majic-ansible-roles Changeset

Changeset - f1da206cd88e

Parent rev.

Child rev.

[Not reviewed]

0 5 0

Branko Majic (branko) - 8 years ago 2016-01-20 13:07:16
branko@majic.rs

MAR-52: Renamed the web server parameters for TLS. Updated the docs for the role reference to make it clearer what the key/cert is used for.

5 files changed with 16 insertions and 14 deletions:

docs/rolereference.rst

roles/web_server/defaults/main.yml

roles/web_server/tasks/main.yml

roles/web_server/templates/nginx-default.j2

testsite/group_vars/web.yml

0 comments (0 inline, 0 general)

docs/rolereference.rst

➞

Show inline comments

@@ @@ -975,13 +975,15 @@ The role implements the following: @@
 Parameters
 ~~~~~~~~~~
-**https_tls_key** (string, optional, ``{{ tls_private_key_dir }}/{{ ansible_fqdn }}_https.key``)
+**default_https_tls_key** (string, optional, ``{{ tls_private_key_dir }}/{{ ansible_fqdn }}_https.key``)
   Path to file on Ansible host that contains the private key used for TLS for
   HTTPS service. The file will be copied to directory ``/etc/ssl/private/``.
   HTTPS service. The file will be copied to directory
   ``/etc/ssl/private/``. This key is used for the default virrtual host.
-**https_tls_certificate** (string, optional, ``{{ tls_certificate_dir }}/{{ ansible_fqdn }}_https.pem``)
+**default_https_tls_certificate** (string, optional, ``{{ tls_certificate_dir }}/{{ ansible_fqdn }}_https.pem``)
   Path to file on Ansible host that contains the X.509 certificate used for TLS
   for HTTPS service. The file will be copied to directory ``/etc/ssl/certs/``.
   for HTTPS service. The file will be copied to directory
   ``/etc/ssl/certs/``. This certificate is used for the default virrtual host.
 **web_default_title** (string, optional, ``Welcome``)
   Title for the default web page shown to users (if no other vhosts were matched).
   ---
   https_tls_key: "{{ inventory_dir }}/tls/web.example.com_https.key"
   https_tls_certificate: "{{ inventory_dir }}/tls/web.example.com_https.pem"
   default_https_tls_key: "{{ inventory_dir }}/tls/web.example.com_https.key"
   default_https_tls_certificate: "{{ inventory_dir }}/tls/web.example.com_https.pem"
   web_default_title: "Welcome to Example Inc."
   web_default_message: "You are attempting to access the web server using a wrong name or an IP address. Please check your URL."

roles/web_server/defaults/main.yml

➞

Show inline comments

 ---
 https_tls_key: "{{ tls_private_key_dir }}/{{ ansible_fqdn }}_https.key"
 https_tls_certificate: "{{ tls_certificate_dir }}/{{ ansible_fqdn }}_https.pem"
 default_https_tls_key: "{{ tls_private_key_dir }}/{{ ansible_fqdn }}_https.key"
 default_https_tls_certificate: "{{ tls_certificate_dir }}/{{ ansible_fqdn }}_https.pem"
 web_default_title: "Welcome"
 web_default_message: "You are attempting to access the web server using a wrong name or an IP address. Please check your URL."

roles/web_server/tasks/main.yml

➞

Show inline comments

@@ @@ -9,13 +9,13 @@ @@
     - Restart nginx
 - name: Deploy nginx TLS private key
-  copy: dest="/etc/ssl/private/{{ https_tls_key | basename }}" src="{{ https_tls_key }}"
+  copy: dest="/etc/ssl/private/{{ default_https_tls_key | basename }}" src="{{ default_https_tls_key }}"
         mode=640 owner=root group=root
   notify:
     - Restart nginx
 - name: Deploy nginx TLS certificate
-  copy: dest="/etc/ssl/certs/{{ https_tls_certificate | basename }}" src="{{ https_tls_certificate }}"
+  copy: dest="/etc/ssl/certs/{{ default_https_tls_certificate | basename }}" src="{{ default_https_tls_certificate }}"
         mode=644 owner=root group=root
   notify:
     - Restart nginx

roles/web_server/templates/nginx-default.j2

➞

Show inline comments

@@ @@ -9,8 +9,8 @@ server { @@
     # HTTPS (TLS) configuration.
     listen 443 ssl default_server;
     listen [::]:443 ssl default_server;
     ssl_certificate_key /etc/ssl/private/{{ https_tls_key | basename }};
     ssl_certificate /etc/ssl/certs/{{ https_tls_certificate | basename }};
     ssl_certificate_key /etc/ssl/private/{{ default_https_tls_key | basename }};
     ssl_certificate /etc/ssl/certs/{{ default_https_tls_certificate | basename }};
     # Set-up the serving of default page.
     root /var/www/default/;

testsite/group_vars/web.yml

➞

Show inline comments

@@ @@ -7,8 +7,8 @@ smtp_relay_host: mail.{{ testsite_domain }} @@
 smtp_relay_truststore: /etc/ssl/certs/ca.pem
 https_tls_key: "{{ inventory_dir }}/tls/web.{{ testsite_domain }}_https.key"
 https_tls_certificate: "{{ inventory_dir }}/tls/web.{{ testsite_domain }}_https.pem"
 default_https_tls_key: "{{ inventory_dir }}/tls/web.{{ testsite_domain }}_https.key"
 default_https_tls_certificate: "{{ inventory_dir }}/tls/web.{{ testsite_domain }}_https.pem"
 web_default_title: "Welcome to Example Inc."
 web_default_message: "You are attempting to access the web server using a wrong name or an IP address. Please check your URL."

0 comments (0 inline, 0 general)