@@ -1,6 +1,6 @@ | |||||
# Deploy OpenLDAP/FusionDirectory using Ansible | # Deploy OpenLDAP/FusionDirectory using Ansible | ||||
These playbooks will deploy an OpenLDAP/FusionDirectory server. | |||||
These Role will deploy an OpenLDAP/FusionDirectory server. | |||||
Components: | Components: | ||||
* OpenLDAP (slapd) | * OpenLDAP (slapd) | ||||
@@ -16,7 +16,7 @@ Components: | |||||
## Clone the repository | ## Clone the repository | ||||
Clone the reposiroty: | |||||
Clone the repository: | |||||
``` | ``` | ||||
$ git clone https://git.theo-andreou.org/Personal/ansible-deploy-ldap-fusiondirectory.git | $ git clone https://git.theo-andreou.org/Personal/ansible-deploy-ldap-fusiondirectory.git | ||||
@@ -49,7 +49,7 @@ timezone: Asia/Nicosia | |||||
* Create an encrypted *vars/secrets.yml* file: | * Create an encrypted *vars/secrets.yml* file: | ||||
``` | ``` | ||||
$ ansible-vault create vars/secrets.yml | |||||
$ ansible-vault create vars/secrets.yml | |||||
``` | ``` | ||||
Use a master password for the file above. | Use a master password for the file above. | ||||
@@ -63,12 +63,28 @@ fd_admin: fdadmin | |||||
fd_admin_pass: MySecretFDCombination | fd_admin_pass: MySecretFDCombination | ||||
``` | ``` | ||||
* Create a playbook to call this role (fusiondirectory.yml): | |||||
``` | |||||
- hosts: all | |||||
become: yes | |||||
gather_facts: false | |||||
vars: | |||||
- ansible_user: "ubuntu" | |||||
pre_tasks: | |||||
- name: install python 2 | |||||
raw: test -e /usr/bin/python || (apt -y update && apt install -y python-minimal) | |||||
changed_when: False | |||||
roles: | |||||
- ansible-deploy-ldap-fusiondirectory | |||||
``` | |||||
## Deploy LDAP and FusionDirectory | ## Deploy LDAP and FusionDirectory | ||||
When done with the configuration run this command (provide your master password): | When done with the configuration run this command (provide your master password): | ||||
``` | ``` | ||||
$ ansible-playbook --vault-id @prompt deploy_fusiondirectory.yml | |||||
$ ansible-playbook --vault-id @prompt fusiondirectory.yml | |||||
``` | ``` | ||||
When done visit http://auth.example.org to login for the first time. I suggest you enable HTTPS before doing that. | When done visit http://auth.example.org to login for the first time. I suggest you enable HTTPS before doing that. | ||||
@@ -1,343 +0,0 @@ | |||||
--- | |||||
# This will deploy OpenLDAP and FusionDirectory on the mailserver | |||||
- hosts: auth.example.com | |||||
user: root | |||||
vars_files: | |||||
- vars/all.yml | |||||
- vars/secrets.yml | |||||
tasks: | |||||
- name: Prepate /etc/hosts | |||||
lineinfile: | |||||
path: /etc/hosts | |||||
insertafter: '^127.0.1.1 ' | |||||
line: "{{ item }}" | |||||
with_items: | |||||
- "127.0.2.1 mail.{{ domain }} mail" | |||||
- "127.0.3.1 auth.{{ domain }} auth" | |||||
- name: Setup OpenLDAP and Dependencies | |||||
apt: | |||||
name: "{{ item }}" | |||||
state: present | |||||
update_cache: yes | |||||
with_items: | |||||
- ldap-utils | |||||
- gnutls-bin | |||||
- ca-certificates | |||||
- python-ldap | |||||
- python3-ldap | |||||
- name: debconf configuration for slapd | |||||
debconf: | |||||
name: slapd | |||||
question: "{{ item.question }}" | |||||
value: "{{ item.value }}" | |||||
vtype: "{{ item.vtype }}" | |||||
with_items: | |||||
- { question: slapd/no_configuration, value: False, vtype: boolean } | |||||
- { question: slapd/domain, value: "{{ domain }}", vtype: string } | |||||
- { question: shared/organization, value: "{{ organization }}", vtype: string } | |||||
- { question: slapd/password1, value: "{{ ldap_admin_pass }}", vtype: password } | |||||
- { question: slapd/password2, value: "{{ ldap_admin_pass }}", vtype: password } | |||||
- { question: slapd/backend, value: MDB, vtype: select } | |||||
- { question: slapd/purge_database, value: False, vtype: boolean } | |||||
- { question: slapd/move_old_database, value: True, vtype: boolean } | |||||
no_log: True | |||||
- name: install slapd | |||||
apt: | |||||
name: slapd | |||||
state: present | |||||
- name: Create the ROOT CA store | |||||
file: | |||||
path: /srv/CA | |||||
state: directory | |||||
- name: Generate the CA Certificate template | |||||
template: | |||||
src: templates/ca-cert.tmpl.j2 | |||||
dest: /srv/CA/ca-cert.tmpl | |||||
- name: Generate the ROOT CA private key | |||||
command: | | |||||
certtool --generate-privkey \ | |||||
--outfile {{ domain }}-rootCA.key | |||||
args: | |||||
chdir: /srv/CA | |||||
creates: "/srv/CA/{{ domain }}-rootCA.key" | |||||
- name: Generate the ROOT CA Certificate | |||||
command: | | |||||
certtool --generate-self-signed \ | |||||
--template ca-cert.tmpl \ | |||||
--load-privkey {{ domain }}-rootCA.key \ | |||||
--outfile {{ domain }}-rootCA.crt | |||||
args: | |||||
chdir: /srv/CA | |||||
creates: "/srv/CA/{{ domain }}-rootCA.crt" | |||||
- name: Add our ROOT CA as trusted | |||||
copy: | |||||
remote_src: yes | |||||
src: "/srv/CA/{{ domain }}-rootCA.crt" | |||||
dest: /usr/local/share/ca-certificates/ | |||||
notify: | |||||
- Update CA Certificates | |||||
- name: Create the LDAP TLS store | |||||
file: | |||||
path: /etc/ldap/ssl | |||||
owner: openldap | |||||
group: openldap | |||||
state: directory | |||||
- name: Generate the LDAP Certificate template | |||||
template: | |||||
src: templates/ldap-cert.tmpl.j2 | |||||
dest: /srv/CA/ldap-cert.tmpl | |||||
- name: Generate the LDAP private key | |||||
command: | | |||||
certtool --generate-privkey \ | |||||
--outfile {{ domain }}.key | |||||
args: | |||||
chdir: /etc/ldap/ssl | |||||
creates: "/etc/ldap/ssl/{{ domain }}.key" | |||||
- name: Generate the LDAP Certificate | |||||
command: | | |||||
certtool --generate-certificate \ | |||||
--template /srv/CA/ldap-cert.tmpl \ | |||||
--load-privkey {{ domain }}.key \ | |||||
--outfile {{ domain }}.crt \ | |||||
--load-ca-privkey /srv/CA/{{ domain }}-rootCA.key | |||||
--load-ca-certificate /srv/CA/{{ domain }}-rootCA.crt | |||||
args: | |||||
chdir: /etc/ldap/ssl | |||||
creates: "/etc/ldap/ssl/{{ domain }}.crt" | |||||
- name: Set the correct ownership on the LDAP cert/key pair | |||||
file: | |||||
path: "/etc/ldap/ssl/{{ item }}" | |||||
owner: openldap | |||||
group: openldap | |||||
with_items: | |||||
- "{{ domain }}.key" | |||||
- "{{ domain }}.crt" | |||||
- name: Create the custom_ldifs store | |||||
file: | |||||
path: /etc/ldap/custom_ldifs | |||||
owner: openldap | |||||
group: openldap | |||||
state: directory | |||||
- name: Create the olcSSL.ldif file (LDAP TLS Configuration) | |||||
template: | |||||
src: templates/olcSSL.ldif.j2 | |||||
dest: /etc/ldap/custom_ldifs/olcSSL.ldif | |||||
owner: openldap | |||||
group: openldap | |||||
notify: | |||||
- Apply olcSSL.ldif | |||||
- Restart slapd | |||||
- name: Add an apt key by id from a keyserver | |||||
apt_key: | |||||
keyserver: keys.gnupg.net | |||||
id: A94DE63F2EDB5F0DC0785EBBD744D55EACDA69FF | |||||
- name: Add the Fusiondirectory repo | |||||
apt_repository: | |||||
repo: "{{ item }}" | |||||
state: present | |||||
with_items: | |||||
- 'deb http://repos.fusiondirectory.org/fusiondirectory-current/debian-jessie jessie main' | |||||
- 'deb http://repos.fusiondirectory.org/fusiondirectory-extra/debian-jessie jessie main' | |||||
- name: Install FusionDirectory, dependencies and plugins | |||||
apt: | |||||
name: "{{ item }}" | |||||
update_cache: yes | |||||
state: present | |||||
with_items: | |||||
- apache2 | |||||
- libapache2-mod-php | |||||
- php-ldap | |||||
- php-intl | |||||
- php-pear | |||||
- php-mbstring | |||||
- fusiondirectory | |||||
- fusiondirectory-schema | |||||
- fusiondirectory-plugin-ldapdump | |||||
- fusiondirectory-plugin-ldapmanager | |||||
- fusiondirectory-plugin-dsa | |||||
- fusiondirectory-plugin-dsa-schema | |||||
- fusiondirectory-plugin-systems | |||||
- fusiondirectory-plugin-systems-schema | |||||
notify: | |||||
- Apply FusionDirectory Schema | |||||
- Apply FusionDirectory Plugins Schema | |||||
- name: Calculate FusionDirectory Configuration hash | |||||
stat: | |||||
path: /var/cache/fusiondirectory/class.cache | |||||
get_md5: yes | |||||
register: fd_config_hash | |||||
- name: Generate the Initial FusionDirectory configuration | |||||
template: | |||||
src: templates/fd-init-config.ldif.j2 | |||||
dest: /etc/ldap/custom_ldifs/fd-init-config.ldif | |||||
notify: | |||||
- Initialize FusionDirectory Configuration | |||||
- name: Migrate FusionDirectory Object Classes | |||||
template: | |||||
src: templates/fd-migrate-object-classes.ldif.j2 | |||||
dest: /etc/ldap/custom_ldifs/fd-migrate-object-classes.ldif | |||||
notify: | |||||
- Migrate Object Classes | |||||
- name: Create an empty ldap.conf file | |||||
file: | |||||
path: /etc/ldap/ldap.conf | |||||
state: touch | |||||
notify: | |||||
- Generate FusionDirectory SuperUser and OUs | |||||
- name: Set FusionDirectory SuperUser Password | |||||
command: | | |||||
true | |||||
notify: | |||||
- Set SuperUser Password | |||||
no_log: True | |||||
- name: Migrate FusionDirectory Defaults ACLs | |||||
template: | |||||
src: templates/fd-migrate-default-acl.ldif.j2 | |||||
dest: /etc/ldap/custom_ldifs/fd-migrate-default-acl.ldif | |||||
notify: | |||||
- Migrate Default ACLs | |||||
- name: Fix Permissions for the FusionDirectory Configuration | |||||
template: | |||||
src: templates/fusiondirectory.conf.j2 | |||||
dest: /etc/fusiondirectory/fusiondirectory.conf | |||||
notify: | |||||
- Fix FusionDirectory Configuration Permisions | |||||
- name: Apply FusionDirectory Service Accounts ACL | |||||
template: | |||||
src: templates/fd-service_accounts_acl.ldif.j2 | |||||
dest: /etc/ldap/custom_ldifs/fd-service_accounts_acl.ldif | |||||
notify: | |||||
- Apply Service Accounts ACL | |||||
- name: Create a .well-known directory | |||||
file: | |||||
path: /var/www/html/.well-known | |||||
state: directory | |||||
owner: www-data | |||||
group: www-data | |||||
- name: Deploy the Apache VirtualHosts for FusionDirectory | |||||
template: | |||||
src: "templates/fd-vhost{{ item }}.j2" | |||||
dest: "/etc/apache2/sites-available/{{domain}}{{ item }}" | |||||
with_items: | |||||
- ".conf" | |||||
- "-ssl.conf" | |||||
notify: | |||||
- Enable the Apache HTTP VirtualHost | |||||
- Disable the Default Apache VirtualHost | |||||
- Restart Apache | |||||
handlers: | |||||
- name: Update CA Certificates | |||||
command: update-ca-certificates | |||||
- name: Apply olcSSL.ldif | |||||
command: ldapmodify -Y EXTERNAL -H ldapi:/// -f olcSSL.ldif | |||||
args: | |||||
chdir: /etc/ldap/custom_ldifs | |||||
- name: Restart slapd | |||||
service: | |||||
name: slapd | |||||
state: restarted | |||||
- name: Apply FusionDirectory Schema | |||||
command: fusiondirectory-insert-schema | |||||
- name: Apply FusionDirectory Plugins Schema | |||||
command: | | |||||
fusiondirectory-insert-schema \ | |||||
-i /etc/ldap/schema/fusiondirectory/{{ item }}.schema | |||||
with_items: | |||||
- dsa-fd-conf | |||||
- service-fd | |||||
- systems-fd-conf | |||||
- systems-fd | |||||
- name: Initialize FusionDirectory Configuration | |||||
command: | | |||||
ldapadd -x -D {{ ldap_admin_dn }} -w {{ ldap_admin_pass }} -H ldapi:/// -f fd-init-config.ldif | |||||
args: | |||||
chdir: /etc/ldap/custom_ldifs | |||||
no_log: True | |||||
- name: Migrate Object Classes | |||||
command: | | |||||
ldapmodify -x -D {{ ldap_admin_dn }} -w {{ ldap_admin_pass }} -H ldapi:/// -f fd-migrate-object-classes.ldif | |||||
args: | |||||
chdir: /etc/ldap/custom_ldifs | |||||
no_log: True | |||||
- name: Generate FusionDirectory SuperUser and OUs | |||||
shell: | | |||||
yes '{{ fd_admin }}' | \ | |||||
fusiondirectory-setup --yes --check-ldap | |||||
- name: Set SuperUser Password | |||||
command: | | |||||
ldappasswd -D {{ ldap_admin_dn }} -w {{ ldap_admin_pass }} -s {{ fd_admin_pass }} uid={{ fd_admin }},ou=people,{{ base_dn }} | |||||
no_log: True | |||||
- name: Migrate Default ACLs | |||||
command: | | |||||
ldapadd -x -D {{ ldap_admin_dn }} -w {{ ldap_admin_pass }} -H ldapi:/// -f fd-migrate-default-acl.ldif | |||||
args: | |||||
chdir: /etc/ldap/custom_ldifs | |||||
no_log: True | |||||
- name: Fix FusionDirectory Configuration Permisions | |||||
command: fusiondirectory-setup --yes --check-config | |||||
- name: Apply Service Accounts ACL | |||||
command: | | |||||
ldapadd -c -Y EXTERNAL -H ldapi:/// -f fd-service_accounts_acl.ldif | |||||
args: | |||||
chdir: /etc/ldap/custom_ldifs | |||||
- name: Enable the Apache HTTP VirtualHost | |||||
file: | |||||
src: "/etc/apache2/sites-available/{{ domain }}.conf" | |||||
dest: "/etc/apache2/sites-enabled/{{ domain }}.conf" | |||||
state: link | |||||
- name: Disable the Default Apache VirtualHost | |||||
file: | |||||
path: /etc/apache2/sites-enabled/000-default.conf | |||||
state: absent | |||||
- name: Restart Apache | |||||
service: | |||||
name: apache2 | |||||
state: restarted |
@@ -0,0 +1,82 @@ | |||||
--- | |||||
- name: Update CA Certificates | |||||
command: update-ca-certificates | |||||
- name: Apply olcSSL.ldif | |||||
command: ldapmodify -Y EXTERNAL -H ldapi:/// -f olcSSL.ldif | |||||
args: | |||||
chdir: /etc/ldap/custom_ldifs | |||||
- name: Restart slapd | |||||
service: | |||||
name: slapd | |||||
state: restarted | |||||
- name: Apply FusionDirectory Schema | |||||
command: fusiondirectory-insert-schema | |||||
- name: Apply FusionDirectory Plugins Schema | |||||
command: | | |||||
fusiondirectory-insert-schema \ | |||||
-i /etc/ldap/schema/fusiondirectory/{{ item }}.schema | |||||
with_items: | |||||
- dsa-fd-conf | |||||
- service-fd | |||||
- systems-fd-conf | |||||
- systems-fd | |||||
- name: Initialize FusionDirectory Configuration | |||||
command: | | |||||
ldapadd -x -D {{ ldap_admin_dn }} -w {{ ldap_admin_pass }} -H ldapi:/// -f fd-init-config.ldif | |||||
args: | |||||
chdir: /etc/ldap/custom_ldifs | |||||
no_log: True | |||||
- name: Migrate Object Classes | |||||
command: | | |||||
ldapmodify -x -D {{ ldap_admin_dn }} -w {{ ldap_admin_pass }} -H ldapi:/// -f fd-migrate-object-classes.ldif | |||||
args: | |||||
chdir: /etc/ldap/custom_ldifs | |||||
no_log: True | |||||
- name: Generate FusionDirectory SuperUser and OUs | |||||
shell: | | |||||
yes '{{ fd_admin }}' | \ | |||||
fusiondirectory-setup --yes --check-ldap | |||||
- name: Set SuperUser Password | |||||
command: | | |||||
ldappasswd -D {{ ldap_admin_dn }} -w {{ ldap_admin_pass }} -s {{ fd_admin_pass }} uid={{ fd_admin }},ou=people,{{ base_dn }} | |||||
no_log: True | |||||
- name: Migrate Default ACLs | |||||
command: | | |||||
ldapadd -x -D {{ ldap_admin_dn }} -w {{ ldap_admin_pass }} -H ldapi:/// -f fd-migrate-default-acl.ldif | |||||
args: | |||||
chdir: /etc/ldap/custom_ldifs | |||||
no_log: True | |||||
- name: Fix FusionDirectory Configuration Permisions | |||||
command: fusiondirectory-setup --yes --check-config | |||||
- name: Apply Service Accounts ACL | |||||
command: | | |||||
ldapadd -c -Y EXTERNAL -H ldapi:/// -f fd-service_accounts_acl.ldif | |||||
args: | |||||
chdir: /etc/ldap/custom_ldifs | |||||
- name: Enable the Apache HTTP VirtualHost | |||||
file: | |||||
src: "/etc/apache2/sites-available/{{ domain }}.conf" | |||||
dest: "/etc/apache2/sites-enabled/{{ domain }}.conf" | |||||
state: link | |||||
- name: Disable the Default Apache VirtualHost | |||||
file: | |||||
path: /etc/apache2/sites-enabled/000-default.conf | |||||
state: absent | |||||
- name: Restart Apache | |||||
service: | |||||
name: apache2 | |||||
state: restarted |
@@ -0,0 +1,250 @@ | |||||
--- | |||||
# This will deploy OpenLDAP and FusionDirectory on the mailserver | |||||
- name: Prepate /etc/hosts | |||||
lineinfile: | |||||
path: /etc/hosts | |||||
insertafter: '^127.0.1.1 ' | |||||
line: "{{ item }}" | |||||
with_items: | |||||
- "127.0.2.1 mail.{{ domain }} mail" | |||||
- "127.0.3.1 auth.{{ domain }} auth" | |||||
- name: Setup OpenLDAP and Dependencies | |||||
apt: | |||||
name: "{{ item }}" | |||||
state: present | |||||
update_cache: yes | |||||
with_items: | |||||
- ldap-utils | |||||
- gnutls-bin | |||||
- ca-certificates | |||||
- python-ldap | |||||
- python3-ldap | |||||
- name: debconf configuration for slapd | |||||
debconf: | |||||
name: slapd | |||||
question: "{{ item.question }}" | |||||
value: "{{ item.value }}" | |||||
vtype: "{{ item.vtype }}" | |||||
with_items: | |||||
- { question: slapd/no_configuration, value: False, vtype: boolean } | |||||
- { question: slapd/domain, value: "{{ domain }}", vtype: string } | |||||
- { question: shared/organization, value: "{{ organization }}", vtype: string } | |||||
- { question: slapd/password1, value: "{{ ldap_admin_pass }}", vtype: password } | |||||
- { question: slapd/password2, value: "{{ ldap_admin_pass }}", vtype: password } | |||||
- { question: slapd/backend, value: MDB, vtype: select } | |||||
- { question: slapd/purge_database, value: False, vtype: boolean } | |||||
- { question: slapd/move_old_database, value: True, vtype: boolean } | |||||
no_log: True | |||||
- name: install slapd | |||||
apt: | |||||
name: slapd | |||||
state: present | |||||
- name: Create the ROOT CA store | |||||
file: | |||||
path: /srv/CA | |||||
state: directory | |||||
- name: Generate the CA Certificate template | |||||
template: | |||||
src: templates/ca-cert.tmpl.j2 | |||||
dest: /srv/CA/ca-cert.tmpl | |||||
- name: Generate the ROOT CA private key | |||||
command: | | |||||
certtool --generate-privkey \ | |||||
--outfile {{ domain }}-rootCA.key | |||||
args: | |||||
chdir: /srv/CA | |||||
creates: "/srv/CA/{{ domain }}-rootCA.key" | |||||
- name: Generate the ROOT CA Certificate | |||||
command: | | |||||
certtool --generate-self-signed \ | |||||
--template ca-cert.tmpl \ | |||||
--load-privkey {{ domain }}-rootCA.key \ | |||||
--outfile {{ domain }}-rootCA.crt | |||||
args: | |||||
chdir: /srv/CA | |||||
creates: "/srv/CA/{{ domain }}-rootCA.crt" | |||||
- name: Add our ROOT CA as trusted | |||||
copy: | |||||
remote_src: yes | |||||
src: "/srv/CA/{{ domain }}-rootCA.crt" | |||||
dest: /usr/local/share/ca-certificates/ | |||||
notify: | |||||
- Update CA Certificates | |||||
- name: Create the LDAP TLS store | |||||
file: | |||||
path: /etc/ldap/ssl | |||||
owner: openldap | |||||
group: openldap | |||||
state: directory | |||||
- name: Generate the LDAP Certificate template | |||||
template: | |||||
src: templates/ldap-cert.tmpl.j2 | |||||
dest: /srv/CA/ldap-cert.tmpl | |||||
- name: Generate the LDAP private key | |||||
command: | | |||||
certtool --generate-privkey \ | |||||
--outfile {{ domain }}.key | |||||
args: | |||||
chdir: /etc/ldap/ssl | |||||
creates: "/etc/ldap/ssl/{{ domain }}.key" | |||||
- name: Generate the LDAP Certificate | |||||
command: | | |||||
certtool --generate-certificate \ | |||||
--template /srv/CA/ldap-cert.tmpl \ | |||||
--load-privkey {{ domain }}.key \ | |||||
--outfile {{ domain }}.crt \ | |||||
--load-ca-privkey /srv/CA/{{ domain }}-rootCA.key | |||||
--load-ca-certificate /srv/CA/{{ domain }}-rootCA.crt | |||||
args: | |||||
chdir: /etc/ldap/ssl | |||||
creates: "/etc/ldap/ssl/{{ domain }}.crt" | |||||
- name: Set the correct ownership on the LDAP cert/key pair | |||||
file: | |||||
path: "/etc/ldap/ssl/{{ item }}" | |||||
owner: openldap | |||||
group: openldap | |||||
with_items: | |||||
- "{{ domain }}.key" | |||||
- "{{ domain }}.crt" | |||||
- name: Create the custom_ldifs store | |||||
file: | |||||
path: /etc/ldap/custom_ldifs | |||||
owner: openldap | |||||
group: openldap | |||||
state: directory | |||||
- name: Create the olcSSL.ldif file (LDAP TLS Configuration) | |||||
template: | |||||
src: templates/olcSSL.ldif.j2 | |||||
dest: /etc/ldap/custom_ldifs/olcSSL.ldif | |||||
owner: openldap | |||||
group: openldap | |||||
notify: | |||||
- Apply olcSSL.ldif | |||||
- Restart slapd | |||||
- name: Add an apt key by id from a keyserver | |||||
apt_key: | |||||
keyserver: keys.gnupg.net | |||||
id: A94DE63F2EDB5F0DC0785EBBD744D55EACDA69FF | |||||
- name: Add the Fusiondirectory repo | |||||
apt_repository: | |||||
repo: "{{ item }}" | |||||
state: present | |||||
with_items: | |||||
- 'deb http://repos.fusiondirectory.org/fusiondirectory-current/debian-jessie jessie main' | |||||
- 'deb http://repos.fusiondirectory.org/fusiondirectory-extra/debian-jessie jessie main' | |||||
- name: Install FusionDirectory, dependencies and plugins | |||||
apt: | |||||
name: "{{ item }}" | |||||
update_cache: yes | |||||
state: present | |||||
with_items: | |||||
- apache2 | |||||
- libapache2-mod-php | |||||
- php-ldap | |||||
- php-intl | |||||
- php-pear | |||||
- php-mbstring | |||||
- fusiondirectory | |||||
- fusiondirectory-schema | |||||
- fusiondirectory-plugin-ldapdump | |||||
- fusiondirectory-plugin-ldapmanager | |||||
- fusiondirectory-plugin-dsa | |||||
- fusiondirectory-plugin-dsa-schema | |||||
- fusiondirectory-plugin-systems | |||||
- fusiondirectory-plugin-systems-schema | |||||
notify: | |||||
- Apply FusionDirectory Schema | |||||
- Apply FusionDirectory Plugins Schema | |||||
- name: Calculate FusionDirectory Configuration hash | |||||
stat: | |||||
path: /var/cache/fusiondirectory/class.cache | |||||
get_md5: yes | |||||
register: fd_config_hash | |||||
- name: Generate the Initial FusionDirectory configuration | |||||
template: | |||||
src: templates/fd-init-config.ldif.j2 | |||||
dest: /etc/ldap/custom_ldifs/fd-init-config.ldif | |||||
notify: | |||||
- Initialize FusionDirectory Configuration | |||||
- name: Migrate FusionDirectory Object Classes | |||||
template: | |||||
src: templates/fd-migrate-object-classes.ldif.j2 | |||||
dest: /etc/ldap/custom_ldifs/fd-migrate-object-classes.ldif | |||||
notify: | |||||
- Migrate Object Classes | |||||
- name: Create an empty ldap.conf file | |||||
file: | |||||
path: /etc/ldap/ldap.conf | |||||
state: touch | |||||
notify: | |||||
- Generate FusionDirectory SuperUser and OUs | |||||
- name: Set FusionDirectory SuperUser Password | |||||
command: | | |||||
true | |||||
notify: | |||||
- Set SuperUser Password | |||||
no_log: True | |||||
- name: Migrate FusionDirectory Defaults ACLs | |||||
template: | |||||
src: templates/fd-migrate-default-acl.ldif.j2 | |||||
dest: /etc/ldap/custom_ldifs/fd-migrate-default-acl.ldif | |||||
notify: | |||||
- Migrate Default ACLs | |||||
- name: Fix Permissions for the FusionDirectory Configuration | |||||
template: | |||||
src: templates/fusiondirectory.conf.j2 | |||||
dest: /etc/fusiondirectory/fusiondirectory.conf | |||||
notify: | |||||
- Fix FusionDirectory Configuration Permisions | |||||
- name: Apply FusionDirectory Service Accounts ACL | |||||
template: | |||||
src: templates/fd-service_accounts_acl.ldif.j2 | |||||
dest: /etc/ldap/custom_ldifs/fd-service_accounts_acl.ldif | |||||
notify: | |||||
- Apply Service Accounts ACL | |||||
- name: Create a .well-known directory | |||||
file: | |||||
path: /var/www/html/.well-known | |||||
state: directory | |||||
owner: www-data | |||||
group: www-data | |||||
- name: Deploy the Apache VirtualHosts for FusionDirectory | |||||
template: | |||||
src: "templates/fd-vhost{{ item }}.j2" | |||||
dest: "/etc/apache2/sites-available/{{domain}}{{ item }}" | |||||
with_items: | |||||
- ".conf" | |||||
- "-ssl.conf" | |||||
notify: | |||||
- Enable the Apache HTTP VirtualHost | |||||
- Disable the Default Apache VirtualHost | |||||
- Restart Apache |