{"id":39931,"status":"ok","playbook":{"id":724,"items":{"plays":1,"tasks":2,"results":10,"hosts":5,"files":1,"records":0},"arguments":{"version":null,"verbosity":2,"private_key_file":"/home/ssh-gateway/.ssh/id_rsa","remote_user":"root","connection":"ssh","timeout":null,"ssh_common_args":null,"sftp_extra_args":null,"scp_extra_args":null,"ssh_extra_args":null,"ask_pass":false,"connection_password_file":null,"force_handlers":false,"flush_cache":false,"become":false,"become_method":"sudo","become_user":null,"become_ask_pass":false,"become_password_file":null,"tags":["all"],"skip_tags":[],"check":false,"diff":false,"inventory":["/home/ssh-gateway/ansible/zimbra/inventory-mail-ls"],"listhosts":false,"subset":"new","extra_vars":"Not saved by ARA as configured by 'ignored_arguments'","vault_ids":[],"ask_vault_pass":false,"vault_password_files":[],"forks":20,"module_path":null,"syntax":false,"listtasks":false,"listtags":false,"step":false,"start_at_task":null,"args":["install_zimbra_certificate.yaml"]},"labels":[{"id":1,"name":"remote_user:root"},{"id":2,"name":"check:False"},{"id":3,"name":"tags:all"},{"id":78,"name":"subset:new"}],"started":"2024-06-12T02:56:16.980520+01:00","ended":"2024-06-12T02:58:29.849617+01:00","duration":"00:02:12.869097","name":null,"ansible_version":"2.16.4","client_version":"1.7.1","python_version":"3.10.10","server_version":"1.7.1","status":"completed","path":"/home/ssh-gateway/ansible/zimbra/install_zimbra_certificate.yaml","controller":"ssh-gw-4.layershift.com","user":"root"},"play":{"id":724,"items":{"tasks":2,"results":10},"started":"2024-06-12T02:56:17.019099+01:00","ended":"2024-06-12T02:58:29.559751+01:00","duration":"00:02:12.540652","name":"Playbook to install zimbra wildcard certificate on cluster","status":"completed"},"task":{"id":1107,"items":{"results":5},"path":"/home/ssh-gateway/ansible/zimbra/install_zimbra_certificate.yaml","tags":[],"started":"2024-06-12T02:56:21.992034+01:00","ended":"2024-06-12T02:58:29.511149+01:00","duration":"00:02:07.519115","name":"Install certificate on host","uuid":"001851d0-75dc-933d-6965-00000000000a","action":"ansible.builtin.shell","lineno":18,"handler":false,"status":"completed","warnings":[],"deprecations":[],"exceptions":[],"file":724},"host":{"id":17094,"name":"ldap2","changed":1,"failed":0,"ok":2,"skipped":0,"unreachable":0},"delegated_to":[],"content":{"changed":false,"cmd":"set -o pipefail\nchown zimbra.zimbra /tmp/commercial.key /tmp/ssl.crt /tmp/chain.crt\nsu -l zimbra -c \"cp -prf /tmp/commercial.key /opt/zimbra/ssl/zimbra/commercial/commercial.key\"\nsu -l zimbra -c \"zmcertmgr verifycrt comm /tmp/commercial.key /tmp/ssl.crt /tmp/chain.crt\"\nsu -l zimbra -c \"zmcertmgr deploycrt comm /tmp/ssl.crt /tmp/chain.crt\"\nsu -l zimbra -c \"zmlocalconfig -e ldap_starttls_required=true\"\nsu -l zimbra -c \"zmlocalconfig -e ldap_starttls_supported=1\"\nsu -l zimbra -c \"zmcontrol restart\"\nsu -l zimbra -c \"zmcertmgr viewdeployedcrt\"\n","delta":"0:01:04.048634","end":"2024-06-12 01:57:26.776108","invocation":{"module_args":{"_raw_params":"set -o pipefail\nchown zimbra.zimbra /tmp/commercial.key /tmp/ssl.crt /tmp/chain.crt\nsu -l zimbra -c \"cp -prf /tmp/commercial.key /opt/zimbra/ssl/zimbra/commercial/commercial.key\"\nsu -l zimbra -c \"zmcertmgr verifycrt comm /tmp/commercial.key /tmp/ssl.crt /tmp/chain.crt\"\nsu -l zimbra -c \"zmcertmgr deploycrt comm /tmp/ssl.crt /tmp/chain.crt\"\nsu -l zimbra -c \"zmlocalconfig -e ldap_starttls_required=true\"\nsu -l zimbra -c \"zmlocalconfig -e ldap_starttls_supported=1\"\nsu -l zimbra -c \"zmcontrol restart\"\nsu -l zimbra -c \"zmcertmgr viewdeployedcrt\"\n","_uses_shell":true,"argv":null,"chdir":null,"creates":null,"executable":"/bin/bash","expand_argument_vars":true,"removes":null,"stdin":null,"stdin_add_newline":true,"strip_empty_ends":true}},"msg":"","rc":0,"start":"2024-06-12 01:56:22.727474","stderr":"","stderr_lines":[],"stdout":"** Verifying '/tmp/ssl.crt' against '/tmp/commercial.key'\nCertificate '/tmp/ssl.crt' and private key '/tmp/commercial.key' match.\n** Verifying '/tmp/ssl.crt' against '/tmp/chain.crt'\nValid certificate chain: /tmp/ssl.crt: OK\n** Verifying '/tmp/ssl.crt' against '/opt/zimbra/ssl/zimbra/commercial/commercial.key'\nCertificate '/tmp/ssl.crt' and private key '/opt/zimbra/ssl/zimbra/commercial/commercial.key' match.\n** Verifying '/tmp/ssl.crt' against '/tmp/chain.crt'\nValid certificate chain: /tmp/ssl.crt: OK\n** Copying '/tmp/ssl.crt' to '/opt/zimbra/ssl/zimbra/commercial/commercial.crt'\n** Copying '/tmp/chain.crt' to '/opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt'\n** Appending ca chain '/tmp/chain.crt' to '/opt/zimbra/ssl/zimbra/commercial/commercial.crt'\n** Importing cert '/opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt' as 'zcs-user-commercial_ca' into cacerts '/opt/zimbra/common/lib/jvm/java/lib/security/cacerts'\n** NOTE: restart mailboxd to use the imported certificate.\n** Saving config key 'zimbraSSLCertificate' via zmprov modifyServer ldap2.mail.ls...ok\n** Saving config key 'zimbraSSLPrivateKey' via zmprov modifyServer ldap2.mail.ls...ok\n** Installing imapd certificate '/opt/zimbra/conf/imapd.crt' and key '/opt/zimbra/conf/imapd.key'\n** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.crt' to '/opt/zimbra/conf/imapd.crt'\n** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.key' to '/opt/zimbra/conf/imapd.key'\n** Creating file '/opt/zimbra/ssl/zimbra/jetty.pkcs12'\n** Creating keystore '/opt/zimbra/conf/imapd.keystore'\n** Installing ldap certificate '/opt/zimbra/conf/slapd.crt' and key '/opt/zimbra/conf/slapd.key'\n** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.crt' to '/opt/zimbra/conf/slapd.crt'\n** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.key' to '/opt/zimbra/conf/slapd.key'\n** Installing mta certificate '/opt/zimbra/conf/smtpd.crt' and key '/opt/zimbra/conf/smtpd.key'\n** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.crt' to '/opt/zimbra/conf/smtpd.crt'\n** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.key' to '/opt/zimbra/conf/smtpd.key'\n** Installing proxy certificate '/opt/zimbra/conf/nginx.crt' and key '/opt/zimbra/conf/nginx.key'\n** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.crt' to '/opt/zimbra/conf/nginx.crt'\n** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.key' to '/opt/zimbra/conf/nginx.key'\n** NOTE: restart services to use the new certificates.\n** Cleaning up 9 files from '/opt/zimbra/conf/ca'\n** Removing /opt/zimbra/conf/ca/ca.key\n** Removing /opt/zimbra/conf/ca/ca.pem\n** Removing /opt/zimbra/conf/ca/777b329e.0\n** Removing /opt/zimbra/conf/ca/commercial_ca_1.crt\n** Removing /opt/zimbra/conf/ca/65ff7287.0\n** Removing /opt/zimbra/conf/ca/commercial_ca_2.crt\n** Removing /opt/zimbra/conf/ca/fc5a8f99.0\n** Removing /opt/zimbra/conf/ca/commercial_ca_3.crt\n** Removing /opt/zimbra/conf/ca/ee64a828.0\n** Copying CA to /opt/zimbra/conf/ca\n** Copying '/opt/zimbra/ssl/zimbra/ca/ca.key' to '/opt/zimbra/conf/ca/ca.key'\n** Copying '/opt/zimbra/ssl/zimbra/ca/ca.pem' to '/opt/zimbra/conf/ca/ca.pem'\n** Creating CA hash symlink '777b329e.0' -> 'ca.pem'\n** Creating /opt/zimbra/conf/ca/commercial_ca_1.crt\n** Creating CA hash symlink '65ff7287.0' -> 'commercial_ca_1.crt'\n** Creating /opt/zimbra/conf/ca/commercial_ca_2.crt\n** Creating CA hash symlink 'fc5a8f99.0' -> 'commercial_ca_2.crt'\n** Creating /opt/zimbra/conf/ca/commercial_ca_3.crt\n** Creating CA hash symlink 'ee64a828.0' -> 'commercial_ca_3.crt'\nHost ldap2.mail.ls\n\tStopping vmware-ha...Done.\n\tStopping zmconfigd...Done.\n\tStopping zimlet webapp...Done.\n\tStopping zimbraAdmin webapp...Done.\n\tStopping zimbra webapp...Done.\n\tStopping service webapp...Done.\n\tStopping stats...Done.\n\tStopping onlyoffice...Done.\n\tStopping spell...Done.\n\tStopping snmp...Done.\n\tStopping cbpolicyd...Done.\n\tStopping archiving...Done.\n\tStopping opendkim...Done.\n\tStopping amavis...Done.\n\tStopping antivirus...Done.\n\tStopping antispam...Done.\n\tStopping proxy...Done.\n\tStopping memcached...Done.\n\tStopping mailbox...Done.\n\tStopping logger...Done.\n\tStopping dnscache...Done.\n\tStopping ldap...Done.\nHost ldap2.mail.ls\n\tStarting ldap...Done.\n\tStarting zmconfigd...Done.\n\tStarting stats...Done.\n- imapd: /opt/zimbra/conf/imapd.crt\nnotBefore=May 28 00:00:00 2024 GMT\nnotAfter=May 28 23:59:59 2025 GMT\nsubject=CN = *.mail.ls\nissuer=C = GB, ST = Greater Manchester, L = Salford, O = Sectigo Limited, CN = Sectigo RSA Domain Validation Secure Server CA\nSubjectAltName=*.mail.ls, mail.ls\n- ldap: /opt/zimbra/conf/slapd.crt\nnotBefore=May 28 00:00:00 2024 GMT\nnotAfter=May 28 23:59:59 2025 GMT\nsubject=CN = *.mail.ls\nissuer=C = GB, ST = Greater Manchester, L = Salford, O = Sectigo Limited, CN = Sectigo RSA Domain Validation Secure Server CA\nSubjectAltName=*.mail.ls, mail.ls\n- mta: /opt/zimbra/conf/smtpd.crt\nnotBefore=May 28 00:00:00 2024 GMT\nnotAfter=May 28 23:59:59 2025 GMT\nsubject=CN = *.mail.ls\nissuer=C = GB, ST = Greater Manchester, L = Salford, O = Sectigo Limited, CN = Sectigo RSA Domain Validation Secure Server CA\nSubjectAltName=*.mail.ls, mail.ls\n- proxy: /opt/zimbra/conf/nginx.crt\nnotBefore=May 28 00:00:00 2024 GMT\nnotAfter=May 28 23:59:59 2025 GMT\nsubject=CN = *.mail.ls\nissuer=C = GB, ST = Greater Manchester, L = Salford, O = Sectigo Limited, CN = Sectigo RSA Domain Validation Secure Server CA\nSubjectAltName=*.mail.ls, mail.ls","stdout_lines":["** Verifying '/tmp/ssl.crt' against '/tmp/commercial.key'","Certificate '/tmp/ssl.crt' and private key '/tmp/commercial.key' match.","** Verifying '/tmp/ssl.crt' against '/tmp/chain.crt'","Valid certificate chain: /tmp/ssl.crt: OK","** Verifying '/tmp/ssl.crt' against '/opt/zimbra/ssl/zimbra/commercial/commercial.key'","Certificate '/tmp/ssl.crt' and private key '/opt/zimbra/ssl/zimbra/commercial/commercial.key' match.","** Verifying '/tmp/ssl.crt' against '/tmp/chain.crt'","Valid certificate chain: /tmp/ssl.crt: OK","** Copying '/tmp/ssl.crt' to '/opt/zimbra/ssl/zimbra/commercial/commercial.crt'","** Copying '/tmp/chain.crt' to '/opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt'","** Appending ca chain '/tmp/chain.crt' to '/opt/zimbra/ssl/zimbra/commercial/commercial.crt'","** Importing cert '/opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt' as 'zcs-user-commercial_ca' into cacerts '/opt/zimbra/common/lib/jvm/java/lib/security/cacerts'","** NOTE: restart mailboxd to use the imported certificate.","** Saving config key 'zimbraSSLCertificate' via zmprov modifyServer ldap2.mail.ls...ok","** Saving config key 'zimbraSSLPrivateKey' via zmprov modifyServer ldap2.mail.ls...ok","** Installing imapd certificate '/opt/zimbra/conf/imapd.crt' and key '/opt/zimbra/conf/imapd.key'","** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.crt' to '/opt/zimbra/conf/imapd.crt'","** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.key' to '/opt/zimbra/conf/imapd.key'","** Creating file '/opt/zimbra/ssl/zimbra/jetty.pkcs12'","** Creating keystore '/opt/zimbra/conf/imapd.keystore'","** Installing ldap certificate '/opt/zimbra/conf/slapd.crt' and key '/opt/zimbra/conf/slapd.key'","** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.crt' to '/opt/zimbra/conf/slapd.crt'","** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.key' to '/opt/zimbra/conf/slapd.key'","** Installing mta certificate '/opt/zimbra/conf/smtpd.crt' and key '/opt/zimbra/conf/smtpd.key'","** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.crt' to '/opt/zimbra/conf/smtpd.crt'","** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.key' to '/opt/zimbra/conf/smtpd.key'","** Installing proxy certificate '/opt/zimbra/conf/nginx.crt' and key '/opt/zimbra/conf/nginx.key'","** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.crt' to '/opt/zimbra/conf/nginx.crt'","** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.key' to '/opt/zimbra/conf/nginx.key'","** NOTE: restart services to use the new certificates.","** Cleaning up 9 files from '/opt/zimbra/conf/ca'","** Removing /opt/zimbra/conf/ca/ca.key","** Removing /opt/zimbra/conf/ca/ca.pem","** Removing /opt/zimbra/conf/ca/777b329e.0","** Removing /opt/zimbra/conf/ca/commercial_ca_1.crt","** Removing /opt/zimbra/conf/ca/65ff7287.0","** Removing /opt/zimbra/conf/ca/commercial_ca_2.crt","** Removing /opt/zimbra/conf/ca/fc5a8f99.0","** Removing /opt/zimbra/conf/ca/commercial_ca_3.crt","** Removing /opt/zimbra/conf/ca/ee64a828.0","** Copying CA to /opt/zimbra/conf/ca","** Copying '/opt/zimbra/ssl/zimbra/ca/ca.key' to '/opt/zimbra/conf/ca/ca.key'","** Copying '/opt/zimbra/ssl/zimbra/ca/ca.pem' to '/opt/zimbra/conf/ca/ca.pem'","** Creating CA hash symlink '777b329e.0' -> 'ca.pem'","** Creating /opt/zimbra/conf/ca/commercial_ca_1.crt","** Creating CA hash symlink '65ff7287.0' -> 'commercial_ca_1.crt'","** Creating /opt/zimbra/conf/ca/commercial_ca_2.crt","** Creating CA hash symlink 'fc5a8f99.0' -> 'commercial_ca_2.crt'","** Creating /opt/zimbra/conf/ca/commercial_ca_3.crt","** Creating CA hash symlink 'ee64a828.0' -> 'commercial_ca_3.crt'","Host ldap2.mail.ls","\tStopping vmware-ha...Done.","\tStopping zmconfigd...Done.","\tStopping zimlet webapp...Done.","\tStopping zimbraAdmin webapp...Done.","\tStopping zimbra webapp...Done.","\tStopping service webapp...Done.","\tStopping stats...Done.","\tStopping onlyoffice...Done.","\tStopping spell...Done.","\tStopping snmp...Done.","\tStopping cbpolicyd...Done.","\tStopping archiving...Done.","\tStopping opendkim...Done.","\tStopping amavis...Done.","\tStopping antivirus...Done.","\tStopping antispam...Done.","\tStopping proxy...Done.","\tStopping memcached...Done.","\tStopping mailbox...Done.","\tStopping logger...Done.","\tStopping dnscache...Done.","\tStopping ldap...Done.","Host ldap2.mail.ls","\tStarting ldap...Done.","\tStarting zmconfigd...Done.","\tStarting stats...Done.","- imapd: /opt/zimbra/conf/imapd.crt","notBefore=May 28 00:00:00 2024 GMT","notAfter=May 28 23:59:59 2025 GMT","subject=CN = *.mail.ls","issuer=C = GB, ST = Greater Manchester, L = Salford, O = Sectigo Limited, CN = Sectigo RSA Domain Validation Secure Server CA","SubjectAltName=*.mail.ls, mail.ls","- ldap: /opt/zimbra/conf/slapd.crt","notBefore=May 28 00:00:00 2024 GMT","notAfter=May 28 23:59:59 2025 GMT","subject=CN = *.mail.ls","issuer=C = GB, ST = Greater Manchester, L = Salford, O = Sectigo Limited, CN = Sectigo RSA Domain Validation Secure Server CA","SubjectAltName=*.mail.ls, mail.ls","- mta: /opt/zimbra/conf/smtpd.crt","notBefore=May 28 00:00:00 2024 GMT","notAfter=May 28 23:59:59 2025 GMT","subject=CN = *.mail.ls","issuer=C = GB, ST = Greater Manchester, L = Salford, O = Sectigo Limited, CN = Sectigo RSA Domain Validation Secure Server CA","SubjectAltName=*.mail.ls, mail.ls","- proxy: /opt/zimbra/conf/nginx.crt","notBefore=May 28 00:00:00 2024 GMT","notAfter=May 28 23:59:59 2025 GMT","subject=CN = *.mail.ls","issuer=C = GB, ST = Greater Manchester, L = Salford, O = Sectigo Limited, CN = Sectigo RSA Domain Validation Secure Server CA","SubjectAltName=*.mail.ls, mail.ls"]},"created":"2024-06-12T02:57:26.833075+01:00","updated":"2024-06-12T02:57:26.833102+01:00","started":"2024-06-12T02:56:22.363678+01:00","ended":"2024-06-12T02:57:26.825463+01:00","duration":"00:01:04.461785","changed":false,"ignore_errors":false}