Files
@ 500658358454
Branch filter:
Location: majic-ansible-roles/testsite/playbooks/tls.yml - annotation
500658358454
2.0 KiB
text/x-yaml
MAR-44: Added backup server implementation. Updated testsite to include deployment of dedicated backup server. Documented the backup server implementation (except for usage instructions).
70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 | ---
- hosts: preseed
vars:
host_tls_info:
- hostname: ldap
service: ldap
name: LDAP
- hostname: mail
service: imap
name: IMAP
- hostname: mail
service: smtp
name: SMTP
- hostname: phpinfo
service: https
name: PHP Info
- hostname: web
service: https
name: Web
- hostname: wsgi
service: https
name: WSGI Hello World
- hostname: xmpp
service: xmpp
name: XMPP
tasks:
- name: Create GnuTLS certificate templates for all hosts
template: src="../tls/gnutls_server_certificate.cfg.j2" dest="../tls/{{ item.hostname }}.{{ testsite_domain }}_{{ item.service }}.cfg"
with_items: host_tls_info
- name: Create the CA key
command: certtool --sec-param high --generate-privkey --outfile ../tls/ca.key
args:
creates: ../tls/ca.key
- name: Create the CA certificate
command: certtool --template ../tls/ca.cfg --generate-self-signed --load-privkey ../tls/ca.key --outfile ../tls/ca.pem
args:
creates: ../tls/ca.pem
- name: Create private keys for all hosts
command: certtool --sec-param normal --generate-privkey --outfile "../tls/{{ item.hostname }}.{{ testsite_domain }}_{{ item.service }}.key"
with_items: host_tls_info
args:
creates: "../tls/{{ item.hostname }}.{{ testsite_domain }}_{{ item.service }}.key"
- name: Issue certificates for all hosts
shell: sleep 1 && certtool --generate-certificate
--load-ca-privkey "../tls/ca.key" --load-ca-certificate "../tls/ca.pem"
--template "../tls/{{ item.hostname }}.{{ testsite_domain }}_{{ item.service }}.cfg"
--load-privkey "../tls/{{ item.hostname }}.{{ testsite_domain }}_{{ item.service }}.key"
--outfile "../tls/{{ item.hostname }}.{{ testsite_domain }}_{{ item.service }}.pem"
with_items: host_tls_info
args:
creates: "../tls/{{ item.hostname }}.{{ testsite_domain }}_{{ item.service }}.pem"
|