Have infinote use it's own cert.
Install it in infinote role so we can have perms we need without changing every run.
This commit is contained in:
Kevin Fenzi
parent
ed2edfca52
commit
072cf88ae0
3 changed files with 43 additions and 7 deletions
|
|
@ -26,9 +26,6 @@
|
|||
- git/server
|
||||
- role: apache
|
||||
- role: httpd/mod_ssl
|
||||
- role: httpd/certificate
|
||||
name: wildcard-2014.fedoraproject.org
|
||||
SSLCertificateChainFile: wildcard-2014.fedoraproject.org.intermediate.cert
|
||||
- infinote
|
||||
|
||||
tasks:
|
||||
|
|
|
|||
|
|
@ -26,9 +26,48 @@
|
|||
- infinote
|
||||
- config
|
||||
|
||||
- name: allow infinote user to read ssl certs
|
||||
file: dest=/etc/pki/tls/private/wildcard-2014.fedoraproject.org.key mode=640 owner=infinote group=apache
|
||||
- name: Copy over SSLCertificateChainFile
|
||||
copy: >
|
||||
src={{private}}/files/httpd/wildcard-2014.fedoraproject.org.intermediate.cert
|
||||
dest=/etc/pki/tls/certs/
|
||||
owner=root
|
||||
group=root
|
||||
mode=0644
|
||||
notify:
|
||||
- reload httpd
|
||||
tags:
|
||||
- httpd
|
||||
- httpd/certificate
|
||||
- infinote
|
||||
- config
|
||||
|
||||
- name: Copy infinote.fedoraproject.org .cert
|
||||
copy: >
|
||||
src="{{private}}/files/httpd/infinote.fedoraproject.org.cert"
|
||||
dest=/etc/pki/tls/certs/infinote.fedoraproject.org.cert
|
||||
owner=root
|
||||
group=root
|
||||
mode=0644
|
||||
notify:
|
||||
- reload httpd
|
||||
tags:
|
||||
- httpd
|
||||
- httpd/certificate
|
||||
- infinote
|
||||
- config
|
||||
|
||||
- name: Copy infinote.fedoraproject.org .key
|
||||
copy: >
|
||||
src="{{private}}/files/httpd/infinote.fedoraproject.org.key"
|
||||
dest=/etc/pki/tls/private/infinote.fedoraproject.org.key
|
||||
owner=infinote
|
||||
group=apache
|
||||
mode=0640
|
||||
notify:
|
||||
- reload httpd
|
||||
tags:
|
||||
- httpd
|
||||
- httpd/certificate
|
||||
- infinote
|
||||
- config
|
||||
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
[infinoted]
|
||||
certificate-file=/etc/pki/tls/certs/wildcard-2014.fedoraproject.org.cert
|
||||
key-file=/etc/pki/tls/private/wildcard-2014.fedoraproject.org.key
|
||||
certificate-file=/etc/pki/tls/certs/infinote.fedoraproject.org.cert
|
||||
key-file=/etc/pki/tls/private/infinote.fedoraproject.org.key
|
||||
certificate-chain=/etc/pki/tls/certs/wildcard-2014.fedoraproject.org.intermediate.cert
|
||||
port=6523
|
||||
security-policy=require-tls
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue