diff --git a/defaults/main.yml b/defaults/main.yml index 712f7ea..5fe2ca2 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -14,7 +14,7 @@ ldaptoolbox_openldap_apt_validate_certs: "true" # Packages ldaptoolbox_openldap_packages_base: openldap-ltb, openldap-ltb-contrib-overlays, openldap-ltb-mdb-utils -ldaptoolbox_openldap_packages_dependencies: libcrack2, curl +ldaptoolbox_openldap_packages_dependencies: libcrack2, curl, gpg ldaptoolbox_openldap_packages_state: present # Filesystem @@ -25,7 +25,7 @@ ldaptoolbox_openldap_configuration_prefix: "config" ldaptoolbox_openldap_configuration_owner: ldap ldaptoolbox_openldap_configuration_group: ldap ldaptoolbox_openldap_configuration_mode: 0600 -ldaptoolbox_openldap_sslgroup: "{{ 'root' if ansible_os_family == 'RedHat' else 'ssl-cert' }}" +ldaptoolbox_openldap_sslgroup: "{{ 'root' }}" # OpenLDAP LTB CLI command path ldaptoolbox_openldap_slapd_cli_cmd: /usr/local/openldap/sbin/slapd-cli @@ -48,9 +48,7 @@ ldaptoolbox_openldap_custom_schema_list: [] ldaptoolbox_openldap_schema_dir: /usr/local/openldap/etc/openldap/schema # Certificates -ldaptoolbox_openldap_olcTLSCACertificateFile: "{{ '' if ansible_os_family == 'RedHat' else '/etc/ssl/certs/ca-certificates.crt' }}" -ldaptoolbox_openldap_olcTLSCertificateFile: "{{ '' if ansible_os_family == 'RedHat' else '/etc/ssl/certs/ssl-cert-snakeoil.pem' }}" -ldaptoolbox_openldap_olcTLSCertificateKeyFile: "{{ '' if ansible_os_family == 'RedHat' else '/etc/ssl/private/ssl-cert-snakeoil.key' }}" +ldaptoolbox_openldap_olcTLSCipherSuite: "TLSv1.3:TLSv1.2" ldaptoolbox_openldap_olcTLSProtocolMin: 3.3 # Log level diff --git a/playbook/inventory b/playbook/inventory index 2faea5c..71ef35e 100644 --- a/playbook/inventory +++ b/playbook/inventory @@ -4,3 +4,4 @@ prod: master2: slave1: slave2: + standalone: diff --git a/playbook/standalone.yml b/playbook/standalone.yml index 40d66ac..9ead3c6 100644 --- a/playbook/standalone.yml +++ b/playbook/standalone.yml @@ -2,20 +2,22 @@ # example of playbook for a standalone installation ################################################################################ --- -- hosts: localhost +- hosts: standalone remote_user: root vars_files: - credentials-vault.yml + - certificates-vault.yml vars: # Define suffix - ldaptoolbox_openldap_suffix: "dc=my-organization,dc=com" # include extra schema - ldaptoolbox_openldap_custom_schema_srcdir: "{{ playbook_dir }}/files/ldaptoolbox.oldap/usr/local/openldap/etc/openldap/schema" - ldaptoolbox_openldap_custom_schema_list: [ custom.ldif ] - # define certificates (must be deployed before) - - ldaptoolbox_openldap_olcTLSCACertificateFile: "{{ '' if ansible_os_family == 'RedHat' else '/etc/ssl/certs/ca-certificates.crt' }}" - - ldaptoolbox_openldap_olcTLSCertificateFile: "{{ '' if ansible_os_family == 'RedHat' else '/etc/ssl/certs/ssl-cert-snakeoil.pem' }}" - - ldaptoolbox_openldap_olcTLSCertificateKeyFile: "{{ '' if ansible_os_family == 'RedHat' else '/etc/ssl/private/ssl-cert-snakeoil.key' }}" + # deploy certificates + - ldaptoolbox_openldap_olcTLSCACertificateFile: "{{ '/usr/local/openldap/etc/openldap/certs/ca.crt' }}" + - ldaptoolbox_openldap_olcTLSCertificateFile: "{{ '/usr/local/openldap/etc/openldap/certs/openldap.crt' }}" + - ldaptoolbox_openldap_olcTLSCertificateKeyFile: "{{ '/usr/local/openldap/etc/openldap/certs/openldap.key' }}" + - ldaptoolbox_openldap_olcTLSDHParamFile: "{{ '/usr/local/openldap/etc/openldap/certs/dhparams' }}" # Accounts and passwords - ldaptoolbox_openldap_config_olcRootDN: cn=admin,cn=config - ldaptoolbox_openldap_config_olcRootPW_hash: "{{ ldaptoolbox_openldap_config_olcRootPW_hash_vault }}"