Files @ 1b05bae8e440
Branch filter:

Location: majic-ansible-roles/testsite/playbooks/tls.yml

1b05bae8e440 2.0 KiB text/x-yaml Show Annotation Show as Raw Download as Raw
branko
MAR-56: Added LDIF templates to docs for relevant roles. Added warning about freshclam/clamav service restart during initial install (need to be restarted). Switched some TLS truststore vars to use concerete values. Introduced option for specifying additional Nginx config options. Added docs for some params. Assmeble Duplicity include pattern when needed. Don't set passwords for existing system users. Fix permissions for database users to be more restrictive. Fixed a couple of default param definitions (mainly tls cert/key stuff). Updated URL for downloading Prosody LDAP plugin. Updated testsite configs.
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
---

- hosts: preseed
  vars:
    host_tls_info:
      - hostname: ldap
        service: ldap
        name: LDAP
      - hostname: mail
        service: imap
        name: IMAP
      - hostname: mail
        service: smtp
        name: SMTP
      - hostname: phpinfo
        service: https
        name: PHP Info
      - hostname: web
        service: https
        name: Web
      - hostname: wsgi
        service: https
        name: WSGI Hello World
      - hostname: xmpp
        service: xmpp
        name: XMPP
  tasks:
    - name: Create GnuTLS certificate templates for all hosts
      template: src="../tls/gnutls_server_certificate.cfg.j2" dest="../tls/{{ item.hostname }}.{{ testsite_domain }}_{{ item.service }}.cfg"
      with_items: host_tls_info
    - name: Create the CA key
      command: certtool --sec-param high --generate-privkey --outfile ../tls/ca.key
      args:
        creates: ../tls/ca.key
    - name: Create the CA certificate
      command: certtool --template ../tls/ca.cfg --generate-self-signed --load-privkey ../tls/ca.key --outfile ../tls/ca.pem
      args:
        creates: ../tls/ca.pem
    - name: Create private keys for all hosts
      command: certtool --sec-param normal --generate-privkey --outfile "../tls/{{ item.hostname }}.{{ testsite_domain }}_{{ item.service }}.key"
      with_items: host_tls_info
      args:
        creates: "../tls/{{ item.hostname }}.{{ testsite_domain }}_{{ item.service }}.key"
    - name: Issue certificates for all hosts
      shell: sleep 1 && certtool --generate-certificate
             --load-ca-privkey "../tls/ca.key" --load-ca-certificate "../tls/ca.pem"
             --template "../tls/{{ item.hostname }}.{{ testsite_domain }}_{{ item.service }}.cfg"
             --load-privkey "../tls/{{ item.hostname }}.{{ testsite_domain }}_{{ item.service }}.key"
             --outfile "../tls/{{ item.hostname }}.{{ testsite_domain }}_{{ item.service }}.pem"
      with_items: host_tls_info
      args:
        creates: "../tls/{{ item.hostname }}.{{ testsite_domain }}_{{ item.service }}.pem"
This site is powered by Kallithea 0.7.0, which is © 2010–2024 by various authors & licensed under GPLv3.