Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[ansible/artifactory_nginx_ssl] Add certificate and certificate_key variables to the README #421

Open
EmptyByte opened this issue Oct 28, 2024 · 5 comments

Comments

@EmptyByte
Copy link

In defaults:

ssl_certificate_install: true
ssl_certificate_path: /etc/pki/tls/certs
ssl_certificate_key_path: /etc/pki/tls/private
ssl_certificate: cert.pem
ssl_certificate_key: cert.key

In tasks/main.yml

The first tasks checks if two undefined variables exists:

- name: Check required variables
  ansible.builtin.fail: msg="Variable '{{ item }}' is not defined"
  when: item not in vars
  loop:
    - certificate
    - certificate_key
    - server_name

Then later you use the right variables names (ie ssl_certificate and ssl_certificate_key) :

- name: Ensure ssl_certificate_path exists
  become: true
  ansible.builtin.file:
    path: "{{ ssl_certificate_path }}"
    state: directory
    mode: 0755
  when: ssl_certificate_install

- name: Ensure ssl_certificate_key_path exists
  become: true
  ansible.builtin.file:
    path: "{{ ssl_certificate_key_path }}"
    state: directory
    mode: 0700
  when: ssl_certificate_install

- name: Configure certificate
  become: true
  ansible.builtin.template:
    src: certificate.pem.j2
    dest: "{{ ssl_certificate_path }}/{{ ssl_certificate }}"
    mode: 0644
  notify: Restart nginx
  no_log: true
  when: ssl_certificate_install

- name: Configure key
  become: true
  ansible.builtin.template:
    src: certificate.key.j2
    dest: "{{ ssl_certificate_key_path }}/{{ ssl_certificate_key }}"
    mode: 0600
  notify: Restart nginx
  no_log: true
  when: ssl_certificate_install
@EmptyByte
Copy link
Author

EmptyByte commented Oct 28, 2024

Nevermind those are variables used in templates (not mentionned in README or defaults).
So you have to pass the cert/key with the above vars split with pipe:

certificate_key
cat cert.key | tr '\n' '|'

certificate
cat cert.pem | tr '\n' '|'

@chukka
Copy link
Collaborator

chukka commented Nov 18, 2024

@EmptyByte Noted, will see if we can improve our docs around this

@EmptyByte
Copy link
Author

Duplicate of #370

@ymartin59
Copy link

So you have to pass the cert/key with the above vars split with pipe

No, it is not a requirement. Original end-of-lines are preserved anyway, so no need to bother to replace EOL by pipe in the certificate files you generates from openssl for instance.

Here is how I provide these variables:

- name: Install Artifactory
  ansible.builtin.include_role:
    name: jfrog.platform.artifactory
  vars:
    artifactory_version: "{{ artifactory_release }}"
    artifactory_flavour: pro
    artifactory_nginx_ssl_enabled: true
    server_name: "{{ artifactory_domain }}"
    ssl_certificate_install: true
    certificate: "{{ lookup('file', artifactory_tls_crt_path) }}"
    certificate_key: "{{ lookup('file', artifactory_tls_key_path) }}"    

@EmptyByte
Copy link
Author

EmptyByte commented Dec 16, 2024

@ymartin59 Right, thank you. I was misled by the pipe split in the templates, it should indeed work with a lookup or a block scalar.

Ansible/ansible_collections/jfrog/platform/roles/artifactory_nginx_ssl/templates/certificate.key.j2
Ansible/ansible_collections/jfrog/platform/roles/artifactory_nginx_ssl/templates/certificate.pem.j2

{% set cert = certificate.split('|') %}
{% for line in cert %}
{{ line }}
{% endfor %}

@EmptyByte EmptyByte changed the title [ansible/artifactory_nginx_ssl] Wrong variables checks for ssl_certificate and certificate [ansible/artifactory_nginx_ssl] Add certificate and certificate_key variables to the README Dec 16, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

3 participants