Add an SSL role for certificates deployment
This commit is contained in:
parent
4a411685ff
commit
c6a504c6c5
|
|
@ -18,6 +18,7 @@ fail2ban: separate task to update IP whitelist
|
|||
nginx: add tag for ips management
|
||||
nginx: separate task to update IP whitelist
|
||||
postfix: enable SSL/TLS client
|
||||
ssl: add an SSL role for certificates deployment
|
||||
|
||||
### Changed
|
||||
evomaintenance: update script from upstream
|
||||
|
|
|
|||
|
|
@ -0,0 +1,9 @@
|
|||
# ssl
|
||||
|
||||
Deploy SSL certificate, key, dhparams and concatenate them when needed (eg. with Haproxy).
|
||||
|
||||
## Available variables
|
||||
|
||||
* `ssl_cert`: name of SSL certificate which is going to be deployed
|
||||
|
||||
eg. `ssl_cert: "example.com"` deploy files/ssl/example.com.{pem|key|dhp}
|
||||
|
|
@ -0,0 +1,20 @@
|
|||
galaxy_info:
|
||||
author: Evolix
|
||||
description: Deployment of SSL certificate, key and dhparams
|
||||
|
||||
issue_tracker_url: https://forge.evolix.org/projects/ansible-roles/issues
|
||||
|
||||
license: GPLv2
|
||||
|
||||
min_ansible_version: 2.2
|
||||
|
||||
platforms:
|
||||
- name: Debian
|
||||
versions:
|
||||
- jessie
|
||||
- stretch
|
||||
|
||||
dependencies: []
|
||||
# List your role dependencies here, one per line.
|
||||
# Be sure to remove the '[]' above if you add dependencies
|
||||
# to this list.
|
||||
|
|
@ -0,0 +1,32 @@
|
|||
---
|
||||
- name: Concatenate SSL certificate, key and dhparam
|
||||
set_fact:
|
||||
ssl_cat: "{{ ssl_cat | default() }}{{ lookup('file', item) }}\n"
|
||||
with_fileglob:
|
||||
- "ssl/{{ ssl_cert }}.pem"
|
||||
- "ssl/{{ ssl_cert }}.key"
|
||||
- "ssl/{{ ssl_cert }}.dhp"
|
||||
tags:
|
||||
- ssl
|
||||
|
||||
- name: Create haproxy ssl directory
|
||||
file:
|
||||
dest: /etc/haproxy/ssl
|
||||
mode: "0700"
|
||||
tags:
|
||||
- ssl
|
||||
|
||||
- name: Copy concatenated certificate and key
|
||||
copy:
|
||||
content: "{{ ssl_cat }}"
|
||||
dest: "/etc/haproxy/ssl/{{ ssl_cert }}.pem"
|
||||
mode: "0600"
|
||||
notify: reload haproxy
|
||||
tags:
|
||||
- ssl
|
||||
|
||||
- name: Reset ssl_cat variable
|
||||
set_fact:
|
||||
ssl_cat: ""
|
||||
tags:
|
||||
- ssl
|
||||
|
|
@ -0,0 +1,38 @@
|
|||
---
|
||||
- name: Copy SSL certificate
|
||||
copy:
|
||||
src: "ssl/{{ ssl_cert }}.pem"
|
||||
dest: "/etc/ssl/certs/{{ ssl_cert }}.pem"
|
||||
mode: "0644"
|
||||
register: ssl_copy_cert
|
||||
tags:
|
||||
- ssl
|
||||
|
||||
- name: Copy SSL key
|
||||
copy:
|
||||
src: "ssl/{{ ssl_cert }}.key"
|
||||
dest: "/etc/ssl/private/{{ ssl_cert }}.key"
|
||||
mode: "0600"
|
||||
register: ssl_copy_key
|
||||
tags:
|
||||
- ssl
|
||||
|
||||
- name: Copy SSL dhparam
|
||||
copy:
|
||||
src: "ssl/{{ ssl_cert }}.dhp"
|
||||
dest: "/etc/ssl/certs/{{ ssl_cert }}.dhp"
|
||||
mode: "0644"
|
||||
register: ssl_copy_dhp
|
||||
tags:
|
||||
- ssl
|
||||
|
||||
- name: Check if Haproxy is installed
|
||||
command: dpkg -l haproxy
|
||||
register: haproxy_check
|
||||
check_mode: False
|
||||
changed_when: False
|
||||
tags:
|
||||
- ssl
|
||||
|
||||
- include: haproxy.yml
|
||||
when: haproxy_check.rc == 0
|
||||
Loading…
Reference in New Issue