Skip to content

Commit

Permalink
Depend on openssl for certificate generation.
Browse files Browse the repository at this point in the history
  • Loading branch information
robertdebock committed May 28, 2020
1 parent 1f4cae7 commit 6d35fab
Show file tree
Hide file tree
Showing 5 changed files with 25 additions and 37 deletions.
4 changes: 4 additions & 0 deletions molecule/default/prepare.yml
Original file line number Diff line number Diff line change
Expand Up @@ -9,3 +9,7 @@
- role: robertdebock.epel
- role: robertdebock.buildtools
- role: robertdebock.python_pip
- role: robertdebock.openssl
openssl_items:
- name: apache-httpd
common_name: "{{ ansible_fqdn }}"
1 change: 1 addition & 0 deletions requirements.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,5 +2,6 @@
- robertdebock.bootstrap
- robertdebock.buildtools
- robertdebock.epel
- robertdebock.openssl
- robertdebock.python_pip
- robertdebock.selinux
32 changes: 0 additions & 32 deletions tasks/main.yml
Original file line number Diff line number Diff line change
@@ -1,13 +1,5 @@
---
# tasks file for httpd
- name: install requirements
pip:
name: "{{ httpd_requirements }}"
state: present
register: httpd_install_requirements
until: httpd_install_requirements is succeeded
retries: 3

- name: install apache httpd
package:
name: "{{ httpd_packages }}"
Expand Down Expand Up @@ -39,30 +31,6 @@
- "{{ httpd_port }}"
- "{{ httpd_ssl_port }}"

- name: create ssl directory
file:
path: "{{ httpd_config_directory }}/ssl"
state: directory

- name: create ssl key
openssl_privatekey:
path: "{{ httpd_config_directory }}/ssl/{{ httpd_ssl_servername }}.key"
register: httpd_key

- name: create ssl csr
openssl_csr:
path: "{{ httpd_config_directory }}/ssl/{{ httpd_ssl_servername }}.csr"
privatekey_path: "{{ httpd_key.filename }}"
common_name: "{{ httpd_ssl_servername }}"
register: httpd_csr

- name: create ssl certificates
openssl_certificate:
path: "{{ httpd_config_directory }}/ssl/{{ httpd_ssl_servername }}.crt"
privatekey_path: "{{ httpd_csr.privatekey }}"
csr_path: "{{ httpd_csr.filename }}"
provider: selfsigned

- name: configure ssl
template:
src: ssl.conf.j2
Expand Down
4 changes: 2 additions & 2 deletions templates/ssl.conf.j2
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,6 @@ Listen {{ httpd_ssl_port }}
<VirtualHost *:{{ httpd_ssl_port }}>
ServerName {{ httpd_ssl_servername }}
SSLEngine on
SSLCertificateFile "{{ httpd_config_directory }}/ssl/{{ httpd_ssl_servername }}.crt"
SSLCertificateKeyFile "{{ httpd_config_directory }}/ssl/{{ httpd_ssl_servername }}.key"
SSLCertificateFile "{{ httpd_openssl_crt_directory }}/apache-httpd.crt"
SSLCertificateKeyFile "{{ httpd_openssl_key_directory }}/apache-httpd.key"
</VirtualHost>
21 changes: 18 additions & 3 deletions vars/main.yml
Original file line number Diff line number Diff line change
@@ -1,8 +1,5 @@
---
# vars file for httpd
httpd_requirements:
- pyopenssl

httpd_sebooleans:
- httpd_can_network_connect

Expand Down Expand Up @@ -94,3 +91,21 @@ _httpd_binary:
Debian: apachectl

httpd_binary: "{{ _httpd_binary[ansible_os_family] | default(_httpd_binary['default']) }}"

_httpd_openssl_key_directory:
default: /tmp
Alpine: /etc/ssl/private
Debian: /etc/ssl/private
RedHat: /etc/pki/tls/private
Suse: /etc/ssl/private

httpd_openssl_key_directory: "{{ _httpd_openssl_key_directory[ansible_os_family] | default(_httpd_openssl_key_directory['default']) }}"

_httpd_openssl_crt_directory:
default: /tmp
Alpine: /etc/ssl/certs
Debian: /etc/ssl/certs
RedHat: /etc/pki/tls/certs
Suse: /etc/ssl/certs

httpd_openssl_crt_directory: "{{ _httpd_openssl_crt_directory[ansible_os_family] | default(_httpd_openssl_crt_directory['default']) }}"

0 comments on commit 6d35fab

Please sign in to comment.