Fix (3495fd20) · Commits · Tools / Ansible / Playbooks / IDM FreeIPA Setup

requirements.yml

+3 −0

Original line number	Diff line number	Diff line
		@@ -4,6 +4,9 @@
		- src: https://gitlab.cyberbrain.pw/ansible/roles/freeipa_le_ca
		scm: git

		- src: https://gitlab.cyberbrain.pw/ansible/roles/freeipa_le_certs_httpd
		scm: git

		- src: https://gitlab.cyberbrain.pw/ansible/roles/ssl_refresher
		scm: git

+2 −40

Original line number	Diff line number	Diff line
		@@ -6,49 +6,11 @@
		roles:
		- freeipa_le_ca

		- name: Install ssl-refresher
		hosts: ipaserver:ipareplicas
		become: yes
		vars:
		- ssl_refresher_success: \|
		systemctl restart httpd.service
		roles:
		- ssl_refresher

		- name: Bind ssl-refresher certs
		hosts: ipaserver:ipareplicas
		become: yes
		tasks:
		- name: Update IPA certs
		ansible.builtin.shell: ipa-certupdate
		changed_when: False
		- name: Put cert in httpd config
		ansible.builtin.lineinfile:
		path: "/etc/httpd/conf.d/ssl.conf"
		state: present
		insertafter: "^<VirtualHost +_default_:443>$"
		# insertbefore: "^</VirtualHost>$"
		regexp: "^SSLCertificateFile .*"
		line: "SSLCertificateFile /opt/ssl/fullchain.pem"
		backup: yes
		notify:
		- Restart ipa
		- name: Put key in httpd config
		ansible.builtin.lineinfile:
		path: "/etc/httpd/conf.d/ssl.conf"
		state: present
		insertafter: "^<VirtualHost +_default_:443>$"
		# insertbefore: "^</VirtualHost>$"
		regexp: "^SSLCertificateKeyFile .*"
		line: "SSLCertificateKeyFile /opt/ssl/privkey.pem"
		backup: yes
		notify:
		- Restart ipa
		handlers:
		- name: Restart ipa
		ansible.builtin.systemd:
		name: httpd.service
		state: restarted
		roles:
		- freeipa_le_certs_httpd

		- name: Install ucarp with dependencies
		hosts: ipaserver:ipareplicas