Download:
child 6:ff39be154d7d
parent 4:e89c1fca1357
5:4213233fc119
Anton Shestakov <av6@dwimlabs.net>, Sat, 19 Mar 2016 00:45:41 +0800
provision: add certs role for generating self-signed certificates

2 файлов изменено, 49 вставок(+), 0 удалений(-) [+]
contrib/provision/roles/certs/tasks/main.yml file | annotate | diff | comparison | revisions
contrib/provision/roles/certs/vars/main.yml file | annotate | diff | comparison | revisions
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/contrib/provision/roles/certs/tasks/main.yml Sat Mar 19 00:45:41 2016 +0800
@@ -0,0 +1,45 @@
+---
+- name: Install packages
+ apt: pkg={{ item }} state=present
+ with_items:
+ - openssl
+ - ssl-cert
+
+- name: Make sure {{ path }} exists
+ file: path='{{ path }}' state=directory owner=root group=ssl-cert mode=0710
+
+- name: Make sure domain directories exist
+ file: path='{{ path }}/{{ item }}' state=directory owner=root group=ssl-cert mode=0710
+ with_items: '{{ selfsigned }}'
+
+- name: Generate private keys
+ command: >
+ openssl genrsa
+ -out '{{ path }}/{{ item }}/clean.key'
+ 2048
+ args:
+ creates: '{{ path }}/{{ item }}/clean.key'
+ with_items: '{{ selfsigned }}'
+
+- name: Set permissions for private keys
+ file: path='{{ path }}/{{ item }}/clean.key' state=file owner=root group=ssl-cert mode=0640
+ with_items: '{{ selfsigned }}'
+
+- name: Generate self-signed certificates
+ command: >
+ openssl req
+ -new
+ -x509
+ -subj '/CN={{ item }}'
+ -extensions v3_ca
+ -days 3650
+ -key '{{ path }}/{{ item }}/clean.key'
+ -out '{{ path }}/{{ item }}/selfsigned.pem'
+ args:
+ creates: '{{ path }}/{{ item }}/selfsigned.pem'
+ with_items: '{{ selfsigned }}'
+
+- name: Set permissions for self-signed certificates
+ file: path='{{ path }}/{{ item }}/selfsigned.pem' state=file owner=root group=ssl-cert mode=0640
+ with_items: '{{ selfsigned }}'
+...
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/contrib/provision/roles/certs/vars/main.yml Sat Mar 19 00:45:41 2016 +0800
@@ -0,0 +1,4 @@
+---
+path: /etc/ssl/selfsigned/
+selfsigned: []
+...