Merge branch 'evoacme-squid-ocsp' into unstable

2017-05-16 15:12:21 +02:00 · 2017-05-16 15:12:21 +02:00 · 606c9973c6
parent 708860770a 2f773e0ab5
commit 606c9973c6
5 changed files with 61 additions and 1 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +1,2 @@
 .kitchen/
+.vagrant/
--- a/evoacme/handlers/main.yml
+++ b/evoacme/handlers/main.yml
@ -13,3 +13,8 @@
 - name: apt update
  apt:
    update_cache: yes
+
+- name: reload squid3
+  service:
+    name: squid3
+    state: reloaded
--- a/evoacme/tasks/certbot.yml
+++ b/evoacme/tasks/certbot.yml
@ -3,7 +3,7 @@
 - block:
  - name: install jessie-backports
    include_role:
-      name: "{{ roles }}/apt-repositories"
+      name: apt-repositories
    vars:
      apt_repositories_install_backports: True

@ -53,3 +53,18 @@
    src: certbot.cron
    dest: /etc/cron.daily/certbot
    mode: "0755"
+
+- name: Find squid3 config whitelist
+  shell: find /etc/squid3/whitelist-custom.conf /etc/squid3/whitelist.conf 2> /dev/null
+  failed_when: false
+  changed_when: false
+  check_mode: no
+  register: squid3_whitelist_files
+
+- name: Let's Encrypt OCSP server is authorized by squid
+  lineinfile:
+    dest: "{{ squid3_whitelist_files.stdout_lines | first }}"
+    line: "http://ocsp.int-x3.letsencrypt.org/.*"
+    state: present
+  notify: reload squid3
+  when: squid3_whitelist_files.stdout != ""
--- a/evoacme/tests/Vagrantfile
+++ b/evoacme/tests/Vagrantfile
@ -0,0 +1,30 @@
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+
+VAGRANTFILE_API_VERSION = "2"
+
+Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
+  config.vm.box = "debian/jessie64"
+
+  config.vm.synced_folder "./vagrant_share/", "/vagrant", disabled: true
+
+  config.vm.provider :virtualbox do |v|
+    v.memory = 2048
+    v.cpus = 2
+    v.customize ["modifyvm", :id, "--natdnshostresolver1", "on"]
+    v.customize ["modifyvm", :id, "--ioapic", "on"]
+  end
+
+  # Master
+  config.vm.define :default do |default|
+    default.vm.hostname = "default"
+    default.vm.provision :ansible, run: "always" do |ansible|
+      ansible.limit = "default"
+      ansible.playbook = "vagrant.yml"
+      # ansible.tags = "mysql"
+      # ansible.raw_arguments = ["-b", "--ask-vault-pass"]
+      ansible.raw_arguments = ["-vv"]
+    end
+  end
+
+end
--- a/evoacme/tests/vagrant.yml
+++ b/evoacme/tests/vagrant.yml
@ -0,0 +1,9 @@
+- hosts: default
+  gather_facts: yes
+  become: yes
+
+  roles:
+  # - squid
+  - evoacme
+
+# vim:ft=ansible