forked from infra/ansible
Migrate LDAP from BKCA to Let's Encrypt
This commit is contained in:
parent
c0070e042b
commit
c6c91d7256
@ -2,7 +2,7 @@ DEBUG = True
|
|||||||
SECRET_KEY = "{{ dss_secret }}"
|
SECRET_KEY = "{{ dss_secret }}"
|
||||||
SESSION_TIMEOUT = 3600
|
SESSION_TIMEOUT = 3600
|
||||||
|
|
||||||
LDAP_CA = "/usr/local/share/ca-certificates/BKCA.crt"
|
LDAP_CA = "/etc/ssl/certs/ca-certificates.crt"
|
||||||
LDAP_URI = "ldaps://{{ ldap_host }}"
|
LDAP_URI = "ldaps://{{ ldap_host }}"
|
||||||
LDAP_BASE = "{{ ldap_base }}"
|
LDAP_BASE = "{{ ldap_base }}"
|
||||||
|
|
||||||
|
@ -1,33 +0,0 @@
|
|||||||
-----BEGIN CERTIFICATE-----
|
|
||||||
MIIFuTCCA6GgAwIBAgIJANVP+EmgIyEFMA0GCSqGSIb3DQEBCwUAMHMxCzAJBgNV
|
|
||||||
BAYTAkRFMRAwDgYDVQQIDAdCYXZhcmlhMRMwEQYDVQQHDApSZWdlbnNidXJnMRww
|
|
||||||
GgYDVQQKDBNCaW5hcnkgS2l0Y2hlbiBlLlYuMR8wHQYDVQQDDBZCaW5hcnkgS2l0
|
|
||||||
Y2hlbiBSb290IENBMB4XDTE1MDUyMjA3MDcyN1oXDTI1MDUxOTA3MDcyN1owczEL
|
|
||||||
MAkGA1UEBhMCREUxEDAOBgNVBAgMB0JhdmFyaWExEzARBgNVBAcMClJlZ2Vuc2J1
|
|
||||||
cmcxHDAaBgNVBAoME0JpbmFyeSBLaXRjaGVuIGUuVi4xHzAdBgNVBAMMFkJpbmFy
|
|
||||||
eSBLaXRjaGVuIFJvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC
|
|
||||||
AQCwBmbxYSdTH+Ti2UdjpLRbSjA4uMRjJpVus0IviOtjr5nbfx/uA4b+UuhU0FS6
|
|
||||||
69vjuBeheu85SCQLZVA3If2qttlBNPvW8/WzQtmHqAK4jMGTIeD5PNH75bhIafMu
|
|
||||||
LWz5nRcagWoKVeumi9dhFofuoO6uSv1BdSbwK3gYkt5guKl5Pio9HITSFP961ndQ
|
|
||||||
n6dBLPvy4m+pJ6MZxhzaQIvxRr9uVRJieHH9Yl/CQcl2d1YQ24/KNiFFdF2NPyKE
|
|
||||||
+eFl8UWl/6sHS8tqLwhs4qeJCL1ir/1bjr8mZigflBE4mwtuV8EDF0pWWOyYehii
|
|
||||||
NLcS3LfLzv25N9mwhwGMJqLTDihtkcBCNx3c2qFrri1MvXy/KFrHKh2jt9pvgYDX
|
|
||||||
M2+g+tm+aWXfylu6k1GOIByT5ALktUzhfwuxk0SdplZNUqSfu1DccvxP9hbtSZPP
|
|
||||||
EnARbcTD/wOCSDj+nSG8scUIo3pNHddh0zx+W16kwBoNGHJX+g7vkMJikvYlHo2i
|
|
||||||
6CRdx47MknCgj/jQSPlajxAH5zzDcABbFRoRKh/esDEeGaKMKVyKJJFlx4CmHQ53
|
|
||||||
zc/jV3VjQo5yL1v3YUYllccZeXmGQb5UJoSRfpE+mvO9+EYAxWLydswNeQI1f1r8
|
|
||||||
CTWlD4tT0gooZzGKpw58Zp3IacXIzjDT5Ri2xfB+Oo4WaQIDAQABo1AwTjAdBgNV
|
|
||||||
HQ4EFgQU7MXazC3sn6xTIDkKtBv4AvYcob0wHwYDVR0jBBgwFoAU7MXazC3sn6xT
|
|
||||||
IDkKtBv4AvYcob0wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAq/fD
|
|
||||||
BfaVi1KjRANxHKXmADqN0UpSdVoB2qKsj9nJ07fdS38rUqA+QjU+zmCufVkmMxKf
|
|
||||||
es3qZz5fOHkVHAiOt65XWFtYK62JByr4LomLDVDWSM4BmbU4aB8ix9ZPOr+NmB4B
|
|
||||||
QX99w0aMknO/ohVQ7InubgsXMaKA8kggCtpBQkfwcF2ntIGvyeuPJYwAWG19iH4a
|
|
||||||
uAvOdgyDCuta6UI5UPCdYdArFv3hn6+ht60tMdxo1qq9KUlyqZ3AX1Xd4+krLlCI
|
|
||||||
Kp+qfcyJ1igD5wT50egOAvc9SydFaXgAUIjt3oY5YYvP+MWmVMI107jl4jfMnQeI
|
|
||||||
G5qIEy9luhrjqJaHfLHyT10IaU/uZB7ZvZx7ElIo1YlTlIcMU8Wg6CJponDh/1aw
|
|
||||||
PbQhtuzk60N5905zDnpSHJSa91JcpVsLPv2ykQfimA8HNH2xS7ORXUJzwvEB1vhM
|
|
||||||
KnGMQB0px7HQtTTCKcDFeqZXygi4nXNygrp+swnO869jV4e6ReeV/RB7nxjd307J
|
|
||||||
gpRdtBbIambnFP74nJUhRk/60VlCDz92f+CTosHM6rdlOxFyX69cZZhoCFU5u4wF
|
|
||||||
ODqfxRzNJPhChozXcciAcLfhx89x0ob92XQenzZzFtylDvUAskhdhTMFLKGHstH7
|
|
||||||
Q8Xr0jNYp5PaGNC5m+m9ngLYe6GzxGol7dLJElc=
|
|
||||||
-----END CERTIFICATE-----
|
|
@ -49,11 +49,8 @@
|
|||||||
- name: Set shell for root user
|
- name: Set shell for root user
|
||||||
user: name=root shell=/bin/zsh
|
user: name=root shell=/bin/zsh
|
||||||
|
|
||||||
- name: Create BKCA certificate directory
|
- name: Remove BKCA certificate
|
||||||
file: path=/usr/local/share/ca-certificates state=directory
|
file: path=/usr/local/share/ca-certificates/BKCA.crt state=absent
|
||||||
|
|
||||||
- name: Copy BKCA certificate
|
|
||||||
copy: src=BKCA.crt dest=/usr/local/share/ca-certificates/BKCA.crt mode=0444
|
|
||||||
notify: update-ca-certificates
|
notify: update-ca-certificates
|
||||||
|
|
||||||
- name: Create LDAP client config
|
- name: Create LDAP client config
|
||||||
|
@ -25,15 +25,3 @@
|
|||||||
with_items:
|
with_items:
|
||||||
- { src: '.zshrc', dest: '/root/.zshrc' }
|
- { src: '.zshrc', dest: '/root/.zshrc' }
|
||||||
- { src: '.zshrc.local', dest: '/root/.zshrc.local' }
|
- { src: '.zshrc.local', dest: '/root/.zshrc.local' }
|
||||||
|
|
||||||
- name: Create BKCA certificate directory
|
|
||||||
file: path="{{ item }}" state=directory
|
|
||||||
loop:
|
|
||||||
- "/etc/ssl/certs"
|
|
||||||
- "/usr/local/etc/ssl/certs"
|
|
||||||
|
|
||||||
- name: Copy BKCA certificate
|
|
||||||
copy: src=BKCA.crt dest="{{ item }}/BKCA.crt" mode=0444
|
|
||||||
loop:
|
|
||||||
- "/etc/ssl/certs"
|
|
||||||
- "/usr/local/etc/ssl/certs"
|
|
||||||
|
Loading…
Reference in New Issue
Block a user