Update to 2020-11-27 20:00

master
Daniel Berteaud 4 years ago
parent 6faf392d9a
commit 0352af510d
  1. 17
      roles/openxpki/defaults/main.yml
  2. 6
      roles/openxpki/files/openxpki-auth-ldap
  3. 10
      roles/openxpki/files/openxpki.te
  4. 8
      roles/openxpki/files/upgrade_to_v3.8.sql
  5. 2
      roles/openxpki/meta/main.yml
  6. 6
      roles/openxpki/tasks/cleanup.yml
  7. 4
      roles/openxpki/tasks/conf.yml
  8. 2
      roles/openxpki/tasks/directories.yml
  9. 7
      roles/openxpki/tasks/facts.yml
  10. 181
      roles/openxpki/tasks/install.yml
  11. 8
      roles/openxpki/tasks/pki.yml
  12. 14
      roles/openxpki/tasks/selinux.yml
  13. 28
      roles/openxpki/templates/config.d/realm/profile/default.yaml.j2
  14. 2
      roles/openxpki/templates/config.d/realm/profile/tls_client.yaml.j2
  15. 2
      roles/openxpki/templates/config.d/realm/profile/tls_server.yaml.j2
  16. 31
      roles/openxpki/templates/config.d/realm/workflow/global/validator/password_quality.yaml.j2
  17. 2
      roles/openxpki/templates/config.d/system/crypto.yaml.j2
  18. 10
      roles/openxpki/templates/config.d/system/database.yaml.j2
  19. 8
      roles/openxpki/templates/config.d/system/server.yaml.j2
  20. 3
      roles/openxpki/templates/config.d/system/watchdog.yaml.j2
  21. 10
      roles/openxpki/templates/log.conf.j2
  22. 2
      roles/openxpki/templates/openxpki.service.j2
  23. 4
      roles/openxpki/templates/perms.sh.j2
  24. 2
      roles/openxpki/templates/post-backup.j2
  25. 13
      roles/openxpki/templates/pre-backup.j2
  26. 2
      roles/openxpki/templates/scep/log.conf.j2
  27. 2
      roles/openxpki/templates/webui/log.conf.j2
  28. 19
      roles/openxpki/vars/CentOS-7.yml
  29. 20
      roles/openxpki/vars/CentOS-8.yml

@ -1,12 +1,12 @@
---
pki_version: 3.6.1
pki_version: 3.8.1
pki_archive_url: https://github.com/openxpki/openxpki/archive/v{{ pki_version }}.tar.gz
pki_archive_sha1: 95573cbdcd75f654f5b79c1e0f5f3ca576f97b76
pki_archive_sha1: 9ba93400aa689a5daeedca59b531928373c616b9
pki_config_version: 3.6
pki_config_version: 3.8
pki_config_archive_url: https://github.com/openxpki/openxpki-config/archive/v{{ pki_config_version }}.tar.gz
pki_config_archive_sha1: 22178afe883e636aebb607952c297e944cfe0023
pki_config_archive_sha1: 9f1499aee6be42f26a2bdddee4687fa02f23f8f2
# Should ansible handle updates or only initial install
pki_manage_upgrade: True
@ -79,14 +79,7 @@ pki_default_realm:
filter: 'cn=*'
role: 'Anonymous'
passwd_quality: normal
# passwd_quality can either be string none, normal or strong. Or a dict
# for fine grain tuning, with the following keys
# minlen: 8
# maxlen: 64
# groups: 2
# dictionary: 4
# following: 3
# following_keyboard: 3
# passwd_quality can either be string none, normal or strong.
# pki_extra_realm just lets you override some of the defaults, without
# redefining the whole dict

@ -392,7 +392,7 @@ if(defined($filter)) {
print STDERR "$tag: info: successfully authenticated as '$userdn'\n" if($verbose);
if(defined($print)) {
print STDERR "$tag: debug: print was requested by user\n" if($debug);
if($print =~ /%{[a-zA-Z0-9_]+}/) {
if($print =~ /%\{[a-zA-Z0-9_]+\}/) {
print STDERR "$tag: debug: print template contains placeholders -- will retrieve user attributes\n" if($debug);
if($rebind) {
if($debug) {
@ -432,10 +432,10 @@ if(defined($print)) {
my @entries = $result->entries();
my $userentry = @entries[0];
print STDERR "$tag: debug: substituting s/%{dn}/$userdn/gi\n" if($debug);
$print =~ s/%{dn}/$userdn/gi;
$print =~ s/%\{dn\}/$userdn/gi;
foreach my $attr ($userentry->attributes) {
my @values = $userentry->get_value($attr);
if($print =~ /%{$attr}/) {
if($print =~ /%\{$attr\}/) {
if($debug) {
print STDERR "$tag: debug: substituting s/%{$attr}/$_/gi\n" foreach (@values);
}

@ -0,0 +1,10 @@
module openxpki 1.0;
require {
type httpd_sys_script_t;
type httpd_var_run_t;
class sock_file write;
}
#============= httpd_sys_script_t ==============
allow httpd_sys_script_t httpd_var_run_t:sock_file write;

@ -0,0 +1,8 @@
CREATE TABLE IF NOT EXISTS `users` (
`username` varchar(255) NOT NULL,
`password` varchar(255) DEFAULT NULL,
`pki_realm` varchar(255) DEFAULT NULL,
`mail` varchar(255) NOT NULL,
`realname` varchar(255) DEFAULT NULL,
`role` varchar(255) DEFAULT NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8;

@ -2,3 +2,5 @@
dependencies:
- role: httpd_common
- role: mkdir
- role: mysql_server
when: pki_db_server in ['localhost', '127.0.0.1']

@ -16,3 +16,9 @@
- item != 'openxpki-config-' ~ pki_config_version
- item != 'openxpki-config-' ~ pki_config_version ~ '.tar.gz'
tags: pki
- name: Remove obsolete and temp files and directories
file: path={{ item }} state=absent
loop:
- "{{ pki_root_dir }}/db_dumps"
tags: pki

@ -11,7 +11,9 @@
- name: Remove notification dir from the config
file: path={{ pki_root_dir }}/etc/notification state=absent
when: pki_notif_config.stat.isdir
when:
- pki_notif_config.stat.isdir is defined
- pki_notif_config.stat.isdir
tags: pki
- name: Copy default configuration

@ -33,7 +33,7 @@
mode: 700
- path: locale
- path: web
- path: db_dumps
- path: backup
mode: 700
- path: src
- path: archives

@ -1,5 +1,12 @@
---
- include_vars: "{{ item }}"
with_first_found:
- vars/{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml
- vars/{{ ansible_distribution }}.yml
- vars/{{ ansible_os_family }}.yml
tags: pki
# Merge realm config
- name: Build PKI realm config
set_fact: pki_realms_conf={{ pki_realms_conf | default([]) + [ pki_realm_conf | combine(item, recursive=True) ] }}

@ -1,23 +1,7 @@
---
- name: Install dependencies
yum:
name:
- openssl-devel
- openldap-devel
- libxml2-devel
- expat-devel
- mariadb-devel
- libapreq2-devel
- gcc
- perl-App-cpanminus
- gettext # To build I18N files
- pwgen # To generate random secrets
- java-1.8.0-openjdk-headless # For keytool utility
- systemd-devel # Needed for Log::Log4perl::Appender::Journald
- MySQL-python # To create and manage the MySQL DB
- mysql # To load the schema
- patch # To apply local patches
yum: name={{ pki_packages }}
tags: pki
- name: Download OpenXPKI
@ -68,64 +52,79 @@
when: pki_install_mode == 'upgrade'
tags: pki
- name: Install perl modules needed to run the build
cpanm:
name: "{{ item }}"
locallib: "{{ pki_root_dir }}"
with_items:
- Config::Std
- Fatal
tags: pki
- name: Install perl module without tests
cpanm:
name: "{{ item }}"
locallib: "{{ pki_root_dir }}"
notest: True
with_items:
- Git::PurePerl
- Connector # This module tries to fetch web content without checking proxy from env
tags: pki
- name: Install OpenXPKI dependencies
cpanm:
locallib: "{{ pki_root_dir }}"
installdeps: True
from_path: "{{ pki_root_dir }}/src/openxpki-{{ pki_version }}/core/server"
environment:
PERL5LIB: "{{ pki_root_dir }}/lib/perl5"
PATH: "{{ pki_root_dir }}/bin:{{ ansible_env.PATH }}"
tags: pki
- name: Build OpenXPKI
cpanm:
locallib: "{{ pki_root_dir }}"
from_path: "{{ pki_root_dir }}/src/openxpki-{{ pki_version }}/core/server"
notest: True
when: pki_install_mode != 'none'
environment:
PERL5LIB: "{{ pki_root_dir }}/lib/perl5"
PATH: "{{ pki_root_dir }}/bin:{{ ansible_env.PATH }}"
tags: pki
- when: pki_install_mode != 'none'
block:
- name: Install perl module without tests
cpanm:
name: "{{ item }}"
locallib: "{{ pki_root_dir }}"
notest: True
with_items:
- Git::PurePerl
- Connector # This module tries to fetch web content without checking proxy from env
- Net::Server # 2 tests are failing on el8 t/SSL_test.t and t/SSLEAY_test.t
- name: Install OpenXPKI dependencies
cpanm:
locallib: "{{ pki_root_dir }}"
installdeps: True
from_path: "{{ pki_root_dir }}/src/openxpki-{{ pki_version }}/core/server"
environment:
PERL5LIB: "{{ pki_root_dir }}/lib/perl5"
PATH: "{{ pki_root_dir }}/bin:{{ ansible_env.PATH }}"
- name: Install additional perl modules
cpanm:
name: "{{ item }}"
locallib: "{{ pki_root_dir }}"
with_items:
- Devel::CheckLib # Needed to build BDB::mysql >= 4.047
- DBD::mysql
- Log::Log4perl::Appender::Screen # Log::Log4perl::Appender::Journald is broken on systemd > 209
- Data::Dump # Needed for the external ldap auth script
- String::Escape # Needed for the external ldap auth script
- TINITA/YAML-1.30.tar.gz
- name: Build OpenXPKI
cpanm:
locallib: "{{ pki_root_dir }}"
from_path: "{{ pki_root_dir }}/src/openxpki-{{ pki_version }}/core/server"
notest: True
environment:
PERL5LIB: "{{ pki_root_dir }}/lib/perl5"
PATH: "{{ pki_root_dir }}/bin:{{ ansible_env.PATH }}"
- name: Install OpenXPKI
command: make install
args:
chdir: "{{ pki_root_dir }}/src/openxpki-{{ pki_version }}/core/server"
notify: restart openxpki
# This is needed so the build-pot.pl script finds msg labels in config
# during the make scan step in next task
- name: Copy default conf in server source directory
synchronize:
src: "{{ pki_root_dir }}/src/openxpki-config-{{ pki_config_version }}/"
dest: "{{ pki_root_dir }}/src/openxpki-{{ pki_version }}/config/"
recursive: True
delete: True
delegate_to: "{{ inventory_hostname }}"
- name: Scan, build and install translations
shell: make scan && make && make install LOCALE_DIR={{ pki_root_dir }}/locale
args:
chdir: "{{ pki_root_dir }}/src/openxpki-{{ pki_version }}/core/i18n"
- name: Install the web UI
synchronize:
src: "{{ pki_root_dir }}/src/openxpki-{{ pki_version }}/core/server/{{ item }}"
dest: "{{ pki_root_dir }}/web/"
recursive: True
delegate_to: "{{ inventory_hostname }}"
with_items:
- cgi-bin
- htdocs
- name: Install additional perl modules
cpanm:
name: "{{ item }}"
locallib: "{{ pki_root_dir }}"
with_items:
- Devel::CheckLib # Needed to build BDB::mysql >= 4.047
- DBD::mysql
- Log::Log4perl::Appender::Journald
- Data::Dump # Needed for the external ldap auth script
- String::Escape # Needed for the external ldap auth script
tags: pki
- name: Install OpenXPKI
command: make install
args:
chdir: "{{ pki_root_dir }}/src/openxpki-{{ pki_version }}/core/server"
when: pki_install_mode != 'none'
notify: restart openxpki
tags: pki
- name: Install OpenXPKI CGI::Session driver
@ -135,36 +134,6 @@
remote_src: True
tags: pki
# This is needed so the build-pot.pl script finds msg labels in config
# during the make scan step in next task
- name: Copy default conf in server source directory
synchronize:
src: "{{ pki_root_dir }}/src/openxpki-config-{{ pki_config_version }}/"
dest: "{{ pki_root_dir }}/src/openxpki-{{ pki_version }}/config/"
recursive: True
delete: True
delegate_to: "{{ inventory_hostname }}"
when: pki_install_mode != 'none'
tags: pki
- name: Scan, build and install translations
shell: make scan && make && make install LOCALE_DIR={{ pki_root_dir }}/locale
args:
chdir: "{{ pki_root_dir }}/src/openxpki-{{ pki_version }}/core/i18n"
when: pki_install_mode != 'none'
tags: pki
- name: Install the web UI
synchronize:
src: "{{ pki_root_dir }}/src/openxpki-{{ pki_version }}/core/server/{{ item }}"
dest: "{{ pki_root_dir }}/web/"
recursive: True
delegate_to: "{{ inventory_hostname }}"
with_items:
- cgi-bin
- htdocs
when: pki_install_mode != 'none'
tags: pki
- name: Fix relative URL in the index page
command: sed -i -e 's|/openxpki/|{{ pki_web_alias }}|g' {{ pki_root_dir }}/web/htdocs/default.html
@ -217,7 +186,7 @@
login_password: "{{ mysql_admin_pass }}"
when:
- pki_install_mode == 'install'
- pki_db.changed
- db_created.changed
tags: pki
- name: Copy additional sql scripts
@ -270,6 +239,7 @@
copy: src=upgrade_to_v{{ item }}.sql dest={{ pki_root_dir }}/src/openxpki-config-{{ pki_config_version }}/contrib/sql/
loop:
- '3.4'
- '3.8'
tags: pki
- name: Apply db upgrades
@ -282,6 +252,7 @@
login_password: "{{ mysql_admin_pass }}"
loop:
- '3.4'
- '3.8'
when:
- pki_install_mode == 'upgrade'
- pki_current_version is version(item, '<')

@ -201,3 +201,11 @@
when: item.changed
tags: pki
- name: Deploy permission script
template: src=perms.sh.j2 dest={{ pki_root_dir }}/bin/perms.sh mode=755
tags: pki
- name: Fix permissions on key files
command: "{{ pki_root_dir }}/bin/perms.sh }}"
changed_when: False
tags: pki

@ -21,3 +21,17 @@
changed_when: False
tags: pki
- name: Copy SElinux policy file
copy: src=openxpki.te dest=/etc/selinux/targeted/local/
register: pki_selinux_policy
tags: pki
- name: Add local policy
shell: |
cd /etc/selinux/targeted/local/
checkmodule -M -m -o openxpki.mod openxpki.te
semodule_package -o openxpki.pp -m openxpki.mod
when: pki_selinux_policy.changed
tags: pki

@ -6,14 +6,11 @@ key:
enc:
- aes256
- _3des
- idea
generate: both
rsa:
key_length:
- _1024
- 2048
- 4096
@ -39,11 +36,10 @@ publish:
- disk
extensions:
copy: copy
basic_constraints:
critical: 1
ca: 0
path_length: 0
subject_key_identifier:
critical: 0
@ -52,11 +48,11 @@ extensions:
authority_key_identifier:
critical: 0
keyid: 1
issuer: 1
issuer: 0
issuer_alt_name:
critical: 0
copy: 1
copy: 0
crl_distribution_points:
critical: 0
@ -71,21 +67,3 @@ extensions:
policy_identifier:
critical: 0
netscape:
comment:
critical: 0
text: This is a generic certificate. Generated with OpenXPKI trustcenter software.
certificate_type:
critical: 0
ssl_client: 0
smime_client: 0
object_signing: 0
ssl_client_ca: 0
smime_client_ca: 0
object_signing_ca: 0
cdp:
critical: 0
uri: {{ pki_base_url }}{{ (pki_base_url is search('/^')) | ternary('','/') }}pub/[% ISSUER.CN.0 %]/crl
ca_uri: {{ pki_base_url }}{{ (pki_base_url is search('/^')) | ternary('','/') }}pub/[% ISSUER.CN.0 %]/crl

@ -30,7 +30,7 @@ style:
enroll:
subject:
dn: CN=[% serial %],{{ item.0.subj_suffix }}
dn: CN=[% CN.0 %],{{ item.0.subj_suffix }}
# Profile extensions - set 0/1 as needed

@ -77,7 +77,7 @@ extensions:
non_repudiation: 0
key_encipherment: 1
data_encipherment: 0
key_agreement: 0
key_agreement: 1
key_cert_sign: 0
crl_sign: 0
encipher_only: 0

@ -2,34 +2,21 @@ class: OpenXPKI::Server::Workflow::Validator::PasswordQuality
arg:
- $_password
param:
checks:
- length
{% if item.0.passwd_quality is string %}
{% if item.0.passwd_quality == 'none' %}
minlen: 0
maxlen: 0
groups: 0
dictionary: 0
following: 0
following_keyboard: 0
minlen: 1
maxlen: 64
{% elif item.0.passwd_quality == 'normal' %}
- entropy
min_entropy: 20
minlen: 6
maxlen: 64
groups: 2
dictionary: 0
following: 0
following_keyboard: 0
{% elif item.0.passwd_quality == 'strong' %}
minlen: 8
- entropy
min_entropy: 60
minlen: 10
maxlen: 64
groups: 2
dictionary: 4
following: 3
following_keyboard: 3
{% endif %}
{% else %}
minlen: {{ item.0.passwd_quality.minlen }}
maxlen: {{ item.0.passwd_quality.maxlen }}
groups: {{ item.0.passwd_quality.groups }}
dictionary: {{ item.0.passwd_quality.dictionary }}
following: {{ item.0.passwd_quality.following }}
following_keyboard: {{ item.0.passwd_quality.following_keyboard }}
{% endif %}

@ -2,7 +2,7 @@ tokenapi:
certsign: OpenXPKI::Crypto::Backend::API
crlsign: OpenXPKI::Crypto::Backend::API
datasafe: OpenXPKI::Crypto::Backend::API
scep: OpenXPKI::Crypto::Tool::SCEP::API
scep: OpenXPKI::Crypto::Tool::LibSCEP::API
token:
default:

@ -1,8 +1,8 @@
main:
debug: 0
type: MySQL
name: {{ pki_db_name }}
host: {{ pki_db_server }}
port: {{ pki_db_port }}
user: {{ pki_db_user }}
passwd: {{ pki_db_pass }}
name: '{{ pki_db_name }}'
host: '{{ pki_db_server }}'
port: '{{ pki_db_port }}'
user: '{{ pki_db_user }}'
passwd: '{{ pki_db_pass | regex_replace("'","''") }}'

@ -12,6 +12,7 @@ environment:
session:
type: Database
table: frontend_session
transport:
Simple: 1
@ -19,13 +20,10 @@ transport:
service:
Default:
enabled: 1
timeout: 120
SCEP:
enabled: 1
idle_timeout: 120
LibSCEP:
enabled: 0
enabled: 1
# settings for i18n
i18n:

@ -3,9 +3,10 @@ max_exception_threshhold: 10
interval_sleep_exception: 60
max_tries_hanging_workflows: 3
interval_wait_initial: 30
interval_wait_initial: 10
interval_loop_idle: 5
interval_loop_run: 1
interval_sleep_overload: 15
interval_session_purge: 300

@ -53,11 +53,11 @@ log4perl.filter.FilterIsWorkflow = Log::Log4perl::Filt
log4perl.filter.FilterIsWorkflow.KeyToMatch = wfid
log4perl.filter.FilterIsWorkflow.RegexToMatch = \d+
log4perl.appender.Journal = Log::Log4perl::Appender::Journald
log4perl.appender.Journal = Log::Log4perl::Appender::Screen
log4perl.appender.Journal.layout = Log::Log4perl::Layout::SimpleLayout
log4perl.appender.Journal.utf8 = 1
log4perl.appender.CatchAll = Log::Log4perl::Appender::Journald
log4perl.appender.CatchAll = Log::Log4perl::Appender::Screen
log4perl.appender.CatchAll.layout = Log::Log4perl::Layout::SimpleLayout
log4perl.appender.CatchAll.utf8 = 1
@ -68,7 +68,7 @@ log4perl.appender.ApplicationDBI.layout.ConversionPattern = %m (%X{user})
log4perl.appender.ApplicationDBI.table = application_log
log4perl.appender.ApplicationDBI.microseconds = 1
log4perl.appender.ApplicationFile = Log::Log4perl::Appender::Journald
log4perl.appender.ApplicationFile = Log::Log4perl::Appender::Screen
log4perl.appender.ApplicationFile.Filter = FilterIsWorkflow
log4perl.appender.ApplicationFile.layout = Log::Log4perl::Layout::PatternLayout
log4perl.appender.ApplicationFile.layout.ConversionPattern = %X{wfid} %m %n
@ -78,11 +78,11 @@ log4perl.appender.AuditDBI = OpenXPKI::Server::L
log4perl.appender.AuditDBI.layout = OpenXPKI::Server::Log::Layout::Audit
log4perl.appender.AuditDBI.warp_message = 0
log4perl.appender.AuditFile = Log::Log4perl::Appender::Journald
log4perl.appender.AuditFile = Log::Log4perl::Appender::Screen
log4perl.appender.AuditFile.layout = OpenXPKI::Server::Log::Layout::Audit
log4perl.appender.AuditFile.layout.ConversionPattern = %c.%p %m [pid=%P|%i]%n
log4perl.appender.AuditFile.utf8 = 1
log4perl.appender.Deprecated = Log::Log4perl::Appender::Journald
log4perl.appender.Deprecated = Log::Log4perl::Appender::Screen
log4perl.appender.Deprecated.layout = Log::Log4perl::Layout::SimpleLayout

@ -14,7 +14,7 @@ PrivateDevices=yes
ProtectSystem=full
ProtectHome=yes
NoNewPrivileges=yes
MemoryLimit=512M
MemoryLimit=1024M
Restart=on-failure
StartLimitInterval=0
RestartSec=20

@ -0,0 +1,4 @@
#!/bin/bash
chown -R {{ pki_user }}:{{ pki_user }} {{ pki_root_dir }}/etc/ssl
chmod 700 {{ pki_root_dir }}/etc/ssl

@ -1,3 +1,3 @@
#!/bin/sh
rm -f {{ pki_root_dir }}/db_dumps/*
rm -f {{ pki_root_dir }}/backup/*

@ -1,7 +1,10 @@
#!/bin/sh
/usr/bin/mysqldump --user={{ pki_db_user }} \
--password={{ pki_db_pass }} \
--host={{ pki_db_server }} \
--quick --single-transaction \
--add-drop-table {{ pki_db_name }} | lz4 -c > {{ pki_root_dir }}/db_dumps/{{ pki_db_name }}.sql.lz4
/usr/bin/mysqldump \
{% if pki_db_server not in [ '127.0.0.1', 'localhost' ] %}
--user={{ pki_db_user }} \
--password={{ pki_db_pass }} \
--host={{ pki_db_server }} \
{% endif %}
--quick --single-transaction \
--add-drop-table {{ pki_db_name }} | zstd -c > {{ pki_root_dir }}/backup/{{ pki_db_name }}.sql.zst

@ -1,5 +1,5 @@
log4perl.category.client.scep = DEBUG, Logfile
log4perl.appender.Logfile = Log::Log4perl::Appender::Journald
log4perl.appender.Logfile = Log::Log4perl::Appender::Screen
log4perl.appender.Logfile.layout = Log::Log4perl::Layout::PatternLayout
log4perl.appender.Logfile.layout.ConversionPattern = scep
log4perl.appender.Logfile.utf8 = 1

@ -1,6 +1,6 @@
log4perl.logger = INFO, Journal
log4perl.appender.Journal = Log::Log4perl::Appender::Journald
log4perl.appender.Journal = Log::Log4perl::Appender::Screen
log4perl.appender.Journal.layout = Log::Log4perl::Layout::PatternLayout
log4perl.appender.Journal.layout.ConversionPattern = OpenXPKI-WebUI %m
log4perl.appender.Journal.utf8 = 1

@ -0,0 +1,19 @@
---
pki_packages:
- openssl-devel
- openldap-devel
- libxml2-devel
- expat-devel
- mariadb-devel
- libapreq2-devel
- gcc
- perl-App-cpanminus
- gettext # To build I18N files
- pwgen # To generate random secrets
- java-1.8.0-openjdk-headless # For keytool utility
- mariadb # To load the schema
- patch # To apply local patches
- perl-autodie # Provides perl(Fatal), needed to install perl deps
- perl-Config-Std # needed to install perl deps

@ -0,0 +1,20 @@
---
pki_packages:
- openssl-devel
- openldap-devel
- libxml2-devel
- expat-devel
- mariadb-devel
- libapreq2-devel
- gcc
- perl-App-cpanminus
- gettext # To build I18N files
- pwgen # To generate random secrets
- java-1.8.0-openjdk-headless # For keytool utility
- mariadb # To load the schema
- patch # To apply local patches
- perl-autodie # Provides perl(Fatal), needed to install perl deps
- perl-Config-Std # needed to install perl deps
- glibc-langpack-en
Loading…
Cancel
Save