majic-ansible-roles Files · testsite/playbooks/tls.yml

Files @ a52f9fdabd0f

Branch filter:

Location: majic-ansible-roles/testsite/playbooks/tls.yml

a52f9fdabd0f 2.2 KiB text/x-yaml Show Annotation Show as Raw Download as Raw

branko

MAR-132: Added support for Debian 9 (Stretch) to web_server role:

- Introduced internal parameters for controlling differing package
names, service names, and paths for PHP FPM package.
- Added Debian 9 machines to Molecule configuration, including the
client machine.
- Restructured slightly preparaiton playbook to support both Jessie
and Stretch.
- Added custom pytest fixture for having a better way to determine
expected package names etc related to PHP.
- Created copy of private key/certificate pair used for testing of
mandatory parameters (to be used with Stretch machine).
- Fixed invalid specification for hosts on top of which the
connectivity test should be run.
- Updated a couple of task names (avoiding to reference PHP 5).
- Updated documentation.

---

- hosts: preseed
  vars:
    host_tls_info:
      - hostname: ldap
        service: ldap
        name: LDAP
      - hostname: mail
        service: imap
        name: IMAP
      - hostname: mail
        service: smtp
        name: SMTP
      - hostname: phpinfo
        service: https
        name: PHP Info
      - hostname: web
        service: https
        name: Web
      - hostname: wsgi
        service: https
        name: WSGI Hello World
      - hostname: wsgireq
        service: https
        name: WSGI Hello World
      - hostname: xmpp
        service: xmpp
        name: XMPP
        extra_dns_names:
          - "{{ testsite_domain }}"
  tasks:
    - name: Create GnuTLS certificate templates for all hosts
      template: src="../tls/gnutls_server_certificate.cfg.j2" dest="../tls/{{ item.hostname }}.{{ testsite_domain }}_{{ item.service }}.cfg"
      with_items: "{{ host_tls_info }}"
    - name: Create the CA key
      command: certtool --sec-param high --generate-privkey --outfile ../tls/ca.key
      args:
        creates: ../tls/ca.key
    - name: Create the CA certificate
      command: certtool --template ../tls/ca.cfg --generate-self-signed --load-privkey ../tls/ca.key --outfile ../tls/ca.pem
      args:
        creates: ../tls/ca.pem
    - name: Create private keys for all hosts
      command: certtool --sec-param normal --generate-privkey --outfile "../tls/{{ item.hostname }}.{{ testsite_domain }}_{{ item.service }}.key"
      with_items: "{{ host_tls_info }}"
      args:
        creates: "../tls/{{ item.hostname }}.{{ testsite_domain }}_{{ item.service }}.key"
    - name: Issue certificates for all hosts
      shell: sleep 1 && certtool --generate-certificate
             --load-ca-privkey "../tls/ca.key" --load-ca-certificate "../tls/ca.pem"
             --template "../tls/{{ item.hostname }}.{{ testsite_domain }}_{{ item.service }}.cfg"
             --load-privkey "../tls/{{ item.hostname }}.{{ testsite_domain }}_{{ item.service }}.key"
             --outfile "../tls/{{ item.hostname }}.{{ testsite_domain }}_{{ item.service }}.pem"
      with_items: "{{ host_tls_info }}"
      args:
        creates: "../tls/{{ item.hostname }}.{{ testsite_domain }}_{{ item.service }}.pem"