ara | Result #39424: [ok] ansible.builtin.shell on mbox1 for "Install certificate on host"

/home/ssh-gateway/ansible/zimbra/install_zimbra_certificate.yaml

Execution

Date 07 Jun 2024 11:05:44 +0100

Duration 00:01:33.48

Controller ssh-gw-4.layershift.com

User root

Versions

Ansible 2.16.4

ara 1.7.1 / 1.7.1

Python 3.10.10

Summary

5 Hosts

2 Tasks

10 Results

1 Plays

1 Files

0 Records

remote_user:root check:False tags:all subset:new

Date
07 Jun 2024 11:05:44 +0100
Path
/home/ssh-gateway/ansible/zimbra/install_zimbra_certificate.yaml

Argument	Value
version	None
verbosity	2
private_key_file	/home/ssh-gateway/.ssh/id_rsa
remote_user	root
connection	ssh
timeout	None
ssh_common_args	None
sftp_extra_args	None
scp_extra_args	None
ssh_extra_args	None
ask_pass	False
connection_password_file	None
force_handlers	False
flush_cache	False
become	False
become_method	sudo
become_user	None
become_ask_pass	False
become_password_file	None
tags	['all']
skip_tags	[]
check	False
diff	False
inventory	['/home/ssh-gateway/ansible/zimbra/inventory-mail-ls']
listhosts	False
subset	new
extra_vars	Not saved by ARA as configured by 'ignored_arguments'
vault_ids	[]
ask_vault_pass	False
vault_password_files	[]
forks	20
module_path	None
syntax	False
listtasks	False
listtags	False
step	False
start_at_task	None
args	['install_zimbra_certificate.yaml']

Task result details

Status
OK
Duration
00:01:11.52
Play
Playbook to install zimbra wildcard certificate on cluster
Task
Install certificate on host
Host
mbox1

Date
07 Jun 2024 11:07:00 +0100
Module / Action
ansible.builtin.shell (/home/ssh-gateway/ansible/zimbra/install_zimbra_certificate.yaml:18)

Field	Value
changed	False
cmd	set -o pipefail chown zimbra.zimbra /tmp/commercial.key /tmp/ssl.crt /tmp/chain.crt su -l zimbra -c "cp -prf /tmp/commercial.key /opt/zimbra/ssl/zimbra/commercial/commercial.key" su -l zimbra -c "zmcertmgr verifycrt comm /tmp/commercial.key /tmp/ssl.crt /tmp/chain.crt" su -l zimbra -c "zmcertmgr deploycrt comm /tmp/ssl.crt /tmp/chain.crt" su -l zimbra -c "zmlocalconfig -e ldap_starttls_required=true" su -l zimbra -c "zmlocalconfig -e ldap_starttls_supported=1" su -l zimbra -c "zmcontrol restart" su -l zimbra -c "zmcertmgr viewdeployedcrt"
delta	0:01:10.979592
end	2024-06-07 10:07:00.753553
invocation	{ "module_args": { "_raw_params": "set -o pipefail\nchown zimbra.zimbra /tmp/commercial.key /tmp/ssl.crt /tmp/chain.crt\nsu -l zimbra -c \"cp -prf /tmp/commercial.key /opt/zimbra/ssl/zimbra/commercial/commercial.key\"\nsu -l zimbra -c \"zmcertmgr verifycrt comm /tmp/commercial.key /tmp/ssl.crt /tmp/chain.crt\"\nsu -l zimbra -c \"zmcertmgr deploycrt comm /tmp/ssl.crt /tmp/chain.crt\"\nsu -l zimbra -c \"zmlocalconfig -e ldap_starttls_required=true\"\nsu -l zimbra -c \"zmlocalconfig -e ldap_starttls_supported=1\"\nsu -l zimbra -c \"zmcontrol restart\"\nsu -l zimbra -c \"zmcertmgr viewdeployedcrt\"\n", "_uses_shell": true, "argv": null, "chdir": null, "creates": null, "executable": "/bin/bash", "expand_argument_vars": true, "removes": null, "stdin": null, "stdin_add_newline": true, "strip_empty_ends": true } }
msg
rc	0
start	2024-06-07 10:05:49.773961
stderr
stderr_lines	[]
stdout	Verifying '/tmp/ssl.crt' against '/tmp/commercial.key' Certificate '/tmp/ssl.crt' and private key '/tmp/commercial.key' match. Verifying '/tmp/ssl.crt' against '/tmp/chain.crt' Valid certificate chain: /tmp/ssl.crt: OK Verifying '/tmp/ssl.crt' against '/opt/zimbra/ssl/zimbra/commercial/commercial.key' Certificate '/tmp/ssl.crt' and private key '/opt/zimbra/ssl/zimbra/commercial/commercial.key' match. Verifying '/tmp/ssl.crt' against '/tmp/chain.crt' Valid certificate chain: /tmp/ssl.crt: OK Copying '/tmp/ssl.crt' to '/opt/zimbra/ssl/zimbra/commercial/commercial.crt' Copying '/tmp/chain.crt' to '/opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt' Appending ca chain '/tmp/chain.crt' to '/opt/zimbra/ssl/zimbra/commercial/commercial.crt' Importing cert '/opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt' as 'zcs-user-commercial_ca' into cacerts '/opt/zimbra/common/lib/jvm/java/lib/security/cacerts' NOTE: restart mailboxd to use the imported certificate. Installing imapd certificate '/opt/zimbra/conf/imapd.crt' and key '/opt/zimbra/conf/imapd.key' Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.crt' to '/opt/zimbra/conf/imapd.crt' Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.key' to '/opt/zimbra/conf/imapd.key' Creating file '/opt/zimbra/ssl/zimbra/jetty.pkcs12' Creating keystore '/opt/zimbra/conf/imapd.keystore' Installing ldap certificate '/opt/zimbra/conf/slapd.crt' and key '/opt/zimbra/conf/slapd.key' Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.crt' to '/opt/zimbra/conf/slapd.crt' Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.key' to '/opt/zimbra/conf/slapd.key' Creating file '/opt/zimbra/ssl/zimbra/jetty.pkcs12' Creating keystore '/opt/zimbra/mailboxd/etc/keystore' Installing mta certificate '/opt/zimbra/conf/smtpd.crt' and key '/opt/zimbra/conf/smtpd.key' Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.crt' to '/opt/zimbra/conf/smtpd.crt' Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.key' to '/opt/zimbra/conf/smtpd.key' Installing proxy certificate '/opt/zimbra/conf/nginx.crt' and key '/opt/zimbra/conf/nginx.key' Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.crt' to '/opt/zimbra/conf/nginx.crt' Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.key' to '/opt/zimbra/conf/nginx.key' NOTE: restart services to use the new certificates. Cleaning up 9 files from '/opt/zimbra/conf/ca' Removing /opt/zimbra/conf/ca/ca.key Removing /opt/zimbra/conf/ca/ca.pem Removing /opt/zimbra/conf/ca/777b329e.0 Removing /opt/zimbra/conf/ca/commercial_ca_1.crt Removing /opt/zimbra/conf/ca/65ff7287.0 Removing /opt/zimbra/conf/ca/commercial_ca_2.crt Removing /opt/zimbra/conf/ca/fc5a8f99.0 Removing /opt/zimbra/conf/ca/commercial_ca_3.crt Removing /opt/zimbra/conf/ca/ee64a828.0 Copying CA to /opt/zimbra/conf/ca Copying '/opt/zimbra/ssl/zimbra/ca/ca.key' to '/opt/zimbra/conf/ca/ca.key' Copying '/opt/zimbra/ssl/zimbra/ca/ca.pem' to '/opt/zimbra/conf/ca/ca.pem' Creating CA hash symlink '777b329e.0' -> 'ca.pem' Creating /opt/zimbra/conf/ca/commercial_ca_1.crt Creating CA hash symlink '65ff7287.0' -> 'commercial_ca_1.crt' Creating /opt/zimbra/conf/ca/commercial_ca_2.crt Creating CA hash symlink 'fc5a8f99.0' -> 'commercial_ca_2.crt' Creating /opt/zimbra/conf/ca/commercial_ca_3.crt Creating CA hash symlink 'ee64a828.0' -> 'commercial_ca_3.crt' Host mbox1.mail.ls Stopping vmware-ha...Done. Stopping zmconfigd...Done. Stopping zimlet webapp...Done. Stopping zimbraAdmin webapp...Done. Stopping zimbra webapp...Done. Stopping service webapp...Done. Stopping stats...Done. Stopping onlyoffice...Done. Stopping spell...Done. Stopping snmp...Done. Stopping cbpolicyd...Done. Stopping archiving...Done. Stopping opendkim...Done. Stopping amavis...Done. Stopping antivirus...Done. Stopping antispam...Done. Stopping proxy...Done. Stopping memcached...Done. Stopping mailbox...Done. Stopping convertd...Done. Stopping logger...Done. Stopping dnscache...Done. Host mbox1.mail.ls Starting zmconfigd...Done. Starting convertd...Done. Starting mailbox...Done. Starting spell...Done. Starting onlyoffice...Done. Starting stats...Done. Starting service webapp...Done. Starting zimbra webapp...Done. Starting zimbraAdmin webapp...Done. Starting zimlet webapp...Done. - imapd: /opt/zimbra/conf/imapd.crt notBefore=May 28 00:00:00 2024 GMT notAfter=May 28 23:59:59 2025 GMT subject=CN = .mail.ls issuer=C = GB, ST = Greater Manchester, L = Salford, O = Sectigo Limited, CN = Sectigo RSA Domain Validation Secure Server CA SubjectAltName=.mail.ls, mail.ls - ldap: /opt/zimbra/conf/slapd.crt notBefore=May 28 00:00:00 2024 GMT notAfter=May 28 23:59:59 2025 GMT subject=CN = .mail.ls issuer=C = GB, ST = Greater Manchester, L = Salford, O = Sectigo Limited, CN = Sectigo RSA Domain Validation Secure Server CA SubjectAltName=.mail.ls, mail.ls - mailboxd: /opt/zimbra/mailboxd/etc/mailboxd.pem notBefore=May 28 00:00:00 2024 GMT notAfter=May 28 23:59:59 2025 GMT subject=CN = .mail.ls issuer=C = GB, ST = Greater Manchester, L = Salford, O = Sectigo Limited, CN = Sectigo RSA Domain Validation Secure Server CA SubjectAltName=.mail.ls, mail.ls - mta: /opt/zimbra/conf/smtpd.crt notBefore=May 28 00:00:00 2024 GMT notAfter=May 28 23:59:59 2025 GMT subject=CN = .mail.ls issuer=C = GB, ST = Greater Manchester, L = Salford, O = Sectigo Limited, CN = Sectigo RSA Domain Validation Secure Server CA SubjectAltName=.mail.ls, mail.ls - proxy: /opt/zimbra/conf/nginx.crt notBefore=May 28 00:00:00 2024 GMT notAfter=May 28 23:59:59 2025 GMT subject=CN = .mail.ls issuer=C = GB, ST = Greater Manchester, L = Salford, O = Sectigo Limited, CN = Sectigo RSA Domain Validation Secure Server CA SubjectAltName=.mail.ls, mail.ls
stdout_lines	[ " Verifying '/tmp/ssl.crt' against '/tmp/commercial.key'", "Certificate '/tmp/ssl.crt' and private key '/tmp/commercial.key' match.", " Verifying '/tmp/ssl.crt' against '/tmp/chain.crt'", "Valid certificate chain: /tmp/ssl.crt: OK", " Verifying '/tmp/ssl.crt' against '/opt/zimbra/ssl/zimbra/commercial/commercial.key'", "Certificate '/tmp/ssl.crt' and private key '/opt/zimbra/ssl/zimbra/commercial/commercial.key' match.", " Verifying '/tmp/ssl.crt' against '/tmp/chain.crt'", "Valid certificate chain: /tmp/ssl.crt: OK", " Copying '/tmp/ssl.crt' to '/opt/zimbra/ssl/zimbra/commercial/commercial.crt'", " Copying '/tmp/chain.crt' to '/opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt'", " Appending ca chain '/tmp/chain.crt' to '/opt/zimbra/ssl/zimbra/commercial/commercial.crt'", " Importing cert '/opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt' as 'zcs-user-commercial_ca' into cacerts '/opt/zimbra/common/lib/jvm/java/lib/security/cacerts'", " NOTE: restart mailboxd to use the imported certificate.", " Installing imapd certificate '/opt/zimbra/conf/imapd.crt' and key '/opt/zimbra/conf/imapd.key'", " Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.crt' to '/opt/zimbra/conf/imapd.crt'", " Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.key' to '/opt/zimbra/conf/imapd.key'", " Creating file '/opt/zimbra/ssl/zimbra/jetty.pkcs12'", " Creating keystore '/opt/zimbra/conf/imapd.keystore'", " Installing ldap certificate '/opt/zimbra/conf/slapd.crt' and key '/opt/zimbra/conf/slapd.key'", " Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.crt' to '/opt/zimbra/conf/slapd.crt'", " Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.key' to '/opt/zimbra/conf/slapd.key'", " Creating file '/opt/zimbra/ssl/zimbra/jetty.pkcs12'", " Creating keystore '/opt/zimbra/mailboxd/etc/keystore'", " Installing mta certificate '/opt/zimbra/conf/smtpd.crt' and key '/opt/zimbra/conf/smtpd.key'", " Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.crt' to '/opt/zimbra/conf/smtpd.crt'", " Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.key' to '/opt/zimbra/conf/smtpd.key'", " Installing proxy certificate '/opt/zimbra/conf/nginx.crt' and key '/opt/zimbra/conf/nginx.key'", " Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.crt' to '/opt/zimbra/conf/nginx.crt'", " Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.key' to '/opt/zimbra/conf/nginx.key'", " NOTE: restart services to use the new certificates.", " Cleaning up 9 files from '/opt/zimbra/conf/ca'", " Removing /opt/zimbra/conf/ca/ca.key", " Removing /opt/zimbra/conf/ca/ca.pem", " Removing /opt/zimbra/conf/ca/777b329e.0", " Removing /opt/zimbra/conf/ca/commercial_ca_1.crt", " Removing /opt/zimbra/conf/ca/65ff7287.0", " Removing /opt/zimbra/conf/ca/commercial_ca_2.crt", " Removing /opt/zimbra/conf/ca/fc5a8f99.0", " Removing /opt/zimbra/conf/ca/commercial_ca_3.crt", " Removing /opt/zimbra/conf/ca/ee64a828.0", " Copying CA to /opt/zimbra/conf/ca", " Copying '/opt/zimbra/ssl/zimbra/ca/ca.key' to '/opt/zimbra/conf/ca/ca.key'", " Copying '/opt/zimbra/ssl/zimbra/ca/ca.pem' to '/opt/zimbra/conf/ca/ca.pem'", " Creating CA hash symlink '777b329e.0' -> 'ca.pem'", " Creating /opt/zimbra/conf/ca/commercial_ca_1.crt", " Creating CA hash symlink '65ff7287.0' -> 'commercial_ca_1.crt'", " Creating /opt/zimbra/conf/ca/commercial_ca_2.crt", " Creating CA hash symlink 'fc5a8f99.0' -> 'commercial_ca_2.crt'", " Creating /opt/zimbra/conf/ca/commercial_ca_3.crt", " Creating CA hash symlink 'ee64a828.0' -> 'commercial_ca_3.crt'", "Host mbox1.mail.ls", "\tStopping vmware-ha...Done.", "\tStopping zmconfigd...Done.", "\tStopping zimlet webapp...Done.", "\tStopping zimbraAdmin webapp...Done.", "\tStopping zimbra webapp...Done.", "\tStopping service webapp...Done.", "\tStopping stats...Done.", "\tStopping onlyoffice...Done.", "\tStopping spell...Done.", "\tStopping snmp...Done.", "\tStopping cbpolicyd...Done.", "\tStopping archiving...Done.", "\tStopping opendkim...Done.", "\tStopping amavis...Done.", "\tStopping antivirus...Done.", "\tStopping antispam...Done.", "\tStopping proxy...Done.", "\tStopping memcached...Done.", "\tStopping mailbox...Done.", "\tStopping convertd...Done.", "\tStopping logger...Done.", "\tStopping dnscache...Done.", "Host mbox1.mail.ls", "\tStarting zmconfigd...Done.", "\tStarting convertd...Done.", "\tStarting mailbox...Done.", "\tStarting spell...Done.", "\tStarting onlyoffice...Done.", "\tStarting stats...Done.", "\tStarting service webapp...Done.", "\tStarting zimbra webapp...Done.", "\tStarting zimbraAdmin webapp...Done.", "\tStarting zimlet webapp...Done.", "- imapd: /opt/zimbra/conf/imapd.crt", "notBefore=May 28 00:00:00 2024 GMT", "notAfter=May 28 23:59:59 2025 GMT", "subject=CN = .mail.ls", "issuer=C = GB, ST = Greater Manchester, L = Salford, O = Sectigo Limited, CN = Sectigo RSA Domain Validation Secure Server CA", "SubjectAltName=.mail.ls, mail.ls", "- ldap: /opt/zimbra/conf/slapd.crt", "notBefore=May 28 00:00:00 2024 GMT", "notAfter=May 28 23:59:59 2025 GMT", "subject=CN = .mail.ls", "issuer=C = GB, ST = Greater Manchester, L = Salford, O = Sectigo Limited, CN = Sectigo RSA Domain Validation Secure Server CA", "SubjectAltName=.mail.ls, mail.ls", "- mailboxd: /opt/zimbra/mailboxd/etc/mailboxd.pem", "notBefore=May 28 00:00:00 2024 GMT", "notAfter=May 28 23:59:59 2025 GMT", "subject=CN = .mail.ls", "issuer=C = GB, ST = Greater Manchester, L = Salford, O = Sectigo Limited, CN = Sectigo RSA Domain Validation Secure Server CA", "SubjectAltName=.mail.ls, mail.ls", "- mta: /opt/zimbra/conf/smtpd.crt", "notBefore=May 28 00:00:00 2024 GMT", "notAfter=May 28 23:59:59 2025 GMT", "subject=CN = .mail.ls", "issuer=C = GB, ST = Greater Manchester, L = Salford, O = Sectigo Limited, CN = Sectigo RSA Domain Validation Secure Server CA", "SubjectAltName=.mail.ls, mail.ls", "- proxy: /opt/zimbra/conf/nginx.crt", "notBefore=May 28 00:00:00 2024 GMT", "notAfter=May 28 23:59:59 2025 GMT", "subject=CN = .mail.ls", "issuer=C = GB, ST = Greater Manchester, L = Salford, O = Sectigo Limited, CN = Sectigo RSA Domain Validation Secure Server CA", "SubjectAltName=.mail.ls, mail.ls" ]

Playbook #650

Task result details