{"id":116554,"status":"ok","playbook":{"id":1584,"items":{"plays":1,"tasks":3,"results":15,"hosts":5,"files":1,"records":0},"arguments":{"version":null,"verbosity":2,"private_key_file":"/home/ssh-gateway/.ssh/id_rsa","remote_user":"root","connection":"ssh","timeout":null,"ssh_common_args":null,"sftp_extra_args":null,"scp_extra_args":null,"ssh_extra_args":null,"ask_pass":false,"connection_password_file":null,"force_handlers":false,"flush_cache":false,"become":false,"become_method":"sudo","become_user":null,"become_ask_pass":false,"become_password_file":null,"tags":["all"],"skip_tags":[],"check":false,"diff":false,"inventory":["/home/ssh-gateway/ansible/zimbra/inv-stage"],"listhosts":false,"subset":null,"extra_vars":"Not saved by ARA as configured by 'ignored_arguments'","vault_ids":[],"ask_vault_pass":false,"vault_password_files":[],"forks":20,"module_path":null,"syntax":false,"listtasks":false,"listtags":false,"step":false,"start_at_task":null,"args":["install_zimbra_certificate_stage.yaml"]},"labels":[{"id":1,"name":"remote_user:root"},{"id":2,"name":"check:False"},{"id":3,"name":"tags:all"}],"started":"2024-09-09T13:34:55.255498+01:00","ended":"2024-09-09T13:36:11.452045+01:00","duration":"00:01:16.196547","name":null,"ansible_version":"2.16.4","client_version":"1.7.1","python_version":"3.10.10","server_version":"1.7.1","status":"completed","path":"/home/ssh-gateway/ansible/zimbra/install_zimbra_certificate_stage.yaml","controller":"ssh-gw-4.layershift.com","user":"root"},"play":{"id":1592,"items":{"tasks":3,"results":15},"started":"2024-09-09T13:34:55.296903+01:00","ended":"2024-09-09T13:36:11.157776+01:00","duration":"00:01:15.860873","name":"Playbook to install zimbra wildcard certificate on cluster","status":"completed"},"task":{"id":2998,"items":{"results":5},"path":"/home/ssh-gateway/ansible/zimbra/install_zimbra_certificate_stage.yaml","tags":[],"started":"2024-09-09T13:35:01.043220+01:00","ended":"2024-09-09T13:36:11.107888+01:00","duration":"00:01:10.064668","name":"Install certificate on host","uuid":"001851d0-75dc-fe04-246c-00000000000a","action":"ansible.builtin.shell","lineno":28,"handler":false,"status":"completed","warnings":[],"deprecations":[],"exceptions":[],"file":2497},"host":{"id":52449,"name":"ldap1-stage","changed":1,"failed":0,"ok":3,"skipped":0,"unreachable":0},"delegated_to":[],"content":{"changed":false,"cmd":"set -o pipefail\nchown zimbra.zimbra /tmp/commercial_stage.key /tmp/ssl_stage.crt /tmp/chain_stage.crt\nsu -l zimbra -c \"cp -prf /tmp/commercial_stage.key /opt/zimbra/ssl/zimbra/commercial/commercial.key\"\nsu -l zimbra -c \"zmcertmgr verifycrt comm /tmp/commercial_stage.key /tmp/ssl_stage.crt /tmp/chain_stage.crt\"\nsu -l zimbra -c \"zmcertmgr deploycrt comm /tmp/ssl_stage.crt /tmp/chain_stage.crt\"\nsu -l zimbra -c \"zmlocalconfig -e ldap_starttls_required=true\"\nsu -l zimbra -c \"zmlocalconfig -e ldap_starttls_supported=1\"\nsu -l zimbra -c \"zmcontrol restart\"\nsu -l zimbra -c \"zmcertmgr viewdeployedcrt\"\n","delta":"0:01:09.419331","end":"2024-09-09 12:36:11.065631","invocation":{"module_args":{"_raw_params":"set -o pipefail\nchown zimbra.zimbra /tmp/commercial_stage.key /tmp/ssl_stage.crt /tmp/chain_stage.crt\nsu -l zimbra -c \"cp -prf /tmp/commercial_stage.key /opt/zimbra/ssl/zimbra/commercial/commercial.key\"\nsu -l zimbra -c \"zmcertmgr verifycrt comm /tmp/commercial_stage.key /tmp/ssl_stage.crt /tmp/chain_stage.crt\"\nsu -l zimbra -c \"zmcertmgr deploycrt comm /tmp/ssl_stage.crt /tmp/chain_stage.crt\"\nsu -l zimbra -c \"zmlocalconfig -e ldap_starttls_required=true\"\nsu -l zimbra -c \"zmlocalconfig -e ldap_starttls_supported=1\"\nsu -l zimbra -c \"zmcontrol restart\"\nsu -l zimbra -c \"zmcertmgr viewdeployedcrt\"\n","_uses_shell":true,"argv":null,"chdir":null,"creates":null,"executable":"/bin/bash","expand_argument_vars":true,"removes":null,"stdin":null,"stdin_add_newline":true,"strip_empty_ends":true}},"msg":"","rc":0,"start":"2024-09-09 12:35:01.646300","stderr":"","stderr_lines":[],"stdout":"** Verifying '/tmp/ssl_stage.crt' against '/tmp/commercial_stage.key'\nCertificate '/tmp/ssl_stage.crt' and private key '/tmp/commercial_stage.key' match.\n** Verifying '/tmp/ssl_stage.crt' against '/tmp/chain_stage.crt'\nValid certificate chain: /tmp/ssl_stage.crt: OK\n** Verifying '/tmp/ssl_stage.crt' against '/opt/zimbra/ssl/zimbra/commercial/commercial.key'\nCertificate '/tmp/ssl_stage.crt' and private key '/opt/zimbra/ssl/zimbra/commercial/commercial.key' match.\n** Verifying '/tmp/ssl_stage.crt' against '/tmp/chain_stage.crt'\nValid certificate chain: /tmp/ssl_stage.crt: OK\n** Copying '/tmp/ssl_stage.crt' to '/opt/zimbra/ssl/zimbra/commercial/commercial.crt'\n** Copying '/tmp/chain_stage.crt' to '/opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt'\n** Appending ca chain '/tmp/chain_stage.crt' to '/opt/zimbra/ssl/zimbra/commercial/commercial.crt'\n** Importing cert '/opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt' as 'zcs-user-commercial_ca' into cacerts '/opt/zimbra/common/lib/jvm/java/lib/security/cacerts'\n** NOTE: restart mailboxd to use the imported certificate.\n** Saving config key 'zimbraSSLCertificate' via zmprov modifyServer ldap1.zimbra.stage.town...ok\n** Saving config key 'zimbraSSLPrivateKey' via zmprov modifyServer ldap1.zimbra.stage.town...ok\n** Installing imapd certificate '/opt/zimbra/conf/imapd.crt' and key '/opt/zimbra/conf/imapd.key'\n** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.crt' to '/opt/zimbra/conf/imapd.crt'\n** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.key' to '/opt/zimbra/conf/imapd.key'\n** Creating file '/opt/zimbra/ssl/zimbra/jetty.pkcs12'\n** Creating keystore '/opt/zimbra/conf/imapd.keystore'\n** Installing ldap certificate '/opt/zimbra/conf/slapd.crt' and key '/opt/zimbra/conf/slapd.key'\n** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.crt' to '/opt/zimbra/conf/slapd.crt'\n** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.key' to '/opt/zimbra/conf/slapd.key'\n** Installing mta certificate '/opt/zimbra/conf/smtpd.crt' and key '/opt/zimbra/conf/smtpd.key'\n** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.crt' to '/opt/zimbra/conf/smtpd.crt'\n** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.key' to '/opt/zimbra/conf/smtpd.key'\n** Installing proxy certificate '/opt/zimbra/conf/nginx.crt' and key '/opt/zimbra/conf/nginx.key'\n** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.crt' to '/opt/zimbra/conf/nginx.crt'\n** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.key' to '/opt/zimbra/conf/nginx.key'\n** NOTE: restart services to use the new certificates.\n** Cleaning up 4 files from '/opt/zimbra/conf/ca'\n** Removing /opt/zimbra/conf/ca/commercial_ca_1.crt\n** Removing /opt/zimbra/conf/ca/31dfb39d.0\n** Removing /opt/zimbra/conf/ca/commercial_ca_2.crt\n** Removing /opt/zimbra/conf/ca/4042bcee.0\n** Copying CA to /opt/zimbra/conf/ca\n** Creating /opt/zimbra/conf/ca/commercial_ca_1.crt\n** Creating CA hash symlink '31dfb39d.0' -> 'commercial_ca_1.crt'\n** Creating /opt/zimbra/conf/ca/commercial_ca_2.crt\n** Creating CA hash symlink '4042bcee.0' -> 'commercial_ca_2.crt'\nHost ldap1.zimbra.stage.town\n\tStopping zmconfigd...Done.\n\tStopping zimlet webapp...Done.\n\tStopping zimbraAdmin webapp...Done.\n\tStopping zimbra webapp...Done.\n\tStopping service webapp...Done.\n\tStopping stats...Done.\n\tStopping onlyoffice...Done.\n\tStopping spell...Done.\n\tStopping snmp...Done.\n\tStopping cbpolicyd...Done.\n\tStopping archiving...Done.\n\tStopping opendkim...Done.\n\tStopping amavis...Done.\n\tStopping antivirus...Done.\n\tStopping antispam...Done.\n\tStopping proxy...Done.\n\tStopping memcached...Done.\n\tStopping mailbox...Done.\n\tStopping logger...Done.\n\tStopping dnscache...Done.\n\tStopping ldap...Done.\nHost ldap1.zimbra.stage.town\n\tStarting ldap...Done.\n\tStarting zmconfigd...Done.\n\tStarting stats...Done.\n- imapd: /opt/zimbra/conf/imapd.crt\nnotBefore=Sep  9 11:09:44 2024 GMT\nnotAfter=Dec  8 11:09:43 2024 GMT\nsubject=CN = proxy-mta.zimbra.stage.town\nissuer=C = US, O = Let's Encrypt, CN = R11\nSubjectAltName=ldap1.zimbra.stage.town, ldap2.zimbra.stage.town, mbox1.zimbra.stage.town, mbox2.zimbra.stage.town, proxy-mta.zimbra.stage.town, zimbra.stage.town\n- ldap: /opt/zimbra/conf/slapd.crt\nnotBefore=Sep  9 11:09:44 2024 GMT\nnotAfter=Dec  8 11:09:43 2024 GMT\nsubject=CN = proxy-mta.zimbra.stage.town\nissuer=C = US, O = Let's Encrypt, CN = R11\nSubjectAltName=ldap1.zimbra.stage.town, ldap2.zimbra.stage.town, mbox1.zimbra.stage.town, mbox2.zimbra.stage.town, proxy-mta.zimbra.stage.town, zimbra.stage.town\n- mta: /opt/zimbra/conf/smtpd.crt\nnotBefore=Sep  9 11:09:44 2024 GMT\nnotAfter=Dec  8 11:09:43 2024 GMT\nsubject=CN = proxy-mta.zimbra.stage.town\nissuer=C = US, O = Let's Encrypt, CN = R11\nSubjectAltName=ldap1.zimbra.stage.town, ldap2.zimbra.stage.town, mbox1.zimbra.stage.town, mbox2.zimbra.stage.town, proxy-mta.zimbra.stage.town, zimbra.stage.town\n- proxy: /opt/zimbra/conf/nginx.crt\nnotBefore=Sep  9 11:09:44 2024 GMT\nnotAfter=Dec  8 11:09:43 2024 GMT\nsubject=CN = proxy-mta.zimbra.stage.town\nissuer=C = US, O = Let's Encrypt, CN = R11\nSubjectAltName=ldap1.zimbra.stage.town, ldap2.zimbra.stage.town, mbox1.zimbra.stage.town, mbox2.zimbra.stage.town, proxy-mta.zimbra.stage.town, zimbra.stage.town","stdout_lines":["** Verifying '/tmp/ssl_stage.crt' against '/tmp/commercial_stage.key'","Certificate '/tmp/ssl_stage.crt' and private key '/tmp/commercial_stage.key' match.","** Verifying '/tmp/ssl_stage.crt' against '/tmp/chain_stage.crt'","Valid certificate chain: /tmp/ssl_stage.crt: OK","** Verifying '/tmp/ssl_stage.crt' against '/opt/zimbra/ssl/zimbra/commercial/commercial.key'","Certificate '/tmp/ssl_stage.crt' and private key '/opt/zimbra/ssl/zimbra/commercial/commercial.key' match.","** Verifying '/tmp/ssl_stage.crt' against '/tmp/chain_stage.crt'","Valid certificate chain: /tmp/ssl_stage.crt: OK","** Copying '/tmp/ssl_stage.crt' to '/opt/zimbra/ssl/zimbra/commercial/commercial.crt'","** Copying '/tmp/chain_stage.crt' to '/opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt'","** Appending ca chain '/tmp/chain_stage.crt' to '/opt/zimbra/ssl/zimbra/commercial/commercial.crt'","** Importing cert '/opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt' as 'zcs-user-commercial_ca' into cacerts '/opt/zimbra/common/lib/jvm/java/lib/security/cacerts'","** NOTE: restart mailboxd to use the imported certificate.","** Saving config key 'zimbraSSLCertificate' via zmprov modifyServer ldap1.zimbra.stage.town...ok","** Saving config key 'zimbraSSLPrivateKey' via zmprov modifyServer ldap1.zimbra.stage.town...ok","** Installing imapd certificate '/opt/zimbra/conf/imapd.crt' and key '/opt/zimbra/conf/imapd.key'","** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.crt' to '/opt/zimbra/conf/imapd.crt'","** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.key' to '/opt/zimbra/conf/imapd.key'","** Creating file '/opt/zimbra/ssl/zimbra/jetty.pkcs12'","** Creating keystore '/opt/zimbra/conf/imapd.keystore'","** Installing ldap certificate '/opt/zimbra/conf/slapd.crt' and key '/opt/zimbra/conf/slapd.key'","** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.crt' to '/opt/zimbra/conf/slapd.crt'","** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.key' to '/opt/zimbra/conf/slapd.key'","** Installing mta certificate '/opt/zimbra/conf/smtpd.crt' and key '/opt/zimbra/conf/smtpd.key'","** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.crt' to '/opt/zimbra/conf/smtpd.crt'","** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.key' to '/opt/zimbra/conf/smtpd.key'","** Installing proxy certificate '/opt/zimbra/conf/nginx.crt' and key '/opt/zimbra/conf/nginx.key'","** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.crt' to '/opt/zimbra/conf/nginx.crt'","** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.key' to '/opt/zimbra/conf/nginx.key'","** NOTE: restart services to use the new certificates.","** Cleaning up 4 files from '/opt/zimbra/conf/ca'","** Removing /opt/zimbra/conf/ca/commercial_ca_1.crt","** Removing /opt/zimbra/conf/ca/31dfb39d.0","** Removing /opt/zimbra/conf/ca/commercial_ca_2.crt","** Removing /opt/zimbra/conf/ca/4042bcee.0","** Copying CA to /opt/zimbra/conf/ca","** Creating /opt/zimbra/conf/ca/commercial_ca_1.crt","** Creating CA hash symlink '31dfb39d.0' -> 'commercial_ca_1.crt'","** Creating /opt/zimbra/conf/ca/commercial_ca_2.crt","** Creating CA hash symlink '4042bcee.0' -> 'commercial_ca_2.crt'","Host ldap1.zimbra.stage.town","\tStopping zmconfigd...Done.","\tStopping zimlet webapp...Done.","\tStopping zimbraAdmin webapp...Done.","\tStopping zimbra webapp...Done.","\tStopping service webapp...Done.","\tStopping stats...Done.","\tStopping onlyoffice...Done.","\tStopping spell...Done.","\tStopping snmp...Done.","\tStopping cbpolicyd...Done.","\tStopping archiving...Done.","\tStopping opendkim...Done.","\tStopping amavis...Done.","\tStopping antivirus...Done.","\tStopping antispam...Done.","\tStopping proxy...Done.","\tStopping memcached...Done.","\tStopping mailbox...Done.","\tStopping logger...Done.","\tStopping dnscache...Done.","\tStopping ldap...Done.","Host ldap1.zimbra.stage.town","\tStarting ldap...Done.","\tStarting zmconfigd...Done.","\tStarting stats...Done.","- imapd: /opt/zimbra/conf/imapd.crt","notBefore=Sep  9 11:09:44 2024 GMT","notAfter=Dec  8 11:09:43 2024 GMT","subject=CN = proxy-mta.zimbra.stage.town","issuer=C = US, O = Let's Encrypt, CN = R11","SubjectAltName=ldap1.zimbra.stage.town, ldap2.zimbra.stage.town, mbox1.zimbra.stage.town, mbox2.zimbra.stage.town, proxy-mta.zimbra.stage.town, zimbra.stage.town","- ldap: /opt/zimbra/conf/slapd.crt","notBefore=Sep  9 11:09:44 2024 GMT","notAfter=Dec  8 11:09:43 2024 GMT","subject=CN = proxy-mta.zimbra.stage.town","issuer=C = US, O = Let's Encrypt, CN = R11","SubjectAltName=ldap1.zimbra.stage.town, ldap2.zimbra.stage.town, mbox1.zimbra.stage.town, mbox2.zimbra.stage.town, proxy-mta.zimbra.stage.town, zimbra.stage.town","- mta: /opt/zimbra/conf/smtpd.crt","notBefore=Sep  9 11:09:44 2024 GMT","notAfter=Dec  8 11:09:43 2024 GMT","subject=CN = proxy-mta.zimbra.stage.town","issuer=C = US, O = Let's Encrypt, CN = R11","SubjectAltName=ldap1.zimbra.stage.town, ldap2.zimbra.stage.town, mbox1.zimbra.stage.town, mbox2.zimbra.stage.town, proxy-mta.zimbra.stage.town, zimbra.stage.town","- proxy: /opt/zimbra/conf/nginx.crt","notBefore=Sep  9 11:09:44 2024 GMT","notAfter=Dec  8 11:09:43 2024 GMT","subject=CN = proxy-mta.zimbra.stage.town","issuer=C = US, O = Let's Encrypt, CN = R11","SubjectAltName=ldap1.zimbra.stage.town, ldap2.zimbra.stage.town, mbox1.zimbra.stage.town, mbox2.zimbra.stage.town, proxy-mta.zimbra.stage.town, zimbra.stage.town"]},"created":"2024-09-09T13:36:11.092509+01:00","updated":"2024-09-09T13:36:11.092537+01:00","started":"2024-09-09T13:35:01.218158+01:00","ended":"2024-09-09T13:36:11.084667+01:00","duration":"00:01:09.866509","changed":false,"ignore_errors":false}