a/vars/main.yml b/vars/main.yml
new file mode 100644
index 00000000..8aae17d4
--- /dev/null
+++ b/vars/main.yml
@@ -0,0 +1,5 @@
+---
+ldapKey: "hpcldap0.erc.monash.edu.au.key.pem"
+ldapCert: "hpcldap0.erc.monash.edu.au.cert.pem"
+ldapCAChain: "MeRC_HPC_CA_Chain.cert.pem"
+
-- 
GitLab