From 65ae0bc5b1fc9452d68c395234aca48cb7e67617 Mon Sep 17 00:00:00 2001 From: Timo Makinen Date: Sun, 30 Oct 2022 16:41:03 +0000 Subject: [PATCH] ldap_server: ansible-lint fixes --- roles/ldap_server/handlers/main.yml | 2 +- roles/ldap_server/tasks/main.yml | 75 +++++++++++++++-------------- 2 files changed, 41 insertions(+), 36 deletions(-) diff --git a/roles/ldap_server/handlers/main.yml b/roles/ldap_server/handlers/main.yml index 5735515..88caedc 100644 --- a/roles/ldap_server/handlers/main.yml +++ b/roles/ldap_server/handlers/main.yml @@ -1,5 +1,5 @@ --- -- name: restart slapd +- name: Restart slapd ansible.builtin.service: name: slapd state: restarted diff --git a/roles/ldap_server/tasks/main.yml b/roles/ldap_server/tasks/main.yml index 7555f1a..6724f25 100644 --- a/roles/ldap_server/tasks/main.yml +++ b/roles/ldap_server/tasks/main.yml @@ -1,5 +1,5 @@ --- -- name: check if plus repository is enabled +- name: Check if plus repository is enabled ansible.builtin.command: argv: - dnf @@ -11,7 +11,7 @@ register: result when: ansible_distribution == "Rocky" -- name: enable plus repository +- name: Enable plus repository ansible.builtin.command: argv: - dnf @@ -23,7 +23,7 @@ - ansible_distribution == "Rocky" - "'enabled = 1' not in result.stdout_lines" -- name: install packages +- name: Install packages ansible.builtin.package: name: "{{ item }}" state: installed @@ -32,12 +32,12 @@ - openldap-servers - ldapvi -- name: fix selinux context from ldap data diretory +- name: Fix SELinux context from LDAP data diretory community.general.sefcontext: path: "{{ ldap_datadir }}(/.*)?" setype: slapd_db_t -- name: create ldap data directory +- name: Create LDAP data directory ansible.builtin.file: path: "{{ ldap_datadir }}" state: directory @@ -47,7 +47,7 @@ seuser: _default setype: _default -- name: link ldap data directory +- name: Link LDAP data directory ansible.builtin.file: path: /srv/ldap src: /export/ldap @@ -57,7 +57,7 @@ follow: false when: ldap_datadir != "/srv/ldap" -- name: import sftpuser role +- name: Import sftpuser role ansible.builtin.import_role: name: sftpuser vars: @@ -65,7 +65,7 @@ user: backup publickeys: "{{ backup_publickeys }}" -- name: create backup directory +- name: Create backup directory ansible.builtin.file: path: "{{ ldap_backupdir }}" state: directory @@ -73,7 +73,7 @@ owner: root group: backup -- name: link backup directory +- name: Link backup directory ansible.builtin.file: path: /srv/backup src: /export/backup @@ -83,7 +83,7 @@ follow: false when: ldap_backupdir != "/srv/backup" -- name: copy backup script +- name: Copy backup script ansible.builtin.copy: dest: /usr/local/sbin/ldap-backup src: ldap-backup.sh @@ -91,7 +91,7 @@ owner: root group: "{{ ansible_wheel }}" -- name: create backup cron job +- name: Create backup cron job ansible.builtin.cron: name: ldap-backup job: /usr/local/sbin/ldap-backup @@ -99,7 +99,7 @@ minute: "10" user: root -- name: copy spn helper script +- name: Copy SPN helper script ansible.builtin.copy: dest: /usr/local/sbin/ldapspn src: ldapspn.py @@ -108,7 +108,7 @@ group: "{{ ansible_wheel }}" when: ldap_master is defined -- name: remove nss cert databases +- name: Remove nss cert databases ansible.builtin.file: path: "/etc/openldap/certs/{{ item }}" state: absent @@ -118,7 +118,7 @@ - password - secmod.db -- name: copy ldap server certificates +- name: Copy server certificates ansible.builtin.copy: dest: "{{ tls_certs }}/{{ ldap_server_cert }}.crt" src: "/srv/letsencrypt/live/{{ ldap_server_cert }}/cert.pem" @@ -126,8 +126,9 @@ owner: root group: "{{ ansible_wheel }}" tags: certificates - notify: restart slapd -- name: copy ldap server key + notify: Restart slapd + +- name: Copy server key ansible.builtin.copy: dest: "{{ tls_private }}/{{ ldap_server_cert }}.key" src: "/srv/letsencrypt/live/{{ ldap_server_cert }}/privkey.pem" @@ -135,8 +136,9 @@ owner: root group: ldap tags: certificates - notify: restart slapd -- name: copy ldap server certificate chain + notify: Restart slapd + +- name: Copy server certificate chain ansible.builtin.copy: dest: "{{ tls_certs }}/{{ ldap_server_cert }}-chain.crt" src: "/srv/letsencrypt/live/{{ ldap_server_cert }}/chain.pem" @@ -144,8 +146,9 @@ owner: root group: "{{ ansible_wheel }}" tags: certificates - notify: restart slapd -- name: get ldap server chain hash + notify: Restart slapd + +- name: Get server chain hash ansible.builtin.command: argv: - openssl @@ -158,7 +161,8 @@ register: result changed_when: false tags: certificates -- name: link server chain certificate + +- name: Link server chain certificate ansible.builtin.file: path: "/etc/openldap/certs/{{ result.stdout }}.0" src: "{{ tls_certs }}/{{ ldap_server_cert }}-chain.crt" @@ -167,7 +171,8 @@ follow: false state: link tags: certificates -- name: link local ca certificate + +- name: Link local ca certificate ansible.builtin.file: path: "/etc/openldap/certs/{{ pki_cacert_hash }}.0" src: "{{ tls_certs }}/ca.crt" @@ -176,7 +181,7 @@ follow: false state: link -- name: create slapd service drop-in directory +- name: Create slapd service drop-in directory ansible.builtin.file: path: /etc/systemd/system/slapd.service.d state: directory @@ -185,27 +190,27 @@ group: "{{ ansible_wheel }}" when: ansible_distribution == "Rocky" -- name: create slapd service drop-in file +- name: Create slapd service drop-in file ansible.builtin.copy: dest: /etc/systemd/system/slapd.service.d/local.conf src: slapd.service mode: 0644 owner: root group: "{{ ansible_wheel }}" - notify: restart slapd + notify: Restart slapd when: ansible_distribution == "Rocky" -- name: create slapd sysconfig file +- name: Create slapd sysconfig file ansible.builtin.copy: dest: /etc/sysconfig/slapd src: slapd.sysconfig mode: 0644 owner: root group: "{{ ansible_wheel }}" - notify: restart slapd + notify: Restart slapd when: ansible_distribution != "Rocky" -- name: add custom schema files +- name: Add custom schema files ansible.builtin.copy: dest: "/etc/openldap/schema/{{ item }}" src: "{{ item }}" @@ -218,9 +223,9 @@ - rfc2307bis.schema # rfc2307bis version 2 - yubikey.schema # http://logix.cz/michal/devel/yubikey-ldap/ - samba.schema # centos samba 4.8.3 - notify: restart slapd + notify: Restart slapd -- name: copy check password config +- name: Copy check password config ansible.builtin.copy: dest: /etc/openldap/check_password.conf src: check_password.conf @@ -228,16 +233,16 @@ owner: root group: "{{ ansible_wheel }}" -- name: create slapd main config +- name: Create slapd main config ansible.builtin.template: dest: /etc/openldap/slapd.conf src: slapd.conf.j2 mode: 0640 owner: root group: ldap - notify: restart slapd + notify: Restart slapd -- name: add ldap aliases for root +- name: Add ldap aliases for root ansible.builtin.blockinfile: path: /root/.bash_profile block: | @@ -249,13 +254,13 @@ # ldapvi connects automatically via socket alias ldapvi='ldapvi -h ldapi:/// -Y EXTERNAL' -- name: enable slapd service +- name: Enable slapd service ansible.builtin.service: name: slapd state: started enabled: true -- name: copy slapd keytab +- name: Copy slapd keytab ansible.builtin.copy: dest: /etc/openldap/slapd.keytab src: "{{ ansible_private }}/files/keytabs/slapd.keytab"