majic-ansible-roles Changeset

Changeset - 2ded0cbae449

Parent rev.

Child rev.

[Not reviewed]

0 2 0

Branko Majic (branko) - 7 years ago 2018-06-28 23:26:35
branko@majic.rs

MAR-129: Updated test site TLS playbook to allow for ability to specify additional DNS names to include in issued certificates.

2 files changed with 5 insertions and 0 deletions:

testsite/playbooks/tls.yml

testsite/tls/gnutls_server_certificate.cfg.j2

0 comments (0 inline, 0 general)

testsite/playbooks/tls.yml

➞

Show inline comments

@@ @@ -24,12 +24,14 @@ @@
       - hostname: wsgireq
         service: https
         name: WSGI Hello World
       - hostname: xmpp
         service: xmpp
         name: XMPP
         extra_dns_names:
           - "{{ testsite_domain }}"
   tasks:
     - name: Create GnuTLS certificate templates for all hosts
       template: src="../tls/gnutls_server_certificate.cfg.j2" dest="../tls/{{ item.hostname }}.{{ testsite_domain }}_{{ item.service }}.cfg"
       with_items: "{{ host_tls_info }}"
     - name: Create the CA key
       command: certtool --sec-param high --generate-privkey --outfile ../tls/ca.key

testsite/tls/gnutls_server_certificate.cfg.j2

➞

Show inline comments

@@ @@ -15,12 +15,15 @@ cn = "Exampe Inc. {{ item.name }} Server" @@
 expiration_days = 365
 # X.509 v3 extensions
 # A dnsname in case of a WWW server.
 dns_name = "{{ item.hostname }}.{{ testsite_domain }}"
 {% for dns_name in item.extra_dns_names | default([]) %}
 dns_name = "{{ dns_name }}"
 {% endfor %}
 # Whether this certificate will be used for a TLS server
 tls_www_server
 # Whether this certificate will be used to sign data (needed
 # in TLS DHE ciphersuites).

0 comments (0 inline, 0 general)