Have infinote use it's own cert.
Install it in infinote role so we can have perms we need without changing every run.
This commit is contained in:
Kevin Fenzi
parent
ed2edfca52
commit
072cf88ae0
3 changed files with 43 additions and 7 deletions
|
|
@ -26,9 +26,6 @@
|
||||||
- git/server
|
- git/server
|
||||||
- role: apache
|
- role: apache
|
||||||
- role: httpd/mod_ssl
|
- role: httpd/mod_ssl
|
||||||
- role: httpd/certificate
|
|
||||||
name: wildcard-2014.fedoraproject.org
|
|
||||||
SSLCertificateChainFile: wildcard-2014.fedoraproject.org.intermediate.cert
|
|
||||||
- infinote
|
- infinote
|
||||||
|
|
||||||
tasks:
|
tasks:
|
||||||
|
|
|
||||||
|
|
@ -26,9 +26,48 @@
|
||||||
- infinote
|
- infinote
|
||||||
- config
|
- config
|
||||||
|
|
||||||
- name: allow infinote user to read ssl certs
|
- name: Copy over SSLCertificateChainFile
|
||||||
file: dest=/etc/pki/tls/private/wildcard-2014.fedoraproject.org.key mode=640 owner=infinote group=apache
|
copy: >
|
||||||
|
src={{private}}/files/httpd/wildcard-2014.fedoraproject.org.intermediate.cert
|
||||||
|
dest=/etc/pki/tls/certs/
|
||||||
|
owner=root
|
||||||
|
group=root
|
||||||
|
mode=0644
|
||||||
|
notify:
|
||||||
|
- reload httpd
|
||||||
tags:
|
tags:
|
||||||
|
- httpd
|
||||||
|
- httpd/certificate
|
||||||
|
- infinote
|
||||||
|
- config
|
||||||
|
|
||||||
|
- name: Copy infinote.fedoraproject.org .cert
|
||||||
|
copy: >
|
||||||
|
src="{{private}}/files/httpd/infinote.fedoraproject.org.cert"
|
||||||
|
dest=/etc/pki/tls/certs/infinote.fedoraproject.org.cert
|
||||||
|
owner=root
|
||||||
|
group=root
|
||||||
|
mode=0644
|
||||||
|
notify:
|
||||||
|
- reload httpd
|
||||||
|
tags:
|
||||||
|
- httpd
|
||||||
|
- httpd/certificate
|
||||||
|
- infinote
|
||||||
|
- config
|
||||||
|
|
||||||
|
- name: Copy infinote.fedoraproject.org .key
|
||||||
|
copy: >
|
||||||
|
src="{{private}}/files/httpd/infinote.fedoraproject.org.key"
|
||||||
|
dest=/etc/pki/tls/private/infinote.fedoraproject.org.key
|
||||||
|
owner=infinote
|
||||||
|
group=apache
|
||||||
|
mode=0640
|
||||||
|
notify:
|
||||||
|
- reload httpd
|
||||||
|
tags:
|
||||||
|
- httpd
|
||||||
|
- httpd/certificate
|
||||||
- infinote
|
- infinote
|
||||||
- config
|
- config
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,6 @@
|
||||||
[infinoted]
|
[infinoted]
|
||||||
certificate-file=/etc/pki/tls/certs/wildcard-2014.fedoraproject.org.cert
|
certificate-file=/etc/pki/tls/certs/infinote.fedoraproject.org.cert
|
||||||
key-file=/etc/pki/tls/private/wildcard-2014.fedoraproject.org.key
|
key-file=/etc/pki/tls/private/infinote.fedoraproject.org.key
|
||||||
certificate-chain=/etc/pki/tls/certs/wildcard-2014.fedoraproject.org.intermediate.cert
|
certificate-chain=/etc/pki/tls/certs/wildcard-2014.fedoraproject.org.intermediate.cert
|
||||||
port=6523
|
port=6523
|
||||||
security-policy=require-tls
|
security-policy=require-tls
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue