Files
@ da53a3aa5208
Branch filter:
Location: majic-ansible-roles/testsite/playbooks/tls.yml - annotation
da53a3aa5208
2.4 KiB
text/x-yaml
MAR-218: Fix the test run logic in test runner script:
- Linter tests should _always_ be run.
- Test report files should be appended to when using tee.
- Get rid of excess molecule destroy (probably not required any
longer). This will reduce the output and speed up things a little
bit.
- Linter tests should _always_ be run.
- Test report files should be appended to when using tee.
- Get rid of excess molecule destroy (probably not required any
longer). This will reduce the output and speed up things a little
bit.
70733167cdf8 70733167cdf8 0a435b5ba2cf 0a435b5ba2cf 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 2b3af82bc50e 2b3af82bc50e 2b3af82bc50e 70733167cdf8 70733167cdf8 70733167cdf8 2ded0cbae449 2ded0cbae449 70733167cdf8 70733167cdf8 0a435b5ba2cf 0a435b5ba2cf 0a435b5ba2cf 0a435b5ba2cf a668b3669853 70733167cdf8 0a435b5ba2cf 70733167cdf8 70733167cdf8 70733167cdf8 0a435b5ba2cf 70733167cdf8 70733167cdf8 70733167cdf8 0a435b5ba2cf 0a435b5ba2cf a668b3669853 70733167cdf8 70733167cdf8 70733167cdf8 0a435b5ba2cf 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 a668b3669853 70733167cdf8 a668b3669853 | ---
- name: Generate TLS private keys and certificates
hosts: preseed
vars:
host_tls_info:
- hostname: ldap
service: ldap
name: LDAP
- hostname: mail
service: imap
name: IMAP
- hostname: mail
service: smtp
name: SMTP
- hostname: phpinfo
service: https
name: PHP Info
- hostname: web
service: https
name: Web
- hostname: wsgi
service: https
name: WSGI Hello World
- hostname: wsgireq
service: https
name: WSGI Hello World
- hostname: xmpp
service: xmpp
name: XMPP
extra_dns_names:
- "{{ testsite_domain }}"
tasks:
- name: Create GnuTLS certificate templates for all hosts
ansible.builtin.template:
src: "../tls/gnutls_server_certificate.cfg.j2"
dest: "../tls/{{ item.hostname }}.{{ testsite_domain }}_{{ item.service }}.cfg"
mode: "0640"
with_items: "{{ host_tls_info }}"
- name: Create the CA key
ansible.builtin.command: certtool --sec-param high --generate-privkey --outfile ../tls/ca.key
args:
creates: ../tls/ca.key
- name: Create the CA certificate
ansible.builtin.command: certtool --template ../tls/ca.cfg --generate-self-signed --load-privkey ../tls/ca.key --outfile ../tls/ca.pem
args:
creates: ../tls/ca.pem
- name: Create private keys for all hosts
ansible.builtin.command: |
certtool --sec-param normal --generate-privkey --outfile "../tls/{{ item.hostname }}.{{ testsite_domain }}_{{ item.service }}.key"
with_items: "{{ host_tls_info }}"
args:
creates: "../tls/{{ item.hostname }}.{{ testsite_domain }}_{{ item.service }}.key"
- name: Issue certificates for all hosts
ansible.builtin.shell: sleep 1 && certtool --generate-certificate
--load-ca-privkey "../tls/ca.key" --load-ca-certificate "../tls/ca.pem"
--template "../tls/{{ item.hostname }}.{{ testsite_domain }}_{{ item.service }}.cfg"
--load-privkey "../tls/{{ item.hostname }}.{{ testsite_domain }}_{{ item.service }}.key"
--outfile "../tls/{{ item.hostname }}.{{ testsite_domain }}_{{ item.service }}.pem"
with_items: "{{ host_tls_info }}"
args:
creates: "../tls/{{ item.hostname }}.{{ testsite_domain }}_{{ item.service }}.pem"
|