kosmos/chef
kosmos/chef
8
3
Fork 0
Code Issues 30 Pull Requests 3 Projects 2 Activity
890 Commits 7 Branches 0 Tags
Commit Graph

17 Commits

Author SHA1 Message Date
Sebastian Kippe
ac49430521
Install lib389 
Fixes 389 CLIs not working (e.g. `dsctl`).
 2020-11-08 17:23:24 +01:00
Greg Karékinian
5062392c71 Fix the undefined variable in the instance resource 2020-10-20 19:53:11 +02:00
Greg Karékinian
d2126f6153 Use the right variable for the TLS cert's domain 
`domain` was undefined. `new_resource.hostname` is ldap.kosmos.org and
is what we need

Fixes #193
 2020-07-22 15:59:27 +02:00
Greg Karékinian
210c76c479 Fix the name of the Let's Encrypt cert execute resource 
The resource in the notification was invalid, missing the type of
resource (execute)

Fixes #171
 2020-05-26 14:10:47 +02:00
Greg Karékinian
57f46c6c61 Merge branch 'master' into bugfix/enable_dirsrv 2020-05-15 17:24:04 +02:00
Greg Karékinian
b4209fa294 Fix the invalid ACIs on initial creation (for real) 
Follow-up to #156

I found another issue with the initial ACI creation, while creating a
fresh VM. I thought I had fixed it in #156 but I was wrong. This time
the ACIs are really set and the code runs successfully.

The ACIs are set on the suffix, so modifying it is needed

This won't be executed on a server that is already running, this is only
done on the initial setup
 2020-05-15 14:05:35 +02:00
Greg Karékinian
10f0460fd5 Fix startup of the dirsrv@master Systemd unit on boot 
The symlink created by Chef's service resource was wrong. Creating the
correct symlink fixes the automatic startup on boot
 2020-05-15 13:54:34 +02:00
Greg Karékinian
1c920a8cb2 Remove the encryption keys after TLS cert renewal 
This is done with awk, this was the best way I found to perform the
multi-line deletion. It deletes both the AES AND 3DES sections

The keys will be recreated on service restart

https://access.redhat.com/documentation/en-us/red_hat_directory_server/9.0/html/administration_guide/ssl-and-attr-encryption

Closes #152
 2020-04-20 19:11:34 +02:00
Greg Karékinian
5e3c8066f9 Add the missing certbot command to generate the LDAP TLS cert 
This had been done manually on barnard. This will not be executed on
barnard again since the cert exists
 2020-04-20 19:10:15 +02:00
Greg Karékinian
d01c9a4d0a Fix the name of the deploy certbot hook 2020-04-20 19:09:43 +02:00
Greg Karékinian
9828b867ba Disable anonymous binds 
See https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/8.2/html/Administration_Guide/configuring-special-binds.html#disabling-anonymous-binds
 2019-12-20 16:46:03 +01:00
Greg Karékinian
1240ed9da8 Move the dirsrv cert generation to a certbot deploy hook 2019-12-05 15:47:10 +01:00
Greg Karékinian
0dbf350540 Restart the server after importing the TLS cert 2019-12-04 17:40:27 +01:00
Greg Karékinian
4e7d453942 Move the firewall and backup recipes outside of the custom resource 
See the comment for more details
 2019-12-04 17:33:41 +01:00
Greg Karékinian
e24cd01287 Add an empty template because the nginx_certbot_site resource needs one 2019-12-04 17:33:13 +01:00
Greg Karékinian
632cb38aab Pass an empty passphrase on the command line for the p12 cert 2019-12-04 17:32:40 +01:00
Greg Karékinian
dc91128eca Use a custom resource to create a 389 Directory Server instance 
This replaces the default recipe and will make it much easier to create
other types of instances, for example for replication
 2019-11-29 14:34:52 +01:00