diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml index cb76400..e4d9acc 100644 --- a/ansible/group_vars/all.yml +++ b/ansible/group_vars/all.yml @@ -25,7 +25,7 @@ siteB: site_ip: "192.168.0.62" proxy: - proxy_domain: "proxy.example.com" + proxy_domain: "siteproxy.vlad" proxy_ip: "192.168.0.63" siteA_h2: "Новое сообщение для SiteA" diff --git a/ansible/roles/ssl_certificate/tasks/main.yml b/ansible/roles/ssl_certificate/tasks/main.yml index 9f8fd05..37b136d 100644 --- a/ansible/roles/ssl_certificate/tasks/main.yml +++ b/ansible/roles/ssl_certificate/tasks/main.yml @@ -1,22 +1,27 @@ -- name: Install OpenSSL - zypper: - name: openssl - state: present - -- name: Create SSL directory - file: - path: "{{ ssl_cert_path }}" - state: directory - owner: root - group: root - mode: '0755' - -- name: Generate Self-Signed SSL Certificate - command: > - openssl req -x509 -nodes -days 365 - -newkey rsa:2048 - -keyout {{ ssl_cert_path }}/{{ ssl_key_file }} - -out {{ ssl_cert_path }}/{{ ssl_cert_file }} - -subj "{{ ssl_subject }}" - args: - creates: "{{ ssl_cert_path }}/{{ ssl_cert_file }}" \ No newline at end of file +- name: Install OpenSSL + zypper: + name: openssl + state: present + +- name: Create SSL directory + file: + path: "{{ ssl_cert_path }}" + state: directory + owner: root + group: root + mode: '0755' + +- name: Generate private key + community.crypto.openssl_privatekey: + path: "{{ ssl_cert_path }}/{{ ssl_key_file }}" + size: 2048 + type: RSA + mode: '0600' + +- name: Generate Self-Signed SSL Certificate + community.crypto.x509_certificate: + path: "{{ ssl_cert_path }}/{{ ssl_cert_file }}" + privatekey_path: "{{ ssl_cert_path }}/{{ ssl_key_file }}" + subject: "{{ ssl_subject }}" + provider: "openssl" + days: 365 \ No newline at end of file diff --git a/ansible/roles/ssl_certificate/vars/main.yml b/ansible/roles/ssl_certificate/vars/main.yml index c7a9501..dcf7d39 100644 --- a/ansible/roles/ssl_certificate/vars/main.yml +++ b/ansible/roles/ssl_certificate/vars/main.yml @@ -1,4 +1,4 @@ -ssl_cert_path: "/etc/nginx/ssl" -ssl_cert_file: "proxy.crt" -ssl_key_file: "proxy.key" +ssl_cert_path: "/etc/nginx/ssl" +ssl_cert_file: "proxy.crt" +ssl_key_file: "proxy.key" ssl_subject: "/C=RU/ST=Some-State/L=Some-City/O=Your Company/CN={{ proxy.proxy_domain }}" \ No newline at end of file diff --git a/ansible/roles/ssl_certificate_cmd/tasks/main.yml b/ansible/roles/ssl_certificate_cmd/tasks/main.yml new file mode 100644 index 0000000..9468205 --- /dev/null +++ b/ansible/roles/ssl_certificate_cmd/tasks/main.yml @@ -0,0 +1,20 @@ +- name: Install OpenSSL + zypper: + name: openssl + state: present + +- name: Create SSL directory + file: + path: "{{ ssl_cert_path }}" + state: directory + owner: root + group: root + mode: '0755' + +- name: Generate Self-Signed SSL Certificate + command: > + openssl req -x509 -nodes -days 365 + -newkey rsa:2048 + -keyout {{ ssl_cert_path }}/{{ ssl_key_file }} + -out {{ ssl_cert_path }}/{{ ssl_cert_file }} + -subj "{{ ssl_subject }}" \ No newline at end of file diff --git a/ansible/roles/ssl_certificate_cmd/vars/main.yml b/ansible/roles/ssl_certificate_cmd/vars/main.yml new file mode 100644 index 0000000..c7a9501 --- /dev/null +++ b/ansible/roles/ssl_certificate_cmd/vars/main.yml @@ -0,0 +1,4 @@ +ssl_cert_path: "/etc/nginx/ssl" +ssl_cert_file: "proxy.crt" +ssl_key_file: "proxy.key" +ssl_subject: "/C=RU/ST=Some-State/L=Some-City/O=Your Company/CN={{ proxy.proxy_domain }}" \ No newline at end of file