provision/roles/fruitbar/tasks/main.yml at c57344d0b80a

83:c57344d0b80a

Anton Shestakov <av6@dwimlabs.net>, Wed, 06 Apr 2016 13:35:00 +0800

provision: use the extracted hpkpinfo from ssl_cert and intermediate certs

next change	107:7dee6d151401
previous change	82:42c94c347db5

provision/roles/fruitbar/tasks/main.yml

Permissions: -rw-r--r--

File Latest Revisions Annotate Diff Comparison

Other formats:

JSON Raw

Feeds:

Atom RSS

---
- name: Create user
  user: name={{ user }}
- name: Install packages
  apt: pkg={{ item }} state=present
  with_items:
    - build-essential
    - mercurial
    - python-dev
    - python-virtualenv
- name: Install virtualenv
  apt: pkg=virtualenv state=present
  when: ansible_distribution_release == 'jessie'
- include: appinstall.yml
  sudo: yes
  sudo_user: '{{ user }}'
- name: Add supervisor app
  template: src=etc/supervisor/conf.d/fruitbar.conf dest=/etc/supervisor/conf.d/fruitbar.conf
  notify:
    - reload supervisor
- stat: path='{{ ssl_cert }}'
  register: certfile
- stat: path='{{ ssl_key }}'
  register: keyfile
- name: Extract information for HPKP header
  shell: >
    openssl x509 -pubkey -noout -in '{{ item }}'
    | openssl pkey -pubin -outform der
    | openssl dgst -sha256 -binary
    | openssl enc -base64
  with_flattened:
    - ['{{ ssl_cert }}']
    - '{{ ssl_intermediates }}'
  register: hpkpinfo
  when: certfile.stat.exists and keyfile.stat.exists
  always_run: yes
  changed_when: false
  failed_when: "'unable' in hpkpinfo.stderr"
- name: Add Nginx site
  template: src=etc/nginx/sites-available/fruitbar dest=/etc/nginx/sites-available/fruitbar.{{ umbrella }}
  notify:
    - restart nginx
- name: Enable Nginx site
  file: src=/etc/nginx/sites-available/fruitbar.{{ umbrella }} dest=/etc/nginx/sites-enabled/{{ site_order }}fruitbar.{{ umbrella }} state=link
  notify:
    - restart nginx
...