Files
@ 93d485d7dc7b
Branch filter:
Location: majic-ansible-roles/testsite/playbooks/tls.yml - annotation
93d485d7dc7b
2.4 KiB
text/x-yaml
MAR-218: Undo removal of explicitly specifying Python interpreter:
- Ansible will produce warnings if the interpreter path is not
specified explicitly.
- Ansible will produce warnings if the interpreter path is not
specified explicitly.
70733167cdf8 70733167cdf8 0a435b5ba2cf 0a435b5ba2cf 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 2b3af82bc50e 2b3af82bc50e 2b3af82bc50e 70733167cdf8 70733167cdf8 70733167cdf8 2ded0cbae449 2ded0cbae449 70733167cdf8 70733167cdf8 0a435b5ba2cf 0a435b5ba2cf 0a435b5ba2cf 0a435b5ba2cf a668b3669853 70733167cdf8 0a435b5ba2cf 70733167cdf8 70733167cdf8 70733167cdf8 0a435b5ba2cf 70733167cdf8 70733167cdf8 70733167cdf8 0a435b5ba2cf 0a435b5ba2cf a668b3669853 70733167cdf8 70733167cdf8 70733167cdf8 0a435b5ba2cf 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 a668b3669853 70733167cdf8 a668b3669853 | ---
- name: Generate TLS private keys and certificates
hosts: preseed
vars:
host_tls_info:
- hostname: ldap
service: ldap
name: LDAP
- hostname: mail
service: imap
name: IMAP
- hostname: mail
service: smtp
name: SMTP
- hostname: phpinfo
service: https
name: PHP Info
- hostname: web
service: https
name: Web
- hostname: wsgi
service: https
name: WSGI Hello World
- hostname: wsgireq
service: https
name: WSGI Hello World
- hostname: xmpp
service: xmpp
name: XMPP
extra_dns_names:
- "{{ testsite_domain }}"
tasks:
- name: Create GnuTLS certificate templates for all hosts
ansible.builtin.template:
src: "../tls/gnutls_server_certificate.cfg.j2"
dest: "../tls/{{ item.hostname }}.{{ testsite_domain }}_{{ item.service }}.cfg"
mode: "0640"
with_items: "{{ host_tls_info }}"
- name: Create the CA key
ansible.builtin.command: certtool --sec-param high --generate-privkey --outfile ../tls/ca.key
args:
creates: ../tls/ca.key
- name: Create the CA certificate
ansible.builtin.command: certtool --template ../tls/ca.cfg --generate-self-signed --load-privkey ../tls/ca.key --outfile ../tls/ca.pem
args:
creates: ../tls/ca.pem
- name: Create private keys for all hosts
ansible.builtin.command: |
certtool --sec-param normal --generate-privkey --outfile "../tls/{{ item.hostname }}.{{ testsite_domain }}_{{ item.service }}.key"
with_items: "{{ host_tls_info }}"
args:
creates: "../tls/{{ item.hostname }}.{{ testsite_domain }}_{{ item.service }}.key"
- name: Issue certificates for all hosts
ansible.builtin.shell: sleep 1 && certtool --generate-certificate
--load-ca-privkey "../tls/ca.key" --load-ca-certificate "../tls/ca.pem"
--template "../tls/{{ item.hostname }}.{{ testsite_domain }}_{{ item.service }}.cfg"
--load-privkey "../tls/{{ item.hostname }}.{{ testsite_domain }}_{{ item.service }}.key"
--outfile "../tls/{{ item.hostname }}.{{ testsite_domain }}_{{ item.service }}.pem"
with_items: "{{ host_tls_info }}"
args:
creates: "../tls/{{ item.hostname }}.{{ testsite_domain }}_{{ item.service }}.pem"
|