1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00

Changes to the httptester docker image to support new client cert functionality in tests (#19912)

* Fix Dockerfile
* Add changes to docker image to support new client cert functionality
* Update repo:tag for docker
This commit is contained in:
Matt Martz 2017-01-04 23:07:13 -06:00 committed by Matt Clay
parent 1c16c1db2b
commit 9048cf2758
5 changed files with 46 additions and 6 deletions

View file

@ -17,7 +17,12 @@ RUN set -x && \
openssl req -new -nodes -out /root/ca/sni2.ansible.http.tests-req.pem -keyout /root/ca/private/sni2.ansible.http.tests-key.pem -config /etc/ssl/openssl.cnf \ openssl req -new -nodes -out /root/ca/sni2.ansible.http.tests-req.pem -keyout /root/ca/private/sni2.ansible.http.tests-key.pem -config /etc/ssl/openssl.cnf \
-subj "/C=US/ST=North Carolina/L=Durham/O=Ansible/CN=sni2.ansible.http.tests" && \ -subj "/C=US/ST=North Carolina/L=Durham/O=Ansible/CN=sni2.ansible.http.tests" && \
yes | openssl ca -config /etc/ssl/openssl.cnf -out /root/ca/sni2.ansible.http.tests-cert.pem -infiles /root/ca/sni2.ansible.http.tests-req.pem && \ yes | openssl ca -config /etc/ssl/openssl.cnf -out /root/ca/sni2.ansible.http.tests-cert.pem -infiles /root/ca/sni2.ansible.http.tests-req.pem && \
openssl req -new -nodes -out /root/ca/client.ansible.http.tests-req.pem -keyout /root/ca/private/client.ansible.http.tests-key.pem -config /etc/ssl/openssl.cnf \
-subj "/C=US/ST=North Carolina/L=Durham/O=Ansible/CN=client.ansible.http.tests" && \
yes | openssl ca -config /etc/ssl/openssl.cnf -out /root/ca/client.ansible.http.tests-cert.pem -infiles /root/ca/client.ansible.http.tests-req.pem && \
cp /root/ca/cacert.pem /usr/share/nginx/html/cacert.pem && \ cp /root/ca/cacert.pem /usr/share/nginx/html/cacert.pem && \
cp /root/ca/client.ansible.http.tests-cert.pem /usr/share/nginx/html/client.pem && \
cp /root/ca/private/client.ansible.http.tests-key.pem /usr/share/nginx/html/client.key && \
pip install gunicorn httpbin pip install gunicorn httpbin
ADD services.sh /services.sh ADD services.sh /services.sh

View file

@ -22,20 +22,20 @@ manually started using::
Such as when starting a docker container:: Such as when starting a docker container::
docker run -ti --rm -p 80:80 -p 443:443 --name httptester ansible/httptester /services.sh docker run -ti --rm -p 80:80 -p 443:443 --name httptester ansible/ansible:httptester /services.sh
docker build docker build
^^^^^^^^^^^^ ^^^^^^^^^^^^
:: ::
docker build -t ansible/httptester . docker build -t ansible/ansible:httptester .
packer packer
^^^^^^ ^^^^^^
The packer build will use ``ansible-playbook`` to perform the The packer build will use ``ansible-playbook`` to perform the
configuration, and will tag the image as ``ansible/httptester`` configuration, and will tag the image as ``ansible/ansible:httptester``
:: ::

View file

@ -102,10 +102,29 @@
shell: > shell: >
yes | openssl ca -config /etc/ssl/openssl.cnf -out /root/ca/sni2.ansible.http.tests-cert.pem -infiles /root/ca/sni2.ansible.http.tests-req.pem yes | openssl ca -config /etc/ssl/openssl.cnf -out /root/ca/sni2.ansible.http.tests-cert.pem -infiles /root/ca/sni2.ansible.http.tests-req.pem
- name: Generate client key
command: >
openssl req -new -nodes -out /root/ca/client.ansible.http.tests-req.pem -keyout /root/ca/private/client.ansible.http.tests-key.pem -config /etc/ssl/openssl.cnf
-subj "/C=US/ST=North Carolina/L=Durham/O=Ansible/CN=client.ansible.http.tests"
- name: Generate client.ansible.http.tests cert
shell: >
yes | openssl ca -config /etc/ssl/openssl.cnf -out /root/ca/client.ansible.http.tests-cert.pem -infiles /root/ca/client.ansible.http.tests-req.pem
- name: Copy cacert.pem into nginx doc root for easy retrieval - name: Copy cacert.pem into nginx doc root for easy retrieval
copy: copy:
src: /root/ca/cacert.pem src: "/root/ca/cacert.pem"
dest: /usr/share/nginx/html/cacert.pem dest: "/usr/share/nginx/html/cacert.pem"
remote_src: true
- copy:
src: /root/ca/client.ansible.http.tests-cert.pem
dest: /usr/share/nginx/html/client.pem
remote_src: true
- copy:
src: /root/ca/private/client.ansible.http.tests-key.pem
dest: /usr/share/nginx/html/client.key
remote_src: true remote_src: true
- name: Install gunicorn and httpbin - name: Install gunicorn and httpbin

View file

@ -7,10 +7,25 @@ server {
ssl_certificate /root/ca/ansible.http.tests-cert.pem; ssl_certificate /root/ca/ansible.http.tests-cert.pem;
ssl_certificate_key /root/ca/private/ansible.http.tests-key.pem; ssl_certificate_key /root/ca/private/ansible.http.tests-key.pem;
ssl_client_certificate /root/ca/cacert.pem;
ssl_verify_client optional;
location =/cacert.pem { location =/cacert.pem {
alias /usr/share/nginx/html/cacert.pem; alias /usr/share/nginx/html/cacert.pem;
} }
location =/client.key {
alias /usr/share/nginx/html/client.key;
}
location =/client.pem {
alias /usr/share/nginx/html/client.pem;
}
location =/ssl_client_verify {
return 200 "ansible.http.tests:$ssl_client_verify";
}
location / { location / {
proxy_pass http://127.0.0.1:8000; proxy_pass http://127.0.0.1:8000;
} }

View file

@ -37,7 +37,8 @@
"post-processors": [ "post-processors": [
{ {
"type": "docker-tag", "type": "docker-tag",
"repository": "ansible/httptester" "repository": "ansible/ansible",
"tag": "httptester"
} }
] ]
} }