Files @ a42e5683f4bc
Branch filter:

Location: majic-ansible-roles/testsite/playbooks/tls.yml

a42e5683f4bc 2.4 KiB text/x-yaml Show Annotation Show as Raw Download as Raw
branko
MAR-218: Drop documentation references to only Python 3 being supported:

- The project is at this point only supporting Python 3, and all
modern distros support only Python 3 nowadays. No need to be
explicit anymore.
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
---

- name: Generate TLS private keys and certificates
  hosts: preseed
  vars:
    host_tls_info:
      - hostname: ldap
        service: ldap
        name: LDAP
      - hostname: mail
        service: imap
        name: IMAP
      - hostname: mail
        service: smtp
        name: SMTP
      - hostname: phpinfo
        service: https
        name: PHP Info
      - hostname: web
        service: https
        name: Web
      - hostname: wsgi
        service: https
        name: WSGI Hello World
      - hostname: wsgireq
        service: https
        name: WSGI Hello World
      - hostname: xmpp
        service: xmpp
        name: XMPP
        extra_dns_names:
          - "{{ testsite_domain }}"
  tasks:
    - name: Create GnuTLS certificate templates for all hosts
      ansible.builtin.template:
        src: "../tls/gnutls_server_certificate.cfg.j2"
        dest: "../tls/{{ item.hostname }}.{{ testsite_domain }}_{{ item.service }}.cfg"
        mode: "0640"
      with_items: "{{ host_tls_info }}"
    - name: Create the CA key
      ansible.builtin.command: certtool --sec-param high --generate-privkey --outfile ../tls/ca.key
      args:
        creates: ../tls/ca.key
    - name: Create the CA certificate
      ansible.builtin.command: certtool --template ../tls/ca.cfg --generate-self-signed --load-privkey ../tls/ca.key --outfile ../tls/ca.pem
      args:
        creates: ../tls/ca.pem
    - name: Create private keys for all hosts
      ansible.builtin.command: |
        certtool --sec-param normal --generate-privkey --outfile "../tls/{{ item.hostname }}.{{ testsite_domain }}_{{ item.service }}.key"
      with_items: "{{ host_tls_info }}"
      args:
        creates: "../tls/{{ item.hostname }}.{{ testsite_domain }}_{{ item.service }}.key"
    - name: Issue certificates for all hosts
      ansible.builtin.shell: sleep 1 && certtool --generate-certificate
             --load-ca-privkey "../tls/ca.key" --load-ca-certificate "../tls/ca.pem"
             --template "../tls/{{ item.hostname }}.{{ testsite_domain }}_{{ item.service }}.cfg"
             --load-privkey "../tls/{{ item.hostname }}.{{ testsite_domain }}_{{ item.service }}.key"
             --outfile "../tls/{{ item.hostname }}.{{ testsite_domain }}_{{ item.service }}.pem"
      with_items: "{{ host_tls_info }}"
      args:
        creates: "../tls/{{ item.hostname }}.{{ testsite_domain }}_{{ item.service }}.pem"
This site is powered by Kallithea 0.7.0, which is © 2010–2024 by various authors & licensed under GPLv3.