Change ldap cert / key source name and move to build var file

27f10313 · Jupiter Hu · b39f6048 · 27f10313 · 27f10313 · 27f10313
Commit 27f10313 authored 9 years ago by Jupiter Hu
--- a/roles/ldapserver/tasks/main.yml
+++ b/roles/ldapserver/tasks/main.yml
@@ -70,19 +70,19 @@
  sudo: true
 - name: make ldap private dir
-  file: path={{ ldapKeyDest | dirname }} state=directory owner={{ ldapuser }} group={{ ldapgroup }}
+  file: path={{ ldapKeyDest | dirname }} state=directory owner={{ ldapuser }} group={{ ldapgroup }} mode=700
  sudo: true
 - name: copy cert
-  copy: src="files/{{ ldapCertSrc }}" dest="{{ ldapCertDest }}"
+  copy: src="files/{{ ldapCert }}" dest="{{ ldapCertDest }}"
  sudo: true
 - name: copy cacert
-  copy: src="files/{{ ldapCAChainSrc }}" dest="{{ ldapCAChainDest }}"
+  copy: src="files/{{ ldapCAChain }}" dest="{{ ldapCAChainDest }}"
  sudo: true
 - name: copy key
-  copy: src="files/{{ ldapKeySrc }}" dest="{{ ldapKeyDest }}" mode=600 owner={{ ldapuser }} group={{ ldapgroup }}
+  copy: src="files/{{ ldapKey }}" dest="{{ ldapKeyDest }}" mode=600 owner={{ ldapuser }} group={{ ldapgroup }} 
  sudo: true
 - name: enable ssl centos
@@ -111,7 +111,7 @@
  when: tlsConfigured|failed
 - name: Initialise cosine and ppolicy
-  shell: ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/{{ ldapDir }}/schema/{{ item }}.ldif -D cn=config
+  shell: ldapadd -Y EXTERNAL -H ldapi:/// -f {{ ldapDir }}/schema/{{ item }}.ldif -D cn=config
  with_items:
   - ppolicy
   - cosine

--- a/roles/ldapserver/vars/CentOS.yml
+++ b/roles/ldapserver/vars/CentOS.yml
 ---
-  ldapDir: "openldap"
+  ldapDir: "/etc/openldap"
  module_path: "/usr/lib64/openldap/"
--- a/roles/ldapserver/vars/Debian.yml
+++ b/roles/ldapserver/vars/Debian.yml
 ---
-  ldapDir: "ldap"
+  ldapDir: "/etc/ldap"
  module_path: "/usr/lib/ldap"
--- a/roles/ldapserver/vars/main.yml
+++ b/roles/ldapserver/vars/main.yml
 ---
-ldapCertDest: "/etc/{{ ldapDir }}/ssl/certs/hpcldap0.erc.monash.edu.au.cert.pem"
+ldapCertDest: "{{ ldapDir }}/ssl/certs/hpcldap0.erc.monash.edu.au.cert.pem"
-ldapKeyDest: "/etc/{{ ldapDir }}/ssl/private/hpcldao0.erc.monash.edu.au.key.pem"
+ldapKeyDest: "{{ ldapDir }}/ssl/private/hpcldao0.erc.monash.edu.au.key.pem"
-ldapCAChainDest: "/etc/{{ ldapDir }}/ssl/certs/MeRC_HPC_CaChain.cert.pem"
+ldapCAChainDest: "{{ ldapDir }}/ssl/certs/MeRC_HPC_CaChain.cert.pem"
-ldapKeySrc: "hpcldap0.erc.monash.edu.au.key.pem"
-ldapCertSrc: "hpcldap0.erc.monash.edu.au.cert.pem"                         
-ldapCAChainSrc: "MeRC_HPC_CA_Chain.cert.pem"
--- a/vars/defaults.yml
+++ b/vars/defaults.yml
---
-packager: yum 
-apache: httpd 
--- a/vars/main.yml
+++ b/vars/main.yml
+---
+ldapKey: "hpcldap0.erc.monash.edu.au.key.pem"
+ldapCert: "hpcldap0.erc.monash.edu.au.cert.pem"
+ldapCAChain: "MeRC_HPC_CA_Chain.cert.pem"