diff options
| author | Guilhem Moulin <guilhem@fripost.org> | 2014-07-07 20:12:28 +0200 |
|---|---|---|
| committer | Guilhem Moulin <guilhem@fripost.org> | 2015-06-07 02:52:40 +0200 |
| commit | 3e38718677b10faca8970d9b1cc8edc215cce798 (patch) | |
| tree | bf923310388e57fb2f591ad621bc5b1240aa42ce | |
| parent | 2dfe29dfcd35fae7160178e329fb0647cc896e3b (diff) | |
Fix race condition when generating cerificates for slapd.
The SyncProv won't start if the file olcTLSCACertificateFile points to
doesn't exist.
| -rw-r--r-- | roles/LDAP-provider/tasks/main.yml | 9 | ||||
| -rw-r--r-- | roles/common-LDAP/tasks/main.yml | 26 |
2 files changed, 19 insertions, 16 deletions
diff --git a/roles/LDAP-provider/tasks/main.yml b/roles/LDAP-provider/tasks/main.yml index d221486..0ba4f26 100644 --- a/roles/LDAP-provider/tasks/main.yml +++ b/roles/LDAP-provider/tasks/main.yml @@ -11,13 +11,4 @@ owner=root group=root mode=0644 -- name: Copy the SyncRepls's client certificates - assemble: src=certs/ldap - remote_src=no - dest=/etc/ldap/ssl/clients.pem - owner=root group=root - mode=0644 - tags: - - genkey - # TODO: authz constraint diff --git a/roles/common-LDAP/tasks/main.yml b/roles/common-LDAP/tasks/main.yml index 3b8b36c..85ad831 100644 --- a/roles/common-LDAP/tasks/main.yml +++ b/roles/common-LDAP/tasks/main.yml @@ -32,6 +32,8 @@ tags: - genkey +# XXX: It's ugly to list all roles here, and to prunes them with a +# conditional... - name: Generate a private key and a X.509 certificate for slapd # XXX: GnuTLS (libgnutls26 2.12.20-8+deb7u2, found in Wheezy) doesn't # support ECDSA; and slapd doesn't seem to support DHE (!?) so @@ -75,9 +77,25 @@ dest=/etc/ldap/ssl/ldap.fripost.org.pem owner=root group=root mode=0644 + when: "'LDAP-provider' not in group_names" + tags: + - genkey + +- name: Copy the SyncRepls's client certificates + assemble: src=certs/ldap + remote_src=no + dest=/etc/ldap/ssl/clients.pem + owner=root group=root + mode=0644 + when: "'LDAP-provider' in group_names" tags: - genkey - when: "'LDAP-provider' not in group_names" + +- name: Start slapd + service: name=slapd state=started + when: not (r1.changed or r2.changed) + +- meta: flush_handlers - name: Copy fripost & amavis' schema copy: src=etc/ldap/schema/{{ item }} @@ -108,9 +126,3 @@ - name: Configure the LDAP database openldap: target=etc/ldap/database.ldif.j2 local=template state=present - -- name: Start slapd - service: name=slapd state=started - when: not (r1.changed or r2.changed) - -- meta: flush_handlers |