fix certificate install on rhel-like (#11)

ltb-project · Oct 18, 2023 · 695a689 · 695a689
1 parent e18d530
commit 695a689
Show file tree

Hide file tree

Showing 5 changed files with 17 additions and 20 deletions.
diff --git a/README.md b/README.md
@@ -63,22 +63,19 @@ Run the corresponding task with:
 ansible-playbook tests/monitoring.yml -i tests/inventory
 ```
 
-Test for RHEL
--------------
 
-here sample of what certificates configuration can be :
+If you want to install openldap on RHEL-like OS with certificates, you can define them in `tests/standalone.yml`:
 
 ```
-ldaptoolbox_openldap_sslgroup=root
 ldaptoolbox_openldap_olcTLSCACertificateFile=/etc/pki/ca-trust/source/anchors/ca-cert.pem
 ldaptoolbox_openldap_olcTLSCertificateFile=/etc/pki/tls/certs/ldaps-cert.pem
-ldaptoolbox_openldap_olcTLSCertificateKeyFile=/etc/pki/tls/private/ldaps.key"
+ldaptoolbox_openldap_olcTLSCertificateKeyFile=/etc/pki/tls/private/ldaps.key
 ```
 
-can be run with extra-vars :
+You can also overload these variables in the command line:
 
 ```
-ansible-playbook tests/standalone.yml -i tests/inventory --ask-vault-pass --extra-vars "ldaptoolbox_openldap_sslgroup=root ldaptoolbox_openldap_olcTLSCACertificateFile=/etc/pki/ca-trust/source/anchors/ca-cert.pem ldaptoolbox_openldap_olcTLSCertificateFile=/etc/pki/tls/certs/ldaps-cert.pem ldaptoolbox_openldap_olcTLSCertificateKeyFile=/etc/pki/tls/private/ldaps.key"
+ansible-playbook tests/standalone.yml -i tests/inventory --ask-vault-pass --extra-vars "ldaptoolbox_openldap_olcTLSCACertificateFile=/etc/pki/ca-trust/source/anchors/ca-cert.pem ldaptoolbox_openldap_olcTLSCertificateFile=/etc/pki/tls/certs/ldaps-cert.pem ldaptoolbox_openldap_olcTLSCertificateKeyFile=/etc/pki/tls/private/ldaps.key"
 ```
 
 License

diff --git a/defaults/main.yml b/defaults/main.yml
@@ -25,7 +25,7 @@ ldaptoolbox_openldap_configuration_prefix: "config"
 ldaptoolbox_openldap_configuration_owner: ldap
 ldaptoolbox_openldap_configuration_group: ldap
 ldaptoolbox_openldap_configuration_mode: 0600
-ldaptoolbox_openldap_sslgroup: ssl-cert
+ldaptoolbox_openldap_sslgroup: "{{ 'root' if ansible_os_family == 'RedHat' else 'ssl-cert' }}"
 
 # OpenLDAP LTB CLI command path
 ldaptoolbox_openldap_slapd_cli_cmd: /usr/local/openldap/sbin/slapd-cli
@@ -44,9 +44,9 @@ ldaptoolbox_openldap_custom_schema_list: []
 ldaptoolbox_openldap_schema_dir: /usr/local/openldap/etc/openldap/schema
 
 # Certificates
-ldaptoolbox_openldap_olcTLSCACertificateFile: /etc/ssl/certs/ca-certificates.crt
-ldaptoolbox_openldap_olcTLSCertificateFile: /etc/ssl/certs/ssl-cert-snakeoil.pem
-ldaptoolbox_openldap_olcTLSCertificateKeyFile: /etc/ssl/private/ssl-cert-snakeoil.key
+ldaptoolbox_openldap_olcTLSCACertificateFile: "{{ '' if ansible_os_family == 'RedHat' else '/etc/ssl/certs/ca-certificates.crt' }}"
+ldaptoolbox_openldap_olcTLSCertificateFile: "{{ '' if ansible_os_family == 'RedHat' else '/etc/ssl/certs/ssl-cert-snakeoil.pem' }}"
+ldaptoolbox_openldap_olcTLSCertificateKeyFile: "{{ '' if ansible_os_family == 'RedHat' else '/etc/ssl/private/ssl-cert-snakeoil.key' }}"
 ldaptoolbox_openldap_olcTLSProtocolMin: 3.3
 
 # Log level

diff --git a/tests/multimaster1.yml b/tests/multimaster1.yml
@@ -13,9 +13,9 @@
     - ldaptoolbox_openldap_custom_schema_srcdir: "{{ playbook_dir }}/files/ldaptoolbox.oldap/usr/local/openldap/etc/openldap/schema"
     - ldaptoolbox_openldap_custom_schema_list: [ custom.ldif ]
     # define certificates (must be deployed before)
-    - ldaptoolbox_openldap_olcTLSCACertificateFile: /etc/ssl/certs/ca-certificates.crt
-    - ldaptoolbox_openldap_olcTLSCertificateFile: /etc/ssl/certs/ssl-cert-snakeoil.pem
-    - ldaptoolbox_openldap_olcTLSCertificateKeyFile: /etc/ssl/private/ssl-cert-snakeoil.key
+    - ldaptoolbox_openldap_olcTLSCACertificateFile: "{{ '' if ansible_os_family == 'RedHat' else '/etc/ssl/certs/ca-certificates.crt' }}"
+    - ldaptoolbox_openldap_olcTLSCertificateFile: "{{ '' if ansible_os_family == 'RedHat' else '/etc/ssl/certs/ssl-cert-snakeoil.pem' }}"
+    - ldaptoolbox_openldap_olcTLSCertificateKeyFile: "{{ '' if ansible_os_family == 'RedHat' else '/etc/ssl/private/ssl-cert-snakeoil.key' }}"
     # Accounts and passwords
     - ldaptoolbox_openldap_config_olcRootDN: cn=admin,cn=config
     - ldaptoolbox_openldap_config_olcRootPW_hash: "{{ ldaptoolbox_openldap_config_olcRootPW_hash_vault }}"

diff --git a/tests/multimaster2.yml b/tests/multimaster2.yml
@@ -13,9 +13,9 @@
     - ldaptoolbox_openldap_custom_schema_srcdir: "{{ playbook_dir }}/files/ldaptoolbox.oldap/usr/local/openldap/etc/openldap/schema"
     - ldaptoolbox_openldap_custom_schema_list: [ custom.ldif ]
     # define certificates (must be deployed before)
-    - ldaptoolbox_openldap_olcTLSCACertificateFile: /etc/ssl/certs/ca-certificates.crt
-    - ldaptoolbox_openldap_olcTLSCertificateFile: /etc/ssl/certs/ssl-cert-snakeoil.pem
-    - ldaptoolbox_openldap_olcTLSCertificateKeyFile: /etc/ssl/private/ssl-cert-snakeoil.key
+    - ldaptoolbox_openldap_olcTLSCACertificateFile: "{{ '' if ansible_os_family == 'RedHat' else '/etc/ssl/certs/ca-certificates.crt' }}"
+    - ldaptoolbox_openldap_olcTLSCertificateFile: "{{ '' if ansible_os_family == 'RedHat' else '/etc/ssl/certs/ssl-cert-snakeoil.pem' }}"
+    - ldaptoolbox_openldap_olcTLSCertificateKeyFile: "{{ '' if ansible_os_family == 'RedHat' else '/etc/ssl/private/ssl-cert-snakeoil.key' }}"
     # Accounts and passwords
     - ldaptoolbox_openldap_config_olcRootDN: cn=admin,cn=config
     - ldaptoolbox_openldap_config_olcRootPW_hash: "{{ ldaptoolbox_openldap_config_olcRootPW_hash_vault }}"

diff --git a/tests/standalone.yml b/tests/standalone.yml
@@ -13,9 +13,9 @@
     - ldaptoolbox_openldap_custom_schema_srcdir: "{{ playbook_dir }}/files/ldaptoolbox.oldap/usr/local/openldap/etc/openldap/schema"
     - ldaptoolbox_openldap_custom_schema_list: [ custom.ldif ]
     # define certificates (must be deployed before)
-    - ldaptoolbox_openldap_olcTLSCACertificateFile: /etc/ssl/certs/ca-certificates.crt
-    - ldaptoolbox_openldap_olcTLSCertificateFile: /etc/ssl/certs/ssl-cert-snakeoil.pem
-    - ldaptoolbox_openldap_olcTLSCertificateKeyFile: /etc/ssl/private/ssl-cert-snakeoil.key
+    - ldaptoolbox_openldap_olcTLSCACertificateFile: "{{ '' if ansible_os_family == 'RedHat' else '/etc/ssl/certs/ca-certificates.crt' }}"
+    - ldaptoolbox_openldap_olcTLSCertificateFile: "{{ '' if ansible_os_family == 'RedHat' else '/etc/ssl/certs/ssl-cert-snakeoil.pem' }}"
+    - ldaptoolbox_openldap_olcTLSCertificateKeyFile: "{{ '' if ansible_os_family == 'RedHat' else '/etc/ssl/private/ssl-cert-snakeoil.key' }}"
     # Accounts and passwords
     - ldaptoolbox_openldap_config_olcRootDN: cn=admin,cn=config
     - ldaptoolbox_openldap_config_olcRootPW_hash: "{{ ldaptoolbox_openldap_config_olcRootPW_hash_vault }}"