Skip to content
GitLab
Explore
Sign in
This is an archived project. Repository and other project resources are read-only.
Tools
Ansible
Playbooks
IDM FreeIPA Setup - After
Compare revisions
6bfbe174b1bf89e504a7737258b9f5b74d16450d to f7374b08afea39781477d98815c7966306eb7874
Commits on Source (2)
Fix
· 3495fd20
Дмитрий Сафронов
authored
May 26, 2021
3495fd20
Merge branch 'fix' into 'master'
· f7374b08
Дмитрий Сафронов
authored
May 26, 2021
Fix See merge request ansible/playbooks/idm-freeipa-setup-after!31
f7374b08
Hide whitespace changes
Inline
Side-by-side
requirements.yml
View file @
f7374b08
...
...
@@ -4,6 +4,9 @@
-
src
:
https://gitlab.cyberbrain.pw/ansible/roles/freeipa_le_ca
scm
:
git
-
src
:
https://gitlab.cyberbrain.pw/ansible/roles/freeipa_le_certs_httpd
scm
:
git
-
src
:
https://gitlab.cyberbrain.pw/ansible/roles/ssl_refresher
scm
:
git
...
...
run.yml
View file @
f7374b08
...
...
@@ -6,49 +6,11 @@
roles
:
-
freeipa_le_ca
-
name
:
Install ssl-refresher
hosts
:
ipaserver:ipareplicas
become
:
yes
vars
:
-
ssl_refresher_success
:
|
systemctl restart httpd.service
roles
:
-
ssl_refresher
-
name
:
Bind ssl-refresher certs
hosts
:
ipaserver:ipareplicas
become
:
yes
tasks
:
-
name
:
Update IPA certs
ansible.builtin.shell
:
ipa-certupdate
changed_when
:
False
-
name
:
Put cert in httpd config
ansible.builtin.lineinfile
:
path
:
"
/etc/httpd/conf.d/ssl.conf"
state
:
present
insertafter
:
"
^<VirtualHost
+_default_:443>$"
# insertbefore: "^</VirtualHost>$"
regexp
:
"
^SSLCertificateFile
.*"
line
:
"
SSLCertificateFile
/opt/ssl/fullchain.pem"
backup
:
yes
notify
:
-
Restart ipa
-
name
:
Put key in httpd config
ansible.builtin.lineinfile
:
path
:
"
/etc/httpd/conf.d/ssl.conf"
state
:
present
insertafter
:
"
^<VirtualHost
+_default_:443>$"
# insertbefore: "^</VirtualHost>$"
regexp
:
"
^SSLCertificateKeyFile
.*"
line
:
"
SSLCertificateKeyFile
/opt/ssl/privkey.pem"
backup
:
yes
notify
:
-
Restart ipa
handlers
:
-
name
:
Restart ipa
ansible.builtin.systemd
:
name
:
httpd.service
state
:
restarted
roles
:
-
freeipa_le_certs_httpd
-
name
:
Install ucarp with dependencies
hosts
:
ipaserver:ipareplicas
...
...