fix bugs&add roles

2024-12-08 21:23:31 +03:00 · 2024-12-08 21:23:31 +03:00 · 1dabbe0f6f
commit 1dabbe0f6f
parent 9b72646537
5 changed files with 55 additions and 26 deletions
--- a/ansible/group_vars/all.yml
+++ b/ansible/group_vars/all.yml
@ -25,7 +25,7 @@ siteB:
  site_ip: "192.168.0.62"

 proxy:
-  proxy_domain: "proxy.example.com"
+  proxy_domain: "siteproxy.vlad"
  proxy_ip: "192.168.0.63"

 siteA_h2: "Новое сообщение для SiteA"
--- a/ansible/roles/ssl_certificate/tasks/main.yml
+++ b/ansible/roles/ssl_certificate/tasks/main.yml
@ -11,12 +11,17 @@
    group: root
    mode: '0755'

+- name: Generate private key
+  community.crypto.openssl_privatekey:
+    path: "{{ ssl_cert_path }}/{{ ssl_key_file }}"
+    size: 2048
+    type: RSA
+    mode: '0600'
+
 - name: Generate Self-Signed SSL Certificate
-  command: >
-    openssl req -x509 -nodes -days 365
-    -newkey rsa:2048
-    -keyout {{ ssl_cert_path }}/{{ ssl_key_file }}
-    -out {{ ssl_cert_path }}/{{ ssl_cert_file }}
-    -subj "{{ ssl_subject }}"
-  args:
-    creates: "{{ ssl_cert_path }}/{{ ssl_cert_file }}"
+  community.crypto.x509_certificate:
+    path: "{{ ssl_cert_path }}/{{ ssl_cert_file }}"
+    privatekey_path: "{{ ssl_cert_path }}/{{ ssl_key_file }}"
+    subject: "{{ ssl_subject }}"
+    provider: "openssl"
+    days: 365
--- a/ansible/roles/ssl_certificate_cmd/tasks/main.yml
+++ b/ansible/roles/ssl_certificate_cmd/tasks/main.yml
@ -0,0 +1,20 @@
+- name: Install OpenSSL
+  zypper:
+    name: openssl
+    state: present
+
+- name: Create SSL directory
+  file:
+    path: "{{ ssl_cert_path }}"
+    state: directory
+    owner: root
+    group: root
+    mode: '0755'
+
+- name: Generate Self-Signed SSL Certificate
+  command: >
+    openssl req -x509 -nodes -days 365
+    -newkey rsa:2048
+    -keyout {{ ssl_cert_path }}/{{ ssl_key_file }}
+    -out {{ ssl_cert_path }}/{{ ssl_cert_file }}
+    -subj "{{ ssl_subject }}"
--- a/ansible/roles/ssl_certificate_cmd/vars/main.yml
+++ b/ansible/roles/ssl_certificate_cmd/vars/main.yml
@ -0,0 +1,4 @@
+ssl_cert_path: "/etc/nginx/ssl"
+ssl_cert_file: "proxy.crt"
+ssl_key_file: "proxy.key"
+ssl_subject: "/C=RU/ST=Some-State/L=Some-City/O=Your Company/CN={{ proxy.proxy_domain }}"