Merge branch 'slapd' into 'newinfra'

Slapd

See merge request nounous/ansible!28

group_vars/crans_server/vars.yml

@@ -6,4 +6,4 @@ ldap:
 
 # Parameters for debian mirror
 debian_mirror: http://mirror.adm.crans.org/debian
-debian_components: main non_free
+debian_components: main non-free

plays/root.yml

@@ -28,6 +28,9 @@
 - hosts: slapd
   vars:
     slapd: '{{ glob_slapd | combine(loc_slapd | default({})) }}'
+    ldap:
+      private_key: "{{ vault_ldap_private_key }}"
+      certificate: "{{ vault_ldap_certificate }}"
   roles:
     - slapd
 

roles/slapd/tasks/main.yml

@@ -15,11 +15,15 @@
 
 - name: Deploy slapd configuration
   template:
-    src: ldap/slapd.conf.j2
-    dest: /etc/ldap/slapd.conf
-    mode: 0600
+    src: "ldap/{{ item.dest }}.j2"
+    dest: "/etc/ldap/{{ item.dest }}"
+    mode: "{{ item.mode }}"
     owner: openldap
     group: openldap
+  loop:
+    - { dest: slapd.conf, mode: "0600" }
+    - { dest: ldap.key, mode: "0600" }
+    - { dest: ldap.pem, mode: "0644" }
   notify: Restart slapd
 
 - name: Deploy ldap services

roles/slapd/templates/ldap/ldap.key.j2

@@ -0,0 +1 @@
+{{ ldap.private_key }}

roles/slapd/templates/ldap/ldap.pem.j2

@@ -0,0 +1 @@
+{{ ldap.certificate }}

roles/slapd/templates/ldap/slapd.conf.j2

@@ -35,9 +35,8 @@ moduleload 		syncprov
 # TODO FAIRE LES CERTIFICATS
 # TLS Certificates
 #TLSCipherSuite HIGH:MEDIUM:-SSLv2:-SSLv3
-#TLSCACertificateFile /etc/ssl/certs/ServENS.crt
-#TLSCertificateFile /etc/ldap/ldap.pem
-#TLSCertificateKeyFile /etc/ldap/ldap.key
+TLSCertificateFile /etc/ldap/ldap.pem
+TLSCertificateKeyFile /etc/ldap/ldap.key
 
 # The maximum number of entries that is returned for a search operation
 sizelimit 500