majic-ansible-roles Files · testsite/playbooks/tls.yml

Files @ 6f26ccefa724

Branch filter:

Location: majic-ansible-roles/testsite/playbooks/tls.yml - annotation

6f26ccefa724 2.2 KiB text/x-yaml Show Source Show as Raw Download as Raw

branko

MAR-151: Added support for Debian 10 Buster to php_website role:

- Updated role reference documentaiton.
- Updated role meta information.
- Updated tests.
- Refactor the code to take into account differences in PHP-related
paths between Debian Stretch and Debian Buster.
- Make the test for web application user less dependant on what the
actual UID number is in case of default value. By default user
should be created as system user, which means its UID number should
be less than 1000.
- Drop the installation of libmariadbclient-dev-compat library - the
test is good enough without it, and the actual package is
differently named under Debian Stretch and Debian Buster (which
would complicate the test without any benefits).

70733167cdf8
70733167cdf8
70733167cdf8
70733167cdf8
70733167cdf8
70733167cdf8
70733167cdf8
70733167cdf8
70733167cdf8
70733167cdf8
70733167cdf8
70733167cdf8
70733167cdf8
70733167cdf8
70733167cdf8
70733167cdf8
70733167cdf8
70733167cdf8
70733167cdf8
70733167cdf8
70733167cdf8
70733167cdf8
70733167cdf8
2b3af82bc50e
2b3af82bc50e
2b3af82bc50e
70733167cdf8
70733167cdf8
70733167cdf8
2ded0cbae449
2ded0cbae449
70733167cdf8
70733167cdf8
70733167cdf8
a668b3669853
70733167cdf8
70733167cdf8
70733167cdf8
70733167cdf8
70733167cdf8
70733167cdf8
70733167cdf8
70733167cdf8
70733167cdf8
70733167cdf8
a668b3669853
70733167cdf8
70733167cdf8
70733167cdf8
70733167cdf8
70733167cdf8
70733167cdf8
70733167cdf8
70733167cdf8
a668b3669853
70733167cdf8
a668b3669853

---

- hosts: preseed
  vars:
    host_tls_info:
      - hostname: ldap
        service: ldap
        name: LDAP
      - hostname: mail
        service: imap
        name: IMAP
      - hostname: mail
        service: smtp
        name: SMTP
      - hostname: phpinfo
        service: https
        name: PHP Info
      - hostname: web
        service: https
        name: Web
      - hostname: wsgi
        service: https
        name: WSGI Hello World
      - hostname: wsgireq
        service: https
        name: WSGI Hello World
      - hostname: xmpp
        service: xmpp
        name: XMPP
        extra_dns_names:
          - "{{ testsite_domain }}"
  tasks:
    - name: Create GnuTLS certificate templates for all hosts
      template: src="../tls/gnutls_server_certificate.cfg.j2" dest="../tls/{{ item.hostname }}.{{ testsite_domain }}_{{ item.service }}.cfg"
      with_items: "{{ host_tls_info }}"
    - name: Create the CA key
      command: certtool --sec-param high --generate-privkey --outfile ../tls/ca.key
      args:
        creates: ../tls/ca.key
    - name: Create the CA certificate
      command: certtool --template ../tls/ca.cfg --generate-self-signed --load-privkey ../tls/ca.key --outfile ../tls/ca.pem
      args:
        creates: ../tls/ca.pem
    - name: Create private keys for all hosts
      command: certtool --sec-param normal --generate-privkey --outfile "../tls/{{ item.hostname }}.{{ testsite_domain }}_{{ item.service }}.key"
      with_items: "{{ host_tls_info }}"
      args:
        creates: "../tls/{{ item.hostname }}.{{ testsite_domain }}_{{ item.service }}.key"
    - name: Issue certificates for all hosts
      shell: sleep 1 && certtool --generate-certificate
             --load-ca-privkey "../tls/ca.key" --load-ca-certificate "../tls/ca.pem"
             --template "../tls/{{ item.hostname }}.{{ testsite_domain }}_{{ item.service }}.cfg"
             --load-privkey "../tls/{{ item.hostname }}.{{ testsite_domain }}_{{ item.service }}.key"
             --outfile "../tls/{{ item.hostname }}.{{ testsite_domain }}_{{ item.service }}.pem"
      with_items: "{{ host_tls_info }}"
      args:
        creates: "../tls/{{ item.hostname }}.{{ testsite_domain }}_{{ item.service }}.pem"