Loading run.yml +45 −24 Original line number Diff line number Diff line Loading @@ -6,28 +6,49 @@ roles: - freeipa_le_ca - name: Update IPA certs hosts: ipaserver:ipareplicas become: yes tasks: - name: Update IPA certs ansible.builtin.shell: ipa-certupdate changed_when: False - name: Install ssl-refresher hosts: ipaserver:ipareplicas become: yes vars: - ssl_refresher_success: | systemctl restart httpd systemctl restart httpd.service roles: - ssl_refresher #- name: Bind ssl-refresher certs # hosts: ipaserver:ipareplicas # become: yes # tasks: # - ssl_refresher - name: Bind ssl-refresher certs hosts: ipaserver:ipareplicas become: yes tasks: - name: Update IPA certs ansible.builtin.shell: ipa-certupdate changed_when: False - name: Put cert in httpd config ansible.builtin.lineinfile: path: "/etc/httpd/conf.d/ssl.conf" state: present insertafter: "^<VirtualHost +_default_:443>$" # insertbefore: "^</VirtualHost>$" regexp: "^SSLCertificateFile .*" line: "SSLCertificateFile /opt/ssl/fullchain.pem" backup: yes notify: - Restart ipa - name: Put key in httpd config ansible.builtin.lineinfile: path: "/etc/httpd/conf.d/ssl.conf" state: present insertafter: "^<VirtualHost +_default_:443>$" # insertbefore: "^</VirtualHost>$" regexp: "^SSLCertificateKeyFile .*" line: "SSLCertificateKeyFile /opt/ssl/privkey.pem" backup: yes notify: - Restart ipa handlers: - name: Restart ipa ansible.builtin.systemd: name: httpd.service state: restarted - name: Install ucarp with dependencies hosts: ipaserver:ipareplicas Loading @@ -37,14 +58,14 @@ - { role: ucarp_systemd_dependency, ucarp_dependency: "krb5kdc" } - { role: ucarp_systemd_dependency, ucarp_dependency: "named-pkcs11" } - name: Add ucarp dependencies on server hosts: ipaserver become: yes roles: - { role: ucarp_systemd_dependency, ucarp_dependency: "dirsrv@{{ ipaserver_realm }}" } # - name: Add ucarp dependencies on server # hosts: ipaserver # become: yes # roles: # - { role: ucarp_systemd_dependency, ucarp_dependency: "dirsrv@{{ ipaserver_realm }}" } - name: Add ucarp dependencies on replicas hosts: ipareplicas become: yes roles: - { role: ucarp_systemd_dependency, ucarp_dependency: "dirsrv@{{ ipareplica_realm }}" } # - name: Add ucarp dependencies on replicas # hosts: ipareplicas # become: yes # roles: # - { role: ucarp_systemd_dependency, ucarp_dependency: "dirsrv@{{ ipareplica_realm }}" } Loading
run.yml +45 −24 Original line number Diff line number Diff line Loading @@ -6,28 +6,49 @@ roles: - freeipa_le_ca - name: Update IPA certs hosts: ipaserver:ipareplicas become: yes tasks: - name: Update IPA certs ansible.builtin.shell: ipa-certupdate changed_when: False - name: Install ssl-refresher hosts: ipaserver:ipareplicas become: yes vars: - ssl_refresher_success: | systemctl restart httpd systemctl restart httpd.service roles: - ssl_refresher #- name: Bind ssl-refresher certs # hosts: ipaserver:ipareplicas # become: yes # tasks: # - ssl_refresher - name: Bind ssl-refresher certs hosts: ipaserver:ipareplicas become: yes tasks: - name: Update IPA certs ansible.builtin.shell: ipa-certupdate changed_when: False - name: Put cert in httpd config ansible.builtin.lineinfile: path: "/etc/httpd/conf.d/ssl.conf" state: present insertafter: "^<VirtualHost +_default_:443>$" # insertbefore: "^</VirtualHost>$" regexp: "^SSLCertificateFile .*" line: "SSLCertificateFile /opt/ssl/fullchain.pem" backup: yes notify: - Restart ipa - name: Put key in httpd config ansible.builtin.lineinfile: path: "/etc/httpd/conf.d/ssl.conf" state: present insertafter: "^<VirtualHost +_default_:443>$" # insertbefore: "^</VirtualHost>$" regexp: "^SSLCertificateKeyFile .*" line: "SSLCertificateKeyFile /opt/ssl/privkey.pem" backup: yes notify: - Restart ipa handlers: - name: Restart ipa ansible.builtin.systemd: name: httpd.service state: restarted - name: Install ucarp with dependencies hosts: ipaserver:ipareplicas Loading @@ -37,14 +58,14 @@ - { role: ucarp_systemd_dependency, ucarp_dependency: "krb5kdc" } - { role: ucarp_systemd_dependency, ucarp_dependency: "named-pkcs11" } - name: Add ucarp dependencies on server hosts: ipaserver become: yes roles: - { role: ucarp_systemd_dependency, ucarp_dependency: "dirsrv@{{ ipaserver_realm }}" } # - name: Add ucarp dependencies on server # hosts: ipaserver # become: yes # roles: # - { role: ucarp_systemd_dependency, ucarp_dependency: "dirsrv@{{ ipaserver_realm }}" } - name: Add ucarp dependencies on replicas hosts: ipareplicas become: yes roles: - { role: ucarp_systemd_dependency, ucarp_dependency: "dirsrv@{{ ipareplica_realm }}" } # - name: Add ucarp dependencies on replicas # hosts: ipareplicas # become: yes # roles: # - { role: ucarp_systemd_dependency, ucarp_dependency: "dirsrv@{{ ipareplica_realm }}" }
