mirror of
https://github.com/ansible-collections/community.general.git
synced 2024-09-14 20:13:21 +02:00
128 lines
3.9 KiB
YAML
128 lines
3.9 KiB
YAML
|
---
|
||
|
- name: Configure httptester
|
||
|
hosts: all
|
||
|
vars:
|
||
|
os_packages:
|
||
|
apk:
|
||
|
- openssl
|
||
|
- py-pip
|
||
|
apt:
|
||
|
- openssl
|
||
|
- python-pip
|
||
|
yum:
|
||
|
- openssl
|
||
|
- python-pip
|
||
|
dnf:
|
||
|
- openssl
|
||
|
- python-pip
|
||
|
tasks:
|
||
|
- name: Check for nginx
|
||
|
stat:
|
||
|
path: /usr/sbin/nginx
|
||
|
register: nginx
|
||
|
|
||
|
- name: Install nginx
|
||
|
package:
|
||
|
name: nginx
|
||
|
update_cache: "{{ (ansible_pkg_mgr == 'dnf')|ternary(omit, 'yes') }}"
|
||
|
when: not nginx.stat.exists
|
||
|
|
||
|
- name: Install OS Packages
|
||
|
package:
|
||
|
name: "{{ item }}"
|
||
|
update_cache: "{{ (ansible_pkg_mgr == 'dnf')|ternary(omit, 'yes') }}"
|
||
|
with_items: "{{ os_packages[ansible_pkg_mgr] }}"
|
||
|
|
||
|
- name: Create cert directories
|
||
|
file:
|
||
|
path: "{{ item }}"
|
||
|
state: directory
|
||
|
with_items:
|
||
|
- /root/ca/certs
|
||
|
- /root/ca/private
|
||
|
- /root/ca/newcerts
|
||
|
|
||
|
- name: Set ca serial
|
||
|
copy:
|
||
|
dest: /root/ca/serial
|
||
|
content: 1000
|
||
|
|
||
|
- name: Create ca index
|
||
|
copy:
|
||
|
dest: /root/ca/index.txt
|
||
|
content: ""
|
||
|
|
||
|
- name: Check for /etc/pki/tls/openssl.cnf
|
||
|
stat:
|
||
|
path: /etc/pki/tls/openssl.cnf
|
||
|
register: etc_pki_tls_openssl
|
||
|
|
||
|
- name: Copy openssl.cnf to /etc/ssl
|
||
|
copy:
|
||
|
src: /etc/pki/tls/openssl.cnf
|
||
|
dest: /etc/ssl/openssl.cnf
|
||
|
remote_src: true
|
||
|
when: etc_pki_tls_openssl.stat.exists
|
||
|
|
||
|
- name: Update openssl ca path
|
||
|
replace:
|
||
|
dest: /etc/ssl/openssl.cnf
|
||
|
regexp: '(\./demoCA|/etc/pki/CA)'
|
||
|
replace: '/root/ca'
|
||
|
|
||
|
- name: Generate ca key
|
||
|
command: >
|
||
|
openssl req -new -x509 -days 3650 -nodes -extensions v3_ca -keyout /root/ca/private/cakey.pem -out /root/ca/cacert.pem
|
||
|
-subj "/C=US/ST=North Carolina/L=Durham/O=Ansible/CN=ansible.http.tests"
|
||
|
|
||
|
- name: Generate ansible.http.tests key
|
||
|
command: >
|
||
|
openssl req -new -nodes -out /root/ca/ansible.http.tests-req.pem -keyout /root/ca/private/ansible.http.tests-key.pem
|
||
|
-subj "/C=US/ST=North Carolina/L=Durham/O=Ansible/CN=ansible.http.tests"
|
||
|
|
||
|
- name: Generate ansible.http.tests cert
|
||
|
shell: >
|
||
|
yes | openssl ca -config /etc/ssl/openssl.cnf -out /root/ca/ansible.http.tests-cert.pem -infiles /root/ca/ansible.http.tests-req.pem
|
||
|
|
||
|
- name: Generate sni1.ansible.http.tests key
|
||
|
command: >
|
||
|
openssl req -new -nodes -out /root/ca/sni1.ansible.http.tests-req.pem -keyout /root/ca/private/sni1.ansible.http.tests-key.pem -config /etc/ssl/openssl.cnf
|
||
|
-subj "/C=US/ST=North Carolina/L=Durham/O=Ansible/CN=sni1.ansible.http.tests"
|
||
|
|
||
|
- name: Generate sni1.ansible.http.tests cert
|
||
|
shell: >
|
||
|
yes | openssl ca -config /etc/ssl/openssl.cnf -out /root/ca/sni1.ansible.http.tests-cert.pem -infiles /root/ca/sni1.ansible.http.tests-req.pem
|
||
|
|
||
|
- name: Generate sni2.ansible.http.tests key
|
||
|
command: >
|
||
|
openssl req -new -nodes -out /root/ca/sni2.ansible.http.tests-req.pem -keyout /root/ca/private/sni2.ansible.http.tests-key.pem -config /etc/ssl/openssl.cnf
|
||
|
-subj "/C=US/ST=North Carolina/L=Durham/O=Ansible/CN=sni2.ansible.http.tests"
|
||
|
|
||
|
- name: Generate sni2.ansible.http.tests cert
|
||
|
shell: >
|
||
|
yes | openssl ca -config /etc/ssl/openssl.cnf -out /root/ca/sni2.ansible.http.tests-cert.pem -infiles /root/ca/sni2.ansible.http.tests-req.pem
|
||
|
|
||
|
- name: Copy cacert.pem into nginx doc root for easy retrieval
|
||
|
copy:
|
||
|
src: /root/ca/cacert.pem
|
||
|
dest: /usr/share/nginx/html/cacert.pem
|
||
|
remote_src: true
|
||
|
|
||
|
- name: Install gunicorn and httpbin
|
||
|
pip:
|
||
|
name: "{{ item }}"
|
||
|
with_items:
|
||
|
- gunicorn
|
||
|
- httpbin
|
||
|
|
||
|
- name: Copy services.sh script
|
||
|
copy:
|
||
|
src: services.sh
|
||
|
dest: /services.sh
|
||
|
mode: 0755
|
||
|
|
||
|
- name: Copy nginx sites configuration
|
||
|
copy:
|
||
|
src: nginx.sites.conf
|
||
|
dest: /etc/nginx/conf.d/default.conf
|