[ipaserver] Role does not handle company-signed LDAPS and HTTPS services
EmptyByte opened this issue · comments
It would be useful if the Role to setup IPA Server includes the following tasks:
More info on Florence's article: Demystifying the Certificate Authority Component in FreeIPA
- name: Add our Root CA as known CA
ansible.builtin.command:
cmd: >-
ipa-cacert-manage
-p "{{ ipadm_password | quote }}"
-t CT,,
install "{{ cert_root_ca_path | quote }}"
no_log: true
register: ipa_cacert_manage_root_result
- name: Add our Services CA as known CA
ansible.builtin.command:
cmd: >-
ipa-cacert-manage
-p "{{ ipadm_password | quote }}"
-t CT,,
install "{{ cert_services_ca_path | quote }}"
no_log: true
register: ipa_cacert_manage_services_result
- name: Run IPA Certupdate
ansible.builtin.command: ipa-certupdate
when: ipa_cacert_manage_root_result.changed or ipa_cacert_manage_services_result.changed
- name: Add our LDAPS and HTTPS signed certificates
ansible.builtin.command:
cmd: >-
ipa-server-certinstall
-p "{{ ipadm_password | quote }}"
-w -d
{{ key_dirsrv_http_server_path | quote }}
{{ cert_dirsrv_http_server_path | quote }}
{{ cert_services_ca_path | quote }}
{{ cert_root_ca_path | quote }}
--pin={{ dirsrv_http_server_pin | d("''") | quote }}
no_log: true
notify: Restart IPA