Greg Karékinian
|
1c920a8cb2
|
Remove the encryption keys after TLS cert renewal
This is done with awk, this was the best way I found to perform the
multi-line deletion. It deletes both the AES AND 3DES sections
The keys will be recreated on service restart
https://access.redhat.com/documentation/en-us/red_hat_directory_server/9.0/html/administration_guide/ssl-and-attr-encryption
Closes #152
|
2020-04-20 19:11:34 +02:00 |
|
Greg Karékinian
|
5e3c8066f9
|
Add the missing certbot command to generate the LDAP TLS cert
This had been done manually on barnard. This will not be executed on
barnard again since the cert exists
|
2020-04-20 19:10:15 +02:00 |
|
Greg Karékinian
|
d01c9a4d0a
|
Fix the name of the deploy certbot hook
|
2020-04-20 19:09:43 +02:00 |
|
Greg Karékinian
|
9828b867ba
|
Disable anonymous binds
See https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/8.2/html/Administration_Guide/configuring-special-binds.html#disabling-anonymous-binds
|
2019-12-20 16:46:03 +01:00 |
|
Greg Karékinian
|
1240ed9da8
|
Move the dirsrv cert generation to a certbot deploy hook
|
2019-12-05 15:47:10 +01:00 |
|
Greg Karékinian
|
0dbf350540
|
Restart the server after importing the TLS cert
|
2019-12-04 17:40:27 +01:00 |
|
Greg Karékinian
|
4e7d453942
|
Move the firewall and backup recipes outside of the custom resource
See the comment for more details
|
2019-12-04 17:33:41 +01:00 |
|
Greg Karékinian
|
e24cd01287
|
Add an empty template because the nginx_certbot_site resource needs one
|
2019-12-04 17:33:13 +01:00 |
|
Greg Karékinian
|
632cb38aab
|
Pass an empty passphrase on the command line for the p12 cert
|
2019-12-04 17:32:40 +01:00 |
|
Greg Karékinian
|
dc91128eca
|
Use a custom resource to create a 389 Directory Server instance
This replaces the default recipe and will make it much easier to create
other types of instances, for example for replication
|
2019-11-29 14:34:52 +01:00 |
|