majic-ansible-roles Files · testsite/playbooks/tls.yml

Files @ ff510f233909

Branch filter:

Location: majic-ansible-roles/testsite/playbooks/tls.yml

ff510f233909 2.2 KiB text/x-yaml Show Annotation Show as Raw Download as Raw

branko

MAR-132: Added support for Debian 9 (Stretch) to php_website role:

- Implemented the necessary changes related to differences between PHP
versions and related paths (PHP 5 vs PHP 7).
- Set the shell for application system account explicitly (workaround
for Debian bug 865762 in Stretch).
- Updated Molecule tests to cover Debian 9.
- Updated Molecule test preparation playbook to account for a number
of differences between Jessie and Stretch (mainly related to mailing
functionality).
- Use more specific host groups in tests.
- Renamed a couple of variables in test for sending out mails to make
it clearer what is being looked up as part of regex matching.
- Updated Molecule tests where certain paths depend on what Debian
release they are ran against.
- Split-up Jessie-specific tests into separate file.

---

- hosts: preseed
  vars:
    host_tls_info:
      - hostname: ldap
        service: ldap
        name: LDAP
      - hostname: mail
        service: imap
        name: IMAP
      - hostname: mail
        service: smtp
        name: SMTP
      - hostname: phpinfo
        service: https
        name: PHP Info
      - hostname: web
        service: https
        name: Web
      - hostname: wsgi
        service: https
        name: WSGI Hello World
      - hostname: wsgireq
        service: https
        name: WSGI Hello World
      - hostname: xmpp
        service: xmpp
        name: XMPP
        extra_dns_names:
          - "{{ testsite_domain }}"
  tasks:
    - name: Create GnuTLS certificate templates for all hosts
      template: src="../tls/gnutls_server_certificate.cfg.j2" dest="../tls/{{ item.hostname }}.{{ testsite_domain }}_{{ item.service }}.cfg"
      with_items: "{{ host_tls_info }}"
    - name: Create the CA key
      command: certtool --sec-param high --generate-privkey --outfile ../tls/ca.key
      args:
        creates: ../tls/ca.key
    - name: Create the CA certificate
      command: certtool --template ../tls/ca.cfg --generate-self-signed --load-privkey ../tls/ca.key --outfile ../tls/ca.pem
      args:
        creates: ../tls/ca.pem
    - name: Create private keys for all hosts
      command: certtool --sec-param normal --generate-privkey --outfile "../tls/{{ item.hostname }}.{{ testsite_domain }}_{{ item.service }}.key"
      with_items: "{{ host_tls_info }}"
      args:
        creates: "../tls/{{ item.hostname }}.{{ testsite_domain }}_{{ item.service }}.key"
    - name: Issue certificates for all hosts
      shell: sleep 1 && certtool --generate-certificate
             --load-ca-privkey "../tls/ca.key" --load-ca-certificate "../tls/ca.pem"
             --template "../tls/{{ item.hostname }}.{{ testsite_domain }}_{{ item.service }}.cfg"
             --load-privkey "../tls/{{ item.hostname }}.{{ testsite_domain }}_{{ item.service }}.key"
             --outfile "../tls/{{ item.hostname }}.{{ testsite_domain }}_{{ item.service }}.pem"
      with_items: "{{ host_tls_info }}"
      args:
        creates: "../tls/{{ item.hostname }}.{{ testsite_domain }}_{{ item.service }}.pem"