Files
@ 580b2e4cb9a3
Branch filter:
Location: majic-ansible-roles/testsite/playbooks/tls.yml - annotation
580b2e4cb9a3
2.4 KiB
text/x-yaml
MAR-218: Bump Ansible version to 10.4.x:
- Fix the requirements file not depending on the patch release.
- Bump all metadata to reference the new version.
- Fix the requirements file not depending on the patch release.
- Bump all metadata to reference the new version.
70733167cdf8 70733167cdf8 0a435b5ba2cf 0a435b5ba2cf 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 2b3af82bc50e 2b3af82bc50e 2b3af82bc50e 70733167cdf8 70733167cdf8 70733167cdf8 2ded0cbae449 2ded0cbae449 70733167cdf8 70733167cdf8 0a435b5ba2cf 0a435b5ba2cf 0a435b5ba2cf 0a435b5ba2cf a668b3669853 70733167cdf8 0a435b5ba2cf 70733167cdf8 70733167cdf8 70733167cdf8 0a435b5ba2cf 70733167cdf8 70733167cdf8 70733167cdf8 0a435b5ba2cf 0a435b5ba2cf a668b3669853 70733167cdf8 70733167cdf8 70733167cdf8 0a435b5ba2cf 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 a668b3669853 70733167cdf8 a668b3669853 | ---
- name: Generate TLS private keys and certificates
hosts: preseed
vars:
host_tls_info:
- hostname: ldap
service: ldap
name: LDAP
- hostname: mail
service: imap
name: IMAP
- hostname: mail
service: smtp
name: SMTP
- hostname: phpinfo
service: https
name: PHP Info
- hostname: web
service: https
name: Web
- hostname: wsgi
service: https
name: WSGI Hello World
- hostname: wsgireq
service: https
name: WSGI Hello World
- hostname: xmpp
service: xmpp
name: XMPP
extra_dns_names:
- "{{ testsite_domain }}"
tasks:
- name: Create GnuTLS certificate templates for all hosts
ansible.builtin.template:
src: "../tls/gnutls_server_certificate.cfg.j2"
dest: "../tls/{{ item.hostname }}.{{ testsite_domain }}_{{ item.service }}.cfg"
mode: "0640"
with_items: "{{ host_tls_info }}"
- name: Create the CA key
ansible.builtin.command: certtool --sec-param high --generate-privkey --outfile ../tls/ca.key
args:
creates: ../tls/ca.key
- name: Create the CA certificate
ansible.builtin.command: certtool --template ../tls/ca.cfg --generate-self-signed --load-privkey ../tls/ca.key --outfile ../tls/ca.pem
args:
creates: ../tls/ca.pem
- name: Create private keys for all hosts
ansible.builtin.command: |
certtool --sec-param normal --generate-privkey --outfile "../tls/{{ item.hostname }}.{{ testsite_domain }}_{{ item.service }}.key"
with_items: "{{ host_tls_info }}"
args:
creates: "../tls/{{ item.hostname }}.{{ testsite_domain }}_{{ item.service }}.key"
- name: Issue certificates for all hosts
ansible.builtin.shell: sleep 1 && certtool --generate-certificate
--load-ca-privkey "../tls/ca.key" --load-ca-certificate "../tls/ca.pem"
--template "../tls/{{ item.hostname }}.{{ testsite_domain }}_{{ item.service }}.cfg"
--load-privkey "../tls/{{ item.hostname }}.{{ testsite_domain }}_{{ item.service }}.key"
--outfile "../tls/{{ item.hostname }}.{{ testsite_domain }}_{{ item.service }}.pem"
with_items: "{{ host_tls_info }}"
args:
creates: "../tls/{{ item.hostname }}.{{ testsite_domain }}_{{ item.service }}.pem"
|