Files
@ 54e3820a872e
Branch filter:
Location: majic-ansible-roles/testsite/playbooks/tls.yml - annotation
54e3820a872e
2.4 KiB
text/x-yaml
MAR-218: Update to non-deprecated ldap_attrs module in usage instructions.
70733167cdf8 70733167cdf8 0a435b5ba2cf 0a435b5ba2cf 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 2b3af82bc50e 2b3af82bc50e 2b3af82bc50e 70733167cdf8 70733167cdf8 70733167cdf8 2ded0cbae449 2ded0cbae449 70733167cdf8 70733167cdf8 0a435b5ba2cf 0a435b5ba2cf 0a435b5ba2cf 0a435b5ba2cf a668b3669853 70733167cdf8 0a435b5ba2cf 70733167cdf8 70733167cdf8 70733167cdf8 0a435b5ba2cf 70733167cdf8 70733167cdf8 70733167cdf8 0a435b5ba2cf 0a435b5ba2cf a668b3669853 70733167cdf8 70733167cdf8 70733167cdf8 0a435b5ba2cf 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 a668b3669853 70733167cdf8 a668b3669853 | ---
- name: Generate TLS private keys and certificates
hosts: preseed
vars:
host_tls_info:
- hostname: ldap
service: ldap
name: LDAP
- hostname: mail
service: imap
name: IMAP
- hostname: mail
service: smtp
name: SMTP
- hostname: phpinfo
service: https
name: PHP Info
- hostname: web
service: https
name: Web
- hostname: wsgi
service: https
name: WSGI Hello World
- hostname: wsgireq
service: https
name: WSGI Hello World
- hostname: xmpp
service: xmpp
name: XMPP
extra_dns_names:
- "{{ testsite_domain }}"
tasks:
- name: Create GnuTLS certificate templates for all hosts
ansible.builtin.template:
src: "../tls/gnutls_server_certificate.cfg.j2"
dest: "../tls/{{ item.hostname }}.{{ testsite_domain }}_{{ item.service }}.cfg"
mode: "0640"
with_items: "{{ host_tls_info }}"
- name: Create the CA key
ansible.builtin.command: certtool --sec-param high --generate-privkey --outfile ../tls/ca.key
args:
creates: ../tls/ca.key
- name: Create the CA certificate
ansible.builtin.command: certtool --template ../tls/ca.cfg --generate-self-signed --load-privkey ../tls/ca.key --outfile ../tls/ca.pem
args:
creates: ../tls/ca.pem
- name: Create private keys for all hosts
ansible.builtin.command: |
certtool --sec-param normal --generate-privkey --outfile "../tls/{{ item.hostname }}.{{ testsite_domain }}_{{ item.service }}.key"
with_items: "{{ host_tls_info }}"
args:
creates: "../tls/{{ item.hostname }}.{{ testsite_domain }}_{{ item.service }}.key"
- name: Issue certificates for all hosts
ansible.builtin.shell: sleep 1 && certtool --generate-certificate
--load-ca-privkey "../tls/ca.key" --load-ca-certificate "../tls/ca.pem"
--template "../tls/{{ item.hostname }}.{{ testsite_domain }}_{{ item.service }}.cfg"
--load-privkey "../tls/{{ item.hostname }}.{{ testsite_domain }}_{{ item.service }}.key"
--outfile "../tls/{{ item.hostname }}.{{ testsite_domain }}_{{ item.service }}.pem"
with_items: "{{ host_tls_info }}"
args:
creates: "../tls/{{ item.hostname }}.{{ testsite_domain }}_{{ item.service }}.pem"
|